205 Goalw [projecting_def] |
204 Goalw [projecting_def] |
206 "projecting (%G. UNIV) h F (increasing (func o f)) (increasing func)"; |
205 "projecting (%G. UNIV) h F (increasing (func o f)) (increasing func)"; |
207 by (simp_tac (simpset() addsimps [Join_project_increasing]) 1); |
206 by (simp_tac (simpset() addsimps [Join_project_increasing]) 1); |
208 qed "projecting_increasing"; |
207 qed "projecting_increasing"; |
209 |
208 |
210 Goal "extending C h F X' UNIV Y"; |
209 Goal "extending v C h F UNIV Y"; |
211 by (simp_tac (simpset() addsimps [extending_def]) 1); |
210 by (simp_tac (simpset() addsimps [extending_def]) 1); |
212 qed "extending_UNIV"; |
211 qed "extending_UNIV"; |
213 |
212 |
214 Goalw [extending_def] |
213 Goalw [extending_def] |
215 "extending (%G. UNIV) h F X' (extend_set h A co extend_set h B) (A co B)"; |
214 "extending v (%G. UNIV) h F (extend_set h A co extend_set h B) (A co B)"; |
216 by (blast_tac (claset() addIs [project_constrains_D]) 1); |
215 by (blast_tac (claset() addIs [project_constrains_D]) 1); |
217 qed "extending_constrains"; |
216 qed "extending_constrains"; |
218 |
217 |
219 Goalw [stable_def] |
218 Goalw [stable_def] |
220 "extending (%G. UNIV) h F X' (stable (extend_set h A)) (stable A)"; |
219 "extending v (%G. UNIV) h F (stable (extend_set h A)) (stable A)"; |
221 by (rtac extending_constrains 1); |
220 by (rtac extending_constrains 1); |
222 qed "extending_stable"; |
221 qed "extending_stable"; |
223 |
222 |
224 Goalw [extending_def] |
223 Goalw [extending_def] |
225 "extending (%G. UNIV) h F X' (increasing (func o f)) (increasing func)"; |
224 "extending v (%G. UNIV) h F (increasing (func o f)) (increasing func)"; |
226 by (simp_tac (simpset() addsimps [Join_project_increasing]) 1); |
225 by (simp_tac (simpset() addsimps [Join_project_increasing]) 1); |
227 qed "extending_increasing"; |
226 qed "extending_increasing"; |
228 |
227 |
229 |
228 (*UNUSED*) |
230 (*** Diff, needed for localTo ***) |
|
231 |
|
232 (*Opposite direction fails because Diff in the extended state may remove |
|
233 fewer actions, i.e. those that affect other state variables.*) |
|
234 |
|
235 Goalw [project_set_def, project_act_def] |
229 Goalw [project_set_def, project_act_def] |
236 "Restrict (project_set h C) (project_act h (Restrict C act)) = \ |
230 "Restrict (project_set h C) (project_act h (Restrict C act)) = \ |
237 \ project_act h (Restrict C act)"; |
231 \ project_act h (Restrict C act)"; |
238 by (Blast_tac 1); |
232 by (Blast_tac 1); |
239 qed "Restrict_project_act"; |
233 qed "Restrict_project_act"; |
240 |
234 |
|
235 (*UNUSED*) |
241 Goalw [project_set_def, project_act_def] |
236 Goalw [project_set_def, project_act_def] |
242 "project_act h (Restrict C Id) = Restrict (project_set h C) Id"; |
237 "project_act h (Restrict C Id) = Restrict (project_set h C) Id"; |
243 by (Blast_tac 1); |
238 by (Blast_tac 1); |
244 qed "project_act_Restrict_Id"; |
239 qed "project_act_Restrict_Id"; |
