isabelle: src/HOLCF/IOA/meta_theory/RefCorrectness.thy@f65265d71426 (annotated)

3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	1	(* Title: HOLCF/IOA/meta_theory/RefCorrectness.thy
3275 3f53f2c876f4 changes for release 94-8 mueller parents: 3071 diff changeset	2	ID: $Id$
12218 6597093b77e7 GPLed; wenzelm parents: 10835 diff changeset	3	Author: Olaf M�ller
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	4	*)
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	5
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	6	header {* Correctness of Refinement Mappings in HOLCF/IOA *}
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	7
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	8	theory RefCorrectness
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	9	imports RefMappings
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	10	begin
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	11
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	12	consts
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	13
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	14	corresp_ex ::"('a,'s2)ioa => ('s1 => 's2) =>
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	15	('a,'s1)execution => ('a,'s2)execution"
3433 2de17c994071 added deadlock freedom, polished definitions and proofs mueller parents: 3275 diff changeset	16	corresp_exC ::"('a,'s2)ioa => ('s1 => 's2) => ('a,'s1)pairs
2de17c994071 added deadlock freedom, polished definitions and proofs mueller parents: 3275 diff changeset	17	-> ('s1 => ('a,'s2)pairs)"
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	18	is_fair_ref_map :: "('s1 => 's2) => ('a,'s1)ioa => ('a,'s2)ioa => bool"
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	19
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	20	defs
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	21
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	22	corresp_ex_def:
10835 f4745d77e620 ` -> $ nipkow parents: 5976 diff changeset	23	"corresp_ex A f ex == (f (fst ex),(corresp_exC A f$(snd ex)) (fst ex))"
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	24
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	25
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	26	corresp_exC_def:
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	27	"corresp_exC A f == (fix$(LAM h ex. (%s. case ex of
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	28	nil => nil
3433 2de17c994071 added deadlock freedom, polished definitions and proofs mueller parents: 3275 diff changeset	29	\| x##xs => (flift1 (%pr. (@cex. move A cex (f s) (fst pr) (f (snd pr)))
10835 f4745d77e620 ` -> $ nipkow parents: 5976 diff changeset	30	@@ ((h$xs) (snd pr)))
f4745d77e620 ` -> $ nipkow parents: 5976 diff changeset	31	$x) )))"
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	32
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	33	is_fair_ref_map_def:
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	34	"is_fair_ref_map f C A ==
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	35	is_ref_map f C A &
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	36	(! ex : executions(C). fair_ex C ex --> fair_ex A (corresp_ex A f ex))"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	37
3071 981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	38
981258186b71 New meta theory for IOA based on HOLCF. mueller parents: diff changeset	39
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	40	axioms
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	41	(* Axioms for fair trace inclusion proof support, not for the correctness proof
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	42	of refinement mappings!
5976 44290b71a85f tuning to assimiliate it with PhD; mueller parents: 4559 diff changeset	43	Note: Everything is superseded by LiveIOA.thy! *)
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	44
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	45	corresp_laststate:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	46	"Finite ex ==> laststate (corresp_ex A f (s,ex)) = f (laststate (s,ex))"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	47
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	48	corresp_Finite:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	49	"Finite (snd (corresp_ex A f (s,ex))) = Finite ex"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	50
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	51	FromAtoC:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	52	"fin_often (%x. P (snd x)) (snd (corresp_ex A f (s,ex))) ==> fin_often (%y. P (f (snd y))) ex"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	53
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	54	FromCtoA:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	55	"inf_often (%y. P (fst y)) ex ==> inf_often (%x. P (fst x)) (snd (corresp_ex A f (s,ex)))"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	56
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	57
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	58	(* Proof by case on inf W in ex: If so, ok. If not, only fin W in ex, ie there is
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	59	an index i from which on no W in ex. But W inf enabled, ie at least once after i
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	60	W is enabled. As W does not occur after i and W is enabling_persistent, W keeps
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	61	enabled until infinity, ie. indefinitely *)
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	62	persistent:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	63	"[\|inf_often (%x. Enabled A W (snd x)) ex; en_persistent A W\|]
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	64	==> inf_often (%x. fst x :W) ex \| fin_often (%x. ~Enabled A W (snd x)) ex"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	65
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	66	infpostcond:
4559 8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	67	"[\| is_exec_frag A (s,ex); inf_often (%x. fst x:W) ex\|]
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	68	==> inf_often (% x. set_was_enabled A W (snd x)) ex"
8e604d885b54 added files containing temproal logic and abstraction; mueller parents: 3433 diff changeset	69
19741 f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	70
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	71	subsection "corresp_ex"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	72
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	73	lemma corresp_exC_unfold: "corresp_exC A f = (LAM ex. (%s. case ex of
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	74	nil => nil
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	75	\| x##xs => (flift1 (%pr. (@cex. move A cex (f s) (fst pr) (f (snd pr)))
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	76	@@ ((corresp_exC A f $xs) (snd pr)))
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	77	$x) ))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	78	apply (rule trans)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	79	apply (rule fix_eq2)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	80	apply (rule corresp_exC_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	81	apply (rule beta_cfun)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	82	apply (simp add: flift1_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	83	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	84
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	85	lemma corresp_exC_UU: "(corresp_exC A f$UU) s=UU"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	86	apply (subst corresp_exC_unfold)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	87	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	88	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	89
