45 Addsimps (map simp_of_act |
45 Addsimps (map simp_of_act |
46 [request_act_def, open_act_def, close_act_def, |
46 [request_act_def, open_act_def, close_act_def, |
47 req_up_def, req_down_def, move_up_def, move_down_def, |
47 req_up_def, req_down_def, move_up_def, move_down_def, |
48 button_press_def]); |
48 button_press_def]); |
49 |
49 |
50 val always_defs = [above_def, below_def, queueing_def, |
50 (*The ALWAYS properties*) |
51 goingup_def, goingdown_def, ready_def]; |
51 Addsimps (map simp_of_set [above_def, below_def, queueing_def, |
52 |
52 goingup_def, goingdown_def, ready_def]); |
53 Addsimps (map simp_of_set always_defs); |
|
54 |
|
55 |
|
56 val LeadsTo_Trans_Un' = rotate_prems 1 LeadsTo_Trans_Un; |
|
57 (* [| Lift: B LeadsTo C; Lift: A LeadsTo B |] ==> Lift: (A Un B) LeadsTo C *) |
|
58 |
53 |
59 |
54 |
60 Addsimps [bounded_def, open_stop_def, open_move_def, stop_floor_def, |
55 Addsimps [bounded_def, open_stop_def, open_move_def, stop_floor_def, |
61 moving_up_def, moving_down_def]; |
56 moving_up_def, moving_down_def]; |
62 |
57 |
63 AddIffs [Min_le_Max]; |
58 AddIffs [Min_le_Max]; |
64 |
59 |
65 |
60 |
66 Goal "Lift : Always open_stop"; |
61 Goal "Lift : Always open_stop"; |
67 by (rtac AlwaysI 1); |
62 by (always_tac 1); |
68 by (Force_tac 1); |
|
69 by (constrains_tac 1); |
|
70 qed "open_stop"; |
63 qed "open_stop"; |
71 |
64 |
72 Goal "Lift : Always stop_floor"; |
65 Goal "Lift : Always stop_floor"; |
73 by (rtac AlwaysI 1); |
66 by (always_tac 1); |
74 by (Force_tac 1); |
|
75 by (constrains_tac 1); |
|
76 qed "stop_floor"; |
67 qed "stop_floor"; |
77 |
68 |
78 (*This one needs open_stop, which was proved above*) |
69 (*This one needs open_stop, which was proved above*) |
79 Goal "Lift : Always open_move"; |
70 Goal "Lift : Always open_move"; |
80 by (rtac AlwaysI 1); |
71 by (cut_facts_tac [open_stop] 1); |
81 by (rtac (open_stop RS Always_ConstrainsI RS StableI) 2); |
72 by (always_tac 1); |
82 by (Force_tac 1); |
|
83 by (constrains_tac 1); |
|
84 qed "open_move"; |
73 qed "open_move"; |
85 |
74 |
86 Goal "Lift : Always moving_up"; |
75 Goal "Lift : Always moving_up"; |
87 by (rtac AlwaysI 1); |
76 by (always_tac 1); |
88 by (Force_tac 1); |
77 by (auto_tac (claset() addDs [zle_imp_zless_or_eq], |
89 by (constrains_tac 1); |
|
90 by (auto_tac (claset(), |
|
91 simpset() addsimps [add1_zle_eq])); |
78 simpset() addsimps [add1_zle_eq])); |
92 by (blast_tac (claset() addDs [zle_imp_zless_or_eq]) 1); |
|
93 qed "moving_up"; |
79 qed "moving_up"; |
94 |
80 |
95 Goal "Lift : Always moving_down"; |
81 Goal "Lift : Always moving_down"; |
96 by (rtac AlwaysI 1); |
82 by (always_tac 1); |
97 by (Force_tac 1); |
|
98 by (constrains_tac 1); |
|
99 by (blast_tac (claset() addDs [zle_imp_zless_or_eq]) 1); |
83 by (blast_tac (claset() addDs [zle_imp_zless_or_eq]) 1); |
100 qed "moving_down"; |
84 qed "moving_down"; |
101 |
85 |
102 Goal "Lift : Always bounded"; |
86 Goal "Lift : Always bounded"; |
103 by (rtac AlwaysI 1); |
87 by (cut_facts_tac [moving_up, moving_down] 1); |
104 by (rtac (Always_Int_rule [moving_up, moving_down] RS |
88 by (always_tac 1); |
105 Always_ConstrainsI RS StableI) 2); |
|
106 by (Force_tac 1); |
|
107 by (constrains_tac 1); |
|
108 by (ALLGOALS Clarify_tac); |
89 by (ALLGOALS Clarify_tac); |
109 by (REPEAT_FIRST distinct_tac); |
90 by (REPEAT_FIRST distinct_tac); |
110 by Auto_tac; |
91 by Auto_tac; |
111 qed "bounded"; |
