# HG changeset patch # User wenzelm # Date 1452467063 -3600 # Node ID bc178c0fe1a1b13dd17bbe2936797149462a8b5b # Parent 57895801cb5739a09bbaacff83e10f26490ccfaf misc tuning and modernization; diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/ABP/Impl.thy --- a/src/HOL/HOLCF/IOA/ABP/Impl.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Impl.thy Mon Jan 11 00:04:23 2016 +0100 @@ -22,14 +22,14 @@ definition rec :: "'m impl_state => 'm receiver_state" where - "rec = fst o snd" + "rec = fst \ snd" definition srch :: "'m impl_state => 'm packet list" where - "srch = fst o snd o snd" + "srch = fst \ snd \ snd" definition rsch :: "'m impl_state => bool list" where - "rsch = snd o snd o snd" + "rsch = snd \ snd \ snd" end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/ABP/Impl_finite.thy --- a/src/HOL/HOLCF/IOA/ABP/Impl_finite.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Impl_finite.thy Mon Jan 11 00:04:23 2016 +0100 @@ -24,14 +24,14 @@ definition rec_fin :: "'m impl_fin_state => 'm receiver_state" where - "rec_fin = fst o snd" + "rec_fin = fst \ snd" definition srch_fin :: "'m impl_fin_state => 'm packet list" where - "srch_fin = fst o snd o snd" + "srch_fin = fst \ snd \ snd" definition rsch_fin :: "'m impl_fin_state => bool list" where - "rsch_fin = snd o snd o snd" + "rsch_fin = snd \ snd \ snd" end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Asig.thy --- a/src/HOL/HOLCF/IOA/Asig.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Asig.thy Mon Jan 11 00:04:23 2016 +0100 @@ -8,94 +8,69 @@ imports Main begin -type_synonym - 'a signature = "('a set * 'a set * 'a set)" +type_synonym 'a signature = "'a set \ 'a set \ 'a set" -definition - inputs :: "'action signature => 'action set" where - asig_inputs_def: "inputs = fst" +definition inputs :: "'action signature \ 'action set" + where asig_inputs_def: "inputs = fst" -definition - outputs :: "'action signature => 'action set" where - asig_outputs_def: "outputs = (fst o snd)" +definition outputs :: "'action signature \ 'action set" + where asig_outputs_def: "outputs = fst \ snd" -definition - internals :: "'action signature => 'action set" where - asig_internals_def: "internals = (snd o snd)" +definition internals :: "'action signature \ 'action set" + where asig_internals_def: "internals = snd \ snd" -definition - actions :: "'action signature => 'action set" where - "actions(asig) = (inputs(asig) Un outputs(asig) Un internals(asig))" +definition actions :: "'action signature \ 'action set" + where "actions asig = inputs asig \ outputs asig \ internals asig" -definition - externals :: "'action signature => 'action set" where - "externals(asig) = (inputs(asig) Un outputs(asig))" +definition externals :: "'action signature \ 'action set" + where "externals asig = inputs asig \ outputs asig" -definition - locals :: "'action signature => 'action set" where - "locals asig = ((internals asig) Un (outputs asig))" +definition locals :: "'action signature \ 'action set" + where "locals asig = internals asig \ outputs asig" -definition - is_asig :: "'action signature => bool" where - "is_asig(triple) = - ((inputs(triple) Int outputs(triple) = {}) & - (outputs(triple) Int internals(triple) = {}) & - (inputs(triple) Int internals(triple) = {}))" +definition is_asig :: "'action signature \ bool" + where "is_asig triple \ + inputs triple \ outputs triple = {} \ + outputs triple \ internals triple = {} \ + inputs triple \ internals triple = {}" -definition - mk_ext_asig :: "'action signature => 'action signature" where - "mk_ext_asig(triple) = (inputs(triple), outputs(triple), {})" +definition mk_ext_asig :: "'action signature \ 'action signature" + where "mk_ext_asig triple = (inputs triple, outputs triple, {})" lemmas asig_projections = asig_inputs_def asig_outputs_def asig_internals_def lemma asig_triple_proj: - "(outputs (a,b,c) = b) & - (inputs (a,b,c) = a) & - (internals (a,b,c) = c)" - apply (simp add: asig_projections) - done - -lemma int_and_ext_is_act: "[| a~:internals(S) ;a~:externals(S)|] ==> a~:actions(S)" -apply (simp add: externals_def actions_def) -done + "outputs (a, b, c) = b \ + inputs (a, b, c) = a \ + internals (a, b, c) = c" + by (simp add: asig_projections) -lemma ext_is_act: "[|a:externals(S)|] ==> a:actions(S)" -apply (simp add: externals_def actions_def) -done +lemma int_and_ext_is_act: "a \ internals S \ a \ externals S \ a \ actions S" + by (simp add: externals_def actions_def) -lemma int_is_act: "[|a:internals S|] ==> a:actions S" -apply (simp add: asig_internals_def actions_def) -done +lemma ext_is_act: "a \ externals S \ a \ actions S" + by (simp add: externals_def actions_def) -lemma inp_is_act: "[|a:inputs S|] ==> a:actions S" -apply (simp add: asig_inputs_def actions_def) -done +lemma int_is_act: "a \ internals S \ a \ actions S" + by (simp add: asig_internals_def actions_def) -lemma out_is_act: "[|a:outputs S|] ==> a:actions S" -apply (simp add: asig_outputs_def actions_def) -done +lemma inp_is_act: "a \ inputs S \ a \ actions S" + by (simp add: asig_inputs_def actions_def) -lemma ext_and_act: "(x: actions S & x : externals S) = (x: externals S)" -apply (fast intro!: ext_is_act) -done +lemma out_is_act: "a \ outputs S \ a \ actions S" + by (simp add: asig_outputs_def actions_def) -lemma not_ext_is_int: "[|is_asig S;x: actions S|] ==> (x~:externals S) = (x: internals S)" -apply (simp add: actions_def is_asig_def externals_def) -apply blast -done +lemma ext_and_act: "x \ actions S \ x \ externals S \ x \ externals S" + by (fast intro!: ext_is_act) -lemma not_ext_is_int_or_not_act: "is_asig S ==> (x~:externals S) = (x: internals S | x~:actions S)" -apply (simp add: actions_def is_asig_def externals_def) -apply blast -done +lemma not_ext_is_int: "is_asig S \ x \ actions S \ x \ externals S \ x \ internals S" + by (auto simp add: actions_def is_asig_def externals_def) -lemma int_is_not_ext: - "[| is_asig (S); x:internals S |] ==> x~:externals S" -apply (unfold externals_def actions_def is_asig_def) -apply simp -apply blast -done +lemma not_ext_is_int_or_not_act: "is_asig S \ x \ externals S \ x \ internals S \ x \ actions S" + by (auto simp add: actions_def is_asig_def externals_def) +lemma int_is_not_ext:"is_asig S \ x \ internals S \ x \ externals S" + by (auto simp add: externals_def actions_def is_asig_def) end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Automata.thy --- a/src/HOL/HOLCF/IOA/Automata.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Automata.thy Mon Jan 11 00:04:23 2016 +0100 @@ -10,32 +10,30 @@ default_sort type -type_synonym ('a, 's) transition = "'s * 'a * 's" +type_synonym ('a, 's) transition = "'s \ 'a \ 's" type_synonym ('a, 's) ioa = - "'a signature * 's set * ('a,'s)transition set * ('a set set) * ('a set set)" + "'a signature \ 's set \ ('a, 's)transition set \ 'a set set \ 'a set set" -(* --------------------------------- IOA ---------------------------------*) +subsection \IO automata\ -(* IO automata *) - -definition asig_of :: "('a, 's)ioa \ 'a signature" +definition asig_of :: "('a, 's) ioa \ 'a signature" where "asig_of = fst" definition starts_of :: "('a, 's) ioa \ 's set" - where "starts_of = (fst \ snd)" + where "starts_of = fst \ snd" definition trans_of :: "('a, 's) ioa \ ('a, 's) transition set" - where "trans_of = (fst \ snd \ snd)" + where "trans_of = fst \ snd \ snd" abbreviation trans_of_syn ("_ \_\_\ _" [81, 81, 81, 81] 100) where "s \a\A\ t \ (s, a, t) \ trans_of A" definition wfair_of :: "('a, 's) ioa \ 'a set set" - where "wfair_of = (fst \ snd \ snd \ snd)" + where "wfair_of = fst \ snd \ snd \ snd" definition sfair_of :: "('a, 's) ioa \ 'a set set" - where "sfair_of = (snd \ snd \ snd \ snd)" + where "sfair_of = snd \ snd \ snd \ snd" definition is_asig_of :: "('a, 's) ioa \ bool" where "is_asig_of A = is_asig (asig_of A)" @@ -58,121 +56,122 @@ is_trans_of A \ input_enabled A" -abbreviation "act A == actions (asig_of A)" -abbreviation "ext A == externals (asig_of A)" -abbreviation int where "int A == internals (asig_of A)" -abbreviation "inp A == inputs (asig_of A)" -abbreviation "out A == outputs (asig_of A)" -abbreviation "local A == locals (asig_of A)" +abbreviation "act A \ actions (asig_of A)" +abbreviation "ext A \ externals (asig_of A)" +abbreviation int where "int A \ internals (asig_of A)" +abbreviation "inp A \ inputs (asig_of A)" +abbreviation "out A \ outputs (asig_of A)" +abbreviation "local A \ locals (asig_of A)" -(* invariants *) -inductive reachable :: "('a, 's) ioa \ 's \ bool" - for C :: "('a, 's) ioa" + +text \invariants\ + +inductive reachable :: "('a, 's) ioa \ 's \ bool" for C :: "('a, 's) ioa" where reachable_0: "s \ starts_of C \ reachable C s" -| reachable_n: "\reachable C s; (s, a, t) \ trans_of C\ \ reachable C t" +| reachable_n: "reachable C s \ (s, a, t) \ trans_of C \ reachable C t" definition invariant :: "[('a, 's) ioa, 's \ bool] \ bool" where "invariant A P \ (\s. reachable A s \ P s)" -(* ------------------------- parallel composition --------------------------*) +subsection \Parallel composition\ -(* binary composition of action signatures and automata *) +subsubsection \Binary composition of action signatures and automata\ -definition compatible :: "[('a, 's) ioa, ('a, 't) ioa] \ bool" -where - "compatible A B \ - (((out A \ out B) = {}) \ - ((int A \ act B) = {}) \ - ((int B \ act A) = {}))" +definition compatible :: "('a, 's) ioa \ ('a, 't) ioa \ bool" + where "compatible A B \ + out A \ out B = {} \ + int A \ act B = {} \ + int B \ act A = {}" + +definition asig_comp :: "'a signature \ 'a signature \ 'a signature" + where "asig_comp a1 a2 = + (((inputs a1 \ inputs a2) - (outputs a1 \ outputs a2), + (outputs a1 \ outputs a2), + (internals a1 \ internals a2)))" -definition asig_comp :: "['a signature, 'a signature] \ 'a signature" -where - "asig_comp a1 a2 = - (((inputs(a1) \ inputs(a2)) - (outputs(a1) \ outputs(a2)), - (outputs(a1) \ outputs(a2)), - (internals(a1) \ internals(a2))))" - -definition par :: "[('a, 's) ioa, ('a, 't) ioa] \ ('a, 's * 't) ioa" (infixr "\" 10) -where - "(A \ B) = - (asig_comp (asig_of A) (asig_of B), - {pr. fst(pr) \ starts_of(A) \ snd(pr) \ starts_of(B)}, - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in (a \ act A | a:act B) \ - (if a \ act A then - (fst(s), a, fst(t)) \ trans_of(A) - else fst(t) = fst(s)) - & - (if a \ act B then - (snd(s), a, snd(t)) \ trans_of(B) - else snd(t) = snd(s))}, - wfair_of A \ wfair_of B, - sfair_of A \ sfair_of B)" +definition par :: "('a, 's) ioa \ ('a, 't) ioa \ ('a, 's * 't) ioa" (infixr "\" 10) + where "(A \ B) = + (asig_comp (asig_of A) (asig_of B), + {pr. fst pr \ starts_of A \ snd pr \ starts_of B}, + {tr. + let + s = fst tr; + a = fst (snd tr); + t = snd (snd tr) + in + (a \ act A \ a \ act B) \ + (if a \ act A then (fst s, a, fst t) \ trans_of A + else fst t = fst s) \ + (if a \ act B then (snd s, a, snd t) \ trans_of B + else snd t = snd s)}, + wfair_of A \ wfair_of B, + sfair_of A \ sfair_of B)" -(* ------------------------ hiding -------------------------------------------- *) +subsection \Hiding\ -(* hiding and restricting *) +subsubsection \Hiding and restricting\ -definition restrict_asig :: "['a signature, 'a set] \ 'a signature" -where - "restrict_asig asig actns = - (inputs(asig) Int actns, - outputs(asig) Int actns, - internals(asig) Un (externals(asig) - actns))" +definition restrict_asig :: "'a signature \ 'a set \ 'a signature" + where "restrict_asig asig actns = + (inputs asig \ actns, + outputs asig \ actns, + internals asig \ (externals asig - actns))" -(* Notice that for wfair_of and sfair_of nothing has to be changed, as - changes from the outputs to the internals does not touch the locals as - a whole, which is of importance for fairness only *) -definition restrict :: "[('a, 's) ioa, 'a set] \ ('a, 's) ioa" -where - "restrict A actns = +text \ + Notice that for \wfair_of\ and \sfair_of\ nothing has to be changed, as + changes from the outputs to the internals does not touch the locals as a + whole, which is of importance for fairness only. +\ +definition restrict :: "('a, 's) ioa \ 'a set \ ('a, 's) ioa" + where "restrict A actns = (restrict_asig (asig_of A) actns, starts_of A, trans_of A, wfair_of A, sfair_of A)" -definition hide_asig :: "['a signature, 'a set] \ 'a signature" -where - "hide_asig asig actns = - (inputs(asig) - actns, - outputs(asig) - actns, - internals(asig) \ actns)" +definition hide_asig :: "'a signature \ 'a set \ 'a signature" + where "hide_asig asig actns = + (inputs asig - actns, + outputs asig - actns, + internals asig \ actns)" -definition hide :: "[('a, 's) ioa, 'a set] \ ('a, 's) ioa" -where - "hide A actns = +definition hide :: "('a, 's) ioa \ 'a set \ ('a, 's) ioa" + where "hide A actns = (hide_asig (asig_of A) actns, starts_of A, trans_of A, wfair_of A, sfair_of A)" -(* ------------------------- renaming ------------------------------------------- *) + +subsection \Renaming\ definition rename_set :: "'a set \ ('c \ 'a option) \ 'c set" where "rename_set A ren = {b. \x. Some x = ren b \ x \ A}" definition rename :: "('a, 'b) ioa \ ('c \ 'a option) \ ('c, 'b) ioa" -where - "rename ioa ren = + where "rename ioa ren = ((rename_set (inp ioa) ren, rename_set (out ioa) ren, rename_set (int ioa) ren), starts_of ioa, - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in - \x. Some(x) = ren(a) \ (s,x,t):trans_of ioa}, + {tr. + let + s = fst tr; + a = fst (snd tr); + t = snd (snd tr) + in \x. Some x = ren a \ s \x\ioa\ t}, {rename_set s ren | s. s \ wfair_of ioa}, {rename_set s ren | s. s \ sfair_of ioa})" -(* ------------------------- fairness ----------------------------- *) +subsection \Fairness\ -(* enabledness of actions and action sets *) +subsubsection \Enabledness of actions and action sets\ definition enabled :: "('a, 's) ioa \ 'a \ 's \ bool" where "enabled A a s \ (\t. s \a\A\ t)" @@ -181,15 +180,14 @@ where "Enabled A W s \ (\w \ W. enabled A w s)" -(* action set keeps enabled until probably disabled by itself *) +text \Action set keeps enabled until probably disabled by itself.\ definition en_persistent :: "('a, 's) ioa \ 'a set \ bool" -where - "en_persistent A W \ + where "en_persistent A W \ (\s a t. Enabled A W s \ a \ W \ s \a\A\ t \ Enabled A W t)" -(* post_conditions for actions and action sets *) +text \Post conditions for actions and action sets.\ definition was_enabled :: "('a, 's) ioa \ 'a \ 's \ bool" where "was_enabled A a t \ (\s. s \a\A\ t)" @@ -198,14 +196,13 @@ where "set_was_enabled A W t \ (\w \ W. was_enabled A w t)" -(* constraints for fair IOA *) +text \Constraints for fair IOA.