Mercurial Mercurial > repos > isabelle / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/UNITY/Comp/Alloc.thy
author wenzelm
Mon, 04 Dec 2006 00:05:47 +0100
changeset 21632 e7c1f1a77d18
parent 17310 1322ed8e0ee4
child 21669 c68717c16013
permissions -rw-r--r--
converted legacy ML script;
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11194
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff changeset 
     1
 
(*  Title:      HOL/UNITY/Alloc
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff changeset 
     2
 
    ID:         $Id$
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff changeset 
     3
 
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff changeset 
     4
 
    Copyright   1998  University of Cambridge
ea13ff5a26d1 reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff changeset 
     5
 












ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




     6


Specification of Chandy and Charpentier's Allocator













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




     7


*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




     8









17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




     9


theory Alloc













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    10


imports AllocBase PPROD













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    11


begin








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    12














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    13


(** State definitions.  OUTPUT variables are locals **)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    14














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    15


record clientState =








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    16


  giv :: "nat list"   (*client's INPUT history:  tokens GRANTED*)













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    17


  ask :: "nat list"   (*client's OUTPUT history: tokens REQUESTED*)













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    18


  rel :: "nat list"   (*client's OUTPUT history: tokens RELEASED*)








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    19














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    20


record 'a clientState_d =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    21


  clientState +













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    22


  dummy :: 'a       (*dummy field for new variables*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    23














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    24


constdefs













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    25


  (*DUPLICATED FROM Client.thy, but with "tok" removed*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    26


  (*Maybe want a special theory section to declare such maps*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    27


  non_dummy :: "'a clientState_d => clientState"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    28


    "non_dummy s == (|giv = giv s, ask = ask s, rel = rel s|)"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    29














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    30


  (*Renaming map to put a Client into the standard form*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    31


  client_map :: "'a clientState_d => clientState*'a"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    32


    "client_map == funPair non_dummy dummy"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    33














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    34


  













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    35


record allocState =








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    36


  allocGiv :: "nat => nat list"   (*OUTPUT history: source of "giv" for i*)













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    37


  allocAsk :: "nat => nat list"   (*INPUT: allocator's copy of "ask" for i*)













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    38


  allocRel :: "nat => nat list"   (*INPUT: allocator's copy of "rel" for i*)








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    39














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    40


record 'a allocState_d =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    41


  allocState +













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    42


  dummy    :: 'a                (*dummy field for new variables*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    43














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    44


record 'a systemState =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    45


  allocState +








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    46


  client :: "nat => clientState"  (*states of all clients*)













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    47


  dummy  :: 'a                    (*dummy field for new variables*)








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    48














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    49














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    50


constdefs













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    51














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    52


(** Resource allocation system specification **)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    53














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    54


  (*spec (1)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    55


  system_safety :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    56


    "system_safety ==








15074






277b3a4da341
Modified \<Sum> syntax a little.



nipkow


parents: 
11786

diff
changeset




    57


     Always {s. (SUM i: lessThan Nclients. (tokens o giv o sub i o client)s)













277b3a4da341
Modified \<Sum> syntax a little.



nipkow


parents: 
11786

diff
changeset




    58


     <= NbT + (SUM i: lessThan Nclients. (tokens o rel o sub i o client)s)}"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    59














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    60


  (*spec (2)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    61


  system_progress :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    62


    "system_progress == INT i : lessThan Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    63


			INT h. 













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    64


			  {s. h <= (ask o sub i o client)s} LeadsTo













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    65


			  {s. h pfixLe (giv o sub i o client) s}"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    66









17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    67


  system_spec :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    68


    "system_spec == system_safety Int system_progress"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    69














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    70


(** Client specification (required) ***)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    71














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    72


  (*spec (3)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    73


  client_increasing :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    74


    "client_increasing ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    75


         UNIV guarantees  Increasing ask Int Increasing rel"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    76














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    77


  (*spec (4)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    78


  client_bounded :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    79


    "client_bounded ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    80


         UNIV guarantees  Always {s. ALL elt : set (ask s). elt <= NbT}"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    81














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    82


  (*spec (5)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    83


  client_progress :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    84


    "client_progress ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    85


	 Increasing giv  guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    86


	 (INT h. {s. h <= giv s & h pfixGe ask s}













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    87


		 LeadsTo {s. tokens h <= (tokens o rel) s})"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    88














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    89


  (*spec: preserves part*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    90


  client_preserves :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    91


    "client_preserves == preserves giv Int preserves clientState_d.dummy"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    92














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    93


  (*environmental constraints*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    94


  client_allowed_acts :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    95


    "client_allowed_acts ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    96


       {F. AllowedActs F =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    97


	    insert Id (UNION (preserves (funPair rel ask)) Acts)}"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




    98









17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




    99


  client_spec :: "'a clientState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   100


    "client_spec == client_increasing Int client_bounded Int client_progress













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   101


                    Int client_allowed_acts Int client_preserves"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   102














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   103


(** Allocator specification (required) ***)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   104














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   105


  (*spec (6)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   106


  alloc_increasing :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   107


    "alloc_increasing ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   108


	 UNIV  guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   109


	 (INT i : lessThan Nclients. Increasing (sub i o allocGiv))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   110














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   111


  (*spec (7)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   112


  alloc_safety :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   113


    "alloc_safety ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   114


	 (INT i : lessThan Nclients. Increasing (sub i o allocRel))













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   115


         guarantees








15074






277b3a4da341
Modified \<Sum> syntax a little.



nipkow


parents: 
11786

diff
changeset




   116


	 Always {s. (SUM i: lessThan Nclients. (tokens o sub i o allocGiv)s)













277b3a4da341
Modified \<Sum> syntax a little.



nipkow


parents: 
11786

diff
changeset




   117


         <= NbT + (SUM i: lessThan Nclients. (tokens o sub i o allocRel)s)}"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   118














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   119


  (*spec (8)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   120


  alloc_progress :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   121


    "alloc_progress ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   122


	 (INT i : lessThan Nclients. Increasing (sub i o allocAsk) Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   123


	                             Increasing (sub i o allocRel))













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   124


         Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   125


         Always {s. ALL i<Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   126


		     ALL elt : set ((sub i o allocAsk) s). elt <= NbT}













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   127


         Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   128


         (INT i : lessThan Nclients. 













