equal
deleted
inserted
replaced
84 |
84 |
85 subsection{*Co*} |
85 subsection{*Co*} |
86 |
86 |
87 (*F \<in> B co B' ==> F \<in> (reachable F \<inter> B) co (reachable F \<inter> B')*) |
87 (*F \<in> B co B' ==> F \<in> (reachable F \<inter> B) co (reachable F \<inter> B')*) |
88 lemmas constrains_reachable_Int = |
88 lemmas constrains_reachable_Int = |
89 subset_refl [THEN stable_reachable [unfolded stable_def], |
89 subset_refl [THEN stable_reachable [unfolded stable_def], THEN constrains_Int] |
90 THEN constrains_Int, standard] |
|
91 |
90 |
92 (*Resembles the previous definition of Constrains*) |
91 (*Resembles the previous definition of Constrains*) |
93 lemma Constrains_eq_constrains: |
92 lemma Constrains_eq_constrains: |
94 "A Co B = {F. F \<in> (reachable F \<inter> A) co (reachable F \<inter> B)}" |
93 "A Co B = {F. F \<in> (reachable F \<inter> A) co (reachable F \<inter> B)}" |
95 apply (unfold Constrains_def) |
94 apply (unfold Constrains_def) |
261 "F \<in> increasing f ==> F \<in> Increasing f" |
260 "F \<in> increasing f ==> F \<in> Increasing f" |
262 apply (unfold increasing_def Increasing_def) |
261 apply (unfold increasing_def Increasing_def) |
263 apply (blast intro: stable_imp_Stable) |
262 apply (blast intro: stable_imp_Stable) |
264 done |
263 done |
265 |
264 |
266 lemmas Increasing_constant = |
265 lemmas Increasing_constant = increasing_constant [THEN increasing_imp_Increasing, iff] |
267 increasing_constant [THEN increasing_imp_Increasing, standard, iff] |
|
268 |
266 |
269 |
267 |
270 subsection{*The Elimination Theorem*} |
268 subsection{*The Elimination Theorem*} |
271 |
269 |
272 (*The "free" m has become universally quantified! Should the premise be !!m |
270 (*The "free" m has become universally quantified! Should the premise be !!m |
292 by (simp add: Always_def) |
290 by (simp add: Always_def) |
293 |
291 |
294 lemma AlwaysD: "F \<in> Always A ==> Init F \<subseteq> A & F \<in> Stable A" |
292 lemma AlwaysD: "F \<in> Always A ==> Init F \<subseteq> A & F \<in> Stable A" |
295 by (simp add: Always_def) |
293 by (simp add: Always_def) |
296 |
294 |
297 lemmas AlwaysE = AlwaysD [THEN conjE, standard] |
295 lemmas AlwaysE = AlwaysD [THEN conjE] |
298 lemmas Always_imp_Stable = AlwaysD [THEN conjunct2, standard] |
296 lemmas Always_imp_Stable = AlwaysD [THEN conjunct2] |
299 |
297 |
300 |
298 |
301 (*The set of all reachable states is Always*) |
299 (*The set of all reachable states is Always*) |
302 lemma Always_includes_reachable: "F \<in> Always A ==> reachable F \<subseteq> A" |
300 lemma Always_includes_reachable: "F \<in> Always A ==> reachable F \<subseteq> A" |
303 apply (simp add: Stable_def Constrains_def constrains_def Always_def) |
301 apply (simp add: Stable_def Constrains_def constrains_def Always_def) |
310 "F \<in> invariant A ==> F \<in> Always A" |
308 "F \<in> invariant A ==> F \<in> Always A" |
311 apply (unfold Always_def invariant_def Stable_def stable_def) |
309 apply (unfold Always_def invariant_def Stable_def stable_def) |
312 apply (blast intro: constrains_imp_Constrains) |
