# HG changeset patch # User paulson # Date 929608770 -7200 # Node ID 588f791ee7379f2eae34785ed5f4dc96327a9e2e # Parent 44da4a2a9ef31d81ed668e97381ef62be9e10df3 addition of drop_... operators with new results and simplification of old ones diff -r 44da4a2a9ef3 -r 588f791ee737 src/HOL/UNITY/PPROD.ML --- a/src/HOL/UNITY/PPROD.ML Thu Jun 17 10:36:03 1999 +0200 +++ b/src/HOL/UNITY/PPROD.ML Thu Jun 17 10:39:30 1999 +0200 @@ -11,6 +11,8 @@ (*** Basic properties ***) +(** lift_set and drop_set **) + Goalw [lift_set_def] "(f : lift_set i A) = (f i : A)"; by Auto_tac; qed "lift_set_iff"; @@ -20,11 +22,31 @@ by Auto_tac; qed "lift_set_Int"; +(*USED?? converse fails*) +Goalw [drop_set_def] "f : A ==> f i : drop_set i A"; +by Auto_tac; +qed "drop_set_I"; + +(** lift_act and drop_act **) + Goalw [lift_act_def] "lift_act i Id = Id"; by Auto_tac; qed "lift_act_Id"; Addsimps [lift_act_Id]; +Goalw [drop_act_def] "(s, s') : act ==> (s i, s' i) : drop_act i act"; +by (auto_tac (claset() addSIs [image_eqI], simpset())); +qed "drop_act_I"; + +Goalw [drop_act_def] "drop_act i Id = Id"; +by Auto_tac; +by (res_inst_tac [("x", "((%u. x), (%u. x))")] image_eqI 1); +by Auto_tac; +qed "drop_act_Id"; +Addsimps [drop_act_Id]; + +(** lift_prog and drop_prog **) + Goalw [lift_prog_def] "Init (lift_prog i F) = lift_set i (Init F)"; by Auto_tac; qed "Init_lift_prog"; @@ -33,46 +55,87 @@ Goalw [lift_prog_def] "Acts (lift_prog i F) = lift_act i `` Acts F"; by (auto_tac (claset() addIs [Id_in_Acts RSN (2,image_eqI)], simpset())); qed "Acts_lift_prog"; +Addsimps [Acts_lift_prog]; + +Goalw [drop_prog_def] "Init (drop_prog i F) = drop_set i (Init F)"; +by Auto_tac; +qed "Init_drop_prog"; +Addsimps [Init_drop_prog]; + +Goalw [drop_prog_def] "Acts (drop_prog i F) = drop_act i `` Acts F"; +by (auto_tac (claset() addIs [Id_in_Acts RSN (2,image_eqI)], simpset())); +qed "Acts_drop_prog"; +Addsimps [Acts_drop_prog]; + +Goal "F component G ==> lift_prog i F component lift_prog i G"; +by (full_simp_tac (simpset() addsimps [component_eq_subset]) 1); +by Auto_tac; +qed "lift_prog_mono"; + +Goal "F component G ==> drop_prog i F component drop_prog i G"; +by (full_simp_tac (simpset() addsimps [component_eq_subset, drop_set_def]) 1); +by Auto_tac; +qed "drop_prog_mono"; + +Goal "lift_prog i SKIP = SKIP"; +by (auto_tac (claset() addSIs [program_equalityI], + simpset() addsimps [SKIP_def, lift_prog_def])); +qed "lift_prog_SKIP"; + +Goal "lift_prog i (F Join G) = (lift_prog i F) Join (lift_prog i G)"; +by (rtac program_equalityI 1); +by (auto_tac (claset(), simpset() addsimps [Acts_Join])); +qed "lift_prog_Join"; + +Goal "lift_prog i (JOIN I F) = (JN j:I. lift_prog i (F j))"; +by (rtac program_equalityI 1); +by (auto_tac (claset(), simpset() addsimps [Acts_JN])); +qed "lift_prog_JN"; + +Goal "drop_prog i SKIP = SKIP"; +by (auto_tac (claset() addSIs [program_equalityI], + simpset() addsimps [SKIP_def, drop_set_def, drop_prog_def])); +qed "drop_prog_SKIP"; (** Injectivity of lift_set, lift_act, lift_prog **) -Goalw [inj_on_def] "inj (lift_set i)"; -by (simp_tac (simpset() addsimps [lift_set_def]) 1); -by (fast_tac (claset() addEs [equalityE]) 1); +Goalw [lift_set_def, drop_set_def] "drop_set i (lift_set i F) = F"; +by Auto_tac; +qed "lift_set_inverse"; +Addsimps [lift_set_inverse]; + +Goal "inj (lift_set i)"; +by (rtac inj_on_inverseI 1); +by (rtac lift_set_inverse 1); qed "inj_lift_set"; -Goalw [lift_act_def] "lift_act i x <= lift_act i y ==> x <= y"; +Goalw [lift_act_def, drop_act_def] "drop_act i (lift_act i act) = act"; by Auto_tac; -by (dres_inst_tac [("c", "((%s. a), (%s. a)(i:=b))")] subsetD 1); -by Auto_tac; -by (dres_inst_tac [("x", "i")] fun_cong 1); +by (REPEAT_FIRST (resolve_tac [exI, conjI])); by Auto_tac; -val lemma = result(); +qed "lift_act_inverse"; +Addsimps [lift_act_inverse]; -Goalw [inj_on_def] "inj (lift_act i)"; -by (blast_tac (claset() addEs [equalityE] - addDs [lemma]) 1); +Goal "inj (lift_act i)"; +by (rtac inj_on_inverseI 1); +by (rtac lift_act_inverse 1); qed "inj_lift_act"; -Goal "insert Id (lift_act i `` Acts F) = (lift_act i `` Acts F)"; -by (rtac (image_eqI RS insert_absorb) 1); -by (rtac Id_in_Acts 2); -by (rtac (lift_act_Id RS sym) 1); -qed "insert_Id_lift_act_eq"; +Goal "drop_prog i (lift_prog i F) = F"; +by (simp_tac (simpset() addsimps [lift_prog_def, drop_prog_def]) 1); +by (rtac program_equalityI 1); +by (simp_tac (simpset() addsimps [image_compose RS sym, o_def]) 2); +by (Simp_tac 1); +qed "lift_prog_inverse"; +Addsimps [lift_prog_inverse]; -Goalw [inj_on_def] "inj (lift_prog i)"; -by (simp_tac (simpset() addsimps [lift_prog_def]) 1); -by Auto_tac; -by (etac program_equalityE 1); -by (full_simp_tac - (simpset() addsimps [insert_Id_lift_act_eq, inj_lift_set RS inj_eq, - inj_lift_act RS inj_image_eq_iff]) 1); -by (blast_tac (claset() addSIs [program_equalityI]) 1); +Goal "inj (lift_prog i)"; +by (rtac inj_on_inverseI 1); +by (rtac lift_prog_inverse 1); qed "inj_lift_prog"; - (** PPROD **) Goalw [PPROD_def] "Init (PPROD I F) = (INT i:I. lift_set i (Init (F i)))"; @@ -88,7 +151,7 @@ Goal "Acts (PPROD I F) = insert Id (UN i:I. lift_act i `` Acts (F i))"; by (auto_tac (claset(), - simpset() addsimps [PPROD_def, Acts_lift_prog, Acts_JN])); + simpset() addsimps [PPROD_def, Acts_JN])); qed "Acts_PPROD"; Goal "PPROD {} F = SKIP"; @@ -96,8 +159,7 @@ qed "PPROD_empty"; Goal "(PPI i: I. SKIP) = SKIP"; -by (auto_tac (claset() addSIs [program_equalityI], - simpset() addsimps [Acts_lift_prog, SKIP_def, Acts_PPROD])); +by (simp_tac (simpset() addsimps [PPROD_def,lift_prog_SKIP,JN_constant]) 1); qed "PPROD_SKIP"; Addsimps [PPROD_SKIP, PPROD_empty]; @@ -115,12 +177,12 @@ (*** Safety: co, stable, invariant ***) -(** 1st formulation of lifting **) +(** Safety and lift_prog **) Goal "(lift_prog i F : (lift_set i A) co (lift_set i B)) = \ \ (F : A co B)"; by (auto_tac (claset(), - simpset() addsimps [constrains_def, Acts_lift_prog])); + simpset() addsimps [constrains_def])); by (Blast_tac 2); by (Force_tac 1); qed "lift_prog_constrains_eq"; @@ -129,14 +191,36 @@ by (simp_tac (simpset() addsimps [stable_def, lift_prog_constrains_eq]) 1); qed "lift_prog_stable_eq"; -(*This one looks strange! Proof probably is by case analysis on i=j.