10 |
10 |
11 goal Abschannel.thy "(? x.x=P & Q(x)) = Q(P)"; |
11 goal Abschannel.thy "(? x.x=P & Q(x)) = Q(P)"; |
12 by (fast_tac HOL_cs 1); |
12 by (fast_tac HOL_cs 1); |
13 qed"exis_elim"; |
13 qed"exis_elim"; |
14 |
14 |
15 val abschannel_ss = action_ss addsimps |
15 Addsimps |
16 ([srch_asig_def, rsch_asig_def, rsch_ioa_def, srch_ioa_def, ch_ioa_def, |
16 ([srch_asig_def, rsch_asig_def, rsch_ioa_def, srch_ioa_def, ch_ioa_def, |
17 ch_asig_def, srch_actions_def, rsch_actions_def, rename_def, asig_of_def, |
17 ch_asig_def, srch_actions_def, rsch_actions_def, rename_def, asig_of_def, |
18 actions_def, exis_elim, srch_trans_def, rsch_trans_def, ch_trans_def, |
18 actions_def, exis_elim, srch_trans_def, rsch_trans_def, ch_trans_def, |
19 trans_of_def] |
19 trans_of_def] @ asig_projections @ set_lemmas); |
20 @ Option.option.simps @ act.simps @ asig_projections @ set_lemmas); |
|
21 |
20 |
22 val abschannel_fin = [srch_fin_asig_def, rsch_fin_asig_def, |
21 val abschannel_fin = [srch_fin_asig_def, rsch_fin_asig_def, |
23 rsch_fin_ioa_def, srch_fin_ioa_def, |
22 rsch_fin_ioa_def, srch_fin_ioa_def, |
24 ch_fin_ioa_def,ch_fin_trans_def,ch_fin_asig_def]; |
23 ch_fin_ioa_def,ch_fin_trans_def,ch_fin_asig_def]; |
25 val abschannel_fin_ss = abschannel_ss addsimps abschannel_fin; |
24 Addsimps abschannel_fin; |
26 |
25 |
27 val impl_ioas = [Sender.sender_ioa_def,Receiver.receiver_ioa_def]; |
26 val impl_ioas = [Sender.sender_ioa_def,Receiver.receiver_ioa_def]; |
28 val impl_trans = [Sender.sender_trans_def,Receiver.receiver_trans_def]; |
27 val impl_trans = [Sender.sender_trans_def,Receiver.receiver_trans_def]; |
29 val impl_asigs = [Sender.sender_asig_def,Receiver.receiver_asig_def]; |
28 val impl_asigs = [Sender.sender_asig_def,Receiver.receiver_asig_def]; |
30 val impl_ss = merge_ss(action_ss,list_ss) |
29 Addcongs [let_weak_cong]; |
31 addcongs [let_weak_cong] |
30 Addsimps [Let_def, ioa_triple_proj, starts_of_par]; |
32 addsimps [Let_def, ioa_triple_proj, starts_of_par]; |
|
33 |
31 |
34 val env_ioas = [Env.env_ioa_def,Env.env_asig_def,Env.env_trans_def]; |
32 val env_ioas = [Env.env_ioa_def,Env.env_asig_def,Env.env_trans_def]; |
35 val hom_ioas = env_ioas @ impl_ioas @ impl_trans @ impl_asigs @ |
33 val hom_ioas = env_ioas @ impl_ioas @ impl_trans @ impl_asigs @ |
36 asig_projections @ set_lemmas; |
34 asig_projections @ set_lemmas; |
37 val hom_ss = (impl_ss addsimps hom_ioas); |
35 Addsimps hom_ioas; |
38 |
36 |
39 val red_ss = impl_ss addsimps [reduce_Nil,reduce_Cons]; |
37 Addsimps [reduce_Nil,reduce_Cons]; |
40 val red_ss_ch = merge_ss(abschannel_fin_ss,red_ss); |
|
41 |
|
42 |
38 |
43 |
39 |
44 |
40 |
45 (* auxiliary function *) |
41 (* auxiliary function *) |
46 fun rotate n i = EVERY(replicate n (etac revcut_rl i)); |
42 fun rotate n i = EVERY(replicate n (etac revcut_rl i)); |
50 goal Correctness.thy "(reduce(l)=[]) = (l=[])"; |
46 goal Correctness.thy "(reduce(l)=[]) = (l=[])"; |
51 by (rtac iffI 1); |
47 by (rtac iffI 1); |
52 by (subgoal_tac "(l~=[]) --> (reduce(l)~=[])" 1); |
48 by (subgoal_tac "(l~=[]) --> (reduce(l)~=[])" 1); |
53 by (fast_tac HOL_cs 1); |
49 by (fast_tac HOL_cs 1); |
54 by (List.list.induct_tac "l" 1); |
50 by (List.list.induct_tac "l" 1); |
55 by (simp_tac red_ss 1); |
51 by (Simp_tac 1); |
56 by (simp_tac red_ss 1); |
52 by (Simp_tac 1); |
57 by (rtac (expand_list_case RS iffD2) 1); |
53 by (rtac (expand_list_case RS iffD2) 1); |
58 by (asm_full_simp_tac list_ss 1); |
54 by (Asm_full_simp_tac 1); |
59 by (REPEAT (rtac allI 1)); |
55 by (REPEAT (rtac allI 1)); |
60 by (rtac impI 1); |
56 by (rtac impI 1); |
61 by (hyp_subst_tac 1); |
