# HG changeset patch # User wenzelm # Date 1452543662 -3600 # Node ID 5b946c81dfbf586806f8008c2e2adf52af61cfc8 # Parent bdab93ccfaf83d50a6b81f58ef264d996c5b175d eliminated old defs; diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/Auth/All_Symmetric.thy --- a/src/HOL/Auth/All_Symmetric.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/Auth/All_Symmetric.thy Mon Jan 11 21:21:02 2016 +0100 @@ -4,7 +4,10 @@ text \All keys are symmetric\ -defs all_symmetric_def: "all_symmetric \ True" +overloading all_symmetric \ all_symmetric +begin + definition "all_symmetric \ True" +end lemma isSym_keys: "K \ symKeys" by (simp add: symKeys_def all_symmetric_def invKey_symmetric) diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/Bali/Example.thy --- a/src/HOL/Bali/Example.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/Bali/Example.thy Mon Jan 11 21:21:02 2016 +0100 @@ -141,12 +141,16 @@ lemma neq_Main_SXcpt [simp]: "Main\SXcpt xn" by (simp add: SXcpt_def) + subsubsection "classes and interfaces" -defs - - Object_mdecls_def: "Object_mdecls \ []" - SXcpt_mdecls_def: "SXcpt_mdecls \ []" +overloading + Object_mdecls \ Object_mdecls + SXcpt_mdecls \ SXcpt_mdecls +begin + definition "Object_mdecls \ []" + definition "SXcpt_mdecls \ []" +end axiomatization foo :: mname diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/IMPP/EvenOdd.thy --- a/src/HOL/IMPP/EvenOdd.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/IMPP/EvenOdd.thy Mon Jan 11 21:21:02 2016 +0100 @@ -29,8 +29,10 @@ THEN Loc Res:==(%s. 1) ELSE(Loc Res:=CALL Even (%s. s - 1)))" -defs - bodies_def: "bodies == [(Even,evn),(Odd,odd)]" +overloading bodies \ bodies +begin + definition "bodies == [(Even,evn),(Odd,odd)]" +end definition Z_eq_Arg_plus :: "nat => nat assn" ("Z=Arg+_" [50]50) where diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/IMPP/Misc.thy --- a/src/HOL/IMPP/Misc.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/IMPP/Misc.thy Mon Jan 11 21:21:02 2016 +0100 @@ -8,13 +8,29 @@ imports Hoare begin -defs - newlocs_def: "newlocs == %x. undefined" - setlocs_def: "setlocs s l' == case s of st g l => st g l'" - getlocs_def: "getlocs s == case s of st g l => l" - update_def: "update s vn v == case vn of - Glb gn => (case s of st g l => st (g(gn:=v)) l) - | Loc ln => (case s of st g l => st g (l(ln:=v)))" +overloading + newlocs \ newlocs + setlocs \ setlocs + getlocs \ getlocs + update \ update +begin + +definition newlocs :: locals + where "newlocs == %x. undefined" + +definition setlocs :: "state => locals => state" + where "setlocs s l' == case s of st g l => st g l'" + +definition getlocs :: "state => locals" + where "getlocs s == case s of st g l => l" + +definition update :: "state => vname => val => state" + where "update s vn v == + case vn of + Glb gn => (case s of st g l => st (g(gn:=v)) l) + | Loc ln => (case s of st g l => st g (l(ln:=v)))" + +end subsection "state access" diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/IOA/Asig.thy --- a/src/HOL/IOA/Asig.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/IOA/Asig.thy Mon Jan 11 21:21:02 2016 +0100 @@ -9,41 +9,31 @@ imports Main begin -type_synonym - 'a signature = "('a set * 'a set * 'a set)" +type_synonym 'a signature = "('a set * 'a set * 'a set)" + +definition "inputs" :: "'action signature => 'action set" + where asig_inputs_def: "inputs == fst" -consts - "actions" :: "'action signature => 'action set" - "inputs" :: "'action signature => 'action set" - "outputs" :: "'action signature => 'action set" - "internals" :: "'action signature => 'action set" - externals :: "'action signature => 'action set" +definition "outputs" :: "'action signature => 'action set" + where asig_outputs_def: "outputs == (fst o snd)" - is_asig ::"'action signature => bool" - mk_ext_asig ::"'action signature => 'action signature" - - -defs +definition "internals" :: "'action signature => 'action set" + where asig_internals_def: "internals == (snd o snd)" -asig_inputs_def: "inputs == fst" -asig_outputs_def: "outputs == (fst o snd)" -asig_internals_def: "internals == (snd o snd)" +definition "actions" :: "'action signature => 'action set" + where actions_def: "actions(asig) == (inputs(asig) Un outputs(asig) Un internals(asig))" -actions_def: - "actions(asig) == (inputs(asig) Un outputs(asig) Un internals(asig))" - -externals_def: - "externals(asig) == (inputs(asig) Un outputs(asig))" +definition externals :: "'action signature => 'action set" + where externals_def: "externals(asig) == (inputs(asig) Un outputs(asig))" -is_asig_def: - "is_asig(triple) == - ((inputs(triple) Int outputs(triple) = {}) & - (outputs(triple) Int internals(triple) = {}) & - (inputs(triple) Int internals(triple) = {}))" +definition is_asig :: "'action signature => bool" + where "is_asig(triple) == + ((inputs(triple) Int outputs(triple) = {}) & + (outputs(triple) Int internals(triple) = {}) & + (inputs(triple) Int internals(triple) = {}))" - -mk_ext_asig_def: - "mk_ext_asig(triple) == (inputs(triple), outputs(triple), {})" +definition mk_ext_asig :: "'action signature => 'action signature" + where "mk_ext_asig(triple) == (inputs(triple), outputs(triple), {})" lemmas asig_projections = asig_inputs_def asig_outputs_def asig_internals_def diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/IOA/IOA.thy --- a/src/HOL/IOA/IOA.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/IOA/IOA.thy Mon Jan 11 21:21:02 2016 +0100 @@ -15,183 +15,148 @@ type_synonym ('a, 's) transition = "('s * 'a * 's)" type_synonym ('a,'s) ioa = "'a signature * 's set * ('a, 's) transition set" -consts +(* IO automata *) + +definition state_trans :: "['action signature, ('action,'state)transition set] => bool" + where "state_trans asig R == + (!triple. triple:R --> fst(snd(triple)):actions(asig)) & + (!a. (a:inputs(asig)) --> (!s1. ? s2. (s1,a,s2):R))" + +definition asig_of :: "('action,'state)ioa => 'action signature" + where "asig_of == fst" - (* IO automata *) - state_trans::"['action signature, ('action,'state)transition set] => bool" - asig_of ::"('action,'state)ioa => 'action signature" - starts_of ::"('action,'state)ioa => 'state set" - trans_of ::"('action,'state)ioa => ('action,'state)transition set" - IOA ::"('action,'state)ioa => bool" +definition starts_of :: "('action,'state)ioa => 'state set" + where "starts_of == (fst o snd)" + +definition trans_of :: "('action,'state)ioa => ('action,'state)transition set" + where "trans_of == (snd o snd)" - (* Executions, schedules, and traces *) +definition IOA :: "('action,'state)ioa => bool" + where "IOA(ioa) == (is_asig(asig_of(ioa)) & + (~ starts_of(ioa) = {}) & + state_trans (asig_of ioa) (trans_of ioa))" + + +(* Executions, schedules, and traces *) - is_execution_fragment ::"[('action,'state)ioa, ('action,'state)execution] => bool" - has_execution ::"[('action,'state)ioa, ('action,'state)execution] => bool" - executions :: "('action,'state)ioa => ('action,'state)execution set" - mk_trace :: "[('action,'state)ioa, 'action oseq] => 'action oseq" - reachable :: "[('action,'state)ioa, 'state] => bool" - invariant :: "[('action,'state)ioa, 'state=>bool] => bool" - has_trace :: "[('action,'state)ioa, 