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   129


	  INT h. {s. h <= (sub i o allocGiv)s & h pfixGe (sub i o allocAsk)s}













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   130


		 LeadsTo













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   131


	         {s. tokens h <= (tokens o sub i o allocRel)s})













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   132


         guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   133


	     (INT i : lessThan Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   134


	      INT h. {s. h <= (sub i o allocAsk) s}













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   135


	             LeadsTo













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   136


	             {s. h pfixLe (sub i o allocGiv) s})"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   137














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   138


  (*NOTE: to follow the original paper, the formula above should have had













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   139


	INT h. {s. h i <= (sub i o allocGiv)s & h i pfixGe (sub i o allocAsk)s}













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   140


	       LeadsTo













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   141


	       {s. tokens h i <= (tokens o sub i o allocRel)s})













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   142


    thus h should have been a function variable.  However, only h i is ever













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   143


    looked at.*)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   144














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   145


  (*spec: preserves part*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   146


  alloc_preserves :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   147


    "alloc_preserves == preserves allocRel Int preserves allocAsk Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   148


                        preserves allocState_d.dummy"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   149


  













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   150


  (*environmental constraints*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   151


  alloc_allowed_acts :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   152


    "alloc_allowed_acts ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   153


       {F. AllowedActs F =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   154


	    insert Id (UNION (preserves allocGiv) Acts)}"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   155









17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   156


  alloc_spec :: "'a allocState_d program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   157


    "alloc_spec == alloc_increasing Int alloc_safety Int alloc_progress Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   158


                   alloc_allowed_acts Int alloc_preserves"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   159














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   160


(** Network specification ***)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   161














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   162


  (*spec (9.1)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   163


  network_ask :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   164


    "network_ask == INT i : lessThan Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   165


			Increasing (ask o sub i o client)  guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   166


			((sub i o allocAsk) Fols (ask o sub i o client))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   167














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   168


  (*spec (9.2)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   169


  network_giv :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   170


    "network_giv == INT i : lessThan Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   171


			Increasing (sub i o allocGiv)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   172


			guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   173


			((giv o sub i o client) Fols (sub i o allocGiv))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   174














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   175


  (*spec (9.3)*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   176


  network_rel :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   177


    "network_rel == INT i : lessThan Nclients.













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   178


			Increasing (rel o sub i o client)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   179


			guarantees













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   180


			((sub i o allocRel) Fols (rel o sub i o client))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   181














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   182


  (*spec: preserves part*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   183


  network_preserves :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   184


    "network_preserves ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   185


       preserves allocGiv  Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   186


       (INT i : lessThan Nclients. preserves (rel o sub i o client)  Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   187


                                   preserves (ask o sub i o client))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   188


  













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   189


  (*environmental constraints*)








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   190


  network_allowed_acts :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   191


    "network_allowed_acts ==













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   192


       {F. AllowedActs F =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   193


           insert Id













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   194


	    (UNION (preserves allocRel Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   195


		    (INT i: lessThan Nclients. preserves(giv o sub i o client)))













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   196


		  Acts)}"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   197









17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   198


  network_spec :: "'a systemState program set"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   199


    "network_spec == network_ask Int network_giv Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   200


                     network_rel Int network_allowed_acts Int













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   201


                     network_preserves"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   202














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   203














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   204


(** State mappings **)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   205


  sysOfAlloc :: "((nat => clientState) * 'a) allocState_d => 'a systemState"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   206


    "sysOfAlloc == %s. let (cl,xtr) = allocState_d.dummy s













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   207


                       in (| allocGiv = allocGiv s,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   208


			     allocAsk = allocAsk s,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   209


			     allocRel = allocRel s,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   210


			     client   = cl,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   211


			     dummy    = xtr|)"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   212














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   213














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   214


  sysOfClient :: "(nat => clientState) * 'a allocState_d => 'a systemState"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   215


    "sysOfClient == %(cl,al). (| allocGiv = allocGiv al,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   216


			         allocAsk = allocAsk al,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   217


			         allocRel = allocRel al,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   218


			         client   = cl,













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   219


			         systemState.dummy = allocState_d.dummy al|)"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   220














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   221


consts 








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   222


    Alloc   :: "'a allocState_d program"













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   223


    Client  :: "'a clientState_d program"













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   224


    Network :: "'a systemState program"













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   225


    System  :: "'a systemState program"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   226


  








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   227


axioms













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   228


    Alloc:   "Alloc   : alloc_spec"













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   229


    Client:  "Client  : client_spec"













1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   230


    Network: "Network : network_spec"








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   231














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   232


defs








17310






1322ed8e0ee4
converted to Isar theory format;



wenzelm


parents: 
15074

diff
changeset




   233


    System_def:








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   234


      "System == rename sysOfAlloc Alloc Join Network Join













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   235


                 (rename sysOfClient













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   236


		  (plam x: lessThan Nclients. rename client_map Client))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   237














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   238














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   239


(**













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   240


locale System =













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   241


  fixes 













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   242


    Alloc   :: 'a allocState_d program













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   243


    Client  :: 'a clientState_d program













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   244


    Network :: 'a systemState program













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   245


    System  :: 'a systemState program













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   246














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   247


  assumes













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   248


    Alloc   "Alloc   : alloc_spec"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   249


    Client  "Client  : client_spec"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   250


    Network "Network : network_spec"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   251














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   252


  defines













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   253


    System_def













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   254


      "System == rename sysOfAlloc Alloc













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   255


                 Join













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   256


                 Network













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   257


                 Join













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   258


                 (rename sysOfClient













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   259


		  (plam x: lessThan Nclients. rename client_map Client))"













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   260


**)













ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




   261









21632






e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   262


(*Perhaps equalities.ML shouldn't add this in the first place!*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   263


declare image_Collect [simp del]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   264














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   265


declare subset_preserves_o [THEN [2] rev_subsetD, intro]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   266


declare subset_preserves_o [THEN [2] rev_subsetD, simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   267


declare funPair_o_distrib [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   268


declare Always_INT_distrib [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   269


declare o_apply [simp del]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   270














