68 |
68 |
69 Goalw [extend_set_def] "A<=B ==> extend_set h A <= extend_set h B"; |
69 Goalw [extend_set_def] "A<=B ==> extend_set h A <= extend_set h B"; |
70 by (Blast_tac 1); |
70 by (Blast_tac 1); |
71 qed "extend_set_mono"; |
71 qed "extend_set_mono"; |
72 |
72 |
73 Goalw [extend_set_def] |
73 Goalw [extend_set_def] "z : extend_set h A = (f z : A)"; |
74 "z : extend_set h A = (f z : A)"; |
|
75 by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1); |
74 by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1); |
76 qed "mem_extend_set_iff"; |
75 qed "mem_extend_set_iff"; |
77 AddIffs [mem_extend_set_iff]; |
76 AddIffs [mem_extend_set_iff]; |
|
77 |
|
78 Goalw [extend_set_def] |
|
79 "(extend_set h A <= extend_set h B) = (A <= B)"; |
|
80 by (Force_tac 1); |
|
81 qed "extend_set_strict_mono"; |
|
82 AddIffs [extend_set_strict_mono]; |
78 |
83 |
79 Goal "{s. P (f s)} = extend_set h {s. P s}"; |
84 Goal "{s. P (f s)} = extend_set h {s. P s}"; |
80 by Auto_tac; |
85 by Auto_tac; |
81 qed "Collect_eq_extend_set"; |
86 qed "Collect_eq_extend_set"; |
82 |
87 |
175 "Domain act <= project_set h C ==> project_act C h (extend_act h act) = act"; |
180 "Domain act <= project_set h C ==> project_act C h (extend_act h act) = act"; |
176 by (Force_tac 1); |
181 by (Force_tac 1); |
177 qed "extend_act_inverse"; |
182 qed "extend_act_inverse"; |
178 Addsimps [extend_act_inverse]; |
183 Addsimps [extend_act_inverse]; |
179 |
184 |
|
185 (*By subset_refl, a corollary is project_act C h (extend_act h act) <= act*) |
|
186 Goalw [extend_act_def, project_act_def] |
|
187 "act' <= extend_act h act ==> project_act C h act' <= act"; |
|
188 by (Force_tac 1); |
|
189 qed "subset_extend_act_D"; |
|
190 |
180 Goal "inj (extend_act h)"; |
191 Goal "inj (extend_act h)"; |
181 by (rtac inj_on_inverseI 1); |
192 by (rtac inj_on_inverseI 1); |
182 by (rtac extend_act_inverse 1); |
193 by (rtac extend_act_inverse 1); |
183 by (force_tac (claset(), simpset() addsimps [project_set_def]) 1); |
194 by (force_tac (claset(), simpset() addsimps [project_set_def]) 1); |
184 qed "inj_extend_act"; |
195 qed "inj_extend_act"; |
187 "extend_act h act ^^ (extend_set h A) = extend_set h (act ^^ A)"; |
198 "extend_act h act ^^ (extend_set h A) = extend_set h (act ^^ A)"; |
188 by (Force_tac 1); |
199 by (Force_tac 1); |
189 qed "extend_act_Image"; |
200 qed "extend_act_Image"; |
190 Addsimps [extend_act_Image]; |
201 Addsimps [extend_act_Image]; |
191 |
202 |
192 Goalw [extend_set_def, extend_act_def] |
203 Goalw [extend_act_def] "(extend_act h act' <= extend_act h act) = (act'<=act)"; |
193 "(extend_set h A <= extend_set h B) = (A <= B)"; |
204 by Auto_tac; |
194 by (Force_tac 1); |
205 qed "extend_act_strict_mono"; |
195 qed "extend_set_strict_mono"; |
206 |
196 Addsimps [extend_set_strict_mono]; |
207 AddIffs [extend_act_strict_mono, inj_extend_act RS inj_eq]; |
|
208 (*The latter theorem is (extend_act h act' = extend_act h act) = (act'=act) *) |
197 |
209 |
198 Goalw [extend_set_def, extend_act_def] |
210 Goalw [extend_set_def, extend_act_def] |
199 "Domain (extend_act h act) = extend_set h (Domain act)"; |
211 "Domain (extend_act h act) = extend_set h (Domain act)"; |
200 by (Force_tac 1); |
212 by (Force_tac 1); |
201 qed "Domain_extend_act"; |
213 qed "Domain_extend_act"; |
223 by (res_inst_tac [("y1", "ya")] (surj_h RS surjD RS exE) 1); |
235 by (res_inst_tac [("y1", "ya")] (surj_h RS surjD RS exE) 1); |
224 by Auto_tac; |
236 by Auto_tac; |
225 qed "Domain_project_act"; |
237 qed "Domain_project_act"; |
226 |
238 |
227 Addsimps [extend_act_Id, project_act_Id]; |
239 Addsimps [extend_act_Id, project_act_Id]; |
|
240 |
|
241 Goal "(extend_act h act = Id) = (act = Id)"; |
|
242 by Auto_tac; |
|
243 by (rewtac extend_act_def); |
|
244 by (ALLGOALS (blast_tac (claset() addEs [equalityE]))); |
|
245 qed "extend_act_Id_iff"; |
228 |
246 |
229 Goal "Id : extend_act h `` Acts F"; |
247 Goal "Id : extend_act h `` Acts F"; |
