# HG changeset patch
# User wenzelm
# Date 1435311862 -7200
# Node ID 0318b43ee95c5e3333b85a5322f3f6d52b1b8f14
# Parent 1d31e3a503739e051005632562f7b96a08c0ad50
more symbols;
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Action.thy
--- a/src/HOL/TLA/Action.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Action.thy Fri Jun 26 11:44:22 2015 +0200
@@ -1,4 +1,4 @@
-(* Title: HOL/TLA/Action.thy
+(* Title: HOL/TLA/Action.thy
Author: Stephan Merz
Copyright: 1998 University of Munich
*)
@@ -66,9 +66,9 @@
defs
square_def: "ACT [A]_v == ACT (A | unchanged v)"
- angle_def: "ACT _v == ACT (A & ~ unchanged v)"
+ angle_def: "ACT _v == ACT (A & \ unchanged v)"
- enabled_def: "s |= Enabled A == EX u. (s,u) |= A"
+ enabled_def: "s |= Enabled A == \u. (s,u) |= A"
(* The following assertion specializes "intI" for any world type
@@ -76,7 +76,7 @@
*)
lemma actionI [intro!]:
- assumes "!!s t. (s,t) |= A"
+ assumes "\s t. (s,t) |= A"
shows "|- A"
apply (rule assms intI prod.induct)+
done
@@ -87,11 +87,11 @@
lemma pr_rews [int_rewrite]:
"|- (#c)` = #c"
- "!!f. |- f` = f"
- "!!f. |- f` = f"
- "!!f. |- f` = f"
- "|- (! x. P x)` = (! x. (P x)`)"
- "|- (? x. P x)` = (? x. (P x)`)"
+ "\f. |- f` = f"
+ "\f. |- f` = f"
+ "\f. |- f` = f"
+ "|- (\x. P x)` = (\x. (P x)`)"
+ "|- (\x. P x)` = (\x. (P x)`)"
by (rule actionI, unfold unl_after intensional_rews, rule refl)+
@@ -137,7 +137,7 @@
lemma busy_squareI: "(s,t) |= A ==> (s,t) |= [A]_v"
by (simp add: square_def)
-
+
lemma squareE [elim]:
"[| (s,t) |= [A]_v; A (s,t) ==> B (s,t); v t = v s ==> B (s,t) |] ==> B (s,t)"
apply (unfold square_def action_rews)
@@ -145,34 +145,34 @@
apply simp_all
done
-lemma squareCI [intro]: "[| v t ~= v s ==> A (s,t) |] ==> (s,t) |= [A]_v"
+lemma squareCI [intro]: "[| v t \ v s ==> A (s,t) |] ==> (s,t) |= [A]_v"
apply (unfold square_def action_rews)
apply (rule disjCI)
apply (erule (1) meta_mp)
done
-lemma angleI [intro]: "!!s t. [| A (s,t); v t ~= v s |] ==> (s,t) |= _v"
+lemma angleI [intro]: "\s t. [| A (s,t); v t \ v s |] ==> (s,t) |= _v"
by (simp add: angle_def)
-lemma angleE [elim]: "[| (s,t) |= _v; [| A (s,t); v t ~= v s |] ==> R |] ==> R"
+lemma angleE [elim]: "[| (s,t) |= _v; [| A (s,t); v t \ v s |] ==> R |] ==> R"
apply (unfold angle_def action_rews)
apply (erule conjE)
apply simp
done
lemma square_simulation:
- "!!f. [| |- unchanged f & ~B --> unchanged g;
- |- A & ~unchanged g --> B
+ "\f. [| |- unchanged f & \B --> unchanged g;
+ |- A & \unchanged g --> B
|] ==> |- [A]_f --> [B]_g"
apply clarsimp
apply (erule squareE)
apply (auto simp add: square_def)
done
-lemma not_square: "|- (~ [A]_v) = <~A>_v"
+lemma not_square: "|- (\ [A]_v) = <\A>_v"
by (auto simp: square_def angle_def)
-lemma not_angle: "|- (~ _v) = [~A]_v"
+lemma not_angle: "|- (\ _v) = [\A]_v"
by (auto simp: square_def angle_def)
@@ -181,13 +181,13 @@
lemma enabledI: "|- A --> $Enabled A"
by (auto simp add: enabled_def)
-lemma enabledE: "[| s |= Enabled A; !!u. A (s,u) ==> Q |] ==> Q"
+lemma enabledE: "[| s |= Enabled A; \u. A (s,u) ==> Q |] ==> Q"
apply (unfold enabled_def)
apply (erule exE)
apply simp
done
-lemma notEnabledD: "|- ~$Enabled G --> ~ G"
+lemma notEnabledD: "|- \$Enabled G --> \ G"
by (auto simp add: enabled_def)
(* Monotonicity *)
@@ -203,7 +203,7 @@
(* stronger variant *)
lemma enabled_mono2:
assumes min: "s |= Enabled F"
- and maj: "!!t. F (s,t) ==> G (s,t)"
+ and maj: "\t. F (s,t) ==> G (s,t)"
shows "s |= Enabled G"
apply (rule min [THEN enabledE])
apply (rule enabledI [action_use])
@@ -239,13 +239,13 @@
apply (erule disjE enabled_disj1 [action_use] enabled_disj2 [action_use])+
done
-lemma enabled_ex: "|- Enabled (EX x. F x) = (EX x. Enabled (F x))"
+lemma enabled_ex: "|- Enabled (\x. F x) = (\x. Enabled (F x))"
by (force simp add: enabled_def)
