isabelle: src/HOL/HOLCF/IOA/NTP/Impl.thy@ff997038e8eb (annotated)

42151 4da4fc77664b tuned headers; wenzelm parents: 41476 diff changeset	1	(* Title: HOL/HOLCF/IOA/NTP/Impl.thy
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	2	Author: Tobias Nipkow & Konrad Slind
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	3	*)
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	4
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	5	header {* The implementation *}
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	6
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	7	theory Impl
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	8	imports Sender Receiver Abschannel
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	9	begin
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	10
41476 0fa9629aa399 types -> type_synonym huffman parents: 40774 diff changeset	11	type_synonym 'm impl_state
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	12	= "'m sender_state * 'm receiver_state * 'm packet multiset * bool multiset"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	13	(* sender_state * receiver_state * srch_state * rsch_state *)
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	14
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	15
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	16	definition
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	17	impl_ioa :: "('m action, 'm impl_state)ioa" where
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	18	impl_def: "impl_ioa == (sender_ioa \|\| receiver_ioa \|\| srch_ioa \|\| rsch_ioa)"
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	19
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	20	definition sen :: "'m impl_state => 'm sender_state" where "sen = fst"
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	21	definition rec :: "'m impl_state => 'm receiver_state" where "rec = fst o snd"
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	22	definition srch :: "'m impl_state => 'm packet multiset" where "srch = fst o snd o snd"
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	23	definition rsch :: "'m impl_state => bool multiset" where "rsch = snd o snd o snd"
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	24
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	25	definition
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	26	hdr_sum :: "'m packet multiset => bool => nat" where
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	27	"hdr_sum M b == countm M (%pkt. hdr(pkt) = b)"
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	28
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	29	(* Lemma 5.1 *)
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	30	definition
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	31	"inv1(s) ==
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	32	(!b. count (rsent(rec s)) b = count (srcvd(sen s)) b + count (rsch s) b)
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	33	& (!b. count (ssent(sen s)) b
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	34	= hdr_sum (rrcvd(rec s)) b + hdr_sum (srch s) b)"
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	35
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	36	(* Lemma 5.2 *)
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	37	definition
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	38	"inv2(s) ==
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	39	(rbit(rec(s)) = sbit(sen(s)) &
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	40	ssending(sen(s)) &
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	41	count (rsent(rec s)) (~sbit(sen s)) <= count (ssent(sen s)) (~sbit(sen s)) &
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	42	count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)))
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	43	\|
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	44	(rbit(rec(s)) = (~sbit(sen(s))) &
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	45	rsending(rec(s)) &
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	46	count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)) &
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	47	count (rsent(rec s)) (sbit(sen s)) <= count (ssent(sen s)) (sbit(sen s)))"
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	48
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	49	(* Lemma 5.3 *)
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	50	definition
24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	51	"inv3(s) ==
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	52	rbit(rec(s)) = sbit(sen(s))
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	53	--> (!m. sq(sen(s))=[] \| m ~= hd(sq(sen(s)))
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	54	--> count (rrcvd(rec s)) (sbit(sen(s)),m)
0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	55	+ count (srch s) (sbit(sen(s)),m)
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	56	<= count (rsent(rec s)) (~sbit(sen s)))"
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	57
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	58	(* Lemma 5.4 *)
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	59	definition "inv4(s) == rbit(rec(s)) = (~sbit(sen(s))) --> sq(sen(s)) ~= []"
17244 0b2ff9541727 converted to Isar theory format; wenzelm parents: 14981 diff changeset	60
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	61
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	62	subsection {* Invariants *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	63
35215 a03462cbf86f get rid of warnings about duplicate simp rules in all HOLCF theories huffman parents: 35174 diff changeset	64	declare le_SucI [simp]
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	65
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	66	lemmas impl_ioas =
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	67	impl_def sender_ioa_def receiver_ioa_def srch_ioa_thm [THEN eq_reflection]
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	68	rsch_ioa_thm [THEN eq_reflection]
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	69
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	70	lemmas "transitions" =
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	71	sender_trans_def receiver_trans_def srch_trans_def rsch_trans_def
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	72
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	73
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	74	lemmas [simp] =
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	75	ioa_triple_proj starts_of_par trans_of_par4 in_sender_asig
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	76	in_receiver_asig in_srch_asig in_rsch_asig
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	77
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	78	declare let_weak_cong [cong]
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	79
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	80	lemma [simp]:
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	81	"fst(x) = sen(x)"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	82	"fst(snd(x)) = rec(x)"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	83	"fst(snd(snd(x))) = srch(x)"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	84	"snd(snd(snd(x))) = rsch(x)"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	85	by (simp_all add: sen_def rec_def srch_def rsch_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	86
