49 "\<lbrakk>A=A'; r=r'; \<And>x. x \<in> state \<Longrightarrow> f(x)=f'(x); \<And>x. x \<in> state \<Longrightarrow> g(x)=g'(x)\<rbrakk> \<Longrightarrow> Follows(A, r, f, g) = Follows(A', r', f', g')" |
49 "\<lbrakk>A=A'; r=r'; \<And>x. x \<in> state \<Longrightarrow> f(x)=f'(x); \<And>x. x \<in> state \<Longrightarrow> g(x)=g'(x)\<rbrakk> \<Longrightarrow> Follows(A, r, f, g) = Follows(A', r', f', g')" |
50 by (simp add: Increasing_def Follows_def) |
50 by (simp add: Increasing_def Follows_def) |
51 |
51 |
52 |
52 |
53 lemma subset_Always_comp: |
53 lemma subset_Always_comp: |
54 "\<lbrakk>mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A & g(x):A\<rbrakk> \<Longrightarrow> |
54 "\<lbrakk>mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A \<and> g(x):A\<rbrakk> \<Longrightarrow> |
55 Always({x \<in> state. <f(x), g(x)> \<in> r})<=Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})" |
55 Always({x \<in> state. <f(x), g(x)> \<in> r})<=Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})" |
56 apply (unfold mono1_def metacomp_def) |
56 apply (unfold mono1_def metacomp_def) |
57 apply (auto simp add: Always_eq_includes_reachable) |
57 apply (auto simp add: Always_eq_includes_reachable) |
58 done |
58 done |
59 |
59 |
60 lemma imp_Always_comp: |
60 lemma imp_Always_comp: |
61 "\<lbrakk>F \<in> Always({x \<in> state. <f(x), g(x)> \<in> r}); |
61 "\<lbrakk>F \<in> Always({x \<in> state. <f(x), g(x)> \<in> r}); |
62 mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A & g(x):A\<rbrakk> \<Longrightarrow> |
62 mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A \<and> g(x):A\<rbrakk> \<Longrightarrow> |
63 F \<in> Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})" |
63 F \<in> Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})" |
64 by (blast intro: subset_Always_comp [THEN subsetD]) |
64 by (blast intro: subset_Always_comp [THEN subsetD]) |
65 |
65 |
66 |
66 |
67 lemma imp_Always_comp2: |
67 lemma imp_Always_comp2: |
68 "\<lbrakk>F \<in> Always({x \<in> state. <f1(x), f(x)> \<in> r}); |
68 "\<lbrakk>F \<in> Always({x \<in> state. <f1(x), f(x)> \<in> r}); |
69 F \<in> Always({x \<in> state. <g1(x), g(x)> \<in> s}); |
69 F \<in> Always({x \<in> state. <g1(x), g(x)> \<in> s}); |
70 mono2(A, r, B, s, C, t, h); |
70 mono2(A, r, B, s, C, t, h); |
71 \<forall>x \<in> state. f1(x):A & f(x):A & g1(x):B & g(x):B\<rbrakk> |
71 \<forall>x \<in> state. f1(x):A \<and> f(x):A \<and> g1(x):B \<and> g(x):B\<rbrakk> |
72 \<Longrightarrow> F \<in> Always({x \<in> state. <h(f1(x), g1(x)), h(f(x), g(x))> \<in> t})" |
72 \<Longrightarrow> F \<in> Always({x \<in> state. <h(f1(x), g1(x)), h(f(x), g(x))> \<in> t})" |
73 apply (auto simp add: Always_eq_includes_reachable mono2_def) |
73 apply (auto simp add: Always_eq_includes_reachable mono2_def) |
74 apply (auto dest!: subsetD) |
74 apply (auto dest!: subsetD) |
75 done |
75 done |
76 |
76 |
77 (* comp LeadsTo *) |
77 (* comp LeadsTo *) |
78 |
78 |
79 lemma subset_LeadsTo_comp: |