(* A rule that combines enabledI and baseE, but generates fewer instantiations *)
lemma base_enabled:
- "[| basevars vs; EX c. ! u. vs u = c --> A(s,u) |] ==> s |= Enabled A"
+ "[| basevars vs; \c. \u. vs u = c --> A(s,u) |] ==> s |= Enabled A"
apply (erule exE)
apply (erule baseE)
apply (rule enabledI [action_use])
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Buffer/Buffer.thy
--- a/src/HOL/TLA/Buffer/Buffer.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Buffer/Buffer.thy Fri Jun 26 11:44:22 2015 +0200
@@ -21,24 +21,24 @@
defs
BInit_def: "BInit ic q oc == PRED q = #[]"
- Enq_def: "Enq ic q oc == ACT (ic$ ~= $ic)
+ Enq_def: "Enq ic q oc == ACT (ic$ \ $ic)
& (q$ = $q @ [ ic$ ])
& (oc$ = $oc)"
- Deq_def: "Deq ic q oc == ACT ($q ~= #[])
+ Deq_def: "Deq ic q oc == ACT ($q \ #[])
& (oc$ = hd< $q >)
& (q$ = tl< $q >)
& (ic$ = $ic)"
Next_def: "Next ic q oc == ACT (Enq ic q oc | Deq ic q oc)"
IBuffer_def: "IBuffer ic q oc == TEMP Init (BInit ic q oc)
- & [][Next ic q oc]_(ic,q,oc)
+ & \[Next ic q oc]_(ic,q,oc)
& WF(Deq ic q oc)_(ic,q,oc)"
- Buffer_def: "Buffer ic oc == TEMP (EEX q. IBuffer ic q oc)"
+ Buffer_def: "Buffer ic oc == TEMP (\\q. IBuffer ic q oc)"
(* ---------------------------- Data lemmas ---------------------------- *)
(*FIXME: move to theory List? Maybe as (tl xs = xs) = (xs = [])"?*)
-lemma tl_not_self [simp]: "xs ~= [] ==> tl xs ~= xs"
+lemma tl_not_self [simp]: "xs \ [] ==> tl xs \ xs"
by (auto simp: neq_Nil_conv)
@@ -52,14 +52,14 @@
(* Enabling condition for dequeue -- NOT NEEDED *)
lemma Deq_enabled:
- "!!q. basevars (ic,q,oc) ==> |- Enabled (_(ic,q,oc)) = (q ~= #[])"
+ "\q. basevars (ic,q,oc) ==> |- Enabled (_(ic,q,oc)) = (q \ #[])"
apply (unfold Deq_visible [temp_rewrite])
apply (force elim!: base_enabled [temp_use] enabledE [temp_use] simp: Deq_def)
done
(* For the left-to-right implication, we don't need the base variable stuff *)
lemma Deq_enabledE:
- "|- Enabled (_(ic,q,oc)) --> (q ~= #[])"
+ "|- Enabled (_(ic,q,oc)) --> (q \ #[])"
apply (unfold Deq_visible [temp_rewrite])
apply (auto elim!: enabledE simp add: Deq_def)
done
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Buffer/DBuffer.thy
--- a/src/HOL/TLA/Buffer/DBuffer.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Buffer/DBuffer.thy Fri Jun 26 11:44:22 2015 +0200
@@ -37,7 +37,7 @@
& (out$ = $out)" and
DBNext_def: "DBNext == ACT (DBEnq | DBDeq | DBPass)" and
DBuffer_def: "DBuffer == TEMP Init DBInit
- & [][DBNext]_(inp,mid,out,q1,q2)
+ & \[DBNext]_(inp,mid,out,q1,q2)
& WF(DBDeq)_(inp,mid,out,q1,q2)
& WF(DBPass)_(inp,mid,out,q1,q2)"
@@ -72,7 +72,7 @@
done
lemma DBDeq_enabled:
- "|- Enabled (_(inp,mid,out,q1,q2)) = (q2 ~= #[])"
+ "|- Enabled (_(inp,mid,out,q1,q2)) = (q2 \ #[])"
apply (unfold DBDeq_visible [action_rewrite])
apply (force intro!: DB_base [THEN base_enabled, temp_use]
elim!: enabledE simp: angle_def DBDeq_def Deq_def)
@@ -82,7 +82,7 @@
by (auto simp: angle_def DBPass_def Deq_def)
lemma DBPass_enabled:
- "|- Enabled (_(inp,mid,out,q1,q2)) = (q1 ~= #[])"
+ "|- Enabled (_(inp,mid,out,q1,q2)) = (q1 \ #[])"
apply (unfold DBPass_visible [action_rewrite])
apply (force intro!: DB_base [THEN base_enabled, temp_use]
elim!: enabledE simp: angle_def DBPass_def Deq_def)
@@ -90,15 +90,15 @@
(* The plan for proving weak fairness at the higher level is to prove
- (0) DBuffer => (Enabled (Deq inp qc out) ~> (Deq inp qc out))
+ (0) DBuffer => (Enabled (Deq inp qc out) \ (Deq inp qc out))
which is in turn reduced to the two leadsto conditions
- (1) DBuffer => (Enabled (Deq inp qc out) ~> q2 ~= [])
- (2) DBuffer => (q2 ~= [] ~> DBDeq)
+ (1) DBuffer => (Enabled (Deq inp qc out) \ q2 \ [])
+ (2) DBuffer => (q2 \ [] \ DBDeq)
and the fact that DBDeq implies _(inp,qc,out)
- (and therefore DBDeq ~> _(inp,qc,out) trivially holds).