245 |
|
246 Goal |
|
247 "Diff(project_set h C)(project h C G)(project_act h `` Restrict C `` acts) \ |
|
248 \ <= project h C (Diff C G acts)"; |
|
249 by (simp_tac |
|
250 (simpset() addsimps [component_eq_subset, Diff_def, |
|
251 project_act_Restrict_Id, Restrict_image_Diff]) 1); |
|
252 by (force_tac (claset() delrules [equalityI], |
|
253 simpset() addsimps [Restrict_project_act, image_eq_UN]) 1); |
|
254 qed "Diff_project_project_component_project_Diff"; |
|
255 |
|
256 Goal "Diff (project_set h C) (project h C G) acts <= \ |
|
257 \ project h C (Diff C G (extend_act h `` acts))"; |
|
258 by (rtac component_trans 1); |
|
259 by (rtac Diff_project_project_component_project_Diff 2); |
|
260 by (simp_tac |
|
261 (simpset() addsimps [component_eq_subset, Diff_def, |
|
262 Restrict_project_act, project_act_Restrict_Id, |
|
263 image_eq_UN, Restrict_image_Diff]) 1); |
|
264 qed "Diff_project_component_project_Diff"; |
|
265 |
|
266 Goal "Diff C G (extend_act h `` acts) : (extend_set h A) co (extend_set h B) \ |
|
267 \ ==> Diff (project_set h C) (project h C G) acts : A co B"; |
|
268 by (rtac (Diff_project_component_project_Diff RS component_constrains) 1); |
|
269 by (rtac (project_constrains RS iffD2) 1); |
|
270 by (ftac constrains_imp_subset 1); |
|
271 by (blast_tac (claset() addIs [constrains_weaken]) 1); |
|
272 qed "Diff_project_constrains"; |
|
273 |
|
274 Goalw [stable_def] |
|
275 "Diff C G (extend_act h `` acts) : stable (extend_set h A) \ |
|
276 \ ==> Diff (project_set h C) (project h C G) acts : stable A"; |
|
277 by (etac Diff_project_constrains 1); |
|
278 qed "Diff_project_stable"; |
|
279 |
|
280 (** Some results for Diff, extend and project_set **) |
|
281 |
|
282 Goal "Diff C (extend h G) (extend_act h `` acts) \ |
|
283 \ : (extend_set h A) co (extend_set h B) \ |
|
284 \ ==> Diff (project_set h C) G acts : A co B"; |
|
285 by (rtac (Diff_project_set_component RS component_constrains) 1); |
|
286 by (ftac constrains_imp_subset 1); |
|
287 by (asm_full_simp_tac |
|
288 (simpset() addsimps [project_constrains, extend_set_strict_mono]) 1); |
|
289 by (blast_tac (claset() addIs [constrains_weaken]) 1); |
|
290 qed "Diff_project_set_constrains_I"; |
|
291 |
|
292 Goalw [stable_def] |
|
293 "Diff C (extend h G) (extend_act h `` acts) : stable (extend_set h A) \ |
|
294 \ ==> Diff (project_set h C) G acts : stable A"; |
|
295 by (asm_simp_tac (simpset() addsimps [Diff_project_set_constrains_I]) 1); |
|
296 qed "Diff_project_set_stable_I"; |
|
297 |
|
298 Goalw [LOCALTO_def] |
|
299 "extend h F : (v o f) localTo[C] extend h H \ |
|
300 \ ==> F : v localTo[project_set h C] H"; |
|
301 by Auto_tac; |
|
302 by (rtac Diff_project_set_stable_I 1); |
|
303 by (asm_simp_tac (simpset() addsimps [Collect_eq_extend_set RS sym]) 1); |
|
304 qed "localTo_project_set_I"; |
|
305 |
|
306 (*Converse fails: even if the conclusion holds, H could modify (v o f) |
|
307 simultaneously with other variables, and this action would not be |