310 apply (blast intro: constrains_imp_Constrains) |
313 done |
311 done |
314 |
312 |
315 lemmas Always_reachable = |
313 lemmas Always_reachable = invariant_reachable [THEN invariant_imp_Always] |
316 invariant_reachable [THEN invariant_imp_Always, standard] |
|
317 |
314 |
318 lemma Always_eq_invariant_reachable: |
315 lemma Always_eq_invariant_reachable: |
319 "Always A = {F. F \<in> invariant (reachable F \<inter> A)}" |
316 "Always A = {F. F \<in> invariant (reachable F \<inter> A)}" |
320 apply (simp add: Always_def invariant_def Stable_def Constrains_eq_constrains |
317 apply (simp add: Always_def invariant_def Stable_def Constrains_eq_constrains |
321 stable_def) |
318 stable_def) |
353 "F \<in> Always INV ==> (F \<in> A Co (INV \<inter> A')) = (F \<in> A Co A')" |
350 "F \<in> Always INV ==> (F \<in> A Co (INV \<inter> A')) = (F \<in> A Co A')" |
354 by (simp add: Always_includes_reachable [THEN Int_absorb2] |
351 by (simp add: Always_includes_reachable [THEN Int_absorb2] |
355 Constrains_eq_constrains Int_assoc [symmetric]) |
352 Constrains_eq_constrains Int_assoc [symmetric]) |
356 |
353 |
357 (* [| F \<in> Always INV; F \<in> (INV \<inter> A) Co A' |] ==> F \<in> A Co A' *) |
354 (* [| F \<in> Always INV; F \<in> (INV \<inter> A) Co A' |] ==> F \<in> A Co A' *) |
358 lemmas Always_ConstrainsI = Always_Constrains_pre [THEN iffD1, standard] |
355 lemmas Always_ConstrainsI = Always_Constrains_pre [THEN iffD1] |
359 |
356 |
360 (* [| F \<in> Always INV; F \<in> A Co A' |] ==> F \<in> A Co (INV \<inter> A') *) |
357 (* [| F \<in> Always INV; F \<in> A Co A' |] ==> F \<in> A Co (INV \<inter> A') *) |
361 lemmas Always_ConstrainsD = Always_Constrains_post [THEN iffD2, standard] |
358 lemmas Always_ConstrainsD = Always_Constrains_post [THEN iffD2] |
362 |
359 |
363 (*The analogous proof of Always_LeadsTo_weaken doesn't terminate*) |
360 (*The analogous proof of Always_LeadsTo_weaken doesn't terminate*) |
364 lemma Always_Constrains_weaken: |
361 lemma Always_Constrains_weaken: |
365 "[| F \<in> Always C; F \<in> A Co A'; |
362 "[| F \<in> Always C; F \<in> A Co A'; |
366 C \<inter> B \<subseteq> A; C \<inter> A' \<subseteq> B' |] |
363 C \<inter> B \<subseteq> A; C \<inter> A' \<subseteq> B' |] |
388 "F \<in> Always A ==> (F \<in> Always (-A \<union> B)) = (F \<in> Always B)" |
385 "F \<in> Always A ==> (F \<in> Always (-A \<union> B)) = (F \<in> Always B)" |
389 by (auto simp add: Always_eq_includes_reachable) |
386 by (auto simp add: Always_eq_includes_reachable) |
390 |
387 |
391 (*Delete the nearest invariance assumption (which will be the second one |
388 (*Delete the nearest invariance assumption (which will be the second one |
392 used by Always_Int_I) *) |
389 used by Always_Int_I) *) |
393 lemmas Always_thin = thin_rl [of "F \<in> Always A", standard] |
390 lemmas Always_thin = thin_rl [of "F \<in> Always A"] |
394 |
391 |
395 |
392 |
396 subsection{*Totalize*} |
393 subsection{*Totalize*} |
397 |
394 |
398 lemma reachable_imp_reachable_tot: |
395 lemma reachable_imp_reachable_tot: |