Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/Induct/QuoDataType.thy
changeset 18460 9a1458cb2956
parent 16417 9bc16273c2d4
child 19736 d8d0f8f51d69
equal deleted inserted replaced
18459:2b102759160d 18460:9a1458cb2956 
    47 
    47 
    48 
    48 
    49 text{*Proving that it is an equivalence relation*}
 
    49 text{*Proving that it is an equivalence relation*}
 
    50 
    50 
    51 lemma msgrel_refl: "X \<sim> X"
 
    51 lemma msgrel_refl: "X \<sim> X"
 
    52 by (induct X, (blast intro: msgrel.intros)+)
 
    52   by (induct X) (blast intro: msgrel.intros)+
 
    53 
    53 
    54 theorem equiv_msgrel: "equiv UNIV msgrel"
 
    54 theorem equiv_msgrel: "equiv UNIV msgrel"
 
    55 proof (simp add: equiv_def, intro conjI)
 
    55 proof -
 
    56   show "reflexive msgrel" by (simp add: refl_def msgrel_refl)
 
    56   have "reflexive msgrel" by (simp add: refl_def msgrel_refl)
 
    57   show "sym msgrel" by (simp add: sym_def, blast intro: msgrel.SYM)
 
    57   moreover have "sym msgrel" by (simp add: sym_def, blast intro: msgrel.SYM)
 
    58   show "trans msgrel" by (simp add: trans_def, blast intro: msgrel.TRANS)
 
    58   moreover have "trans msgrel" by (simp add: trans_def, blast intro: msgrel.TRANS)
 
       
    59   ultimately show ?thesis by (simp add: equiv_def)
 
    59 qed
 
    60 qed
 
    60 
    61 
    61 
    62 
    62 subsection{*Some Functions on the Free Algebra*}
 
    63 subsection{*Some Functions on the Free Algebra*}
 
    63 
    64 
    76 
    77 
    77 text{*This theorem lets us prove that the nonces function respects the
 
    78 text{*This theorem lets us prove that the nonces function respects the
 
    78 equivalence relation.  It also helps us prove that Nonce
 
    79 equivalence relation.  It also helps us prove that Nonce
 
    79   (the abstract constructor) is injective*}
 
    80   (the abstract constructor) is injective*}
 
    80 theorem msgrel_imp_eq_freenonces: "U \<sim> V \<Longrightarrow> freenonces U = freenonces V"
 
    81 theorem msgrel_imp_eq_freenonces: "U \<sim> V \<Longrightarrow> freenonces U = freenonces V"
 
    81 by (erule msgrel.induct, auto) 
    82   by (induct set: msgrel) auto
 
    82 
    83 
    83 
    84 
    84 subsubsection{*The Left Projection*}
 
    85 subsubsection{*The Left Projection*}
 
    85 
    86 
    86 text{*A function to return the left part of the top pair in a message.  It will
 
    87 text{*A function to return the left part of the top pair in a message.  It will
 
    95 text{*This theorem lets us prove that the left function respects the
 
    96 text{*This theorem lets us prove that the left function respects the
 
    96 equivalence relation.  It also helps us prove that MPair
 
    97 equivalence relation.  It also helps us prove that MPair
 
    97   (the abstract constructor) is injective*}
 
    98   (the abstract constructor) is injective*}
 
    98 theorem msgrel_imp_eqv_freeleft:
 
    99 theorem msgrel_imp_eqv_freeleft:
 
    99      "U \<sim> V \<Longrightarrow> freeleft U \<sim> freeleft V"
 
   100      "U \<sim> V \<Longrightarrow> freeleft U \<sim> freeleft V"
 
   100 by (erule msgrel.induct, auto intro: msgrel.intros)
 
   101   by (induct set: msgrel) (auto intro: msgrel.intros)
 
   101 
   102 
   102 
   103 
   103 subsubsection{*The Right Projection*}
 
   104 subsubsection{*The Right Projection*}
 
   104 
   105 
   105 text{*A function to return the right part of the top pair in a message.*}
 
   106 text{*A function to return the right part of the top pair in a message.*}
 
   113 text{*This theorem lets us prove that the right function respects the
 
   114 text{*This theorem lets us prove that the right function respects the
 
   114 equivalence relation.  It also helps us prove that MPair
 
   115 equivalence relation.  It also helps us prove that MPair
 
   115   (the abstract constructor) is injective*}
 
   116   (the abstract constructor) is injective*}
 
   116 theorem msgrel_imp_eqv_freeright:
 
   117 theorem msgrel_imp_eqv_freeright:
 
