22 |
22 |
23 unlift :: "'a lift => 'a" |
23 unlift :: "'a lift => 'a" |
24 |
24 |
25 Init :: "'a predicate => 'a temporal" ("<_>" [0] 1000) |
25 Init :: "'a predicate => 'a temporal" ("<_>" [0] 1000) |
26 |
26 |
27 Box :: "'a temporal => 'a temporal" ("\<box> (_)" [80] 80) |
27 Box :: "'a temporal => 'a temporal" ("\<box>(_)" [80] 80) |
28 Diamond :: "'a temporal => 'a temporal" ("\<diamond> (_)" [80] 80) |
28 Diamond :: "'a temporal => 'a temporal" ("\<diamond>(_)" [80] 80) |
29 Next :: "'a temporal => 'a temporal" |
29 Next :: "'a temporal => 'a temporal" |
30 Leadsto :: "'a temporal => 'a temporal => 'a temporal" (infixr "\<leadsto>" 22) |
30 Leadsto :: "'a temporal => 'a temporal => 'a temporal" (infixr "\<leadsto>" 22) |
31 |
31 |
32 defs |
32 defs |
33 |
33 |
49 |
49 |
50 Next_def: |
50 Next_def: |
51 "(Next P) s == if (TL$s=UU | TL$s=nil) then (P s) else P (TL$s)" |
51 "(Next P) s == if (TL$s=UU | TL$s=nil) then (P s) else P (TL$s)" |
52 |
52 |
53 Diamond_def: |
53 Diamond_def: |
54 "\<diamond>P == .~ (\<box>(.~ P))" |
54 "\<diamond>P == \<^bold>\<not> (\<box>(\<^bold>\<not> P))" |
55 |
55 |
56 Leadsto_def: |
56 Leadsto_def: |
57 "P \<leadsto> Q == (\<box>(P .--> (\<diamond>Q)))" |
57 "P \<leadsto> Q == (\<box>(P \<^bold>\<longrightarrow> (\<diamond>Q)))" |
58 |
58 |
59 validT_def: |
59 validT_def: |
60 "validT P == ! s. s~=UU & s~=nil --> (s |= P)" |
60 "validT P == ! s. s~=UU & s~=nil --> (s \<Turnstile> P)" |
61 |
61 |
62 |
62 |
63 lemma simple: "\<box>\<diamond>(.~ P) = (.~ \<diamond>\<box>P)" |
63 lemma simple: "\<box>\<diamond>(\<^bold>\<not> P) = (\<^bold>\<not> \<diamond>\<box>P)" |
64 apply (rule ext) |
64 apply (rule ext) |
65 apply (simp add: Diamond_def NOT_def Box_def) |
65 apply (simp add: Diamond_def NOT_def Box_def) |
66 done |
66 done |
67 |
67 |
68 lemma Boxnil: "nil |= \<box>P" |
68 lemma Boxnil: "nil \<Turnstile> \<box>P" |
69 apply (simp add: satisfies_def Box_def tsuffix_def suffix_def nil_is_Conc) |
69 apply (simp add: satisfies_def Box_def tsuffix_def suffix_def nil_is_Conc) |
70 done |
70 done |
71 |
71 |
72 lemma Diamondnil: "~(nil |= \<diamond>P)" |
72 lemma Diamondnil: "~(nil \<Turnstile> \<diamond>P)" |
73 apply (simp add: Diamond_def satisfies_def NOT_def) |
73 apply (simp add: Diamond_def satisfies_def NOT_def) |
74 apply (cut_tac Boxnil) |
74 apply (cut_tac Boxnil) |
75 apply (simp add: satisfies_def) |
75 apply (simp add: satisfies_def) |
76 done |
76 done |
77 |
77 |
87 apply (simp add: suffix_def) |
87 apply (simp add: suffix_def) |
88 apply (rule_tac x = "nil" in exI) |
88 apply (rule_tac x = "nil" in exI) |
89 apply auto |
89 apply auto |
90 done |
90 done |
91 |
91 |
92 lemma reflT: "s~=UU & s~=nil --> (s |= \<box>F .--> F)" |
92 lemma reflT: "s~=UU & s~=nil --> (s \<Turnstile> \<box>F \<^bold>\<longrightarrow> F)" |
93 apply (simp add: satisfies_def IMPLIES_def Box_def) |
93 apply (simp add: satisfies_def IMPLIES_def Box_def) |
94 apply (rule impI)+ |
94 apply (rule impI)+ |
95 apply (erule_tac x = "s" in allE) |
95 apply (erule_tac x = "s" in allE) |
96 apply (simp add: tsuffix_def suffix_refl) |
96 apply (simp add: tsuffix_def suffix_refl) |
97 done |
97 done |
103 apply (rule_tac x = "s1 @@ s1a" in exI) |
103 apply (rule_tac x = "s1 @@ s1a" in exI) |
104 apply auto |
104 apply auto |
105 apply (simp (no_asm) add: Conc_assoc) |
105 apply (simp (no_asm) add: Conc_assoc) |
106 done |
106 done |
107 |
107 |
108 lemma transT: "s |= \<box>F .--> \<box>\<box>F" |
108 lemma transT: "s \<Turnstile> \<box>F \<^bold>\<longrightarrow> \<box>\<box>F" |
109 apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def tsuffix_def) |