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   271


(*For rewriting of specifications related by "guarantees"*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   272


lemmas [simp] =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   273


  rename_image_constrains













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   274


  rename_image_stable













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   275


  rename_image_increasing













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   276


  rename_image_invariant













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   277


  rename_image_Constrains













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   278


  rename_image_Stable













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   279


  rename_image_Increasing













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   280


  rename_image_Always













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   281


  rename_image_leadsTo













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   282


  rename_image_LeadsTo













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   283


  rename_preserves













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   284


  rename_image_preserves













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   285


  lift_image_preserves













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   286


  bij_image_INT













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   287


  bij_is_inj [THEN image_Int]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   288


  bij_image_Collect_eq













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   289














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   290


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   291


(*Splits up conjunctions & intersections: like CONJUNCTS in the HOL system*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   292


fun list_of_Int th = 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   293


    (list_of_Int (th RS conjunct1) @ list_of_Int (th RS conjunct2))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   294


    handle THM _ => (list_of_Int (th RS IntD1) @ list_of_Int (th RS IntD2))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   295


    handle THM _ => (list_of_Int (th RS INT_D))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   296


    handle THM _ => (list_of_Int (th RS bspec))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   297


    handle THM _ => [th];













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   298


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   299














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   300


lemmas lessThanBspec = lessThan_iff [THEN iffD2, THEN [2] bspec]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   301














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   302


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   303


local













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   304


  val lessThanBspec = thm "lessThanBspec"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   305


in













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   306


fun normalize th = 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   307


     normalize (th RS spec













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   308


		handle THM _ => th RS lessThanBspec













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   309


		handle THM _ => th RS bspec













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   310


		handle THM _ => th RS (guarantees_INT_right_iff RS iffD1))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   311


     handle THM _ => th













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   312


end













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   313


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   314














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   315


(*** bijectivity of sysOfAlloc [MUST BE AUTOMATED] ***)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   316


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   317


val record_auto_tac =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   318


  auto_tac (claset() addIs [ext] addSWrapper record_split_wrapper, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   319


    simpset() addsimps [thm "sysOfAlloc_def", thm "sysOfClient_def",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   320


      thm "client_map_def", thm "non_dummy_def", thm "funPair_def", thm "o_apply", thm "Let_def"])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   321


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   322














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   323














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   324


lemma inj_sysOfAlloc [iff]: "inj sysOfAlloc"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   325


  apply (unfold sysOfAlloc_def Let_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   326


  apply (rule inj_onI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   327


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   328


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   329














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   330


(*We need the inverse; also having it simplifies the proof of surjectivity*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   331


lemma inv_sysOfAlloc_eq [simp]: "!!s. inv sysOfAlloc s =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   332


             (| allocGiv = allocGiv s,    













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   333


                allocAsk = allocAsk s,    













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   334


                allocRel = allocRel s,    













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   335


                allocState_d.dummy = (client s, dummy s) |)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   336


  apply (rule inj_sysOfAlloc [THEN inv_f_eq])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   337


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   338


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   339














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   340


lemma surj_sysOfAlloc [iff]: "surj sysOfAlloc"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   341


  apply (simp add: surj_iff expand_fun_eq o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   342


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   343


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   344














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   345


lemma bij_sysOfAlloc [iff]: "bij sysOfAlloc"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   346


  apply (blast intro: bijI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   347


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   348














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   349














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   350


(*** bijectivity of sysOfClient ***)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   351














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   352


lemma inj_sysOfClient [iff]: "inj sysOfClient"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   353


  apply (unfold sysOfClient_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   354


  apply (rule inj_onI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   355


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   356


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   357














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   358


lemma inv_sysOfClient_eq [simp]: "!!s. inv sysOfClient s =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   359


             (client s,  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   360


              (| allocGiv = allocGiv s,  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   361


                 allocAsk = allocAsk s,  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   362


                 allocRel = allocRel s,  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   363


                 allocState_d.dummy = systemState.dummy s|) )"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   364


  apply (rule inj_sysOfClient [THEN inv_f_eq])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   365


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   366


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   367














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   368


lemma surj_sysOfClient [iff]: "surj sysOfClient"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   369


  apply (simp add: surj_iff expand_fun_eq o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   370


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   371


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   372














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   373


lemma bij_sysOfClient [iff]: "bij sysOfClient"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   374


  apply (blast intro: bijI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   375


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   376














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   377














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   378


(*** bijectivity of client_map ***)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   379














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   380


lemma inj_client_map [iff]: "inj client_map"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   381


  apply (unfold inj_on_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   382


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   383


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   384














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   385


lemma inv_client_map_eq [simp]: "!!s. inv client_map s =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   386


             (%(x,y).(|giv = giv x, ask = ask x, rel = rel x,  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   387


                       clientState_d.dummy = y|)) s"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   388


  apply (rule inj_client_map [THEN inv_f_eq])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   389


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   390


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   391














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   392


lemma surj_client_map [iff]: "surj client_map"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   393


  apply (simp add: surj_iff expand_fun_eq o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   394


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   395


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   396














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   397


lemma bij_client_map [iff]: "bij client_map"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   398


  apply (blast intro: bijI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   399


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   400














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   401














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   402


(** o-simprules for client_map **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   403














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   404


lemma fst_o_client_map: "fst o client_map = non_dummy"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   405


  apply (unfold client_map_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   406


  apply (rule fst_o_funPair)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   407


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   408














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   409


ML {* bind_thms ("fst_o_client_map'", make_o_equivs (thm "fst_o_client_map")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   410


declare fst_o_client_map' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   411














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   412


lemma snd_o_client_map: "snd o client_map = clientState_d.dummy"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   413


  apply (unfold client_map_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   414


  apply (rule snd_o_funPair)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   415


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   416














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   417


ML {* bind_thms ("snd_o_client_map'", make_o_equivs (thm "snd_o_client_map")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   418


declare snd_o_client_map' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   419














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   420


(** o-simprules for sysOfAlloc [MUST BE AUTOMATED] **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   421














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   422


lemma client_o_sysOfAlloc: "client o sysOfAlloc = fst o allocState_d.dummy "













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   423


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   424


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   425














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   426


ML {* bind_thms ("client_o_sysOfAlloc'", make_o_equivs (thm "client_o_sysOfAlloc")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   427


declare client_o_sysOfAlloc' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   428














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   429


lemma allocGiv_o_sysOfAlloc_eq: "allocGiv o sysOfAlloc = allocGiv"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   430


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   431


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   432














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   433


ML {* bind_thms ("allocGiv_o_sysOfAlloc_eq'", make_o_equivs (thm "allocGiv_o_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   434


declare allocGiv_o_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   435














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   436


lemma allocAsk_o_sysOfAlloc_eq: "allocAsk o sysOfAlloc = allocAsk"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   437