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	87	lemma [simp]:
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	88	"a:actions(sender_asig)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	89	\| a:actions(receiver_asig)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	90	\| a:actions(srch_asig)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	91	\| a:actions(rsch_asig)"
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	92	by (induct a) simp_all
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	93
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	94	declare split_paired_All [simp del]
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	95
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	96
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	97	(* Three Simp_sets in different sizes
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	98	----------------------------------------------
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	99
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	100	1) simpset() does not unfold the transition relations
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	101	2) ss unfolds transition relations
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	102	3) renname_ss unfolds transitions and the abstract channel *)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	103
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	104	ML {*
27355 a9d738d20174 antiquote: need to quote outer keywords; wenzelm parents: 26483 diff changeset	105	val ss = @{simpset} addsimps @{thms "transitions"};
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	106	val rename_ss = ss addsimps @{thms unfold_renaming};
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	107
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	108	val tac = asm_simp_tac (ss addcongs [@{thm conj_cong}] addsplits [@{thm split_if}])
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	109	val tac_ren = asm_simp_tac (rename_ss addcongs [@{thm conj_cong}] addsplits [@{thm split_if}])
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	110	*}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	111
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	112
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	113	subsubsection {* Invariant 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	114
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	115	lemma raw_inv1: "invariant impl_ioa inv1"
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	116
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	117	apply (unfold impl_ioas)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	118	apply (rule invariantI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	119	apply (simp add: inv1_def hdr_sum_def srcvd_def ssent_def rsent_def rrcvd_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	120
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	121	apply (simp (no_asm) del: trans_of_par4 add: imp_conjR inv1_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	122
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	123	txt {* Split proof in two *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	124	apply (rule conjI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	125
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	126	(* First half *)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	127	apply (simp add: Impl.inv1_def split del: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	128	apply (induct_tac a)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	129
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	130	apply (tactic "EVERY1[tac, tac, tac, tac]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	131	apply (tactic "tac 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	132	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	133
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	134	txt {* 5 + 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	135
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	136	apply (tactic "tac 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	137	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	138
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	139	txt {* 4 + 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	140	apply (tactic {* EVERY1[tac, tac, tac, tac] *})
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	141
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	142
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	143	txt {* Now the other half *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	144	apply (simp add: Impl.inv1_def split del: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	145	apply (induct_tac a)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	146	apply (tactic "EVERY1 [tac, tac]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	147
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	148	txt {* detour 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	149	apply (tactic "tac 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	150	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	151	apply (rule impI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	152	apply (erule conjE)+
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	153	apply (simp (no_asm_simp) add: hdr_sum_def Multiset.count_def Multiset.countm_nonempty_def
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	154	split add: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	155	txt {* detour 2 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	156	apply (tactic "tac 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	157	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	158	apply (rule impI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	159	apply (erule conjE)+
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	160	apply (simp add: Impl.hdr_sum_def Multiset.count_def Multiset.countm_nonempty_def
25161 aa8474398030 changed back from ~=0 to >0 nipkow parents: 25113 diff changeset	161	Multiset.delm_nonempty_def split add: split_if)
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	162	apply (rule allI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	163	apply (rule conjI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	164	apply (rule impI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	165	apply hypsubst
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	166	apply (rule pred_suc [THEN iffD1])
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	167	apply (drule less_le_trans)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	168	apply (cut_tac eq_packet_imp_eq_hdr [unfolded Packet.hdr_def, THEN countm_props])
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	169	apply assumption
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	170	apply assumption
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	171
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	172	apply (rule countm_done_delm [THEN mp, symmetric])
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	173	apply (rule refl)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	174	apply (simp (no_asm_simp) add: Multiset.count_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	175