*) +(*This one looks strange! Proof probably is by case analysis on i=j. + If i~=j then lift_prog j (F j) does nothing to lift_set i, and the + premise ensures A<=B.*) Goal "F i : A co B \ \ ==> lift_prog j (F j) : (lift_set i A) co (lift_set i B)"; by (auto_tac (claset(), - simpset() addsimps [constrains_def, Acts_lift_prog])); + simpset() addsimps [constrains_def])); by (REPEAT (Blast_tac 1)); qed "constrains_imp_lift_prog_constrains"; +(** safety properties for program unit j hold trivially of unit i **) +Goalw [constrains_def] + "[| i~=j; A<= B|] ==> lift_prog i F : (lift_set j A) co (lift_set j B)"; +by Auto_tac; +qed "neq_imp_lift_prog_constrains"; + +Goalw [stable_def] + "i~=j ==> lift_prog i F : stable (lift_set j A)"; +by (blast_tac (claset() addIs [neq_imp_lift_prog_constrains]) 1); +qed "neq_imp_lift_prog_stable"; + +bind_thm ("neq_imp_lift_prog_Constrains", + neq_imp_lift_prog_constrains RS constrains_imp_Constrains); + +bind_thm ("neq_imp_lift_prog_Stable", + neq_imp_lift_prog_stable RS stable_imp_Stable); + + +(** Safety and PPROD **) + Goal "i : I ==> \ \ (PPROD I F : (lift_set i A) co (lift_set i B)) = \ \ (F i : A co B)"; @@ -150,19 +234,18 @@ qed "PPROD_stable"; -(** 2nd formulation of lifting **) +(** Safety, lift_prog + drop_set **) Goal "[| lift_prog i F : AA co BB |] \ -\ ==> F : (Applyall AA i) co (Applyall BB i)"; +\ ==> F : (drop_set i AA) co (drop_set i BB)"; by (auto_tac (claset(), - simpset() addsimps [Applyall_def, constrains_def, - Acts_lift_prog])); + simpset() addsimps [constrains_def, drop_set_def])); by (force_tac (claset() addSIs [rinst [("x", "?ff(i := ?u)")] image_eqI], simpset()) 1); qed "lift_prog_constrains_projection"; Goal "[| PPROD I F : AA co BB; i: I |] \ -\ ==> F i : (Applyall AA i) co (Applyall BB i)"; +\ ==> F i : (drop_set i AA) co (drop_set i BB)"; by (rtac lift_prog_constrains_projection 1); (*rotate this assumption to be last*) by (dres_inst_tac [("psi", "PPROD I F : ?C")] asm_rl 1); @@ -217,22 +300,22 @@ Goal "s : reachable F ==> f(i:=s) : reachable (lift_prog i F)"; by (etac reachable.induct 1); by (force_tac (claset() addIs [reachable.Acts, ext], - simpset() addsimps [Acts_lift_prog]) 2); + simpset()) 2); by (force_tac (claset() addIs [reachable.Init], simpset()) 1); qed "reachable_lift_progI"; Goal "f : reachable (lift_prog i F) ==> f i : reachable F"; by (etac reachable.induct 1); -by (auto_tac (claset(), simpset() addsimps [Acts_lift_prog])); +by Auto_tac; by (ALLGOALS (blast_tac (claset() addIs reachable.intrs))); qed "reachable_lift_progD"; Goal "reachable (lift_prog i F) = lift_set i (reachable F)"; -auto(); -be reachable_lift_progD 1; +by Auto_tac; +by (etac reachable_lift_progD 1); ren "f" 1; by (dres_inst_tac [("f","f"),("i","i")] reachable_lift_progI 1); -auto(); +by Auto_tac; qed "reachable_lift_prog"; Goal "(lift_prog i F : (lift_set i A) Co (lift_set i B)) = \ @@ -278,7 +361,7 @@ by (eres_inst_tac [("xa","f")] reachable.induct 