\ definition fairIOA :: "('a, 's) ioa \ bool" where "fairIOA A \ (\S \ wfair_of A. S \ local A) \ (\S \ sfair_of A. S \ local A)" definition input_resistant :: "('a, 's) ioa \ bool" -where - "input_resistant A \ + where "input_resistant A \ (\W \ sfair_of A. \s a t. reachable A s \ reachable A t \ a \ inp A \ Enabled A W s \ s \a\A\ t \ Enabled A W t)" @@ -216,142 +213,116 @@ lemmas ioa_projections = asig_of_def starts_of_def trans_of_def wfair_of_def sfair_of_def -subsection "asig_of, starts_of, trans_of" +subsection "\asig_of\, \starts_of\, \trans_of\" lemma ioa_triple_proj: - "((asig_of (x,y,z,w,s)) = x) & - ((starts_of (x,y,z,w,s)) = y) & - ((trans_of (x,y,z,w,s)) = z) & - ((wfair_of (x,y,z,w,s)) = w) & - ((sfair_of (x,y,z,w,s)) = s)" - apply (simp add: ioa_projections) - done + "asig_of (x, y, z, w, s) = x \ + starts_of (x, y, z, w, s) = y \ + trans_of (x, y, z, w, s) = z \ + wfair_of (x, y, z, w, s) = w \ + sfair_of (x, y, z, w, s) = s" + by (simp add: ioa_projections) -lemma trans_in_actions: - "[| is_trans_of A; (s1,a,s2):trans_of(A) |] ==> a:act A" - apply (unfold is_trans_of_def actions_def is_asig_def) - apply (erule allE, erule impE, assumption) - apply simp - done +lemma trans_in_actions: "is_trans_of A \ s1 \a\A\ s2 \ a \ act A" + by (auto simp add: is_trans_of_def actions_def is_asig_def) -lemma starts_of_par: "starts_of(A \ B) = {p. fst(p):starts_of(A) & snd(p):starts_of(B)}" +lemma starts_of_par: "starts_of (A \ B) = {p. fst p \ starts_of A \ snd p \ starts_of B}" by (simp add: par_def ioa_projections) lemma trans_of_par: -"trans_of(A \ B) = {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in (a:act A | a:act B) & - (if a:act A then - (fst(s),a,fst(t)):trans_of(A) - else fst(t) = fst(s)) - & - (if a:act B then - (snd(s),a,snd(t)):trans_of(B) - else snd(t) = snd(s))}" + "trans_of(A \ B) = + {tr. + let + s = fst tr; + a = fst (snd tr); + t = snd (snd tr) + in + (a \ act A \ a \ act B) \ + (if a \ act A then (fst s, a, fst t) \ trans_of A + else fst t = fst s) \ + (if a \ act B then (snd s, a, snd t) \ trans_of B + else snd t = snd s)}" by (simp add: par_def ioa_projections) -subsection "actions and par" +subsection \\actions\ and \par\\ -lemma actions_asig_comp: "actions(asig_comp a b) = actions(a) Un actions(b)" +lemma actions_asig_comp: "actions (asig_comp a b) = actions a \ actions b" by (auto simp add: actions_def asig_comp_def asig_projections) lemma asig_of_par: "asig_of(A \ B) = asig_comp (asig_of A) (asig_of B)" by (simp add: par_def ioa_projections) - -lemma externals_of_par: "ext (A1\A2) = (ext A1) Un (ext A2)" - apply (simp add: externals_def asig_of_par asig_comp_def +lemma externals_of_par: "ext (A1 \ A2) = ext A1 \ ext A2" + by (auto simp add: externals_def asig_of_par asig_comp_def asig_inputs_def asig_outputs_def Un_def set_diff_eq) - apply blast - done -lemma actions_of_par: "act (A1\A2) = (act A1) Un (act A2)" - apply (simp add: actions_def asig_of_par asig_comp_def +lemma actions_of_par: "act (A1 \ A2) = act A1 \ act A2" + by (auto simp add: actions_def asig_of_par asig_comp_def asig_inputs_def asig_outputs_def asig_internals_def Un_def set_diff_eq) - apply blast - done -lemma inputs_of_par: "inp (A1\A2) = ((inp A1) Un (inp A2)) - ((out A1) Un (out A2))" +lemma inputs_of_par: "inp (A1 \ A2) = (inp A1 \ inp A2) - (out A1 \ out A2)" by (simp add: actions_def asig_of_par asig_comp_def asig_inputs_def asig_outputs_def Un_def set_diff_eq) -lemma outputs_of_par: "out (A1\A2) = (out A1) Un (out A2)" +lemma outputs_of_par: "out (A1 \ A2) = out A1 \ out A2" by (simp add: actions_def asig_of_par asig_comp_def asig_outputs_def Un_def set_diff_eq) -lemma internals_of_par: "int (A1\A2) = (int A1) Un (int A2)" +lemma internals_of_par: "int (A1 \ A2) = int A1 \ int A2" by (simp add: actions_def asig_of_par asig_comp_def asig_inputs_def asig_outputs_def asig_internals_def Un_def set_diff_eq) -subsection "actions and compatibility" +subsection \Actions and compatibility\ lemma compat_commute: "compatible A B = compatible B A" by (auto simp add: compatible_def Int_commute) -lemma ext1_is_not_int2: "[| compatible A1 A2; a:ext A1|] ==> a~:int A2" - apply (unfold externals_def actions_def compatible_def) - apply simp - apply blast - done +lemma ext1_is_not_int2: "compatible A1 A2 \ a \ ext A1 \ a \ int A2" + by (auto simp add: externals_def actions_def compatible_def) -(* just commuting the previous one: better commute compatible *) -lemma ext2_is_not_int1: "[| compatible A2 A1 ; a:ext A1|] ==> a~:int A2" - apply (unfold externals_def actions_def compatible_def) - apply simp - apply blast - done +(*just commuting the previous one: better commute compatible*) +lemma ext2_is_not_int1: "compatible A2 A1 \ a \ ext A1 \ a \ int A2" + by (auto simp add: externals_def actions_def compatible_def) lemmas ext1_ext2_is_not_act2 = ext1_is_not_int2 [THEN int_and_ext_is_act] lemmas ext1_ext2_is_not_act1 = ext2_is_not_int1 [THEN int_and_ext_is_act] -lemma intA_is_not_extB: "[| compatible A B; x:int A |] ==> x~:ext B" - apply (unfold externals_def actions_def compatible_def) - apply simp - apply blast - done +lemma intA_is_not_extB: "compatible A B \ x \ int A \ x \ ext B" + by (auto simp add: externals_def actions_def compatible_def) -lemma intA_is_not_actB: "[| compatible A B; a:int A |] ==> a ~: act B" - apply (unfold externals_def actions_def compatible_def is_asig_def asig_of_def) - apply simp - apply blast - done +lemma intA_is_not_actB: "compatible A B \ a \ int A \ a \ act B" + by (auto simp add: externals_def actions_def compatible_def is_asig_def asig_of_def) -(* the only one that needs disjointness of outputs and of internals and _all_ acts *) -lemma outAactB_is_inpB: "[| compatible A B; a:out A ;a:act B|] ==> a : inp B" - apply (unfold asig_outputs_def asig_internals_def actions_def asig_inputs_def +(*the only one that needs disjointness of outputs and of internals and _all_ acts*) +lemma outAactB_is_inpB: "compatible A B \ a \ out A \ a \ act B \ a \ inp B" + by (auto simp add: asig_outputs_def asig_internals_def actions_def asig_inputs_def compatible_def is_asig_def asig_of_def) - apply simp - apply blast - done -(* needed for propagation of input_enabledness from A,B to A\B *) +(*needed for propagation of input_enabledness from A, B to A \ B*) lemma inpAAactB_is_inpBoroutB: - "[| compatible A B; a:inp A ;a:act B|] ==> a : inp B | a: out B" - apply (unfold asig_outputs_def asig_internals_def actions_def asig_inputs_def + "compatible A B \ a \ inp A \ a \ act B \ a \ inp B \ a \ out B" + by (auto simp add: asig_outputs_def asig_internals_def actions_def asig_inputs_def compatible_def is_asig_def asig_of_def) - apply simp - apply blast - done -subsection "input_enabledness and par" +subsection \Input enabledness and par\ -(* ugly case distinctions. Heart of proof: - 1. inpAAactB_is_inpBoroutB ie. internals are really hidden. - 2. inputs_of_par: outputs are no longer inputs of par. This is important here *) +(*ugly case distinctions. Heart of proof: + 1. inpAAactB_is_inpBoroutB ie. internals are really hidden. + 2. inputs_of_par: outputs are no longer inputs of par. This is important here.*) lemma input_enabled_par: - "[| compatible A B; input_enabled A; input_enabled B|] - ==> input_enabled (A\B)" + "compatible A B \ input_enabled A \ input_enabled B \ input_enabled (A \ B)" apply (unfold input_enabled_def) apply (simp add: Let_def inputs_of_par trans_of_par) apply (tactic "safe_tac (Context.raw_transfer @{theory} @{theory_context Fun})") apply (simp add: inp_is_act) prefer 2 apply (simp add: inp_is_act) - (* a: inp A *) - apply (case_tac "a:act B") - (* a:act B *) + text \\a \ inp A\\ + apply (case_tac "a \ act B") + text \\a \ inp B\\ apply (erule_tac x = "a" in allE) apply simp apply (drule inpAAactB_is_inpBoroutB) @@ -363,9 +334,9 @@ apply (erule_tac x = "b" in allE) apply (erule exE) apply (erule exE) - apply (rule_tac x = " (s2,s2a) " in exI) + apply (rule_tac x = "(s2, s2a)" in exI) apply (simp add: inp_is_act) - (* a~: act B*) + text \\a \ act B\\ apply (simp add: inp_is_act) apply (erule_tac x = "a" in allE) apply simp @@ -373,10 +344,10 @@ apply (erule exE) apply (rule_tac x = " (s2,b) " in exI) apply simp - - (* a:inp B *) - apply (case_tac "a:act A") - (* a:act A *) + + text \\a \ inp B\\ + apply (case_tac "a \ act A") + text \\a \ act A\\ apply (erule_tac x = "a" in allE) apply (erule_tac x = "a" in allE) apply (simp add: inp_is_act) @@ -390,26 +361,27 @@ apply (erule_tac x = "b" in allE) apply (erule exE) apply (erule exE) - apply (rule_tac x = " (s2,s2a) " in exI) + apply (rule_tac x = "(s2, s2a)" in exI) apply (simp add: inp_is_act) - (* a~: act B*) + text \\a \ act B\\ apply (simp add: inp_is_act) apply (erule_tac x = "a" in allE) apply (erule_tac x = "a" in allE) apply simp apply (erule_tac x = "b" in allE) apply (erule exE) - apply (rule_tac x = " (aa,s2) " in exI) + apply (rule_tac x = "(aa, s2)" in exI) apply simp done -subsection "invariants" +subsection \Invariants\ lemma invariantI: - "[| !!s. s:starts_of(A) ==> P(s); - !!s t a. [|reachable A s; P(s)|] ==> (s,a,t): trans_of(A) --> P(t) |] - ==> invariant A P" + assumes "\s. s \ starts_of A \ P s" + and "\s t a. reachable A s \ P s \ (s, a, t) \ trans_of A \ P t" + shows "invariant A P" + using assms apply (unfold invariant_def) apply (rule allI) apply (rule impI) @@ -420,26 +392,23 @@ done lemma invariantI1: - "[| !!s. s : starts_of(A) ==> P(s); - !!s t a. reachable A s ==> P(s) --> (s,a,t):trans_of(A) --> P(t) - |] ==> invariant A P" - apply (blast intro: invariantI) - done + assumes "\s. s \ starts_of A \ P s" + and "\s t a. reachable A s \ P s \ (s, a, t) \ trans_of A \ P t" + shows "invariant A P" + using assms by (blast intro: invariantI) -lemma invariantE: "[| invariant A P; reachable A s |] ==> P(s)" - apply (unfold invariant_def) - apply blast - done +lemma invariantE: "invariant A P \ reachable A s \ P s" + unfolding invariant_def by blast -subsection "restrict" - +subsection \\restrict\\ lemmas reachable_0 = reachable.reachable_0 and reachable_n = reachable.reachable_n -lemma cancel_restrict_a: "starts_of(restrict ioa acts) = starts_of(ioa) & - trans_of(restrict ioa acts) = trans_of(ioa)" +lemma cancel_restrict_a: + "starts_of (restrict ioa acts) = starts_of ioa \ + trans_of (restrict ioa acts) = trans_of ioa" by (simp add: restrict_def ioa_projections) lemma cancel_restrict_b: "reachable (restrict ioa acts) s = reachable ioa s" @@ -448,7 +417,7 @@ apply (simp add: cancel_restrict_a reachable_0) apply (erule reachable_n) apply (simp add: cancel_restrict_a) - (* <-- *) + text \\\\\ apply (erule reachable.induct) apply (rule reachable_0) apply (simp add: cancel_restrict_a) @@ -457,25 +426,23 @@ done lemma acts_restrict: "act (restrict A acts) = act A" - apply (simp (no_asm) add: actions_def asig_internals_def + by (auto simp add: actions_def asig_internals_def asig_outputs_def asig_inputs_def externals_def asig_of_def restrict_def restrict_asig_def) - apply auto - done -lemma cancel_restrict: "starts_of(restrict ioa acts) = starts_of(ioa) & - trans_of(restrict ioa acts) = trans_of(ioa) & - reachable (restrict ioa acts) s = reachable ioa s & - act (restrict A acts) = act A" +lemma cancel_restrict: + "starts_of (restrict ioa acts) = starts_of ioa \ + trans_of (restrict ioa acts) = trans_of ioa \ + reachable (restrict ioa acts) s = reachable ioa s \ + act (restrict A acts) = act A" by (simp add: cancel_restrict_a cancel_restrict_b acts_restrict) -subsection "rename" +subsection \\rename\\ -lemma trans_rename: "s \a\(rename C f)\ t ==> (? x. Some(x) = f(a) & s \x\C\ t)" +lemma trans_rename: "s \a\(rename C f)\ t \ (\x. Some x = f a \ s \x\C\ t)" by (simp add: Let_def rename_def trans_of_def) - -lemma reachable_rename: "[| reachable (rename C g) s |] ==> reachable C s" +lemma reachable_rename: "reachable (rename C g) s \ reachable C s" apply (erule reachable.induct) apply (rule reachable_0) apply (simp add: rename_def ioa_projections) @@ -487,41 +454,44 @@ done -subsection "trans_of(A\B)" +subsection \\trans_of (A \ B)\\ -lemma trans_A_proj: "[|(s,a,t):trans_of (A\B); a:act A|] - ==> (fst s,a,fst t):trans_of A" +lemma trans_A_proj: + "(s, a, t) \ trans_of (A \ B) \ a \ act A \ (fst s, a, fst t) \ trans_of A" by (simp add: Let_def par_def trans_of_def) -lemma trans_B_proj: "[|(s,a,t):trans_of (A\B); a:act B|] - ==> (snd s,a,snd t):trans_of B" +lemma trans_B_proj: + "(s, a, t) \ trans_of (A \ B) \ a \ act B \ (snd s, a, snd t) \ trans_of B" by (simp add: Let_def par_def trans_of_def) -lemma trans_A_proj2: "[|(s,a,t):trans_of (A\B); a~:act A|] - ==> fst s = fst t" +lemma trans_A_proj2: "(s, a, t) \ trans_of (A \ B) \ a \ act A \ fst s = fst t" by (simp add: Let_def par_def trans_of_def) -lemma trans_B_proj2: "[|(s,a,t):trans_of (A\B); a~:act B|] - ==> snd s = snd t" +lemma trans_B_proj2: "(s, a, t) \ trans_of (A \ B) \ a \ act B \ snd s = snd t" + by (simp add: Let_def par_def trans_of_def) + +lemma trans_AB_proj: "(s, a, t) \ trans_of (A \ B) \ a \ act A \ a \ act B" by (simp add: Let_def par_def trans_of_def) -lemma trans_AB_proj: "(s,a,t):trans_of (A\B) - ==> a :act A | a :act B" - by (simp add: Let_def par_def trans_of_def) - -lemma trans_AB: "[|a:act A;a:act B; - (fst s,a,fst t):trans_of A;(snd s,a,snd t):trans_of B|] - ==> (s,a,t):trans_of (A\B)" +lemma trans_AB: + "a \ act A \ a \ act B \ + (fst s, a, fst t) \ trans_of A \ + (snd s, a, snd t) \ trans_of B \ + (s, a, t) \ trans_of (A \ B)" by (simp add: Let_def par_def trans_of_def) -lemma trans_A_notB: "[|a:act A;a~:act B; - (fst s,a,fst t):trans_of A;snd s=snd t|] - ==> (s,a,t):trans_of (A\B)" +lemma trans_A_notB: + "a \ act A \ a \ act B \ + (fst s, a, fst t) \ trans_of A \ + snd s = snd t \ + (s, a, t) \ trans_of (A \ B)" by (simp add: Let_def par_def trans_of_def) -lemma trans_notA_B: "[|a~:act A;a:act B; - (snd s,a,snd t):trans_of B;fst s=fst t|] - ==> (s,a,t):trans_of (A\B)" +lemma trans_notA_B: + "a \ act A \ a \ act B \ + (snd s, a, snd t) \ trans_of B \ + fst s = fst t \ + (s, a, t) \ trans_of (A \ B)" by (simp add: Let_def par_def trans_of_def) lemmas trans_of_defs1 = trans_AB trans_A_notB trans_notA_B @@ -529,54 +499,55 @@ lemma trans_of_par4: -"((s,a,t) : trans_of(A \ B \ C \ D)) = - ((a:actions(asig_of(A)) | a:actions(asig_of(B)) | a:actions(asig_of(C)) | - a:actions(asig_of(D))) & - (if a:actions(asig_of(A)) then (fst(s),a,fst(t)):trans_of(A) - else fst t=fst s) & - (if a:actions(asig_of(B)) then (fst(snd(s)),a,fst(snd(t))):trans_of(B) - else fst(snd(t))=fst(snd(s))) & - (if a:actions(asig_of(C)) then - (fst(snd(snd(s))),a,fst(snd(snd(t)))):trans_of(C) - else fst(snd(snd(t)))=fst(snd(snd(s)))) & - (if a:actions(asig_of(D)) then - (snd(snd(snd(s))),a,snd(snd(snd(t)))):trans_of(D) - else snd(snd(snd(t)))=snd(snd(snd(s)))))" + "(s, a, t) \ trans_of (A \ B \ C \ D) \ + ((a \ actions (asig_of A) \ a \ actions (asig_of B) \ a \ actions (asig_of C) \ + a \ actions (asig_of D)) \ + (if a \ actions (asig_of A) + then (fst s, a, fst t) \ trans_of A + else fst t = fst s) \ + (if a \ actions (asig_of B) + then (fst (snd s), a, fst (snd t)) \ trans_of B + else fst (snd t) = fst (snd s)) \ + (if a \ actions (asig_of C) + then (fst (snd (snd s)), a, fst (snd (snd t))) \ trans_of C + else fst (snd (snd t)) = fst (snd (snd s))) \ + (if a \ actions (asig_of D) + then (snd (snd (snd s)), a, snd (snd (snd t))) \ trans_of D + else snd (snd (snd t)) = snd (snd (snd s))))" by (simp add: par_def actions_asig_comp prod_eq_iff Let_def ioa_projections) -subsection "proof obligation generator for IOA requirements" +subsection \Proof obligation generator for IOA requirements\ -(* without assumptions on A and B because is_trans_of is also incorporated in \def *) -lemma is_trans_of_par: "is_trans_of (A\B)" +(*without assumptions on A and B because is_trans_of is also incorporated in par_def*) +lemma is_trans_of_par: "is_trans_of (A \ B)" by (simp add: is_trans_of_def Let_def actions_of_par trans_of_par) -lemma is_trans_of_restrict: "is_trans_of A ==> is_trans_of (restrict A acts)" +lemma is_trans_of_restrict: "is_trans_of A \ is_trans_of (restrict A acts)" by (simp add: is_trans_of_def cancel_restrict acts_restrict) -lemma is_trans_of_rename: "is_trans_of A ==> is_trans_of (rename A f)" +lemma is_trans_of_rename: "is_trans_of A \ is_trans_of (rename A f)" apply (unfold is_trans_of_def restrict_def restrict_asig_def) apply (simp add: Let_def actions_def trans_of_def asig_internals_def asig_outputs_def asig_inputs_def externals_def asig_of_def rename_def rename_set_def) apply blast done -lemma is_asig_of_par: "[| is_asig_of A; is_asig_of B; compatible A B|] - ==> is_asig_of (A\B)" +lemma is_asig_of_par: "is_asig_of A \ is_asig_of B \ compatible A B \ is_asig_of (A \ B)" apply (simp add: is_asig_of_def asig_of_par asig_comp_def compatible_def asig_internals_def asig_outputs_def asig_inputs_def actions_def is_asig_def) apply (simp add: asig_of_def) apply auto done -lemma is_asig_of_restrict: "is_asig_of A ==> is_asig_of (restrict A f)" +lemma is_asig_of_restrict: "is_asig_of A \ is_asig_of (restrict A f)" apply (unfold is_asig_of_def is_asig_def asig_of_def restrict_def restrict_asig_def - asig_internals_def asig_outputs_def asig_inputs_def externals_def o_def) + asig_internals_def asig_outputs_def asig_inputs_def externals_def o_def) apply simp apply auto done -lemma is_asig_of_rename: "is_asig_of A ==> is_asig_of (rename A f)" +lemma is_asig_of_rename: "is_asig_of A \ is_asig_of (rename A f)" apply (simp add: is_asig_of_def rename_def rename_set_def asig_internals_def asig_outputs_def asig_inputs_def actions_def is_asig_def asig_of_def) apply auto @@ -588,27 +559,17 @@ is_asig_of_rename is_trans_of_par is_trans_of_restrict is_trans_of_rename -lemma compatible_par: "[|compatible A B; compatible A C |]==> compatible A (B\C)" - apply (unfold compatible_def) - apply (simp add: internals_of_par outputs_of_par actions_of_par) - apply auto - done +lemma compatible_par: "compatible A B \ compatible A C \ compatible A (B \ C)" + by (auto simp add: compatible_def internals_of_par outputs_of_par actions_of_par) -(* better derive by previous one and compat_commute *) -lemma compatible_par2: "[|compatible A C; compatible B C |]==> compatible (A\B) C" - apply (unfold compatible_def) - apply (simp add: internals_of_par outputs_of_par actions_of_par) - apply auto - done +(*better derive by previous one and compat_commute*) +lemma compatible_par2: "compatible A C \ compatible B C \ compatible (A \ B) C" + by (auto simp add: compatible_def internals_of_par outputs_of_par actions_of_par) lemma compatible_restrict: - "[| compatible A B; (ext B - S) Int ext A = {}|] - ==> compatible A (restrict B S)" - apply (unfold compatible_def) - apply (simp add: ioa_triple_proj asig_triple_proj externals_def + "compatible A B \ (ext B - S) \ ext A = {} \ compatible A (restrict B S)" + by (auto simp add: compatible_def ioa_triple_proj asig_triple_proj externals_def restrict_def restrict_asig_def actions_def) - apply auto - done declare split_paired_Ex [simp] diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/CompoExecs.thy --- a/src/HOL/HOLCF/IOA/CompoExecs.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/CompoExecs.thy Mon Jan 11 00:04:23 2016 +0100 @@ -8,187 +8,154 @@ imports Traces begin -definition - ProjA2 :: "('a,'s * 't)pairs -> ('a,'s)pairs" where - "ProjA2 = Map (%x.(fst x,fst(snd x)))" +definition ProjA2 :: "('a, 's \ 't) pairs \ ('a, 's) pairs" + where "ProjA2 = Map (\x. (fst x, fst (snd x)))" -definition - ProjA :: "('a,'s * 't)execution => ('a,'s)execution" where - "ProjA ex = (fst (fst ex), ProjA2$(snd ex))" +definition ProjA :: "('a, 's \ 't) execution \ ('a, 's) execution" + where "ProjA ex = (fst (fst ex), ProjA2 $ (snd ex))" -definition - ProjB2 :: "('a,'s * 't)pairs -> ('a,'t)pairs" where - "ProjB2 = Map (%x.