'action oseq] => bool" - traces :: "('action,'state)ioa => 'action oseq set" - NF :: "'a oseq => 'a oseq" +(* An execution fragment is modelled with a pair of sequences: + the first is the action options, the second the state sequence. + Finite executions have None actions from some point on. *) +definition is_execution_fragment :: "[('action,'state)ioa, ('action,'state)execution] => bool" + where "is_execution_fragment A ex == + let act = fst(ex); state = snd(ex) + in !n a. (act(n)=None --> state(Suc(n)) = state(n)) & + (act(n)=Some(a) --> (state(n),a,state(Suc(n))):trans_of(A))" + +definition executions :: "('action,'state)ioa => ('action,'state)execution set" + where "executions(ioa) == {e. snd e 0:starts_of(ioa) & is_execution_fragment ioa e}" - (* Composition of action signatures and automata *) + +definition reachable :: "[('action,'state)ioa, 'state] => bool" + where "reachable ioa s == (? ex:executions(ioa). ? n. (snd ex n) = s)" + +definition invariant :: "[('action,'state)ioa, 'state=>bool] => bool" + where "invariant A P == (!s. reachable A s --> P(s))" + + +(* Composition of action signatures and automata *) + +consts compatible_asigs ::"('a => 'action signature) => bool" asig_composition ::"('a => 'action signature) => 'action signature" compatible_ioas ::"('a => ('action,'state)ioa) => bool" ioa_composition ::"('a => ('action, 'state)ioa) =>('action,'a => 'state)ioa" - (* binary composition of action signatures and automata *) - compat_asigs ::"['action signature, 'action signature] => bool" - asig_comp ::"['action signature, 'action signature] => 'action signature" - compat_ioas ::"[('action,'s)ioa, ('action,'t)ioa] => bool" - par ::"[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa" (infixr "||" 10) + +(* binary composition of action signatures and automata *) - (* Filtering and hiding *) - filter_oseq :: "('a => bool) => 'a oseq => 'a oseq" +definition compat_asigs ::"['action signature, 'action signature] => bool" + where "compat_asigs a1 a2 == + (((outputs(a1) Int outputs(a2)) = {}) & + ((internals(a1) Int actions(a2)) = {}) & + ((internals(a2) Int actions(a1)) = {}))" - restrict_asig :: "['a signature, 'a set] => 'a signature" - restrict :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa" +definition compat_ioas ::"[('action,'s)ioa, ('action,'t)ioa] => bool" + where "compat_ioas ioa1 ioa2 == compat_asigs (asig_of(ioa1)) (asig_of(ioa2))" - (* Notions of correctness *) - ioa_implements :: "[('action,'state1)ioa, ('action,'state2)ioa] => bool" - - (* Instantiation of abstract IOA by concrete actions *) - rename:: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa" +definition asig_comp :: "['action signature, 'action signature] => 'action signature" + where "asig_comp a1 a2 == + (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)), + (outputs(a1) Un outputs(a2)), + (internals(a1) Un internals(a2))))" -defs - -state_trans_def: - "state_trans asig R == - (!triple. triple:R --> fst(snd(triple)):actions(asig)) & - (!a. (a:inputs(asig)) --> (!s1. ? s2. (s1,a,s2):R))" +definition par :: "[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa" (infixr "||" 10) + where "(ioa1 || ioa2) == + (asig_comp (asig_of ioa1) (asig_of ioa2), + {pr. fst(pr):starts_of(ioa1) & snd(pr):starts_of(ioa2)}, + {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) + in (a:actions(asig_of(ioa1)) | a:actions(asig_of(ioa2))) & + (if a:actions(asig_of(ioa1)) then + (fst(s),a,fst(t)):trans_of(ioa1) + else fst(t) = fst(s)) + & + (if a:actions(asig_of(ioa2)) then + (snd(s),a,snd(t)):trans_of(ioa2) + else snd(t) = snd(s))})" -asig_of_def: "asig_of == fst" -starts_of_def: "starts_of == (fst o snd)" -trans_of_def: "trans_of == (snd o snd)" - -ioa_def: - "IOA(ioa) == (is_asig(asig_of(ioa)) & - (~ starts_of(ioa) = {}) & - state_trans (asig_of ioa) (trans_of ioa))" - - -(* An execution fragment is modelled with a pair of sequences: - * the first is the action options, the second the state sequence. - * Finite executions have None actions from some point on. - *******) -is_execution_fragment_def: - "is_execution_fragment A ex == - let act = fst(ex); state = snd(ex) - in !n a. (act(n)=None --> state(Suc(n)) = state(n)) & - (act(n)=Some(a) --> (state(n),a,state(Suc(n))):trans_of(A))" - - -executions_def: - "executions(ioa) == {e. snd e 0:starts_of(ioa) & - is_execution_fragment ioa e}" - - -reachable_def: - "reachable ioa s == (? ex:executions(ioa). ? n. (snd ex n) = s)" - - -invariant_def: "invariant A P == (!s. reachable A s --> P(s))" - +(* Filtering and hiding *) (* Restrict the trace to those members of the set s *) -filter_oseq_def: - "filter_oseq p s == +definition filter_oseq :: "('a => bool) => 'a oseq => 'a oseq" + where "filter_oseq p s == (%i. case s(i) of None => None | Some(x) => if p x then Some x else None)" - -mk_trace_def: - "mk_trace(ioa) == filter_oseq(%a. a:externals(asig_of(ioa)))" - +definition mk_trace :: "[('action,'state)ioa, 'action oseq] => 'action oseq" + where "mk_trace(ioa) == filter_oseq(%a. a:externals(asig_of(ioa)))" (* Does an ioa have an execution with the given trace *) -has_trace_def: - "has_trace ioa b == - (? ex:executions(ioa). b = mk_trace ioa (fst ex))" +definition has_trace :: "[('action,'state)ioa, 'action oseq] => bool" + where "has_trace ioa b == (? ex:executions(ioa). b = mk_trace ioa (fst ex))" -normal_form_def: - "NF(tr) == @nf. ? f. mono(f) & (!i. nf(i)=tr(f(i))) & +definition NF :: "'a oseq => 'a oseq" + where "NF(tr) == @nf. ? f. mono(f) & (!i. nf(i)=tr(f(i))) & (!j. j ~: range(f) --> nf(j)= None) & - (!i. nf(i)=None --> (nf (Suc i)) = None) " + (!i. nf(i)=None --> (nf (Suc i)) = None)" (* All the traces of an ioa *) - - traces_def: - "traces(ioa) == {trace. ? tr. trace=NF(tr) & has_trace ioa tr}" - -(* - traces_def: - "traces(ioa) == {tr. has_trace ioa tr}" -*) - -compat_asigs_def: - "compat_asigs a1 a2 == - (((outputs(a1) Int outputs(a2)) = {}) & - ((internals(a1) Int actions(a2)) = {}) & - ((internals(a2) Int actions(a1)) = {}))" - - -compat_ioas_def: - "compat_ioas ioa1 ioa2 == compat_asigs (asig_of(ioa1)) (asig_of(ioa2))" +definition traces :: "('action,'state)ioa => 'action oseq set" + where "traces(ioa) == {trace. ? tr. trace=NF(tr) & has_trace ioa tr}" -asig_comp_def: - "asig_comp a1 a2 == - (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)), - (outputs(a1) Un outputs(a2)), - (internals(a1) Un internals(a2))))" - - -par_def: - "(ioa1 || ioa2) == - (asig_comp (asig_of ioa1) (asig_of ioa2), - {pr. fst(pr):starts_of(ioa1) & snd(pr):starts_of(ioa2)}, - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in (a:actions(asig_of(ioa1)) | a:actions(asig_of(ioa2))) & - (if a:actions(asig_of(ioa1)) then - (fst(s),a,fst(t)):trans_of(ioa1) - else fst(t) = fst(s)) - & - (if a:actions(asig_of(ioa2)) then - (snd(s),a,snd(t)):trans_of(ioa2) - else snd(t) = snd(s))})" - - -restrict_asig_def: - "restrict_asig asig actns == +definition restrict_asig :: "['a signature, 'a set] => 'a signature" + where "restrict_asig asig actns == (inputs(asig) Int actns, outputs(asig) Int actns, internals(asig) Un (externals(asig) - actns))" - -restrict_def: - "restrict ioa actns == +definition restrict :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa" + where "restrict ioa actns == (restrict_asig (asig_of ioa) actns, starts_of(ioa), trans_of(ioa))" -ioa_implements_def: - "ioa_implements ioa1 ioa2 == + +(* Notions of correctness *) + +definition ioa_implements :: "[('action,'state1)ioa, ('action,'state2)ioa] => bool" + where "ioa_implements ioa1 ioa2 == ((inputs(asig_of(ioa1)) = inputs(asig_of(ioa2))) & (outputs(asig_of(ioa1)) = outputs(asig_of(ioa2))) & traces(ioa1) <= traces(ioa2))" -rename_def: -"rename ioa ren == - (({b. ? x. Some(x)= ren(b) & x : inputs(asig_of(ioa))}, - {b. ? x. Some(x)= ren(b) & x : outputs(asig_of(ioa))}, - {b. ? x. Some(x)= ren(b) & x : internals(asig_of(ioa))}), - starts_of(ioa) , - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in - ? x. Some(x) = ren(a) & (s,x,t):trans_of(ioa)})" + +(* Instantiation of abstract IOA by concrete actions *) + +definition rename :: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa" + where "rename ioa ren == + (({b. ? x. Some(x)= ren(b) & x : inputs(asig_of(ioa))}, + {b. ? x. Some(x)= ren(b) & x : outputs(asig_of(ioa))}, + {b. ? x. Some(x)= ren(b) & x : internals(asig_of(ioa))}), + starts_of(ioa) , + {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) + in + ? x. Some(x) = ren(a) & (s,x,t):trans_of(ioa)})" declare Let_def [simp] @@ -206,7 +171,7 @@ lemma trans_in_actions: "[| IOA(A); (s1,a,s2):trans_of(A) |] ==> a:actions(asig_of(A))" - apply (unfold ioa_def state_trans_def actions_def is_asig_def) + apply (unfold IOA_def state_trans_def actions_def is_asig_def) apply (erule conjE)+ apply (erule allE, erule impE, assumption) apply simp diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/Library/Old_Datatype.thy --- a/src/HOL/Library/Old_Datatype.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/Library/Old_Datatype.thy Mon Jan 11 21:21:02 2016 +0100 @@ -26,80 +26,67 @@ type_synonym 'a item = "('a, unit) node set" type_synonym ('a, 'b) dtree = "('a, 'b) node set" -consts - Push :: "[('b + nat), nat => ('b + nat)] => (nat => ('b + nat))" - - Push_Node :: "[('b + nat), ('a, 'b) node] => ('a, 'b) node" - ndepth :: "('a, 'b) node => nat" +definition Push :: "[('b + nat), nat => ('b + nat)] => (nat => ('b + nat))" + (*crude "lists" of nats -- needed for the constructions*) + where "Push == (%b h. case_nat b h)" - Atom :: "('a + nat) => ('a, 'b) dtree" - Leaf :: "'a => ('a, 'b) dtree" - Numb :: "nat => ('a, 'b) dtree" - Scons :: "[('a, 'b) dtree, ('a, 'b) dtree] => ('a, 'b) dtree" - In0 :: "('a, 'b) dtree => ('a, 'b) dtree" - In1 :: "('a, 'b) dtree => ('a, 'b) dtree" - Lim :: "('b => ('a, 'b) dtree) => ('a, 'b) dtree" - - ntrunc :: "[nat, ('a, 'b) dtree] => ('a, 'b) dtree" - - uprod :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" - usum :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" - - Split :: "[[('a, 'b) dtree, ('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" - Case :: "[[('a, 'b) dtree]=>'c, [('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" - - dprod :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] - => (('a, 'b) dtree * ('a, 'b) dtree)set" - dsum :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] - => (('a, 'b) dtree * ('a, 'b) dtree)set" +definition Push_Node :: "[('b + nat), ('a, 'b) node] => ('a, 'b) node" + where "Push_Node == (%n x. Abs_Node (apfst (Push n) (Rep_Node x)))" -defs +(** operations on S-expressions -- sets of nodes **) - Push_Node_def: "Push_Node == (%n x. Abs_Node (apfst (Push n) (Rep_Node x)))" - - (*crude "lists" of nats -- needed for the constructions*) - Push_def: "Push == (%b h. case_nat b h)" +(*S-expression constructors*) +definition Atom :: "('a + nat) => ('a, 'b) dtree" + where "Atom == (%x. {Abs_Node((%k. Inr 0, x))})" +definition Scons :: "[('a, 'b) dtree, ('a, 'b) dtree] => ('a, 'b) dtree" + where "Scons M N == (Push_Node (Inr 1) ` M) Un (Push_Node (Inr (Suc 1)) ` N)" - (** operations on S-expressions -- sets of nodes **) +(*Leaf nodes, with arbitrary or nat labels*) +definition Leaf :: "'a => ('a, 'b) dtree" + where "Leaf == Atom o Inl" +definition Numb :: "nat => ('a, 'b) dtree" + where "Numb == Atom o Inr" - (*S-expression constructors*) - Atom_def: "Atom == (%x. {Abs_Node((%k. Inr 0, x))})" - Scons_def: "Scons M N == (Push_Node (Inr 1) ` M) Un (Push_Node (Inr (Suc 1)) ` N)" - - (*Leaf nodes, with arbitrary or nat labels*) - Leaf_def: "Leaf == Atom o Inl" - Numb_def: "Numb == Atom o Inr" +(*Injections of the "disjoint sum"*) +definition In0 :: "('a, 'b) dtree => ('a, 'b) dtree" + where "In0(M) == Scons (Numb 0) M" +definition In1 :: "('a, 'b) dtree => ('a, 'b) dtree" + where "In1(M) == Scons (Numb 1) M" - (*Injections of the "disjoint sum"*) - In0_def: "In0(M) == Scons (Numb 0) M" - In1_def: "In1(M) == Scons (Numb 1) M" +(*Function spaces*) +definition Lim :: "('b => ('a, 'b) dtree) => ('a, 'b) dtree" + where "Lim f == \{z. ? x. z = Push_Node (Inl x) ` (f x)}" - (*Function spaces*) - Lim_def: "Lim f == \{z. ? x. z = Push_Node (Inl x) ` (f x)}" +(*the set of nodes with depth less than k*) +definition ndepth :: "('a, 'b) node => nat" + where "ndepth(n) == (%(f,x). LEAST k. f k = Inr 0) (Rep_Node n)" +definition ntrunc :: "[nat, ('a, 'b) dtree] => ('a, 'b) dtree" + where "ntrunc k N == {n. n:N & ndepth(n) ('a, 'b) dtree set" + where "uprod A B == UN x:A. UN y:B. { Scons x y }" +definition usum :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" + where "usum A B == In0`A Un In1`B" - (*products and sums for the "universe"*) - uprod_def: "uprod A B == UN x:A. UN y:B. { Scons x y }" - usum_def: "usum A B == In0`A Un In1`B" +(*the corresponding eliminators*) +definition Split :: "[[('a, 'b) dtree, ('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" + where "Split c M == THE u. EX x y. M = Scons x y & u = c x y" - (*the corresponding eliminators*) - Split_def: "Split c M == THE u. EX x y. M = Scons x y & u = c x y" - - Case_def: "Case c d M == THE u. (EX x . M = In0(x) & u = c(x)) - | (EX y . M = In1(y) & u = d(y))" +definition Case :: "[[('a, 'b) dtree]=>'c, [('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" + where "Case c d M == THE u. (EX x . M = In0(x) & u = c(x)) | (EX y . M = In1(y) & u = d(y))" - (** equality for the "universe" **) - - dprod_def: "dprod r s == UN (x,x'):r. UN (y,y'):s. {(Scons x y, Scons x' y')}" +(** equality for the "universe" **) - dsum_def: "dsum r s == (UN (x,x'):r. {(In0(x),In0(x'))}) Un - (UN (y,y'):s. {(In1(y),In1(y'))})" +definition dprod :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] + => (('a, 'b) dtree * ('a, 'b) dtree)set" + where "dprod r s == UN (x,x'):r. UN (y,y'):s. {(Scons x y, Scons x' y')}" +definition dsum :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] + => (('a, 'b) dtree * ('a, 'b) dtree)set" + where "dsum r s == (UN (x,x'):r. {(In0(x),In0(x'))}) Un (UN (y,y'):s. {(In1(y),In1(y'))})" lemma apfst_convE: diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/MicroJava/DFA/Semilat.thy --- a/src/HOL/MicroJava/DFA/Semilat.