|
308 superseded by anything in (extend h G) *) |
|
309 Goal "H : (v o f) localTo[C] extend h G \ |
|
310 \ ==> project h C H : v localTo[project_set h C] G"; |
|
311 by (asm_full_simp_tac |
|
312 (simpset() addsimps [LOCALTO_def, |
|
313 project_extend_Join RS sym, |
|
314 Diff_project_stable, |
|
315 Collect_eq_extend_set RS sym]) 1); |
|
316 qed "project_localTo_lemma"; |
|
317 |
|
318 Goal "extend h F Join G : (v o f) localTo[C] extend h H \ |
|
319 \ ==> F Join project h C G : v localTo[project_set h C] H"; |
|
320 by (asm_full_simp_tac |
|
321 (simpset() addsimps [Join_localTo, localTo_project_set_I, |
|
322 project_localTo_lemma]) 1); |
|
323 qed "gen_project_localTo_I"; |
|
324 |
|
325 Goal "extend h F Join G : (v o f) localTo[UNIV] extend h H \ |
|
326 \ ==> F Join project h UNIV G : v localTo[UNIV] H"; |
|
327 by (dtac gen_project_localTo_I 1); |
|
328 by (Asm_full_simp_tac 1); |
|
329 qed "project_localTo_I"; |
|
330 |
|
331 Goalw [projecting_def] |
|
332 "projecting (%G. UNIV) h F \ |
|
333 \ ((v o f) localTo[UNIV] extend h H) (v localTo[UNIV] H)"; |
|
334 by (blast_tac (claset() addIs [project_localTo_I]) 1); |
|
335 qed "projecting_localTo"; |
|
336 |
240 |
337 |
241 |
338 (** Reachability and project **) |
242 (** Reachability and project **) |
339 |
243 |
340 Goal "[| reachable (extend h F Join G) <= C; \ |
244 Goal "[| reachable (extend h F Join G) <= C; \ |
612 by (blast_tac (claset() addIs [psp_stable2 RS leadsTo_weaken_L, |
503 by (blast_tac (claset() addIs [psp_stable2 RS leadsTo_weaken_L, |
613 leadsTo_Trans]) 2); |
504 leadsTo_Trans]) 2); |
614 by (blast_tac (claset() addIs [leadsTo_Basis, Join_project_ensures]) 1); |
505 by (blast_tac (claset() addIs [leadsTo_Basis, Join_project_ensures]) 1); |
615 val lemma = result(); |
506 val lemma = result(); |
616 |
507 |
617 Goal "[| ALL D. project h C G : transient D --> F : transient D; \ |
508 Goal "[| ALL D. project h C G : transient D --> D={}; \ |
618 \ extend h F Join G : stable C; \ |
509 \ extend h F Join G : stable C; \ |
619 \ F Join project h C G : (project_set h C Int A) leadsTo B |] \ |
510 \ F Join project h C G : (project_set h C Int A) leadsTo B |] \ |
620 \ ==> extend h F Join G : (C Int extend_set h A) leadsTo (extend_set h B)"; |
511 \ ==> extend h F Join G : (C Int extend_set h A) leadsTo (extend_set h B)"; |
621 by (rtac (lemma RS leadsTo_weaken) 1); |
512 by (rtac (lemma RS leadsTo_weaken) 1); |
622 by (auto_tac (claset() addIs [project_set_I], simpset())); |
513 by (auto_tac (claset() addIs [project_set_I], simpset())); |
623 qed "project_leadsTo_lemma"; |
514 qed "project_leadsTo_lemma"; |
624 |
515 |
625 Goal "[| C = (reachable (extend h F Join G)); \ |
516 Goal "[| C = (reachable (extend h F Join G)); \ |
626 \ ALL D. project h C G : transient D --> F : transient D; \ |
517 \ ALL D. project h C G : transient D --> D={}; \ |
627 \ F Join project h C G : A LeadsTo B |] \ |