92 qed "bounded"; |
112 |
93 |
168 NOT an ensures property, but a mere inclusion; |
149 NOT an ensures property, but a mere inclusion; |
169 don't know why script lift_2.uni says ENSURES*) |
150 don't know why script lift_2.uni says ENSURES*) |
170 Goal "Lift : (Req n Int closed - (atFloor n - queueing)) \ |
151 Goal "Lift : (Req n Int closed - (atFloor n - queueing)) \ |
171 \ LeadsTo ((closed Int goingup Int Req n) Un \ |
152 \ LeadsTo ((closed Int goingup Int Req n) Un \ |
172 \ (closed Int goingdown Int Req n))"; |
153 \ (closed Int goingdown Int Req n))"; |
173 by (rtac subset_imp_LeadsTo 1); |
154 by (auto_tac (claset() addSIs [subset_imp_LeadsTo] addSEs [int_neqE], |
174 by (auto_tac (claset() addSEs [int_neqE], simpset())); |
155 simpset())); |
175 qed "E_thm05c"; |
156 qed "E_thm05c"; |
176 |
157 |
177 (*lift_2*) |
158 (*lift_2*) |
178 Goal "Lift : (Req n Int closed - (atFloor n - queueing)) \ |
159 Goal "Lift : (Req n Int closed - (atFloor n - queueing)) \ |
179 \ LeadsTo (moving Int Req n)"; |
160 \ LeadsTo (moving Int Req n)"; |
196 by (cut_facts_tac [moving_up] 1); |
177 by (cut_facts_tac [moving_up] 1); |
197 by (ensures_tac "move_up" 1); |
178 by (ensures_tac "move_up" 1); |
198 by Safe_tac; |
179 by Safe_tac; |
199 (*this step consolidates two formulae to the goal metric n s' <= metric n s*) |
180 (*this step consolidates two formulae to the goal metric n s' <= metric n s*) |
200 by (etac (linorder_leI RS order_antisym RS sym) 1); |
181 by (etac (linorder_leI RS order_antisym RS sym) 1); |
201 by (REPEAT_FIRST (eresolve_tac mov_metrics)); |
182 by (REPEAT_FIRST (eresolve_tac mov_metrics ORELSE' distinct_tac)); |
202 by (REPEAT_FIRST distinct_tac); |
|
203 (** LEVEL 6 **) |
183 (** LEVEL 6 **) |
204 by (ALLGOALS (asm_simp_tac (simpset() addsimps |
184 by (ALLGOALS (asm_simp_tac (simpset() addsimps metric_simps @ zcompare_rls))); |
205 [zle_def] @ metric_simps @ zcompare_rls))); |
|
206 qed "E_thm12a"; |
185 qed "E_thm12a"; |
207 |
|
208 |
186 |
209 |
187 |
210 (*lem_lift_4_3 *) |
188 (*lem_lift_4_3 *) |
211 Goal "#0 < N ==> \ |
189 Goal "#0 < N ==> \ |
212 \ Lift : (moving Int Req n Int {s. metric n s = N} Int \ |
190 \ Lift : (moving Int Req n Int {s. metric n s = N} Int \ |
215 by (cut_facts_tac [moving_down] 1); |
193 by (cut_facts_tac [moving_down] 1); |
216 by (ensures_tac "move_down" 1); |
194 by (ensures_tac "move_down" 1); |
217 by Safe_tac; |
195 by Safe_tac; |
218 (*this step consolidates two formulae to the goal metric n s' <= metric n s*) |
196 (*this step consolidates two formulae to the goal metric n s' <= metric n s*) |
219 by (etac (linorder_leI RS order_antisym RS sym) 1); |
197 by (etac (linorder_leI RS order_antisym RS sym) 1); |
220 by (REPEAT_FIRST (eresolve_tac mov_metrics)); |
198 by (REPEAT_FIRST (eresolve_tac mov_metrics ORELSE' distinct_tac)); |
221 by (REPEAT_FIRST distinct_tac); |
|
222 (** LEVEL 6 **) |
199 (** LEVEL 6 **) |
223 by (ALLGOALS (asm_simp_tac (simpset() addsimps metric_simps @ zcompare_rls))); |
200 by (ALLGOALS (asm_simp_tac (simpset() addsimps metric_simps @ zcompare_rls))); |
224 qed "E_thm12b"; |
201 qed "E_thm12b"; |
225 |
202 |
226 (*lift_4*) |
203 (*lift_4*) |
227 Goal "#0<N ==> Lift : (moving Int Req n Int {s. metric n s = N} Int \ |
204 Goal "#0<N ==> Lift : (moving Int Req n Int {s. metric n s = N} Int \ |
228 \ {s. floor s ~: req s}) LeadsTo \ |
205 \ {s. floor s ~: req s}) LeadsTo \ |