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   438


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   439














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   440


ML {* bind_thms ("allocAsk_o_sysOfAlloc_eq'", make_o_equivs (thm "allocAsk_o_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   441


declare allocAsk_o_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   442














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   443


lemma allocRel_o_sysOfAlloc_eq: "allocRel o sysOfAlloc = allocRel"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   444


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   445


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   446














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   447


ML {* bind_thms ("allocRel_o_sysOfAlloc_eq'", make_o_equivs (thm "allocRel_o_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   448


declare allocRel_o_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   449














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   450


(** o-simprules for sysOfClient [MUST BE AUTOMATED] **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   451














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   452


lemma client_o_sysOfClient: "client o sysOfClient = fst"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   453


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   454


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   455














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   456


ML {* bind_thms ("client_o_sysOfClient'", make_o_equivs (thm "client_o_sysOfClient")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   457


declare client_o_sysOfClient' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   458














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   459


lemma allocGiv_o_sysOfClient_eq: "allocGiv o sysOfClient = allocGiv o snd "













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   460


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   461


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   462














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   463


ML {* bind_thms ("allocGiv_o_sysOfClient_eq'", make_o_equivs (thm "allocGiv_o_sysOfClient_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   464


declare allocGiv_o_sysOfClient_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   465














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   466


lemma allocAsk_o_sysOfClient_eq: "allocAsk o sysOfClient = allocAsk o snd "













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   467


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   468


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   469














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   470


ML {* bind_thms ("allocAsk_o_sysOfClient_eq'", make_o_equivs (thm "allocAsk_o_sysOfClient_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   471


declare allocAsk_o_sysOfClient_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   472














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   473


lemma allocRel_o_sysOfClient_eq: "allocRel o sysOfClient = allocRel o snd "













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   474


  apply (tactic record_auto_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   475


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   476














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   477


ML {* bind_thms ("allocRel_o_sysOfClient_eq'", make_o_equivs (thm "allocRel_o_sysOfClient_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   478


declare allocRel_o_sysOfClient_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   479














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   480


lemma allocGiv_o_inv_sysOfAlloc_eq: "allocGiv o inv sysOfAlloc = allocGiv"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   481


  apply (simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   482


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   483














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   484


ML {* bind_thms ("allocGiv_o_inv_sysOfAlloc_eq'", make_o_equivs (thm "allocGiv_o_inv_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   485


declare allocGiv_o_inv_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   486














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   487


lemma allocAsk_o_inv_sysOfAlloc_eq: "allocAsk o inv sysOfAlloc = allocAsk"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   488


  apply (simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   489


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   490














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   491


ML {* bind_thms ("allocAsk_o_inv_sysOfAlloc_eq'", make_o_equivs (thm "allocAsk_o_inv_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   492


declare allocAsk_o_inv_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   493














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   494


lemma allocRel_o_inv_sysOfAlloc_eq: "allocRel o inv sysOfAlloc = allocRel"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   495


  apply (simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   496


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   497














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   498


ML {* bind_thms ("allocRel_o_inv_sysOfAlloc_eq'", make_o_equivs (thm "allocRel_o_inv_sysOfAlloc_eq")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   499


declare allocRel_o_inv_sysOfAlloc_eq' [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   500














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   501


lemma rel_inv_client_map_drop_map: "(rel o inv client_map o drop_map i o inv sysOfClient) =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   502


      rel o sub i o client"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   503


  apply (simp add: o_def drop_map_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   504


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   505














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   506


ML {* bind_thms ("rel_inv_client_map_drop_map'", make_o_equivs (thm "rel_inv_client_map_drop_map")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   507


declare rel_inv_client_map_drop_map [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   508














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   509


lemma ask_inv_client_map_drop_map: "(ask o inv client_map o drop_map i o inv sysOfClient) =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   510


      ask o sub i o client"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   511


  apply (simp add: o_def drop_map_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   512


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   513














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   514


ML {* bind_thms ("ask_inv_client_map_drop_map'", make_o_equivs (thm "ask_inv_client_map_drop_map")) *}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   515


declare ask_inv_client_map_drop_map [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   516














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   517


(**













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   518


Open_locale "System"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   519














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   520


val Alloc = thm "Alloc";













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   521


val Client = thm "Client";













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   522


val Network = thm "Network";













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   523


val System_def = thm "System_def";













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   524














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   525


CANNOT use bind_thm: it puts the theorem into standard form, in effect













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   526


  exporting it from the locale













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   527


**)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   528














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   529


declare finite_lessThan [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   530














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   531


(*Client : <unfolded specification> *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   532


lemmas client_spec_simps =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   533


  client_spec_def client_increasing_def client_bounded_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   534


  client_progress_def client_allowed_acts_def client_preserves_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   535


  guarantees_Int_right













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   536














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   537


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   538


val [Client_Increasing_ask, Client_Increasing_rel,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   539


     Client_Bounded, Client_Progress, Client_AllowedActs, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   540


     Client_preserves_giv, Client_preserves_dummy] =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   541


        thm "Client" |> simplify (simpset() addsimps (thms "client_spec_simps") )













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   542


               |> list_of_Int;













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   543














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   544


bind_thm ("Client_Increasing_ask", Client_Increasing_ask);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   545


bind_thm ("Client_Increasing_rel", Client_Increasing_rel);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   546


bind_thm ("Client_Bounded", Client_Bounded);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   547


bind_thm ("Client_Progress", Client_Progress);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   548


bind_thm ("Client_AllowedActs", Client_AllowedActs);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   549


bind_thm ("Client_preserves_giv", Client_preserves_giv);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   550


bind_thm ("Client_preserves_dummy", Client_preserves_dummy);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   551


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   552














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   553


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   554


  Client_Increasing_ask [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   555


  Client_Increasing_rel [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   556


  Client_Bounded [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   557


  Client_preserves_giv [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   558


  Client_preserves_dummy [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   559














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   560














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   561


(*Network : <unfolded specification> *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   562


lemmas network_spec_simps =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   563


  network_spec_def network_ask_def network_giv_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   564


  network_rel_def network_allowed_acts_def network_preserves_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   565


  ball_conj_distrib













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   566














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   567


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   568


val [Network_Ask, Network_Giv, Network_Rel, Network_AllowedActs,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   569


     Network_preserves_allocGiv, Network_preserves_rel, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   570