518 \ F Join project h C G : A LeadsTo B |] \ |
628 \ ==> extend h F Join G : (extend_set h A) LeadsTo (extend_set h B)"; |
519 \ ==> extend h F Join G : (extend_set h A) LeadsTo (extend_set h B)"; |
629 by (asm_full_simp_tac |
520 by (asm_full_simp_tac |
630 (simpset() addsimps [LeadsTo_def, project_leadsTo_lemma, stable_reachable, |
521 (simpset() addsimps [LeadsTo_def, project_leadsTo_lemma, stable_reachable, |
631 project_set_reachable_extend_eq]) 1); |
522 project_set_reachable_extend_eq]) 1); |
632 qed "Join_project_LeadsTo"; |
523 qed "Join_project_LeadsTo"; |
633 |
524 |
634 |
525 |
|
526 |
635 (*** GUARANTEES and EXTEND ***) |
527 (*** GUARANTEES and EXTEND ***) |
636 |
528 |
|
529 (** preserves **) |
|
530 |
|
531 Goal "G : preserves (v o f) ==> project h C G : preserves v"; |
|
532 by (auto_tac (claset(), |
|
533 simpset() addsimps [preserves_def, project_stable_I, |
|
534 Collect_eq_extend_set RS sym])); |
|
535 qed "project_preserves_I"; |
|
536 |
|
537 (*to preserve f is to preserve the whole original state*) |
|
538 Goal "G : preserves f ==> project h C G : preserves id"; |
|
539 by (asm_simp_tac (simpset() addsimps [project_preserves_I]) 1); |
|
540 qed "project_preserves_id_I"; |
|
541 |
|
542 Goal "(extend h G : preserves (v o f)) = (G : preserves v)"; |
|
543 by (auto_tac (claset(), |
|
544 simpset() addsimps [preserves_def, extend_stable RS sym, |
|
545 Collect_eq_extend_set RS sym])); |
|
546 qed "extend_preserves"; |
|
547 |
637 (** Strong precondition and postcondition; doesn't seem very useful. **) |
548 (** Strong precondition and postcondition; doesn't seem very useful. **) |
638 |
549 |
639 Goal "F : X guarantees Y ==> \ |
550 Goal "F : X guarantees[v] Y ==> \ |
640 \ extend h F : (extend h `` X) guarantees (extend h `` Y)"; |
551 \ extend h F : (extend h `` X) guarantees[v o f] (extend h `` Y)"; |
641 by (rtac guaranteesI 1); |
552 by (rtac guaranteesI 1); |
642 by Auto_tac; |
553 by Auto_tac; |
643 by (blast_tac (claset() addDs [project_set_UNIV RS equalityD2 RS |
554 by (blast_tac (claset() addIs [project_preserves_I] |
644 extend_Join_eq_extend_D, |
555 addDs [project_set_UNIV RS equalityD2 RS |
|
556 extend_Join_eq_extend_D, |
645 guaranteesD]) 1); |
557 guaranteesD]) 1); |
646 qed "guarantees_imp_extend_guarantees"; |
558 qed "guarantees_imp_extend_guarantees"; |
647 |
559 |
648 Goal "extend h F : (extend h `` X) guarantees (extend h `` Y) \ |
560 Goal "extend h F : (extend h `` X) guarantees[v o f] (extend h `` Y) \ |
649 \ ==> F : X guarantees Y"; |
561 \ ==> F : X guarantees[v] Y"; |
650 by (auto_tac (claset(), simpset() addsimps [guarantees_eq])); |
562 by (auto_tac (claset(), simpset() addsimps [guar_def])); |
651 by (dres_inst_tac [("x", "extend h G")] spec 1); |
563 by (dres_inst_tac [("x", "extend h G")] spec 1); |
652 by (asm_full_simp_tac |
564 by (asm_full_simp_tac |
653 (simpset() delsimps [extend_Join] |
565 (simpset() delsimps [extend_Join] |
