equal
deleted
inserted
replaced
52 by (rtac (split_list_case RS iffD2) 1); |
52 by (rtac (split_list_case RS iffD2) 1); |
53 by (Asm_full_simp_tac 1); |
53 by (Asm_full_simp_tac 1); |
54 by (REPEAT (rtac allI 1)); |
54 by (REPEAT (rtac allI 1)); |
55 by (rtac impI 1); |
55 by (rtac impI 1); |
56 by (hyp_subst_tac 1); |
56 by (hyp_subst_tac 1); |
57 by (stac expand_if 1); |
57 by (stac split_if 1); |
58 by (Asm_full_simp_tac 1); |
58 by (Asm_full_simp_tac 1); |
59 by (Asm_full_simp_tac 1); |
59 by (Asm_full_simp_tac 1); |
60 val l_iff_red_nil = result(); |
60 val l_iff_red_nil = result(); |
61 |
61 |
62 goal Correctness.thy "s~=[] --> hd(s)=hd(reduce(s))"; |
62 goal Correctness.thy "s~=[] --> hd(s)=hd(reduce(s))"; |
70 by (Simp_tac 1); |
70 by (Simp_tac 1); |
71 by (rtac (split_list_case RS iffD2) 1); |
71 by (rtac (split_list_case RS iffD2) 1); |
72 by (asm_full_simp_tac list_ss 1); |
72 by (asm_full_simp_tac list_ss 1); |
73 by (REPEAT (rtac allI 1)); |
73 by (REPEAT (rtac allI 1)); |
74 by (rtac impI 1); |
74 by (rtac impI 1); |
75 by (stac expand_if 1); |
75 by (stac split_if 1); |
76 by (REPEAT(hyp_subst_tac 1)); |
76 by (REPEAT(hyp_subst_tac 1)); |
77 by (etac subst 1); |
77 by (etac subst 1); |
78 by (Simp_tac 1); |
78 by (Simp_tac 1); |
79 qed"hd_is_reduce_hd"; |
79 qed"hd_is_reduce_hd"; |
80 |
80 |
89 by (Asm_full_simp_tac 1); |
89 by (Asm_full_simp_tac 1); |
90 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
90 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
91 by (Asm_full_simp_tac 1); |
91 by (Asm_full_simp_tac 1); |
92 by (REPEAT (etac exE 1)); |
92 by (REPEAT (etac exE 1)); |
93 by (Asm_simp_tac 1); |
93 by (Asm_simp_tac 1); |
94 by (stac expand_if 1); |
94 by (stac split_if 1); |
95 by (hyp_subst_tac 1); |
95 by (hyp_subst_tac 1); |
96 by (asm_full_simp_tac (simpset() addsimps [reverse_Cons]) 1); |
96 by (asm_full_simp_tac (simpset() addsimps [reverse_Cons]) 1); |
97 qed"rev_red_not_nil"; |
97 qed"rev_red_not_nil"; |
98 |
98 |
99 (* shows applicability of the induction hypothesis of the following Lemma 1 *) |
99 (* shows applicability of the induction hypothesis of the following Lemma 1 *) |
102 by (Simp_tac 1); |
102 by (Simp_tac 1); |
103 by (rtac (split_list_case RS iffD2) 1); |
103 by (rtac (split_list_case RS iffD2) 1); |
104 by (asm_full_simp_tac list_ss 1); |
104 by (asm_full_simp_tac list_ss 1); |
105 by (REPEAT (rtac allI 1)); |
105 by (REPEAT (rtac allI 1)); |
106 by (rtac impI 1); |
106 by (rtac impI 1); |
107 by (stac expand_if 1); |
107 by (stac split_if 1); |
108 by (asm_full_simp_tac (list_ss addsimps [reverse_Cons,hd_append, |
108 by (asm_full_simp_tac (list_ss addsimps [reverse_Cons,hd_append, |
109 (rev_red_not_nil RS mp)]) 1); |
109 (rev_red_not_nil RS mp)]) 1); |
110 qed"last_ind_on_first"; |
110 qed"last_ind_on_first"; |
111 |
111 |
112 val impl_ss = simpset() delsimps [reduce_Cons]; |
112 val impl_ss = simpset() delsimps [reduce_Cons]; |
114 (* Main Lemma 1 for S_pkt in showing that reduce is refinement *) |
114 (* Main Lemma 1 for S_pkt in showing that reduce is refinement *) |
115 goal Correctness.thy |
115 goal Correctness.thy |