(fst x,snd(snd x)))" +definition ProjB2 :: "('a, 's \ 't) pairs \ ('a, 't) pairs" + where "ProjB2 = Map (\x. (fst x, snd (snd x)))" -definition - ProjB :: "('a,'s * 't)execution => ('a,'t)execution" where - "ProjB ex = (snd (fst ex), ProjB2$(snd ex))" +definition ProjB :: "('a, 's \ 't) execution \ ('a, 't) execution" + where "ProjB ex = (snd (fst ex), ProjB2 $ (snd ex))" -definition - Filter_ex2 :: "'a signature => ('a,'s)pairs -> ('a,'s)pairs" where - "Filter_ex2 sig = Filter (%x. fst x:actions sig)" +definition Filter_ex2 :: "'a signature \ ('a, 's) pairs \ ('a, 's) pairs" + where "Filter_ex2 sig = Filter (\x. fst x \ actions sig)" -definition - Filter_ex :: "'a signature => ('a,'s)execution => ('a,'s)execution" where - "Filter_ex sig ex = (fst ex,Filter_ex2 sig$(snd ex))" +definition Filter_ex :: "'a signature \ ('a, 's) execution \ ('a, 's) execution" + where "Filter_ex sig ex = (fst ex, Filter_ex2 sig $ (snd ex))" -definition - stutter2 :: "'a signature => ('a,'s)pairs -> ('s => tr)" where - "stutter2 sig = (fix$(LAM h ex. (%s. case ex of - nil => TT - | x##xs => (flift1 - (%p.(If Def ((fst p)~:actions sig) - then Def (s=(snd p)) - else TT) - andalso (h$xs) (snd p)) - $x) - )))" +definition stutter2 :: "'a signature \ ('a, 's) pairs \ ('s \ tr)" + where "stutter2 sig = + (fix $ + (LAM h ex. + (\s. + case ex of + nil \ TT + | x ## xs \ + (flift1 + (\p. + (If Def (fst p \ actions sig) then Def (s = snd p) else TT) + andalso (h$xs) (snd p)) $ x))))" -definition - stutter :: "'a signature => ('a,'s)execution => bool" where - "stutter sig ex = ((stutter2 sig$(snd ex)) (fst ex) ~= FF)" +definition stutter :: "'a signature \ ('a, 's) execution \ bool" + where "stutter sig ex \ (stutter2 sig $ (snd ex)) (fst ex) \ FF" -definition - par_execs :: "[('a,'s)execution_module,('a,'t)execution_module] => ('a,'s*'t)execution_module" where - "par_execs ExecsA ExecsB = - (let exA = fst ExecsA; sigA = snd ExecsA; - exB = fst ExecsB; sigB = snd ExecsB - in - ( {ex. Filter_ex sigA (ProjA ex) : exA} - Int {ex. Filter_ex sigB (ProjB ex) : exB} - Int {ex. stutter sigA (ProjA ex)} - Int {ex. stutter sigB (ProjB ex)} - Int {ex. Forall (%x. fst x:(actions sigA Un actions sigB)) (snd ex)}, +definition par_execs :: + "('a, 's) execution_module \ ('a, 't) execution_module \ ('a, 's \ 't) execution_module" + where "par_execs ExecsA ExecsB = + (let + exA = fst ExecsA; sigA = snd ExecsA; + exB = fst ExecsB; sigB = snd ExecsB + in + ({ex. Filter_ex sigA (ProjA ex) \ exA} \ + {ex. Filter_ex sigB (ProjB ex) \ exB} \ + {ex. stutter sigA (ProjA ex)} \ + {ex. stutter sigB (ProjB ex)} \ + {ex. Forall (\x. fst x \ actions sigA \ actions sigB) (snd ex)}, asig_comp sigA sigB))" lemmas [simp del] = split_paired_All -section "recursive equations of operators" - +section \Recursive equations of operators\ -(* ---------------------------------------------------------------- *) -(* ProjA2 *) -(* ---------------------------------------------------------------- *) - +subsection \\ProjA2\\ -lemma ProjA2_UU: "ProjA2$UU = UU" -apply (simp add: ProjA2_def) -done +lemma ProjA2_UU: "ProjA2 $ UU = UU" + by (simp add: ProjA2_def) -lemma ProjA2_nil: "ProjA2$nil = nil" -apply (simp add: ProjA2_def) -done +lemma ProjA2_nil: "ProjA2 $ nil = nil" + by (simp add: ProjA2_def) -lemma ProjA2_cons: "ProjA2$((a,t)\xs) = (a,fst t) \ ProjA2$xs" -apply (simp add: ProjA2_def) -done +lemma ProjA2_cons: "ProjA2 $ ((a, t) \ xs) = (a, fst t) \ ProjA2 $ xs" + by (simp add: ProjA2_def) -(* ---------------------------------------------------------------- *) -(* ProjB2 *) -(* ---------------------------------------------------------------- *) +subsection \\ProjB2\\ - -lemma ProjB2_UU: "ProjB2$UU = UU" -apply (simp add: ProjB2_def) -done +lemma ProjB2_UU: "ProjB2 $ UU = UU" + by (simp add: ProjB2_def) -lemma ProjB2_nil: "ProjB2$nil = nil" -apply (simp add: ProjB2_def) -done +lemma ProjB2_nil: "ProjB2 $ nil = nil" + by (simp add: ProjB2_def) -lemma ProjB2_cons: "ProjB2$((a,t)\xs) = (a,snd t) \ ProjB2$xs" -apply (simp add: ProjB2_def) -done - - - -(* ---------------------------------------------------------------- *) -(* Filter_ex2 *) -(* ---------------------------------------------------------------- *) +lemma ProjB2_cons: "ProjB2 $ ((a, t) \ xs) = (a, snd t) \ ProjB2 $ xs" + by (simp add: ProjB2_def) -lemma Filter_ex2_UU: "Filter_ex2 sig$UU=UU" -apply (simp add: Filter_ex2_def) -done +subsection \\Filter_ex2\\ -lemma Filter_ex2_nil: "Filter_ex2 sig$nil=nil" -apply (simp add: Filter_ex2_def) -done +lemma Filter_ex2_UU: "Filter_ex2 sig $ UU = UU" + by (simp add: Filter_ex2_def) -lemma Filter_ex2_cons: "Filter_ex2 sig$(at \ xs) = - (if (fst at:actions sig) - then at \ (Filter_ex2 sig$xs) - else Filter_ex2 sig$xs)" +lemma Filter_ex2_nil: "Filter_ex2 sig $ nil = nil" + by (simp add: Filter_ex2_def) -apply (simp add: Filter_ex2_def) -done - - -(* ---------------------------------------------------------------- *) -(* stutter2 *) -(* ---------------------------------------------------------------- *) +lemma Filter_ex2_cons: + "Filter_ex2 sig $ (at \ xs) = + (if fst at \ actions sig + then at \ (Filter_ex2 sig $ xs) + else Filter_ex2 sig $ xs)" + by (simp add: Filter_ex2_def) -lemma stutter2_unfold: "stutter2 sig = (LAM ex. (%s. case ex of - nil => TT - | x##xs => (flift1 - (%p.(If Def ((fst p)~:actions sig) - then Def (s=(snd p)) - else TT) - andalso (stutter2 sig$xs) (snd p)) - $x) - ))" -apply (rule trans) -apply (rule fix_eq2) -apply (simp only: stutter2_def) -apply (rule beta_cfun) -apply (simp add: flift1_def) -done +subsection \\stutter2\\ + +lemma stutter2_unfold: + "stutter2 sig = + (LAM ex. + (\s. + case ex of + nil \ TT + | x ## xs \ + (flift1 + (\p. + (If Def (fst p \ actions sig) then Def (s= snd p) else TT) + andalso (stutter2 sig$xs) (snd p)) $ x)))" + apply (rule trans) + apply (rule fix_eq2) + apply (simp only: stutter2_def) + apply (rule beta_cfun) + apply (simp add: flift1_def) + done -lemma stutter2_UU: "(stutter2 sig$UU) s=UU" -apply (subst stutter2_unfold) -apply simp -done +lemma stutter2_UU: "(stutter2 sig $ UU) s = UU" + apply (subst stutter2_unfold) + apply simp + done -lemma stutter2_nil: "(stutter2 sig$nil) s = TT" -apply (subst stutter2_unfold) -apply simp -done +lemma stutter2_nil: "(stutter2 sig $ nil) s = TT" + apply (subst stutter2_unfold) + apply simp + done -lemma stutter2_cons: "(stutter2 sig$(at\xs)) s = - ((if (fst at)~:actions sig then Def (s=snd at) else TT) - andalso (stutter2 sig$xs) (snd at))" -apply (rule trans) -apply (subst stutter2_unfold) -apply (simp add: Consq_def flift1_def If_and_if) -apply simp -done - +lemma stutter2_cons: + "(stutter2 sig $ (at \ xs)) s = + ((if fst at \ actions sig then Def (s = snd at) else TT) + andalso (stutter2 sig $ xs) (snd at))" + apply (rule trans) + apply (subst stutter2_unfold) + apply (simp add: Consq_def flift1_def If_and_if) + apply simp + done declare stutter2_UU [simp] stutter2_nil [simp] stutter2_cons [simp] -(* ---------------------------------------------------------------- *) -(* stutter *) -(* ---------------------------------------------------------------- *) +subsection \\stutter\\ lemma stutter_UU: "stutter sig (s, UU)" -apply (simp add: stutter_def) -done + by (simp add: stutter_def) lemma stutter_nil: "stutter sig (s, nil)" -apply (simp add: stutter_def) -done + by (simp add: stutter_def) -lemma stutter_cons: "stutter sig (s, (a,t)\ex) = - ((a~:actions sig --> (s=t)) & stutter sig (t,ex))" -apply (simp add: stutter_def) -done - -(* ----------------------------------------------------------------------------------- *) +lemma stutter_cons: + "stutter sig (s, (a, t) \ ex) \ (a \ actions sig \ (s = t)) \ stutter sig (t, ex)" + by (simp add: stutter_def) declare stutter2_UU [simp del] stutter2_nil [simp del] stutter2_cons [simp del] @@ -200,104 +167,75 @@ declare compoex_simps [simp] - -(* ------------------------------------------------------------------ *) -(* The following lemmata aim for *) -(* COMPOSITIONALITY on EXECUTION Level *) -(* ------------------------------------------------------------------ *) - - -(* --------------------------------------------------------------------- *) -(* Lemma_1_1a : is_ex_fr propagates from A\B to Projections A and B *) -(* --------------------------------------------------------------------- *) +section \Compositionality on execution level\ -lemma lemma_1_1a: "!s. is_exec_frag (A\B) (s,xs) - --> is_exec_frag A (fst s, Filter_ex2 (asig_of A)$(ProjA2$xs)) & - is_exec_frag B (snd s, Filter_ex2 (asig_of B)$(ProjB2$xs))" - -apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) -(* main case *) -apply (auto simp add: trans_of_defs2) -done - - -(* --------------------------------------------------------------------- *) -(* Lemma_1_1b : is_ex_fr (A\B) implies stuttering on Projections *) -(* --------------------------------------------------------------------- *) +lemma lemma_1_1a: + \ \\is_ex_fr\ propagates from \A \ B\ to projections \A\ and \B\\ + "\s. is_exec_frag (A \ B) (s, xs) \ + is_exec_frag A (fst s, Filter_ex2 (asig_of A) $ (ProjA2 $ xs)) \ + is_exec_frag B (snd s, Filter_ex2 (asig_of B) $ (ProjB2 $ xs))" + apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) + text \main case\ + apply (auto simp add: trans_of_defs2) + done -lemma lemma_1_1b: "!s. is_exec_frag (A\B) (s,xs) - --> stutter (asig_of A) (fst s,ProjA2$xs) & - stutter (asig_of B) (snd s,ProjB2$xs)" - -apply (tactic \pair_induct_tac @{context} "xs" - [@{thm stutter_def}, @{thm is_exec_frag_def}] 1\) -(* main case *) -apply (auto simp add: trans_of_defs2) -done - - -(* --------------------------------------------------------------------- *) -(* Lemma_1_1c : Executions of A\B have only A- or B-actions *) -(* --------------------------------------------------------------------- *) +lemma lemma_1_1b: + \ \\is_ex_fr (A \ B)\ implies stuttering on projections\ + "\s. is_exec_frag (A \ B) (s, xs) \ + stutter (asig_of A) (fst s, ProjA2 $ xs) \ + stutter (asig_of B) (snd s, ProjB2 $ xs)" + apply (tactic \pair_induct_tac @{context} "xs" @{thms stutter_def is_exec_frag_def} 1\) + text \main case\ + apply (auto simp add: trans_of_defs2) + done -lemma lemma_1_1c: "!s. (is_exec_frag (A\B) (s,xs) - --> Forall (%x. fst x:act (A\B)) xs)" - -apply (tactic \pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, - @{thm is_exec_frag_def}] 1\) -(* main case *) -apply auto -apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) -done - - -(* ----------------------------------------------------------------------- *) -(* Lemma_1_2 : ex A, exB, stuttering and forall a:A|B implies ex (A\B) *) -(* ----------------------------------------------------------------------- *) +lemma lemma_1_1c: + \ \Executions of \A \ B\ have only \A\- or \B\-actions\ + "\s. is_exec_frag (A \ B) (s, xs) \ Forall (\x. fst x \ act (A \ B)) xs" + apply (tactic \pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, + @{thm is_exec_frag_def}] 1\) + text \main case\ + apply auto + apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) + done lemma lemma_1_2: -"!s. is_exec_frag A (fst s,Filter_ex2 (asig_of A)$(ProjA2$xs)) & - is_exec_frag B (snd s,Filter_ex2 (asig_of B)$(ProjB2$xs)) & - stutter (asig_of A) (fst s,(ProjA2$xs)) & - stutter (asig_of B) (snd s,(ProjB2$xs)) & - Forall (%x. fst x:act (A\B)) xs - --> is_exec_frag (A\B) (s,xs)" - -apply (tactic \pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, - @{thm is_exec_frag_def}, @{thm stutter_def}] 1\) -apply (auto simp add: trans_of_defs1 actions_asig_comp asig_of_par) -done - - -subsection \COMPOSITIONALITY on EXECUTION Level -- Main Theorem\ - -lemma compositionality_ex: -"(ex:executions(A\B)) = - (Filter_ex (asig_of A) (ProjA ex) : executions A & - Filter_ex (asig_of B) (ProjB ex) : executions B & - stutter (asig_of A) (ProjA ex) & stutter (asig_of B) (ProjB ex) & - Forall (%x. fst x:act (A\B)) (snd ex))" + \ \\ex A\, \exB\, stuttering and forall \a \ A \ B\ implies \ex (A \ B)\\ + "\s. + is_exec_frag A (fst s, Filter_ex2 (asig_of A) $ (ProjA2 $ xs)) \ + is_exec_frag B (snd s, Filter_ex2 (asig_of B) $ (ProjB2 $ xs)) \ + stutter (asig_of A) (fst s, ProjA2 $ xs) \ + stutter (asig_of B) (snd s, ProjB2 $ xs) \ + Forall (\x. fst x \ act (A \ B)) xs \ + is_exec_frag (A \ B) (s, xs)" + apply (tactic \pair_induct_tac @{context} "xs" + @{thms Forall_def sforall_def is_exec_frag_def stutter_def} 1\) + apply (auto simp add: trans_of_defs1 actions_asig_comp asig_of_par) + done -apply (simp (no_asm) add: executions_def ProjB_def Filter_ex_def ProjA_def starts_of_par) -apply (tactic \pair_tac @{context} "ex" 1\) -apply (rule iffI) -(* ==> *) -apply (erule conjE)+ -apply (simp add: lemma_1_1a lemma_1_1b lemma_1_1c) -(* <== *) -apply (erule conjE)+ -apply (simp add: lemma_1_2) -done +theorem compositionality_ex: + "ex \ executions (A \ B) \ + Filter_ex (asig_of A) (ProjA ex) : executions A \ + Filter_ex (asig_of B) (ProjB ex) : executions B \ + stutter (asig_of A) (ProjA ex) \ + stutter (asig_of B) (ProjB ex) \ + Forall (\x. fst x \ act (A \ B)) (snd ex)" + apply (simp add: executions_def ProjB_def Filter_ex_def ProjA_def starts_of_par) + apply (tactic \pair_tac @{context} "ex" 1\) + apply (rule iffI) + text \\\\\ + apply (erule conjE)+ + apply (simp add: lemma_1_1a lemma_1_1b lemma_1_1c) + text \\\\\ + apply (erule conjE)+ + apply (simp add: lemma_1_2) + done - -subsection \COMPOSITIONALITY on EXECUTION Level -- for Modules\ - -lemma compositionality_ex_modules: - "Execs (A\B) = par_execs (Execs A) (Execs B)" -apply (unfold Execs_def par_execs_def) -apply (simp add: asig_of_par) -apply (rule set_eqI) -apply (simp add: compositionality_ex actions_of_par) -done +theorem compositionality_ex_modules: "Execs (A \ B) = par_execs (Execs A) (Execs B)" + apply (unfold Execs_def par_execs_def) + apply (simp add: asig_of_par) + apply (rule set_eqI) + apply (simp add: compositionality_ex actions_of_par) + done end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/CompoScheds.thy --- a/src/HOL/HOLCF/IOA/CompoScheds.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/CompoScheds.thy Mon Jan 11 00:04:23 2016 +0100 @@ -8,180 +8,173 @@ imports CompoExecs begin -definition - mkex2 :: "('a,'s)ioa => ('a,'t)ioa => 'a Seq -> - ('a,'s)pairs -> ('a,'t)pairs -> - ('s => 't => ('a,'s*'t)pairs)" where - "mkex2 A B = (fix$(LAM h sch exA exB. (%s t. case sch of - nil => nil - | x##xs => - (case x of - UU => UU - | Def y => - (if y:act A then - (if y:act B then - (case HD$exA of - UU => UU - | Def a => (case HD$exB of - UU => UU - | Def b => - (y,(snd a,snd b))\ - (h$xs$(TL$exA)$(TL$exB)) (snd a) (snd b))) - else - (case HD$exA of - UU => UU - | Def a => - (y,(snd a,t))\(h$xs$(TL$exA)$exB) (snd a) t) - ) - else - (if y:act B then - (case HD$exB of - UU => UU - | Def b => - (y,(s,snd b))\(h$xs$exA$(TL$exB)) s (snd b)) - else - UU - ) - ) - ))))" +definition mkex2 :: "('a, 's) ioa \ ('a, 't) ioa \ 'a Seq \ + ('a, 's) pairs \ ('a, 't) pairs \ ('s \ 't \ ('a, 's \ 't) pairs)" + where "mkex2 A B = + (fix $ + (LAM h sch exA exB. + (\s t. + case sch of + nil \ nil + | x ## xs \ + (case x of + UU \ UU + | Def y \ + (if y \ act A then + (if y \ act B then + (case HD $ exA of + UU \ UU + | Def a \ + (case HD $ exB of + UU \ UU + | Def b \ + (y, (snd a, snd b)) \ + (h $ xs $ (TL $ exA) $ (TL $ exB)) (snd a) (snd b))) + else + (case HD $ exA of + UU \ UU + | Def a \ (y, (snd a, t)) \ (h $ xs $ (TL $ exA) $ exB) (snd a) t)) + else + (if y \ act B then + (case HD $ exB of + UU \ UU + | Def b \ (y, (s, snd b)) \ (h $ xs $ exA $ (TL $ exB)) s (snd b)) + else UU))))))" -definition - mkex :: "('a,'s)ioa => ('a,'t)ioa => 'a Seq => - ('a,'s)execution => ('a,'t)execution =>('a,'s*'t)execution" where - "mkex A B sch exA exB = - ((fst exA,fst exB), - (mkex2 A B$sch$(snd exA)$(snd exB)) (fst exA) (fst exB))" +definition mkex :: "('a, 's) ioa \ ('a, 't) ioa \ 'a Seq \ + ('a, 's) execution \ ('a, 't) execution \ ('a, 's \ 't) execution" + where "mkex A B sch exA exB = + ((fst exA, fst exB), (mkex2 A B $ sch $ (snd exA) $ (snd exB)) (fst exA) (fst exB))" -definition - par_scheds ::"['a schedule_module,'a schedule_module] => 'a schedule_module" where - "par_scheds SchedsA SchedsB = - (let schA = fst SchedsA; sigA = snd SchedsA; - schB = fst SchedsB; sigB = snd SchedsB - in - ( {sch. Filter (%a. a:actions sigA)$sch : schA} - Int {sch. Filter (%a. a:actions sigB)$sch : schB} - Int {sch. Forall (%x. x:(actions sigA Un actions sigB)) sch}, +definition par_scheds :: "'a schedule_module \ 'a schedule_module \ 'a schedule_module" + where "par_scheds SchedsA SchedsB = + (let + schA = fst SchedsA; sigA = snd SchedsA; + schB = fst SchedsB; sigB = snd SchedsB + in + ({sch. Filter (%a. a:actions sigA)$sch : schA} \ + {sch. Filter (%a. a:actions sigB)$sch : schB} \ + {sch. Forall (%x. x:(actions sigA Un actions sigB)) sch}, asig_comp sigA sigB))" -subsection "mkex rewrite rules" - +subsection \\mkex\ rewrite rules\ lemma mkex2_unfold: -"mkex2 A B = (LAM sch exA exB. (%s t. case sch of - nil => nil - | x##xs => - (case x of - UU => UU - | Def y => - (if