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	90	lemma corresp_exC_nil: "(corresp_exC A f$nil) s = nil"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	91	apply (subst corresp_exC_unfold)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	92	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	93	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	94
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	95	lemma corresp_exC_cons: "(corresp_exC A f$(at>>xs)) s =
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	96	(@cex. move A cex (f s) (fst at) (f (snd at)))
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	97	@@ ((corresp_exC A f$xs) (snd at))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	98	apply (rule trans)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	99	apply (subst corresp_exC_unfold)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	100	apply (simp add: Consq_def flift1_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	101	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	102	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	103
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	104
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	105	declare corresp_exC_UU [simp] corresp_exC_nil [simp] corresp_exC_cons [simp]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	106
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	107
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	108
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	109	subsection "properties of move"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	110
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	111	lemma move_is_move:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	112	"[\|is_ref_map f C A; reachable C s; (s,a,t):trans_of C\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	113	move A (@x. move A x (f s) a (f t)) (f s) a (f t)"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	114	apply (unfold is_ref_map_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	115	apply (subgoal_tac "? ex. move A ex (f s) a (f t) ")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	116	prefer 2
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	117	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	118	apply (erule exE)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	119	apply (rule someI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	120	apply assumption
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	121	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	122
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	123	lemma move_subprop1:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	124	"[\|is_ref_map f C A; reachable C s; (s,a,t):trans_of C\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	125	is_exec_frag A (f s,@x. move A x (f s) a (f t))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	126	apply (cut_tac move_is_move)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	127	defer
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	128	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	129	apply (simp add: move_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	130	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	131
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	132	lemma move_subprop2:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	133	"[\|is_ref_map f C A; reachable C s; (s,a,t):trans_of C\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	134	Finite ((@x. move A x (f s) a (f t)))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	135	apply (cut_tac move_is_move)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	136	defer
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	137	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	138	apply (simp add: move_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	139	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	140
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	141	lemma move_subprop3:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	142	"[\|is_ref_map f C A; reachable C s; (s,a,t):trans_of C\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	143	laststate (f s,@x. move A x (f s) a (f t)) = (f t)"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	144	apply (cut_tac move_is_move)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	145	defer
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	146	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	147	apply (simp add: move_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	148	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	149
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	150	lemma move_subprop4:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	151	"[\|is_ref_map f C A; reachable C s; (s,a,t):trans_of C\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	152	mk_trace A$((@x. move A x (f s) a (f t))) =
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	153	(if a:ext A then a>>nil else nil)"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	154	apply (cut_tac move_is_move)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	155	defer
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	156	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	157	apply (simp add: move_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	158	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	159
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	160
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	161	(* ------------------------------------------------------------------ *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	162	(* The following lemmata contribute to *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	163	(* TRACE INCLUSION Part 1: Traces coincide *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	164	(* ------------------------------------------------------------------ *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	165
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	166	section "Lemmata for <=="
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	167
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	168	(* --------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	169	(* Lemma 1.1: Distribution of mk_trace and @@ *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	170	(* --------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	171
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	172	lemma mk_traceConc: "mk_trace C$(ex1 @@ ex2)= (mk_trace C$ex1) @@ (mk_trace C$ex2)"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	173	apply (simp add: mk_trace_def filter_act_def FilterConc MapConc)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	174	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	175
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	176
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	177
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	178	(* ------------------------------------------------------
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	179	Lemma 1 :Traces coincide
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	180	------------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	181	declare split_if [split del]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	182
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	183	lemma lemma_1:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	184	"[\|is_ref_map f C A; ext C = ext A\|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	185	!s. reachable C s & is_exec_frag C (s,xs) -->