+ (and therefore DBDeq \ _(inp,qc,out) trivially holds).
Condition (1) is reduced to
- (1a) DBuffer => (qc ~= [] /\ q2 = [] ~> q2 ~= [])
+ (1a) DBuffer => (qc \ [] /\ q2 = [] \ q2 \ [])
by standard leadsto rules (leadsto_classical) and rule Deq_enabledE.
Both (1a) and (2) are proved from DBuffer's WF conditions by standard
@@ -109,8 +109,8 @@
*)
(* Condition (1a) *)
-lemma DBFair_1a: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
- --> (qc ~= #[] & q2 = #[] ~> q2 ~= #[])"
+lemma DBFair_1a: "|- \[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
+ --> (qc \ #[] & q2 = #[] \ q2 \ #[])"
apply (rule WF1)
apply (force simp: db_defs)
apply (force simp: angle_def DBPass_def)
@@ -118,8 +118,8 @@
done
(* Condition (1) *)
-lemma DBFair_1: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
- --> (Enabled (_(inp,qc,out)) ~> q2 ~= #[])"
+lemma DBFair_1: "|- \[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
+ --> (Enabled (_(inp,qc,out)) \ q2 \ #[])"
apply clarsimp
apply (rule leadsto_classical [temp_use])
apply (rule DBFair_1a [temp_use, THEN LatticeTransitivity [temp_use]])
@@ -130,8 +130,8 @@
done
(* Condition (2) *)
-lemma DBFair_2: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBDeq)_(inp,mid,out,q1,q2)
- --> (q2 ~= #[] ~> DBDeq)"
+lemma DBFair_2: "|- \[DBNext]_(inp,mid,out,q1,q2) & WF(DBDeq)_(inp,mid,out,q1,q2)
+ --> (q2 \ #[] \ DBDeq)"
apply (rule WF_leadsto)
apply (force simp: DBDeq_enabled [temp_use])
apply (force simp: angle_def)
@@ -139,7 +139,7 @@
done
(* High-level fairness *)
-lemma DBFair: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
+lemma DBFair: "|- \[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)
& WF(DBDeq)_(inp,mid,out,q1,q2)
--> WF(Deq inp qc out)_(inp,qc,out)"
apply (auto simp del: qc_def intro!: leadsto_WF [temp_use]
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Inc/Inc.thy
--- a/src/HOL/TLA/Inc/Inc.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Inc/Inc.thy Fri Jun 26 11:44:22 2015 +0200
@@ -48,7 +48,7 @@
InitPhi_def: "InitPhi == PRED x = # 0 & y = # 0" and
M1_def: "M1 == ACT x$ = Suc<$x> & y$ = $y" and
M2_def: "M2 == ACT y$ = Suc<$y> & x$ = $x" and
- Phi_def: "Phi == TEMP Init InitPhi & [][M1 | M2]_(x,y)
+ Phi_def: "Phi == TEMP Init InitPhi & \[M1 | M2]_(x,y)
& WF(M1)_(x,y) & WF(M2)_(x,y)" and
(* definitions for low-level program *)
@@ -69,7 +69,7 @@
N1_def: "N1 == ACT (alpha1 | beta1 | gamma1)" and
N2_def: "N2 == ACT (alpha2 | beta2 | gamma2)" and
Psi_def: "Psi == TEMP Init InitPsi
- & [][N1 | N2]_(x,y,sem,pc1,pc2)
+ & \[N1 | N2]_(x,y,sem,pc1,pc2)
& SF(N1)_(x,y,sem,pc1,pc2)
& SF(N2)_(x,y,sem,pc1,pc2)" and
@@ -110,7 +110,7 @@
lemma PsiInv_stutter: "|- unchanged (x,y,sem,pc1,pc2) & $PsiInv --> PsiInv$"
by (auto simp: PsiInv_defs)
-lemma PsiInv: "|- Psi --> []PsiInv"
+lemma PsiInv: "|- Psi --> \PsiInv"
apply (invariant simp: Psi_def)
apply (force simp: PsiInv_Init [try_rewrite] Init_def)
apply (auto intro: PsiInv_alpha1 [try_rewrite] PsiInv_alpha2 [try_rewrite]
@@ -123,7 +123,7 @@
More realistic examples require user guidance anyway.
*)
-lemma "|- Psi --> []PsiInv"
+lemma "|- Psi --> \PsiInv"
by (auto_invariant simp: PsiInv_defs Psi_defs)
@@ -132,7 +132,7 @@
lemma Init_sim: "|- Psi --> Init InitPhi"
by (auto simp: InitPhi_def Psi_def InitPsi_def Init_def)
-lemma Step_sim: "|- Psi --> [][M1 | M2]_(x,y)"
+lemma Step_sim: "|- Psi --> \[M1 | M2]_(x,y)"
by (auto simp: square_def M1_def M2_def Psi_defs elim!: STL4E [temp_use])
@@ -154,7 +154,7 @@
the auxiliary lemmas are very similar.
