109 qed "def_set_simp"; |
109 qed "def_set_simp"; |
110 |
110 |
111 fun simp_of_set def = def RS def_set_simp; |
111 fun simp_of_set def = def RS def_set_simp; |
112 |
112 |
113 |
113 |
114 (*** constrains ***) |
114 (*** co ***) |
115 |
115 |
116 overload_1st_set "UNITY.constrains"; |
116 overload_1st_set "UNITY.op co"; |
117 overload_1st_set "UNITY.stable"; |
117 overload_1st_set "UNITY.stable"; |
118 overload_1st_set "UNITY.unless"; |
118 overload_1st_set "UNITY.unless"; |
119 |
119 |
120 val prems = Goalw [constrains_def] |
120 val prems = Goalw [constrains_def] |
121 "(!!act s s'. [| act: Acts F; (s,s') : act; s: A |] ==> s': A') \ |
121 "(!!act s s'. [| act: Acts F; (s,s') : act; s: A |] ==> s': A') \ |
122 \ ==> F : constrains A A'"; |
122 \ ==> F : A co A'"; |
123 by (blast_tac (claset() addIs prems) 1); |
123 by (blast_tac (claset() addIs prems) 1); |
124 qed "constrainsI"; |
124 qed "constrainsI"; |
125 |
125 |
126 Goalw [constrains_def] |
126 Goalw [constrains_def] |
127 "[| F : constrains A A'; act: Acts F; (s,s'): act; s: A |] ==> s': A'"; |
127 "[| F : A co A'; act: Acts F; (s,s'): act; s: A |] ==> s': A'"; |
128 by (Blast_tac 1); |
128 by (Blast_tac 1); |
129 qed "constrainsD"; |
129 qed "constrainsD"; |
130 |
130 |
131 Goalw [constrains_def] "F : constrains {} B"; |
131 Goalw [constrains_def] "F : {} co B"; |
132 by (Blast_tac 1); |
132 by (Blast_tac 1); |
133 qed "constrains_empty"; |
133 qed "constrains_empty"; |
134 |
134 |
135 Goalw [constrains_def] "F : constrains A UNIV"; |
135 Goalw [constrains_def] "F : A co UNIV"; |
136 by (Blast_tac 1); |
136 by (Blast_tac 1); |
137 qed "constrains_UNIV"; |
137 qed "constrains_UNIV"; |
138 AddIffs [constrains_empty, constrains_UNIV]; |
138 AddIffs [constrains_empty, constrains_UNIV]; |
139 |
139 |
140 (*monotonic in 2nd argument*) |
140 (*monotonic in 2nd argument*) |
141 Goalw [constrains_def] |
141 Goalw [constrains_def] |
142 "[| F : constrains A A'; A'<=B' |] ==> F : constrains A B'"; |
142 "[| F : A co A'; A'<=B' |] ==> F : A co B'"; |
143 by (Blast_tac 1); |
143 by (Blast_tac 1); |
144 qed "constrains_weaken_R"; |
144 qed "constrains_weaken_R"; |
145 |
145 |
146 (*anti-monotonic in 1st argument*) |
146 (*anti-monotonic in 1st argument*) |
147 Goalw [constrains_def] |
147 Goalw [constrains_def] |
148 "[| F : constrains A A'; B<=A |] ==> F : constrains B A'"; |
148 "[| F : A co A'; B<=A |] ==> F : B co A'"; |
149 by (Blast_tac 1); |
149 by (Blast_tac 1); |
150 qed "constrains_weaken_L"; |
150 qed "constrains_weaken_L"; |
151 |
151 |
152 Goalw [constrains_def] |
152 Goalw [constrains_def] |
153 "[| F : constrains A A'; B<=A; A'<=B' |] ==> F : constrains B B'"; |
153 "[| F : A co A'; B<=A; A'<=B' |] ==> F : B co B'"; |
154 by (Blast_tac 1); |
154 by (Blast_tac 1); |
155 qed "constrains_weaken"; |
155 qed "constrains_weaken"; |
156 |
156 |
157 (** Union **) |
157 (** Union **) |
158 |
158 |
159 Goalw [constrains_def] |
159 Goalw [constrains_def] |
160 "[| F : constrains A A'; F : constrains B B' |] \ |
160 "[| F : A co A'; F : B co B' |] \ |
161 \ ==> F : constrains (A Un B) (A' Un B')"; |
161 \ ==> F : (A Un B) co (A' Un B')"; |
162 by (Blast_tac 1); |
162 by (Blast_tac 1); |
163 qed "constrains_Un"; |
163 qed "constrains_Un"; |
164 |
164 |
165 Goalw [constrains_def] |
