src/HOLCF/IOA/NTP/Impl.thy
changeset 17244 0b2ff9541727
parent 14981 e73f8140af78
child 19739 c58ef2aa5430
--- a/src/HOLCF/IOA/NTP/Impl.thy	Sat Sep 03 16:49:48 2005 +0200
+++ b/src/HOLCF/IOA/NTP/Impl.thy	Sat Sep 03 16:50:22 2005 +0200
@@ -1,70 +1,76 @@
 (*  Title:      HOL/IOA/NTP/Impl.thy
     ID:         $Id$
     Author:     Tobias Nipkow & Konrad Slind
-
-The implementation.
 *)
 
-Impl = Sender + Receiver + Abschannel +
+header {* The implementation *}
 
-types 
+theory Impl
+imports Sender Receiver Abschannel
+begin
 
-'m impl_state 
+types
+
+'m impl_state
 = "'m sender_state * 'm receiver_state * 'm packet multiset * bool multiset"
 (*  sender_state   *  receiver_state   *    srch_state      * rsch_state *)
 
 
 consts
- impl_ioa    :: ('m action, 'm impl_state)ioa
- sen         :: 'm impl_state => 'm sender_state
- rec         :: 'm impl_state => 'm receiver_state
- srch        :: 'm impl_state => 'm packet multiset
- rsch        :: 'm impl_state => bool multiset
- inv1, inv2, 
- inv3, inv4  :: 'm impl_state => bool
- hdr_sum     :: 'm packet multiset => bool => nat
+ impl_ioa    :: "('m action, 'm impl_state)ioa"
+ sen         :: "'m impl_state => 'm sender_state"
+ rec         :: "'m impl_state => 'm receiver_state"
+ srch        :: "'m impl_state => 'm packet multiset"
+ rsch        :: "'m impl_state => bool multiset"
+ inv1  :: "'m impl_state => bool"
+ inv2  :: "'m impl_state => bool"
+ inv3  :: "'m impl_state => bool"
+ inv4  :: "'m impl_state => bool"
+ hdr_sum     :: "'m packet multiset => bool => nat"
 
 defs
 
- impl_def
+ impl_def:
   "impl_ioa == (sender_ioa || receiver_ioa || srch_ioa || rsch_ioa)"
 
- sen_def   "sen == fst"
- rec_def   "rec == fst o snd"
- srch_def "srch == fst o snd o snd"
- rsch_def "rsch == snd o snd o snd"
+ sen_def:   "sen == fst"
+ rec_def:   "rec == fst o snd"
+ srch_def: "srch == fst o snd o snd"
+ rsch_def: "rsch == snd o snd o snd"
 
-hdr_sum_def
+hdr_sum_def:
    "hdr_sum M b == countm M (%pkt. hdr(pkt) = b)"
 
 (* Lemma 5.1 *)
-inv1_def 
-  "inv1(s) ==                                                                 
-     (!b. count (rsent(rec s)) b = count (srcvd(sen s)) b + count (rsch s) b) 
-   & (!b. count (ssent(sen s)) b                                              
+inv1_def:
+  "inv1(s) ==
+     (!b. count (rsent(rec s)) b = count (srcvd(sen s)) b + count (rsch s) b)
+   & (!b. count (ssent(sen s)) b
           = hdr_sum (rrcvd(rec s)) b + hdr_sum (srch s) b)"
 
 (* Lemma 5.2 *)
- inv2_def "inv2(s) ==                                                   
-  (rbit(rec(s)) = sbit(sen(s)) &                                       
-   ssending(sen(s)) &                                                  
+ inv2_def: "inv2(s) ==
+  (rbit(rec(s)) = sbit(sen(s)) &
+   ssending(sen(s)) &
    count (rsent(rec s)) (~sbit(sen s)) <= count (ssent(sen s)) (~sbit(sen s)) &
-   count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)))  
-   |                                                                   
-  (rbit(rec(s)) = (~sbit(sen(s))) &                                    
-   rsending(rec(s)) &                                                  
+   count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)))
+   |
+  (rbit(rec(s)) = (~sbit(sen(s))) &
+   rsending(rec(s)) &
    count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)) &
    count (rsent(rec s)) (sbit(sen s)) <= count (ssent(sen s)) (sbit(sen s)))"
 
 (* Lemma 5.3 *)
- inv3_def "inv3(s) ==                                                   
-   rbit(rec(s)) = sbit(sen(s))                                         
-   --> (!m. sq(sen(s))=[] | m ~= hd(sq(sen(s)))                        
-        -->  count (rrcvd(rec s)) (sbit(sen(s)),m)                     
-             + count (srch s) (sbit(sen(s)),m)                         
+ inv3_def: "inv3(s) ==
+   rbit(rec(s)) = sbit(sen(s))
+   --> (!m. sq(sen(s))=[] | m ~= hd(sq(sen(s)))
+        -->  count (rrcvd(rec s)) (sbit(sen(s)),m)
+             + count (srch s) (sbit(sen(s)),m)
             <= count (rsent(rec s)) (~sbit(sen s)))"
 
 (* Lemma 5.4 *)
- inv4_def "inv4(s) == rbit(rec(s)) = (~sbit(sen(s))) --> sq(sen(s)) ~= []"
+ inv4_def: "inv4(s) == rbit(rec(s)) = (~sbit(sen(s))) --> sq(sen(s)) ~= []"
+
+ML {* use_legacy_bindings (the_context ()) *}
 
 end