*)
-lemma Stuck_at_b: "|- [][(N1 | N2) & ~ beta1]_(x,y,sem,pc1,pc2) --> stable(pc1 = #b)"
+lemma Stuck_at_b: "|- \[(N1 | N2) & \ beta1]_(x,y,sem,pc1,pc2) --> stable(pc1 = #b)"
by (auto elim!: Stable squareE simp: Psi_defs)
lemma N1_enabled_at_g: "|- pc1 = #g --> Enabled (_(x,y,sem,pc1,pc2))"
@@ -166,14 +166,14 @@
done
lemma g1_leadsto_a1:
- "|- [][(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N1)_(x,y,sem,pc1,pc2) & []#True
- --> (pc1 = #g ~> pc1 = #a)"
+ "|- \[(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2) & SF(N1)_(x,y,sem,pc1,pc2) & \#True
+ --> (pc1 = #g \ pc1 = #a)"
apply (rule SF1)
apply (tactic
{* action_simp_tac (@{context} addsimps @{thms Psi_defs}) [] [@{thm squareE}] 1 *})
apply (tactic
{* action_simp_tac (@{context} addsimps @{thm angle_def} :: @{thms Psi_defs}) [] [] 1 *})
- (* reduce |- []A --> <>Enabled B to |- A --> Enabled B *)
+ (* reduce |- \A --> \Enabled B to |- A --> Enabled B *)
apply (auto intro!: InitDmd_gen [temp_use] N1_enabled_at_g [temp_use]
dest!: STL2_gen [temp_use] simp: Init_def)
done
@@ -188,8 +188,8 @@
done
lemma g2_leadsto_a2:
- "|- [][(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True
- --> (pc2 = #g ~> pc2 = #a)"
+ "|- \[(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & \#True
+ --> (pc2 = #g \ pc2 = #a)"
apply (rule SF1)
apply (tactic {* action_simp_tac (@{context} addsimps @{thms Psi_defs}) [] [@{thm squareE}] 1 *})
apply (tactic {* action_simp_tac (@{context} addsimps @{thm angle_def} :: @{thms Psi_defs})
@@ -207,8 +207,8 @@
done
lemma b2_leadsto_g2:
- "|- [][(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True
- --> (pc2 = #b ~> pc2 = #g)"
+ "|- \[(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & \#True
+ --> (pc2 = #b \ pc2 = #g)"
apply (rule SF1)
apply (tactic
{* action_simp_tac (@{context} addsimps @{thms Psi_defs}) [] [@{thm squareE}] 1 *})
@@ -220,18 +220,18 @@
(* Combine above lemmas: the second component will eventually reach pc2 = a *)
lemma N2_leadsto_a:
- "|- [][(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & []#True
- --> (pc2 = #a | pc2 = #b | pc2 = #g ~> pc2 = #a)"
+ "|- \[(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2) & \#True
+ --> (pc2 = #a | pc2 = #b | pc2 = #g \ pc2 = #a)"
apply (auto intro!: LatticeDisjunctionIntro [temp_use])
apply (rule LatticeReflexivity [temp_use])
apply (rule LatticeTransitivity [temp_use])
apply (auto intro!: b2_leadsto_g2 [temp_use] g2_leadsto_a2 [temp_use])
done
-(* Get rid of disjunction on the left-hand side of ~> above. *)
+(* Get rid of disjunction on the left-hand side of \ above. *)
lemma N2_live:
- "|- [][(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2)
- --> <>(pc2 = #a)"
+ "|- \[(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2) & SF(N2)_(x,y,sem,pc1,pc2)
+ --> \(pc2 = #a)"
apply (auto simp: Init_defs intro!: N2_leadsto_a [temp_use, THEN [2] leadsto_init [temp_use]])
apply (case_tac "pc2 (st1 sigma)")
apply auto
@@ -249,9 +249,9 @@
done
lemma a1_leadsto_b1:
- "|- []($PsiInv & [(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2))
- & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2)
- --> (pc1 = #a ~> pc1 = #b)"
+ "|- \($PsiInv & [(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2))
+ & SF(N1)_(x,y,sem,pc1,pc2) & \ SF(N2)_(x,y,sem,pc1,pc2)
+ --> (pc1 = #a \ pc1 = #b)"
apply (rule SF1)
apply (tactic {* action_simp_tac (@{context} addsimps @{thms Psi_defs}) [] [@{thm squareE}] 1 *})
apply (tactic
@@ -263,9 +263,9 @@
(* Combine the leadsto properties for N1: it will arrive at pc1 = b *)
-lemma N1_leadsto_b: "|- []($PsiInv & [(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2))
- & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2)
- --> (pc1 = #b | pc1 = #g | pc1 = #a ~> pc1 = #b)"
+lemma N1_leadsto_b: "|- \($PsiInv & [(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2))
+ & SF(N1)_(x,y,sem,pc1,pc2) & \ SF(N2)_(x,y,sem,pc1,pc2)