116 "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then \ |
116 "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then \ |
117 \ reduce(l@[x])=reduce(l) else \ |
117 \ reduce(l@[x])=reduce(l) else \ |
118 \ reduce(l@[x])=reduce(l)@[x]"; |
118 \ reduce(l@[x])=reduce(l)@[x]"; |
119 by (stac expand_if 1); |
119 by (stac split_if 1); |
120 by (rtac conjI 1); |
120 by (rtac conjI 1); |
121 (* --> *) |
121 (* --> *) |
122 by (List.list.induct_tac "l" 1); |
122 by (List.list.induct_tac "l" 1); |
123 by (Simp_tac 1); |
123 by (Simp_tac 1); |
124 by (case_tac "list=[]" 1); |
124 by (case_tac "list=[]" 1); |
134 by (simp_tac (simpset() addsimps [and_de_morgan_and_absorbe,l_iff_red_nil]) 1); |
134 by (simp_tac (simpset() addsimps [and_de_morgan_and_absorbe,l_iff_red_nil]) 1); |
135 by (List.list.induct_tac "l" 1); |
135 by (List.list.induct_tac "l" 1); |
136 by (Simp_tac 1); |
136 by (Simp_tac 1); |
137 by (case_tac "list=[]" 1); |
137 by (case_tac "list=[]" 1); |
138 by (cut_inst_tac [("l","list")] cons_not_nil 2); |
138 by (cut_inst_tac [("l","list")] cons_not_nil 2); |
139 by (asm_full_simp_tac (simpset() setloop split_tac [expand_if]) 1); |
139 by (Asm_full_simp_tac 1); |
140 by (auto_tac (claset(), |
140 by (auto_tac (claset(), |
141 impl_ss addsimps [last_ind_on_first,l_iff_red_nil] |
141 impl_ss addsimps [last_ind_on_first,l_iff_red_nil] |
142 setloop split_tac [expand_if])); |
142 setloop split_tac [split_if])); |
143 by (asm_full_simp_tac (simpset() setloop split_tac [expand_if]) 1); |
143 by (Asm_full_simp_tac 1); |
144 qed"reduce_hd"; |
144 qed"reduce_hd"; |
145 |
145 |
146 |
146 |
147 (* Main Lemma 2 for R_pkt in showing that reduce is refinement *) |
147 (* Main Lemma 2 for R_pkt in showing that reduce is refinement *) |
148 goal Correctness.thy |
148 goal Correctness.thy |
152 \ reduce(tl(s))=tl(reduce(s))"; |
152 \ reduce(tl(s))=tl(reduce(s))"; |
153 by (cut_inst_tac [("l","s")] cons_not_nil 1); |
153 by (cut_inst_tac [("l","s")] cons_not_nil 1); |
154 by (Asm_full_simp_tac 1); |
154 by (Asm_full_simp_tac 1); |
155 by (REPEAT (etac exE 1)); |
155 by (REPEAT (etac exE 1)); |
156 by (Asm_full_simp_tac 1); |
156 by (Asm_full_simp_tac 1); |
157 by (stac expand_if 1); |
157 by (stac split_if 1); |
158 by (rtac conjI 1); |
158 by (rtac conjI 1); |
159 by (simp_tac (simpset() addsimps [and_de_morgan_and_absorbe]) 2); |
159 by (simp_tac (simpset() addsimps [and_de_morgan_and_absorbe]) 2); |
160 by (Step_tac 1); |
160 by (Step_tac 1); |
161 by (ALLGOALS (cut_inst_tac [("l","xs")] cons_not_nil)); |
161 by (ALLGOALS (cut_inst_tac [("l","xs")] cons_not_nil)); |
162 by (Auto_tac); |
162 by (Auto_tac); |
165 |
165 |
166 (******************************************************************* |
166 (******************************************************************* |
167 C h a n n e l A b s t r a c t i o n |
167 C h a n n e l A b s t r a c t i o n |
168 *******************************************************************) |
168 *******************************************************************) |
169 |
169 |
170 Delsplits [expand_if]; |
170 Delsplits [split_if]; |
171 goal Correctness.thy |
