Mercurial Mercurial > repos > isabelle / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/UNITY/Simple/Reach.thy
changeset 13785 e2fcd88be55d
parent 12338 de0f4a63baa5
child 13806 fd40c9d9076b 
--- a/src/HOL/UNITY/Simple/Reach.thy	Thu Jan 23 10:30:14 2003 +0100
+++ b/src/HOL/UNITY/Simple/Reach.thy	Fri Jan 24 14:06:49 2003 +0100
@@ -4,14 +4,14 @@
     Copyright   1998  University of Cambridge
 
 Reachability in Directed Graphs.  From Chandy and Misra, section 6.4.
+	[this example took only four days!]
 *)
 
-Reach = FP + SubstAx +
+theory Reach = UNITY_Main:
 
-types   vertex
-        state = "vertex=>bool"
+typedecl vertex
 
-arities vertex :: type
+types    state = "vertex=>bool"
 
 consts
   init ::  "vertex"
@@ -23,21 +23,142 @@
   asgt  :: "[vertex,vertex] => (state*state) set"
     "asgt u v == {(s,s'). s' = s(v:= s u | s v)}"
 
-  Rprg :: state program
+  Rprg :: "state program"
     "Rprg == mk_program ({%v. v=init}, UN (u,v): edges. {asgt u v}, UNIV)"
 
-  reach_invariant :: state set
+  reach_invariant :: "state set"
     "reach_invariant == {s. (ALL v. s v --> (init, v) : edges^*) & s init}"
 
-  fixedpoint :: state set
+  fixedpoint :: "state set"
     "fixedpoint == {s. ALL (u,v): edges. s u --> s v}"
 
-  metric :: state => nat
+  metric :: "state => nat"
     "metric s == card {v. ~ s v}"
 
-rules
+
+text{**We assume that the set of vertices is finite*}
+axioms 
+  finite_graph:  "finite (UNIV :: vertex set)"
+  
+
+
+
+(*TO SIMPDATA.ML??  FOR CLASET??  *)
+lemma ifE [elim!]:
+    "[| if P then Q else R;     
+        [| P;   Q |] ==> S;     
+        [| ~ P; R |] ==> S |] ==> S"
+by (simp split: split_if_asm) 
+
+
+declare Rprg_def [THEN def_prg_Init, simp]
+
+declare asgt_def [THEN def_act_simp,simp]
+
+(*All vertex sets are finite*)
+declare finite_subset [OF subset_UNIV finite_graph, iff]
+
+declare reach_invariant_def [THEN def_set_simp, simp]
+
+lemma reach_invariant: "Rprg : Always reach_invariant"
+apply (rule AlwaysI, force) 
+apply (unfold Rprg_def, constrains) 
+apply (blast intro: rtrancl_trans)
+done
+
+
+(*** Fixedpoint ***)
+
+(*If it reaches a fixedpoint, it has found a solution*)
+lemma fixedpoint_invariant_correct: 
+     "fixedpoint Int reach_invariant = { %v. (init, v) : edges^* }"
+apply (unfold fixedpoint_def)
+apply (rule equalityI)
+apply (auto intro!: ext)
+ prefer 2 apply (blast intro: rtrancl_trans)
+apply (erule rtrancl_induct, auto)
+done
+
+lemma lemma1: 
+     "FP Rprg <= fixedpoint"
+apply (unfold FP_def fixedpoint_def stable_def constrains_def Rprg_def, auto)
+apply (drule bspec, assumption)
+apply (simp add: Image_singleton image_iff)
+apply (drule fun_cong, auto)
+done
+
+lemma lemma2: 
+     "fixedpoint <= FP Rprg"
+apply (unfold FP_def fixedpoint_def stable_def constrains_def Rprg_def)
+apply (auto intro!: ext)
+done
+
+lemma FP_fixedpoint: "FP Rprg = fixedpoint"
+by (rule equalityI [OF lemma1 lemma2])
+
 
-  (*We assume that the set of vertices is finite*)
-  finite_graph "finite (UNIV :: vertex set)"
-  
+(*If we haven't reached a fixedpoint then there is some edge for which u but
+  not v holds.  Progress will be proved via an ENSURES assertion that the
+  metric will decrease for each suitable edge.  A union over all edges proves
+  a LEADSTO assertion that the metric decreases if we are not at a fixedpoint.
+  *)
+
+lemma Compl_fixedpoint: "- fixedpoint = (UN (u,v): edges. {s. s u & ~ s v})"
+apply (simp add: Compl_FP UN_UN_flatten FP_fixedpoint [symmetric] Rprg_def, auto)
+ apply (rule fun_upd_idem, force)
+apply (force intro!: rev_bexI simp add: fun_upd_idem_iff)
+done
+
+lemma Diff_fixedpoint:
+     "A - fixedpoint = (UN (u,v): edges. A Int {s. s u & ~ s v})"
+apply (simp add: Diff_eq Compl_fixedpoint, blast)
+done
+
+
+(*** Progress ***)
+
+lemma Suc_metric: "~ s x ==> Suc (metric (s(x:=True))) = metric s"
+apply (unfold metric_def)
+apply (subgoal_tac "{v. ~ (s (x:=True)) v} = {v. ~ s v} - {x}")
+ prefer 2 apply force
+apply (simp add: card_Suc_Diff1)
+done
+
+lemma metric_less [intro!]: "~ s x ==> metric (s(x:=True)) < metric s"
+by (erule Suc_metric [THEN subst], blast)
+
+lemma metric_le: "metric (s(y:=s x | s y)) <= metric s"
+apply (case_tac "s x --> s y")
+apply (auto intro: less_imp_le simp add: fun_upd_idem)
+done
+
+lemma LeadsTo_Diff_fixedpoint:
+     "Rprg : ((metric-`{m}) - fixedpoint) LeadsTo (metric-`(lessThan m))"
+apply (simp (no_asm) add: Diff_fixedpoint Rprg_def)
+apply (rule LeadsTo_UN, auto)
+apply (ensures_tac "asgt a b")
+ prefer 2 apply blast
+apply (simp (no_asm_use) add: not_less_iff_le)
+apply (drule metric_le [THEN order_antisym]) 
+apply (auto elim: less_not_refl3 [THEN [2] rev_notE])
+done
+
+lemma LeadsTo_Un_fixedpoint:
+     "Rprg : (metric-`{m}) LeadsTo (metric-`(lessThan m) Un fixedpoint)"
+apply (rule LeadsTo_Diff [OF LeadsTo_Diff_fixedpoint [THEN LeadsTo_weaken_R]
+                             subset_imp_LeadsTo], auto)
+done
+
+
+(*Execution in any state leads to a fixedpoint (i.e. can terminate)*)
+lemma LeadsTo_fixedpoint: "Rprg : UNIV LeadsTo fixedpoint"
+apply (rule LessThan_induct, auto)
+apply (rule LeadsTo_Un_fixedpoint)
+done
+
+lemma LeadsTo_correct: "Rprg : UNIV LeadsTo { %v. (init, v) : edges^* }"
+apply (subst fixedpoint_invariant_correct [symmetric])
+apply (rule Always_LeadsTo_weaken [OF reach_invariant LeadsTo_fixedpoint], auto)
+done
+
 end
isabelle