79 lemma subset_LeadsTo_comp: |
80 "\<lbrakk>mono1(A, r, B, s, h); refl(A,r); trans[B](s); |
80 "\<lbrakk>mono1(A, r, B, s, h); refl(A,r); trans[B](s); |
81 \<forall>x \<in> state. f(x):A & g(x):A\<rbrakk> \<Longrightarrow> |
81 \<forall>x \<in> state. f(x):A \<and> g(x):A\<rbrakk> \<Longrightarrow> |
82 (\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f(s)> \<in> r}) <= |
82 (\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f(s)> \<in> r}) <= |
83 (\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} \<longmapsto>w {x \<in> state. <k, (h comp f)(x)> \<in> s})" |
83 (\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} \<longmapsto>w {x \<in> state. <k, (h comp f)(x)> \<in> s})" |
84 |
84 |
85 apply (unfold mono1_def metacomp_def, clarify) |
85 apply (unfold mono1_def metacomp_def, clarify) |
86 apply (simp_all (no_asm_use) add: INT_iff) |
86 apply (simp_all (no_asm_use) add: INT_iff) |
97 done |
97 done |
98 |
98 |
99 lemma imp_LeadsTo_comp: |
99 lemma imp_LeadsTo_comp: |
100 "\<lbrakk>F:(\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f(s)> \<in> r}); |
100 "\<lbrakk>F:(\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f(s)> \<in> r}); |
101 mono1(A, r, B, s, h); refl(A,r); trans[B](s); |
101 mono1(A, r, B, s, h); refl(A,r); trans[B](s); |
102 \<forall>x \<in> state. f(x):A & g(x):A\<rbrakk> \<Longrightarrow> |
102 \<forall>x \<in> state. f(x):A \<and> g(x):A\<rbrakk> \<Longrightarrow> |
103 F:(\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} \<longmapsto>w {x \<in> state. <k, (h comp f)(x)> \<in> s})" |
103 F:(\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} \<longmapsto>w {x \<in> state. <k, (h comp f)(x)> \<in> s})" |
104 apply (rule subset_LeadsTo_comp [THEN subsetD], auto) |
104 apply (rule subset_LeadsTo_comp [THEN subsetD], auto) |
105 done |
105 done |
106 |
106 |
107 lemma imp_LeadsTo_comp_right: |
107 lemma imp_LeadsTo_comp_right: |
108 "\<lbrakk>F \<in> Increasing(B, s, g); |
108 "\<lbrakk>F \<in> Increasing(B, s, g); |
109 \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f1(s)> \<in> r}; |
109 \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f1(s)> \<in> r}; |
110 mono2(A, r, B, s, C, t, h); refl(A, r); refl(B, s); trans[C](t); |
110 mono2(A, r, B, s, C, t, h); refl(A, r); refl(B, s); trans[C](t); |
111 \<forall>x \<in> state. f1(x):A & f(x):A & g(x):B; k \<in> C\<rbrakk> \<Longrightarrow> |
111 \<forall>x \<in> state. f1(x):A \<and> f(x):A \<and> g(x):B; k \<in> C\<rbrakk> \<Longrightarrow> |
112 F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f1(x), g(x))> \<in> t}" |
112 F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f1(x), g(x))> \<in> t}" |
113 apply (unfold mono2_def Increasing_def) |
113 apply (unfold mono2_def Increasing_def) |
114 apply (rule single_LeadsTo_I, auto) |
114 apply (rule single_LeadsTo_I, auto) |
115 apply (drule_tac x = "g (sa) " and A = B in bspec) |
115 apply (drule_tac x = "g (sa) " and A = B in bspec) |
116 apply auto |
116 apply auto |
129 |
129 |
