270 by (rtac leadsTo_Basis 1); |
270 by (rtac leadsTo_Basis 1); |
271 by (asm_full_simp_tac |
271 by (asm_full_simp_tac |
272 (simpset() addsimps [ensures_def, |
272 (simpset() addsimps [ensures_def, |
273 Diff_Int_distrib2 RS sym, Int_Un_distrib2 RS sym]) 1); |
273 Diff_Int_distrib2 RS sym, Int_Un_distrib2 RS sym]) 1); |
274 by (blast_tac (claset() addIs [transient_strengthen, constrains_Int]) 1); |
274 by (blast_tac (claset() addIs [transient_strengthen, constrains_Int]) 1); |
275 qed "PSP_stable"; |
275 qed "psp_stable"; |
276 |
276 |
277 Goal "[| leadsTo acts A A'; stable acts B |] \ |
277 Goal "[| leadsTo acts A A'; stable acts B |] \ |
278 \ ==> leadsTo acts (B Int A) (B Int A')"; |
278 \ ==> leadsTo acts (B Int A) (B Int A')"; |
279 by (asm_simp_tac (simpset() addsimps (PSP_stable::Int_ac)) 1); |
279 by (asm_simp_tac (simpset() addsimps (psp_stable::Int_ac)) 1); |
280 qed "PSP_stable2"; |
280 qed "psp_stable2"; |
281 |
281 |
282 |
282 Goalw [ensures_def, constrains_def] |
283 Goalw [ensures_def] |
|
284 "[| ensures acts A A'; constrains acts B B' |] \ |
283 "[| ensures acts A A'; constrains acts B B' |] \ |
285 \ ==> ensures acts (A Int B) ((A' Int B) Un (B' - B))"; |
284 \ ==> ensures acts (A Int B) ((A' Int B) Un (B' - B))"; |
286 by Safe_tac; |
285 by (blast_tac (claset() addIs [transient_strengthen]) 1); |
287 by (blast_tac (claset() addIs [constrainsI] addDs [constrainsD]) 1); |
286 qed "psp_ensures"; |
288 by (etac transient_strengthen 1); |
|
289 by (Blast_tac 1); |
|
290 qed "PSP_ensures"; |
|
291 |
|
292 |
287 |
293 Goal "[| leadsTo acts A A'; constrains acts B B'; id: acts |] \ |
288 Goal "[| leadsTo acts A A'; constrains acts B B'; id: acts |] \ |
294 \ ==> leadsTo acts (A Int B) ((A' Int B) Un (B' - B))"; |
289 \ ==> leadsTo acts (A Int B) ((A' Int B) Un (B' - B))"; |
295 by (etac leadsTo_induct 1); |
290 by (etac leadsTo_induct 1); |
296 by (simp_tac (simpset() addsimps [Int_Union_Union]) 3); |
291 by (simp_tac (simpset() addsimps [Int_Union_Union]) 3); |
299 by (rtac leadsTo_Un_duplicate2 2); |
294 by (rtac leadsTo_Un_duplicate2 2); |
300 by (etac leadsTo_cancel_Diff1 2); |
295 by (etac leadsTo_cancel_Diff1 2); |
301 by (assume_tac 3); |
296 by (assume_tac 3); |
302 by (asm_full_simp_tac (simpset() addsimps [Int_Diff, Diff_triv]) 2); |
297 by (asm_full_simp_tac (simpset() addsimps [Int_Diff, Diff_triv]) 2); |
303 (*Basis case*) |
298 (*Basis case*) |
304 by (blast_tac (claset() addIs [leadsTo_Basis, PSP_ensures]) 1); |
299 by (blast_tac (claset() addIs [leadsTo_Basis, psp_ensures]) 1); |
305 qed "PSP"; |
300 qed "psp"; |
306 |
301 |
307 Goal "[| leadsTo acts A A'; constrains acts B B'; id: acts |] \ |
302 Goal "[| leadsTo acts A A'; constrains acts B B'; id: acts |] \ |
308 \ ==> leadsTo acts (B Int A) ((B Int A') Un (B' - B))"; |
303 \ ==> leadsTo acts (B Int A) ((B Int A') Un (B' - B))"; |
309 by (asm_simp_tac (simpset() addsimps (PSP::Int_ac)) 1); |
304 by (asm_simp_tac (simpset() addsimps (psp::Int_ac)) 1); |
310 qed "PSP2"; |
305 qed "psp2"; |
311 |
306 |
312 |
307 |
313 Goalw [unless_def] |
308 Goalw [unless_def] |
314 "[| leadsTo acts A A'; unless acts B B'; id: acts |] \ |
309 "[| leadsTo acts A A'; unless acts B B'; id: acts |] \ |
315 \ ==> leadsTo acts (A Int B) ((A' Int B) Un B')"; |
310 \ ==> leadsTo acts (A Int B) ((A' Int B) Un B')"; |
316 by (dtac PSP 1); |
311 by (dtac psp 1); |
317 by (assume_tac 1); |
312 by (assume_tac 1); |
318 by (asm_full_simp_tac (simpset() addsimps [Un_Diff_Diff, Int_Diff_Un]) 2); |
313 by (asm_full_simp_tac (simpset() addsimps [Un_Diff_Diff, Int_Diff_Un]) 2); |