654 addsimps [extend_Join RS sym, inj_extend RS inj_image_mem_iff]) 1); |
566 addsimps [extend_Join RS sym, extend_preserves, |
|
567 inj_extend RS inj_image_mem_iff]) 1); |
655 qed "extend_guarantees_imp_guarantees"; |
568 qed "extend_guarantees_imp_guarantees"; |
656 |
569 |
657 Goal "(extend h F : (extend h `` X) guarantees (extend h `` Y)) = \ |
570 Goal "(extend h F : (extend h `` X) guarantees[v o f] (extend h `` Y)) = \ |
658 \ (F : X guarantees Y)"; |
571 \ (F : X guarantees[v] Y)"; |
659 by (blast_tac (claset() addIs [guarantees_imp_extend_guarantees, |
572 by (blast_tac (claset() addIs [guarantees_imp_extend_guarantees, |
660 extend_guarantees_imp_guarantees]) 1); |
573 extend_guarantees_imp_guarantees]) 1); |
661 qed "extend_guarantees_eq"; |
574 qed "extend_guarantees_eq"; |
662 |
575 |
663 |
576 |
664 (*Weak precondition and postcondition; this is the good one! |
577 (*Weak precondition and postcondition; this is the good one! |
665 Not clear that it has a converse [or that we want one!]*) |
578 Not clear that it has a converse [or that we want one!]*) |
666 |
579 |
667 (*The raw version*) |
580 (*The raw version*) |
668 val [xguary,project,extend] = |
581 val [xguary,project,extend] = |
669 Goal "[| F : X guarantees Y; \ |
582 Goal "[| F : X guarantees[v] Y; \ |
670 \ !!G. extend h F Join G : X' ==> F Join proj G h G : X; \ |
583 \ !!G. extend h F Join G : X' ==> F Join project h C G : X; \ |
671 \ !!G. [| F Join proj G h G : Y; extend h F Join G : X' |] \ |
584 \ !!G. [| F Join project h C G : Y; extend h F Join G : X' |] \ |
672 \ ==> extend h F Join G : Y' |] \ |
585 \ ==> extend h F Join G : Y' |] \ |
673 \ ==> extend h F : X' guarantees Y'"; |
586 \ ==> extend h F : X' guarantees[v o f] Y'"; |
674 by (rtac (xguary RS guaranteesD RS extend RS guaranteesI) 1); |
587 by (rtac (xguary RS guaranteesD RS extend RS guaranteesI) 1); |
|
588 by (etac project_preserves_I 1); |
675 by (etac project 1); |
589 by (etac project 1); |
676 by (assume_tac 1); |
590 by (assume_tac 1); |
677 qed "project_guarantees_raw"; |
591 qed "project_guarantees_raw"; |
678 |
592 |
679 Goal "[| F : X guarantees Y; \ |
593 Goal "[| F : X guarantees[v] Y; \ |
680 \ projecting C h F X' X; extending C h F X' Y' Y |] \ |
594 \ projecting C h F X' X; extending w C h F Y' Y; \ |
681 \ ==> extend h F : X' guarantees Y'"; |
595 \ preserves w <= preserves (v o f) |] \ |
|
596 \ ==> extend h F : X' guarantees[w] Y'"; |
682 by (rtac guaranteesI 1); |
597 by (rtac guaranteesI 1); |
683 by (auto_tac (claset(), |
598 by (auto_tac (claset(), |
684 simpset() addsimps [guaranteesD, projecting_def, extending_def])); |
599 simpset() addsimps [project_preserves_I, guaranteesD, projecting_def, |
|
600 extending_def])); |
685 qed "project_guarantees"; |
601 qed "project_guarantees"; |
686 |
602 |
|
603 |
687 (*It seems that neither "guarantees" law can be proved from the other.*) |
604 (*It seems that neither "guarantees" law can be proved from the other.*) |
688 |
605 |