57 by (hyp_subst_tac 1); |
62 by (rtac (expand_if RS ssubst) 1); |
58 by (rtac (expand_if RS ssubst) 1); |
63 by (asm_full_simp_tac list_ss 1); |
59 by (Asm_full_simp_tac 1); |
64 by (asm_full_simp_tac red_ss 1); |
60 by (Asm_full_simp_tac 1); |
65 val l_iff_red_nil = result(); |
61 val l_iff_red_nil = result(); |
66 |
62 |
67 goal Correctness.thy "s~=[] --> hd(s)=hd(reduce(s))"; |
63 goal Correctness.thy "s~=[] --> hd(s)=hd(reduce(s))"; |
68 by (List.list.induct_tac "s" 1); |
64 by (List.list.induct_tac "s" 1); |
69 by (simp_tac red_ss 1); |
65 by (Simp_tac 1); |
70 by (case_tac "list =[]" 1); |
66 by (case_tac "list =[]" 1); |
71 by (asm_full_simp_tac red_ss 1); |
67 by (Asm_full_simp_tac 1); |
72 (* main case *) |
68 (* main case *) |
73 by (rotate 1 1); |
69 by (rotate 1 1); |
74 by (asm_full_simp_tac list_ss 1); |
70 by (asm_full_simp_tac list_ss 1); |
75 by (simp_tac red_ss 1); |
71 by (Simp_tac 1); |
76 by (rtac (expand_list_case RS iffD2) 1); |
72 by (rtac (expand_list_case RS iffD2) 1); |
77 by (asm_full_simp_tac list_ss 1); |
73 by (asm_full_simp_tac list_ss 1); |
78 by (REPEAT (rtac allI 1)); |
74 by (REPEAT (rtac allI 1)); |
79 by (rtac impI 1); |
75 by (rtac impI 1); |
80 by (rtac (expand_if RS ssubst) 1); |
76 by (rtac (expand_if RS ssubst) 1); |
81 by (REPEAT(hyp_subst_tac 1)); |
77 by (REPEAT(hyp_subst_tac 1)); |
82 by (etac subst 1); |
78 by (etac subst 1); |
83 by (simp_tac list_ss 1); |
79 by (Simp_tac 1); |
84 qed"hd_is_reduce_hd"; |
80 qed"hd_is_reduce_hd"; |
85 |
81 |
86 (* to be used in the following Lemma *) |
82 (* to be used in the following Lemma *) |
87 goal Correctness.thy "l~=[] --> reverse(reduce(l))~=[]"; |
83 goal Correctness.thy "l~=[] --> reverse(reduce(l))~=[]"; |
88 by (List.list.induct_tac "l" 1); |
84 by (List.list.induct_tac "l" 1); |
89 by (simp_tac red_ss 1); |
85 by (Simp_tac 1); |
90 by (case_tac "list =[]" 1); |
86 by (case_tac "list =[]" 1); |
91 by (asm_full_simp_tac (red_ss addsimps [reverse_Cons]) 1); |
87 by (asm_full_simp_tac (!simpset addsimps [reverse_Cons]) 1); |
92 (* main case *) |
88 (* main case *) |
93 by (rotate 1 1); |
89 by (rotate 1 1); |
94 by (asm_full_simp_tac red_ss 1); |
90 by (Asm_full_simp_tac 1); |
95 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
91 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
96 by (asm_full_simp_tac list_ss 1); |
92 by (Asm_full_simp_tac 1); |
97 by (REPEAT (etac exE 1)); |
93 by (REPEAT (etac exE 1)); |
98 by (asm_simp_tac list_ss 1); |
94 by (Asm_simp_tac 1); |
99 by (rtac (expand_if RS ssubst) 1); |
95 by (rtac (expand_if RS ssubst) 1); |
100 by (hyp_subst_tac 1); |
96 by (hyp_subst_tac 1); |
101 by (asm_full_simp_tac (list_ss addsimps [reverse_Cons]) 1); |
97 by (asm_full_simp_tac (!simpset addsimps [reverse_Cons]) 1); |
102 qed"rev_red_not_nil"; |
98 qed"rev_red_not_nil"; |
103 |
99 |
104 (* shows applicability of the induction hypothesis of the following Lemma 1 *) |
100 (* shows applicability of the induction hypothesis of the following Lemma 1 *) |
105 goal Correctness.thy "!!l.[| l~=[] |] ==> \ |
101 goal Correctness.thy "!!l.[| l~=[] |] ==> \ |
106 \ hd(reverse(reduce(a#l))) = hd(reverse(reduce(l)))"; |
102 \ hd(reverse(reduce(a#l))) = hd(reverse(reduce(l)))"; |
107 by (simp_tac red_ss 1); |
103 by (Simp_tac 1); |
108 by (rtac (expand_list_case RS iffD2) 1); |
104 by (rtac (expand_list_case RS iffD2) 1); |
109 by (asm_full_simp_tac list_ss 1); |
105 by (asm_full_simp_tac list_ss 1); |
110 by (REPEAT (rtac allI 1)); |
106 by (REPEAT (rtac allI 1)); |
111 by (rtac impI 1); |
107 by (rtac impI 1); |
112 by (rtac (expand_if RS ssubst) 1); |
