src/HOL/IOA/NTP/Impl.ML

-(*  Title:      HOL/IOA/NTP/Impl.ML
-    ID:         $Id$
-    Author:     Tobias Nipkow & Konrad Slind
-    Copyright   1994  TU Muenchen
-
-The implementation --- Invariants
-*)
-
-
-
-
-open Abschannel Impl;
-
-val impl_ioas =
-  [Impl.impl_def,
-   Sender.sender_ioa_def, 
-   Receiver.receiver_ioa_def, 
-   srch_ioa_thm RS eq_reflection,
-   rsch_ioa_thm RS eq_reflection];
-
-val transitions = [Sender.sender_trans_def, Receiver.receiver_trans_def,
-                   srch_trans_def, rsch_trans_def];
- 
-
-Addsimps [ioa_triple_proj, starts_of_par, trans_of_par4,
-          in_sender_asig, in_receiver_asig, in_srch_asig,
-          in_rsch_asig];
-Addcongs [let_weak_cong];
-
-goal Impl.thy
-  "fst(x) = sen(x)            & \
-\  fst(snd(x)) = rec(x)       & \
-\  fst(snd(snd(x))) = srch(x) & \
-\  snd(snd(snd(x))) = rsch(x)";
-by(simp_tac (!simpset addsimps
-             [sen_def,rec_def,srch_def,rsch_def]) 1);
-Addsimps [result()];
-
-goal Impl.thy "a:actions(sender_asig)   \
-\            | a:actions(receiver_asig) \
-\            | a:actions(srch_asig)     \
-\            | a:actions(rsch_asig)";
-  by(Action.action.induct_tac "a" 1);
-  by(ALLGOALS (Simp_tac));
-Addsimps [result()];
-
-Delsimps [split_paired_All];
-
-
-(* Three Simp_sets in different sizes 
-----------------------------------------------
-
-1) !simpset does not unfold the transition relations 
-2) ss unfolds transition relations 
-3) renname_ss unfolds transitions and the abstract channel *)
-
-
-val ss = (!simpset addcongs [if_weak_cong]
-                   addsimps transitions);     
-val rename_ss = (ss addsimps unfold_renaming);
-
-
-
-val tac     = asm_simp_tac ((ss addcongs [conj_cong]) 
-                            setloop (split_tac [expand_if]));
-val tac_ren = asm_simp_tac ((rename_ss addcongs [conj_cong]) 
-                            setloop (split_tac [expand_if]));
-
-
-
-(* INVARIANT 1 *)
-
-goalw Impl.thy impl_ioas "invariant impl_ioa inv1";
-by (rtac invariantI 1);
-by(asm_full_simp_tac (!simpset
-   addsimps [inv1_def, hdr_sum_def, Sender.srcvd_def,
-             Sender.ssent_def, Receiver.rsent_def,Receiver.rrcvd_def]) 1);
-
-by(simp_tac (!simpset delsimps [trans_of_par4]
-                addsimps [fork_lemma,inv1_def]) 1);
-
-(* Split proof in two *)
-by (rtac conjI 1); 
-
-(* First half *)
-by(asm_full_simp_tac (!simpset addsimps [Impl.inv1_def]) 1);
-by (rtac Action.action.induct 1);
-
-by (EVERY1[tac, tac, tac, tac]);
-by (tac 1);
-by (tac_ren 1);
-
-(* 5 + 1 *)
-
-by (tac 1);
-by (tac_ren 1);
-
-(* 4 + 1 *)
-by(EVERY1[tac, tac, tac, tac]);
-
-
-(* Now the other half *)
-by(asm_full_simp_tac (!simpset addsimps [Impl.inv1_def]) 1);
-by (rtac Action.action.induct 1);
-by(EVERY1[tac, tac]);
-
-(* detour 1 *)
-by (tac 1);
-by (tac_ren 1);
-by (rtac impI 1);
-by (REPEAT (etac conjE 1));
-by (asm_simp_tac (!simpset addsimps [hdr_sum_def, Multiset.count_def,
-                               Multiset.countm_nonempty_def]
-                     setloop (split_tac [expand_if])) 1);
-(* detour 2 *)
-by (tac 1);
-by (tac_ren 1);
-by (rtac impI 1);
-by (REPEAT (etac conjE 1));
-by (asm_full_simp_tac (!simpset addsimps [Impl.hdr_sum_def, 
-                                         Multiset.count_def,
-                                         Multiset.countm_nonempty_def,