229 \ (moving Int Req n Int {s. metric n s < N})"; |
206 \ (moving Int Req n Int {s. metric n s < N})"; |
230 by (rtac ([subset_imp_LeadsTo, LeadsTo_Un] MRS LeadsTo_Trans) 1); |
207 by (rtac ([subset_imp_LeadsTo, [E_thm12a, E_thm12b] MRS LeadsTo_Un] |
231 by (etac E_thm12b 3); |
208 MRS LeadsTo_Trans) 1); |
232 by (etac E_thm12a 2); |
209 by Auto_tac; |
233 by (Blast_tac 1); |
|
234 qed "lift_4"; |
210 qed "lift_4"; |
235 |
211 |
236 |
212 |
237 (** towards lift_5 **) |
213 (** towards lift_5 **) |
238 |
214 |
355 |
330 |
356 Goal "Lift : (moving Int Req n) LeadsTo (stopped Int atFloor n)"; |
331 Goal "Lift : (moving Int Req n) LeadsTo (stopped Int atFloor n)"; |
357 by (rtac (Always_nonneg RS integ_0_le_induct) 1); |
332 by (rtac (Always_nonneg RS integ_0_le_induct) 1); |
358 by (case_tac "#0 < z" 1); |
333 by (case_tac "#0 < z" 1); |
359 (*If z <= #0 then actually z = #0*) |
334 (*If z <= #0 then actually z = #0*) |
360 by (fold_tac [zle_def]); |
335 by (force_tac (claset() addIs [R_thm11, order_antisym], |
361 by (force_tac (claset() addIs [R_thm11, order_antisym], simpset()) 2); |
336 simpset() addsimps [linorder_not_less]) 2); |
362 by (rtac ([asm_rl, Un_upper1] MRS LeadsTo_weaken_R) 1); |
337 by (rtac ([asm_rl, Un_upper1] MRS LeadsTo_weaken_R) 1); |
363 by (rtac ([subset_imp_LeadsTo, LeadsTo_Un] MRS LeadsTo_Trans) 1); |
338 by (rtac ([subset_imp_LeadsTo, [lift_4, lift_3_Req] MRS LeadsTo_Un] |
364 by (rtac lift_3_Req 3); |
339 MRS LeadsTo_Trans) 1); |
365 by (rtac lift_4 2); |
|
366 by Auto_tac; |
340 by Auto_tac; |
367 qed "lift_3"; |
341 qed "lift_3"; |
368 |
342 |
|
343 |
|
344 val LeadsTo_Trans_Un' = rotate_prems 1 LeadsTo_Trans_Un; |
|
345 (* [| Lift: B LeadsTo C; Lift: A LeadsTo B |] ==> Lift: (A Un B) LeadsTo C *) |
369 |
346 |
370 Goal "Lift : (Req n) LeadsTo (opened Int atFloor n)"; |
347 Goal "Lift : (Req n) LeadsTo (opened Int atFloor n)"; |
371 by (rtac LeadsTo_Trans 1); |
348 by (rtac LeadsTo_Trans 1); |
372 by (rtac (E_thm04 RS LeadsTo_Un) 2); |
349 by (rtac ([E_thm04, LeadsTo_Un_post] MRS LeadsTo_Un) 2); |
373 by (rtac LeadsTo_Un_post 2); |
|
374 by (rtac (E_thm01 RS LeadsTo_Trans_Un') 2); |
350 by (rtac (E_thm01 RS LeadsTo_Trans_Un') 2); |
375 by (rtac (lift_3 RS LeadsTo_Trans_Un') 2); |
351 by (rtac (lift_3 RS LeadsTo_Trans_Un') 2); |
376 by (rtac (lift_2 RS LeadsTo_Trans_Un') 2); |
352 by (rtac (lift_2 RS LeadsTo_Trans_Un') 2); |
377 by (rtac (E_thm03 RS LeadsTo_Trans_Un') 2); |
353 by (rtac ([E_thm03,E_thm02] MRS LeadsTo_Trans_Un') 2); |
378 by (rtac E_thm02 2); |
|
379 by (rtac (open_move RS Always_LeadsToI) 1); |
354 by (rtac (open_move RS Always_LeadsToI) 1); |
380 by (rtac (open_stop RS Always_LeadsToI) 1); |
355 by (rtac ([open_stop, subset_imp_LeadsTo] MRS Always_LeadsToI) 1); |
381 by (rtac subset_imp_LeadsTo 1); |
|
382 by (Clarify_tac 1); |
356 by (Clarify_tac 1); |
383 (*The case split is not essential but makes Blast_tac much faster. |
357 (*The case split is not essential but makes Blast_tac much faster. |
384 Must also be careful to prevent simplification from looping*) |
358 Calling rotate_tac prevents simplification from looping*) |
385 by (case_tac "open x" 1); |
359 by (case_tac "open x" 1); |
386 by (ALLGOALS (rotate_tac ~1)); |
360 by (ALLGOALS (rotate_tac ~1)); |
387 by (ALLGOALS Asm_full_simp_tac); |
361 by Auto_tac; |
388 by (Blast_tac 1); |
|
389 qed "lift_1"; |
362 qed "lift_1"; |
390 |
363 |
391 Close_locale "floor"; |
364 Close_locale "floor"; |