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/MicroJava/DFA/Semilat.thy Mon Jan 11 21:21:02 2016 +0100 @@ -15,23 +15,26 @@ type_synonym 'a binop = "'a \ 'a \ 'a" type_synonym 'a sl = "'a set \ 'a ord \ 'a binop" -consts - "lesub" :: "'a \ 'a ord \ 'a \ bool" - "lesssub" :: "'a \ 'a ord \ 'a \ bool" - "plussub" :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" -(*<*) +definition lesub :: "'a \ 'a ord \ 'a \ bool" + where "lesub x r y \ r x y" + +definition lesssub :: "'a \ 'a ord \ 'a \ bool" + where "lesssub x r y \ lesub x r y \ x \ y" + +definition plussub :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" + where "plussub x f y = f x y" + notation (ASCII) "lesub" ("(_ /<='__ _)" [50, 1000, 51] 50) and "lesssub" ("(_ /<'__ _)" [50, 1000, 51] 50) and "plussub" ("(_ /+'__ _)" [65, 1000, 66] 65) -(*>*) + notation "lesub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and "lesssub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and "plussub" ("(_ /\\<^bsub>_\<^esub> _)" [65, 0, 66] 65) -(*<*) + (* allow \ instead of \..\ *) - abbreviation (input) lesub1 :: "'a \ 'a ord \ 'a \ bool" ("(_ /\\<^sub>_ _)" [50, 1000, 51] 50) where "x \\<^sub>r y == x \\<^bsub>r\<^esub> y" @@ -43,12 +46,6 @@ abbreviation (input) plussub1 :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" ("(_ /\\<^sub>_ _)" [65, 1000, 66] 65) where "x \\<^sub>f y == x \\<^bsub>f\<^esub> y" -(*>*) - -defs - lesub_def: "x \\<^sub>r y \ r x y" - lesssub_def: "x \\<^sub>r y \ x \\<^sub>r y \ x \ y" - plussub_def: "x \\<^sub>f y \ f x y" definition ord :: "('a \ 'a) set \ 'a ord" where "ord r \ \x y. (x,y) \ r" diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/MicroJava/J/Example.thy --- a/src/HOL/MicroJava/J/Example.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/MicroJava/J/Example.thy Mon Jan 11 21:21:02 2016 +0100 @@ -82,31 +82,33 @@ declare Base_not_Xcpt [symmetric, simp] declare Ext_not_Xcpt [symmetric, simp] -consts - foo_Base:: java_mb - foo_Ext :: java_mb - BaseC :: "java_mb cdecl" - ExtC :: "java_mb cdecl" - test :: stmt - foo :: mname - a :: loc - b :: loc +definition foo_Base :: java_mb + where "foo_Base == ([x],[],Skip,LAcc x)" -defs - foo_Base_def:"foo_Base == ([x],[],Skip,LAcc x)" - BaseC_def:"BaseC == (Base, (Object, +definition foo_Ext :: java_mb + where "foo_Ext == ([x],[],Expr( {Ext}Cast Ext + (LAcc x)..vee:=Lit (Intg Numeral1)), + Lit Null)" + +consts foo :: mname + +definition BaseC :: "java_mb cdecl" + where "BaseC == (Base, (Object, [(vee, PrimT Boolean)], [((foo,[Class Base]),Class Base,foo_Base)]))" - foo_Ext_def:"foo_Ext == ([x],[],Expr( {Ext}Cast Ext - (LAcc x)..vee:=Lit (Intg Numeral1)), - Lit Null)" - ExtC_def: "ExtC == (Ext, (Base , + +definition ExtC :: "java_mb cdecl" + where "ExtC == (Ext, (Base , [(vee, PrimT Integer)], [((foo,[Class Base]),Class Ext,foo_Ext)]))" - test_def:"test == Expr(e::=NewC Ext);; +definition test :: stmt + where "test == Expr(e::=NewC Ext);; Expr({Base}LAcc e..foo({[Class Base]}[Lit Null]))" +consts + a :: loc + b :: loc abbreviation NP :: xcpt where diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/MicroJava/J/TypeRel.thy --- a/src/HOL/MicroJava/J/TypeRel.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/MicroJava/J/TypeRel.thy Mon Jan 11 21:21:02 2016 +0100 @@ -176,14 +176,18 @@ by(rule finite_acyclic_wf_converse[OF finite_subcls1]) qed -consts - "method" :: "'c prog \ cname => ( sig \ cname \ ty \ 'c)" (* ###curry *) - field :: "'c prog \ cname => ( vname \ cname \ ty )" (* ###curry *) - fields :: "'c prog \ cname => ((vname \ cname) \ ty) list" (* ###curry *) +definition "method" :: "'c prog \ cname => (sig \ cname \ ty \ 'c)" + \ "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6" + where [code]: "method \ \(G,C). class_rec G C empty (\C fs ms ts. + ts ++ map_of (map (\(s,m). (s,(C,m))) ms))" -\ "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6" -defs method_def [code]: "method \ \(G,C). class_rec G C empty (\C fs ms ts. - ts ++ map_of (map (\(s,m). (s,(C,m))) ms))" +definition fields :: "'c prog \ cname => ((vname \ cname) \ ty) list" + \ "list of fields of a class, including inherited and hidden ones" + where [code]: "fields \ \(G,C). class_rec G C [] (\C fs ms ts. + map (\(fn,ft). ((fn,C),ft)) fs @ ts)" + +definition field :: "'c prog \ cname => (vname \ cname \ ty)" + where [code]: "field == map_of o (map (\((fn,fd),ft). (fn,(fd,ft)))) o fields" lemma method_rec_lemma: "[|class G C = Some (D,fs,ms); wf ((subcls1 G)^-1)|] ==> method (G,C) = (if C = Object then empty else method (G,D)) ++ @@ -194,11 +198,6 @@ apply auto done - -\ "list of fields of a class, including inherited and hidden ones" -defs fields_def [code]: "fields \ \(G,C). class_rec G C [] (\C fs ms ts. - map (\(fn,ft). ((fn,C),ft)) fs @ ts)" - lemma fields_rec_lemma: "[|class G C = Some (D,fs,ms); wf ((subcls1 G)^-1)|] ==> fields (G,C) = map (\(fn,ft). ((fn,C),ft)) fs @ (if C = Object then [] else fields (G,D))" @@ -208,9 +207,6 @@ apply auto done - -defs field_def [code]: "field == map_of o (map (\((fn,fd),ft). (fn,(fd,ft)))) o fields" - lemma field_fields: "field (G,C) fn = Some (fd, fT) \ map_of (fields (G,C)) (fn, fd) = Some fT" apply (unfold field_def) diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/MicroJava/J/WellType.thy --- a/src/HOL/MicroJava/J/WellType.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/MicroJava/J/WellType.thy Mon Jan 11 21:21:02 2016 +0100 @@ -33,24 +33,20 @@ localT :: "'c env => (vname \ ty)" where "localT == snd" -consts - more_spec :: "'c prog => (ty \ 'x) \ ty list => - (ty \ 'x) \ ty list => bool" - appl_methds :: "'c prog => cname => sig => ((ty \ ty) \ ty list) set" - max_spec :: "'c prog => cname => sig => ((ty \ ty) \ ty list) set" +definition more_spec :: "'c prog \ (ty \ 'x) \ ty list \ (ty \ 'x) \ ty list \ bool" + where "more_spec G == \((d,h),pTs). \((d',h'),pTs'). G\d\d' \ + list_all2 (\T T'. G\T\T') pTs pTs'" -defs - more_spec_def: "more_spec G == \((d,h),pTs). \((d',h'),pTs'). G\d\d' \ - list_all2 (\T T'. G\T\T') pTs pTs'" - +definition appl_methds :: "'c prog \ cname \ sig \ ((ty \ ty) \ ty list) set" \ "applicable methods, cf. 15.11.2.1" - appl_methds_def: "appl_methds G C == \(mn, pTs). + where "appl_methds G C == \(mn, pTs). {((Class md,rT),pTs') |md rT mb pTs'. method (G,C) (mn, pTs') = Some (md,rT,mb) \ list_all2 (\T T'. G\T\T') pTs pTs'}" +definition max_spec :: "'c prog \ cname \ sig \ ((ty \ ty) \ ty list) set" \ "maximally specific methods, cf. 15.11.2.2" - max_spec_def: "max_spec G C sig == {m. m \appl_methds G C sig \ + where "max_spec G C sig == {m. m \appl_methds G C sig \ (\m'\appl_methds G C sig. more_spec G m' m --> m' = m)}" diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/Nitpick_Examples/Refute_Nits.thy --- a/src/HOL/Nitpick_Examples/Refute_Nits.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/Nitpick_Examples/Refute_Nits.thy Mon Jan 11 21:21:02 2016 +0100 @@ -1273,10 +1273,20 @@ consts inverse :: "'a \ 'a" -defs (overloaded) -inverse_bool: "inverse (b::bool) \ \ b" -inverse_set: "inverse (S::'a set) \ -S" -inverse_pair: "inverse p \ (inverse (fst p), inverse (snd p))" +overloading inverse_bool \ "inverse :: bool \ bool" +begin + definition "inverse (b::bool) \ \ b" +end + +overloading inverse_set \ "inverse :: 'a set \ 'a set" +begin + definition "inverse (S::'a set) \ -S" +end + +overloading inverse_pair \ "inverse :: 'a \ 'b \ 'a \ 'b" +begin + definition "inverse_pair p \ (inverse (fst p), inverse (snd p))" +end lemma "inverse b" nitpick [expect = genuine] diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/Nominal/Nominal.thy --- a/src/HOL/Nominal/Nominal.