-                                         Multiset.delm_nonempty_def,
-                                         left_plus_cancel,
-                                         left_plus_cancel_inside_succ,
-                                         unzero_less]
-                               setloop (split_tac [expand_if])) 1);
-by (rtac allI 1);
-by (rtac conjI 1);
-by (rtac impI 1);
-by (hyp_subst_tac 1);
-by (rtac (pred_suc RS mp RS sym RS iffD2) 1);
-by (dtac less_le_trans 1);
-by (cut_facts_tac [rewrite_rule[Packet.hdr_def]
-                   eq_packet_imp_eq_hdr RS countm_props] 1);;
-by (assume_tac 1);
-by (assume_tac 1);
-
-by (rtac (countm_done_delm RS mp RS sym) 1);
-by (rtac refl 1);
-by (asm_simp_tac (!simpset addsimps [Multiset.count_def]) 1);
-
-by (rtac impI 1);
-by (asm_full_simp_tac (!simpset addsimps [neg_flip]) 1);
-by (hyp_subst_tac 1);
-by (rtac countm_spurious_delm 1);
-by (Simp_tac 1);
-
-by (EVERY1[tac, tac, tac, tac, tac, tac]);
-
-qed "inv1";
-
-
-
-(* INVARIANT 2 *)
-
-  goal Impl.thy "invariant impl_ioa inv2";
-
-  by (rtac invariantI1 1); 
-  (* Base case *)
-  by (asm_full_simp_tac (!simpset addsimps (inv2_def ::
-                          (receiver_projections 
-                           @ sender_projections @ impl_ioas)))
-      1);
-
-  by (asm_simp_tac (!simpset addsimps impl_ioas) 1);
-  by (Action.action.induct_tac "a" 1);
-
-  (* 10 cases. First 4 are simple, since state doesn't change *)
-
-val tac2 = asm_full_simp_tac (ss addsimps [inv2_def]);
-
-  (* 10 - 7 *)
-  by (EVERY1[tac2,tac2,tac2,tac2]);
-  (* 6 *)
-  by(forward_tac [rewrite_rule [Impl.inv1_def]
-                               (inv1 RS invariantE) RS conjunct1] 1);
-  (* 6 - 5 *)
-  by (EVERY1[tac2,tac2]);
-
-  (* 4 *)
-  by (forward_tac [rewrite_rule [Impl.inv1_def]
-                                (inv1 RS invariantE) RS conjunct1] 1);
-  by (tac2 1);
-  by (fast_tac (!claset addDs [add_leD1,leD]) 1);
-
-  (* 3 *)
-  by (forward_tac [rewrite_rule [Impl.inv1_def] (inv1 RS invariantE)] 1);
-
-  by (tac2 1);
-  by (fold_tac [rewrite_rule [Packet.hdr_def]Impl.hdr_sum_def]);
-  by (fast_tac (!claset addDs [add_leD1,leD]) 1);
-
-  (* 2 *)
-  by (tac2 1);
-  by(forward_tac [rewrite_rule [Impl.inv1_def]
-                               (inv1 RS invariantE) RS conjunct1] 1);
-  by (rtac impI 1);
-  by (rtac impI 1);
-  by (REPEAT (etac conjE 1));
-  by (dres_inst_tac [("k","count (rsch s) (~sbit(sen s))")] 
-                     (standard(leq_add_leq RS mp)) 1);
-  by (Asm_full_simp_tac 1);
-
-  (* 1 *)
-  by (tac2 1);
-  by(forward_tac [rewrite_rule [Impl.inv1_def]
-                               (inv1 RS invariantE) RS conjunct2] 1);
-  by (rtac impI 1);
-  by (rtac impI 1);
-  by (REPEAT (etac conjE 1));
-  by (fold_tac  [rewrite_rule[Packet.hdr_def]Impl.hdr_sum_def]);
-  by (dres_inst_tac [("k","hdr_sum (srch s) (sbit(sen s))")] 
-                     (standard(leq_add_leq RS mp)) 1);
-  by (Asm_full_simp_tac 1);
-qed "inv2";
-
-
-(* INVARIANT 3 *)
-
-goal Impl.thy "invariant impl_ioa inv3";
-
-  by (rtac invariantI 1); 
-  (* Base case *)
-  by (asm_full_simp_tac (!simpset addsimps 
-                    (Impl.inv3_def :: (receiver_projections 
-                                       @ sender_projections @ impl_ioas))) 1);
-
-  by (asm_simp_tac (!simpset addsimps impl_ioas) 1);
-  by (Action.action.induct_tac "a" 1);
-
-val tac3 = asm_full_simp_tac (ss addsimps [inv3_def] 