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	176	apply (rule impI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	177	apply (simp add: neg_flip)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	178	apply hypsubst
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	179	apply (rule countm_spurious_delm)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	180	apply (simp (no_asm))
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	181
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	182	apply (tactic "EVERY1 [tac, tac, tac, tac, tac, tac]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	183
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	184	done
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	185
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	186
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	187
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	188	subsubsection {* INVARIANT 2 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	189
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	190	lemma raw_inv2: "invariant impl_ioa inv2"
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	191
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	192	apply (rule invariantI1)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	193	txt {* Base case *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	194	apply (simp add: inv2_def receiver_projections sender_projections impl_ioas)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	195
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	196	apply (simp (no_asm_simp) add: impl_ioas split del: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	197	apply (induct_tac "a")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	198
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	199	txt {* 10 cases. First 4 are simple, since state doesn't change *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	200
28265 7e14443f2dd6 use ML_prf within proofs; wenzelm parents: 27361 diff changeset	201	ML_prf {* val tac2 = asm_full_simp_tac (ss addsimps [@{thm inv2_def}]) *}
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	202
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	203	txt {* 10 - 7 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	204	apply (tactic "EVERY1 [tac2,tac2,tac2,tac2]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	205	txt {* 6 *}
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	206	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	207	(@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	208
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	209	txt {* 6 - 5 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	210	apply (tactic "EVERY1 [tac2,tac2]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	211
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	212	txt {* 4 *}
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	213	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	214	(@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	215	apply (tactic "tac2 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	216
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	217	txt {* 3 *}
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	218	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	219	(@{thm raw_inv1} RS @{thm invariantE})] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	220
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	221	apply (tactic "tac2 1")
28839 32d498cf7595 eliminated rewrite_tac/fold_tac, which are not well-formed tactics due to change of main conclusion; wenzelm parents: 28265 diff changeset	222	apply (tactic {* fold_goals_tac [rewrite_rule [@{thm Packet.hdr_def}]
27361 24ec32bee347 modernized specifications; wenzelm parents: 27355 diff changeset	223	(@{thm Impl.hdr_sum_def})] *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	224	apply arith
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	225
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	226	txt {* 2 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	227	apply (tactic "tac2 1")
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	228	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	229	(@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	230	apply (intro strip)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	231	apply (erule conjE)+
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	232	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	233
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	234	txt {* 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	235	apply (tactic "tac2 1")
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	236	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	237	(@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	238	apply (intro strip)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	239	apply (erule conjE)+
28839 32d498cf7595 eliminated rewrite_tac/fold_tac, which are not well-formed tactics due to change of main conclusion; wenzelm parents: 28265 diff changeset	240	apply (tactic {* fold_goals_tac [rewrite_rule [@{thm Packet.hdr_def}] (@{thm Impl.hdr_sum_def})] *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	241	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	242
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	243	done
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	244
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	245
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	246	subsubsection {* INVARIANT 3 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	247
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	248	lemma raw_inv3: "invariant impl_ioa inv3"
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	249
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	250	apply (rule invariantI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	251	txt {* Base case *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	252	apply (simp add: Impl.inv3_def receiver_projections sender_projections impl_ioas)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	253
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	254	apply (simp (no_asm_simp) add: impl_ioas split del: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	255	apply (induct_tac "a")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	256
28265 7e14443f2dd6 use ML_prf within proofs; wenzelm parents: 27361 diff changeset	257	ML_prf {* val tac3 = asm_full_simp_tac (ss addsimps [@{thm inv3_def}]) *}
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	258
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	259	txt {* 10 - 8 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	260
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	261	apply (tactic "EVERY1[tac3,tac3,tac3]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	262
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	263	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	264	apply (intro strip, (erule conjE)+)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	265	apply hypsubst
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	266	apply (erule exE)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	267	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	268
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	269	txt {* 7 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	270	apply (tactic "tac3 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	271	apply (tactic "tac_ren 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	272	apply force