1); (*Init of PPROD F, action of F case*) by (res_inst_tac [("act","lift_act i act")] reachable.Acts 1); -by (force_tac (claset(), simpset() addsimps [Acts_lift_prog, Acts_Join]) 1); +by (force_tac (claset(), simpset() addsimps [Acts_Join]) 1); by (force_tac (claset() addIs [reachable.Init], simpset()) 1); by (force_tac (claset() addIs [ext], simpset() addsimps [lift_act_def]) 1); (*last case: an action of PPROD I F*) @@ -316,16 +399,15 @@ simpset() addsimps [Constrains_def, Collect_conj_eq RS sym, reachable_PPROD_eq])); by (auto_tac (claset(), - simpset() addsimps [constrains_def, Acts_lift_prog, PPROD_def, - Acts_JN])); + simpset() addsimps [constrains_def, PPROD_def, Acts_JN])); by (REPEAT (blast_tac (claset() addIs reachable.intrs) 1)); qed "Constrains_imp_PPROD_Constrains"; Goal "[| ALL i:I. f0 i : R i; i: I |] \ -\ ==> Applyall ({f. (ALL i:I. f i : R i)} Int lift_set i A) i = R i Int A"; +\ ==> drop_set i ({f. (ALL i:I. f i : R i)} Int lift_set i A) = R i Int A"; by (force_tac (claset() addSIs [rinst [("x", "?ff(i := ?u)")] image_eqI], - simpset() addsimps [Applyall_def, lift_set_def]) 1); -qed "Applyall_Int_depend"; + simpset() addsimps [drop_set_def, lift_set_def]) 1); +qed "drop_set_Int_depend"; (*Again, we need the f0 premise so that PPROD I F has an initial state; otherwise its Co-property is vacuous.*) @@ -338,7 +420,7 @@ by (dtac PPROD_constrains_projection 1); by (assume_tac 1); by (asm_full_simp_tac - (simpset() addsimps [Applyall_Int_depend, reachable_PPROD_eq]) 1); + (simpset() addsimps [drop_set_Int_depend, reachable_PPROD_eq]) 1); qed "PPROD_Constrains_imp_Constrains"; @@ -359,9 +441,9 @@ (** PFUN (no dependence on i) doesn't require the f0 premise **) Goal "i: I \ -\ ==> Applyall ({f. (ALL i:I. f i : R)} Int lift_set i A) i = R Int A"; -by (force_tac (claset(), simpset() addsimps [Applyall_def]) 1); -qed "Applyall_Int"; +\ ==> drop_set i ({f. (ALL i:I. f i : R)} Int lift_set i A) = R Int A"; +by (force_tac (claset(), simpset() addsimps [drop_set_def]) 1); +qed "drop_set_Int"; Goal "[| (PPI x:I. F) : (lift_set i A) Co (lift_set i B); \ \ i: I; finite I |] \ @@ -370,7 +452,7 @@ by (dtac PPROD_constrains_projection 1); by (assume_tac 1); by (asm_full_simp_tac - (simpset() addsimps [Applyall_Int, Collect_conj_eq RS sym, + (simpset() addsimps [drop_set_Int, Collect_conj_eq RS sym, reachable_PPROD_eq]) 1); qed "PFUN_Constrains_imp_Constrains"; @@ -390,7 +472,6 @@ (*** guarantees properties ***) - Goal "drop_act i (lift_act i act) = act"; by (force_tac (claset() addSIs [rinst [("x", "?ff(i := ?u)")] exI], simpset() addsimps [drop_act_def, lift_act_def]) 1); @@ -398,25 +479,28 @@ Addsimps [lift_act_inverse]; -Goal "(lift_prog i F) Join G = lift_prog i H \ -\ ==> EX J. H = F Join J"; -by (etac program_equalityE 1); -by (auto_tac (claset(), simpset() addsimps [Acts_lift_prog, Acts_Join])); -by (res_inst_tac [("x", - "mk_program(Applyall(Init G) i, drop_act i `` Acts G)")] - exI 1); +(*Because A and B could differ outside i, cannot generalize result to + drop_set i (A Int B) = drop_set