689 |
606 |
690 (*** guarantees corollaries ***) |
607 (*** guarantees corollaries ***) |
691 |
608 |
692 (** Most could be deleted: the required versions are easy to prove **) |
609 (** Some could be deleted: the required versions are easy to prove **) |
693 |
610 |
694 Goal "F : UNIV guarantees increasing func \ |
611 Goal "F : UNIV guarantees[v] increasing func \ |
695 \ ==> extend h F : X' guarantees increasing (func o f)"; |
612 \ ==> extend h F : X' guarantees[v o f] increasing (func o f)"; |
696 by (etac project_guarantees 1); |
613 by (etac project_guarantees 1); |
697 by (rtac extending_increasing 2); |
614 by (rtac extending_increasing 2); |
698 by (rtac projecting_UNIV 1); |
615 by (rtac projecting_UNIV 1); |
|
616 by Auto_tac; |
699 qed "extend_guar_increasing"; |
617 qed "extend_guar_increasing"; |
700 |
618 |
701 Goal "F : UNIV guarantees Increasing func \ |
619 Goal "F : UNIV guarantees[v] Increasing func \ |
702 \ ==> extend h F : X' guarantees Increasing (func o f)"; |
620 \ ==> extend h F : X' guarantees[v o f] Increasing (func o f)"; |
703 by (etac project_guarantees 1); |
621 by (etac project_guarantees 1); |
704 by (rtac extending_Increasing 2); |
622 by (rtac extending_Increasing 2); |
705 by (rtac projecting_UNIV 1); |
623 by (rtac projecting_UNIV 1); |
706 by Auto_tac; |
624 by Auto_tac; |
707 qed "extend_guar_Increasing"; |
625 qed "extend_guar_Increasing"; |
708 |
626 |
709 Goal "F : (v localTo[UNIV] G) guarantees increasing func \ |
627 Goal "F : Always A guarantees[v] Always B \ |
710 \ ==> extend h F : (v o f) localTo[UNIV] (extend h G) \ |
628 \ ==> extend h F : Always(extend_set h A) guarantees[v o f] \ |
711 \ guarantees increasing (func o f)"; |
629 \ Always(extend_set h B)"; |
712 by (etac project_guarantees 1); |
|
713 by (rtac extending_increasing 2); |
|
714 by (rtac projecting_localTo 1); |
|
715 qed "extend_localTo_guar_increasing"; |
|
716 |
|
717 Goal "[| F : (v LocalTo H) guarantees Increasing func; H <= F |] \ |
|
718 \ ==> extend h F : (v o f) LocalTo (extend h H) \ |
|
719 \ guarantees Increasing (func o f)"; |
|
720 by (etac project_guarantees 1); |
|
721 by (rtac extending_Increasing 2); |
|
722 by (rtac projecting_LocalTo 1); |
|
723 by Auto_tac; |
|
724 qed "extend_LocalTo_guar_Increasing"; |
|
725 |
|
726 Goal "F : Always A guarantees Always B \ |
|
727 \ ==> extend h F : Always(extend_set h A) guarantees Always(extend_set h B)"; |
|
728 by (etac project_guarantees 1); |
630 by (etac project_guarantees 1); |
729 by (rtac extending_Always 2); |
631 by (rtac extending_Always 2); |
730 by (rtac projecting_Always 1); |
632 by (rtac projecting_Always 1); |
|
633 by Auto_tac; |
731 qed "extend_guar_Always"; |
634 qed "extend_guar_Always"; |
732 |
635 |
|
636 Goal "[| G : preserves f; project h C G : transient D |] ==> D={}"; |
|
637 by (rtac stable_transient_empty 1); |
|
638 by (assume_tac 2); |
|
639 by (blast_tac (claset() addIs [project_preserves_id_I, |
|
