8 From Misra, "A Logic for Concurrent Programming", 1994 |
8 From Misra, "A Logic for Concurrent Programming", 1994 |
9 |
9 |
10 Theory ported form HOL. |
10 Theory ported form HOL. |
11 *) |
11 *) |
12 |
12 |
13 |
13 Goalw [FP_Orig_def] "FP_Orig(F)<=state"; |
14 Goalw [FP_Orig_def] |
|
15 "FP_Orig(F):condition"; |
|
16 by (Blast_tac 1); |
14 by (Blast_tac 1); |
17 qed "FP_Orig_type"; |
15 qed "FP_Orig_type"; |
18 AddIffs [FP_Orig_type]; |
|
19 AddTCs [FP_Orig_type]; |
|
20 |
16 |
21 Goalw [FP_Orig_def, condition_def] |
17 Goalw [st_set_def] "st_set(FP_Orig(F))"; |
22 "x:FP_Orig(F) ==> x:state"; |
18 by (rtac FP_Orig_type 1); |
23 by Auto_tac; |
19 qed "st_set_FP_Orig"; |
24 qed "FP_OrigD"; |
20 AddIffs [st_set_FP_Orig]; |
25 |
21 |
26 Goalw [FP_def, condition_def] |
22 Goalw [FP_def] "FP(F)<=state"; |
27 "FP(F):condition"; |
|
28 by (Blast_tac 1); |
23 by (Blast_tac 1); |
29 qed "FP_type"; |
24 qed "FP_type"; |
30 AddIffs [FP_type]; |
|
31 AddTCs [FP_type]; |
|
32 |
25 |
33 Goalw [FP_def, condition_def] |
26 Goalw [st_set_def] "st_set(FP(F))"; |
34 "x:FP(F) ==> x:state"; |
27 by (rtac FP_type 1); |
35 by Auto_tac; |
28 qed "st_set_FP"; |
36 qed "FP_D"; |
29 AddIffs [st_set_FP]; |
37 |
30 |
38 Goal "Union(B) Int A = (UN C:B. C Int A)"; |
31 Goal "Union(B) Int A = (UN C:B. C Int A)"; |
39 by (Blast_tac 1); |
32 by (Blast_tac 1); |
40 qed "Int_Union2"; |
33 qed "Int_Union2"; |
41 |
34 |
42 Goalw [FP_Orig_def, stable_def] |
35 Goalw [FP_Orig_def, stable_def] "F:program ==> F:stable(FP_Orig(F) Int B)"; |
43 "[| F:program; B:condition |] \ |
|
44 \ ==> F:stable(FP_Orig(F) Int B)"; |
|
45 by (stac Int_Union2 1); |
36 by (stac Int_Union2 1); |
46 by (blast_tac (claset() addIs [constrains_UN]) 1); |
37 by (blast_tac (claset() addIs [constrains_UN]) 1); |
47 qed "stable_FP_Orig_Int"; |
38 qed "stable_FP_Orig_Int"; |
48 |
39 |
49 Goalw [FP_Orig_def, stable_def] |
40 Goalw [FP_Orig_def, stable_def, st_set_def] |
50 "[| ALL B:condition. F : stable (A Int B); A:condition |] \ |
41 "[| ALL B. F: stable (A Int B); st_set(A) |] ==> A <= FP_Orig(F)"; |
51 \ ==> A <= FP_Orig(F)"; |
|
52 by (Blast_tac 1); |
42 by (Blast_tac 1); |
53 bind_thm("FP_Orig_weakest", ballI RS result()); |
43 qed "FP_Orig_weakest2"; |
|
44 |
|
45 bind_thm("FP_Orig_weakest", allI RS FP_Orig_weakest2); |
54 |
46 |
55 Goal "A Int cons(a, B) = \ |
47 Goal "A Int cons(a, B) = \ |
56 \ (if a : A then cons(a, cons(a, (A Int B))) else A Int B)"; |
48 \ (if a : A then cons(a, cons(a, (A Int B))) else A Int B)"; |
57 by Auto_tac; |
49 by Auto_tac; |
58 qed "Int_cons_right"; |
50 qed "Int_cons_right"; |
59 |
51 |
60 |
52 Goal "F:program ==> F : stable (FP(F) Int B)"; |
61 Goal "[| F:program; B:condition |] ==> F : stable (FP(F) Int B)"; |
|
62 by (subgoal_tac "FP(F) Int B = (UN x:B. FP(F) Int {x})" 1); |
53 by (subgoal_tac "FP(F) Int B = (UN x:B. FP(F) Int {x})" 1); |
63 by (Blast_tac 2); |
54 by (Blast_tac 2); |