   117      "U \<sim> V \<Longrightarrow> freeright U \<sim> freeright V"
 
   118      "U \<sim> V \<Longrightarrow> freeright U \<sim> freeright V"
 
   118 by (erule msgrel.induct, auto intro: msgrel.intros)
 
   119   by (induct set: msgrel) (auto intro: msgrel.intros)
 
   119 
   120 
   120 
   121 
   121 subsubsection{*The Discriminator for Constructors*}
 
   122 subsubsection{*The Discriminator for Constructors*}
 
   122 
   123 
   123 text{*A function to distinguish nonces, mpairs and encryptions*}
 
   124 text{*A function to distinguish nonces, mpairs and encryptions*}
 
   129    "freediscrim (DECRYPT K X) = freediscrim X - 2"
 
   130    "freediscrim (DECRYPT K X) = freediscrim X - 2"
 
   130 
   131 
   131 text{*This theorem helps us prove @{term "Nonce N \<noteq> MPair X Y"}*}
 
   132 text{*This theorem helps us prove @{term "Nonce N \<noteq> MPair X Y"}*}
 
   132 theorem msgrel_imp_eq_freediscrim:
 
   133 theorem msgrel_imp_eq_freediscrim:
 
   133      "U \<sim> V \<Longrightarrow> freediscrim U = freediscrim V"
 
   134      "U \<sim> V \<Longrightarrow> freediscrim U = freediscrim V"
 
   134 by (erule msgrel.induct, auto)
 
   135   by (induct set: msgrel) auto
 
   135 
   136 
   136 
   137 
   137 subsection{*The Initial Algebra: A Quotiented Message Type*}
 
   138 subsection{*The Initial Algebra: A Quotiented Message Type*}
 
   138 
   139 
   139 typedef (Msg)  msg = "UNIV//msgrel"
 
   140 typedef (Msg)  msg = "UNIV//msgrel"
 
   140     by (auto simp add: quotient_def)
 
   141   by (auto simp add: quotient_def)
 
   141 
   142 
   142 
   143 
   143 text{*The abstract message constructors*}
 
   144 text{*The abstract message constructors*}
 
   144 constdefs
 
   145 constdefs
 
   145   Nonce :: "nat \<Rightarrow> msg"
 
   146   Nonce :: "nat \<Rightarrow> msg"
 
   400   assumes N: "\<And>N. P (Nonce N)"
 
   401   assumes N: "\<And>N. P (Nonce N)"
 
   401       and M: "\<And>X Y. \<lbrakk>P X; P Y\<rbrakk> \<Longrightarrow> P (MPair X Y)"
 
   402       and M: "\<And>X Y. \<lbrakk>P X; P Y\<rbrakk> \<Longrightarrow> P (MPair X Y)"
 
   402       and C: "\<And>K X. P X \<Longrightarrow> P (Crypt K X)"
 
   403       and C: "\<And>K X. P X \<Longrightarrow> P (Crypt K X)"
 
   403       and D: "\<And>K X. P X \<Longrightarrow> P (Decrypt K X)"
 
   404       and D: "\<And>K X. P X \<Longrightarrow> P (Decrypt K X)"
 
   404   shows "P msg"
 
   405   shows "P msg"
 
   405 proof (cases msg, erule ssubst)  
   406 proof (cases msg)
 
   406   fix U::freemsg
 
   407   case (Abs_Msg U)
 
   407   show "P (Abs_Msg (msgrel `` {U}))"
 
   408   have "P (Abs_Msg (msgrel `` {U}))"
 
   408   proof (induct U)
 
   409   proof (induct U)
 
   409     case (NONCE N) 
   410     case (NONCE N) 
   410     with N show ?case by (simp add: Nonce_def) 
   411     with N show ?case by (simp add: Nonce_def) 
   411   next
 
   412   next
 
   412     case (MPAIR X Y)
 
   413     case (MPAIR X Y)
 
   419   next
 
   420   next
 
   420     case (DECRYPT K X)
 
   421     case (DECRYPT K X)
 
   421     with D [of "Abs_Msg (msgrel `` {X})"]
 
   422     with D [of "Abs_Msg (msgrel `` {X})"]
 
   422     show ?case by (simp add: Decrypt)
 
   423     show ?case by (simp add: Decrypt)
 
   423   qed
 
   424   qed
 
       
   425   with Abs_Msg show ?thesis by (simp only:)
 
   424 qed
 
   426 qed
 
   425 
   427 
   426 
   428 
   427 subsection{*The Abstract Discriminator*}
 
   429 subsection{*The Abstract Discriminator*}
 
   428 
   430
isabelle