109 apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def tsuffix_def) |
110 apply auto |
110 apply auto |
111 apply (drule suffix_trans) |
111 apply (drule suffix_trans) |
112 apply assumption |
112 apply assumption |
113 apply (erule_tac x = "s2a" in allE) |
113 apply (erule_tac x = "s2a" in allE) |
114 apply auto |
114 apply auto |
115 done |
115 done |
116 |
116 |
117 |
117 |
118 lemma normalT: "s |= \<box>(F .--> G) .--> \<box>F .--> \<box>G" |
118 lemma normalT: "s \<Turnstile> \<box>(F \<^bold>\<longrightarrow> G) \<^bold>\<longrightarrow> \<box>F \<^bold>\<longrightarrow> \<box>G" |
119 apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def) |
119 apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def) |
120 done |
120 done |
121 |
121 |
122 |
122 |
123 subsection "TLA Rules by Lamport" |
123 subsection "TLA Rules by Lamport" |
154 |
154 |
155 lemmas tsuffix_TL2 = conjI [THEN tsuffix_TL] |
155 lemmas tsuffix_TL2 = conjI [THEN tsuffix_TL] |
156 |
156 |
157 declare split_if [split del] |
157 declare split_if [split del] |
158 lemma LTL1: |
158 lemma LTL1: |
159 "s~=UU & s~=nil --> (s |= \<box>F .--> (F .& (Next (\<box>F))))" |
159 "s~=UU & s~=nil --> (s \<Turnstile> \<box>F \<^bold>\<longrightarrow> (F \<^bold>\<and> (Next (\<box>F))))" |
160 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def AND_def Box_def) |
160 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def AND_def Box_def) |
161 apply auto |
161 apply auto |
162 (* \<box>F .--> F *) |
162 (* \<box>F \<^bold>\<longrightarrow> F *) |
163 apply (erule_tac x = "s" in allE) |
163 apply (erule_tac x = "s" in allE) |
164 apply (simp add: tsuffix_def suffix_refl) |
164 apply (simp add: tsuffix_def suffix_refl) |
165 (* \<box>F .--> Next \<box>F *) |
165 (* \<box>F \<^bold>\<longrightarrow> Next \<box>F *) |
166 apply (simp split add: split_if) |
166 apply (simp split add: split_if) |
167 apply auto |
167 apply auto |
168 apply (drule tsuffix_TL2) |
168 apply (drule tsuffix_TL2) |
169 apply assumption+ |
169 apply assumption+ |
170 apply auto |
170 apply auto |
171 done |
171 done |
172 declare split_if [split] |
172 declare split_if [split] |
173 |
173 |
174 |
174 |
175 lemma LTL2a: |
175 lemma LTL2a: |
176 "s |= .~ (Next F) .--> (Next (.~ F))" |
176 "s \<Turnstile> \<^bold>\<not> (Next F) \<^bold>\<longrightarrow> (Next (\<^bold>\<not> F))" |
177 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
177 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
178 apply simp |
178 apply simp |
179 done |
179 done |
180 |
180 |
181 lemma LTL2b: |
181 lemma LTL2b: |
182 "s |= (Next (.~ F)) .--> (.~ (Next F))" |
182 "s \<Turnstile> (Next (\<^bold>\<not> F)) \<^bold>\<longrightarrow> (\<^bold>\<not> (Next F))" |
183 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
183 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
184 apply simp |
184 apply simp |
185 done |
185 done |
186 |
186 |
187 lemma LTL3: |
187 lemma LTL3: |
188 "ex |= (Next (F .--> G)) .--> (Next F) .--> (Next G)" |
188 "ex \<Turnstile> (Next (F \<^bold>\<longrightarrow> G)) \<^bold>\<longrightarrow> (Next F) \<^bold>\<longrightarrow> (Next G)" |
189 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
189 apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) |
190 apply simp |
190 apply simp |
191 done |
191 done |
192 |
192 |
193 |
193 |
194 lemma ModusPonens: "[| validT (P .--> Q); validT P |] ==> validT Q" |
194 lemma ModusPonens: "[| validT (P \<^bold>\<longrightarrow> Q); validT P |] ==> validT Q" |
195 apply (simp add: validT_def satisfies_def IMPLIES_def) |
195 apply (simp add: validT_def satisfies_def IMPLIES_def) |
196 done |
196 done |
197 |
197 |
198 end |
198 end |