+ --> (pc1 = #b | pc1 = #g | pc1 = #a \ pc1 = #b)"
apply (auto intro!: LatticeDisjunctionIntro [temp_use])
apply (rule LatticeReflexivity [temp_use])
apply (rule LatticeTransitivity [temp_use])
@@ -273,9 +273,9 @@
simp: split_box_conj)
done
-lemma N1_live: "|- []($PsiInv & [(N1 | N2) & ~beta1]_(x,y,sem,pc1,pc2))
- & SF(N1)_(x,y,sem,pc1,pc2) & [] SF(N2)_(x,y,sem,pc1,pc2)
- --> <>(pc1 = #b)"
+lemma N1_live: "|- \($PsiInv & [(N1 | N2) & \beta1]_(x,y,sem,pc1,pc2))
+ & SF(N1)_(x,y,sem,pc1,pc2) & \ SF(N2)_(x,y,sem,pc1,pc2)
+ --> \(pc1 = #b)"
apply (auto simp: Init_defs intro!: N1_leadsto_b [temp_use, THEN [2] leadsto_init [temp_use]])
apply (case_tac "pc1 (st1 sigma)")
apply auto
@@ -291,8 +291,8 @@
(* Now assemble the bits and pieces to prove that Psi is fair. *)
-lemma Fair_M1_lemma: "|- []($PsiInv & [(N1 | N2)]_(x,y,sem,pc1,pc2))
- & SF(N1)_(x,y,sem,pc1,pc2) & []SF(N2)_(x,y,sem,pc1,pc2)
+lemma Fair_M1_lemma: "|- \($PsiInv & [(N1 | N2)]_(x,y,sem,pc1,pc2))
+ & SF(N1)_(x,y,sem,pc1,pc2) & \SF(N2)_(x,y,sem,pc1,pc2)
--> SF(M1)_(x,y)"
apply (rule_tac B = beta1 and P = "PRED pc1 = #b" in SF2)
(* action premises *)
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Init.thy
--- a/src/HOL/TLA/Init.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Init.thy Fri Jun 26 11:44:22 2015 +0200
@@ -36,9 +36,9 @@
Init_def: "sigma |= Init F == (first_world sigma) |= F"
defs (overloaded)
- fw_temp_def: "first_world == %sigma. sigma"
+ fw_temp_def: "first_world == \sigma. sigma"
fw_stp_def: "first_world == st1"
- fw_act_def: "first_world == %sigma. (st1 sigma, st2 sigma)"
+ fw_act_def: "first_world == \sigma. (st1 sigma, st2 sigma)"
lemma const_simps [int_rewrite, simp]:
"|- (Init #True) = #True"
@@ -46,14 +46,14 @@
by (auto simp: Init_def)
lemma Init_simps1 [int_rewrite]:
- "!!F. |- (Init ~F) = (~ Init F)"
+ "\F. |- (Init \F) = (\ Init F)"
"|- (Init (P --> Q)) = (Init P --> Init Q)"
"|- (Init (P & Q)) = (Init P & Init Q)"
"|- (Init (P | Q)) = (Init P | Init Q)"
"|- (Init (P = Q)) = ((Init P) = (Init Q))"
- "|- (Init (!x. F x)) = (!x. (Init F x))"
- "|- (Init (? x. F x)) = (? x. (Init F x))"
- "|- (Init (?! x. F x)) = (?! x. (Init F x))"
+ "|- (Init (\x. F x)) = (\x. (Init F x))"
+ "|- (Init (\x. F x)) = (\x. (Init F x))"
+ "|- (Init (\!x. F x)) = (\!x. (Init F x))"
by (auto simp: Init_def)
lemma Init_stp_act: "|- (Init $P) = (Init P)"
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Intensional.thy
--- a/src/HOL/TLA/Intensional.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Intensional.thy Fri Jun 26 11:44:22 2015 +0200
@@ -39,7 +39,7 @@
"" :: "var => lift" ("_")
"_applC" :: "[lift, cargs] => lift" ("(1_/ _)" [1000, 1000] 999)
"" :: "lift => lift" ("'(_')")
- "_lambda" :: "[idts, 'a] => lift" ("(3%_./ _)" [0, 3] 3)
+ "_lambda" :: "[idts, 'a] => lift" ("(3\_./ _)" [0, 3] 3)
"_constrain" :: "[lift, type] => lift" ("(_::_)" [4, 0] 3)
"" :: "lift => liftargs" ("_")
"_liftargs" :: "[lift, liftargs] => liftargs" ("_,/ _")
@@ -155,29 +155,17 @@
"_liftMem" :: "[lift, lift] => lift" ("(_/ \ _)" [50, 51] 50)
"_liftNotMem" :: "[lift, lift] => lift" ("(_/ \ _)" [50, 51] 50)
-syntax (HTML output)
- "_liftNeq" :: "[lift, lift] => lift" (infixl "\" 50)
- "_liftNot" :: "lift => lift" ("\ _" [40] 40)
- "_liftAnd" :: "[lift, lift] => lift" (infixr "\" 35)
- "_liftOr" :: "[lift, lift] => lift" (infixr "\" 30)
- "_RAll" :: "[idts, lift] => lift" ("(3\_./ _)" [0, 10] 10)
- "_REx" :: "[idts, lift] => lift" ("(3\_./ _)" [0, 10] 10)
- "_REx1" :: "[idts, lift] => lift" ("(3\!_./ _)" [0, 10] 10)
- "_liftLeq" :: "[lift, lift] => lift" ("(_/ \ _)" [50, 51] 50)
- "_liftMem" :: "[lift, lift] => lift" ("(_/ \ _)" [50, 51] 50)
- "_liftNotMem" :: "[lift, lift] => lift" ("(_/ \ _)" [50, 51] 50)
-
defs
- Valid_def: "|- A == ALL w. w |= A"
+ Valid_def: "|- A == \w. w |= A"
unl_con: "LIFT #c w == c"
unl_lift: "lift f x w == f (x w)"