-                              setloop (split_tac [expand_if]));
-
-  (* 10 - 8 *)
-
-  by (EVERY1[tac3,tac3,tac3]);
- 
-  by (tac_ren 1);
-  by (strip_tac  1 THEN REPEAT (etac conjE 1));
-  by (hyp_subst_tac 1);
-  by (etac exE 1);
-  by (Asm_full_simp_tac 1);
-
-  (* 7 *)
-  by (tac3 1);
-  by (tac_ren 1);
-  by (Fast_tac 1);
-
-  (* 6 - 3 *)
-
-  by (EVERY1[tac3,tac3,tac3,tac3]);
-
-  (* 2 *)
-  by (asm_full_simp_tac ss 1);
-  by (simp_tac (!simpset addsimps [inv3_def]) 1);
-  by (strip_tac  1 THEN REPEAT (etac conjE 1));
-  by (rtac (imp_or_lem RS iffD2) 1);
-  by (rtac impI 1);
-  by (forward_tac [rewrite_rule [Impl.inv2_def] (inv2 RS invariantE)] 1);
-  by (Asm_full_simp_tac 1);
-  by (REPEAT (etac conjE 1));
-  by (res_inst_tac [("j","count (ssent(sen s)) (~sbit(sen s))"),
-                    ("k","count (rsent(rec s)) (sbit(sen s))")] le_trans 1);
-  by (forward_tac [rewrite_rule [inv1_def]
-                                (inv1 RS invariantE) RS conjunct2] 1);
-  by (asm_full_simp_tac (!simpset addsimps
-                         [hdr_sum_def, Multiset.count_def]) 1);
-  by (rtac (less_eq_add_cong RS mp RS mp) 1);
-  by (rtac countm_props 1);
-  by (Simp_tac 1);
-  by (rtac countm_props 1);
-  by (Simp_tac 1);
-  by (assume_tac 1);
-
-  (* 1 *)
-  by (tac3 1);
-  by (strip_tac  1 THEN REPEAT (etac conjE 1));
-  by (rtac (imp_or_lem RS iffD2) 1);
-  by (rtac impI 1);
-  by (forward_tac [rewrite_rule [Impl.inv2_def] (inv2 RS invariantE)] 1);
-  by (Asm_full_simp_tac 1);
-  by (REPEAT (etac conjE 1));
-  by (dtac mp 1);
-  by (assume_tac 1);
-  by (etac allE 1);
-  by (dtac (imp_or_lem RS iffD1) 1);
-  by (dtac mp 1);
-  by (assume_tac 1);
-  by (assume_tac 1);
-qed "inv3";
-
-
-(* INVARIANT 4 *)
-
-goal Impl.thy "invariant impl_ioa inv4";
-
-  by (rtac invariantI 1); 
-  (* Base case *)
-  by (asm_full_simp_tac (!simpset addsimps 
-                    (Impl.inv4_def :: (receiver_projections 
-                                       @ sender_projections @ impl_ioas))) 1);
-
-  by (asm_simp_tac (!simpset addsimps impl_ioas) 1);
-  by (Action.action.induct_tac "a" 1);
-
-val tac4 =  asm_full_simp_tac (ss addsimps [inv4_def]
-                              setloop (split_tac [expand_if]));
-
-  (* 10 - 2 *)
-  
-  by (EVERY1[tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4]);
- 
- (* 2 b *)
- 
-  by (strip_tac  1 THEN REPEAT (etac conjE 1));
-  by(forward_tac [rewrite_rule [Impl.inv2_def]
-                               (inv2 RS invariantE)] 1);
-  by (tac4 1);
-  by (Asm_full_simp_tac 1);
-
-  (* 1 *)
-  by (tac4 1);
-  by (strip_tac  1 THEN REPEAT (etac conjE 1));
-  by (rtac ccontr 1);
-  by(forward_tac [rewrite_rule [Impl.inv2_def]
-                               (inv2 RS invariantE)] 1);
-  by(forward_tac [rewrite_rule [Impl.inv3_def]
-                               (inv3 RS invariantE)] 1);
-  by (Asm_full_simp_tac 1);
-  by (eres_inst_tac [("x","m")] allE 1);
-  by (dtac less_le_trans 1);
-  by (dtac (left_add_leq RS mp) 1);
-  by (Asm_full_simp_tac 1);
-  by (Asm_full_simp_tac 1);
-qed "inv4";
-
-
-(* rebind them *)
-
-val inv1 = rewrite_rule [Impl.inv1_def] (inv1 RS invariantE);
-val inv2 = rewrite_rule [Impl.inv2_def] (inv2 RS invariantE);
-val inv3 = rewrite_rule [Impl.inv3_def] (inv3 RS invariantE);
-val inv4 = rewrite_rule [Impl.inv4_def] (inv4 RS invariantE);