14 val slice_def = thm "slice_def"; |
14 val slice_def = thm "slice_def"; |
15 val f_act_def = thm "f_act_def"; |
15 val f_act_def = thm "f_act_def"; |
16 |
16 |
17 (*** Trivial properties of f, g, h ***) |
17 (*** Trivial properties of f, g, h ***) |
18 |
18 |
19 val inj_h = thm "inj_h"; |
19 val inj_h = thm "bij_h" RS bij_is_inj; |
20 val surj_h = thm "surj_h"; |
20 val surj_h = thm "bij_h" RS bij_is_surj; |
21 Addsimps [inj_h, inj_h RS inj_eq, surj_h]; |
21 Addsimps [inj_h, inj_h RS inj_eq, surj_h]; |
22 |
22 |
23 val f_def = thm "f_def"; |
23 val f_def = thm "f_def"; |
24 val g_def = thm "g_def"; |
24 val g_def = thm "g_def"; |
25 |
25 |
44 Goalw [extend_set_def] |
44 Goalw [extend_set_def] |
45 "z : extend_set h A = (f z : A)"; |
45 "z : extend_set h A = (f z : A)"; |
46 by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1); |
46 by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1); |
47 qed "mem_extend_set_iff"; |
47 qed "mem_extend_set_iff"; |
48 AddIffs [mem_extend_set_iff]; |
48 AddIffs [mem_extend_set_iff]; |
|
49 |
|
50 Goal "{s. P (f s)} = extend_set h {s. P s}"; |
|
51 by Auto_tac; |
|
52 qed "Collect_eq_extend_set"; |
49 |
53 |
50 (*Converse appears to fail*) |
54 (*Converse appears to fail*) |
51 Goalw [project_set_def] "z : C ==> f z : project_set h C"; |
55 Goalw [project_set_def] "z : C ==> f z : project_set h C"; |
52 by (auto_tac (claset() addIs [h_f_g_eq RS ssubst], |
56 by (auto_tac (claset() addIs [h_f_g_eq RS ssubst], |
53 simpset())); |
57 simpset())); |
362 by (full_simp_tac (simpset() addsimps [project_constrains]) 1); |
366 by (full_simp_tac (simpset() addsimps [project_constrains]) 1); |
363 by (etac constrains_weaken_L 1); |
367 by (etac constrains_weaken_L 1); |
364 by (auto_tac (claset() addDs [reachable_imp_reachable_project], simpset())); |
368 by (auto_tac (claset() addDs [reachable_imp_reachable_project], simpset())); |
365 qed "project_Constrains_D"; |
369 qed "project_Constrains_D"; |
366 |
370 |
367 Goalw [Stable_def] |
371 Goalw [Stable_def] "project h F : Stable A ==> F : Stable (extend_set h A)"; |
368 "project h F : Stable A ==> F : Stable (extend_set h A)"; |
|
369 by (asm_simp_tac (simpset() addsimps [project_Constrains_D]) 1); |
372 by (asm_simp_tac (simpset() addsimps [project_Constrains_D]) 1); |
370 qed "project_Stable_D"; |
373 qed "project_Stable_D"; |
|
374 |
|
375 Goalw [Always_def] "project h F : Always A ==> F : Always (extend_set h A)"; |
|
376 by (force_tac (claset() addIs [reachable.Init, project_set_I], |
|
377 simpset() addsimps [project_Stable_D]) 1); |
|
378 qed "project_Always_D"; |
|
379 |
|
380 Goalw [Increasing_def] |
|
381 "project h F : Increasing func ==> F : Increasing (func o f)"; |
|
382 by Auto_tac; |
|
383 by (stac Collect_eq_extend_set 1); |
|
384 by (asm_simp_tac (simpset() addsimps [project_Stable_D]) 1); |
|
385 qed "project_Increasing_D"; |
371 |
386 |
372 |
387 |
373 (*** Programs of the form ((extend h F) Join G) |
388 (*** Programs of the form ((extend h F) Join G) |
374 in other words programs containing an extended component ***) |
389 in other words programs containing an extended component ***) |
375 |
390 |
414 by (asm_full_simp_tac |
429 by (asm_full_simp_tac |
415 (simpset() addsimps [extend_set_Int_distrib RS sym, |
430 (simpset() addsimps [extend_set_Int_distrib RS sym, |
416 extend_constrains, |
431 extend_constrains, |
417 project_constrains RS sym, |
432 project_constrains RS sym, |
418 project_extend_Join]) 2); |
433 project_extend_Join]) 2); |
419 by (blast_tac (claset() addIs [constrains_weaken, |
434 by (blast_tac (claset() addIs [constrains_weaken, reachable_extend_Join_D]) 1); |
420 reachable_extend_Join_D]) 1); |
|
421 qed "extend_Join_Constrains"; |
435 qed "extend_Join_Constrains"; |
422 |
436 |
423 Goal "F Join project h G : Stable A \ |
437 Goal "F Join project h G : Stable A \ |
424 \ ==> extend h F Join G : Stable (extend_set h A)"; |
438 \ ==> extend h F Join G : Stable (extend_set h A)"; |
425 by (asm_full_simp_tac (simpset() addsimps [Stable_def, |