unl_lift2: "LIFT f w == f (x w) (y w)"
unl_lift3: "LIFT f w == f (x w) (y w) (z w)"
- unl_Rall: "w |= ALL x. A x == ALL x. (w |= A x)"
- unl_Rex: "w |= EX x. A x == EX x. (w |= A x)"
- unl_Rex1: "w |= EX! x. A x == EX! x. (w |= A x)"
+ unl_Rall: "w |= \x. A x == \x. (w |= A x)"
+ unl_Rex: "w |= \x. A x == \ x. (w |= A x)"
+ unl_Rex1: "w |= \!x. A x == \!x. (w |= A x)"
subsection {* Lemmas and tactics for "intensional" logics. *}
@@ -192,7 +180,7 @@
apply (erule spec)
done
-lemma intI [intro!]: "(!!w. w |= A) ==> |- A"
+lemma intI [intro!]: "(\w. w |= A) ==> |- A"
apply (unfold Valid_def)
apply (rule allI)
apply (erule meta_spec)
@@ -207,21 +195,21 @@
lemma int_simps:
"|- (x=x) = #True"
- "|- (~#True) = #False" "|- (~#False) = #True" "|- (~~ P) = P"
- "|- ((~P) = P) = #False" "|- (P = (~P)) = #False"
- "|- (P ~= Q) = (P = (~Q))"
+ "|- (\#True) = #False" "|- (\#False) = #True" "|- (\\ P) = P"
+ "|- ((\P) = P) = #False" "|- (P = (\P)) = #False"
+ "|- (P \ Q) = (P = (\Q))"
"|- (#True=P) = P" "|- (P=#True) = P"
"|- (#True --> P) = P" "|- (#False --> P) = #True"
"|- (P --> #True) = #True" "|- (P --> P) = #True"
- "|- (P --> #False) = (~P)" "|- (P --> ~P) = (~P)"
+ "|- (P --> #False) = (\P)" "|- (P --> \P) = (\P)"
"|- (P & #True) = P" "|- (#True & P) = P"
"|- (P & #False) = #False" "|- (#False & P) = #False"
- "|- (P & P) = P" "|- (P & ~P) = #False" "|- (~P & P) = #False"
+ "|- (P & P) = P" "|- (P & \P) = #False" "|- (\P & P) = #False"
"|- (P | #True) = #True" "|- (#True | P) = #True"
"|- (P | #False) = P" "|- (#False | P) = P"
- "|- (P | P) = P" "|- (P | ~P) = #True" "|- (~P | P) = #True"
- "|- (! x. P) = P" "|- (? x. P) = P"
- "|- (~Q --> ~P) = (P --> Q)"
+ "|- (P | P) = P" "|- (P | \P) = #True" "|- (\P | P) = #True"
+ "|- (\x. P) = P" "|- (\x. P) = P"
+ "|- (\Q --> \P) = (P --> Q)"
"|- (P|Q --> R) = ((P-->R)&(Q-->R))"
apply (unfold Valid_def intensional_rews)
apply blast+
@@ -296,10 +284,10 @@
attribute_setup int_use =
{* Scan.succeed (Thm.rule_attribute (int_use o Context.proof_of)) *}
-lemma Not_Rall: "|- (~(! x. F x)) = (? x. ~F x)"
+lemma Not_Rall: "|- (\(\x. F x)) = (\x. \F x)"
by (simp add: Valid_def)
-lemma Not_Rex: "|- (~ (? x. F x)) = (! x. ~ F x)"
+lemma Not_Rex: "|- (\ (\x. F x)) = (\x. \ F x)"
by (simp add: Valid_def)
end
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Memory/MemClerk.thy
--- a/src/HOL/TLA/Memory/MemClerk.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Memory/MemClerk.thy Fri Jun 26 11:44:22 2015 +0200
@@ -16,7 +16,7 @@
definition
(* state predicates *)
MClkInit :: "mClkRcvChType => mClkStType => PrIds => stpred"
- where "MClkInit rcv cst p = PRED (cst!p = #clkA & ~Calling rcv p)"
+ where "MClkInit rcv cst p = PRED (cst!p = #clkA & \Calling rcv p)"
definition
(* actions *)
@@ -39,7 +39,7 @@
definition
MClkReply :: "mClkSndChType => mClkRcvChType => mClkStType => PrIds => action"
where "MClkReply send rcv cst p = ACT
- ~$Calling rcv p
+ \$Calling rcv p
& $(cst!p) = #clkB
& Return send p MClkReplyVal>
& (cst!p)$ = #clkA
@@ -57,13 +57,13 @@
MClkIPSpec :: "mClkSndChType => mClkRcvChType => mClkStType => PrIds => temporal"
where "MClkIPSpec send rcv cst p = TEMP
Init MClkInit rcv cst p
- & [][ MClkNext send rcv cst p ]_(cst!p, rtrner send!p, caller rcv!p)
+ & \[ MClkNext send rcv cst p ]_(cst!p, rtrner send!p, caller rcv!p)
& WF(MClkFwd send rcv cst p)_(cst!p, rtrner send!p, caller rcv!p)
& SF(MClkReply send rcv cst p)_(cst!p, rtrner send!p, caller rcv!p)"
definition
MClkISpec :: "mClkSndChType => mClkRcvChType => mClkStType => temporal"
- where "MClkISpec send rcv cst = TEMP (ALL p. MClkIPSpec send rcv cst p)"
+ where "MClkISpec send rcv cst = TEMP (\p. MClkIPSpec send rcv cst p)"
lemmas MC_action_defs =
MClkInit_def MClkFwd_def MClkRetry_def MClkReply_def MClkNext_def
@@ -73,17 +73,17 @@
(* The Clerk engages in an action for process p only if there is an outstanding,
unanswered call for that process.
