src/HOL/HOLCF/IOA/ABP/Correctness.thy

 (*  Title:      HOL/HOLCF/IOA/ABP/Correctness.thy
     Author:     Olaf Müller
 *)
 
-section {* The main correctness proof: System_fin implements System *}
+section \<open>The main correctness proof: System_fin implements System\<close>
 
 theory Correctness
 imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Env Impl Impl_finite
 begin
 

 lemmas hom_ioas =
   env_ioas [simp] impl_ioas [simp] impl_trans [simp] impl_asigs [simp]
   asig_projections set_lemmas
 
 
-subsection {* lemmas about reduce *}
+subsection \<open>lemmas about reduce\<close>
 
 lemma l_iff_red_nil: "(reduce l = []) = (l = [])"
   by (induct l) (auto split: list.split)
 
 lemma hd_is_reduce_hd: "s ~= [] --> hd s = hd (reduce s)"
   by (induct s) (auto split: list.split)
 
-text {* to be used in the following Lemma *}
+text \<open>to be used in the following Lemma\<close>
 lemma rev_red_not_nil [rule_format]:
     "l ~= [] --> reverse (reduce l) ~= []"
   by (induct l) (auto split: list.split)
 
-text {* shows applicability of the induction hypothesis of the following Lemma 1 *}
+text \<open>shows applicability of the induction hypothesis of the following Lemma 1\<close>
 lemma last_ind_on_first:
     "l ~= [] ==> hd (reverse (reduce (a # l))) = hd (reverse (reduce l))"
   apply simp
-  apply (tactic {* auto_tac (put_simpset HOL_ss @{context}
+  apply (tactic \<open>auto_tac (put_simpset HOL_ss @{context}
     addsimps (@{thms reverse.simps} @ [@{thm hd_append}, @{thm rev_red_not_nil}])
-    |> Splitter.add_split @{thm list.split}) *})
+    |> Splitter.add_split @{thm list.split})\<close>)
   done
 
-text {* Main Lemma 1 for @{text "S_pkt"} in showing that reduce is refinement. *}
+text \<open>Main Lemma 1 for \<open>S_pkt\<close> in showing that reduce is refinement.\<close>
 lemma reduce_hd:
    "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then
        reduce(l@[x])=reduce(l) else
        reduce(l@[x])=reduce(l)@[x]"
 apply (simplesubst split_if)
 apply (rule conjI)
-txt {* @{text "-->"} *}
+txt \<open>\<open>-->\<close>\<close>
 apply (induct_tac "l")
 apply (simp (no_asm))
 apply (case_tac "list=[]")
  apply simp
  apply (rule impI)

 apply (cut_tac l = "list" in cons_not_nil)
  apply (simp del: reduce_Cons)
  apply (erule exE)+
  apply hypsubst
 apply (simp del: reduce_Cons add: last_ind_on_first l_iff_red_nil)
-txt {* @{text "<--"} *}
+txt \<open>\<open><--\<close>\<close>
 apply (simp (no_asm) add: and_de_morgan_and_absorbe l_iff_red_nil)
 apply (induct_tac "l")
 apply (simp (no_asm))
 apply (case_tac "list=[]")
 apply (cut_tac [2] l = "list" in cons_not_nil)

 apply (auto simp del: reduce_Cons simp add: last_ind_on_first l_iff_red_nil split: split_if)
 apply simp
 done
 
 
-text {* Main Lemma 2 for R_pkt in showing that reduce is refinement. *}
+text \<open>Main Lemma 2 for R_pkt in showing that reduce is refinement.\<close>
 lemma reduce_tl: "s~=[] ==>
      if hd(s)=hd(tl(s)) & tl(s)~=[] then
        reduce(tl(s))=reduce(s) else
        reduce(tl(s))=tl(reduce(s))"
 apply (cut_tac l = "s" in cons_not_nil)

 apply (erule exE)+
 apply (auto split: list.split)
 done
 
 
-subsection {* Channel Abstraction *}
+subsection \<open>Channel Abstraction\<close>
 
 declare split_if [split del]
 
 lemma channel_abstraction: "is_weak_ref_map reduce ch_ioa ch_fin_ioa"
 apply (simp (no_asm) add: is_weak_ref_map_def)
-txt {* main-part *}
+txt \<open>main-part\<close>
 apply (rule allI)+
 apply (rule imp_conj_lemma)
 apply (induct_tac "a")
-txt {* 2 cases *}
+txt \<open>2 cases\<close>
 apply (simp_all (no_asm) cong del: if_weak_cong add: externals_def)
-txt {* fst case *}
+txt \<open>fst case\<close>
  apply (rule impI)
  apply (rule disjI2)
 apply (rule reduce_hd)
-txt {* snd case *}
+txt \<open>snd case\<close>
  apply (rule impI)
  apply (erule conjE)+
  apply (erule disjE)
 apply (simp add: l_iff_red_nil)
 apply (erule hd_is_reduce_hd [THEN mp])