130 lemma imp_LeadsTo_comp_left: |
130 lemma imp_LeadsTo_comp_left: |
131 "\<lbrakk>F \<in> Increasing(A, r, f); |
131 "\<lbrakk>F \<in> Increasing(A, r, f); |
132 \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} \<longmapsto>w {x \<in> state. <j,g1(x)> \<in> s}; |
132 \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} \<longmapsto>w {x \<in> state. <j,g1(x)> \<in> s}; |
133 mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t); |
133 mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t); |
134 \<forall>x \<in> state. f(x):A & g1(x):B & g(x):B; k \<in> C\<rbrakk> \<Longrightarrow> |
134 \<forall>x \<in> state. f(x):A \<and> g1(x):B \<and> g(x):B; k \<in> C\<rbrakk> \<Longrightarrow> |
135 F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f(x), g1(x))> \<in> t}" |
135 F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f(x), g1(x))> \<in> t}" |
136 apply (unfold mono2_def Increasing_def) |
136 apply (unfold mono2_def Increasing_def) |
137 apply (rule single_LeadsTo_I, auto) |
137 apply (rule single_LeadsTo_I, auto) |
138 apply (drule_tac x = "f (sa) " and P = "%k. F \<in> Stable (X (k))" for X in bspec) |
138 apply (drule_tac x = "f (sa) " and P = "%k. F \<in> Stable (X (k))" for X in bspec) |
139 apply auto |
139 apply auto |
154 lemma imp_LeadsTo_comp2: |
154 lemma imp_LeadsTo_comp2: |
155 "\<lbrakk>F \<in> Increasing(A, r, f1) \<inter> Increasing(B, s, g); |
155 "\<lbrakk>F \<in> Increasing(A, r, f1) \<inter> Increasing(B, s, g); |
156 \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f1(s)> \<in> r}; |
156 \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} \<longmapsto>w {s \<in> state. <j,f1(s)> \<in> r}; |
157 \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} \<longmapsto>w {x \<in> state. <j,g1(x)> \<in> s}; |
157 \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} \<longmapsto>w {x \<in> state. <j,g1(x)> \<in> s}; |
158 mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t); |
158 mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t); |
159 \<forall>x \<in> state. f(x):A & g1(x):B & f1(x):A &g(x):B; k \<in> C\<rbrakk> |
159 \<forall>x \<in> state. f(x):A \<and> g1(x):B \<and> f1(x):A \<and>g(x):B; k \<in> C\<rbrakk> |
160 \<Longrightarrow> F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f1(x), g1(x))> \<in> t}" |
160 \<Longrightarrow> F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} \<longmapsto>w {x \<in> state. <k, h(f1(x), g1(x))> \<in> t}" |
161 apply (rule_tac B = "{x \<in> state. <k, h (f1 (x), g (x))> \<in> t}" in LeadsTo_Trans) |
161 apply (rule_tac B = "{x \<in> state. <k, h (f1 (x), g (x))> \<in> t}" in LeadsTo_Trans) |
162 apply (blast intro: imp_LeadsTo_comp_right) |
162 apply (blast intro: imp_LeadsTo_comp_right) |
163 apply (blast intro: imp_LeadsTo_comp_left) |
163 apply (blast intro: imp_LeadsTo_comp_left) |
164 done |
164 done |
172 lemma Follows_into_program [TC]: "F \<in> Follows(A, r, f, g) \<Longrightarrow> F \<in> program" |