108 by (rtac (expand_if RS ssubst) 1); |
113 by (asm_full_simp_tac (list_ss addsimps [reverse_Cons,hd_append, |
109 by (asm_full_simp_tac (list_ss addsimps [reverse_Cons,hd_append, |
114 (rev_red_not_nil RS mp)]) 1); |
110 (rev_red_not_nil RS mp)]) 1); |
115 qed"last_ind_on_first"; |
111 qed"last_ind_on_first"; |
116 |
112 |
|
113 val impl_ss = !simpset delsimps [reduce_Cons]; |
117 |
114 |
118 (* Main Lemma 1 for S_pkt in showing that reduce is refinement *) |
115 (* Main Lemma 1 for S_pkt in showing that reduce is refinement *) |
119 goal Correctness.thy |
116 goal Correctness.thy |
120 "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then \ |
117 "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then \ |
121 \ reduce(l@[x])=reduce(l) else \ |
118 \ reduce(l@[x])=reduce(l) else \ |
122 \ reduce(l@[x])=reduce(l)@[x]"; |
119 \ reduce(l@[x])=reduce(l)@[x]"; |
123 by (rtac (expand_if RS ssubst) 1); |
120 by (rtac (expand_if RS ssubst) 1); |
124 by (rtac conjI 1); |
121 by (rtac conjI 1); |
125 (* --> *) |
122 (* --> *) |
126 by (List.list.induct_tac "l" 1); |
123 by (List.list.induct_tac "l" 1); |
127 by (simp_tac red_ss 1); |
124 by (Simp_tac 1); |
128 by (case_tac "list=[]" 1); |
125 by (case_tac "list=[]" 1); |
129 by (asm_full_simp_tac (red_ss addsimps [reverse_Nil,reverse_Cons]) 1); |
126 by (asm_full_simp_tac (!simpset addsimps [reverse_Nil,reverse_Cons]) 1); |
130 by (rtac impI 1); |
127 by (rtac impI 1); |
131 by (simp_tac red_ss 1); |
128 by (Simp_tac 1); |
132 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
129 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
133 by (asm_full_simp_tac impl_ss 1); |
130 by (asm_full_simp_tac impl_ss 1); |
134 by (REPEAT (etac exE 1)); |
131 by (REPEAT (etac exE 1)); |
135 by (hyp_subst_tac 1); |
132 by (hyp_subst_tac 1); |
136 by (asm_full_simp_tac (impl_ss addsimps [last_ind_on_first,l_iff_red_nil]) 1); |
133 by (asm_full_simp_tac (impl_ss addsimps [last_ind_on_first,l_iff_red_nil]) 1); |
137 (* <-- *) |
134 (* <-- *) |
138 by (simp_tac (red_ss addsimps [and_de_morgan_and_absorbe,l_iff_red_nil]) 1); |
135 by (simp_tac (!simpset addsimps [and_de_morgan_and_absorbe,l_iff_red_nil]) 1); |
139 by (List.list.induct_tac "l" 1); |
136 by (List.list.induct_tac "l" 1); |
140 by (simp_tac red_ss 1); |
137 by (Simp_tac 1); |
141 by (case_tac "list=[]" 1); |
138 by (case_tac "list=[]" 1); |
142 by (asm_full_simp_tac (red_ss addsimps [reverse_Nil,reverse_Cons]) 1); |
139 by (asm_full_simp_tac (!simpset addsimps [reverse_Nil,reverse_Cons]) 1); |
143 by (rtac (expand_if RS ssubst) 1); |
140 by (rtac (expand_if RS ssubst) 1); |
144 by (fast_tac HOL_cs 1); |
141 by (fast_tac HOL_cs 1); |
145 by (rtac impI 1); |
142 by (rtac impI 1); |
146 by (simp_tac red_ss 1); |
143 by (Simp_tac 1); |
147 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
144 by (cut_inst_tac [("l","list")] cons_not_nil 1); |
148 by (asm_full_simp_tac impl_ss 1); |
145 by (asm_full_simp_tac impl_ss 1); |
149 by (REPEAT (etac exE 1)); |
146 by (REPEAT (etac exE 1)); |
150 by (hyp_subst_tac 1); |
147 by (hyp_subst_tac 1); |
151 by (asm_full_simp_tac (impl_ss addsimps [last_ind_on_first,l_iff_red_nil]) 1); |
148 by (asm_full_simp_tac (impl_ss addsimps [last_ind_on_first,l_iff_red_nil]) 1); |
160 "!! s. [| s~=[] |] ==> \ |
157 "!! s. [| s~=[] |] ==> \ |
161 \ if hd(s)=hd(tl(s)) & tl(s)~=[] then \ |
158 \ if hd(s)=hd(tl(s)) & tl(s)~=[] then \ |
162 \ reduce(tl(s))=reduce(s) else \ |
159 \ reduce(tl(s))=reduce(s) else \ |
163 \ reduce(tl(s))=tl(reduce(s))"; |
160 \ reduce(tl(s))=tl(reduce(s))"; |
164 by (cut_inst_tac [("l","s")] cons_not_nil 1); |