439 by (asm_full_simp_tac (simpset() addsimps [Stable_def, |
578 \ (F : X guarantees Y)"; |
592 \ (F : X guarantees Y)"; |
579 by (blast_tac (claset() addIs [guarantees_imp_extend_guarantees, |
593 by (blast_tac (claset() addIs [guarantees_imp_extend_guarantees, |
580 extend_guarantees_imp_guarantees]) 1); |
594 extend_guarantees_imp_guarantees]) 1); |
581 qed "extend_guarantees_eq"; |
595 qed "extend_guarantees_eq"; |
582 |
596 |
583 |
|
584 (*Weak precondition and postcondition; this is the good one! |
597 (*Weak precondition and postcondition; this is the good one! |
585 Not clear that it has a converse [or that we want one!] |
598 Not clear that it has a converse [or that we want one!] *) |
586 Can trivially satisfy the constraint on X by taking X = project h `` XX*) |
|
587 val [xguary,project,extend] = |
599 val [xguary,project,extend] = |
588 Goal "[| F : X guarantees Y; \ |
600 Goal "[| F : X guarantees Y; \ |
589 \ !!H. H : XX ==> project h H : X; \ |
601 \ !!G. extend h F Join G : XX ==> F Join project h G : X; \ |
590 \ !!G. F Join project h G : Y ==> extend h F Join G : YY |] \ |
602 \ !!G. F Join project h G : Y ==> extend h F Join G : YY |] \ |
591 \ ==> extend h F : XX guarantees YY"; |
603 \ ==> extend h F : XX guarantees YY"; |
592 by (rtac (xguary RS guaranteesD RS extend RS guaranteesI) 1); |
604 by (rtac (xguary RS guaranteesD RS extend RS guaranteesI) 1); |
593 by (dtac project 1); |
605 by (etac project 1); |
594 by (full_simp_tac (simpset() addsimps [project_extend_Join]) 1); |
|
595 qed "project_guarantees"; |
606 qed "project_guarantees"; |
596 |
607 |
597 (** It seems that neither "guarantees" law can be proved from the other. **) |
608 (** It seems that neither "guarantees" law can be proved from the other. **) |
598 |
609 |
599 |
610 |
600 |
|
601 (*** guarantees corollaries ***) |
611 (*** guarantees corollaries ***) |
602 |
|
603 Goal "{s. P (f s)} = extend_set h {s. P s}"; |
|
604 by Auto_tac; |
|
605 qed "Collect_eq_extend_set"; |
|
606 |
612 |
607 Goalw [increasing_def] |
613 Goalw [increasing_def] |
608 "F : UNIV guarantees increasing func \ |
614 "F : UNIV guarantees increasing func \ |
609 \ ==> extend h F : UNIV guarantees increasing (func o f)"; |
615 \ ==> extend h F : UNIV guarantees increasing (func o f)"; |
610 by (etac project_guarantees 1); |
616 by (etac project_guarantees 1); |
635 by (asm_full_simp_tac |
641 by (asm_full_simp_tac |
636 (simpset() addsimps [extend_stable, project_stable, |
642 (simpset() addsimps [extend_stable, project_stable, |
637 stable_Join]) 2); |
643 stable_Join]) 2); |
638 (*the "localTo" requirement*) |
644 (*the "localTo" requirement*) |
639 by (asm_simp_tac |
645 by (asm_simp_tac |
640 (simpset() addsimps [Diff_project_stable, |
646 (simpset() addsimps [project_extend_Join RS sym, |
|
647 Diff_project_stable, |
641 Collect_eq_extend_set RS sym]) 1); |
648 Collect_eq_extend_set RS sym]) 1); |
642 qed "extend_localTo_guar_increasing"; |
649 qed "extend_localTo_guar_increasing"; |
643 |
650 |
644 Goalw [localTo_def, Increasing_def] |
651 Goalw [localTo_def, Increasing_def] |
645 "F : (func localTo F) guarantees Increasing func \ |
652 "F : (func localTo F) guarantees Increasing func \ |
650 by (stac Collect_eq_extend_set 2); |
657 by (stac Collect_eq_extend_set 2); |
651 (*the "Increasing" guarantee*) |
658 (*the "Increasing" guarantee*) |
652 by (asm_simp_tac (simpset() addsimps [extend_Join_Stable]) 2); |
659 by (asm_simp_tac (simpset() addsimps [extend_Join_Stable]) 2); |
653 (*the "localTo" requirement*) |
660 (*the "localTo" requirement*) |
654 by (asm_simp_tac |
661 by (asm_simp_tac |
655 (simpset() addsimps [Diff_project_stable, |
662 (simpset() addsimps [project_extend_Join RS sym, |
|
663 Diff_project_stable, |
656 Collect_eq_extend_set RS sym]) 1); |
664 Collect_eq_extend_set RS sym]) 1); |
657 qed "extend_localTo_guar_Increasing"; |
665 qed "extend_localTo_guar_Increasing"; |
658 |
666 |
659 Close_locale "Extend"; |
667 Close_locale "Extend"; |