*)
-lemma MClkidle: "|- ~$Calling send p & $(cst!p) = #clkA --> ~MClkNext send rcv cst p"
+lemma MClkidle: "|- \$Calling send p & $(cst!p) = #clkA --> \MClkNext send rcv cst p"
by (auto simp: Return_def MC_action_defs)
-lemma MClkbusy: "|- $Calling rcv p --> ~MClkNext send rcv cst p"
+lemma MClkbusy: "|- $Calling rcv p --> \MClkNext send rcv cst p"
by (auto simp: Call_def MC_action_defs)
(* Enabledness of actions *)
-lemma MClkFwd_enabled: "!!p. basevars (rtrner send!p, caller rcv!p, cst!p) ==>
- |- Calling send p & ~Calling rcv p & cst!p = #clkA
+lemma MClkFwd_enabled: "\p. basevars (rtrner send!p, caller rcv!p, cst!p) ==>
+ |- Calling send p & \Calling rcv p & cst!p = #clkA
--> Enabled (MClkFwd send rcv cst p)"
by (tactic {* action_simp_tac (@{context} addsimps [@{thm MClkFwd_def},
@{thm Call_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI]
@@ -97,8 +97,8 @@
_(cst!p, rtrner send!p, caller rcv!p)"
by (auto simp: angle_def MClkReply_def elim: Return_changed [temp_use])
-lemma MClkReply_enabled: "!!p. basevars (rtrner send!p, caller rcv!p, cst!p) ==>
- |- Calling send p & ~Calling rcv p & cst!p = #clkB
+lemma MClkReply_enabled: "\p. basevars (rtrner send!p, caller rcv!p, cst!p) ==>
+ |- Calling send p & \Calling rcv p & cst!p = #clkB
--> Enabled (_(cst!p, rtrner send!p, caller rcv!p))"
apply (tactic {* action_simp_tac @{context}
[@{thm MClkReply_change} RSN (2, @{thm enabled_mono})] [] 1 *})
@@ -107,7 +107,7 @@
[exI] [@{thm base_enabled}, @{thm Pair_inject}] 1 *})
done
-lemma MClkReplyNotRetry: "|- MClkReply send rcv cst p --> ~MClkRetry send rcv cst p"
+lemma MClkReplyNotRetry: "|- MClkReply send rcv cst p --> \MClkRetry send rcv cst p"
by (auto simp: MClkReply_def MClkRetry_def)
end
diff -r 1d31e3a50373 -r 0318b43ee95c src/HOL/TLA/Memory/Memory.thy
--- a/src/HOL/TLA/Memory/Memory.thy Fri Jun 26 11:07:04 2015 +0200
+++ b/src/HOL/TLA/Memory/Memory.thy Fri Jun 26 11:44:22 2015 +0200
@@ -63,31 +63,31 @@
#l : #MemLoc & ((rs!p)$ = $(mm!l))"
(* a read that raises BadArg *)
BadRead_def: "BadRead mm rs p l == ACT
- #l ~: #MemLoc & ((rs!p)$ = #BadArg)"
+ #l \ #MemLoc & ((rs!p)$ = #BadArg)"
(* the read action with l visible *)
ReadInner_def: "ReadInner ch mm rs p l == ACT
$(RdRequest ch p l)
& (GoodRead mm rs p l | BadRead mm rs p l)
& unchanged (rtrner ch ! p)"
(* the read action with l quantified *)
- Read_def: "Read ch mm rs p == ACT (EX l. ReadInner ch mm rs p l)"
+ Read_def: "Read ch mm rs p == ACT (\l. ReadInner ch mm rs p l)"
(* similar definitions for the write action *)
GoodWrite_def: "GoodWrite mm rs p l v == ACT
#l : #MemLoc & #v : #MemVal
& ((mm!l)$ = #v) & ((rs!p)$ = #OK)"
BadWrite_def: "BadWrite mm rs p l v == ACT
- ~ (#l : #MemLoc & #v : #MemVal)
+ \ (#l : #MemLoc & #v : #MemVal)
& ((rs!p)$ = #BadArg) & unchanged (mm!l)"
WriteInner_def: "WriteInner ch mm rs p l v == ACT
$(WrRequest ch p l v)
& (GoodWrite mm rs p l v | BadWrite mm rs p l v)
& unchanged (rtrner ch ! p)"
- Write_def: "Write ch mm rs p l == ACT (EX v. WriteInner ch mm rs p l v)"
+ Write_def: "Write ch mm rs p l == ACT (\v. WriteInner ch mm rs p l v)"
(* the return action *)
MemReturn_def: "MemReturn ch rs p == ACT
- ( ($(rs!p) ~= #NotAResult)
+ ( ($(rs!p) \ #NotAResult)
& ((rs!p)$ = #NotAResult)
& Return ch p (rs!p))"
@@ -99,33 +99,33 @@
(* next-state relations for reliable / unreliable memory *)
RNext_def: "RNext ch mm rs p == ACT
( Read ch mm rs p
- | (EX l. Write ch mm rs p l)
+ | (\l. Write ch mm rs p l)
| MemReturn ch rs p)"
UNext_def: "UNext ch mm rs p == ACT
(RNext ch mm rs p | MemFail ch rs p)"
RPSpec_def: "RPSpec ch mm rs p == TEMP
Init(PInit rs p)
- & [][ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
+ & \[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
& WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
& WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
UPSpec_def: "UPSpec ch mm rs p == TEMP
Init(PInit rs p)
- & [][ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
+ & \[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
& WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
& WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
MSpec_def: "MSpec ch mm rs l == TEMP