161 by (cut_inst_tac [("l","s")] cons_not_nil 1); |
165 by (asm_full_simp_tac red_ss 1); |
162 by (Asm_full_simp_tac 1); |
166 by (REPEAT (etac exE 1)); |
163 by (REPEAT (etac exE 1)); |
167 by (asm_full_simp_tac red_ss 1); |
164 by (Asm_full_simp_tac 1); |
168 by (rtac (expand_if RS ssubst) 1); |
165 by (rtac (expand_if RS ssubst) 1); |
169 by (rtac conjI 1); |
166 by (rtac conjI 1); |
170 by (simp_tac (red_ss addsimps [and_de_morgan_and_absorbe]) 2); |
167 by (simp_tac (!simpset addsimps [and_de_morgan_and_absorbe]) 2); |
171 by (ALLGOALS (EVERY'[rtac impI,etac conjE,cut_inst_tac [("l","xs")] cons_not_nil,asm_full_simp_tac red_ss])); |
168 by (ALLGOALS (EVERY'[rtac impI,etac conjE,cut_inst_tac [("l","xs")] cons_not_nil,Asm_full_simp_tac])); |
172 by (REPEAT (etac exE 1)); |
169 by (REPEAT (etac exE 1)); |
173 by (REPEAT (etac exE 2)); |
170 by (REPEAT (etac exE 2)); |
174 by (REPEAT(hyp_subst_tac 2)); |
171 by (REPEAT(hyp_subst_tac 2)); |
175 by (ALLGOALS (asm_full_simp_tac red_ss)); |
172 by (ALLGOALS (Asm_full_simp_tac)); |
176 val reduce_tl =result(); |
173 val reduce_tl =result(); |
177 |
174 |
178 |
175 |
179 (******************************************************************* |
176 (******************************************************************* |
180 C h a n n e l A b s t r a c t i o n |
177 C h a n n e l A b s t r a c t i o n |
181 *******************************************************************) |
178 *******************************************************************) |
182 |
179 |
183 goal Correctness.thy |
180 goal Correctness.thy |
184 "is_weak_pmap reduce ch_ioa ch_fin_ioa"; |
181 "is_weak_pmap reduce ch_ioa ch_fin_ioa"; |
185 by (simp_tac (red_ss addsimps [Solve.is_weak_pmap_def]) 1); |
182 by (simp_tac (!simpset addsimps [Solve.is_weak_pmap_def]) 1); |
186 by (rtac conjI 1); |
183 by (rtac conjI 1); |
187 (* -------------- start states ----------------- *) |
184 (* -------------- start states ----------------- *) |
188 by (simp_tac red_ss_ch 1); |
185 by (Simp_tac 1); |
189 br ballI 1; |
186 br ballI 1; |
190 by (asm_full_simp_tac red_ss_ch 1); |
187 by (Asm_full_simp_tac 1); |
191 (* ---------------- main-part ------------------- *) |
188 (* ---------------- main-part ------------------- *) |
192 by (REPEAT (rtac allI 1)); |
189 by (REPEAT (rtac allI 1)); |
193 by (rtac imp_conj_lemma 1); |
190 by (rtac imp_conj_lemma 1); |
194 by (act.induct_tac "a" 1); |
191 by (act.induct_tac "a" 1); |
195 (* ----------------- 2 cases ---------------------*) |
192 (* ----------------- 2 cases ---------------------*) |
196 by (ALLGOALS (simp_tac (red_ss_ch addsimps [externals_def]))); |
193 by (ALLGOALS (simp_tac (!simpset addsimps [externals_def]))); |
197 (* fst case --------------------------------------*) |
194 (* fst case --------------------------------------*) |
198 by (rtac impI 1); |
195 by (rtac impI 1); |
199 by (rtac disjI2 1); |
196 by (rtac disjI2 1); |
200 by (rtac reduce_hd 1); |
197 by (rtac reduce_hd 1); |
201 (* snd case --------------------------------------*) |
198 (* snd case --------------------------------------*) |
202 by (rtac impI 1); |
199 by (rtac impI 1); |
203 by (REPEAT (etac conjE 1)); |
200 by (REPEAT (etac conjE 1)); |
204 by (etac disjE 1); |
201 by (etac disjE 1); |
205 by (asm_full_simp_tac (red_ss addsimps [l_iff_red_nil]) 1); |
202 by (asm_full_simp_tac (!simpset addsimps [l_iff_red_nil]) 1); |
206 by (etac (hd_is_reduce_hd RS mp) 1); |
203 by (etac (hd_is_reduce_hd RS mp) 1); |
207 by (asm_full_simp_tac (red_ss addsimps [l_iff_red_nil]) 1); |
204 by (asm_full_simp_tac (!simpset addsimps [l_iff_red_nil]) 1); |
208 by (rtac conjI 1); |