171 goal Correctness.thy |
172 "is_weak_ref_map reduce ch_ioa ch_fin_ioa"; |
172 "is_weak_ref_map reduce ch_ioa ch_fin_ioa"; |
173 by (simp_tac (simpset() addsimps [is_weak_ref_map_def]) 1); |
173 by (simp_tac (simpset() addsimps [is_weak_ref_map_def]) 1); |
174 (* ---------------- main-part ------------------- *) |
174 (* ---------------- main-part ------------------- *) |
175 by (REPEAT (rtac allI 1)); |
175 by (REPEAT (rtac allI 1)); |
219 (* main-part *) |
219 (* main-part *) |
220 by (REPEAT (rtac allI 1)); |
220 by (REPEAT (rtac allI 1)); |
221 by (rtac imp_conj_lemma 1); |
221 by (rtac imp_conj_lemma 1); |
222 by (Action.action.induct_tac "a" 1); |
222 by (Action.action.induct_tac "a" 1); |
223 (* 7 cases *) |
223 (* 7 cases *) |
224 by (ALLGOALS (simp_tac ((simpset() addsimps [externals_def]) setloop (split_tac [expand_if])))); |
224 by (ALLGOALS (simp_tac (simpset() addsimps [externals_def] addsplits [split_if]))); |
225 qed"sender_unchanged"; |
225 qed"sender_unchanged"; |
226 |
226 |
227 (* 2 copies of before *) |
227 (* 2 copies of before *) |
228 goal Correctness.thy |
228 goal Correctness.thy |
229 "is_weak_ref_map (%id. id) receiver_ioa receiver_ioa"; |
229 "is_weak_ref_map (%id. id) receiver_ioa receiver_ioa"; |
235 (* main-part *) |
235 (* main-part *) |
236 by (REPEAT (rtac allI 1)); |
236 by (REPEAT (rtac allI 1)); |
237 by (rtac imp_conj_lemma 1); |
237 by (rtac imp_conj_lemma 1); |
238 by (Action.action.induct_tac "a" 1); |
238 by (Action.action.induct_tac "a" 1); |
239 (* 7 cases *) |
239 (* 7 cases *) |
240 by (ALLGOALS (simp_tac ((simpset() addsimps [externals_def]) setloop (split_tac [expand_if])))); |
240 by (ALLGOALS(simp_tac (simpset() addsimps [externals_def] addsplits [split_if]))); |
241 qed"receiver_unchanged"; |
241 qed"receiver_unchanged"; |
242 |
242 |
243 goal Correctness.thy |
243 goal Correctness.thy |
244 "is_weak_ref_map (%id. id) env_ioa env_ioa"; |
244 "is_weak_ref_map (%id. id) env_ioa env_ioa"; |
245 by (simp_tac (simpset() addsimps [is_weak_ref_map_def]) 1); |
245 by (simp_tac (simpset() addsimps [is_weak_ref_map_def]) 1); |
250 (* main-part *) |
250 (* main-part *) |
251 by (REPEAT (rtac allI 1)); |
251 by (REPEAT (rtac allI 1)); |
252 by (rtac imp_conj_lemma 1); |
252 by (rtac imp_conj_lemma 1); |
253 by (Action.action.induct_tac "a" 1); |
253 by (Action.action.induct_tac "a" 1); |
254 (* 7 cases *) |
254 (* 7 cases *) |
255 by (ALLGOALS (simp_tac ((simpset() addsimps [externals_def]) setloop (split_tac [expand_if])))); |
255 by (ALLGOALS(simp_tac (simpset() addsimps [externals_def] addsplits [split_if]))); |
256 qed"env_unchanged"; |
256 qed"env_unchanged"; |
257 Addsplits [expand_if]; |
257 Addsplits [split_if]; |
258 |
258 |
259 goal Correctness.thy "compatible srch_ioa rsch_ioa"; |
259 goal Correctness.thy "compatible srch_ioa rsch_ioa"; |
260 by (simp_tac (simpset() addsimps [compatible_def,Int_def,empty_def]) 1); |
260 by (simp_tac (simpset() addsimps [compatible_def,Int_def,empty_def]) 1); |
261 by (rtac set_ext 1); |
261 by (rtac set_ext 1); |
262 by (Action.action.induct_tac "x" 1); |
262 by (Action.action.induct_tac "x" 1); |