     Network_preserves_ask]  =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   571


        thm "Network" |> simplify (simpset() addsimps (thms "network_spec_simps"))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   572


                |> list_of_Int;













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   573














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   574


bind_thm ("Network_Ask", Network_Ask);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   575


bind_thm ("Network_Giv", Network_Giv);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   576


bind_thm ("Network_Rel", Network_Rel);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   577


bind_thm ("Network_AllowedActs", Network_AllowedActs);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   578


bind_thm ("Network_preserves_allocGiv", Network_preserves_allocGiv);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   579


bind_thm ("Network_preserves_rel", Network_preserves_rel);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   580


bind_thm ("Network_preserves_ask", Network_preserves_ask);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   581


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   582














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   583


declare Network_preserves_allocGiv [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   584














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   585


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   586


  Network_preserves_rel [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   587


  Network_preserves_ask [simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   588














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   589


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   590


  Network_preserves_rel [simplified o_def, simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   591


  Network_preserves_ask [simplified o_def, simp]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   592














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   593


(*Alloc : <unfolded specification> *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   594


lemmas alloc_spec_simps =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   595


  alloc_spec_def alloc_increasing_def alloc_safety_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   596


  alloc_progress_def alloc_allowed_acts_def alloc_preserves_def













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   597














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   598


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   599


val [Alloc_Increasing_0, Alloc_Safety, Alloc_Progress, Alloc_AllowedActs,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   600


     Alloc_preserves_allocRel, Alloc_preserves_allocAsk, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   601


     Alloc_preserves_dummy] = 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   602


        thm "Alloc" |> simplify (simpset() addsimps (thms "alloc_spec_simps")) 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   603


              |> list_of_Int;













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   604














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   605


bind_thm ("Alloc_Increasing_0", Alloc_Increasing_0);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   606


bind_thm ("Alloc_Safety", Alloc_Safety);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   607


bind_thm ("Alloc_Progress", Alloc_Progress);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   608


bind_thm ("Alloc_AllowedActs", Alloc_AllowedActs);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   609


bind_thm ("Alloc_preserves_allocRel", Alloc_preserves_allocRel);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   610


bind_thm ("Alloc_preserves_allocAsk", Alloc_preserves_allocAsk);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   611


bind_thm ("Alloc_preserves_dummy", Alloc_preserves_dummy);













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   612


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   613














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   614


(*Strip off the INT in the guarantees postcondition*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   615


ML













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   616


{*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   617


bind_thm ("Alloc_Increasing", normalize Alloc_Increasing_0)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   618


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   619














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   620


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   621


  Alloc_preserves_allocRel [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   622


  Alloc_preserves_allocAsk [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   623


  Alloc_preserves_dummy [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   624














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   625














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   626


(** Components lemmas [MUST BE AUTOMATED] **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   627














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   628


lemma Network_component_System: "Network Join  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   629


      ((rename sysOfClient  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   630


        (plam x: (lessThan Nclients). rename client_map Client)) Join  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   631


       rename sysOfAlloc Alloc)  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   632


      = System"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   633


  apply (simp add: System_def Join_ac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   634


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   635














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   636


lemma Client_component_System: "(rename sysOfClient  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   637


       (plam x: (lessThan Nclients). rename client_map Client)) Join  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   638


      (Network Join rename sysOfAlloc Alloc)  =  System"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   639


  apply (simp add: System_def Join_ac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   640


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   641














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   642


lemma Alloc_component_System: "rename sysOfAlloc Alloc Join  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   643


       ((rename sysOfClient (plam x: (lessThan Nclients). rename client_map Client)) Join  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   644


        Network)  =  System"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   645


  apply (simp add: System_def Join_ac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   646


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   647














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   648


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   649


  Client_component_System [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   650


  Network_component_System [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   651


  Alloc_component_System [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   652














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   653


(** These preservation laws should be generated automatically **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   654














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   655


lemma Client_Allowed [simp]: "Allowed Client = preserves rel Int preserves ask"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   656


  apply (auto simp add: Allowed_def Client_AllowedActs safety_prop_Acts_iff)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   657


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   658














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   659


lemma Network_Allowed [simp]: "Allowed Network =         













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   660


        preserves allocRel Int  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   661


        (INT i: lessThan Nclients. preserves(giv o sub i o client))"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   662


  apply (auto simp add: Allowed_def Network_AllowedActs safety_prop_Acts_iff)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   663


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   664














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   665


lemma Alloc_Allowed [simp]: "Allowed Alloc = preserves allocGiv"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   666


  apply (auto simp add: Allowed_def Alloc_AllowedActs safety_prop_Acts_iff)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   667


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   668














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   669


(*needed in rename_client_map_tac*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   670


lemma OK_lift_rename_Client [simp]: "OK I (%i. lift i (rename client_map Client))"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   671


  apply (rule OK_lift_I)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   672


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   673


  apply (drule_tac w1 = rel in subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   674


  apply (drule_tac [2] w1 = ask in subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   675


  apply (auto simp add: o_def split_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   676


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   677














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   678














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   679


(*The proofs of rename_Client_Increasing, rename_Client_Bounded and













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   680


  rename_Client_Progress are similar.  All require copying out the original













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   681


  Client property.  A forward proof can be constructed as follows:













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   682














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   683


  Client_Increasing_ask RS













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   684


      (bij_client_map RS rename_rename_guarantees_eq RS iffD2)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   685


  RS (lift_lift_guarantees_eq RS iffD2)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   686


  RS guarantees_PLam_I













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   687


  RS (bij_sysOfClient RS rename_rename_guarantees_eq RS iffD2)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   688


  |> simplify (simpset() addsimps [lift_image_eq_rename, o_def, split_def, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   689


				   surj_rename RS surj_range])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   690














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   691


However, the "preserves" property remains to be discharged, and the unfolding













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   692


of "o" and "sub" complicates subsequent reasoning.













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   693














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   694


The following tactic works for all three proofs, though it certainly looks













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   695


ad-hoc!













