| author | haftmann |
| Mon, 20 Jul 2009 08:32:07 +0200 | |
| changeset 32075 | e8e0fb5da77a |
| parent 20625 | 1bb9a04f8c22 |
| child 32960 | 69916a850301 |
| permissions | -rw-r--r-- |
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
1 |
(* Title: HOL/UNITY/Counterc |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
2 |
ID: $Id$ |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
3 |
Author: Sidi O Ehmety, Cambridge University Computer Laboratory |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
4 |
Copyright 2001 University of Cambridge |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
5 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
6 |
A family of similar counters, version with a full use of "compatibility " |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
7 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
8 |
From Charpentier and Chandy, |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
9 |
Examples of Program Composition Illustrating the Use of Universal Properties |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
10 |
In J. Rolim (editor), Parallel and Distributed Processing, |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
11 |
Spriner LNCS 1586 (1999), pages 1215-1227. |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
12 |
*) |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
13 |
|
| 14094 | 14 |
header{*A Family of Similar Counters: Version with Compatibility*}
|
15 |
||
| 18556 | 16 |
theory Counterc imports "../UNITY_Main" begin |
| 13792 | 17 |
|
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
18 |
typedecl state |
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
19 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
20 |
consts |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
21 |
C :: "state=>int" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
22 |
c :: "state=>nat=>int" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
23 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
24 |
consts |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
25 |
sum :: "[nat,state]=>int" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
26 |
sumj :: "[nat, nat, state]=>int" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
27 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
28 |
primrec (* sum I s = sigma_{i<I}. c s i *)
|
|
11868
56db9f3a6b3e
Numerals now work for the integers: the binary numerals for 0 and 1 rewrite
paulson
parents:
11701
diff
changeset
|
29 |
"sum 0 s = 0" |
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
30 |
"sum (Suc i) s = (c s) i + sum i s" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
31 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
32 |
primrec |
|
11868
56db9f3a6b3e
Numerals now work for the integers: the binary numerals for 0 and 1 rewrite
paulson
parents:
11701
diff
changeset
|
33 |
"sumj 0 i s = 0" |
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
34 |
"sumj (Suc n) i s = (if n=i then sum n s else (c s) n + sumj n i s)" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
35 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
36 |
types command = "(state*state)set" |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
37 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
38 |
constdefs |
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
39 |
a :: "nat=>command" |
|
11868
56db9f3a6b3e
Numerals now work for the integers: the binary numerals for 0 and 1 rewrite
paulson
parents:
11701
diff
changeset
|
40 |
"a i == {(s, s'). (c s') i = (c s) i + 1 & (C s') = (C s) + 1}"
|
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
41 |
|
|
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
42 |
Component :: "nat => state program" |
|
13812
91713a1915ee
converting HOL/UNITY to use unconditional fairness
paulson
parents:
13792
diff
changeset
|
43 |
"Component i == mk_total_program({s. C s = 0 & (c s) i = 0},
|
|
91713a1915ee
converting HOL/UNITY to use unconditional fairness
paulson
parents:
13792
diff
changeset
|
44 |
{a i},
|
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
45 |
\<Union>G \<in> preserves (%s. (c s) i). Acts G)" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
46 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
47 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
48 |
declare Component_def [THEN def_prg_Init, simp] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
49 |
declare Component_def [THEN def_prg_AllowedActs, simp] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
50 |
declare a_def [THEN def_act_simp, simp] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
51 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
52 |
(* Theorems about sum and sumj *) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
53 |
lemma sum_sumj_eq1 [rule_format]: "\<forall>i. I<i--> (sum I s = sumj I i s)" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
54 |
by (induct_tac "I", auto) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
55 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
56 |
lemma sum_sumj_eq2 [rule_format]: "i<I --> sum I s = c s i + sumj I i s" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
57 |
apply (induct_tac "I") |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
58 |
apply (auto simp add: linorder_neq_iff sum_sumj_eq1) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
59 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
60 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
61 |
lemma sum_ext [rule_format]: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
62 |
"(\<forall>i. i<I --> c s' i = c s i) --> (sum I s' = sum I s)" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
63 |
by (induct_tac "I", auto) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