y:act A then - (if y:act B then - (case HD$exA of - UU => UU - | Def a => (case HD$exB of - UU => UU - | Def b => - (y,(snd a,snd b))\ - (mkex2 A B$xs$(TL$exA)$(TL$exB)) (snd a) (snd b))) - else - (case HD$exA of - UU => UU - | Def a => - (y,(snd a,t))\(mkex2 A B$xs$(TL$exA)$exB) (snd a) t) - ) - else - (if y:act B then - (case HD$exB of - UU => UU - | Def b => - (y,(s,snd b))\(mkex2 A B$xs$exA$(TL$exB)) s (snd b)) - else - UU - ) - ) - )))" -apply (rule trans) -apply (rule fix_eq2) -apply (simp only: mkex2_def) -apply (rule beta_cfun) -apply simp -done + "mkex2 A B = + (LAM sch exA exB. + (\s t. + case sch of + nil \ nil + | x ## xs \ + (case x of + UU \ UU + | Def y \ + (if y \ act A then + (if y \ act B then + (case HD $ exA of + UU \ UU + | Def a \ + (case HD $ exB of + UU \ UU + | Def b \ + (y, (snd a, snd b)) \ + (mkex2 A B $ xs $ (TL $ exA) $ (TL $ exB)) (snd a) (snd b))) + else + (case HD $ exA of + UU \ UU + | Def a \ (y, (snd a, t)) \ (mkex2 A B $ xs $ (TL $ exA) $ exB) (snd a) t)) + else + (if y \ act B then + (case HD $ exB of + UU \ UU + | Def b \ (y, (s, snd b)) \ (mkex2 A B $ xs $ exA $ (TL $ exB)) s (snd b)) + else UU)))))" + apply (rule trans) + apply (rule fix_eq2) + apply (simp only: mkex2_def) + apply (rule beta_cfun) + apply simp + done -lemma mkex2_UU: "(mkex2 A B$UU$exA$exB) s t = UU" -apply (subst mkex2_unfold) -apply simp -done +lemma mkex2_UU: "(mkex2 A B $ UU $ exA $ exB) s t = UU" + apply (subst mkex2_unfold) + apply simp + done + +lemma mkex2_nil: "(mkex2 A B $ nil $ exA $ exB) s t = nil" + apply (subst mkex2_unfold) + apply simp + done -lemma mkex2_nil: "(mkex2 A B$nil$exA$exB) s t= nil" -apply (subst mkex2_unfold) -apply simp -done - -lemma mkex2_cons_1: "[| x:act A; x~:act B; HD$exA=Def a|] - ==> (mkex2 A B$(x\sch)$exA$exB) s t = - (x,snd a,t) \ (mkex2 A B$sch$(TL$exA)$exB) (snd a) t" -apply (rule trans) -apply (subst mkex2_unfold) -apply (simp add: Consq_def If_and_if) -apply (simp add: Consq_def) -done +lemma mkex2_cons_1: + "x \ act A \ x \ act B \ HD $ exA = Def a \ + (mkex2 A B $ (x \ sch) $ exA $ exB) s t = + (x, snd a,t) \ (mkex2 A B $ sch $ (TL $ exA) $ exB) (snd a) t" + apply (rule trans) + apply (subst mkex2_unfold) + apply (simp add: Consq_def If_and_if) + apply (simp add: Consq_def) + done -lemma mkex2_cons_2: "[| x~:act A; x:act B; HD$exB=Def b|] - ==> (mkex2 A B$(x\sch)$exA$exB) s t = - (x,s,snd b) \ (mkex2 A B$sch$exA$(TL$exB)) s (snd b)" -apply (rule trans) -apply (subst mkex2_unfold) -apply (simp add: Consq_def If_and_if) -apply (simp add: Consq_def) -done +lemma mkex2_cons_2: + "x \ act A \ x \ act B \ HD $ exB = Def b \ + (mkex2 A B $ (x \ sch) $ exA $ exB) s t = + (x, s, snd b) \ (mkex2 A B $ sch $ exA $ (TL $ exB)) s (snd b)" + apply (rule trans) + apply (subst mkex2_unfold) + apply (simp add: Consq_def If_and_if) + apply (simp add: Consq_def) + done -lemma mkex2_cons_3: "[| x:act A; x:act B; HD$exA=Def a;HD$exB=Def b|] - ==> (mkex2 A B$(x\sch)$exA$exB) s t = - (x,snd a,snd b) \ - (mkex2 A B$sch$(TL$exA)$(TL$exB)) (snd a) (snd b)" -apply (rule trans) -apply (subst mkex2_unfold) -apply (simp add: Consq_def If_and_if) -apply (simp add: Consq_def) -done +lemma mkex2_cons_3: + "x \ act A \ x \ act B \ HD $ exA = Def a \ HD $ exB = Def b \ + (mkex2 A B $ (x \ sch) $ exA $ exB) s t = + (x, snd a,snd b) \ (mkex2 A B $ sch $ (TL $ exA) $ (TL $ exB)) (snd a) (snd b)" + apply (rule trans) + apply (subst mkex2_unfold) + apply (simp add: Consq_def If_and_if) + apply (simp add: Consq_def) + done declare mkex2_UU [simp] mkex2_nil [simp] mkex2_cons_1 [simp] mkex2_cons_2 [simp] mkex2_cons_3 [simp] -subsection \mkex\ +subsection \\mkex\\ lemma mkex_UU: "mkex A B UU (s,exA) (t,exB) = ((s,t),UU)" -apply (simp add: mkex_def) -done + by (simp add: mkex_def) lemma mkex_nil: "mkex A B nil (s,exA) (t,exB) = ((s,t),nil)" -apply (simp add: mkex_def) -done + by (simp add: mkex_def) -lemma mkex_cons_1: "[| x:act A; x~:act B |] - ==> mkex A B (x\sch) (s,a\exA) (t,exB) = - ((s,t), (x,snd a,t) \ snd (mkex A B sch (snd a,exA) (t,exB)))" -apply (simp (no_asm) add: mkex_def) -apply (cut_tac exA = "a\exA" in mkex2_cons_1) -apply auto -done +lemma mkex_cons_1: + "x \ act A \ x \ act B \ + mkex A B (x \ sch) (s, a \ exA) (t, exB) = + ((s, t), (x, snd a, t) \ snd (mkex A B sch (snd a, exA) (t, exB)))" + apply (unfold mkex_def) + apply (cut_tac exA = "a \ exA" in mkex2_cons_1) + apply auto + done -lemma mkex_cons_2: "[| x~:act A; x:act B |] - ==> mkex A B (x\sch) (s,exA) (t,b\exB) = - ((s,t), (x,s,snd b) \ snd (mkex A B sch (s,exA) (snd b,exB)))" -apply (simp (no_asm) add: mkex_def) -apply (cut_tac exB = "b\exB" in mkex2_cons_2) -apply auto -done +lemma mkex_cons_2: + "x \ act A \ x \ act B \ + mkex A B (x \ sch) (s, exA) (t, b \ exB) = + ((s, t), (x, s, snd b) \ snd (mkex A B sch (s, exA) (snd b, exB)))" + apply (unfold mkex_def) + apply (cut_tac exB = "b\exB" in mkex2_cons_2) + apply auto + done -lemma mkex_cons_3: "[| x:act A; x:act B |] - ==> mkex A B (x\sch) (s,a\exA) (t,b\exB) = - ((s,t), (x,snd a,snd b) \ snd (mkex A B sch (snd a,exA) (snd b,exB)))" -apply (simp (no_asm) add: mkex_def) -apply (cut_tac exB = "b\exB" and exA = "a\exA" in mkex2_cons_3) -apply auto -done +lemma mkex_cons_3: + "x \ act A \ x \ act B \ + mkex A B (x \ sch) (s, a \ exA) (t, b \ exB) = + ((s, t), (x, snd a, snd b) \ snd (mkex A B sch (snd a, exA) (snd b, exB)))" + apply (unfold mkex_def) + apply (cut_tac exB = "b\exB" and exA = "a\exA" in mkex2_cons_3) + apply auto + done declare mkex2_UU [simp del] mkex2_nil [simp del] mkex2_cons_1 [simp del] mkex2_cons_2 [simp del] mkex2_cons_3 [simp del] @@ -191,349 +184,322 @@ declare composch_simps [simp] -subsection \COMPOSITIONALITY on SCHEDULE Level\ - -subsubsection "Lemmas for ==>" +subsection \Compositionality on schedule level\ -(* --------------------------------------------------------------------- *) -(* Lemma_2_1 : tfilter(ex) and filter_act are commutative *) -(* --------------------------------------------------------------------- *) +subsubsection \Lemmas for \\\\ lemma lemma_2_1a: - "filter_act$(Filter_ex2 (asig_of A)$xs)= - Filter (%a. a:act A)$(filter_act$xs)" - -apply (unfold filter_act_def Filter_ex2_def) -apply (simp (no_asm) add: MapFilter o_def) -done - - -(* --------------------------------------------------------------------- *) -(* Lemma_2_2 : State-projections do not affect filter_act *) -(* --------------------------------------------------------------------- *) + \ \\tfilter ex\ and \filter_act\ are commutative\ + "filter_act $ (Filter_ex2 (asig_of A) $ xs) = + Filter (\a. a \ act A) $ (filter_act $ xs)" + apply (unfold filter_act_def Filter_ex2_def) + apply (simp add: MapFilter o_def) + done lemma lemma_2_1b: - "filter_act$(ProjA2$xs) =filter_act$xs & - filter_act$(ProjB2$xs) =filter_act$xs" -apply (tactic \pair_induct_tac @{context} "xs" [] 1\) -done + \ \State-projections do not affect \filter_act\\ + "filter_act $ (ProjA2 $ xs) = filter_act $ xs \ + filter_act $ (ProjB2 $ xs) = filter_act $ xs" + by (tactic \pair_induct_tac @{context} "xs" [] 1\) -(* --------------------------------------------------------------------- *) -(* Schedules of A\B have only A- or B-actions *) -(* --------------------------------------------------------------------- *) +text \ + Schedules of \A \ B\ have only \A\- or \B\-actions. -(* very similar to lemma_1_1c, but it is not checking if every action element of - an ex is in A or B, but after projecting it onto the action schedule. Of course, this - is the same proposition, but we cannot change this one, when then rather lemma_1_1c *) + Very similar to \lemma_1_1c\, but it is not checking if every action element + of an \ex\ is in \A\ or \B\, but after projecting it onto the action + schedule. Of course, this is the same proposition, but we cannot change this + one, when then rather \lemma_1_1c\. +\ -lemma sch_actions_in_AorB: "!s. is_exec_frag (A\B) (s,xs) - --> Forall (%x. x:act (A\B)) (filter_act$xs)" - -apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, @{thm Forall_def}, - @{thm sforall_def}] 1\) -(* main case *) -apply auto -apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) -done +lemma sch_actions_in_AorB: + "\s. is_exec_frag (A \ B) (s, xs) \ Forall (\x. x \ act (A \ B)) (filter_act $ xs)" + apply (tactic \pair_induct_tac @{context} "xs" + @{thms is_exec_frag_def Forall_def sforall_def} 1\) + text \main case\ + apply auto + apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) + done -subsubsection "Lemmas for <==" +subsubsection \Lemmas for \\\\ -(*--------------------------------------------------------------------------- - Filtering actions out of mkex(sch,exA,exB) yields the oracle sch - structural induction - --------------------------------------------------------------------------- *) +text \ + Filtering actions out of \mkex (sch, exA, exB)\ yields the oracle \sch\ + structural induction. +\ -lemma Mapfst_mkex_is_sch: "! exA exB s t. - Forall (%x. x:act (A\B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> filter_act$(snd (mkex A B sch (s,exA) (t,exB))) = sch" +lemma Mapfst_mkex_is_sch: + "\exA exB s t. + Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + filter_act $ (snd (mkex A B sch (s, exA) (t, exB))) = sch" + apply (tactic \Seq_induct_tac @{context} "sch" [@{thm Filter_def}, @{thm Forall_def}, + @{thm sforall_def}, @{thm mkex_def}] 1\) -apply (tactic \Seq_induct_tac @{context} "sch" [@{thm Filter_def}, @{thm Forall_def}, - @{thm sforall_def}, @{thm mkex_def}] 1\) - -(* main case *) -(* splitting into 4 cases according to a:A, a:B *) -apply auto + text \main case: splitting into 4 cases according to \a \ A\, \a \ B\\ + apply auto -(* Case y:A, y:B *) -apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) -(* Case exA=UU, Case exA=nil*) -(* These UU and nil cases are the only places where the assumption filter A sch< to generate a contradiction using ~a\ss<< UU(nil), using theorems - Cons_not_less_UU and Cons_not_less_nil *) -apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) -(* Case exA=a\x, exB=b\y *) -(* here it is important that Seq_case_simp_tac uses no !full!_simp_tac for the cons case, - as otherwise mkex_cons_3 would not be rewritten without use of rotate_tac: then tactic - would not be generally applicable *) -apply simp + text \Case \y \ A\, \y \ B\\ + apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) + text \Case \exA = UU\, Case \exA = nil\\ + text \ + These \UU\ and \nil\ cases are the only places where the assumption + \filter A sch \ f_act exA\ is used! + \\\ to generate a contradiction using \\ a \ ss \ UU nil\, + using theorems \Cons_not_less_UU\ and \Cons_not_less_nil\.\ + apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) + text \Case \exA = a \ x\, \exB = b \ y\\ + text \ + Here it is important that \Seq_case_simp_tac\ uses no \!full!_simp_tac\ + for the cons case, as otherwise \mkex_cons_3\ would not be rewritten + without use of \rotate_tac\: then tactic would not be generally + applicable.\ + apply simp -(* Case y:A, y~:B *) -apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) -apply simp + text \Case \y \ A\, \y \ B\\ + apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) + apply simp -(* Case y~:A, y:B *) -apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) -apply simp + text \Case \y \ A\, \y \ B\\ + apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) + apply simp -(* Case y~:A, y~:B *) -apply (simp add: asig_of_par actions_asig_comp) -done + text \Case \y \ A\, \y \ B\\ + apply (simp add: asig_of_par actions_asig_comp) + done -(* generalizing the proof above to a proof method *) - +text \Generalizing the proof above to a proof method:\ ML \ fun mkex_induct_tac ctxt sch exA exB = - EVERY'[Seq_induct_tac ctxt sch @{thms Filter_def Forall_def sforall_def mkex_def stutter_def}, - asm_full_simp_tac ctxt, - SELECT_GOAL - (safe_tac (Context.raw_transfer (Proof_Context.theory_of ctxt) @{theory_context Fun})), - Seq_case_simp_tac ctxt exA, - Seq_case_simp_tac ctxt exB, - asm_full_simp_tac ctxt, - Seq_case_simp_tac ctxt exA, - asm_full_simp_tac ctxt, - Seq_case_simp_tac ctxt exB, - asm_full_simp_tac ctxt, - asm_full_simp_tac (ctxt addsimps @{thms asig_of_par actions_asig_comp}) - ] + EVERY' [ + Seq_induct_tac ctxt sch + @{thms Filter_def Forall_def sforall_def mkex_def stutter_def}, + asm_full_simp_tac ctxt, + SELECT_GOAL + (safe_tac (Context.raw_transfer (Proof_Context.theory_of ctxt) @{theory_context Fun})), + Seq_case_simp_tac ctxt exA, + Seq_case_simp_tac ctxt exB, + asm_full_simp_tac ctxt, + Seq_case_simp_tac ctxt exA, + asm_full_simp_tac ctxt, + Seq_case_simp_tac ctxt exB, + asm_full_simp_tac ctxt, + asm_full_simp_tac (ctxt addsimps @{thms asig_of_par actions_asig_comp})] \ method_setup mkex_induct = \ Scan.lift (Args.name -- Args.name -- Args.name) - >> (fn ((sch, exA), exB) => fn ctxt => SIMPLE_METHOD' (mkex_induct_tac ctxt sch exA exB)) + >> (fn ((sch, exA), exB) => fn ctxt => + SIMPLE_METHOD' (mkex_induct_tac ctxt sch exA exB)) \ -(*--------------------------------------------------------------------------- - Projection of mkex(sch,exA,exB) onto A stutters on A - structural induction - --------------------------------------------------------------------------- *) +text \ + Projection of \mkex (sch, exA, exB)\ onto \A\ stutters on \A\ + structural induction. +\ -lemma stutterA_mkex: "! exA exB s t. - Forall (%x. x:act (A\B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> stutter (asig_of A) (s,ProjA2$(snd (mkex A B sch (s,exA) (t,exB))))" +lemma stutterA_mkex: + "\exA exB s t. + Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + stutter (asig_of A) (s, ProjA2 $ (snd (mkex A B sch (s, exA) (t, exB))))" by (mkex_induct sch exA exB) -lemma stutter_mkex_on_A: "[| - Forall (%x. x:act (A\B)) sch ; - Filter (%a. a:act A)$sch << filter_act$(snd exA) ; - Filter (%a. a:act B)$sch << filter_act$(snd exB) |] - ==> stutter (asig_of A) (ProjA (mkex A B sch exA exB))" - -apply (cut_tac stutterA_mkex) -apply (simp add: stutter_def ProjA_def mkex_def) -apply (erule allE)+ -apply (drule mp) -prefer 2 apply (assumption) -apply simp -done +lemma stutter_mkex_on_A: + "Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ (snd exA) \ + Filter (\a. a \ act B) $ sch \ filter_act $ (snd exB) \ + stutter (asig_of A) (ProjA (mkex A B sch exA exB))" + apply (cut_tac stutterA_mkex) + apply (simp add: stutter_def ProjA_def mkex_def) + apply (erule allE)+ + apply (drule mp) + prefer 2 apply (assumption) + apply simp + done -(*--------------------------------------------------------------------------- - Projection of mkex(sch,exA,exB) onto B stutters on B - structural induction - --------------------------------------------------------------------------- *) +text \ + Projection of \mkex (sch, exA, exB)\ onto \B\ stutters on \B\ + structural induction. +\ -lemma stutterB_mkex: "! exA exB s t. - Forall (%x. x:act (A\B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> stutter (asig_of B) (t,ProjB2$(snd (mkex A B sch (s,exA) (t,exB))))" +lemma stutterB_mkex: + "\exA exB s t. + Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + stutter (asig_of B) (t, ProjB2 $ (snd (mkex A B sch (s, exA) (t, exB))))" by (mkex_induct sch exA exB) -lemma stutter_mkex_on_B: "[| - Forall (%x. x:act (A\B)) sch ; - Filter (%a. a:act A)$sch << filter_act$(snd exA) ; - Filter (%a. a:act B)$sch << filter_act$(snd exB) |] - ==> stutter (asig_of B) (ProjB (mkex A B sch exA exB))" -apply (cut_tac stutterB_mkex) -apply (simp add: stutter_def ProjB_def mkex_def) -apply (erule allE)+ -apply (drule mp) -prefer 2 apply (assumption) -apply simp -done +lemma stutter_mkex_on_B: + "Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ (snd exA) \ + Filter (\a. a \ act B) $ sch \ filter_act $ (snd exB) \ + stutter (asig_of B) (ProjB (mkex A B sch exA exB))" + apply (cut_tac stutterB_mkex) + apply (simp add: stutter_def ProjB_def mkex_def) + apply (erule allE)+ + apply (drule mp) + prefer 2 apply (assumption) + apply simp + done -(*--------------------------------------------------------------------------- - Filter of mkex(sch,exA,exB) to A after projection onto A is exA - -- using zip$(proj1$exA)$(proj2$exA) instead of exA -- - -- because of admissibility problems -- - structural induction - --------------------------------------------------------------------------- *) +text \ + Filter of \mkex (sch, exA, exB)\ to \A\ after projection onto \A\ is \exA\, + using \zip $ (proj1 $ exA) $ (proj2 $ exA)\ instead of \exA\, + because of admissibility problems structural induction. +\ -lemma filter_mkex_is_exA_tmp: "! exA exB s t. - Forall (%x. x:act (A\B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> Filter_ex2 (asig_of A)$(ProjA2$(snd (mkex A B sch (s,exA) (t,exB)))) = - Zip$(Filter (%a. a:act A)$sch)$(Map snd$exA)" +lemma filter_mkex_is_exA_tmp: + "\exA exB s t. + Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + Filter_ex2 (asig_of A) $ (ProjA2 $ (snd (mkex A B sch (s, exA) (t, exB)))) = + Zip $ (Filter (\a. a \ act A) $ sch) $ (Map snd $ exA)" by (mkex_induct sch exB exA) -(*--------------------------------------------------------------------------- - zip$(proj1$y)$(proj2$y) = y (using the lift operations) - lemma for admissibility problems - --------------------------------------------------------------------------- *) +text \ + \zip $ (proj1 $ y) $ (proj2 $ y) = y\ (using the lift operations) + lemma for admissibility problems +\ -lemma Zip_Map_fst_snd: "Zip$(Map fst$y)$(Map snd$y) = y" -apply (tactic \Seq_induct_tac @{context} "y" [] 1\) -done +lemma Zip_Map_fst_snd: "Zip $ (Map fst $ y) $ (Map snd $ y) = y" + by (tactic \Seq_induct_tac @{context} "y" [] 1\) -(*--------------------------------------------------------------------------- - filter A$sch = proj1$ex --> zip$(filter A$sch)$(proj2$ex) = ex - lemma for eliminating non admissible equations in assumptions - --------------------------------------------------------------------------- *) +text \ + \filter A $ sch = proj1 $ ex \ zip $ (filter A $ sch) $ (proj2 $ ex) = ex\ + lemma for eliminating non admissible equations in assumptions +\ + +lemma trick_against_eq_in_ass: + "Filter (\a. a \ act AB) $ sch = filter_act $ ex \ + ex = Zip $ (Filter (\a. a \ act AB) $ sch) $ (Map snd $ ex)" + apply (simp add: filter_act_def) + apply (rule Zip_Map_fst_snd [symmetric]) + done + +text \ + Filter of \mkex (sch, exA, exB)\ to \A\ after projection onto \A\ is \exA\ + using the above trick. +\ -lemma trick_against_eq_in_ass: "!! sch ex. - Filter (%a. a:act AB)$sch = filter_act$ex - ==> ex = Zip$(Filter (%a. a:act AB)$sch)$(Map snd$ex)" -apply (simp add: filter_act_def) -apply (rule Zip_Map_fst_snd [symmetric]) -done +lemma filter_mkex_is_exA: + "Forall (\a. a \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch = filter_act $ (snd exA) \ + Filter (\a. a \ act B) $ sch = filter_act $ (snd exB) \ + Filter_ex (asig_of A) (ProjA (mkex A B sch exA exB)) = exA" + apply (simp add: ProjA_def Filter_ex_def) + apply (tactic \pair_tac @{context} "exA" 1\) + apply (tactic \pair_tac @{context} "exB" 1\) + apply (rule conjI) + apply (simp (no_asm) add: mkex_def) + apply (simplesubst trick_against_eq_in_ass) + back + apply assumption + apply (simp add: filter_mkex_is_exA_tmp) + done -(*--------------------------------------------------------------------------- - Filter of mkex(sch,exA,exB) to A after projection onto A is exA - using the above trick - --------------------------------------------------------------------------- *) - +text \ + Filter of \mkex (sch, exA, exB)\ to \B\ after projection onto \B\ is \exB\ + using \zip $ (proj1 $ exB) $ (proj2 $ exB)\ instead of \exB\ + because of admissibility problems structural induction. +\ -lemma filter_mkex_is_exA: "!!sch exA exB. - [| Forall (%a. a:act (A\B)) sch ; - Filter (%a. a:act A)$sch = filter_act$(snd exA) ; - Filter (%a. a:act B)$sch = filter_act$(snd exB) |] - ==> Filter_ex (asig_of A) (ProjA (mkex A B sch exA exB)) = exA" -apply (simp add: ProjA_def Filter_ex_def) -apply (tactic \pair_tac @{context} "exA" 1\) -apply (tactic \pair_tac @{context} "exB" 1\) -apply (rule conjI) -apply (simp (no_asm) add: mkex_def) -apply (simplesubst trick_against_eq_in_ass) -back -apply assumption -apply (simp add: filter_mkex_is_exA_tmp) -done +lemma filter_mkex_is_exB_tmp: + "\exA exB s t. + Forall (\x. x \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + Filter_ex2 (asig_of B) $ (ProjB2 $ (snd (mkex A B sch (s, exA) (t, exB)))) = + Zip $ (Filter (\a. a \ act B) $ sch) $ (Map snd $ exB)" + (*notice necessary change of arguments exA and exB*) + by (mkex_induct sch exA exB) + +text \ + Filter of \mkex (sch, exA, exB)\ to \A\ after projection onto \B\ is \exB\ + using the above trick. +\ - -(*--------------------------------------------------------------------------- - Filter of mkex(sch,exA,exB) to B after projection onto B is exB - -- using zip$(proj1$exB)$(proj2$exB) instead of exB -- - -- because of admissibility problems -- - structural induction - --------------------------------------------------------------------------- *) +lemma filter_mkex_is_exB: + "Forall (\a. a \ act (A \ B)) sch \ + Filter (\a. a \ act A) $ sch = filter_act $ (snd exA) \ + Filter (\a. a \ act B) $ sch = filter_act $ (snd exB) \ + Filter_ex (asig_of B) (ProjB (mkex A B sch exA exB)) = exB" + apply (simp add: ProjB_def Filter_ex_def) + apply (tactic \pair_tac @{context} "exA" 1\) + apply (tactic \pair_tac @{context} "exB" 1\) + apply (rule conjI) + apply (simp (no_asm) add: mkex_def) + apply (simplesubst trick_against_eq_in_ass) + back + apply assumption + apply (simp add: filter_mkex_is_exB_tmp) + done -lemma filter_mkex_is_exB_tmp: "! exA exB s t. - Forall (%x. x:act (A\B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> Filter_ex2 (asig_of B)$(ProjB2$(snd (mkex A B sch (s,exA) (t,exB)))) = - Zip$(Filter (%a. a:act B)$sch)$(Map snd$exB)" - -(* notice necessary change of arguments exA and exB *) +lemma mkex_actions_in_AorB: + \ \\mkex\ has only \A\- or \B\-actions\ + "\s t exA exB. + Forall (\x. x \ act (A \ B)) sch & + Filter (\a. a \ act A) $ sch \ filter_act $ exA \ + Filter (\a. a \ act B) $ sch \ filter_act $ exB \ + Forall (\x. fst x \ act (A \ B)) (snd (mkex A B sch (s, exA) (t, exB)))" by (mkex_induct sch exA exB) -(*--------------------------------------------------------------------------- - Filter of mkex(sch,exA,exB) to A after projection onto B is exB - using the above trick - --------------------------------------------------------------------------- *) - - -lemma filter_mkex_is_exB: "!!sch exA exB. - [| Forall (%a. a:act (A\B)) sch ; - Filter (%a. a:act A)$sch = filter_act$(snd exA) ; - Filter (%a. a:act B)$sch = filter_act$(snd exB) |] - ==> Filter_ex (asig_of B) (ProjB (mkex A B sch exA exB)) = exB" -apply (simp add: ProjB_def Filter_ex_def) -apply (tactic \pair_tac @{context} "exA" 1\) -apply (tactic \pair_tac @{context} "exB" 1\) -apply (rule conjI) -apply (simp (no_asm) add: mkex_def) -apply (simplesubst trick_against_eq_in_ass) -back -apply assumption -apply (simp add: filter_mkex_is_exB_tmp) -done - -(* --------------------------------------------------------------------- *) -(* mkex has only A- or B-actions *) -(* --------------------------------------------------------------------- *) - - -lemma mkex_actions_in_AorB: "!s t exA exB. - Forall (%x. x : act (A \ B)) sch & - Filter (%a. a:act A)$sch << filter_act$exA & - Filter (%a. a:act B)$sch << filter_act$exB - --> Forall (%x. fst x : act (A \B)) - (snd (mkex A B sch (s,exA) (t,exB)))" - by (mkex_induct sch exA exB) - - -(* ------------------------------------------------------------------ *) -(* COMPOSITIONALITY on SCHEDULE Level *) -(* Main Theorem *) -(* ------------------------------------------------------------------ *) +theorem compositionality_sch: + "sch \ schedules (A \ B) \ + Filter (\a. a \ act A) $ sch \ schedules A \ + Filter (\a. a \ act B) $ sch \ schedules B \ + Forall (\x. x \ act (A \ B)) sch" + apply (simp add: schedules_def has_schedule_def) + apply auto + text \\\\\ + apply (rule_tac x = "Filter_ex (asig_of A) (ProjA ex)" in bexI) + prefer 2 + apply (simp add: compositionality_ex) + apply (simp (no_asm) add: Filter_ex_def ProjA_def lemma_2_1a lemma_2_1b) + apply (rule_tac x = "Filter_ex (asig_of B) (ProjB ex)" in bexI) + prefer 2 + apply (simp add: compositionality_ex) + apply (simp (no_asm) add: Filter_ex_def ProjB_def lemma_2_1a lemma_2_1b) + apply (simp add: executions_def) + apply (tactic \pair_tac @{context} "ex" 1\) + apply (erule conjE) + apply (simp add: sch_actions_in_AorB) + text \\\\\ + text \\mkex\ is exactly the construction of \exA\B\ out of \exA\, \exB\, + and the oracle \sch\, we need here\ + apply (rename_tac exA exB) + apply (rule_tac x = "mkex A B sch exA exB" in bexI) + text \\mkex\ actions are just the oracle\ + apply (tactic \pair_tac @{context} "exA" 1\) + apply (tactic \pair_tac @{context} "exB" 1\) + apply (simp add: Mapfst_mkex_is_sch) + text \\mkex\ is an execution -- use compositionality on ex-level\ + apply (simp add: compositionality_ex) + apply (simp add: stutter_mkex_on_A stutter_mkex_on_B filter_mkex_is_exB filter_mkex_is_exA) + apply (tactic \pair_tac @{context} "exA" 1\) + apply (tactic \pair_tac @{context} "exB" 1\) + apply (simp add: mkex_actions_in_AorB) + done -lemma compositionality_sch: -"(sch : schedules (A\B)) = - (Filter (%a. a:act A)$sch : schedules A & - Filter (%a. a:act B)$sch : schedules B & - Forall (%x. x:act (A\B)) sch)" -apply (simp add: schedules_def has_schedule_def) -apply auto -(* ==> *) -apply (rule_tac x = "Filter_ex (asig_of A) (ProjA ex) " in bexI) -prefer 2 -apply (simp add: compositionality_ex) -apply (simp (no_asm) add: Filter_ex_def ProjA_def lemma_2_1a lemma_2_1b) -apply (rule_tac x = "Filter_ex (asig_of B) (ProjB ex) " in bexI) -prefer 2 -apply (simp add: compositionality_ex) -apply (simp (no_asm) add: Filter_ex_def ProjB_def lemma_2_1a lemma_2_1b) -apply (simp add: executions_def) -apply (tactic \pair_tac @{context} "ex" 1\) -apply (erule conjE) -apply (simp add: sch_actions_in_AorB) - -(* <== *) - -(* mkex is exactly the construction of exA\B out of exA, exB, and the oracle sch, - we need here *) -apply (rename_tac exA exB) -apply (rule_tac x = "mkex A B sch exA exB" in bexI) -(* mkex actions are just the oracle *) -apply (tactic \pair_tac @{context} "exA" 1\) -apply (tactic \pair_tac @{context} "exB" 1\) -apply (simp add: Mapfst_mkex_is_sch) - -(* mkex is an execution -- use compositionality on ex-level *) -apply (simp add: compositionality_ex) -apply (simp add: stutter_mkex_on_A stutter_mkex_on_B filter_mkex_is_exB filter_mkex_is_exA) -apply (tactic \pair_tac @{context} "exA" 1\) -apply (tactic \pair_tac @{context} "exB" 1\) -apply (simp add: mkex_actions_in_AorB) -done - - -subsection \COMPOSITIONALITY on SCHEDULE Level -- for Modules\ - -lemma compositionality_sch_modules: - "Scheds (A\B) = par_scheds (Scheds A) (Scheds B)" - -apply (unfold Scheds_def par_scheds_def) -apply (simp add: asig_of_par) -apply (rule set_eqI) -apply (simp add: compositionality_sch actions_of_par) -done - +theorem compositionality_sch_modules: + "Scheds (A \ B) = par_scheds (Scheds A) (Scheds B)" + apply (unfold Scheds_def par_scheds_def) + apply (simp add: asig_of_par) + apply (rule set_eqI) + apply (simp add: compositionality_sch actions_of_par) + done declare compoex_simps [simp del] declare composch_simps [simp del] diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/NTP/Impl.thy --- a/src/HOL/HOLCF/IOA/NTP/Impl.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Impl.thy Mon Jan 11 00:04:23 2016 +0100 @@ -18,9 +18,9 @@ impl_def: "impl_ioa == (sender_ioa \ receiver_ioa \ srch_ioa \ rsch_ioa)" definition sen :: "'m impl_state => 'm sender_state" where "sen = fst" -definition rec :: "'m impl_state => 'm receiver_state" where "rec = fst o snd" -definition srch :: "'m impl_state => 'm packet multiset" where "srch = fst o snd o snd" -definition rsch :: "'m impl_state => bool multiset" where "rsch = snd o snd o snd" +definition rec :: "'m impl_state => 'm receiver_state" where "rec = fst \ snd" +definition srch :: "'m impl_state => 'm packet multiset" where "srch = fst \ snd \ snd" +definition rsch :: "'m impl_state => bool multiset" where "rsch = snd \ snd \ snd" definition hdr_sum :: "'m packet multiset => bool => nat" where diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/NTP/Receiver.thy --- a/src/HOL/HOLCF/IOA/NTP/Receiver.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Receiver.thy Mon Jan 11 00:04:23 2016 +0100 @@ -15,10 +15,10 @@ (* messages #replies #received header mode *) definition rq :: "'m receiver_state => 'm list" where "rq == fst" -definition rsent :: "'m receiver_state => bool multiset" where "rsent == fst o snd" -definition rrcvd :: "'m receiver_state => 'm packet multiset" where "rrcvd == fst o snd o snd" -definition rbit :: "'m receiver_state => bool" where "rbit == fst o snd o snd o snd" -definition rsending :: "'m receiver_state => bool" where "rsending == snd o snd o snd o snd" +definition rsent :: "'m receiver_state => bool multiset" where "rsent == fst \ snd" +definition rrcvd :: "'m receiver_state => 'm packet multiset" where "rrcvd == fst \ snd \ snd" +definition rbit :: "'m receiver_state => bool" where "rbit == fst \ snd \ snd \ snd" +definition rsending :: "'m receiver_state => bool" where "rsending == snd \ snd \ snd \ snd" definition receiver_asig :: "'m action signature" where diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/NTP/Sender.thy --- a/src/HOL/HOLCF/IOA/NTP/Sender.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Sender.thy Mon Jan 11 00:04:23 2016 +0100 @@ -13,10 +13,10 @@ (* messages #sent #received header mode *) definition sq :: "'m sender_state => 'm list" where "sq = fst" -definition ssent :: "'m sender_state => bool multiset" where "ssent = fst o snd" -definition srcvd :: "'m sender_state => bool multiset" where "srcvd = fst o snd o snd" -definition sbit :: "'m sender_state => bool" where "sbit = fst o snd o snd o snd" -definition ssending :: "'m sender_state => bool" where "ssending = snd o snd o snd o snd" +definition ssent :: "'m sender_state => bool multiset" where "ssent = fst \ snd" +definition srcvd :: "'m sender_state => bool multiset" where "srcvd = fst \ snd \ snd" +definition sbit :: "'m sender_state => bool" where "sbit = fst \ snd \ snd \ snd" +definition ssending :: "'m sender_state => bool" where "ssending = snd \ snd \ snd \ snd" definition sender_asig :: "'m action signature" where diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Pred.thy --- a/src/HOL/HOLCF/IOA/Pred.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Pred.thy Mon Jan 11 00:04:23 2016 +0100 @@ -12,14 +12,14 @@ type_synonym 'a predicate = "'a \ bool" -definition satisfies :: "'a \ 'a predicate \ bool" ("_ \ _" [100,9] 8) +definition satisfies :: "'a \ 'a predicate \ bool" ("_ \ _" [100, 9] 8) where "(s \ P) \ P s" definition valid :: "'a predicate \ bool" (* ("|-") *) where "valid P \ (\s. (s \ P))" definition NOT :: "'a predicate \ 'a predicate" ("\<^bold>\ _" [40] 40) - where "NOT P s \ ~ (P s)" + where "NOT P s \ \ P s" definition AND :: "'a predicate \ 'a predicate \ 'a predicate" (infixr "\<^bold>\" 35) where "(P \<^bold>\ Q) s \ P s \ Q s" diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/RefMappings.thy --- a/src/HOL/HOLCF/IOA/RefMappings.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/RefMappings.thy Mon Jan 11 00:04:23 2016 +0100 @@ -10,118 +10,103 @@ default_sort type -definition - move :: "[('a,'s)ioa,('a,'s)pairs,'s,'a,'s] => bool" where - "move ioa ex s a t = - (is_exec_frag ioa (s,ex) & Finite ex & - laststate (s,ex)=t & - mk_trace ioa$ex = (if a:ext(ioa) then a\nil else nil))" - -definition - is_ref_map :: "[('s1=>'s2),('a,'s1)ioa,('a,'s2)ioa] => bool" where - "is_ref_map f C A = - ((!s:starts_of(C). f(s):starts_of(A)) & - (!s t a. reachable C s & - s \a\C\ t - --> (? ex. move A ex (f s) a (f t))))" +definition move :: "('a, 's) ioa \ ('a, 's) pairs \ 's \ 'a \ 's \ bool" + where "move ioa ex s a t \ + is_exec_frag ioa (s, ex) \ Finite ex \ + laststate (s, ex) = t \ + mk_trace ioa $ ex = (if a \ ext ioa then a \ nil else nil)" -definition - is_weak_ref_map :: "[('s1=>'s2),('a,'s1)ioa,('a,'s2)ioa] => bool" where - "is_weak_ref_map f C A = - ((!s:starts_of(C). f(s):starts_of(A)) & - (!s t a. reachable C s & - s \a\C\ t - --> (if a:ext(C) - then (f s) \a\A\ (f t) - else (f s)=(f t))))" +definition is_ref_map :: "('s1 \ 's2) \ ('a, 's1) ioa \ ('a, 's2) ioa \ bool" + where "is_ref_map f C A \ + ((\s \ starts_of C. f s \ starts_of A) \ + (\s t a. reachable C s \ s \a\C\ t \ (\ex. move A ex (f s) a (f t))))" - -subsection "transitions and moves" - - -lemma transition_is_ex: "s \a\A\ t ==> ? ex. move A ex s a t" -apply (rule_tac x = " (a,t) \nil" in exI) -apply (simp add: move_def) -done +definition is_weak_ref_map :: "('s1 \ 's2) \ ('a, 's1) ioa \ ('a, 's2) ioa \ bool" + where "is_weak_ref_map f C A \ + ((\s \ starts_of C. f s \ starts_of A) \ + (\s t a. reachable C s \ s \a\C\ t \ + (if a \ ext C then (f s) \a\A\ (f t) else f s = f t)))" -lemma nothing_is_ex: "(~a:ext A) & s=t ==> ? ex. move A ex s a t" -apply (rule_tac x = "nil" in exI) -apply (simp add: move_def) -done +subsection \Transitions and moves\ +lemma transition_is_ex: "s \a\A\ t \ \ex. move A ex s a t" + apply (rule_tac x = " (a, t) \ nil" in exI) + apply (simp add: move_def) + done + +lemma nothing_is_ex: "a \ ext A \ s = t \ \ex. move A ex s a t" + apply (rule_tac x = "nil" in exI) + apply (simp add: move_def) + done -lemma ei_transitions_are_ex: "(s \a\A\ s') & (s' \a'\A\ s'') & (~a':ext A) - ==> ? ex. move A ex s a s''" -apply (rule_tac x = " (a,s') \ (a',s'') \nil" in exI) -apply (simp add: move_def) -done +lemma ei_transitions_are_ex: + "s \a\A\ s' \ s' \a'\A\ s'' \ a' \ ext A \ \ex. move A ex s a s''" + apply (rule_tac x = " (a,s') \ (a',s'') \nil" in exI) + apply (simp add: move_def) + done + +lemma eii_transitions_are_ex: + "s1 \a1\A\ s2 \ s2 \a2\A\ s3 \ s3 \a3\A\ s4 \ a2 \ ext A \ a3 \ ext A \ + \ex. move A ex s1 a1 s4" + apply (rule_tac x = "(a1, s2) \ (a2, s3) \ (a3, s4) \ nil" in exI) + apply (simp add: move_def) + done -lemma eii_transitions_are_ex: "(s1 \a1\A\ s2) & (s2 \a2\A\ s3) & (s3 \a3\A\ s4) & - (~a2:ext A) & (~a3:ext