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	186	mk_trace C$xs = mk_trace A$(snd (corresp_ex A f (s,xs)))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	187	apply (unfold corresp_ex_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	188	apply (tactic {* pair_induct_tac "xs" [thm "is_exec_frag_def"] 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	189	(* cons case *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	190	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	191	apply (simp add: mk_traceConc)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	192	apply (frule reachable.reachable_n)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	193	apply assumption
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	194	apply (erule_tac x = "y" in allE)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	195	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	196	apply (simp add: move_subprop4 split add: split_if)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	197	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	198
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	199	declare split_if [split]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	200
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	201	(* ------------------------------------------------------------------ *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	202	(* The following lemmata contribute to *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	203	(* TRACE INCLUSION Part 2: corresp_ex is execution *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	204	(* ------------------------------------------------------------------ *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	205
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	206	section "Lemmata for ==>"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	207
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	208	(* -------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	209	(* Lemma 2.1 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	210	(* -------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	211
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	212	lemma lemma_2_1 [rule_format (no_asm)]:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	213	"Finite xs -->
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	214	(!s .is_exec_frag A (s,xs) & is_exec_frag A (t,ys) &
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	215	t = laststate (s,xs)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	216	--> is_exec_frag A (s,xs @@ ys))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	217
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	218	apply (rule impI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	219	apply (tactic {* Seq_Finite_induct_tac 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	220	(* main case *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	221	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	222	apply (tactic {* pair_tac "a" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	223	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	224
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	225
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	226	(* ----------------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	227	(* Lemma 2 : corresp_ex is execution *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	228	(* ----------------------------------------------------------- *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	229
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	230
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	231
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	232	lemma lemma_2:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	233	"[\| is_ref_map f C A \|] ==>
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	234	!s. reachable C s & is_exec_frag C (s,xs)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	235	--> is_exec_frag A (corresp_ex A f (s,xs))"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	236
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	237	apply (unfold corresp_ex_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	238
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	239	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	240	apply (tactic {* pair_induct_tac "xs" [thm "is_exec_frag_def"] 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	241	(* main case *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	242	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	243	apply (rule_tac t = "f y" in lemma_2_1)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	244
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	245	(* Finite *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	246	apply (erule move_subprop2)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	247	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	248	apply (rule conjI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	249
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	250	(* is_exec_frag *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	251	apply (erule move_subprop1)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	252	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	253	apply (rule conjI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	254
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	255	(* Induction hypothesis *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	256	(* reachable_n looping, therefore apply it manually *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	257	apply (erule_tac x = "y" in allE)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	258	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	259	apply (frule reachable.reachable_n)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	260	apply assumption
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	261	apply simp
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	262	(* laststate *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	263	apply (erule move_subprop3 [symmetric])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	264	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	265	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	266
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	267
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	268	subsection "Main Theorem: TRACE - INCLUSION"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	269
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	270	lemma trace_inclusion:
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	271	"[\| ext C = ext A; is_ref_map f C A \|]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	272	==> traces C <= traces A"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	273
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	274	apply (unfold traces_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	275
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	276	apply (simp (no_asm) add: has_trace_def2)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	277	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	278
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	279	(* give execution of abstract automata *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	280	apply (rule_tac x = "corresp_ex A f ex" in bexI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	281
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	282	(* Traces coincide, Lemma 1 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	283	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	284	apply (erule lemma_1 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	285	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	286	apply (simp add: executions_def reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	287