165 Goalw [constrains_def] |
166 "ALL i:I. F : constrains (A i) (A' i) \ |
166 "ALL i:I. F : (A i) co (A' i) \ |
167 \ ==> F : constrains (UN i:I. A i) (UN i:I. A' i)"; |
167 \ ==> F : (UN i:I. A i) co (UN i:I. A' i)"; |
168 by (Blast_tac 1); |
168 by (Blast_tac 1); |
169 qed "ball_constrains_UN"; |
169 qed "ball_constrains_UN"; |
170 |
170 |
171 (** Intersection **) |
171 (** Intersection **) |
172 |
172 |
173 Goalw [constrains_def] |
173 Goalw [constrains_def] |
174 "[| F : constrains A A'; F : constrains B B' |] \ |
174 "[| F : A co A'; F : B co B' |] \ |
175 \ ==> F : constrains (A Int B) (A' Int B')"; |
175 \ ==> F : (A Int B) co (A' Int B')"; |
176 by (Blast_tac 1); |
176 by (Blast_tac 1); |
177 qed "constrains_Int"; |
177 qed "constrains_Int"; |
178 |
178 |
179 Goalw [constrains_def] |
179 Goalw [constrains_def] |
180 "ALL i:I. F : constrains (A i) (A' i) \ |
180 "ALL i:I. F : (A i) co (A' i) \ |
181 \ ==> F : constrains (INT i:I. A i) (INT i:I. A' i)"; |
181 \ ==> F : (INT i:I. A i) co (INT i:I. A' i)"; |
182 by (Blast_tac 1); |
182 by (Blast_tac 1); |
183 qed "ball_constrains_INT"; |
183 qed "ball_constrains_INT"; |
184 |
184 |
185 Goalw [constrains_def] "F : constrains A A' ==> A <= A'"; |
185 Goalw [constrains_def] "F : A co A' ==> A <= A'"; |
186 by Auto_tac; |
186 by Auto_tac; |
187 qed "constrains_imp_subset"; |
187 qed "constrains_imp_subset"; |
188 |
188 |
189 (*The reasoning is by subsets since "constrains" refers to single actions |
189 (*The reasoning is by subsets since "co" refers to single actions |
190 only. So this rule isn't that useful.*) |
190 only. So this rule isn't that useful.*) |
191 Goalw [constrains_def] |
191 Goalw [constrains_def] |
192 "[| F : constrains A B; F : constrains B C |] \ |
192 "[| F : A co B; F : B co C |] ==> F : A co C"; |
193 \ ==> F : constrains A C"; |
|
194 by (Blast_tac 1); |
193 by (Blast_tac 1); |
195 qed "constrains_trans"; |
194 qed "constrains_trans"; |
196 |
195 |
197 Goalw [constrains_def] |
196 Goalw [constrains_def] |
198 "[| F : constrains A (A' Un B); F : constrains B B' |] \ |
197 "[| F : A co (A' Un B); F : B co B' |] \ |
199 \ ==> F : constrains A (A' Un B')"; |
198 \ ==> F : A co (A' Un B')"; |
200 by (Clarify_tac 1); |
199 by (Clarify_tac 1); |
201 by (Blast_tac 1); |
200 by (Blast_tac 1); |
202 qed "constrains_cancel"; |
201 qed "constrains_cancel"; |
203 |
202 |
204 |
203 |
205 (*** stable ***) |
204 (*** stable ***) |
206 |
205 |
207 Goalw [stable_def] "F : constrains A A ==> F : stable A"; |
206 Goalw [stable_def] "F : A co A ==> F : stable A"; |
208 by (assume_tac 1); |
207 by (assume_tac 1); |
209 qed "stableI"; |
208 qed "stableI"; |
210 |
209 |
211 Goalw [stable_def] "F : stable A ==> F : constrains A A"; |
210 Goalw [stable_def] "F : stable A ==> F : A co A"; |
212 by (assume_tac 1); |
211 by (assume_tac 1); |
213 qed "stableD"; |
212 qed "stableD"; |
214 |
213 |
215 (** Union **) |
214 (** Union **) |
216 |
215 |
235 "ALL i:I. F : stable (A i) ==> F : stable (INT i:I. A i)"; |
234 "ALL i:I. F : stable (A i) ==> F : stable (INT i:I. A i)"; |
236 by (blast_tac (claset() addIs [ball_constrains_INT]) 1); |
235 by (blast_tac (claset() addIs [ball_constrains_INT]) 1); |
237 qed "ball_stable_INT"; |
236 qed "ball_stable_INT"; |
238 |
237 |
239 Goalw [stable_def, constrains_def] |