205 by (rtac conjI 1); |
209 by (etac (hd_is_reduce_hd RS mp) 1); |
206 by (etac (hd_is_reduce_hd RS mp) 1); |
210 by (rtac (bool_if_impl_or RS mp) 1); |
207 by (rtac (bool_if_impl_or RS mp) 1); |
211 by (etac reduce_tl 1); |
208 by (etac reduce_tl 1); |
212 qed"channel_abstraction"; |
209 qed"channel_abstraction"; |
226 |
223 |
227 (* 3 thms that do not hold generally! The lucky restriction here is |
224 (* 3 thms that do not hold generally! The lucky restriction here is |
228 the absence of internal actions. *) |
225 the absence of internal actions. *) |
229 goal Correctness.thy |
226 goal Correctness.thy |
230 "is_weak_pmap (%id.id) sender_ioa sender_ioa"; |
227 "is_weak_pmap (%id.id) sender_ioa sender_ioa"; |
231 by (simp_tac (red_ss addsimps [Solve.is_weak_pmap_def]) 1); |
228 by (simp_tac (!simpset addsimps [Solve.is_weak_pmap_def]) 1); |
232 by (rtac conjI 1); |
229 by (rtac conjI 1); |
233 (* start states *) |
230 (* start states *) |
234 br ballI 1; |
231 br ballI 1; |
235 by (simp_tac red_ss_ch 1); |
232 by (Simp_tac 1); |
236 (* main-part *) |
233 (* main-part *) |
237 by (REPEAT (rtac allI 1)); |
234 by (REPEAT (rtac allI 1)); |
238 by (rtac imp_conj_lemma 1); |
235 by (rtac imp_conj_lemma 1); |
239 by (Action.action.induct_tac "a" 1); |
236 by (Action.action.induct_tac "a" 1); |
240 (* 7 cases *) |
237 (* 7 cases *) |
241 by (ALLGOALS (simp_tac ((hom_ss addsimps [externals_def]) setloop (split_tac [expand_if])))); |
238 by (ALLGOALS (simp_tac ((!simpset addsimps [externals_def]) setloop (split_tac [expand_if])))); |
242 qed"sender_unchanged"; |
239 qed"sender_unchanged"; |
243 |
240 |
244 (* 2 copies of before *) |
241 (* 2 copies of before *) |
245 goal Correctness.thy |
242 goal Correctness.thy |
246 "is_weak_pmap (%id.id) receiver_ioa receiver_ioa"; |
243 "is_weak_pmap (%id.id) receiver_ioa receiver_ioa"; |
247 by (simp_tac (red_ss addsimps [Solve.is_weak_pmap_def]) 1); |
244 by (simp_tac (!simpset addsimps [Solve.is_weak_pmap_def]) 1); |
248 by (rtac conjI 1); |
245 by (rtac conjI 1); |
249 (* start states *) |
246 (* start states *) |
250 br ballI 1; |
247 br ballI 1; |
251 by (simp_tac red_ss_ch 1); |
248 by (Simp_tac 1); |
252 (* main-part *) |
249 (* main-part *) |
253 by (REPEAT (rtac allI 1)); |
250 by (REPEAT (rtac allI 1)); |
254 by (rtac imp_conj_lemma 1); |
251 by (rtac imp_conj_lemma 1); |
255 by (Action.action.induct_tac "a" 1); |
252 by (Action.action.induct_tac "a" 1); |
256 (* 7 cases *) |
253 (* 7 cases *) |
257 by (ALLGOALS (simp_tac ((hom_ss addsimps [externals_def]) setloop (split_tac [expand_if])))); |
254 by (ALLGOALS (simp_tac ((!simpset addsimps [externals_def]) setloop (split_tac [expand_if])))); |
258 qed"receiver_unchanged"; |
255 qed"receiver_unchanged"; |
259 |
256 |
260 goal Correctness.thy |
257 goal Correctness.thy |
261 "is_weak_pmap (%id.id) env_ioa env_ioa"; |
258 "is_weak_pmap (%id.id) env_ioa env_ioa"; |
262 by (simp_tac (red_ss addsimps [Solve.is_weak_pmap_def]) 1); |
259 by (simp_tac (!simpset addsimps [Solve.is_weak_pmap_def]) 1); |
263 by (rtac conjI 1); |
260 by (rtac conjI 1); |
264 (* start states *) |
261 (* start states *) |
265 br ballI 1; |
262 br ballI 1; |
266 by (simp_tac red_ss_ch 1); |
263 by (Simp_tac 1); |
267 (* main-part *) |
264 (* main-part *) |
268 by (REPEAT (rtac allI 1)); |
265 by (REPEAT (rtac allI 1)); |
269 by (rtac imp_conj_lemma 1); |
266 by (rtac imp_conj_lemma 1); |
270 by (Action.action.induct_tac "a" 1); |
267 by (Action.action.induct_tac "a" 1); |
271 (* 7 cases *) |
268 (* 7 cases *) |
272 by (ALLGOALS (simp_tac ((hom_ss addsimps [externals_def]) setloop (split_tac [expand_if])))); |