A) ==> - ? ex. move A ex s1 a1 s4" -apply (rule_tac x = " (a1,s2) \ (a2,s3) \ (a3,s4) \nil" in exI) -apply (simp add: move_def) -done - - -subsection "weak_ref_map and ref_map" +subsection \\weak_ref_map\ and \ref_map\\ -lemma weak_ref_map2ref_map: - "[| ext C = ext A; - is_weak_ref_map f C A |] ==> is_ref_map f C A" -apply (unfold is_weak_ref_map_def is_ref_map_def) -apply auto -apply (case_tac "a:ext A") -apply (auto intro: transition_is_ex nothing_is_ex) -done +lemma weak_ref_map2ref_map: "ext C = ext A \ is_weak_ref_map f C A \ is_ref_map f C A" + apply (unfold is_weak_ref_map_def is_ref_map_def) + apply auto + apply (case_tac "a \ ext A") + apply (auto intro: transition_is_ex nothing_is_ex) + done - -lemma imp_conj_lemma: "(P ==> Q-->R) ==> P&Q --> R" +lemma imp_conj_lemma: "(P \ Q \ R) \ P \ Q \ R" by blast declare split_if [split del] declare if_weak_cong [cong del] -lemma rename_through_pmap: "[| is_weak_ref_map f C A |] - ==> (is_weak_ref_map f (rename C g) (rename A g))" -apply (simp add: is_weak_ref_map_def) -apply (rule conjI) -(* 1: start states *) -apply (simp add: rename_def rename_set_def starts_of_def) -(* 2: reachable transitions *) -apply (rule allI)+ -apply (rule imp_conj_lemma) -apply (simp (no_asm) add: rename_def rename_set_def) -apply (simp add: externals_def asig_inputs_def asig_outputs_def asig_of_def trans_of_def) -apply safe -apply (simplesubst split_if) - apply (rule conjI) - apply (rule impI) - apply (erule disjE) - apply (erule exE) -apply (erule conjE) -(* x is input *) - apply (drule sym) - apply (drule sym) -apply simp -apply hypsubst+ -apply (frule reachable_rename) -apply simp -(* x is output *) - apply (erule exE) -apply (erule conjE) - apply (drule sym) - apply (drule sym) -apply simp -apply hypsubst+ -apply (frule reachable_rename) -apply simp -(* x is internal *) -apply (frule reachable_rename) -apply auto -done +lemma rename_through_pmap: + "is_weak_ref_map f C A \ is_weak_ref_map f (rename C g) (rename A g)" + apply (simp add: is_weak_ref_map_def) + apply (rule conjI) + text \1: start states\ + apply (simp add: rename_def rename_set_def starts_of_def) + text \1: start states\ + apply (rule allI)+ + apply (rule imp_conj_lemma) + apply (simp (no_asm) add: rename_def rename_set_def) + apply (simp add: externals_def asig_inputs_def asig_outputs_def asig_of_def trans_of_def) + apply safe + apply (simplesubst split_if) + apply (rule conjI) + apply (rule impI) + apply (erule disjE) + apply (erule exE) + apply (erule conjE) + text \\x\ is input\ + apply (drule sym) + apply (drule sym) + apply simp + apply hypsubst+ + apply (frule reachable_rename) + apply simp + text \\x\ is output\ + apply (erule exE) + apply (erule conjE) + apply (drule sym) + apply (drule sym) + apply simp + apply hypsubst+ + apply (frule reachable_rename) + apply simp + text \\x\ is internal\ + apply (frule reachable_rename) + apply auto + done declare split_if [split] declare if_weak_cong [cong] diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Seq.thy --- a/src/HOL/HOLCF/IOA/Seq.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Seq.thy Mon Jan 11 00:04:23 2016 +0100 @@ -12,317 +12,273 @@ domain (unsafe) 'a seq = nil ("nil") | cons (HD :: 'a) (lazy TL :: "'a seq") (infixr "##" 65) -(* - sfilter :: "('a -> tr) -> 'a seq -> 'a seq" - smap :: "('a -> 'b) -> 'a seq -> 'b seq" - sforall :: "('a -> tr) => 'a seq => bool" - sforall2 :: "('a -> tr) -> 'a seq -> tr" - slast :: "'a seq -> 'a" - sconc :: "'a seq -> 'a seq -> 'a seq" - sdropwhile :: "('a -> tr) -> 'a seq -> 'a seq" - stakewhile :: "('a -> tr) -> 'a seq -> 'a seq" - szip :: "'a seq -> 'b seq -> ('a*'b) seq" - sflat :: "('a seq) seq -> 'a seq" - - sfinite :: "'a seq set" - Partial :: "'a seq => bool" - Infinite :: "'a seq => bool" - - nproj :: "nat => 'a seq => 'a" - sproj :: "nat => 'a seq => 'a seq" -*) - -inductive - Finite :: "'a seq => bool" - where - sfinite_0: "Finite nil" - | sfinite_n: "[| Finite tr; a~=UU |] ==> Finite (a##tr)" +inductive Finite :: "'a seq \ bool" +where + sfinite_0: "Finite nil" +| sfinite_n: "Finite tr \ a \ UU \ Finite (a ## tr)" declare Finite.intros [simp] -definition - Partial :: "'a seq => bool" +definition Partial :: "'a seq \ bool" + where "Partial x \ seq_finite x \ \ Finite x" + +definition Infinite :: "'a seq \ bool" + where "Infinite x \ \ seq_finite x" + + +subsection \Recursive equations of operators\ + +subsubsection \\smap\\ + +fixrec smap :: "('a \ 'b) \ 'a seq \ 'b seq" where - "Partial x == (seq_finite x) & ~(Finite x)" + smap_nil: "smap $ f $ nil = nil" +| smap_cons: "x \ UU \ smap $ f $ (x ## xs) = (f $ x) ## smap $ f $ xs" + +lemma smap_UU [simp]: "smap $ f $ UU = UU" + by fixrec_simp + + +subsubsection \\sfilter\\ -definition - Infinite :: "'a seq => bool" +fixrec sfilter :: "('a \ tr) \ 'a seq \ 'a seq" where - "Infinite x == ~(seq_finite x)" + sfilter_nil: "sfilter $ P $ nil = nil" +| sfilter_cons: + "x \ UU \ + sfilter $ P $ (x ## xs) = + (If P $ x then x ## (sfilter $ P $ xs) else sfilter $ P $ xs)" + +lemma sfilter_UU [simp]: "sfilter $ P $ UU = UU" + by fixrec_simp + + +subsubsection \\sforall2\\ + +fixrec sforall2 :: "('a \ tr) \ 'a seq \ tr" +where + sforall2_nil: "sforall2 $ P $ nil = TT" +| sforall2_cons: "x \ UU \ sforall2 $ P $ (x ## xs) = ((P $ x) andalso sforall2 $ P $ xs)" + +lemma sforall2_UU [simp]: "sforall2 $ P $ UU = UU" + by fixrec_simp + +definition "sforall P t = (sforall2 $ P $ t \ FF)" -subsection \recursive equations of operators\ - -subsubsection \smap\ - -fixrec - smap :: "('a -> 'b) -> 'a seq -> 'b seq" -where - smap_nil: "smap$f$nil=nil" -| smap_cons: "[|x~=UU|] ==> smap$f$(x##xs)= (f$x)##smap$f$xs" - -lemma smap_UU [simp]: "smap$f$UU=UU" -by fixrec_simp - -subsubsection \sfilter\ - -fixrec - sfilter :: "('a -> tr) -> 'a seq -> 'a seq" -where - sfilter_nil: "sfilter$P$nil=nil" -| sfilter_cons: - "x~=UU ==> sfilter$P$(x##xs)= - (If P$x then x##(sfilter$P$xs) else sfilter$P$xs)" +subsubsection \\stakewhile\\ -lemma sfilter_UU [simp]: "sfilter$P$UU=UU" -by fixrec_simp - -subsubsection \sforall2\ - -fixrec - sforall2 :: "('a -> tr) -> 'a seq -> tr" +fixrec stakewhile :: "('a \ tr) \ 'a seq \ 'a seq" where - sforall2_nil: "sforall2$P$nil=TT" -| sforall2_cons: - "x~=UU ==> sforall2$P$(x##xs)= ((P$x) andalso sforall2$P$xs)" - -lemma sforall2_UU [simp]: "sforall2$P$UU=UU" -by fixrec_simp - -definition - sforall_def: "sforall P t == (sforall2$P$t ~=FF)" - -subsubsection \stakewhile\ - -fixrec - stakewhile :: "('a -> tr) -> 'a seq -> 'a seq" -where - stakewhile_nil: "stakewhile$P$nil=nil" + stakewhile_nil: "stakewhile $ P $ nil = nil" | stakewhile_cons: - "x~=UU ==> stakewhile$P$(x##xs) = - (If P$x then x##(stakewhile$P$xs) else nil)" + "x \ UU \ stakewhile $ P $ (x ## xs) = (If P $ x then x ## (stakewhile $ P $ xs) else nil)" + +lemma stakewhile_UU [simp]: "stakewhile $ P $ UU = UU" + by fixrec_simp -lemma stakewhile_UU [simp]: "stakewhile$P$UU=UU" -by fixrec_simp -subsubsection \sdropwhile\ +subsubsection \\sdropwhile\\ -fixrec - sdropwhile :: "('a -> tr) -> 'a seq -> 'a seq" +fixrec sdropwhile :: "('a \ tr) \ 'a seq \ 'a seq" where - sdropwhile_nil: "sdropwhile$P$nil=nil" + sdropwhile_nil: "sdropwhile $ P $ nil = nil" | sdropwhile_cons: - "x~=UU ==> sdropwhile$P$(x##xs) = - (If P$x then sdropwhile$P$xs else x##xs)" + "x \ UU \ sdropwhile $ P $ (x ## xs) = (If P $ x then sdropwhile $ P $ xs else x ## xs)" -lemma sdropwhile_UU [simp]: "sdropwhile$P$UU=UU" -by fixrec_simp +lemma sdropwhile_UU [simp]: "sdropwhile $ P $ UU = UU" + by fixrec_simp + -subsubsection \slast\ +subsubsection \\slast\\ -fixrec - slast :: "'a seq -> 'a" +fixrec slast :: "'a seq \ 'a" where - slast_nil: "slast$nil=UU" -| slast_cons: - "x~=UU ==> slast$(x##xs)= (If is_nil$xs then x else slast$xs)" + slast_nil: "slast $ nil = UU" +| slast_cons: "x \ UU \ slast $ (x ## xs) = (If is_nil $ xs then x else slast $ xs)" -lemma slast_UU [simp]: "slast$UU=UU" -by fixrec_simp +lemma slast_UU [simp]: "slast $ UU = UU" + by fixrec_simp + -subsubsection \sconc\ +subsubsection \\sconc\\ -fixrec - sconc :: "'a seq -> 'a seq -> 'a seq" +fixrec sconc :: "'a seq \ 'a seq \ 'a seq" where - sconc_nil: "sconc$nil$y = y" -| sconc_cons': - "x~=UU ==> sconc$(x##xs)$y = x##(sconc$xs$y)" + sconc_nil: "sconc $ nil $ y = y" +| sconc_cons': "x \ UU \ sconc $ (x ## xs) $ y = x ## (sconc $ xs $ y)" -abbreviation - sconc_syn :: "'a seq => 'a seq => 'a seq" (infixr "@@" 65) where - "xs @@ ys == sconc $ xs $ ys" +abbreviation sconc_syn :: "'a seq => 'a seq => 'a seq" (infixr "@@" 65) + where "xs @@ ys \ sconc $ xs $ ys" -lemma sconc_UU [simp]: "UU @@ y=UU" -by fixrec_simp +lemma sconc_UU [simp]: "UU @@ y = UU" + by fixrec_simp -lemma sconc_cons [simp]: "(x##xs) @@ y=x##(xs @@ y)" -apply (cases "x=UU") -apply simp_all -done +lemma sconc_cons [simp]: "(x ## xs) @@ y = x ## (xs @@ y)" + by (cases "x = UU") simp_all declare sconc_cons' [simp del] -subsubsection \sflat\ -fixrec - sflat :: "('a seq) seq -> 'a seq" +subsubsection \\sflat\\ + +fixrec sflat :: "'a seq seq \ 'a seq" where - sflat_nil: "sflat$nil=nil" -| sflat_cons': "x~=UU ==> sflat$(x##xs)= x@@(sflat$xs)" + sflat_nil: "sflat $ nil = nil" +| sflat_cons': "x \ UU \ sflat $ (x ## xs) = x @@ (sflat $ xs)" -lemma sflat_UU [simp]: "sflat$UU=UU" -by fixrec_simp +lemma sflat_UU [simp]: "sflat $ UU = UU" + by fixrec_simp -lemma sflat_cons [simp]: "sflat$(x##xs)= x@@(sflat$xs)" -by (cases "x=UU", simp_all) +lemma sflat_cons [simp]: "sflat $ (x ## xs) = x @@ (sflat $ xs)" + by (cases "x = UU") simp_all declare sflat_cons' [simp del] -subsubsection \szip\ -fixrec - szip :: "'a seq -> 'b seq -> ('a*'b) seq" +subsubsection \\szip\\ + +fixrec szip :: "'a seq \ 'b seq \ ('a \ 'b) seq" where - szip_nil: "szip$nil$y=nil" -| szip_cons_nil: "x~=UU ==> szip$(x##xs)$nil=UU" -| szip_cons: - "[| x~=UU; y~=UU|] ==> szip$(x##xs)$(y##ys) = (x,y)##szip$xs$ys" + szip_nil: "szip $ nil $ y = nil" +| szip_cons_nil: "x \ UU \ szip $ (x ## xs) $ nil = UU" +| szip_cons: "x \ UU \ y \ UU \ szip $ (x ## xs) $ (y ## ys) = (x, y) ## szip $ xs $ ys" -lemma szip_UU1 [simp]: "szip$UU$y=UU" -by fixrec_simp +lemma szip_UU1 [simp]: "szip $ UU $ y = UU" + by fixrec_simp -lemma szip_UU2 [simp]: "x~=nil ==> szip$x$UU=UU" -by (cases x, simp_all, fixrec_simp) +lemma szip_UU2 [simp]: "x \ nil \ szip $ x $ UU = UU" + by (cases x) (simp_all, fixrec_simp) -subsection "scons, nil" - -lemma scons_inject_eq: - "[|x~=UU;y~=UU|]==> (x##xs=y##ys) = (x=y & xs=ys)" -by simp +subsection \\scons\, \nil\\ -lemma nil_less_is_nil: "nil< nil=x" -apply (cases x) -apply simp -apply simp -apply simp -done +lemma scons_inject_eq: "x \ UU \ y \ UU \ x ## xs = y ## ys \ x = y \ xs = ys" + by simp -subsection "sfilter, sforall, sconc" - -lemma if_and_sconc [simp]: "(if b then tr1 else tr2) @@ tr - = (if b then tr1 @@ tr else tr2 @@ tr)" -by simp +lemma nil_less_is_nil: "nil \ x \ nil = x" + by (cases x) simp_all -lemma sfiltersconc: "sfilter$P$(x @@ y) = (sfilter$P$x @@ sfilter$P$y)" -apply (induct x) -(* adm *) -apply simp -(* base cases *) -apply simp -apply simp -(* main case *) -apply (rule_tac p="P$a" in trE) -apply simp -apply simp -apply simp -done +subsection \\sfilter\, \sforall\, \sconc\\ + +lemma if_and_sconc [simp]: + "(if b then tr1 else tr2) @@ tr = (if b then tr1 @@ tr else tr2 @@ tr)" + by simp + +lemma sfiltersconc: "sfilter $ P $ (x @@ y) = (sfilter $ P $ x @@ sfilter $ P $ y)" + apply (induct x) + text \adm\ + apply simp + text \base cases\ + apply simp + apply simp + text \main case\ + apply (rule_tac p = "P$a" in trE) + apply simp + apply simp + apply simp + done -lemma sforallPstakewhileP: "sforall P (stakewhile$P$x)" -apply (simp add: sforall_def) -apply (induct x) -(* adm *) -apply simp -(* base cases *) -apply simp -apply simp -(* main case *) -apply (rule_tac p="P$a" in trE) -apply simp -apply simp -apply simp -done +lemma sforallPstakewhileP: "sforall P (stakewhile $ P $ x)" + apply (simp add: sforall_def) + apply (induct x) + text \adm\ + apply simp + text \base cases\ + apply simp + apply simp + text \main case\ + apply (rule_tac p = "P$a" in trE) + apply simp + apply simp + apply simp + done -lemma forallPsfilterP: "sforall P (sfilter$P$x)" -apply (simp add: sforall_def) -apply (induct x) -(* adm *) -apply simp -(* base cases *) -apply simp -apply simp -(* main case *) -apply (rule_tac p="P$a" in trE) -apply simp -apply simp -apply simp -done +lemma forallPsfilterP: "sforall P (sfilter $ P $ x)" + apply (simp add: sforall_def) + apply (induct x) + text \adm\ + apply simp + text \base cases\ + apply simp + apply simp + text \main case\ + apply (rule_tac p="P$a" in trE) + apply simp + apply simp + apply simp + done -subsection "Finite" +subsection \Finite\ -(* ---------------------------------------------------- *) -(* Proofs of rewrite rules for Finite: *) -(* 1. Finite(nil), (by definition) *) -(* 2. ~Finite(UU), *) -(* 3. a~=UU==> Finite(a##x)=Finite(x) *) -(* ---------------------------------------------------- *) +(* + Proofs of rewrite rules for Finite: + 1. Finite nil (by definition) + 2. \ Finite UU + 3. a \ UU \ Finite (a ## x) = Finite x +*) -lemma Finite_UU_a: "Finite x --> x~=UU" -apply (rule impI) -apply (erule Finite.induct) - apply simp -apply simp -done +lemma Finite_UU_a: "Finite x \ x \ UU" + apply (rule impI) + apply (erule Finite.induct) + apply simp + apply simp + done -lemma Finite_UU [simp]: "~(Finite UU)" -apply (cut_tac x="UU" in Finite_UU_a) -apply fast -done +lemma Finite_UU [simp]: "\ Finite UU" + using Finite_UU_a [where x = UU] by fast -lemma Finite_cons_a: "Finite x --> a~=UU --> x=a##xs --> Finite xs" -apply (intro strip) -apply (erule Finite.cases) -apply fastforce -apply simp -done +lemma Finite_cons_a: "Finite x \ a \ UU \ x = a ## xs \ Finite xs" + apply (intro strip) + apply (erule Finite.cases) + apply fastforce + apply simp + done -lemma Finite_cons: "a~=UU ==>(Finite (a##x)) = (Finite x)" -apply (rule iffI) -apply (erule (1) Finite_cons_a [rule_format]) -apply fast -apply simp -done +lemma Finite_cons: "a \ UU \ Finite (a##x) \ Finite x" + apply (rule iffI) + apply (erule (1) Finite_cons_a [rule_format]) + apply fast + apply simp + done -lemma Finite_upward: "\Finite x; x \ y\ \ Finite y" -apply (induct arbitrary: y set: Finite) -apply (case_tac y, simp, simp, simp) -apply (case_tac y, simp, simp) -apply simp -done +lemma Finite_upward: "Finite x \ x \ y \ Finite y" + apply (induct arbitrary: y set: Finite) + apply (case_tac y, simp, simp, simp) + apply (case_tac y, simp, simp) + apply simp + done lemma adm_Finite [simp]: "adm Finite" -by (rule adm_upward, rule Finite_upward) + by (rule adm_upward) (rule Finite_upward) -subsection "induction" - +subsection \Induction\ -(*-------------------------------- *) -(* Extensions to Induction Theorems *) -(*-------------------------------- *) - +text \Extensions to Induction Theorems.\ lemma seq_finite_ind_lemma: - assumes "(!!n. P(seq_take n$s))" - shows "seq_finite(s) -->P(s)" -apply (unfold seq.finite_def) -apply (intro strip) -apply (erule exE) -apply (erule subst) -apply (rule assms) -done + assumes "\n. P (seq_take n $ s)" + shows "seq_finite s \ P s" + apply (unfold seq.finite_def) + apply (intro strip) + apply (erule exE) + apply (erule subst) + apply (rule assms) + done - -lemma seq_finite_ind: "!!P.[|P(UU);P(nil); - !! x s1.[|x~=UU;P(s1)|] ==> P(x##s1) - |] ==> seq_finite(s) --> P(s)" -apply (rule seq_finite_ind_lemma) -apply (erule seq.finite_induct) - apply assumption -apply simp -done +lemma seq_finite_ind: + assumes "P UU" + and "P nil" + and "\x s1. x \ UU \ P s1 \ P (x ## s1)" + shows "seq_finite s \ P s" + apply (insert assms) + apply (rule seq_finite_ind_lemma) + apply (erule seq.finite_induct) + apply assumption + apply simp + done end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Sequence.thy --- a/src/HOL/HOLCF/IOA/Sequence.