238 Goalw [stable_def, constrains_def] |
240 "[| F : stable C; F : constrains A (C Un A') |] \ |
239 "[| F : stable C; F : A co (C Un A') |] \ |
241 \ ==> F : constrains (C Un A) (C Un A')"; |
240 \ ==> F : (C Un A) co (C Un A')"; |
242 by (Blast_tac 1); |
241 by (Blast_tac 1); |
243 qed "stable_constrains_Un"; |
242 qed "stable_constrains_Un"; |
244 |
243 |
245 Goalw [stable_def, constrains_def] |
244 Goalw [stable_def, constrains_def] |
246 "[| F : stable C; F : constrains (C Int A) A' |] \ |
245 "[| F : stable C; F : (C Int A) co A' |] \ |
247 \ ==> F : constrains (C Int A) (C Int A')"; |
246 \ ==> F : (C Int A) co (C Int A')"; |
248 by (Blast_tac 1); |
247 by (Blast_tac 1); |
249 qed "stable_constrains_Int"; |
248 qed "stable_constrains_Int"; |
250 |
249 |
251 (*[| F : stable C; F : constrains (C Int A) A |] ==> F : stable (C Int A)*) |
250 (*[| F : stable C; F : co (C Int A) A |] ==> F : stable (C Int A)*) |
252 bind_thm ("stable_constrains_stable", stable_constrains_Int RS stableI); |
251 bind_thm ("stable_constrains_stable", stable_constrains_Int RS stableI); |
253 |
252 |
254 |
253 |
255 (*** invariant ***) |
254 (*** invariant ***) |
256 |
255 |
282 (** The Elimination Theorem. The "free" m has become universally quantified! |
281 (** The Elimination Theorem. The "free" m has become universally quantified! |
283 Should the premise be !!m instead of ALL m ? Would make it harder to use |
282 Should the premise be !!m instead of ALL m ? Would make it harder to use |
284 in forward proof. **) |
283 in forward proof. **) |
285 |
284 |
286 Goalw [constrains_def] |
285 Goalw [constrains_def] |
287 "[| ALL m. F : constrains {s. s x = m} (B m) |] \ |
286 "[| ALL m:M. F : {s. s x = m} co (B m) |] \ |
288 \ ==> F : constrains {s. s x : M} (UN m:M. B m)"; |
287 \ ==> F : {s. s x : M} co (UN m:M. B m)"; |
289 by (Blast_tac 1); |
288 by (Blast_tac 1); |
290 qed "elimination"; |
289 qed "elimination"; |
291 |
290 |
292 (*As above, but for the trivial case of a one-variable state, in which the |
291 (*As above, but for the trivial case of a one-variable state, in which the |
293 state is identified with its one variable.*) |
292 state is identified with its one variable.*) |
294 Goalw [constrains_def] |
293 Goalw [constrains_def] |
295 "(ALL m. F : constrains {m} (B m)) ==> F : constrains M (UN m:M. B m)"; |
294 "(ALL m:M. F : {m} co (B m)) ==> F : M co (UN m:M. B m)"; |
296 by (Blast_tac 1); |
295 by (Blast_tac 1); |
297 qed "elimination_sing"; |
296 qed "elimination_sing"; |
298 |
297 |
299 |
298 |
300 |
299 |
301 (*** Theoretical Results from Section 6 ***) |
300 (*** Theoretical Results from Section 6 ***) |
302 |
301 |
303 Goalw [constrains_def, strongest_rhs_def] |
302 Goalw [constrains_def, strongest_rhs_def] |
304 "F : constrains A (strongest_rhs F A )"; |
303 "F : A co (strongest_rhs F A )"; |
305 by (Blast_tac 1); |
304 by (Blast_tac 1); |
306 qed "constrains_strongest_rhs"; |
305 qed "constrains_strongest_rhs"; |
307 |
306 |
308 Goalw [constrains_def, strongest_rhs_def] |
307 Goalw [constrains_def, strongest_rhs_def] |
309 "F : constrains A B ==> strongest_rhs F A <= B"; |
308 "F : A co B ==> strongest_rhs F A <= B"; |
310 by (Blast_tac 1); |
309 by (Blast_tac 1); |
311 qed "strongest_rhs_is_strongest"; |
310 qed "strongest_rhs_is_strongest"; |