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/Nominal/Nominal.thy Mon Jan 11 21:21:02 2016 +0100 @@ -2416,11 +2416,15 @@ consts fresh_star :: "'b \ 'a \ bool" ("_ \* _" [100,100] 100) -defs (overloaded) - fresh_star_set: "xs\*c \ \x\xs. x\c" - -defs (overloaded) - fresh_star_list: "xs\*c \ \x\set xs. x\c" +overloading fresh_star_set \ "fresh_star :: 'b set \ 'a \ bool" +begin + definition fresh_star_set: "xs\*c \ \x::'b\xs. x\(c::'a)" +end + +overloading frsh_star_list \ "fresh_star :: 'b list \ 'a \ bool" +begin + definition fresh_star_list: "xs\*c \ \x::'b\set xs. x\(c::'a)" +end lemmas fresh_star_def = fresh_star_list fresh_star_set diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Buffer/Buffer.thy --- a/src/HOL/TLA/Buffer/Buffer.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Buffer/Buffer.thy Mon Jan 11 21:21:02 2016 +0100 @@ -8,31 +8,35 @@ imports "../TLA" begin -consts - (* actions *) - BInit :: "'a stfun \ 'a list stfun \ 'a stfun \ stpred" - Enq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" - Deq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" - Next :: "'a stfun \ 'a list stfun \ 'a stfun \ action" +(* actions *) + +definition BInit :: "'a stfun \ 'a list stfun \ 'a stfun \ stpred" + where "BInit ic q oc == PRED q = #[]" - (* temporal formulas *) - IBuffer :: "'a stfun \ 'a list stfun \ 'a stfun \ temporal" - Buffer :: "'a stfun \ 'a stfun \ temporal" +definition Enq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Enq ic q oc == ACT (ic$ \ $ic) + \ (q$ = $q @ [ ic$ ]) + \ (oc$ = $oc)" -defs - BInit_def: "BInit ic q oc == PRED q = #[]" - Enq_def: "Enq ic q oc == ACT (ic$ \ $ic) - \ (q$ = $q @ [ ic$ ]) - \ (oc$ = $oc)" - Deq_def: "Deq ic q oc == ACT ($q \ #[]) - \ (oc$ = hd< $q >) - \ (q$ = tl< $q >) - \ (ic$ = $ic)" - Next_def: "Next ic q oc == ACT (Enq ic q oc \ Deq ic q oc)" - IBuffer_def: "IBuffer ic q oc == TEMP Init (BInit ic q oc) - \ \[Next ic q oc]_(ic,q,oc) - \ WF(Deq ic q oc)_(ic,q,oc)" - Buffer_def: "Buffer ic oc == TEMP (\\q. IBuffer ic q oc)" +definition Deq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Deq ic q oc == ACT ($q \ #[]) + \ (oc$ = hd< $q >) + \ (q$ = tl< $q >) + \ (ic$ = $ic)" + +definition Next :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Next ic q oc == ACT (Enq ic q oc \ Deq ic q oc)" + + +(* temporal formulas *) + +definition IBuffer :: "'a stfun \ 'a list stfun \ 'a stfun \ temporal" + where "IBuffer ic q oc == TEMP Init (BInit ic q oc) + \ \[Next ic q oc]_(ic,q,oc) + \ WF(Deq ic q oc)_(ic,q,oc)" + +definition Buffer :: "'a stfun \ 'a stfun \ temporal" + where "Buffer ic oc == TEMP (\\q. IBuffer ic q oc)" (* ---------------------------- Data lemmas ---------------------------- *) diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Init.thy --- a/src/HOL/TLA/Init.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Init.thy Mon Jan 11 21:21:02 2016 +0100 @@ -35,10 +35,17 @@ defs Init_def: "sigma \ Init F == (first_world sigma) \ F" -defs (overloaded) - fw_temp_def: "first_world == \sigma. sigma" - fw_stp_def: "first_world == st1" - fw_act_def: "first_world == \sigma. (st1 sigma, st2 sigma)" +overloading + fw_temp \ "first_world :: behavior \ behavior" + fw_stp \ "first_world :: behavior \ state" + fw_act \ "first_world :: behavior \ state \ state" +begin + +definition "first_world == \sigma. sigma" +definition "first_world == st1" +definition "first_world == \sigma. (st1 sigma, st2 sigma)" + +end lemma const_simps [int_rewrite, simp]: "\ (Init #True) = #True" diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Memory/Memory.thy --- a/src/HOL/TLA/Memory/Memory.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Memory/Memory.thy Mon Jan 11 21:21:02 2016 +0100 @@ -12,122 +12,135 @@ type_synonym memType = "(Locs \ Vals) stfun" (* intention: MemLocs \ MemVals *) type_synonym resType = "(PrIds \ Vals) stfun" -consts - (* state predicates *) - MInit :: "memType \ Locs \ stpred" - PInit :: "resType \ PrIds \ stpred" - (* auxiliary predicates: is there a pending read/write request for - some process id and location/value? *) - RdRequest :: "memChType \ PrIds \ Locs \ stpred" - WrRequest :: "memChType \ PrIds \ Locs \ Vals \ stpred" + +(* state predicates *) + +definition MInit :: "memType \ Locs \ stpred" + where "MInit mm l == PRED mm!l = #InitVal" + +definition PInit :: "resType \ PrIds \ stpred" + where "PInit rs p == PRED rs!p = #NotAResult" + + +(* auxiliary predicates: is there a pending read/write request for + some process id and location/value? *) + +definition RdRequest :: "memChType \ PrIds \ Locs \ stpred" + where "RdRequest ch p l == PRED Calling ch p \ (arg = #(read l))" + +definition WrRequest :: "memChType \ PrIds \ Locs \ Vals \ stpred" + where "WrRequest ch p l v == PRED Calling ch p \ (arg = #(write l v))" + + +(* actions *) + +(* a read that doesn't raise BadArg *) +definition GoodRead :: "memType \ resType \ PrIds \ Locs \ action" + where "GoodRead mm rs p l == ACT #l \ #MemLoc \ ((rs!p)$ = $(mm!l))" + +(* a read that raises BadArg *) +definition BadRead :: "memType \ resType \ PrIds \ Locs \ action" + where "BadRead mm rs p l == ACT #l \ #MemLoc \ ((rs!p)$ = #BadArg)" - (* actions *) - GoodRead :: "memType \ resType \ PrIds \ Locs \ action" - BadRead :: "memType \ resType \ PrIds \ Locs \ action" - ReadInner :: "memChType \ memType \ resType \ PrIds \ Locs \ action" - Read :: "memChType \ memType \ resType \ PrIds \ action" - GoodWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" - BadWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" - WriteInner :: "memChType \ memType \ resType \ PrIds \ Locs \ Vals \ action" - Write :: "memChType \ memType \ resType \ PrIds \ Locs \ action" - MemReturn :: "memChType \ resType \ PrIds \ action" - MemFail :: "memChType \ resType \ PrIds \ action" - RNext :: "memChType \ memType \ resType \ PrIds \ action" - UNext :: "memChType \ memType \ resType \ PrIds \ action" +(* the read action with l visible *) +definition ReadInner :: "memChType \ memType \ resType \ PrIds \ Locs \ action" + where "ReadInner ch mm rs p l == ACT + $(RdRequest ch p l) + \ (GoodRead mm rs p l \ BadRead mm rs p l) + \ unchanged (rtrner ch ! p)" + +(* the read action with l quantified *) +definition Read :: "memChType \ memType \ resType \ PrIds \ action" + where "Read ch mm rs p == ACT (\l. ReadInner ch mm rs p l)" - (* temporal formulas *) - RPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" - UPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" - MSpec :: "memChType \ memType \ resType \ Locs \ temporal" - IRSpec :: "memChType \ memType \ resType \ temporal" - IUSpec :: "memChType \ memType \ resType \ temporal" +(* similar definitions for the write action *) +definition GoodWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" + where "GoodWrite mm rs p l v == + ACT #l \ #MemLoc \ #v \ #MemVal + \ ((mm!l)$ = #v) \ ((rs!p)$ = #OK)" - RSpec :: "memChType \ resType \ temporal" - USpec :: "memChType \ temporal" +definition BadWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" + where "BadWrite mm rs p l v == ACT + \ (#l \ #MemLoc \ #v \ #MemVal) + \ ((rs!p)$ = #BadArg) \ unchanged (mm!l)" - (* memory invariant: in the paper, the invariant is hidden in the definition of - the predicate S used in the implementation proof, but it is easier to verify - at this level. *) - MemInv :: "memType \ Locs \ stpred" +definition WriteInner :: "memChType \ memType \ resType \ PrIds \ Locs \ Vals \ action" + where "WriteInner ch mm rs p l v == ACT + $(WrRequest ch p l v) + \ (GoodWrite mm rs p l v \ BadWrite mm rs p l v) + \ unchanged (rtrner ch ! p)" -defs - MInit_def: "MInit mm l == PRED mm!l = #InitVal" - PInit_def: "PInit rs p == PRED rs!p = #NotAResult" +definition Write :: "memChType \ memType \ resType \ PrIds \ Locs \ action" + where "Write ch mm rs p l == ACT (\v. WriteInner ch mm rs p l v)" + - RdRequest_def: "RdRequest ch p l == PRED - Calling ch p \ (arg = #(read l))" - WrRequest_def: "WrRequest ch p l v == PRED - Calling ch p \ (arg = #(write l v))" - (* a read that doesn't raise BadArg *) - GoodRead_def: "GoodRead mm rs p l == ACT - #l \ #MemLoc \ ((rs!p)$ = $(mm!l))" - (* a read that raises BadArg *) - BadRead_def: "BadRead mm rs p l == ACT - #l \ #MemLoc \ ((rs!p)$ = #BadArg)" - (* the read action with l visible *) - ReadInner_def: "ReadInner ch mm rs p l == ACT - $(RdRequest ch p l) - \ (GoodRead mm rs p l \ BadRead mm rs p l) - \ unchanged (rtrner ch ! p)" - (* the read action with l quantified *) - Read_def: "Read ch mm rs p == ACT (\l. ReadInner ch mm rs p l)" +(* the return action *) +definition MemReturn :: "memChType \ resType \ PrIds \ action" + where "MemReturn ch rs p == ACT + ( ($(rs!p) \ #NotAResult) + \ ((rs!p)$ = #NotAResult) + \ Return ch p (rs!p))" + +(* the failure action of the unreliable memory *) +definition MemFail :: "memChType \ resType \ PrIds \ action" + where "MemFail ch rs p == ACT + $(Calling ch p) + \ ((rs!p)$ = #MemFailure) + \ unchanged (rtrner ch ! p)" - (* similar definitions for the write action *) - GoodWrite_def: "GoodWrite mm rs p l v == ACT - #l \ #MemLoc \ #v \ #MemVal - \ ((mm!l)$ = #v) \ ((rs!p)$ = #OK)" - BadWrite_def: "BadWrite mm rs p l v == ACT - \ (#l \ #MemLoc \ #v \ #MemVal) - \ ((rs!p)$ = #BadArg) \ unchanged (mm!l)" - WriteInner_def: "WriteInner ch mm rs p l v == ACT - $(WrRequest ch p l v) - \ (GoodWrite mm rs p l v \ BadWrite mm rs p l v) - \ unchanged (rtrner ch ! p)" - Write_def: "Write ch mm rs p l == ACT (\v. WriteInner ch mm rs p l v)" +(* next-state relations for reliable / unreliable memory *) +definition RNext :: "memChType \ memType \ resType \ PrIds \ action" + where "RNext ch mm rs p == ACT + ( Read ch mm rs p + \ (\l. Write ch mm rs p l) + \ MemReturn ch rs p)" + +definition UNext :: "memChType \ memType \ resType \ PrIds \ action" + where "UNext ch mm rs p == ACT (RNext ch mm rs p \ MemFail ch rs p)" - (* the return action *) - MemReturn_def: "MemReturn ch rs p == ACT - ( ($(rs!p) \ #NotAResult) - \ ((rs!p)$ = #NotAResult) - \ Return ch p (rs!p))" + +(* temporal formulas *) + +definition RPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" + where "RPSpec ch mm rs p == TEMP + Init(PInit rs p) + \ \[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p) + \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) + \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - (* the failure action of the unreliable memory *) - MemFail_def: "MemFail ch rs p == ACT - $(Calling ch p) - \ ((rs!p)$ = #MemFailure) - \ unchanged (rtrner ch ! p)" - (* next-state relations for reliable / unreliable memory *) - RNext_def: "RNext ch mm rs p == ACT - ( Read ch mm rs p - \ (\l. Write ch mm rs p l) - \ MemReturn ch rs p)" - UNext_def: "UNext ch mm rs p == ACT - (RNext ch mm rs p \ MemFail ch rs p)" +definition UPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" + where "UPSpec ch mm rs p == TEMP + Init(PInit rs p) + \ \[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p) + \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) + \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" + +definition MSpec :: "memChType \ memType \ resType \ Locs \ temporal" + where "MSpec ch mm rs l == TEMP + Init(MInit mm l) + \ \[ \p. Write ch mm rs p l ]_(mm!l)" + +definition IRSpec :: "memChType \ memType \ resType \ temporal" + where "IRSpec ch mm rs == TEMP + (\p. RPSpec ch mm rs p) + \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" - RPSpec_def: "RPSpec ch mm rs p == TEMP - Init(PInit rs p) - \ \[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p) - \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) - \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - UPSpec_def: "UPSpec ch mm rs p == TEMP - Init(PInit rs p) - \ \[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p) - \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) - \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - MSpec_def: "MSpec ch mm rs l == TEMP - Init(MInit mm l) - \ \[ \p. Write ch mm rs p l ]_(mm!l)" - IRSpec_def: "IRSpec ch mm rs == TEMP - (\p. RPSpec ch mm rs p) - \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" - IUSpec_def: "IUSpec ch mm rs == TEMP - (\p. UPSpec ch mm rs p) - \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" +definition IUSpec :: "memChType \ memType \ resType \ temporal" + where "IUSpec ch mm rs == TEMP + (\p. UPSpec ch mm rs p) + \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" + +definition RSpec :: "memChType \ resType \ temporal" + where "RSpec ch rs == TEMP (\\mm. IRSpec ch mm rs)" - RSpec_def: "RSpec ch rs == TEMP (\\mm. IRSpec ch mm rs)" - USpec_def: "USpec ch == TEMP (\\mm rs. IUSpec ch mm rs)" +definition USpec :: "memChType \ temporal" + where "USpec ch == TEMP (\\mm rs. IUSpec ch mm rs)" - MemInv_def: "MemInv mm l == PRED #l \ #MemLoc \ mm!l \ #MemVal" +(* memory invariant: in the paper, the invariant is hidden in the definition of + the predicate S used in the implementation proof, but it is easier to verify + at this level. *) +definition MemInv :: "memType \ Locs \ stpred" + where "MemInv mm l == PRED #l \ #MemLoc \ mm!l \ #MemVal" lemmas RM_action_defs = MInit_def PInit_def RdRequest_def WrRequest_def MemInv_def diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Memory/ProcedureInterface.thy --- a/src/HOL/TLA/Memory/ProcedureInterface.