i A Int drop_set i B +*) +Goalw [lift_set_def, drop_set_def] + "drop_set i ((lift_set i A) Int B) = A Int (drop_set i B)"; +by Auto_tac; +qed "drop_set_lift_set_Int"; + +Goal "drop_prog i ((lift_prog i F) Join G) = F Join (drop_prog i G)"; by (rtac program_equalityI 1); -(*Init*) -by (simp_tac (simpset() addsimps [Applyall_def]) 1); -(*Blast_tac can't do HO unification, needed to invent function states*) -by (fast_tac (claset() addEs [equalityE]) 1); -(*Now for the Actions*) -by (dres_inst_tac [("f", "op `` (drop_act i)")] arg_cong 1); -by (asm_full_simp_tac - (simpset() addsimps [Acts_Join, image_Un, image_compose RS sym, o_def]) 1); +by (simp_tac (simpset() addsimps [Acts_Join, image_Un, + image_compose RS sym, o_def]) 2); +by (simp_tac (simpset() addsimps [drop_set_lift_set_Int]) 1); +qed "drop_prog_lift_prog_Join"; + +Goal "(lift_prog i F) Join G = lift_prog i H \ +\ ==> H = F Join (drop_prog i G)"; +by (dres_inst_tac [("f", "drop_prog i")] arg_cong 1); +by (full_simp_tac (simpset() addsimps [drop_prog_lift_prog_Join]) 1); +by (etac sym 1); qed "lift_prog_Join_eq_lift_prog_D"; - Goal "F : X guar Y \ \ ==> lift_prog i F : (lift_prog i `` X) guar (lift_prog i `` Y)"; by (rtac guaranteesI 1); @@ -424,4 +508,16 @@ by (blast_tac (claset() addDs [lift_prog_Join_eq_lift_prog_D, guaranteesD]) 1); qed "lift_prog_guarantees"; +Goalw [PPROD_def] + "[| ALL i:I. F i : X guar Y |] \ +\ ==> (PPROD I F) : (INT i: I. lift_prog i `` X) \ +\ guar (INT i: I. lift_prog i `` Y)"; +by (blast_tac (claset() addIs [guarantees_JN_INT, lift_prog_guarantees]) 1); +qed "guarantees_PPROD_INT"; +Goalw [PPROD_def] + "[| ALL i:I. F i : X guar Y |] \ +\ ==> (PPROD I F) : (UN i: I. lift_prog i `` X) \ +\ guar (UN i: I. lift_prog i `` Y)"; +by (blast_tac (claset() addIs [guarantees_JN_UN, lift_prog_guarantees]) 1); +qed "guarantees_PPROD_UN"; diff -r 44da4a2a9ef3 -r 588f791ee737 src/HOL/UNITY/PPROD.thy --- a/src/HOL/UNITY/PPROD.thy Thu Jun 17 10:36:03 1999 +0200 +++ b/src/HOL/UNITY/PPROD.thy Thu Jun 17 10:39:30 1999 +0200 @@ -10,8 +10,11 @@ constdefs - (**possible to force all acts to be included in common initial state - (by intersection) ??*) + lift_set :: "['a, 'b set] => ('a => 'b) set" + "lift_set i A == {f. f i : A}" + + drop_set :: "['a, ('a=>'b) set] => 'b set" + "drop_set i A == (%f. f i) `` A" lift_act :: "['a, ('b*'b) set] => (('a=>'b) * ('a=>'b)) set" "lift_act i act == {(f,f'). EX s'. f' = f(i:=s') & (f i, s') : act}" @@ -19,14 +22,16 @@ drop_act :: "['a, (('a=>'b) * ('a=>'b)) set] => ('b*'b) set" "drop_act i act == (%(f,f'). (f i, f' i)) `` act" - lift_set :: "['a, 'b set] => ('a => 'b) set" - "lift_set i A == {f. f i : A}" - lift_prog :: "['a, 'b program] => ('a => 'b) program" "lift_prog i F == mk_program (lift_set i (Init F), lift_act i `` Acts F)" + drop_prog :: "['a, ('a=>'b) program] => 'b program" + "drop_prog i F == + mk_program (drop_set i (Init F), + drop_act i `` (Acts F))" + (*products of programs*) PPROD :: ['a set, 'a => 'b program] => ('a => 'b) program "PPROD I F == JN i:I. lift_prog i (F i)"