269 by (ALLGOALS (simp_tac ((!simpset addsimps [externals_def]) setloop (split_tac [expand_if])))); |
273 qed"env_unchanged"; |
270 qed"env_unchanged"; |
274 |
271 |
275 |
272 |
276 goal Correctness.thy "compat_ioas srch_ioa rsch_ioa"; |
273 goal Correctness.thy "compat_ioas srch_ioa rsch_ioa"; |
277 by (simp_tac (red_ss_ch addsimps [compat_ioas_def,compat_asigs_def,Int_def,empty_def]) 1); |
274 by (simp_tac (!simpset addsimps [compat_ioas_def,compat_asigs_def,Int_def,empty_def]) 1); |
278 by (rtac set_ext 1); |
275 by (rtac set_ext 1); |
279 by (Action.action.induct_tac "x" 1); |
276 by (Action.action.induct_tac "x" 1); |
280 by (ALLGOALS(simp_tac red_ss_ch)); |
277 by (ALLGOALS(Simp_tac)); |
281 val compat_single_ch = result(); |
278 val compat_single_ch = result(); |
282 |
279 |
283 (* totally the same as before *) |
280 (* totally the same as before *) |
284 goal Correctness.thy "compat_ioas srch_fin_ioa rsch_fin_ioa"; |
281 goal Correctness.thy "compat_ioas srch_fin_ioa rsch_fin_ioa"; |
285 by (simp_tac (red_ss_ch addsimps [compat_ioas_def,compat_asigs_def,Int_def,empty_def]) 1); |
282 by (simp_tac (!simpset addsimps [compat_ioas_def,compat_asigs_def,Int_def,empty_def]) 1); |
286 by (rtac set_ext 1); |
283 by (rtac set_ext 1); |
287 by (Action.action.induct_tac "x" 1); |
284 by (Action.action.induct_tac "x" 1); |
288 by (ALLGOALS(simp_tac red_ss_ch)); |
285 by (ALLGOALS(Simp_tac)); |
289 val compat_single_fin_ch = result(); |
286 val compat_single_fin_ch = result(); |
290 |
287 |
|
288 val ss = |
|
289 !simpset delsimps ([trans_of_def, srch_asig_def,rsch_asig_def, |
|
290 asig_of_def, actions_def, srch_trans_def, rsch_trans_def, |
|
291 srch_ioa_def, srch_fin_ioa_def, rsch_fin_ioa_def, |
|
292 rsch_ioa_def, Sender.sender_trans_def, |
|
293 Receiver.receiver_trans_def] @ set_lemmas); |
|
294 |
291 goal Correctness.thy "compat_ioas receiver_ioa (srch_ioa || rsch_ioa)"; |
295 goal Correctness.thy "compat_ioas receiver_ioa (srch_ioa || rsch_ioa)"; |
292 by (simp_tac (hom_ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
296 by (simp_tac (ss addsimps [empty_def,compat_ioas_def,compat_asigs_def, |
293 by (simp_tac red_ss_ch 1); |
297 asig_of_par,asig_comp_def,actions_def, |
294 by (rtac set_ext 1); |
298 Int_def]) 1); |
295 by (Action.action.induct_tac "x" 1); |
299 by (Simp_tac 1); |
296 by (ALLGOALS(simp_tac red_ss_ch)); |
300 by (rtac set_ext 1); |
297 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
301 by (Action.action.induct_tac "x" 1); |
298 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
302 by (ALLGOALS Simp_tac); |
299 val compat_rec =result(); |
303 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
|
304 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
|
305 val compat_rec = result(); |
300 |
306 |
301 (* 5 proofs totally the same as before *) |
307 (* 5 proofs totally the same as before *) |
302 goal Correctness.thy "compat_ioas receiver_ioa (srch_fin_ioa || rsch_fin_ioa)"; |
308 goal Correctness.thy "compat_ioas receiver_ioa (srch_fin_ioa || rsch_fin_ioa)"; |
303 by (simp_tac (hom_ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
309 by (simp_tac (ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
304 by (simp_tac red_ss_ch 1); |
310 by (Simp_tac 1); |
305 by (rtac set_ext 1); |
311 by (rtac set_ext 1); |
306 by (Action.action.induct_tac "x" 1); |
312 by (Action.action.induct_tac "x" 1); |
307 by (ALLGOALS(simp_tac red_ss_ch)); |
313 by (ALLGOALS Simp_tac); |
308 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
314 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