640 impOfSubs preserves_id_subset_stable]) 1); |
|
641 qed "preserves_project_transient_empty"; |
|
642 |
733 |
643 |
734 (** Guarantees with a leadsTo postcondition **) |
644 (** Guarantees with a leadsTo postcondition **) |
735 |
645 |
736 Goalw [LOCALTO_def, transient_def, Diff_def] |
|
737 "[| G : f localTo[C] extend h F; project h C G : transient D |] \ |
|
738 \ ==> F : transient D"; |
|
739 by Auto_tac; |
|
740 by (case_tac "Restrict C act : Restrict C ``extend_act h `` Acts F" 1); |
|
741 by Auto_tac; |
|
742 by (rtac bexI 1); |
|
743 by (assume_tac 2); |
|
744 by (Blast_tac 1); |
|
745 by (case_tac "D={}" 1); |
|
746 by (Blast_tac 1); |
|
747 by (auto_tac (claset(), |
|
748 simpset() addsimps [stable_def, constrains_def])); |
|
749 by (subgoal_tac "ALL z. Restrict C act ^^ {s. f s = z} <= {s. f s = z}" 1); |
|
750 by (blast_tac (claset() addSDs [bspec]) 2); |
|
751 by (thin_tac "ALL z. ?P z" 1); |
|
752 by (subgoal_tac "project_act h (Restrict C act) ^^ D <= D" 1); |
|
753 by (Clarify_tac 2); |
|
754 by (asm_full_simp_tac (simpset() addsimps [project_act_def]) 2); |
|
755 by (force_tac (claset() addSDs [spec, ImageI RSN (2, subsetD)], simpset()) 2); |
|
756 by (blast_tac (claset() addSDs [subsetD]) 1); |
|
757 qed "localTo_project_transient_transient"; |
|
758 |
|
759 Goal "[| F Join project h UNIV G : A leadsTo B; \ |
646 Goal "[| F Join project h UNIV G : A leadsTo B; \ |
760 \ G : f localTo[UNIV] extend h F |] \ |
647 \ G : preserves f |] \ |
761 \ ==> extend h F Join G : (extend_set h A) leadsTo (extend_set h B)"; |
648 \ ==> extend h F Join G : (extend_set h A) leadsTo (extend_set h B)"; |
762 by (res_inst_tac [("C1", "UNIV")] (project_leadsTo_lemma RS leadsTo_weaken) 1); |
649 by (res_inst_tac [("C1", "UNIV")] (project_leadsTo_lemma RS leadsTo_weaken) 1); |
763 by (auto_tac (claset(), |
650 by (auto_tac (claset() addDs [preserves_project_transient_empty], |
764 simpset() addsimps [localTo_UNIV_imp_localTo RS |
651 simpset())); |
765 localTo_project_transient_transient])); |
|
766 qed "project_leadsTo_D"; |
652 qed "project_leadsTo_D"; |
767 |
653 |
768 Goal "[| F Join project h (reachable (extend h F Join G)) G : A LeadsTo B; \ |
654 Goal "[| F Join project h (reachable (extend h F Join G)) G : A LeadsTo B; \ |
769 \ G : f LocalTo extend h F |] \ |
655 \ G : preserves f |] \ |
770 \ ==> extend h F Join G : (extend_set h A) LeadsTo (extend_set h B)"; |
656 \ ==> extend h F Join G : (extend_set h A) LeadsTo (extend_set h B)"; |
771 by (rtac (refl RS Join_project_LeadsTo) 1); |
657 by (rtac (refl RS Join_project_LeadsTo) 1); |
772 by (auto_tac (claset(), |
658 by (auto_tac (claset() addDs [preserves_project_transient_empty], |
773 simpset() addsimps [LocalTo_def, |
659 simpset())); |
774 localTo_project_transient_transient])); |
|
775 qed "project_LeadsTo_D"; |
660 qed "project_LeadsTo_D"; |
776 |
661 |
777 Goalw [extending_def] |
662 Goalw [extending_def] |
778 "extending (%G. UNIV) h F \ |