64 by (asm_simp_tac (simpset() addsimps [Int_cons_right]) 1); |
55 by (asm_simp_tac (simpset() addsimps [Int_cons_right]) 1); |
65 by (rewrite_goals_tac [FP_def, stable_def]); |
56 by (rewrite_goals_tac [FP_def, stable_def]); |
66 by (rtac constrains_UN 1); |
57 by (rtac constrains_UN 1); |
67 by (auto_tac (claset(), simpset() addsimps [cons_absorb])); |
58 by (auto_tac (claset(), simpset() addsimps [cons_absorb])); |
68 qed "stable_FP_Int"; |
59 qed "stable_FP_Int"; |
69 |
60 |
70 |
|
71 Goal "F:program ==> FP(F) <= FP_Orig(F)"; |
61 Goal "F:program ==> FP(F) <= FP_Orig(F)"; |
72 by (rtac (stable_FP_Int RS FP_Orig_weakest) 1); |
62 by (rtac (stable_FP_Int RS FP_Orig_weakest) 1); |
73 by Auto_tac; |
63 by Auto_tac; |
74 val lemma1 = result(); |
64 qed "FP_subset_FP_Orig"; |
75 |
65 |
76 |
66 Goalw [FP_Orig_def, FP_def] "F:program ==> FP_Orig(F) <= FP(F)"; |
77 Goalw [FP_Orig_def, FP_def] |
|
78 "F:program ==> FP_Orig(F) <= FP(F)"; |
|
79 by (Clarify_tac 1); |
67 by (Clarify_tac 1); |
80 by (dres_inst_tac [("x", "{x}")] bspec 1); |
68 by (dres_inst_tac [("x", "{x}")] spec 1); |
81 by (force_tac (claset(), simpset() addsimps [condition_def]) 1); |
|
82 by (asm_full_simp_tac (simpset() addsimps [Int_cons_right]) 1); |
69 by (asm_full_simp_tac (simpset() addsimps [Int_cons_right]) 1); |
83 by (auto_tac (claset(), simpset() addsimps [cons_absorb])); |
70 by (forward_tac [stableD2] 1); |
84 by (force_tac (claset(), simpset() addsimps [condition_def]) 1); |
71 by (auto_tac (claset(), simpset() addsimps [cons_absorb, st_set_def])); |
85 val lemma2 = result(); |
72 qed "FP_Orig_subset_FP"; |
86 |
73 |
87 |
74 |
88 Goal "F:program ==> FP(F) = FP_Orig(F)"; |
75 Goal "F:program ==> FP(F) = FP_Orig(F)"; |
89 by (rtac ([lemma1,lemma2] MRS equalityI) 1); |
76 by (rtac ([FP_subset_FP_Orig,FP_Orig_subset_FP] MRS equalityI) 1); |
90 by (ALLGOALS(assume_tac)); |
77 by (ALLGOALS(assume_tac)); |
91 qed "FP_equivalence"; |
78 qed "FP_equivalence"; |
92 |
79 |
93 |
80 |
94 Goal "[| ALL B:condition. F : stable(A Int B); A:condition; F:program |] \ |
81 Goal "[| ALL B. F : stable(A Int B); F:program; st_set(A) |] ==> A <= FP(F)"; |
95 \ ==> A <= FP(F)"; |
|
96 by (asm_simp_tac (simpset() addsimps [FP_equivalence, FP_Orig_weakest]) 1); |
82 by (asm_simp_tac (simpset() addsimps [FP_equivalence, FP_Orig_weakest]) 1); |
97 bind_thm("FP_weakest", result() RS ballI); |
83 qed "FP_weakest2"; |
|
84 bind_thm("FP_weakest", allI RS FP_weakest2); |
98 |
85 |
99 Goalw [FP_def, stable_def, constrains_def, condition_def] |
86 Goalw [FP_def, stable_def, constrains_def, st_set_def] |
100 "[| F:program; A:condition |] ==> \ |
87 "[| F:program; st_set(A) |] ==> A-FP(F) = (UN act:Acts(F). A-{s:state. act``{s} <= {s}})"; |
101 \ A - FP(F) = (UN act: Acts(F). A -{s:state. act``{s} <= {s}})"; |
|
102 by (Blast_tac 1); |
88 by (Blast_tac 1); |
103 qed "Diff_FP"; |
89 qed "Diff_FP"; |
104 |
90 |