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Memory/ProcedureInterface.thy Mon Jan 11 21:21:02 2016 +0100 @@ -16,65 +16,78 @@ *) type_synonym ('a,'r) channel =" (PrIds \ ('a,'r) chan) stfun" + +(* data-level functions *) + consts - (* data-level functions *) cbit :: "('a,'r) chan \ bit" rbit :: "('a,'r) chan \ bit" arg :: "('a,'r) chan \ 'a" res :: "('a,'r) chan \ 'r" - (* state functions *) - caller :: "('a,'r) channel \ (PrIds \ (bit * 'a)) stfun" - rtrner :: "('a,'r) channel \ (PrIds \ (bit * 'r)) stfun" + +(* state functions *) - (* state predicates *) - Calling :: "('a,'r) channel \ PrIds \ stpred" +definition caller :: "('a,'r) channel \ (PrIds \ (bit * 'a)) stfun" + where "caller ch == \s p. (cbit (ch s p), arg (ch s p))" - (* actions *) - ACall :: "('a,'r) channel \ PrIds \ 'a stfun \ action" - AReturn :: "('a,'r) channel \ PrIds \ 'r stfun \ action" +definition rtrner :: "('a,'r) channel \ (PrIds \ (bit * 'r)) stfun" + where "rtrner ch == \s p. (rbit (ch s p), res (ch s p))" + - (* temporal formulas *) - PLegalCaller :: "('a,'r) channel \ PrIds \ temporal" - LegalCaller :: "('a,'r) channel \ temporal" - PLegalReturner :: "('a,'r) channel \ PrIds \ temporal" - LegalReturner :: "('a,'r) channel \ temporal" +(* slice through array-valued state function *) - (* slice through array-valued state function *) +consts slice :: "('a \ 'b) stfun \ 'a \ 'b stfun" - syntax "_slice" :: "[lift, 'a] \ lift" ("(_!_)" [70,70] 70) - - "_Call" :: "['a, 'b, lift] \ lift" ("(Call _ _ _)" [90,90,90] 90) - "_Return" :: "['a, 'b, lift] \ lift" ("(Return _ _ _)" [90,90,90] 90) - translations "_slice" == "CONST slice" - - "_Call" == "CONST ACall" - "_Return" == "CONST AReturn" - defs slice_def: "(PRED (x!i)) s == x s i" - caller_def: "caller ch == \s p. (cbit (ch s p), arg (ch s p))" - rtrner_def: "rtrner ch == \s p. (rbit (ch s p), res (ch s p))" + +(* state predicates *) + +definition Calling :: "('a,'r) channel \ PrIds \ stpred" + where "Calling ch p == PRED cbit< ch!p > \ rbit< ch!p >" + + +(* actions *) - Calling_def: "Calling ch p == PRED cbit< ch!p > \ rbit< ch!p >" +consts + ACall :: "('a,'r) channel \ PrIds \ 'a stfun \ action" + AReturn :: "('a,'r) channel \ PrIds \ 'r stfun \ action" +syntax + "_Call" :: "['a, 'b, lift] \ lift" ("(Call _ _ _)" [90,90,90] 90) + "_Return" :: "['a, 'b, lift] \ lift" ("(Return _ _ _)" [90,90,90] 90) +translations + "_Call" == "CONST ACall" + "_Return" == "CONST AReturn" +defs Call_def: "(ACT Call ch p v) == ACT \ $Calling ch p \ (cbit$ \ $rbit) \ (arg$ = $v)" Return_def: "(ACT Return ch p v) == ACT $Calling ch p \ (rbit$ = $cbit) \ (res$ = $v)" - PLegalCaller_def: "PLegalCaller ch p == TEMP - Init(\ Calling ch p) - \ \[\a. Call ch p a ]_((caller ch)!p)" - LegalCaller_def: "LegalCaller ch == TEMP (\p. PLegalCaller ch p)" - PLegalReturner_def: "PLegalReturner ch p == TEMP - \[\v. Return ch p v ]_((rtrner ch)!p)" - LegalReturner_def: "LegalReturner ch == TEMP (\p. PLegalReturner ch p)" + + +(* temporal formulas *) + +definition PLegalCaller :: "('a,'r) channel \ PrIds \ temporal" + where "PLegalCaller ch p == TEMP + Init(\ Calling ch p) + \ \[\a. Call ch p a ]_((caller ch)!p)" + +definition LegalCaller :: "('a,'r) channel \ temporal" + where "LegalCaller ch == TEMP (\p. PLegalCaller ch p)" + +definition PLegalReturner :: "('a,'r) channel \ PrIds \ temporal" + where "PLegalReturner ch p == TEMP \[\v. Return ch p v ]_((rtrner ch)!p)" + +definition LegalReturner :: "('a,'r) channel \ temporal" + where "LegalReturner ch == TEMP (\p. PLegalReturner ch p)" declare slice_def [simp] diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Memory/RPC.thy --- a/src/HOL/TLA/Memory/RPC.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Memory/RPC.thy Mon Jan 11 21:21:02 2016 +0100 @@ -12,63 +12,64 @@ type_synonym rpcRcvChType = "memChType" type_synonym rpcStType = "(PrIds \ rpcState) stfun" -consts - (* state predicates *) - RPCInit :: "rpcRcvChType \ rpcStType \ PrIds \ stpred" + +(* state predicates *) - (* actions *) - RPCFwd :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCReject :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCFail :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCReply :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCNext :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" +definition RPCInit :: "rpcRcvChType \ rpcStType \ PrIds \ stpred" + where "RPCInit rcv rst p == PRED ((rst!p = #rpcA) \ \Calling rcv p)" + + +(* actions *) - (* temporal *) - RPCIPSpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ temporal" - RPCISpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ temporal" - -defs - RPCInit_def: "RPCInit rcv rst p == PRED ((rst!p = #rpcA) \ \Calling rcv p)" +definition RPCFwd :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCFwd send rcv rst p == ACT + $(Calling send p) + \ $(rst!p) = # rpcA + \ IsLegalRcvArg> + \ Call rcv p RPCRelayArg> + \ (rst!p)$ = # rpcB + \ unchanged (rtrner send!p)" - RPCFwd_def: "RPCFwd send rcv rst p == ACT - $(Calling send p) - \ $(rst!p) = # rpcA - \ IsLegalRcvArg> - \ Call rcv p RPCRelayArg> - \ (rst!p)$ = # rpcB - \ unchanged (rtrner send!p)" +definition RPCReject :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCReject send rcv rst p == ACT + $(rst!p) = # rpcA + \ \IsLegalRcvArg> + \ Return send p #BadCall + \ unchanged ((rst!p), (caller rcv!p))" - RPCReject_def: "RPCReject send rcv rst p == ACT - $(rst!p) = # rpcA - \ \IsLegalRcvArg> - \ Return send p #BadCall - \ unchanged ((rst!p), (caller rcv!p))" +definition RPCFail :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCFail send rcv rst p == ACT + \$(Calling rcv p) + \ Return send p #RPCFailure + \ (rst!p)$ = #rpcA + \ unchanged (caller rcv!p)" - RPCFail_def: "RPCFail send rcv rst p == ACT - \$(Calling rcv p) - \ Return send p #RPCFailure - \ (rst!p)$ = #rpcA - \ unchanged (caller rcv!p)" +definition RPCReply :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCReply send rcv rst p == ACT + \$(Calling rcv p) + \ $(rst!p) = #rpcB + \ Return send p res + \ (rst!p)$ = #rpcA + \ unchanged (caller rcv!p)" - RPCReply_def: "RPCReply send rcv rst p == ACT - \$(Calling rcv p) - \ $(rst!p) = #rpcB - \ Return send p res - \ (rst!p)$ = #rpcA - \ unchanged (caller rcv!p)" +definition RPCNext :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCNext send rcv rst p == ACT + ( RPCFwd send rcv rst p + \ RPCReject send rcv rst p + \ RPCFail send rcv rst p + \ RPCReply send rcv rst p)" + - RPCNext_def: "RPCNext send rcv rst p == ACT - ( RPCFwd send rcv rst p - \ RPCReject send rcv rst p - \ RPCFail send rcv rst p - \ RPCReply send rcv rst p)" +(* temporal *) - RPCIPSpec_def: "RPCIPSpec send rcv rst p == TEMP - Init RPCInit rcv rst p - \ \[ RPCNext send rcv rst p ]_(rst!p, rtrner send!p, caller rcv!p) - \ WF(RPCNext send rcv rst p)_(rst!p, rtrner send!p, caller rcv!p)" +definition RPCIPSpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ temporal" + where "RPCIPSpec send rcv rst p == TEMP + Init RPCInit rcv rst p + \ \[ RPCNext send rcv rst p ]_(rst!p, rtrner send!p, caller rcv!p) + \ WF(RPCNext send rcv rst p)_(rst!p, rtrner send!p, caller rcv!p)" - RPCISpec_def: "RPCISpec send rcv rst == TEMP (\p. RPCIPSpec send rcv rst p)" +definition RPCISpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ temporal" + where "RPCISpec send rcv rst == TEMP (\p. RPCIPSpec send rcv rst p)" lemmas RPC_action_defs = diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Memory/RPCParameters.thy --- a/src/HOL/TLA/Memory/RPCParameters.