230 by (auto_tac (claset() addSIs [extend_act_Id RS sym], |
248 by (auto_tac (claset() addSIs [extend_act_Id RS sym], |
231 simpset() addsimps [image_iff])); |
249 simpset() addsimps [image_iff])); |
232 qed "Id_mem_extend_act"; |
250 qed "Id_mem_extend_act"; |
324 |
342 |
325 Goal "(extend h F : invariant (extend_set h A)) = (F : invariant A)"; |
343 Goal "(extend h F : invariant (extend_set h A)) = (F : invariant A)"; |
326 by (asm_simp_tac (simpset() addsimps [invariant_def, extend_stable]) 1); |
344 by (asm_simp_tac (simpset() addsimps [invariant_def, extend_stable]) 1); |
327 qed "extend_invariant"; |
345 qed "extend_invariant"; |
328 |
346 |
|
347 (*Converse fails: A and B may differ in their extra variables*) |
|
348 Goal "extend h F : A co B ==> F : (project_set h A) co (project_set h B)"; |
|
349 by (auto_tac (claset(), |
|
350 simpset() addsimps [constrains_def, project_set_def])); |
|
351 by (Force_tac 1); |
|
352 qed "extend_constrains_project_set"; |
|
353 |
329 |
354 |
330 (*** Diff, needed for localTo ***) |
355 (*** Diff, needed for localTo ***) |
331 |
356 |
332 Goal "(Diff (extend h G) (extend_act h `` acts)) = extend h (Diff G acts)"; |
357 Goal "(Diff (extend h G) (extend_act h `` acts)) = extend h (Diff G acts)"; |
333 by (auto_tac (claset() addSIs [program_equalityI], |
358 by (auto_tac (claset() addSIs [program_equalityI], |
334 simpset() addsimps [Diff_def, |
359 simpset() addsimps [Diff_def, |
335 inj_extend_act RS image_set_diff RS sym])); |
360 inj_extend_act RS image_set_diff])); |
336 qed "Diff_extend_eq"; |
361 qed "Diff_extend_eq"; |
337 |
362 |
338 Goal "(Diff (extend h G) (extend_act h `` acts) \ |
363 Goal "(Diff (extend h G) (extend_act h `` acts) \ |
339 \ : (extend_set h A) co (extend_set h B)) \ |
364 \ : (extend_set h A) co (extend_set h B)) \ |
340 \ = (Diff G acts : A co B)"; |
365 \ = (Diff G acts : A co B)"; |
341 by (simp_tac (simpset() addsimps [Diff_extend_eq, extend_constrains]) 1); |
366 by (simp_tac (simpset() addsimps [Diff_extend_eq, extend_constrains]) 1); |
342 qed "Diff_extend_co"; |
367 qed "Diff_extend_constrains"; |
343 |
368 |
344 Goal "(Diff (extend h G) (extend_act h `` acts) : stable (extend_set h A)) \ |
369 Goal "(Diff (extend h G) (extend_act h `` acts) : stable (extend_set h A)) \ |
345 \ = (Diff G acts : stable A)"; |
370 \ = (Diff G acts : stable A)"; |
346 by (simp_tac (simpset() addsimps [Diff_extend_co, stable_def]) 1); |
371 by (simp_tac (simpset() addsimps [Diff_extend_constrains, stable_def]) 1); |
347 qed "Diff_extend_stable"; |
372 qed "Diff_extend_stable"; |
|
373 |
|
374 Goal "Diff (extend h G) (extend_act h `` acts) : A co B \ |
|
375 \ ==> Diff G acts : (project_set h A) co (project_set h B)"; |
|
376 by (asm_full_simp_tac (simpset() addsimps [Diff_extend_eq, |
|
377 extend_constrains_project_set]) 1); |
|
378 qed "Diff_extend_constrains_project_set"; |
|
379 |
|
380 Goalw [localTo_def] |
|
381 "(extend h F : (v o f) localTo extend h H) = (F : v localTo H)"; |
|
382 by (simp_tac (simpset() addsimps []) 1); |
|
383 (*A trick to strip both quantifiers*) |
|
384 by (res_inst_tac [("f", "All")] (ext RS arg_cong) 1); |
|
385 by (stac Collect_eq_extend_set 1); |
|
386 by (simp_tac (simpset() addsimps [Diff_extend_stable]) 1); |
|
387 qed "extend_localTo_extend_eq"; |
|
388 |
|
389 Goal "Disjoint (extend h F) (extend h G) = Disjoint F G"; |
|
390 by (simp_tac (simpset() addsimps [Disjoint_def, |
|
391 inj_extend_act RS image_Int RS sym]) 1); |
|
392 by (simp_tac (simpset() addsimps [image_subset_iff, extend_act_Id_iff]) 1); |
|
393 by (blast_tac (claset() addEs [equalityE]) 1); |
|
394 qed "Disjoint_extend_eq"; |
|
395 Addsimps [Disjoint_extend_eq]; |
348 |
396 |
349 (*** Weak safety primitives: Co, Stable ***) |
397 (*** Weak safety primitives: Co, Stable ***) |
350 |
398 |
351 Goal "p : reachable (extend h F) ==> f p : reachable F"; |
399 Goal "p : reachable (extend h F) ==> f p : reachable F"; |
352 by (etac reachable.induct 1); |
400 by (etac reachable.induct 1); |