256 by (auto simp add: Merge_Allowed ok_iff_Allowed) |
256 by (auto simp add: Merge_Allowed ok_iff_Allowed) |
257 |
257 |
258 |
258 |
259 lemma Merge_Always_Out_eq_iOut: |
259 lemma Merge_Always_Out_eq_iOut: |
260 "[| G \<in> preserves merge.Out; G \<in> preserves merge.iOut; M \<in> Allowed G |] |
260 "[| G \<in> preserves merge.Out; G \<in> preserves merge.iOut; M \<in> Allowed G |] |
261 ==> M Join G \<in> Always {s. length (merge.Out s) = length (merge.iOut s)}" |
261 ==> M \<squnion> G \<in> Always {s. length (merge.Out s) = length (merge.iOut s)}" |
262 apply (cut_tac Merge_spec) |
262 apply (cut_tac Merge_spec) |
263 apply (force dest: guaranteesD simp add: merge_spec_def merge_eqOut_def) |
263 apply (force dest: guaranteesD simp add: merge_spec_def merge_eqOut_def) |
264 done |
264 done |
265 |
265 |
266 lemma Merge_Bounded: |
266 lemma Merge_Bounded: |
267 "[| G \<in> preserves merge.iOut; G \<in> preserves merge.Out; M \<in> Allowed G |] |
267 "[| G \<in> preserves merge.iOut; G \<in> preserves merge.Out; M \<in> Allowed G |] |
268 ==> M Join G \<in> Always {s. \<forall>elt \<in> set (merge.iOut s). elt < Nclients}" |
268 ==> M \<squnion> G \<in> Always {s. \<forall>elt \<in> set (merge.iOut s). elt < Nclients}" |
269 apply (cut_tac Merge_spec) |
269 apply (cut_tac Merge_spec) |
270 apply (force dest: guaranteesD simp add: merge_spec_def merge_bounded_def) |
270 apply (force dest: guaranteesD simp add: merge_spec_def merge_bounded_def) |
271 done |
271 done |
272 |
272 |
273 lemma Merge_Bag_Follows_lemma: |
273 lemma Merge_Bag_Follows_lemma: |
274 "[| G \<in> preserves merge.iOut; G \<in> preserves merge.Out; M \<in> Allowed G |] |
274 "[| G \<in> preserves merge.iOut; G \<in> preserves merge.Out; M \<in> Allowed G |] |
275 ==> M Join G \<in> Always |
275 ==> M \<squnion> G \<in> Always |
276 {s. (\<Sum>i \<in> lessThan Nclients. bag_of (sublist (merge.Out s) |
276 {s. (\<Sum>i \<in> lessThan Nclients. bag_of (sublist (merge.Out s) |
277 {k. k < length (iOut s) & iOut s ! k = i})) = |
277 {k. k < length (iOut s) & iOut s ! k = i})) = |
278 (bag_of o merge.Out) s}" |
278 (bag_of o merge.Out) s}" |
279 apply (rule Always_Compl_Un_eq [THEN iffD1]) |
279 apply (rule Always_Compl_Un_eq [THEN iffD1]) |
280 apply (blast intro: Always_Int_I [OF Merge_Always_Out_eq_iOut Merge_Bounded]) |
280 apply (blast intro: Always_Int_I [OF Merge_Always_Out_eq_iOut Merge_Bounded]) |
323 apply (blast intro: guaranteesI Follows_Increasing1 dest: guaranteesD) |
323 apply (blast intro: guaranteesI Follows_Increasing1 dest: guaranteesD) |
324 done |
324 done |
325 |
325 |
326 lemma Distr_Bag_Follows_lemma: |
326 lemma Distr_Bag_Follows_lemma: |
327 "[| G \<in> preserves distr.Out; |
327 "[| G \<in> preserves distr.Out; |
328 D Join G \<in> Always {s. \<forall>elt \<in> set (distr.iIn s). elt < Nclients} |] |
328 D \<squnion> G \<in> Always {s. \<forall>elt \<in> set (distr.iIn s). elt < Nclients} |] |
329 ==> D Join G \<in> Always |
329 ==> D \<squnion> G \<in> Always |
330 {s. (\<Sum>i \<in> lessThan Nclients. bag_of (sublist (distr.In s) |
330 {s. (\<Sum>i \<in> lessThan Nclients. bag_of (sublist (distr.In s) |
331 {k. k < length (iIn s) & iIn s ! k = i})) = |
331 {k. k < length (iIn s) & iIn s ! k = i})) = |
332 bag_of (sublist (distr.In s) (lessThan (length (iIn s))))}" |
332 bag_of (sublist (distr.In s) (lessThan (length (iIn s))))}" |
333 apply (erule Always_Compl_Un_eq [THEN iffD1]) |
333 apply (erule Always_Compl_Un_eq [THEN iffD1]) |
334 apply (rule UNIV_AlwaysI, clarify) |
334 apply (rule UNIV_AlwaysI, clarify) |