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	288	(* corresp_ex is execution, Lemma 2 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	289	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	290	apply (simp add: executions_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	291	(* start state *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	292	apply (rule conjI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	293	apply (simp add: is_ref_map_def corresp_ex_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	294	(* is-execution-fragment *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	295	apply (erule lemma_2 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	296	apply (simp add: reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	297	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	298
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	299
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	300	subsection "Corollary: FAIR TRACE - INCLUSION"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	301
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	302	lemma fininf: "(~inf_often P s) = fin_often P s"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	303	apply (unfold fin_often_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	304	apply auto
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	305	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	306
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	307
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	308	lemma WF_alt: "is_wfair A W (s,ex) =
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	309	(fin_often (%x. ~Enabled A W (snd x)) ex --> inf_often (%x. fst x :W) ex)"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	310	apply (simp add: is_wfair_def fin_often_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	311	apply auto
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	312	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	313
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	314	lemma WF_persistent: "[\|is_wfair A W (s,ex); inf_often (%x. Enabled A W (snd x)) ex;
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	315	en_persistent A W\|]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	316	==> inf_often (%x. fst x :W) ex"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	317	apply (drule persistent)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	318	apply assumption
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	319	apply (simp add: WF_alt)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	320	apply auto
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	321	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	322
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	323
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	324	lemma fair_trace_inclusion: "!! C A.
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	325	[\| is_ref_map f C A; ext C = ext A;
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	326	!! ex. [\| ex:executions C; fair_ex C ex\|] ==> fair_ex A (corresp_ex A f ex) \|]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	327	==> fairtraces C <= fairtraces A"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	328	apply (simp (no_asm) add: fairtraces_def fairexecutions_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	329	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	330	apply (rule_tac x = "corresp_ex A f ex" in exI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	331	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	332
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	333	(* Traces coincide, Lemma 1 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	334	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	335	apply (erule lemma_1 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	336	apply assumption+
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	337	apply (simp add: executions_def reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	338
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	339	(* corresp_ex is execution, Lemma 2 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	340	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	341	apply (simp add: executions_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	342	(* start state *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	343	apply (rule conjI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	344	apply (simp add: is_ref_map_def corresp_ex_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	345	(* is-execution-fragment *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	346	apply (erule lemma_2 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	347	apply (simp add: reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	348
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	349	(* Fairness *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	350	apply auto
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	351	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	352
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	353	lemma fair_trace_inclusion2: "!! C A.
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	354	[\| inp(C) = inp(A); out(C)=out(A);
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	355	is_fair_ref_map f C A \|]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	356	==> fair_implements C A"
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	357	apply (simp add: is_fair_ref_map_def fair_implements_def fairtraces_def fairexecutions_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	358	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	359	apply (rule_tac x = "corresp_ex A f ex" in exI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	360	apply (tactic "safe_tac set_cs")
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	361	(* Traces coincide, Lemma 1 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	362	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	363	apply (erule lemma_1 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	364	apply (simp (no_asm) add: externals_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	365	apply (auto)[1]
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	366	apply (simp add: executions_def reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	367
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	368	(* corresp_ex is execution, Lemma 2 *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	369	apply (tactic {* pair_tac "ex" 1 *})
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	370	apply (simp add: executions_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	371	(* start state *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	372	apply (rule conjI)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	373	apply (simp add: is_ref_map_def corresp_ex_def)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	374	(* is-execution-fragment *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	375	apply (erule lemma_2 [THEN spec, THEN mp])
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	376	apply (simp add: reachable.reachable_0)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	377
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	378	(* Fairness *)
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	379	apply auto
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	380	done
f65265d71426 removed legacy ML scripts; wenzelm parents: 17233 diff changeset	381
17233 41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	382
41eee2e7b465 converted specifications to Isar theories; wenzelm parents: 14981 diff changeset	383	end

author	wenzelm
	Sun, 28 May 2006 19:54:20 +0200
changeset 19741	f65265d71426
parent 17233	41eee2e7b465
child 25135	4f8176c940cf
permissions	-rw-r--r--