Init(MInit mm l)
- & [][ EX p. Write ch mm rs p l ]_(mm!l)"
+ & \[ \p. Write ch mm rs p l ]_(mm!l)"
IRSpec_def: "IRSpec ch mm rs == TEMP
- (ALL p. RPSpec ch mm rs p)
- & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
+ (\p. RPSpec ch mm rs p)
+ & (\l. #l : #MemLoc --> MSpec ch mm rs l)"
IUSpec_def: "IUSpec ch mm rs == TEMP
- (ALL p. UPSpec ch mm rs p)
- & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
+ (\p. UPSpec ch mm rs p)
+ & (\l. #l : #MemLoc --> MSpec ch mm rs l)"
- RSpec_def: "RSpec ch rs == TEMP (EEX mm. IRSpec ch mm rs)"
- USpec_def: "USpec ch == TEMP (EEX mm rs. IUSpec ch mm rs)"
+ RSpec_def: "RSpec ch rs == TEMP (\\mm. IRSpec ch mm rs)"
+ USpec_def: "USpec ch == TEMP (\\mm rs. IUSpec ch mm rs)"
MemInv_def: "MemInv mm l == PRED #l : #MemLoc --> mm!l : #MemVal"
@@ -146,15 +146,15 @@
by (force simp: UNext_def UPSpec_def IUSpec_def RM_temp_defs elim!: STL4E [temp_use] squareE)
(* The memory spec implies the memory invariant *)
-lemma MemoryInvariant: "|- MSpec ch mm rs l --> [](MemInv mm l)"
+lemma MemoryInvariant: "|- MSpec ch mm rs l --> \(MemInv mm l)"
by (auto_invariant simp: RM_temp_defs RM_action_defs)
(* The invariant is trivial for non-locations *)
-lemma NonMemLocInvariant: "|- #l ~: #MemLoc --> [](MemInv mm l)"
+lemma NonMemLocInvariant: "|- #l \ #MemLoc --> \(MemInv mm l)"
by (auto simp: MemInv_def intro!: necT [temp_use])
lemma MemoryInvariantAll:
- "|- (ALL l. #l : #MemLoc --> MSpec ch mm rs l) --> (ALL l. [](MemInv mm l))"
+ "|- (\l. #l : #MemLoc --> MSpec ch mm rs l) --> (\l. \(MemInv mm l))"
apply clarify
apply (auto elim!: MemoryInvariant [temp_use] NonMemLocInvariant [temp_use])
done
@@ -164,7 +164,7 @@
We need this only for the reliable memory.
*)
-lemma Memoryidle: "|- ~$(Calling ch p) --> ~ RNext ch mm rs p"
+lemma Memoryidle: "|- \$(Calling ch p) --> \ RNext ch mm rs p"
by (auto simp: Return_def RM_action_defs)
(* Enabledness conditions *)
@@ -172,8 +172,8 @@
lemma MemReturn_change: "|- MemReturn ch rs p --> _(rtrner ch ! p, rs!p)"
by (force simp: MemReturn_def angle_def)
-lemma MemReturn_enabled: "!!p. basevars (rtrner ch ! p, rs!p) ==>
- |- Calling ch p & (rs!p ~= #NotAResult)
+lemma MemReturn_enabled: "\p. basevars (rtrner ch ! p, rs!p) ==>
+ |- Calling ch p & (rs!p \ #NotAResult)
--> Enabled (_(rtrner ch ! p, rs!p))"
apply (tactic
{* action_simp_tac @{context} [@{thm MemReturn_change} RSN (2, @{thm enabled_mono}) ] [] 1 *})
@@ -182,14 +182,14 @@
@{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1 *})
done
-lemma ReadInner_enabled: "!!p. basevars (rtrner ch ! p, rs!p) ==>
+lemma ReadInner_enabled: "\p. basevars (rtrner ch ! p, rs!p) ==>
|- Calling ch p & (arg = #(read l)) --> Enabled (ReadInner ch mm rs p l)"
apply (case_tac "l : MemLoc")
apply (force simp: ReadInner_def GoodRead_def BadRead_def RdRequest_def
intro!: exI elim!: base_enabled [temp_use])+
done
-lemma WriteInner_enabled: "!!p. basevars (mm!l, rtrner ch ! p, rs!p) ==>
+lemma WriteInner_enabled: "\p. basevars (mm!l, rtrner ch ! p, rs!p) ==>
|- Calling ch p & (arg = #(write l v))
--> Enabled (WriteInner ch mm rs p l v)"
apply (case_tac "l:MemLoc & v:MemVal")
@@ -197,18 +197,18 @@
intro!: exI elim!: base_enabled [temp_use])+
done
-lemma ReadResult: "|- Read ch mm rs p & (!l. $(MemInv mm l)) --> (rs!p)` ~= #NotAResult"
+lemma ReadResult: "|- Read ch mm rs p & (\l. $(MemInv mm l)) --> (rs!p)` \ #NotAResult"
by (force simp: Read_def ReadInner_def GoodRead_def BadRead_def MemInv_def)
-lemma WriteResult: "|- Write ch mm rs p l --> (rs!p)` ~= #NotAResult"
+lemma WriteResult: "|- Write ch mm rs p l --> (rs!p)` \ #NotAResult"
by (auto simp: Write_def WriteInner_def GoodWrite_def BadWrite_def)
-lemma ReturnNotReadWrite: "|- (ALL l. $MemInv mm l) & MemReturn ch rs p
- --> ~ Read ch mm rs p & (ALL l. ~ Write ch mm rs p l)"
+lemma ReturnNotReadWrite: "|- (\l. $MemInv mm l) & MemReturn ch rs p
+ --> \ Read ch mm rs p & (\l. \ Write ch mm rs p l)"
by (auto simp: MemReturn_def dest!: WriteResult [temp_use] ReadResult [temp_use])
lemma RWRNext_enabled: "|- (rs!p = #NotAResult) & (!l. MemInv mm l)
- & Enabled (Read ch mm rs p | (? l. Write ch mm rs p l))
+ & Enabled (Read ch mm rs p | (\