663 "extending f (%G. UNIV) h F \ |
779 \ (f localTo[UNIV] extend h F) \ |
664 \ (extend_set h A leadsTo extend_set h B) (A leadsTo B)"; |
780 \ (extend_set h A leadsTo extend_set h B) (A leadsTo B)"; |
665 by (blast_tac (claset() addIs [project_leadsTo_D]) 1); |
781 by (blast_tac (claset() addSDs [Join_localTo RS iffD1] |
|
782 addIs [project_leadsTo_D]) 1); |
|
783 qed "extending_leadsTo"; |
666 qed "extending_leadsTo"; |
784 |
667 |
785 Goalw [extending_def] |
668 Goalw [extending_def] |
786 "extending (%G. reachable (extend h F Join G)) h F \ |
669 "extending f (%G. reachable (extend h F Join G)) h F \ |
787 \ (f LocalTo extend h F) \ |
670 \ (extend_set h A LeadsTo extend_set h B) (A LeadsTo B)"; |
788 \ (extend_set h A LeadsTo extend_set h B) (A LeadsTo B)"; |
671 by (blast_tac (claset() addIs [project_LeadsTo_D]) 1); |
789 by (force_tac (claset() addIs [project_LeadsTo_D], |
|
790 simpset()addsimps [LocalTo_def, Join_assoc RS sym, |
|
791 Join_localTo]) 1); |
|
792 qed "extending_LeadsTo"; |
672 qed "extending_LeadsTo"; |
793 |
673 |
794 (*STRONG precondition and postcondition*) |
674 (*STRONG precondition and postcondition*) |
795 Goal "F : (A co A') guarantees (B leadsTo B') \ |
675 Goal "F : (A co A') guarantees[v] (B leadsTo B') \ |
796 \ ==> extend h F : ((extend_set h A) co (extend_set h A')) \ |
676 \ ==> extend h F : (extend_set h A co extend_set h A') \ |
797 \ Int (f localTo[UNIV] (extend h F)) \ |
677 \ guarantees[f] (extend_set h B leadsTo extend_set h B')"; |
798 \ guarantees ((extend_set h B) leadsTo (extend_set h B'))"; |
|
799 by (etac project_guarantees 1); |
678 by (etac project_guarantees 1); |
800 by (rtac (extending_leadsTo RS extending_weaken) 2); |
679 by (rtac subset_preserves_o 3); |
801 by (rtac (projecting_constrains RS projecting_weaken) 1); |
680 by (rtac extending_leadsTo 2); |
802 by Auto_tac; |
681 by (rtac projecting_constrains 1); |
803 qed "extend_co_guar_leadsTo"; |
682 qed "extend_co_guar_leadsTo"; |
804 |
683 |
805 (*WEAK precondition and postcondition*) |
684 (*WEAK precondition and postcondition*) |
806 Goal "F : (A Co A') guarantees (B LeadsTo B') \ |
685 Goal "F : (A Co A') guarantees[v] (B LeadsTo B') \ |
807 \ ==> extend h F : ((extend_set h A) Co (extend_set h A')) \ |
686 \ ==> extend h F : (extend_set h A Co extend_set h A') \ |
808 \ Int (f LocalTo (extend h F)) \ |
687 \ guarantees[f] (extend_set h B LeadsTo extend_set h B')"; |
809 \ guarantees ((extend_set h B) LeadsTo (extend_set h B'))"; |
|
810 by (etac project_guarantees 1); |
688 by (etac project_guarantees 1); |
811 by (rtac (extending_LeadsTo RS extending_weaken) 2); |
689 by (rtac subset_preserves_o 3); |
812 by (rtac (projecting_Constrains RS projecting_weaken) 1); |
690 by (rtac extending_LeadsTo 2); |
813 by Auto_tac; |
691 by (rtac projecting_Constrains 1); |
814 qed "extend_Co_guar_LeadsTo"; |
692 qed "extend_Co_guar_LeadsTo"; |
815 |
693 |
816 Close_locale "Extend"; |
694 Close_locale "Extend"; |