64 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
65 |
lemma sumj_ext [rule_format]: |
| 14094 | 66 |
"(\<forall>j. j<I & j\<noteq>i --> c s' j = c s j) --> (sumj I i s' = sumj I i s)" |
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
67 |
apply (induct_tac "I", safe) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
68 |
apply (auto intro!: sum_ext) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
69 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
70 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
71 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
72 |
lemma sum0 [rule_format]: "(\<forall>i. i<I --> c s i = 0) --> sum I s = 0" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
73 |
by (induct_tac "I", auto) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
74 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
75 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
76 |
(* Safety properties for Components *) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
77 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
78 |
lemma Component_ok_iff: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
79 |
"(Component i ok G) = |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
80 |
(G \<in> preserves (%s. c s i) & Component i \<in> Allowed G)" |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
81 |
apply (auto simp add: ok_iff_Allowed Component_def [THEN def_total_prg_Allowed]) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
82 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
83 |
declare Component_ok_iff [iff] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
84 |
declare OK_iff_ok [iff] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
85 |
declare preserves_def [simp] |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
86 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
87 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
88 |
lemma p2: "Component i \<in> stable {s. C s = (c s) i + k}"
|
|
16184
80617b8d33c5
renamed "constrains" to "safety" to avoid keyword clash
paulson
parents:
14094
diff
changeset
|
89 |
by (simp add: Component_def, safety) |
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
90 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
91 |
lemma p3: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
92 |
"[| OK I Component; i\<in>I |] |
| 14094 | 93 |
==> Component i \<in> stable {s. \<forall>j\<in>I. j\<noteq>i --> c s j = c k j}"
|
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
94 |
apply simp |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
95 |
apply (unfold Component_def mk_total_program_def) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
96 |
apply (simp (no_asm_use) add: stable_def constrains_def) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
97 |
apply blast |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
98 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
99 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
100 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
101 |
lemma p2_p3_lemma1: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
102 |
"[| OK {i. i<I} Component; i<I |] ==>
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
103 |
\<forall>k. Component i \<in> stable ({s. C s = c s i + sumj I i k} Int
|
| 14094 | 104 |
{s. \<forall>j\<in>{i. i<I}. j\<noteq>i --> c s j = c k j})"
|
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
105 |
by (blast intro: stable_Int [OF p2 p3]) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
106 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
107 |
lemma p2_p3_lemma2: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
108 |
"(\<forall>k. F \<in> stable ({s. C s = (c s) i + sumj I i k} Int
|
| 14094 | 109 |
{s. \<forall>j\<in>{i. i<I}. j\<noteq>i --> c s j = c k j}))
|
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
110 |
==> (F \<in> stable {s. C s = c s i + sumj I i s})"
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
111 |
apply (simp add: constrains_def stable_def) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
112 |
apply (force intro!: sumj_ext) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
113 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
114 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
115 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
116 |
lemma p2_p3: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
117 |
"[| OK {i. i<I} Component; i<I |]
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
118 |
==> Component i \<in> stable {s. C s = c s i + sumj I i s}"
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
119 |
by (blast intro: p2_p3_lemma1 [THEN p2_p3_lemma2]) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
120 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
121 |
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
122 |
(* Compositional correctness *) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
123 |
lemma safety: |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
124 |
"[| 0<I; OK {i. i<I} Component |]
|
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
125 |
==> (\<Squnion>i\<in>{i. i<I}. (Component i)) \<in> invariant {s. C s = sum I s}"
|
| 14094 | 126 |
apply (simp (no_asm) add: invariant_def JN_stable sum_sumj_eq2) |
|
14088
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
127 |
apply (auto intro!: sum0 p2_p3) |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
128 |
done |
|
61bd46feb919
converted Counter, Counterc and PriorityAux to Isar scripts (all HOL/UNITY/Comp)
paulson
parents:
13812
diff
changeset
|
129 |
|
|
11194
ea13ff5a26d1
reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
parents:
diff
changeset
|
130 |
end |