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Memory/RPCParameters.thy Mon Jan 11 21:21:02 2016 +0100 @@ -16,32 +16,28 @@ datatype rpcOp = memcall memOp | othercall Vals datatype rpcState = rpcA | rpcB -consts - (* some particular return values *) - RPCFailure :: Vals - BadCall :: Vals - - (* Translate an rpc call to a memory call and test if the current argument - is legal for the receiver (i.e., the memory). This can now be a little - simpler than for the generic RPC component. RelayArg returns an arbitrary - memory call for illegal arguments. *) - IsLegalRcvArg :: "rpcOp \ bool" - RPCRelayArg :: "rpcOp \ memOp" - -axiomatization where +axiomatization RPCFailure :: Vals and BadCall :: Vals +where (* RPCFailure is different from MemVals and exceptions *) RFNoMemVal: "RPCFailure \ MemVal" and NotAResultNotRF: "NotAResult \ RPCFailure" and OKNotRF: "OK \ RPCFailure" and BANotRF: "BadArg \ RPCFailure" -defs - IsLegalRcvArg_def: "IsLegalRcvArg ra == - case ra of (memcall m) \ True - | (othercall v) \ False" - RPCRelayArg_def: "RPCRelayArg ra == - case ra of (memcall m) \ m - | (othercall v) \ undefined" +(* Translate an rpc call to a memory call and test if the current argument + is legal for the receiver (i.e., the memory). This can now be a little + simpler than for the generic RPC component. RelayArg returns an arbitrary + memory call for illegal arguments. *) + +definition IsLegalRcvArg :: "rpcOp \ bool" + where "IsLegalRcvArg ra == + case ra of (memcall m) \ True + | (othercall v) \ False" + +definition RPCRelayArg :: "rpcOp \ memOp" + where "RPCRelayArg ra == + case ra of (memcall m) \ m + | (othercall v) \ undefined" lemmas [simp] = RFNoMemVal NotAResultNotRF OKNotRF BANotRF NotAResultNotRF [symmetric] OKNotRF [symmetric] BANotRF [symmetric] diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/TLA/Stfun.thy --- a/src/HOL/TLA/Stfun.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/TLA/Stfun.thy Mon Jan 11 21:21:02 2016 +0100 @@ -40,15 +40,17 @@ "PRED P" => "(P::state \ _)" "_stvars" == "CONST stvars" -defs - (* Base variables may be assigned arbitrary (type-correct) values. - Note that vs may be a tuple of variables. The correct identification - of base variables is up to the user who must take care not to - introduce an inconsistency. For example, "basevars (x,x)" would - definitely be inconsistent. - *) - basevars_def: "stvars vs == range vs = UNIV" - +(* Base variables may be assigned arbitrary (type-correct) values. + Note that vs may be a tuple of variables. The correct identification + of base variables is up to the user who must take care not to + introduce an inconsistency. For example, "basevars (x,x)" would + definitely be inconsistent. +*) +overloading stvars \ stvars +begin + definition stvars :: "(state \ 'a) \ bool" + where basevars_def: "stvars vs == range vs = UNIV" +end lemma basevars: "\vs. basevars vs \ \u. vs u = c" apply (unfold basevars_def) diff -r bdab93ccfaf8 -r 5b946c81dfbf src/HOL/ex/MT.thy --- a/src/HOL/ex/MT.thy Mon Jan 11 21:20:44 2016 +0100 +++ b/src/HOL/ex/MT.thy Mon Jan 11 21:21:02 2016 +0100 @@ -60,21 +60,7 @@ te_app :: "[TyEnv, ExVar] => Ty" te_dom :: "TyEnv => ExVar set" - eval_fun :: "((ValEnv * Ex) * Val) set => ((ValEnv * Ex) * Val) set" - eval_rel :: "((ValEnv * Ex) * Val) set" - eval :: "[ValEnv, Ex, Val] => bool" ("_ |- _ ---> _" [36,0,36] 50) - - elab_fun :: "((TyEnv * Ex) * Ty) set => ((TyEnv * Ex) * Ty) set" - elab_rel :: "((TyEnv * Ex) * Ty) set" - elab :: "[TyEnv, Ex, Ty] => bool" ("_ |- _ ===> _" [36,0,36] 50) - isof :: "[Const, Ty] => bool" ("_ isof _" [36,36] 50) - isof_env :: "[ValEnv,TyEnv] => bool" ("_ isofenv _") - - hasty_fun :: "(Val * Ty) set => (Val * Ty) set" - hasty_rel :: "(Val * Ty) set" - hasty :: "[Val, Ty] => bool" ("_ hasty _" [36,36] 50) - hasty_env :: "[ValEnv,TyEnv] => bool" ("_ hastyenv _ " [36,36] 35) (* Expression constructors must be injective, distinct and it must be possible @@ -185,9 +171,8 @@ derived. *) -defs - eval_fun_def: - " eval_fun(s) == +definition eval_fun :: "((ValEnv * Ex) * Val) set => ((ValEnv * Ex) * Val) set" + where "eval_fun(s) == { pp. (? ve c. pp=((ve,e_const(c)),v_const(c))) | (? ve x. pp=((ve,e_var(x)),ve_app ve x) & x:ve_dom(ve)) | @@ -208,51 +193,56 @@ ) }" - eval_rel_def: "eval_rel == lfp(eval_fun)" - eval_def: "ve |- e ---> v == ((ve,e),v):eval_rel" +definition eval_rel :: "((ValEnv * Ex) * Val) set" + where "eval_rel == lfp(eval_fun)" + +definition eval :: "[ValEnv, Ex, Val] => bool" ("_ |- _ ---> _" [36,0,36] 50) + where "ve |- e ---> v == ((ve,e),v) \ eval_rel" (* The static semantics is defined in the same way as the dynamic semantics. The relation te |- e ===> t express the expression e has the type t in the type environment te. *) - elab_fun_def: - "elab_fun(s) == - { pp. - (? te c t. pp=((te,e_const(c)),t) & c isof t) | - (? te x. pp=((te,e_var(x)),te_app te x) & x:te_dom(te)) | - (? te x e t1 t2. pp=((te,fn x => e),t1->t2) & ((te+{x |=> t1},e),t2):s) | - (? te f x e t1 t2. - pp=((te,fix f(x)=e),t1->t2) & ((te+{f |=> t1->t2}+{x |=> t1},e),t2):s - ) | - (? te e1 e2 t1 t2. - pp=((te,e1 @@ e2),t2) & ((te,e1),t1->t2):s & ((te,e2),t1):s - ) - }" +definition elab_fun :: "((TyEnv * Ex) * Ty) set => ((TyEnv * Ex) * Ty) set" + where "elab_fun(s) == + { pp. + (? te c t. pp=((te,e_const(c)),t) & c isof t) | + (? te x. pp=((te,e_var(x)),te_app te x) & x:te_dom(te)) | + (? te x e t1 t2. pp=((te,fn x => e),t1->t2) & ((te+{x |=> t1},e),t2):s) | + (? te f x e t1 t2. + pp=((te,fix f(x)=e),t1->t2) & ((te+{f |=> t1->t2}+{x |=> t1},e),t2):s + ) | + (? te e1 e2 t1 t2. + pp=((te,e1 @@ e2),t2) & ((te,e1),t1->t2):s & ((te,e2),t1):s + ) + }" - elab_rel_def: "elab_rel == lfp(elab_fun)" - elab_def: "te |- e ===> t == ((te,e),t):elab_rel" +definition elab_rel :: "((TyEnv * Ex) * Ty) set" + where "elab_rel == lfp(elab_fun)" + +definition elab :: "[TyEnv, Ex, Ty] => bool" ("_ |- _ ===> _" [36,0,36] 50) + where "te |- e ===> t == ((te,e),t):elab_rel" + (* The original correspondence relation *) - isof_env_def: - " ve isofenv te == - ve_dom(ve) = te_dom(te) & - ( ! x. +definition isof_env :: "[ValEnv,TyEnv] => bool" ("_ isofenv _") + where "ve isofenv te == + ve_dom(ve) = te_dom(te) & + (! x. x:ve_dom(ve) --> - (? c. ve_app ve x = v_const(c) & c isof te_app te x) - ) - " + (? c. ve_app ve x = v_const(c) & c isof te_app te x))" axiomatization where isof_app: "[| c1 isof t1->t2; c2 isof t1 |] ==> c_app c1 c2 isof t2" -defs + (* The extented correspondence relation *) - hasty_fun_def: - " hasty_fun(r) == - { p. +definition hasty_fun :: "(Val * Ty) set => (Val * Ty) set" + where "hasty_fun(r) == + { p. ( ? c t. p = (v_const(c),t) & c isof t) | ( ? ev e ve t te. p = (v_clos(<|ev,e,ve|>),t) & @@ -260,15 +250,18 @@ ve_dom(ve) = te_dom(te) & (! ev1. ev1:ve_dom(ve) --> (ve_app ve ev1,te_app te ev1) : r) ) - } - " + }" + +definition hasty_rel :: "(Val * Ty) set" + where "hasty_rel == gfp(hasty_fun)" - hasty_rel_def: "hasty_rel == gfp(hasty_fun)" - hasty_def: "v hasty t == (v,t) : hasty_rel" - hasty_env_def: - " ve hastyenv te == - ve_dom(ve) = te_dom(te) & - (! x. x: ve_dom(ve) --> ve_app ve x hasty te_app te x)" +definition hasty :: "[Val, Ty] => bool" ("_ hasty _" [36,36] 50) + where "v hasty t == (v,t) : hasty_rel" + +definition hasty_env :: "[ValEnv,TyEnv] => bool" ("_ hastyenv _ " [36,36] 35) + where "ve hastyenv te == + ve_dom(ve) = te_dom(te) & + (! x. x: ve_dom(ve) --> ve_app ve x hasty te_app te x)" (* ############################################################ *)