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   696


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   697


ML













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   698


{*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   699


val rename_client_map_tac =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   700


  EVERY [













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   701


    simp_tac (simpset() addsimps [thm "rename_guarantees_eq_rename_inv"]) 1,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   702


    rtac (thm "guarantees_PLam_I") 1,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   703


    assume_tac 2,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   704


	 (*preserves: routine reasoning*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   705


    asm_simp_tac (simpset() addsimps [thm "lift_preserves_sub"]) 2,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   706


	 (*the guarantee for  "lift i (rename client_map Client)" *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   707


    asm_simp_tac













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   708


	(simpset() addsimps [thm "lift_guarantees_eq_lift_inv",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   709


			     thm "rename_guarantees_eq_rename_inv",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   710


			     thm "bij_imp_bij_inv", thm "surj_rename" RS thm "surj_range",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   711


			     thm "inv_inv_eq"]) 1,













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   712


    asm_simp_tac













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   713


        (simpset() addsimps [thm "o_def", thm "non_dummy_def", thm "guarantees_Int_right"]) 1]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   714


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   715














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   716


(*Lifting Client_Increasing to systemState*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   717


lemma rename_Client_Increasing: "i : I  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   718


      ==> rename sysOfClient (plam x: I. rename client_map Client) :  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   719


            UNIV  guarantees   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   720


            Increasing (ask o sub i o client) Int  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   721


            Increasing (rel o sub i o client)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   722


  apply (tactic rename_client_map_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   723


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   724














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   725


lemma preserves_sub_fst_lift_map: "[| F : preserves w; i ~= j |]  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   726


      ==> F : preserves (sub i o fst o lift_map j o funPair v w)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   727


  apply (auto simp add: lift_map_def split_def linorder_neq_iff o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   728


  apply (drule_tac [!] subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   729


  apply (auto simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   730


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   731














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   732


lemma client_preserves_giv_oo_client_map: "[| i < Nclients; j < Nclients |]  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   733


      ==> Client : preserves (giv o sub i o fst o lift_map j o client_map)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   734


  apply (case_tac "i=j")













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   735


  apply (simp add: o_def non_dummy_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   736


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   737


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   738


  apply (drule Client_preserves_dummy [THEN preserves_sub_fst_lift_map])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   739


  apply (drule_tac [!] subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   740


  apply (simp add: o_def client_map_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   741


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   742


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   743














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   744


lemma rename_sysOfClient_ok_Network:













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   745


  "rename sysOfClient (plam x: lessThan Nclients. rename client_map Client) 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   746


    ok Network"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   747


  apply (auto simp add: ok_iff_Allowed client_preserves_giv_oo_client_map)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   748


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   749














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   750


lemma rename_sysOfClient_ok_Alloc:













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   751


  "rename sysOfClient (plam x: lessThan Nclients. rename client_map Client) 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   752


    ok rename sysOfAlloc Alloc"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   753


  apply (simp add: ok_iff_Allowed)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   754


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   755














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   756


lemma rename_sysOfAlloc_ok_Network: "rename sysOfAlloc Alloc ok Network"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   757


  apply (simp add: ok_iff_Allowed)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   758


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   759














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   760


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   761


  rename_sysOfClient_ok_Network [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   762


  rename_sysOfClient_ok_Alloc [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   763


  rename_sysOfAlloc_ok_Network [iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   764














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   765


(*The "ok" laws, re-oriented*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   766


declare













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   767


  rename_sysOfClient_ok_Network [THEN ok_sym, iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   768


  rename_sysOfClient_ok_Alloc [THEN ok_sym, iff]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   769


  rename_sysOfAlloc_ok_Network [THEN ok_sym]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   770














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   771


lemma System_Increasing: "i < Nclients













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   772


      ==> System : Increasing (ask o sub i o client) Int  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   773


                   Increasing (rel o sub i o client)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   774


  apply (rule component_guaranteesD [OF rename_Client_Increasing Client_component_System])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   775


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   776


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   777














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   778


lemmas rename_guarantees_sysOfAlloc_I =













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   779


  bij_sysOfAlloc [THEN rename_rename_guarantees_eq, THEN iffD2, standard]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   780














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   781














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   782


(*Lifting Alloc_Increasing up to the level of systemState*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   783


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   784


bind_thm ("rename_Alloc_Increasing",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   785


  thm "Alloc_Increasing" RS thm "rename_guarantees_sysOfAlloc_I"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   786


     |> simplify (simpset() addsimps [thm "surj_rename" RS thm "surj_range", thm "o_def"]))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   787


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   788














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   789


lemma System_Increasing_allocGiv: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   790


     "i < Nclients ==> System : Increasing (sub i o allocGiv)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   791


  apply (unfold System_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   792


  apply (simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   793


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   794


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   795


  apply (rule rename_Alloc_Increasing [THEN guarantees_Join_I1, THEN guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   796


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   797


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   798


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   799














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   800


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   801


bind_thms ("System_Increasing'", list_of_Int (thm "System_Increasing"))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   802


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   803














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   804


declare System_Increasing' [intro!]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   805














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   806


(** Follows consequences.













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   807


    The "Always (INT ...) formulation expresses the general safety property













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   808


    and allows it to be combined using Always_Int_rule below. **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   809














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   810


lemma System_Follows_rel: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   811


  "i < Nclients ==> System : ((sub i o allocRel) Fols (rel o sub i o client))"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   812


  apply (auto intro!: Network_Rel [THEN component_guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   813


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   814














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   815


lemma System_Follows_ask: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   816


  "i < Nclients ==> System : ((sub i o allocAsk) Fols (ask o sub i o client))"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   817


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   818


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   819


  apply (auto intro!: [Network_Ask [THEN component_guaranteesD]])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   820


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   821


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   822














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   823


lemma System_Follows_allocGiv: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   824


  "i < Nclients ==> System : (giv o sub i o client) Fols (sub i o allocGiv)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   825


  apply (auto intro!: Network_Giv [THEN component_guaranteesD]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   826


    rename_Alloc_Increasing [THEN component_guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   827


  apply (simp_all add: o_def non_dummy_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   828


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   829


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   830


  apply (auto intro!: rename_Alloc_Increasing [THEN component_guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   831


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   832


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   833














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   834


lemma Always_giv_le_allocGiv: "System : Always (INT i: lessThan Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   835


                       {s. (giv o sub i o client) s <= (sub i o allocGiv) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   836


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   837


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   838


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   839


  apply (erule System_Follows_allocGiv [THEN Follows_Bounded])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   840


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   841


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   842














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   843


lemma Always_allocAsk_le_ask: "System : Always (INT i: lessThan Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   844


                       {s. (sub i o allocAsk) s <= (ask o sub i o client) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   845


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   846


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   847


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   848


  apply (erule System_Follows_ask [THEN Follows_Bounded])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   849


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   850


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   851














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   852


lemma Always_allocRel_le_rel: "System : Always (INT i: lessThan Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   853


                       {s. (sub i o allocRel) s <= (rel o sub i o client) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   854


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   855


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   856


  apply (auto intro!: Follows_Bounded System_Follows_rel)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   857


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   858


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   859














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   860


(*** Proof of the safety property (1) ***)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   861














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   862


(*safety (1), step 1 is System_Follows_rel*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   863














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   864


(*safety (1), step 2*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   865


(* i < Nclients ==> System : Increasing (sub i o allocRel) *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   866


lemmas System_Increasing_allocRel = System_Follows_rel [THEN Follows_Increasing1, standard]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   867














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   868


(*Lifting Alloc_safety up to the level of systemState.