309 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
315 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
310 val compat_rec_fin =result(); |
316 val compat_rec_fin =result(); |
311 |
317 |
312 goal Correctness.thy "compat_ioas sender_ioa \ |
318 goal Correctness.thy "compat_ioas sender_ioa \ |
313 \ (receiver_ioa || srch_ioa || rsch_ioa)"; |
319 \ (receiver_ioa || srch_ioa || rsch_ioa)"; |
314 by (simp_tac (hom_ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
320 by (simp_tac (ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
315 by (simp_tac red_ss_ch 1); |
321 by (Simp_tac 1); |
316 by (rtac set_ext 1); |
322 by (rtac set_ext 1); |
317 by (Action.action.induct_tac "x" 1); |
323 by (Action.action.induct_tac "x" 1); |
318 by (ALLGOALS(simp_tac red_ss_ch)); |
324 by (ALLGOALS(Simp_tac)); |
319 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
325 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
320 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
326 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
321 val compat_sen=result(); |
327 val compat_sen=result(); |
322 |
328 |
323 goal Correctness.thy "compat_ioas sender_ioa\ |
329 goal Correctness.thy "compat_ioas sender_ioa\ |
324 \ (receiver_ioa || srch_fin_ioa || rsch_fin_ioa)"; |
330 \ (receiver_ioa || srch_fin_ioa || rsch_fin_ioa)"; |
325 by (simp_tac (hom_ss addsimps [empty_def, compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
331 by (simp_tac (ss addsimps [empty_def, compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
326 by (simp_tac red_ss_ch 1); |
332 by (Simp_tac 1); |
327 by (rtac set_ext 1); |
333 by (rtac set_ext 1); |
328 by (Action.action.induct_tac "x" 1); |
334 by (Action.action.induct_tac "x" 1); |
329 by (ALLGOALS(simp_tac red_ss_ch)); |
335 by (ALLGOALS(Simp_tac)); |
330 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
336 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
331 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
337 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
332 val compat_sen_fin =result(); |
338 val compat_sen_fin =result(); |
333 |
339 |
334 goal Correctness.thy "compat_ioas env_ioa\ |
340 goal Correctness.thy "compat_ioas env_ioa\ |
335 \ (sender_ioa || receiver_ioa || srch_ioa || rsch_ioa)"; |
341 \ (sender_ioa || receiver_ioa || srch_ioa || rsch_ioa)"; |
336 by (simp_tac (hom_ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
342 by (simp_tac (ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
337 by (simp_tac red_ss_ch 1); |
343 by (Simp_tac 1); |
338 by (rtac set_ext 1); |
344 by (rtac set_ext 1); |
339 by (Action.action.induct_tac "x" 1); |
345 by (Action.action.induct_tac "x" 1); |
340 by (ALLGOALS(simp_tac red_ss_ch)); |
346 by (ALLGOALS(Simp_tac)); |
341 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
347 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
342 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
348 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
343 val compat_env=result(); |
349 val compat_env=result(); |
344 |
350 |
345 goal Correctness.thy "compat_ioas env_ioa\ |
351 goal Correctness.thy "compat_ioas env_ioa\ |
346 \ (sender_ioa || receiver_ioa || srch_fin_ioa || rsch_fin_ioa)"; |
352 \ (sender_ioa || receiver_ioa || srch_fin_ioa || rsch_fin_ioa)"; |
347 by (simp_tac (hom_ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
353 by (simp_tac (ss addsimps [empty_def,compat_ioas_def,compat_asigs_def,asig_of_par,asig_comp_def,actions_def,Int_def]) 1); |
348 by (simp_tac red_ss_ch 1); |
354 by (Simp_tac 1); |
349 by (rtac set_ext 1); |
355 by (rtac set_ext 1); |