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	273
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	274	txt {* 6 - 3 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	275
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	276	apply (tactic "EVERY1[tac3,tac3,tac3,tac3]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	277
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	278	txt {* 2 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	279	apply (tactic "asm_full_simp_tac ss 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	280	apply (simp (no_asm) add: inv3_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	281	apply (intro strip, (erule conjE)+)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	282	apply (rule imp_disjL [THEN iffD1])
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	283	apply (rule impI)
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	284	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv2_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	285	(@{thm raw_inv2} RS @{thm invariantE})] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	286	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	287	apply (erule conjE)+
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	288	apply (rule_tac j = "count (ssent (sen s)) (~sbit (sen s))" and
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	289	k = "count (rsent (rec s)) (sbit (sen s))" in le_trans)
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	290	apply (tactic {* forward_tac [rewrite_rule [@{thm inv1_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	291	(@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	292	apply (simp add: hdr_sum_def Multiset.count_def)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	293	apply (rule add_le_mono)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	294	apply (rule countm_props)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	295	apply (simp (no_asm))
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	296	apply (rule countm_props)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	297	apply (simp (no_asm))
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	298	apply assumption
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	299
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	300	txt {* 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	301	apply (tactic "tac3 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	302	apply (intro strip, (erule conjE)+)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	303	apply (rule imp_disjL [THEN iffD1])
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	304	apply (rule impI)
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	305	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv2_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	306	(@{thm raw_inv2} RS @{thm invariantE})] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	307	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	308	done
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	309
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	310
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	311	subsubsection {* INVARIANT 4 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	312
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	313	lemma raw_inv4: "invariant impl_ioa inv4"
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	314
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	315	apply (rule invariantI)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	316	txt {* Base case *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	317	apply (simp add: Impl.inv4_def receiver_projections sender_projections impl_ioas)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	318
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	319	apply (simp (no_asm_simp) add: impl_ioas split del: split_if)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	320	apply (induct_tac "a")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	321
28265 7e14443f2dd6 use ML_prf within proofs; wenzelm parents: 27361 diff changeset	322	ML_prf {* val tac4 = asm_full_simp_tac (ss addsimps [@{thm inv4_def}]) *}
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	323
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	324	txt {* 10 - 2 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	325
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	326	apply (tactic "EVERY1[tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4]")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	327
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	328	txt {* 2 b *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	329
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	330	apply (intro strip, (erule conjE)+)
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	331	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv2_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	332	(@{thm raw_inv2} RS @{thm invariantE})] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	333	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	334
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	335	txt {* 1 *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	336	apply (tactic "tac4 1")
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	337	apply (intro strip, (erule conjE)+)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	338	apply (rule ccontr)
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	339	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv2_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	340	(@{thm raw_inv2} RS @{thm invariantE})] 1 *})
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	341	apply (tactic {* forward_tac [rewrite_rule [@{thm Impl.inv3_def}]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	342	(@{thm raw_inv3} RS @{thm invariantE})] 1 *})
19739 c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	343	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	344	apply (erule_tac x = "m" in allE)
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	345	apply simp
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	346	done
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	347
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	348
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	349	text {* rebind them *}
c58ef2aa5430 removed legacy ML scripts; wenzelm parents: 17244 diff changeset	350
26305 651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	351	lemmas inv1 = raw_inv1 [THEN invariantE, unfolded inv1_def]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	352	and inv2 = raw_inv2 [THEN invariantE, unfolded inv2_def]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	353	and inv3 = raw_inv3 [THEN invariantE, unfolded inv3_def]
651371f29e00 avoid rebinding of existing facts; wenzelm parents: 25161 diff changeset	354	and inv4 = raw_inv4 [THEN invariantE, unfolded inv4_def]
3073 88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	355
88366253a09a Old NTP files now running under the IOA meta theory based on HOLCF; mueller parents: diff changeset	356	end

author	wenzelm
	Tue, 19 Apr 2011 23:57:28 +0200
changeset 42411	ff997038e8eb
parent 42151	4da4fc77664b
child 45620	f2a587696afb
permissions	-rw-r--r--