 done
 
 declare split_if [split]
 
 lemma sender_abstraction: "is_weak_ref_map reduce srch_ioa srch_fin_ioa"
-apply (tactic {*
+apply (tactic \<open>
   simp_tac (put_simpset HOL_ss @{context}
     addsimps [@{thm srch_fin_ioa_def}, @{thm rsch_fin_ioa_def},
       @{thm srch_ioa_def}, @{thm rsch_ioa_def}, @{thm rename_through_pmap},
-      @{thm channel_abstraction}]) 1 *})
+      @{thm channel_abstraction}]) 1\<close>)
 done
 
 lemma receiver_abstraction: "is_weak_ref_map reduce rsch_ioa rsch_fin_ioa"
-apply (tactic {*
+apply (tactic \<open>
   simp_tac (put_simpset HOL_ss @{context}
     addsimps [@{thm srch_fin_ioa_def}, @{thm rsch_fin_ioa_def},
       @{thm srch_ioa_def}, @{thm rsch_ioa_def}, @{thm rename_through_pmap},
-      @{thm channel_abstraction}]) 1 *})
-done
-
-
-text {* 3 thms that do not hold generally! The lucky restriction here is
-   the absence of internal actions. *}
+      @{thm channel_abstraction}]) 1\<close>)
+done
+
+
+text \<open>3 thms that do not hold generally! The lucky restriction here is
+   the absence of internal actions.\<close>
 lemma sender_unchanged: "is_weak_ref_map (%id. id) sender_ioa sender_ioa"
 apply (simp (no_asm) add: is_weak_ref_map_def)
-txt {* main-part *}
+txt \<open>main-part\<close>
 apply (rule allI)+
 apply (induct_tac a)
-txt {* 7 cases *}
+txt \<open>7 cases\<close>
 apply (simp_all (no_asm) add: externals_def)
 done
 
-text {* 2 copies of before *}
+text \<open>2 copies of before\<close>
 lemma receiver_unchanged: "is_weak_ref_map (%id. id) receiver_ioa receiver_ioa"
 apply (simp (no_asm) add: is_weak_ref_map_def)
-txt {* main-part *}
+txt \<open>main-part\<close>
 apply (rule allI)+
 apply (induct_tac a)
-txt {* 7 cases *}
+txt \<open>7 cases\<close>
 apply (simp_all (no_asm) add: externals_def)
 done
 
 lemma env_unchanged: "is_weak_ref_map (%id. id) env_ioa env_ioa"
 apply (simp (no_asm) add: is_weak_ref_map_def)
-txt {* main-part *}
+txt \<open>main-part\<close>
 apply (rule allI)+
 apply (induct_tac a)
-txt {* 7 cases *}
+txt \<open>7 cases\<close>
 apply (simp_all (no_asm) add: externals_def)
 done
 
 
 lemma compat_single_ch: "compatible srch_ioa rsch_ioa"

 apply (rule set_eqI)
 apply (induct_tac x)
 apply simp_all
 done
 
-text {* totally the same as before *}
+text \<open>totally the same as before\<close>
 lemma compat_single_fin_ch: "compatible srch_fin_ioa rsch_fin_ioa"
 apply (simp add: compatible_def Int_def)
 apply (rule set_eqI)
 apply (induct_tac x)
 apply simp_all

 apply (rule set_eqI)
 apply (induct_tac x)
 apply simp_all
 done
 
-text {* 5 proofs totally the same as before *}
+text \<open>5 proofs totally the same as before\<close>
 lemma compat_rec_fin: "compatible receiver_ioa (srch_fin_ioa \<parallel> rsch_fin_ioa)"
 apply (simp del: del_simps
   add: compatible_def asig_of_par asig_comp_def actions_def Int_def)
 apply simp
 apply (rule set_eqI)

 apply (induct_tac x)
 apply simp_all
 done
 
 
-text {* lemmata about externals of channels *}
+text \<open>lemmata about externals of channels\<close>
 lemma ext_single_ch: "externals(asig_of(srch_fin_ioa)) = externals(asig_of(srch_ioa)) &
     externals(asig_of(rsch_fin_ioa)) = externals(asig_of(rsch_ioa))"
   by (simp add: externals_def)
 
 
-subsection {* Soundness of Abstraction *}
+subsection \<open>Soundness of Abstraction\<close>
 
 lemmas ext_simps = externals_of_par ext_single_ch
   and compat_simps = compat_single_ch compat_single_fin_ch compat_rec
     compat_rec_fin compat_sen compat_sen_fin compat_env compat_env_fin
   and abstractions = env_unchanged sender_unchanged