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   869


  Simplififying with o_def gets rid of the translations but it unfortunately













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   870


  gets rid of the other "o"s too.*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   871


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   872


 val rename_Alloc_Safety = 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   873


    thm "Alloc_Safety" RS thm "rename_guarantees_sysOfAlloc_I"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   874


     |> simplify (simpset() addsimps [o_def])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   875


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   876














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   877


(*safety (1), step 3*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   878


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   879


lemma System_sum_bounded: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   880


    "System : Always {s. (\<Sum>i: lessThan Nclients. (tokens o sub i o allocGiv) s)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   881


            <= NbT + (\<Sum>i: lessThan Nclients. (tokens o sub i o allocRel) s)}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   882


  apply (simp add: o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   883


  apply (rule rename_Alloc_Safety [THEN component_guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   884


  apply (auto simp add: o_simp System_Increasing_allocRel)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   885


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   886


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   887














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   888


(** Follows reasoning **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   889














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   890


lemma Always_tokens_giv_le_allocGiv: "System : Always (INT i: lessThan Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   891


                          {s. (tokens o giv o sub i o client) s  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   892


                           <= (tokens o sub i o allocGiv) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   893


  apply (rule Always_giv_le_allocGiv [THEN Always_weaken])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   894


  apply (auto intro: tokens_mono_prefix simp add: o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   895


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   896














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   897


lemma Always_tokens_allocRel_le_rel: "System : Always (INT i: lessThan Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   898


                          {s. (tokens o sub i o allocRel) s  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   899


                           <= (tokens o rel o sub i o client) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   900


  apply (rule Always_allocRel_le_rel [THEN Always_weaken])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   901


  apply (auto intro: tokens_mono_prefix simp add: o_apply)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   902


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   903














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   904


(*safety (1), step 4 (final result!) *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   905


lemma System_safety: "System : system_safety"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   906


  apply (unfold system_safety_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   907


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   908


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   909


  apply (tactic {* rtac (Always_Int_rule [thm "System_sum_bounded",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   910


    thm "Always_tokens_giv_le_allocGiv", thm "Always_tokens_allocRel_le_rel"] RS













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   911


    thm "Always_weaken") 1 *})













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   912


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   913


  apply (rule setsum_fun_mono [THEN order_trans])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   914


  apply (drule_tac [2] order_trans)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   915


  apply (rule_tac [2] add_le_mono [OF order_refl setsum_fun_mono])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   916


  prefer 3 apply assumption













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   917


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   918


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   919


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   920














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   921


(*** Proof of the progress property (2) ***)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   922














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   923


(*progress (2), step 1 is System_Follows_ask and System_Follows_rel*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   924














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   925


(*progress (2), step 2; see also System_Increasing_allocRel*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   926


(* i < Nclients ==> System : Increasing (sub i o allocAsk) *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   927


lemmas System_Increasing_allocAsk =  System_Follows_ask [THEN Follows_Increasing1, standard]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   928














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   929


(*progress (2), step 3: lifting "Client_Bounded" to systemState*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   930


lemma rename_Client_Bounded: "i : I  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   931


    ==> rename sysOfClient (plam x: I. rename client_map Client) :  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   932


          UNIV  guarantees   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   933


          Always {s. ALL elt : set ((ask o sub i o client) s). elt <= NbT}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   934


  apply (tactic rename_client_map_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   935


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   936














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   937


lemma System_Bounded_ask: "i < Nclients  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   938


      ==> System : Always  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   939


                    {s. ALL elt : set ((ask o sub i o client) s). elt <= NbT}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   940


  apply (rule component_guaranteesD [OF rename_Client_Bounded Client_component_System])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   941


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   942


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   943














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   944


lemma Collect_all_imp_eq: "{x. ALL y. P y --> Q x y} = (INT y: {y. P y}. {x. Q x y})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   945


  apply blast













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   946


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   947














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   948


(*progress (2), step 4*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   949


lemma System_Bounded_allocAsk: "System : Always {s. ALL i<Nclients.  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   950


                          ALL elt : set ((sub i o allocAsk) s). elt <= NbT}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   951


  apply (auto simp add: Collect_all_imp_eq)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   952


  apply (tactic {* rtac (Always_Int_rule [thm "Always_allocAsk_le_ask",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   953


    thm "System_Bounded_ask"] RS thm "Always_weaken") 1 *})













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   954


  apply (auto dest: set_mono)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   955


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   956














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   957


(*progress (2), step 5 is System_Increasing_allocGiv*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   958














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   959


(*progress (2), step 6*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   960


(* i < Nclients ==> System : Increasing (giv o sub i o client) *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   961


lemmas System_Increasing_giv =  System_Follows_allocGiv [THEN Follows_Increasing1, standard]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   962














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   963














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   964


lemma rename_Client_Progress: "i: I  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   965


   ==> rename sysOfClient (plam x: I. rename client_map Client)  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   966


        : Increasing (giv o sub i o client)   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   967


          guarantees  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   968


          (INT h. {s. h <= (giv o sub i o client) s &  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   969


                            h pfixGe (ask o sub i o client) s}   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   970


                  LeadsTo {s. tokens h <= (tokens o rel o sub i o client) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   971


  apply (tactic rename_client_map_tac)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   972


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   973


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   974


  apply (simp add: Client_Progress [simplified o_def])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   975


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   976


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   977














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   978














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   979


(*progress (2), step 7*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   980


lemma System_Client_Progress: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   981


  "System : (INT i : (lessThan Nclients).  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   982


            INT h. {s. h <= (giv o sub i o client) s &  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   983


                       h pfixGe (ask o sub i o client) s}   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   984