172 lemma Follows_into_program [TC]: "F \<in> Follows(A, r, f, g) \<Longrightarrow> F \<in> program" |
173 by (blast dest: Follows_type [THEN subsetD]) |
173 by (blast dest: Follows_type [THEN subsetD]) |
174 |
174 |
175 lemma FollowsD: |
175 lemma FollowsD: |
176 "F \<in> Follows(A, r, f, g)\<Longrightarrow> |
176 "F \<in> Follows(A, r, f, g)\<Longrightarrow> |
177 F \<in> program & (\<exists>a. a \<in> A) & (\<forall>x \<in> state. f(x):A & g(x):A)" |
177 F \<in> program \<and> (\<exists>a. a \<in> A) \<and> (\<forall>x \<in> state. f(x):A \<and> g(x):A)" |
178 apply (unfold Follows_def) |
178 apply (unfold Follows_def) |
179 apply (blast dest: IncreasingD) |
179 apply (blast dest: IncreasingD) |
180 done |
180 done |
181 |
181 |
182 lemma Follows_constantI: |
182 lemma Follows_constantI: |
438 by (rule_tac h = munion in imp_Increasing_comp2, auto) |
438 by (rule_tac h = munion in imp_Increasing_comp2, auto) |
439 |
439 |
440 lemma Always_munion: |
440 lemma Always_munion: |
441 "\<lbrakk>F \<in> Always({s \<in> state. <f1(s),f(s)> \<in> MultLe(A,r)}); |
441 "\<lbrakk>F \<in> Always({s \<in> state. <f1(s),f(s)> \<in> MultLe(A,r)}); |
442 F \<in> Always({s \<in> state. <g1(s), g(s)> \<in> MultLe(A,r)}); |
442 F \<in> Always({s \<in> state. <g1(s), g(s)> \<in> MultLe(A,r)}); |
443 \<forall>x \<in> state. f1(x):Mult(A)&f(x):Mult(A) & g1(x):Mult(A) & g(x):Mult(A)\<rbrakk> |
443 \<forall>x \<in> state. f1(x):Mult(A)\<and>f(x):Mult(A) \<and> g1(x):Mult(A) \<and> g(x):Mult(A)\<rbrakk> |
444 \<Longrightarrow> F \<in> Always({s \<in> state. <f1(s) +# g1(s), f(s) +# g(s)> \<in> MultLe(A,r)})" |
444 \<Longrightarrow> F \<in> Always({s \<in> state. <f1(s) +# g1(s), f(s) +# g(s)> \<in> MultLe(A,r)})" |
445 apply (rule_tac h = munion in imp_Always_comp2, simp_all) |
445 apply (rule_tac h = munion in imp_Always_comp2, simp_all) |
446 apply (blast intro: munion_mono, simp_all) |
446 apply (blast intro: munion_mono, simp_all) |
447 done |
447 done |
448 |
448 |
454 |
454 |
455 (** Used in ClientImp **) |
455 (** Used in ClientImp **) |
456 |
456 |
457 lemma Follows_msetsum_UN: |
457 lemma Follows_msetsum_UN: |
458 "\<And>f. \<lbrakk>\<forall>i \<in> I. F \<in> Follows(Mult(A), MultLe(A, r), f'(i), f(i)); |
458 "\<And>f. \<lbrakk>\<forall>i \<in> I. F \<in> Follows(Mult(A), MultLe(A, r), f'(i), f(i)); |
459 \<forall>s. \<forall>i \<in> I. multiset(f'(i, s)) & mset_of(f'(i, s))<=A & |
459 \<forall>s. \<forall>i \<in> I. multiset(f'(i, s)) \<and> mset_of(f'(i, s))<=A \<and> |
460 multiset(f(i, s)) & mset_of(f(i, s))<=A ; |
460 multiset(f(i, s)) \<and> mset_of(f(i, s))<=A ; |
461 Finite(I); F \<in> program\<rbrakk> |
461 Finite(I); F \<in> program\<rbrakk> |
462 \<Longrightarrow> F \<in> Follows(Mult(A), |
462 \<Longrightarrow> F \<in> Follows(Mult(A), |
463 MultLe(A, r), %x. msetsum(%i. f'(i, x), I, A), |
463 MultLe(A, r), %x. msetsum(%i. f'(i, x), I, A), |
464 %x. msetsum(%i. f(i, x), I, A))" |
464 %x. msetsum(%i. f(i, x), I, A))" |
465 apply (erule rev_mp) |
465 apply (erule rev_mp) |