319 by (asm_full_simp_tac (simpset() addsimps [Diff_Int_distrib]) 2); |
314 by (asm_full_simp_tac (simpset() addsimps [Diff_Int_distrib]) 2); |
320 by (etac leadsTo_Diff 2); |
315 by (etac leadsTo_Diff 2); |
321 by (blast_tac (claset() addIs [subset_imp_leadsTo]) 2); |
316 by (blast_tac (claset() addIs [subset_imp_leadsTo]) 2); |
322 by Auto_tac; |
317 by Auto_tac; |
323 qed "PSP_unless"; |
318 qed "psp_unless"; |
324 |
319 |
325 |
320 |
326 (*** Proving the induction rules ***) |
321 (*** Proving the induction rules ***) |
327 |
322 |
328 (** The most general rule: r is any wf relation; f is any variant function **) |
323 (** The most general rule: r is any wf relation; f is any variant function **) |
480 by (EVERY [etac (constrains_Un RS constrains_weaken) 2, |
475 by (EVERY [etac (constrains_Un RS constrains_weaken) 2, |
481 etac wlt_constrains_wlt 2, |
476 etac wlt_constrains_wlt 2, |
482 fast_tac (claset() addEs [wlt_increasing RSN (2,rev_subsetD)]) 3, |
477 fast_tac (claset() addEs [wlt_increasing RSN (2,rev_subsetD)]) 3, |
483 Blast_tac 2]); |
478 Blast_tac 2]); |
484 by (subgoal_tac "leadsTo acts (A Int wlt acts B') (A' Int wlt acts B')" 1); |
479 by (subgoal_tac "leadsTo acts (A Int wlt acts B') (A' Int wlt acts B')" 1); |
485 by (blast_tac (claset() addIs [PSP_stable]) 2); |
480 by (blast_tac (claset() addIs [psp_stable]) 2); |
486 by (subgoal_tac "leadsTo acts (A' Int wlt acts B') (A' Int B')" 1); |
481 by (subgoal_tac "leadsTo acts (A' Int wlt acts B') (A' Int B')" 1); |
487 by (blast_tac (claset() addIs [wlt_leadsTo, PSP_stable2]) 2); |
482 by (blast_tac (claset() addIs [wlt_leadsTo, psp_stable2]) 2); |
488 by (subgoal_tac "leadsTo acts (A Int B) (A Int wlt acts B')" 1); |
483 by (subgoal_tac "leadsTo acts (A Int B) (A Int wlt acts B')" 1); |
489 by (blast_tac (claset() addIs [leadsTo_subset RS subsetD, |
484 by (blast_tac (claset() addIs [leadsTo_subset RS subsetD, |
490 subset_imp_leadsTo]) 2); |
485 subset_imp_leadsTo]) 2); |
491 (*Blast_tac gives PROOF FAILED*) |
486 (*Blast_tac gives PROOF FAILED*) |
492 by (best_tac (claset() addIs [leadsTo_Trans]) 1); |
487 by (best_tac (claset() addIs [leadsTo_Trans]) 1); |
516 by (subgoal_tac "constrains acts (W-C) W" 1); |
511 by (subgoal_tac "constrains acts (W-C) W" 1); |
517 by (asm_full_simp_tac |
512 by (asm_full_simp_tac |
518 (simpset() addsimps [wlt_increasing, Un_assoc, Un_absorb2]) 2); |
513 (simpset() addsimps [wlt_increasing, Un_assoc, Un_absorb2]) 2); |
519 by (subgoal_tac "leadsTo acts (A Int W - C) (A' Int W Un C)" 1); |
514 by (subgoal_tac "leadsTo acts (A Int W - C) (A' Int W Un C)" 1); |
520 by (simp_tac (simpset() addsimps [Int_Diff]) 2); |
515 by (simp_tac (simpset() addsimps [Int_Diff]) 2); |
521 by (blast_tac (claset() addIs [wlt_leadsTo, PSP RS leadsTo_weaken_R]) 2); |
516 by (blast_tac (claset() addIs [wlt_leadsTo, psp RS leadsTo_weaken_R]) 2); |
522 by (subgoal_tac "leadsTo acts (A' Int W Un C) (A' Int B' Un C)" 1); |
517 by (subgoal_tac "leadsTo acts (A' Int W Un C) (A' Int B' Un C)" 1); |
523 by (blast_tac (claset() addIs [wlt_leadsTo, leadsTo_Un_Un, |
518 by (blast_tac (claset() addIs [wlt_leadsTo, leadsTo_Un_Un, |
524 PSP2 RS leadsTo_weaken_R, |
519 psp2 RS leadsTo_weaken_R, |
525 subset_refl RS subset_imp_leadsTo, |
520 subset_refl RS subset_imp_leadsTo, |
526 leadsTo_Un_duplicate2]) 2); |
521 leadsTo_Un_duplicate2]) 2); |
527 by (dtac leadsTo_Diff 1); |
522 by (dtac leadsTo_Diff 1); |
528 by (assume_tac 2); |
523 by (assume_tac 2); |
529 by (blast_tac (claset() addIs [subset_imp_leadsTo]) 1); |
524 by (blast_tac (claset() addIs [subset_imp_leadsTo]) 1); |