                LeadsTo {s. tokens h <= (tokens o rel o sub i o client) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   985


  apply (rule INT_I)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   986


(*Couldn't have just used Auto_tac since the "INT h" must be kept*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   987


  apply (rule component_guaranteesD [OF rename_Client_Progress Client_component_System])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   988


  apply (auto simp add: System_Increasing_giv)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   989


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   990














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   991


(*Concludes













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   992


 System : {s. k <= (sub i o allocGiv) s} 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   993


          LeadsTo













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   994


          {s. (sub i o allocAsk) s <= (ask o sub i o client) s} Int













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   995


          {s. k <= (giv o sub i o client) s} *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   996


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   997


bind_thm ("lemma",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   998


    [thm "System_Follows_ask" RS thm "Follows_Bounded",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




   999


     thm "System_Follows_allocGiv" RS thm "Follows_LeadsTo"] MRS thm "Always_LeadsToD");













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1000


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1001














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1002


(*A more complicated variant of the previous one*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1003


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1004


val lemma2 = [lemma, 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1005


	      System_Follows_ask RS Follows_Increasing1 RS IncreasingD]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1006


             MRS PSP_Stable;













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1007


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1008














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1009


lemma lemma3: "i < Nclients  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1010


      ==> System : {s. h <= (sub i o allocGiv) s &       













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1011


                       h pfixGe (sub i o allocAsk) s}    













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1012


                   LeadsTo   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1013


                   {s. h <= (giv o sub i o client) s &   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1014


                       h pfixGe (ask o sub i o client) s}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1015


  apply (rule single_LeadsTo_I)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1016


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1017


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1018


  apply (rule_tac k6 = "h" and x2 = " (sub i o allocAsk) s" in lemma2 [THEN LeadsTo_weaken])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1019


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1020


  apply (blast intro: trans_Ge [THEN trans_genPrefix THEN transD] prefix_imp_pfixGe)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1021


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1022


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1023














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1024














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1025


(*progress (2), step 8: Client i's "release" action is visible system-wide*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1026


lemma System_Alloc_Client_Progress: "i < Nclients   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1027


      ==> System : {s. h <= (sub i o allocGiv) s &  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1028


                       h pfixGe (sub i o allocAsk) s}   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1029


                   LeadsTo {s. tokens h <= (tokens o sub i o allocRel) s}"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1030


  apply (rule LeadsTo_Trans)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1031


   prefer 2













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1032


   apply (drule System_Follows_rel [THEN













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1033


     mono_tokens [THEN mono_Follows_o, THEN [2] rev_subsetD],













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1034


     THEN Follows_LeadsTo])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1035


   apply (simp add: o_assoc)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1036


  apply (rule LeadsTo_Trans)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1037


   apply (cut_tac [2] System_Client_Progress)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1038


   prefer 2













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1039


   apply (blast intro: LeadsTo_Basis)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1040


  apply (erule lemma3)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1041


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1042














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1043


(*Lifting Alloc_Progress up to the level of systemState*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1044


ML {*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1045


bind_thm ("rename_Alloc_Progress",













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1046


  thm "Alloc_Progress" RS thm "rename_guarantees_sysOfAlloc_I"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1047


  |> simplify (simpset() addsimps [thm "o_def"]))













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1048


*}













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1049














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1050


(*progress (2), step 9*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1051


lemma System_Alloc_Progress: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1052


 "System : (INT i : (lessThan Nclients).  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1053


            INT h. {s. h <= (sub i o allocAsk) s}   













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1054


                   LeadsTo {s. h pfixLe (sub i o allocGiv) s})"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1055


  apply (simp only: o_apply sub_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1056


  sorry













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1057


(*













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1058


  apply (rule rename_Alloc_Progress [THEN component_guaranteesD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1059


  apply (auto simp add: 













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1060


    System_Increasing_allocRel [simplified o_def]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1061


    System_Increasing_allocAsk [simplified o_def]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1062


    System_Bounded_allocAsk [simplified o_def]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1063


    System_Alloc_Client_Progress [simplified o_def])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1064


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1065


*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1066














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1067














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1068


(*progress (2), step 10 (final result!) *)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1069


lemma System_Progress: "System : system_progress"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1070


  apply (unfold system_progress_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1071


  apply (cut_tac System_Alloc_Progress)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1072


  apply (blast intro: LeadsTo_Trans













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1073


    System_Follows_allocGiv [THEN Follows_LeadsTo_pfixLe]













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1074


    System_Follows_ask [THEN Follows_LeadsTo])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1075


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1076














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1077














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1078


(*Ultimate goal*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1079


lemma System_correct: "System : system_spec"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1080


  apply (unfold system_spec_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1081


  apply (blast intro: System_safety System_Progress)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1082


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1083














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1084














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1085


(** SOME lemmas no longer used **)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1086














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1087


lemma non_dummy_eq_o_funPair: "non_dummy = (% (g,a,r). (| giv = g, ask = a, rel = r |)) o  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1088


                              (funPair giv (funPair ask rel))"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1089


  apply (rule ext)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1090


  apply (auto simp add: o_def non_dummy_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1091


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1092














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1093


lemma preserves_non_dummy_eq: "(preserves non_dummy) =  













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1094


      (preserves rel Int preserves ask Int preserves giv)"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1095


  apply (simp add: non_dummy_eq_o_funPair)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1096


  apply auto













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1097


    apply (drule_tac w1 = rel in subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1098


    apply (drule_tac [2] w1 = ask in subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1099


    apply (drule_tac [3] w1 = giv in subset_preserves_o [THEN [2] rev_subsetD])













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1100


    apply (auto simp add: o_def)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1101


  done













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1102














e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1103


(*Could go to Extend.ML*)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1104


lemma bij_fst_inv_inv_eq: "bij f ==> fst (inv (%(x, u). inv f x) z) = f z"













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1105


  apply (rule fst_inv_equalityI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1106


   apply (rule_tac f = "%z. (f z, ?h z) " in surjI)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1107


   apply (simp add: bij_is_inj inv_f_f)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1108


  apply (simp add: bij_is_surj surj_f_inv_f)













e7c1f1a77d18
converted legacy ML script;



wenzelm


parents: 
17310

diff
changeset




  1109


  done








11194






ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




  1110














ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp



paulson


parents: 

diff
changeset




  1111


end















isabelle