350 by (Action.action.induct_tac "x" 1); |
356 by (Action.action.induct_tac "x" 1); |
351 by (ALLGOALS(simp_tac red_ss_ch)); |
357 by (ALLGOALS Simp_tac); |
352 by (ALLGOALS(simp_tac (red_ss addsimps [insert_def,Un_def]))); |
358 by (ALLGOALS(simp_tac (!simpset addsimps [insert_def,Un_def]))); |
353 by (ALLGOALS(simp_tac (red_ss_ch addsimps [de_morgan,singleton_set]))); |
359 by (ALLGOALS(simp_tac (!simpset addsimps [de_morgan,singleton_set]))); |
354 val compat_env_fin=result(); |
360 val compat_env_fin=result(); |
355 |
361 |
356 |
362 |
357 (* lemmata about externals of channels *) |
363 (* lemmata about externals of channels *) |
358 goal Correctness.thy |
364 goal Correctness.thy |
359 "externals(asig_of(srch_fin_ioa)) = externals(asig_of(srch_ioa)) & \ |
365 "externals(asig_of(srch_fin_ioa)) = externals(asig_of(srch_ioa)) & \ |
360 \ externals(asig_of(rsch_fin_ioa)) = externals(asig_of(rsch_ioa))"; |
366 \ externals(asig_of(rsch_fin_ioa)) = externals(asig_of(rsch_ioa))"; |
361 by (simp_tac (red_ss_ch addsimps [externals_def]) 1); |
367 by (simp_tac (!simpset addsimps [externals_def]) 1); |
362 val ext_single_ch = result(); |
368 val ext_single_ch = result(); |
363 |
369 |
364 |
370 |
365 |
371 |
366 |
372 |
368 val ext_ss = [externals_of_par,ext_single_ch]; |
374 val ext_ss = [externals_of_par,ext_single_ch]; |
369 val compat_ss = [compat_single_ch,compat_single_fin_ch,compat_rec, |
375 val compat_ss = [compat_single_ch,compat_single_fin_ch,compat_rec, |
370 compat_rec_fin,compat_sen,compat_sen_fin,compat_env,compat_env_fin]; |
376 compat_rec_fin,compat_sen,compat_sen_fin,compat_env,compat_env_fin]; |
371 val abstractions = [env_unchanged,sender_unchanged, |
377 val abstractions = [env_unchanged,sender_unchanged, |
372 receiver_unchanged,sender_abstraction,receiver_abstraction]; |
378 receiver_unchanged,sender_abstraction,receiver_abstraction]; |
373 val impl_ss = impl_ss addsimps [impl_def,impl_fin_def,sys_IOA, sys_fin_IOA]; |
|
374 val sys_ss = impl_ss addsimps [system_def, system_fin_def, abs_def]; |
|
375 |
|
376 |
379 |
377 |
380 |
378 (************************************************************************ |
381 (************************************************************************ |
379 S o u n d n e s s o f A b s t r a c t i o n |
382 S o u n d n e s s o f A b s t r a c t i o n |
380 *************************************************************************) |
383 *************************************************************************) |
381 |
384 |
|
385 val ss = !simpset delsimps ([asig_of_def, srch_ioa_def, rsch_ioa_def, |
|
386 srch_fin_ioa_def, rsch_fin_ioa_def] @ |
|
387 impl_ioas @ env_ioas); |
382 |
388 |
383 goal Correctness.thy |
389 goal Correctness.thy |
384 "is_weak_pmap abs system_ioa system_fin_ioa"; |
390 "is_weak_pmap abs system_ioa system_fin_ioa"; |
385 |
391 |
386 by (simp_tac sys_ss 1); |
392 by (simp_tac (impl_ss delsimps ([srch_ioa_def, rsch_ioa_def, srch_fin_ioa_def, |
|
393 rsch_fin_ioa_def] @ env_ioas @ impl_ioas) |
|
394 addsimps [system_def, system_fin_def, abs_def, impl_def, |
|
395 impl_fin_def, sys_IOA, sys_fin_IOA]) 1); |
387 |
396 |
388 by (REPEAT (EVERY[rtac fxg_is_weak_pmap_of_product_IOA 1, |
397 by (REPEAT (EVERY[rtac fxg_is_weak_pmap_of_product_IOA 1, |
389 simp_tac (red_ss addsimps abstractions) 1, |
398 simp_tac (ss addsimps abstractions) 1, |
390 rtac conjI 1])); |
399 rtac conjI 1])); |
391 |
400 |
392 by (ALLGOALS (simp_tac (red_ss addsimps ext_ss @ compat_ss))); |
401 by (ALLGOALS (simp_tac (ss addsimps ext_ss @ compat_ss))); |
393 |
402 |
394 qed "system_refinement"; |
403 qed "system_refinement"; |
395 |
|
396 |
|