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Sequence.thy Mon Jan 11 00:04:23 2016 +0100 @@ -1,8 +1,8 @@ (* Title: HOL/HOLCF/IOA/Sequence.thy Author: Olaf Müller +*) -Sequences over flat domains with lifted elements. -*) +section \Sequences over flat domains with lifted elements\ theory Sequence imports Seq @@ -34,71 +34,78 @@ where "Takewhile P = stakewhile $ (flift2 P)" definition Zip :: "'a Seq \ 'b Seq \ ('a * 'b) Seq" -where - "Zip = (fix$(LAM h t1 t2. case t1 of - nil => nil - | x##xs => (case t2 of - nil => UU - | y##ys => (case x of - UU => UU - | Def a => (case y of - UU => UU - | Def b => Def (a,b)##(h$xs$ys))))))" + where "Zip = + (fix $ (LAM h t1 t2. + case t1 of + nil \ nil + | x ## xs \ + (case t2 of + nil \ UU + | y ## ys \ + (case x of + UU \ UU + | Def a \ + (case y of + UU \ UU + | Def b \ Def (a, b) ## (h $ xs $ ys))))))" definition Flat :: "'a Seq seq \ 'a Seq" where "Flat = sflat" definition Filter2 :: "('a \ bool) \ 'a Seq \ 'a Seq" -where - "Filter2 P = (fix $ (LAM h t. case t of - nil \ nil - | x##xs \ (case x of UU \ UU | Def y \ (if P y - then x##(h$xs) - else h$xs))))" + where "Filter2 P = + (fix $ + (LAM h t. + case t of + nil \ nil + | x ## xs \ + (case x of + UU \ UU + | Def y \ (if P y then x ## (h $ xs) else h $ xs))))" -abbreviation Consq_syn ("(_/\_)" [66,65] 65) - where "a\s \ Consq a $ s" +abbreviation Consq_syn ("(_/\_)" [66, 65] 65) + where "a \ s \ Consq a $ s" -text \List enumeration\ +subsection \List enumeration\ + syntax - "_totlist" :: "args => 'a Seq" ("[(_)!]") - "_partlist" :: "args => 'a Seq" ("[(_)?]") + "_totlist" :: "args \ 'a Seq" ("[(_)!]") + "_partlist" :: "args \ 'a Seq" ("[(_)?]") translations - "[x, xs!]" == "x\[xs!]" - "[x!]" == "x\nil" - "[x, xs?]" == "x\[xs?]" - "[x?]" == "x\CONST bottom" + "[x, xs!]" \ "x \ [xs!]" + "[x!]" \ "x\nil" + "[x, xs?]" \ "x \ [xs?]" + "[x?]" \ "x \ CONST bottom" declare andalso_and [simp] declare andalso_or [simp] -subsection "recursive equations of operators" +subsection \Recursive equations of operators\ -subsubsection "Map" +subsubsection \Map\ -lemma Map_UU: "Map f$UU =UU" +lemma Map_UU: "Map f $ UU = UU" by (simp add: Map_def) -lemma Map_nil: "Map f$nil =nil" +lemma Map_nil: "Map f $ nil = nil" by (simp add: Map_def) -lemma Map_cons: "Map f$(x\xs)=(f x) \ Map f$xs" +lemma Map_cons: "Map f $ (x \ xs) = (f x) \ Map f $ xs" by (simp add: Map_def Consq_def flift2_def) subsubsection \Filter\ -lemma Filter_UU: "Filter P$UU =UU" +lemma Filter_UU: "Filter P $ UU = UU" by (simp add: Filter_def) -lemma Filter_nil: "Filter P$nil =nil" +lemma Filter_nil: "Filter P $ nil = nil" by (simp add: Filter_def) -lemma Filter_cons: - "Filter P$(x\xs)= (if P x then x\(Filter P$xs) else Filter P$xs)" +lemma Filter_cons: "Filter P $ (x \ xs) = (if P x then x \ (Filter P $ xs) else Filter P $ xs)" by (simp add: Filter_def Consq_def flift2_def If_and_if) @@ -110,81 +117,82 @@ lemma Forall_nil: "Forall P nil" by (simp add: Forall_def sforall_def) -lemma Forall_cons: "Forall P (x\xs)= (P x & Forall P xs)" +lemma Forall_cons: "Forall P (x \ xs) = (P x \ Forall P xs)" by (simp add: Forall_def sforall_def Consq_def flift2_def) subsubsection \Conc\ -lemma Conc_cons: "(x\xs) @@ y = x\(xs @@y)" +lemma Conc_cons: "(x \ xs) @@ y = x \ (xs @@ y)" by (simp add: Consq_def) subsubsection \Takewhile\ -lemma Takewhile_UU: "Takewhile P$UU =UU" +lemma Takewhile_UU: "Takewhile P $ UU = UU" by (simp add: Takewhile_def) -lemma Takewhile_nil: "Takewhile P$nil =nil" +lemma Takewhile_nil: "Takewhile P $ nil = nil" by (simp add: Takewhile_def) lemma Takewhile_cons: - "Takewhile P$(x\xs)= (if P x then x\(Takewhile P$xs) else nil)" + "Takewhile P $ (x \ xs) = (if P x then x \ (Takewhile P $ xs) else nil)" by (simp add: Takewhile_def Consq_def flift2_def If_and_if) subsubsection \DropWhile\ -lemma Dropwhile_UU: "Dropwhile P$UU =UU" +lemma Dropwhile_UU: "Dropwhile P $ UU = UU" by (simp add: Dropwhile_def) -lemma Dropwhile_nil: "Dropwhile P$nil =nil" +lemma Dropwhile_nil: "Dropwhile P $ nil = nil" by (simp add: Dropwhile_def) -lemma Dropwhile_cons: - "Dropwhile P$(x\xs)= (if P x then Dropwhile P$xs else x\xs)" +lemma Dropwhile_cons: "Dropwhile P $ (x \ xs) = (if P x then Dropwhile P $ xs else x \ xs)" by (simp add: Dropwhile_def Consq_def flift2_def If_and_if) subsubsection \Last\ -lemma Last_UU: "Last$UU =UU" - by (simp add: Last_def) - -lemma Last_nil: "Last$nil =UU" +lemma Last_UU: "Last $ UU =UU" by (simp add: Last_def) -lemma Last_cons: "Last$(x\xs)= (if xs=nil then Def x else Last$xs)" - apply (simp add: Last_def Consq_def) - apply (cases xs) - apply simp_all - done +lemma Last_nil: "Last $ nil =UU" + by (simp add: Last_def) + +lemma Last_cons: "Last $ (x \ xs) = (if xs = nil then Def x else Last $ xs)" + by (cases xs) (simp_all add: Last_def Consq_def) subsubsection \Flat\ -lemma Flat_UU: "Flat$UU =UU" +lemma Flat_UU: "Flat $ UU = UU" by (simp add: Flat_def) -lemma Flat_nil: "Flat$nil =nil" +lemma Flat_nil: "Flat $ nil = nil" by (simp add: Flat_def) -lemma Flat_cons: "Flat$(x##xs)= x @@ (Flat$xs)" +lemma Flat_cons: "Flat $ (x ## xs) = x @@ (Flat $ xs)" by (simp add: Flat_def Consq_def) subsubsection \Zip\ lemma Zip_unfold: - "Zip = (LAM t1 t2. case t1 of - nil => nil - | x##xs => (case t2 of - nil => UU - | y##ys => (case x of - UU => UU - | Def a => (case y of - UU => UU - | Def b => Def (a,b)##(Zip$xs$ys)))))" + "Zip = + (LAM t1 t2. + case t1 of + nil \ nil + | x ## xs \ + (case t2 of + nil \ UU + | y ## ys \ + (case x of + UU \ UU + | Def a \ + (case y of + UU \ UU + | Def b \ Def (a, b) ## (Zip $ xs $ ys)))))" apply (rule trans) apply (rule fix_eq4) apply (rule Zip_def) @@ -192,29 +200,29 @@ apply simp done -lemma Zip_UU1: "Zip$UU$y =UU" +lemma Zip_UU1: "Zip $ UU $ y = UU" apply (subst Zip_unfold) apply simp done -lemma Zip_UU2: "x~=nil ==> Zip$x$UU =UU" +lemma Zip_UU2: "x \ nil \ Zip $ x $ UU = UU" apply (subst Zip_unfold) apply simp apply (cases x) apply simp_all done -lemma Zip_nil: "Zip$nil$y =nil" +lemma Zip_nil: "Zip $ nil $ y = nil" apply (subst Zip_unfold) apply simp done -lemma Zip_cons_nil: "Zip$(x\xs)$nil= UU" +lemma Zip_cons_nil: "Zip $ (x \ xs) $ nil = UU" apply (subst Zip_unfold) apply (simp add: Consq_def) done -lemma Zip_cons: "Zip$(x\xs)$(y\ys)= (x,y) \ Zip$xs$ys" +lemma Zip_cons: "Zip $ (x \ xs) $ (y \ ys) = (x, y) \ Zip $ xs $ ys" apply (rule trans) apply (subst Zip_unfold) apply simp @@ -242,20 +250,18 @@ Zip_UU1 Zip_UU2 Zip_nil Zip_cons_nil Zip_cons +subsection \Cons\ -section "Cons" - -lemma Consq_def2: "a\s = (Def a)##s" +lemma Consq_def2: "a \ s = Def a ## s" by (simp add: Consq_def) -lemma Seq_exhaust: "x = UU | x = nil | (? a s. x = a \ s)" +lemma Seq_exhaust: "x = UU \ x = nil \ (\a s. x = a \ s)" apply (simp add: Consq_def2) apply (cut_tac seq.nchotomy) apply (fast dest: not_Undef_is_Def [THEN iffD1]) done - -lemma Seq_cases: "!!P. [| x = UU ==> P; x = nil ==> P; !!a s. x = a \ s ==> P |] ==> P" +lemma Seq_cases: obtains "x = UU" | "x = nil" | a s where "x = a \ s" apply (cut_tac x="x" in Seq_exhaust) apply (erule disjE) apply simp @@ -265,48 +271,34 @@ apply simp done -(* -fun Seq_case_tac s i = rule_tac x",s)] Seq_cases i - THEN hyp_subst_tac i THEN hyp_subst_tac (i+1) THEN hyp_subst_tac (i+2); -*) -(* on a\s only simp_tac, as full_simp_tac is uncomplete and often causes errors *) -(* -fun Seq_case_simp_tac s i = Seq_case_tac s i THEN Asm_simp_tac (i+2) - THEN Asm_full_simp_tac (i+1) - THEN Asm_full_simp_tac i; -*) - -lemma Cons_not_UU: "a\s ~= UU" +lemma Cons_not_UU: "a \ s \ UU" apply (subst Consq_def2) apply simp done - -lemma Cons_not_less_UU: "~(a\x) << UU" +lemma Cons_not_less_UU: "\ (a \ x) \ UU" apply (rule notI) apply (drule below_antisym) apply simp apply (simp add: Cons_not_UU) done -lemma Cons_not_less_nil: "~a\s << nil" +lemma Cons_not_less_nil: "\ a \ s \ nil" by (simp add: Consq_def2) -lemma Cons_not_nil: "a\s ~= nil" - by (simp add: Consq_def2) - -lemma Cons_not_nil2: "nil ~= a\s" +lemma Cons_not_nil: "a \ s \ nil" by (simp add: Consq_def2) -lemma Cons_inject_eq: "(a\s = b\t) = (a = b & s = t)" - apply (simp only: Consq_def2) - apply (simp add: scons_inject_eq) - done - -lemma Cons_inject_less_eq: "(a\s<t) = (a = b & s< a \ s" by (simp add: Consq_def2) -lemma seq_take_Cons: "seq_take (Suc n)$(a\x) = a\ (seq_take n$x)" +lemma Cons_inject_eq: "a \ s = b \ t \ a = b \ s = t" + by (simp add: Consq_def2 scons_inject_eq) + +lemma Cons_inject_less_eq: "a \ s \ b \ t \ a = b \ s \ t" + by (simp add: Consq_def2) + +lemma seq_take_Cons: "seq_take (Suc n) $ (a \ x) = a \ (seq_take n $ x)" by (simp add: Consq_def) lemmas [simp] = @@ -314,86 +306,74 @@ Cons_not_UU Cons_not_less_UU Cons_not_less_nil Cons_not_nil -subsection "induction" +subsection \Induction\ -lemma Seq_induct: "!! P. [| adm P; P UU; P nil; !! a s. P s ==> P (a\s)|] ==> P x" +lemma Seq_induct: + assumes "adm P" + and "P UU" + and "P nil" + and "\a s. P s \ P (a \ s)" + shows "P x" + apply (insert assms) apply (erule (2) seq.induct) apply defined apply (simp add: Consq_def) done lemma Seq_FinitePartial_ind: - "!! P.[|P UU;P nil; !! a s. P s ==> P(a\s) |] - ==> seq_finite x --> P x" + assumes "P UU" + and "P nil" + and "\a s. P s \ P (a \ s)" + shows "seq_finite x \ P x" + apply (insert assms) apply (erule (1) seq_finite_ind) apply defined apply (simp add: Consq_def) done lemma Seq_Finite_ind: - "!! P.[| Finite x; P nil; !! a s. [| Finite s; P s|] ==> P (a\s) |] ==> P x" + assumes "Finite x" + and "P nil" + and "\a s. Finite s \ P s \ P (a \ s)" + shows "P x" + apply (insert assms) apply (erule (1) Finite.induct) apply defined apply (simp add: Consq_def) done -(* rws are definitions to be unfolded for admissibility check *) -(* -fun Seq_induct_tac s rws i = rule_tac x",s)] Seq_induct i - THEN (REPEAT_DETERM (CHANGED (Asm_simp_tac (i+1)))) - THEN simp add: rws) i; - -fun Seq_Finite_induct_tac i = erule Seq_Finite_ind i - THEN (REPEAT_DETERM (CHANGED (Asm_simp_tac i))); +subsection \\HD\ and \TL\\ -fun pair_tac s = rule_tac p",s)] prod.exhaust - THEN' hyp_subst_tac THEN' Simp_tac; -*) -(* induction on a sequence of pairs with pairsplitting and simplification *) -(* -fun pair_induct_tac s rws i = - rule_tac x",s)] Seq_induct i - THEN pair_tac "a" (i+3) - THEN (REPEAT_DETERM (CHANGED (Simp_tac (i+1)))) - THEN simp add: rws) i; -*) +lemma HD_Cons [simp]: "HD $ (x \ y) = Def x" + by (simp add: Consq_def) + +lemma TL_Cons [simp]: "TL $ (x \ y) = y" + by (simp add: Consq_def) -(* ------------------------------------------------------------------------------------ *) - -subsection "HD,TL" - -lemma HD_Cons [simp]: "HD$(x\y) = Def x" - by (simp add: Consq_def) +subsection \\Finite\, \Partial\, \Infinite\\ -lemma TL_Cons [simp]: "TL$(x\y) = y" - by (simp add: Consq_def) - -(* ------------------------------------------------------------------------------------ *) - -subsection "Finite, Partial, Infinite" - -lemma Finite_Cons [simp]: "Finite (a\xs) = Finite xs" +lemma Finite_Cons [simp]: "Finite (a \ xs) = Finite xs" by (simp add: Consq_def2 Finite_cons) -lemma FiniteConc_1: "Finite (x::'a Seq) ==> Finite y --> Finite (x@@y)" +lemma FiniteConc_1: "Finite (x::'a Seq) \ Finite y \ Finite (x @@ y)" apply (erule Seq_Finite_ind) apply simp_all done -lemma FiniteConc_2: "Finite (z::'a Seq) ==> !x y. z= x@@y --> (Finite x & Finite y)" +lemma FiniteConc_2: "Finite (z::'a Seq) \ \x y. z = x @@ y \ Finite x \ Finite y" apply (erule Seq_Finite_ind) - (* nil*) + text \\nil\\ apply (intro strip) apply (rule_tac x="x" in Seq_cases, simp_all) - (* cons *) + text \\cons\\ apply (intro strip) apply (rule_tac x="x" in Seq_cases, simp_all) apply (rule_tac x="y" in Seq_cases, simp_all) done -lemma FiniteConc [simp]: "Finite(x@@y) = (Finite (x::'a Seq) & Finite y)" +lemma FiniteConc [simp]: "Finite (x @@ y) \ Finite (x::'a Seq) \ Finite y" apply (rule iffI) apply (erule FiniteConc_2 [rule_format]) apply (rule refl) @@ -402,21 +382,21 @@ done -lemma FiniteMap1: "Finite s ==> Finite (Map f$s)" +lemma FiniteMap1: "Finite s \ Finite (Map f $ s)" apply (erule Seq_Finite_ind) apply simp_all done -lemma FiniteMap2: "Finite s ==> ! t. (s = Map f$t) --> Finite t" +lemma FiniteMap2: "Finite s \ \t. s = Map f $ t \ Finite t" apply (erule Seq_Finite_ind) apply (intro strip) apply (rule_tac x="t" in Seq_cases, simp_all) - (* main case *) + text \\main case\\ apply auto apply (rule_tac x="t" in Seq_cases, simp_all) done -lemma Map2Finite: "Finite (Map f$s) = Finite s" +lemma Map2Finite: "Finite (Map f $ s) = Finite s" apply auto apply (erule FiniteMap2 [rule_format]) apply (rule refl) @@ -424,17 +404,15 @@ done -lemma FiniteFilter: "Finite s ==> Finite (Filter P$s)" +lemma FiniteFilter: "Finite s \ Finite (Filter P $ s)" apply (erule Seq_Finite_ind) apply simp_all done -(* ----------------------------------------------------------------------------------- *) +subsection \\Conc\\ -subsection "Conc" - -lemma Conc_cong: "!! x::'a Seq. Finite x ==> ((x @@ y) = (x @@ z)) = (y = z)" +lemma Conc_cong: "\x::'a Seq. Finite x \ (x @@ y) = (x @@ z) \ y = z" apply (erule Seq_Finite_ind) apply simp_all done @@ -453,81 +431,60 @@ done -(* should be same as nil_is_Conc2 when all nils are turned to right side !! *) -lemma nil_is_Conc: "(nil = x @@ y) = ((x::'a Seq)= nil & y = nil)" +(*Should be same as nil_is_Conc2 when all nils are turned to right side!*) +lemma nil_is_Conc: "nil = x @@ y \ (x::'a Seq) = nil \ y = nil" apply (rule_tac x="x" in Seq_cases) apply auto done -lemma nil_is_Conc2: "(x @@ y = nil) = ((x::'a Seq)= nil & y = nil)" +lemma nil_is_Conc2: "x @@ y = nil \ (x::'a Seq) = nil \ y = nil" apply (rule_tac x="x" in Seq_cases) apply auto done -(* ------------------------------------------------------------------------------------ *) - -subsection "Last" - -lemma Finite_Last1: "Finite s ==> s~=nil --> Last$s~=UU" - apply (erule Seq_Finite_ind, simp_all) - done +subsection \Last\ -lemma Finite_Last2: "Finite s ==> Last$s=UU --> s=nil" - apply (erule Seq_Finite_ind, simp_all) - apply fast - done +lemma Finite_Last1: "Finite s \ s \ nil \ Last $ s \ UU" + by (erule Seq_Finite_ind) simp_all - -(* ------------------------------------------------------------------------------------ *) - - -subsection "Filter, Conc" +lemma Finite_Last2: "Finite s \ Last $ s = UU \ s = nil" + by (erule Seq_Finite_ind) auto -lemma FilterPQ: "Filter P$(Filter Q$s) = Filter (%x. P x & Q x)$s" - apply (rule_tac x="s" in Seq_induct, simp_all) - done - -lemma FilterConc: "Filter P$(x @@ y) = (Filter P$x @@ Filter P$y)" - apply (simp add: Filter_def sfiltersconc) - done - -(* ------------------------------------------------------------------------------------ *) - -subsection "Map" +subsection \Filter, Conc\ -lemma MapMap: "Map f$(Map g$s) = Map (f o g)$s" - apply (rule_tac x="s" in Seq_induct, simp_all) - done - -lemma MapConc: "Map f$(x@@y) = (Map f$x) @@ (Map f$y)" - apply (rule_tac x="x" in Seq_induct, simp_all) - done +lemma FilterPQ: "Filter P $ (Filter Q $ s) = Filter (\x. P x \ Q x) $ s" + by (rule_tac x="s" in Seq_induct) simp_all -lemma MapFilter: "Filter P$(Map f$x) = Map f$(Filter (P o f)$x)" - apply (rule_tac x="x" in Seq_induct, simp_all) - done - -lemma nilMap: "nil = (Map f$s) --> s= nil" - apply (rule_tac x="s" in Seq_cases, simp_all) - done +lemma FilterConc: "Filter P $ (x @@ y) = (Filter P $ x @@ Filter P $ y)" + by (simp add: Filter_def sfiltersconc) -lemma ForallMap: "Forall P (Map f$s) = Forall (P o f) s" +subsection \Map\ + +lemma MapMap: "Map f $ (Map g $ s) = Map (f \ g) $ s" + by (rule_tac x="s" in Seq_induct) simp_all + +lemma MapConc: "Map f $ (x @@ y) = (Map f $ x) @@ (Map f $ y)" + by (rule_tac x="x" in Seq_induct) simp_all + +lemma MapFilter: "Filter P $ (Map f $ x) = Map f $ (Filter (P \ f) $ x)" + by (rule_tac x="x" in Seq_induct) simp_all + +lemma nilMap: "nil = (Map f $ s) \ s = nil" + by (rule_tac x="s" in Seq_cases) simp_all + +lemma ForallMap: "Forall P (Map f $ s) = Forall (P \ f) s" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done - - -(* ------------------------------------------------------------------------------------ *) +subsection \Forall\ -subsection "Forall" - -lemma ForallPForallQ1: "Forall P ys & (! x. P x --> Q x) --> Forall Q ys" +lemma ForallPForallQ1: "Forall P ys \ (\x. P x \ Q x) \ Forall Q ys" apply (rule_tac x="ys" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -536,18 +493,16 @@ lemmas ForallPForallQ = ForallPForallQ1 [THEN mp, OF conjI, OF _ allI, OF _ impI] -lemma Forall_Conc_impl: "(Forall P x & Forall P y) --> Forall P (x @@ y)" +lemma Forall_Conc_impl: "Forall P x \ Forall P y \ Forall P (x @@ y)" apply (rule_tac x="x" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done -lemma Forall_Conc [simp]: - "Finite x ==> Forall P (x @@ y) = (Forall P x & Forall P y)" - apply (erule Seq_Finite_ind, simp_all) - done +lemma Forall_Conc [simp]: "Finite x \ Forall P (x @@ y) \ Forall P x \ Forall P y" + by (erule Seq_Finite_ind) simp_all -lemma ForallTL1: "Forall P s --> Forall P (TL$s)" +lemma ForallTL1: "Forall P s \ Forall P (TL $ s)" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -555,7 +510,7 @@ lemmas ForallTL = ForallTL1 [THEN mp] -lemma ForallDropwhile1: "Forall P s --> Forall P (Dropwhile Q$s)" +lemma ForallDropwhile1: "Forall P s \ Forall P (Dropwhile Q $ s)" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -564,9 +519,8 @@ lemmas ForallDropwhile = ForallDropwhile1 [THEN mp] -(* only admissible in t, not if done in s *) - -lemma Forall_prefix: "! s. Forall P s --> t< Forall P t" +(*only admissible in t, not if done in s*) +lemma Forall_prefix: "\s. Forall P s \ t \ s \ Forall P t" apply (rule_tac x="t" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -578,12 +532,12 @@ lemmas Forall_prefixclosed = Forall_prefix [rule_format] -lemma Forall_postfixclosed: "[| Finite h; Forall P s; s= h @@ t |] ==> Forall P t" +lemma Forall_postfixclosed: "Finite h \ Forall P s \ s= h @@ t \ Forall P t" by auto lemma ForallPFilterQR1: - "((! x. P x --> (Q x = R x)) & Forall P tr) --> Filter Q$tr = Filter R$tr" + "(\x. P x \ Q x = R x) \ Forall P tr \ Filter Q $ tr = Filter R $ tr" apply (rule_tac x="tr" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -592,16 +546,13 @@ lemmas ForallPFilterQR = ForallPFilterQR1 [THEN mp, OF conjI, OF allI] -(* ------------------------------------------------------------------------------------- *) +subsection \Forall, Filter\ -subsection "Forall, Filter" - - -lemma ForallPFilterP: "Forall P (Filter P$x)" +lemma ForallPFilterP: "Forall P (Filter P $ x)" by (simp add: Filter_def Forall_def forallPsfilterP) -(* holds also in other direction, then equal to forallPfilterP *) -lemma ForallPFilterPid1: "Forall P x --> Filter P$x = x" +(*holds also in other direction, then equal to forallPfilterP*) +lemma ForallPFilterPid1: "Forall P x \ Filter P $ x = x" apply (rule_tac x="x" in Seq_induct) apply (simp add: Forall_def sforall_def Filter_def) apply simp_all @@ -609,18 +560,15 @@ lemmas ForallPFilterPid = ForallPFilterPid1 [THEN mp] - -(* holds also in other direction *) -lemma ForallnPFilterPnil1: "!! ys . Finite ys ==> - Forall (%x. ~P x) ys --> Filter P$ys = nil " - apply (erule Seq_Finite_ind, simp_all) - done +(*holds also in other direction*) +lemma ForallnPFilterPnil1: "Finite ys \ Forall (\x. \ P x) ys \ Filter P $ ys = nil" + by (erule Seq_Finite_ind) simp_all lemmas ForallnPFilterPnil = ForallnPFilterPnil1 [THEN mp] -(* holds also in other direction *) -lemma ForallnPFilterPUU1: "~Finite ys & Forall (%x. ~P x) ys --> Filter P$ys = UU" +(*holds also in other direction*) +lemma ForallnPFilterPUU1: "\ Finite ys \ Forall (\x. \ P x) ys \ Filter P $ ys = UU" apply (rule_tac x="ys" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -629,31 +577,27 @@ lemmas ForallnPFilterPUU = ForallnPFilterPUU1 [THEN mp, OF conjI] -(* inverse of ForallnPFilterPnil *) - -lemma FilternPnilForallP [rule_format]: "Filter P$ys = nil --> - (Forall (%x. ~P x) ys & Finite ys)" +(*inverse of ForallnPFilterPnil*) +lemma FilternPnilForallP [rule_format]: "Filter P $ ys = nil \ Forall (\x. \ P x) ys \ Finite ys" apply (rule_tac x="ys" in Seq_induct) - (* adm *) + text \adm\ apply (simp add: Forall_def sforall_def) - (* base cases *) + text \base cases\ apply simp apply simp - (* main case *) + text \main case\ apply simp done - -(* inverse of ForallnPFilterPUU *) - +(*inverse of ForallnPFilterPUU*) lemma FilternPUUForallP: - assumes "Filter P$ys = UU" - shows "Forall (%x. ~P x) ys & ~Finite ys" + assumes "Filter P $ ys = UU" + shows "Forall (\x. \ P x) ys \ \ Finite ys" proof - show "Forall (%x. ~P x) ys" + show "Forall (\x. \ P x) ys" proof (rule classical) assume "\ ?thesis" - then have "Filter P$ys ~= UU" + then have "Filter P $ ys \ UU" apply (rule rev_mp) apply (induct ys rule: Seq_induct) apply (simp add: Forall_def sforall_def) @@ -661,10 +605,10 @@ done with assms show ?thesis by contradiction qed - show "~ Finite ys" + show "\ Finite ys" proof assume "Finite ys" - then have "Filter P$ys ~= UU" + then have "Filter P$ys \ UU" by (rule Seq_Finite_ind) simp_all with assms show False by contradiction qed @@ -672,33 +616,26 @@ lemma ForallQFilterPnil: - "!! Q P.[| Forall Q ys; Finite ys; !!x. Q x ==> ~P x|] - ==> Filter P$ys = nil" + "Forall Q ys \ Finite ys \ (\x. Q x \ \ P x) \ Filter P $ ys = nil" apply (erule ForallnPFilterPnil) apply (erule ForallPForallQ) apply auto done -lemma ForallQFilterPUU: - "!! Q P. [| ~Finite ys; Forall Q ys; !!x. Q x ==> ~P x|] - ==> Filter P$ys = UU " +lemma ForallQFilterPUU: "\ Finite ys \ Forall Q ys \ (\x. Q x \ \ P x) \ Filter P $ ys = UU" apply (erule ForallnPFilterPUU) apply (erule ForallPForallQ) apply auto done - -(* ------------------------------------------------------------------------------------- *) +subsection \Takewhile, Forall, Filter\ -subsection "Takewhile, Forall, Filter" - - -lemma ForallPTakewhileP [simp]: "Forall P (Takewhile P$x)" +lemma ForallPTakewhileP [simp]: "Forall P (Takewhile P $ x)" by (simp add: Forall_def Takewhile_def sforallPstakewhileP) -lemma ForallPTakewhileQ [simp]: "!! P. [| !!x. Q x==> P x |] ==> Forall P (Takewhile Q$x)" +lemma ForallPTakewhileQ [simp]: "(\x. Q x \ P x) \ Forall P (Takewhile Q $ x)" apply (rule ForallPForallQ) apply (rule ForallPTakewhileP) apply auto @@ -706,8 +643,7 @@ lemma FilterPTakewhileQnil [simp]: - "!! Q P.[| Finite (Takewhile Q$ys); !!x. Q x ==> ~P x |] - ==> Filter P$(Takewhile Q$ys) = nil" + "Finite (Takewhile Q $ ys) \ (\x. Q x \ \ P x) \ Filter P $ (Takewhile Q $ ys) = nil" apply (erule ForallnPFilterPnil) apply (rule ForallPForallQ) apply (rule ForallPTakewhileP) @@ -715,8 +651,7 @@ done lemma FilterPTakewhileQid [simp]: - "!! Q P. [| !!x. Q x ==> P x |] ==> - Filter P$(Takewhile Q$ys) = (Takewhile Q$ys)" + "(\x. Q x \ P x) \ Filter P $ (Takewhile Q $ ys) = Takewhile Q $ ys" apply (rule ForallPFilterPid) apply (rule ForallPForallQ) apply (rule ForallPTakewhileP) @@ -724,26 +659,28 @@ done -lemma Takewhile_idempotent: "Takewhile P$(Takewhile P$s) = Takewhile P$s" +lemma Takewhile_idempotent: "Takewhile P $ (Takewhile P $ s) = Takewhile P $ s" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done -lemma ForallPTakewhileQnP [simp]: "Forall P s --> Takewhile (%x. Q x | (~P x))$s = Takewhile Q$s" +lemma ForallPTakewhileQnP [simp]: + "Forall P s \ Takewhile (\x. Q x \ (\ P x)) $ s = Takewhile Q $ s" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done -lemma ForallPDropwhileQnP [simp]: "Forall P s --> Dropwhile (%x. Q x | (~P x))$s = Dropwhile Q$s" +lemma ForallPDropwhileQnP [simp]: + "Forall P s \ Dropwhile (\x. Q x \ (\ P x)) $ s = Dropwhile Q $ s" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done -lemma TakewhileConc1: "Forall P s --> Takewhile P$(s @@ t) = s @@ (Takewhile P$t)" +lemma TakewhileConc1: "Forall P s \ Takewhile P $ (s @@ t) = s @@ (Takewhile P $ t)" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all @@ -751,22 +688,18 @@ lemmas TakewhileConc = TakewhileConc1 [THEN mp] -lemma DropwhileConc1: "Finite s ==> Forall P s --> Dropwhile P$(s @@ t) = Dropwhile P$t" - apply (erule Seq_Finite_ind, simp_all) - done +lemma DropwhileConc1: "Finite s \ Forall P s \ Dropwhile P $ (s @@ t) = Dropwhile P $ t" + by (erule Seq_Finite_ind) simp_all lemmas DropwhileConc = DropwhileConc1 [THEN mp] - -(* ----------------------------------------------------------------------------------- *) - -subsection "coinductive characterizations of Filter" +subsection \Coinductive characterizations of Filter\ lemma divide_Seq_lemma: - "HD$(Filter P$y) = Def x - --> y = ((Takewhile (%x. ~P x)$y) @@ (x \ TL$(Dropwhile (%a. ~P a)$y))) - & Finite (Takewhile (%x. ~ P x)$y) & P x" + "HD $ (Filter P $ y) = Def x \ + y = (Takewhile (\x. \ P x) $ y) @@ (x \ TL $ (Dropwhile (\a. \ P a) $ y)) \ + Finite (Takewhile (\x. \ P x) $ y) \ P x" (* FIX: pay attention: is only admissible with chain-finite package to be added to adm test and Finite f x admissibility *) apply (rule_tac x="y" in Seq_induct) @@ -776,20 +709,20 @@ apply (case_tac "P a") apply simp apply blast - (* ~ P a *) + text \\\ P a\\ apply simp done -lemma divide_Seq: "(x\xs) << Filter P$y - ==> y = ((Takewhile (%a. ~ P a)$y) @@ (x \ TL$(Dropwhile (%a. ~ P a)$y))) - & Finite (Takewhile (%a. ~ P a)$y) & P x" +lemma divide_Seq: "(x \ xs) \ Filter P $ y \ + y = ((Takewhile (\a. \ P a) $ y) @@ (x \ TL $ (Dropwhile (\a. \ P a) $ y))) \ + Finite (Takewhile (\a. \ P a) $ y) \ P x" apply (rule divide_Seq_lemma [THEN mp]) - apply (drule_tac f="HD" and x="x\xs" in monofun_cfun_arg) + apply (drule_tac f="HD" and x="x \ xs" in monofun_cfun_arg) apply simp done -lemma nForall_HDFilter: "~Forall P y --> (? x. HD$(Filter (%a. ~P a)$y) = Def x)" +lemma nForall_HDFilter: "\ Forall P y \ (\x. HD $ (Filter (\a. \ P a) $ y) = Def x)" unfolding not_Undef_is_Def [symmetric] apply (induct y rule: Seq_induct) apply (simp add: Forall_def sforall_def) @@ -797,19 +730,19 @@ done -lemma divide_Seq2: "~Forall P y - ==> ? x. y= (Takewhile P$y @@ (x \ TL$(Dropwhile P$y))) & - Finite (Takewhile P$y) & (~ P x)" +lemma divide_Seq2: + "\ Forall P y \ + \x. y = Takewhile P$y @@ (x \ TL $ (Dropwhile P $ y)) \ Finite (Takewhile P $ y) \ \ P x" apply (drule nForall_HDFilter [THEN mp]) apply safe apply (rule_tac x="x" in exI) - apply (cut_tac P1="%x. ~ P x" in divide_Seq_lemma [THEN mp]) + apply (cut_tac P1="\x. \ P x" in divide_Seq_lemma [THEN mp]) apply auto done -lemma divide_Seq3: "~Forall P y - ==> ? x bs rs. y= (bs @@ (x\rs)) & Finite bs & Forall P bs & (~ P x)" +lemma divide_Seq3: + "\ Forall P y \ \x bs rs. y = (bs @@ (x\rs)) \ Finite bs \ Forall P bs \ \ P x" apply (drule divide_Seq2) apply fastforce done @@ -817,20 +750,17 @@ lemmas [simp] = FilterPQ FilterConc Conc_cong -(* ------------------------------------------------------------------------------------- *) - +subsection \Take-lemma\ -subsection "take_lemma" - -lemma seq_take_lemma: "(!n. seq_take n$x = seq_take n$x') = (x = x')" +lemma seq_take_lemma: "(\n. seq_take n $ x = seq_take n $ x') \ x = x'" apply (rule iffI) apply (rule seq.take_lemma) apply auto done lemma take_reduction1: - "\n. ((! k. k < n --> seq_take k$y1 = seq_take k$y2) - --> seq_take n$(x @@ (t\y1)) = seq_take n$(x @@ (t\y2)))" + "\n. ((\k. k < n \ seq_take k $ y1 = seq_take k $ y2) \ + seq_take n $ (x @@ (t \ y1)) = seq_take n $ (x @@ (t \ y2)))" apply (rule_tac x="x" in Seq_induct) apply simp_all apply (intro strip) @@ -840,19 +770,19 @@ apply auto done - lemma take_reduction: - "!! n.[| x=y; s=t; !! k. k seq_take k$y1 = seq_take k$y2|] - ==> seq_take n$(x @@ (s\y1)) = seq_take n$(y @@ (t\y2))" + "x = y \ s = t \ (\k. k < n \ seq_take k $ y1 = seq_take k $ y2) + \ seq_take n $ (x @@ (s \ y1)) = seq_take n $ (y @@ (t \ y2))" by (auto intro!: take_reduction1 [rule_format]) -(* ------------------------------------------------------------------ - take-lemma and take_reduction for << instead of = - ------------------------------------------------------------------ *) +text \ + Take-lemma and take-reduction for \\\ instead of \=\. +\ + lemma take_reduction_less1: - "\n. ((! k. k < n --> seq_take k$y1 << seq_take k$y2) - --> seq_take n$(x @@ (t\y1)) << seq_take n$(x @@ (t\y2)))" + "\n. ((\k. k < n \ seq_take k $ y1 \ seq_take k$y2) \ + seq_take n $ (x @@ (t \ y1)) \ seq_take n $ (x @@ (t \ y2)))" apply (rule_tac x="x" in Seq_induct) apply simp_all apply (intro strip) @@ -862,15 +792,14 @@ apply auto done - lemma take_reduction_less: - "\n.[| x=y; s=t;!! k. k seq_take k$y1 << seq_take k$y2|] - ==> seq_take n$(x @@ (s\y1)) << seq_take n$(y @@ (t\y2))" + "x = y \ s = t \ (\k. k < n \ seq_take k $ y1 \ seq_take k $ y2) \ + seq_take n $ (x @@ (s \ y1)) \ seq_take n $ (y @@ (t \ y2))" by (auto intro!: take_reduction_less1 [rule_format]) lemma take_lemma_less1: - assumes "!! n. seq_take n$s1 << seq_take n$s2" - shows "s1<n. seq_take n $ s1 \ seq_take n $ s2" + shows "s1 \ s2" apply (rule_tac t="s1" in seq.reach [THEN subst]) apply (rule_tac t="s2" in seq.reach [THEN subst]) apply (rule lub_mono) @@ -879,55 +808,56 @@ apply (rule assms) done - -lemma take_lemma_less: "(!n. seq_take n$x << seq_take n$x') = (x << x')" +lemma take_lemma_less: "(\n. seq_take n $ x \ seq_take n $ x') \ x \ x'" apply (rule iffI) apply (rule take_lemma_less1) apply auto apply (erule monofun_cfun_arg) done -(* ------------------------------------------------------------------ - take-lemma proof principles - ------------------------------------------------------------------ *) + +text \Take-lemma proof principles.\ lemma take_lemma_principle1: - "!! Q. [|!! s. [| Forall Q s; A s |] ==> (f s) = (g s) ; - !! s1 s2 y. [| Forall Q s1; Finite s1; ~ Q y; A (s1 @@ y\s2)|] - ==> (f (s1 @@ y\s2)) = (g (s1 @@ y\s2)) |] - ==> A x --> (f x)=(g x)" - apply (case_tac "Forall Q x") - apply (auto dest!: divide_Seq3) - done + assumes "\s. Forall Q s \ A s \ f s = g s" + and "\s1 s2 y. Forall Q s1 \ Finite s1 \ + \ Q y \ A (s1 @@ y \ s2) \ f (s1 @@ y \ s2) = g (s1 @@ y \ s2)" + shows "A x \ f x = g x" + using assms by (cases "Forall Q x") (auto dest!: divide_Seq3) lemma take_lemma_principle2: - "!! Q. [|!! s. [| Forall Q s; A s |] ==> (f s) = (g s) ; - !! s1 s2 y. [| Forall Q s1; Finite s1; ~ Q y; A (s1 @@ y\s2)|] - ==> ! n. seq_take n$(f (s1 @@ y\s2)) - = seq_take n$(g (s1 @@ y\s2)) |] - ==> A x --> (f x)=(g x)" - apply (case_tac "Forall Q x") + assumes "\s. Forall Q s \ A s \ f s = g s" + and "\s1 s2 y. Forall Q s1 \ Finite s1 \ \ Q y \ A (s1 @@ y \ s2) \ + \n. seq_take n $ (f (s1 @@ y \ s2)) = seq_take n $ (g (s1 @@ y \ s2))" + shows "A x \ f x = g x" + using assms + apply (cases "Forall Q x") apply (auto dest!: divide_Seq3) apply (rule seq.take_lemma) apply auto done -(* Note: in the following proofs the ordering of proof steps is very - important, as otherwise either (Forall Q s1) would be in the IH as - assumption (then rule useless) or it is not possible to strengthen - the IH apply doing a forall closure of the sequence t (then rule also useless). - This is also the reason why the induction rule (nat_less_induct or nat_induct) has to - to be imbuilt into the rule, as induction has to be done early and the take lemma - has to be used in the trivial direction afterwards for the (Forall Q x) case. *) +text \ + Note: in the following proofs the ordering of proof steps is very important, + as otherwise either \Forall Q s1\ would be in the IH as assumption (then + rule useless) or it is not possible to strengthen the IH apply doing a + forall closure of the sequence \t\ (then rule also useless). This is also + the reason why the induction rule (\nat_less_induct\ or \nat_induct\) has to + to be imbuilt into the rule, as induction has to be done early and the take + lemma has to be used in the trivial direction afterwards for the + \Forall Q x\ case. +\ lemma take_lemma_induct: -"!! Q. [|!! s. [| Forall Q s; A s |] ==> (f s) = (g s) ; - !! s1 s2 y n. [| ! t. A t --> seq_take n$(f t) = seq_take n$(g t); - Forall Q s1; Finite s1; ~ Q y; A (s1 @@ y\s2) |] - ==> seq_take (Suc n)$(f (s1 @@ y\s2)) - = seq_take (Suc n)$(g (s1 @@ y\s2)) |] - ==> A x --> (f x)=(g x)" + assumes "\s. Forall Q s \ A s \ f s = g s" + and "\s1 s2 y n. + \t. A t \ seq_take n $ (f t) = seq_take n $ (g t) \ + Forall Q s1 \ Finite s1 \ \ Q y \ A (s1 @@ y \ s2) \ + seq_take (Suc n) $ (f (s1 @@ y \ s2)) = + seq_take (Suc n) $ (g (s1 @@ y \ s2))" + shows "A x \ f x = g x" + apply (insert assms) apply (rule impI) apply (rule seq.take_lemma) apply (rule mp) @@ -943,12 +873,14 @@ lemma take_lemma_less_induct: -"!! Q. [|!! s. [| Forall Q s; A s |] ==> (f s) = (g s) ; - !! s1 s2 y n. [| ! t m. m < n --> A t --> seq_take m$(f t) = seq_take m$(g t); - Forall Q s1; Finite s1; ~ Q y; A (s1 @@ y\s2) |] - ==> seq_take n$(f (s1 @@ y\s2)) - = seq_take n$(g (s1 @@ y\s2)) |] - ==> A x --> (f x)=(g x)" + assumes "\s. Forall Q s \ A s \ f s = g s" + and "\s1 s2 y n. + \t m. m < n \ A t \ seq_take m $ (f t) = seq_take m $ (g t) \ + Forall Q s1 \ Finite s1 \ \ Q y \ A (s1 @@ y \ s2) \ + seq_take n $ (f (s1 @@ y \ s2)) = + seq_take n $ (g (s1 @@ y \ s2))" + shows "A x \ f x = g x" + apply (insert assms) apply (rule impI) apply (rule seq.take_lemma) apply (rule mp) @@ -964,13 +896,14 @@ lemma take_lemma_in_eq_out: -"!! Q. [| A UU ==> (f UU) = (g UU) ; - A nil ==> (f nil) = (g nil) ; - !! s y n. [| ! t. A t --> seq_take n$(f t) = seq_take n$(g t); - A (y\s) |] - ==> seq_take (Suc n)$(f (y\s)) - = seq_take (Suc n)$(g (y\s)) |] - ==> A x --> (f x)=(g x)" + assumes "A UU \ f UU = g UU" + and "A nil \ f nil = g nil" + and "\s y n. + \t. A t \ seq_take n $ (f t) = seq_take n $ (g t) \ A (y \ s) \ + seq_take (Suc n) $ (f (y \ s)) = + seq_take (Suc n) $ (g (y \ s))" + shows "A x \ f x = g x" + apply (insert assms) apply (rule impI) apply (rule seq.take_lemma) apply (rule mp) @@ -984,47 +917,35 @@ done -(* ------------------------------------------------------------------------------------ *) - -subsection "alternative take_lemma proofs" +subsection \Alternative take_lemma proofs\ - -(* --------------------------------------------------------------- *) -(* Alternative Proof of FilterPQ *) -(* --------------------------------------------------------------- *) +subsubsection \Alternative Proof of FilterPQ\ declare FilterPQ [simp del] -(* In general: How to do this case without the same adm problems - as for the entire proof ? *) -lemma Filter_lemma1: "Forall (%x. ~(P x & Q x)) s - --> Filter P$(Filter Q$s) = - Filter (%x. P x & Q x)$s" - +(*In general: How to do this case without the same adm problems + as for the entire proof?*) +lemma Filter_lemma1: + "Forall (\x. \ (P x \ Q x)) s \ + Filter P $ (Filter Q $ s) = Filter (\x. P x \ Q x) $ s" apply (rule_tac x="s" in Seq_induct) apply (simp add: Forall_def sforall_def) apply simp_all done -lemma Filter_lemma2: "Finite s ==> - (Forall (%x. (~P x) | (~ Q x)) s - --> Filter P$(Filter Q$s) = nil)" - apply (erule Seq_Finite_ind, simp_all) - done +lemma Filter_lemma2: "Finite s \ + Forall (\x. \ P x \ \ Q x) s \ Filter P $ (Filter Q $ s) = nil" + by (erule Seq_Finite_ind) simp_all -lemma Filter_lemma3: "Finite s ==> - Forall (%x. (~P x) | (~ Q x)) s - --> Filter (%x. P x & Q x)$s = nil" - apply (erule Seq_Finite_ind, simp_all) - done +lemma Filter_lemma3: "Finite s \ + Forall (\x. \ P x \ \ Q x) s \ Filter (\x. P x \ Q x) $ s = nil" + by (erule Seq_Finite_ind) simp_all - -lemma FilterPQ_takelemma: "Filter P$(Filter Q$s) = Filter (%x. P x & Q x)$s" - apply (rule_tac A1="%x. True" and - Q1="%x. ~(P x & Q x)" and x1="s" in - take_lemma_induct [THEN mp]) - (* better support for A = %x. True *) +lemma FilterPQ_takelemma: "Filter P $ (Filter Q $ s) = Filter (\x. P x \ Q x) $ s" + apply (rule_tac A1="\x. True" and Q1="\x. \ (P x \ Q x)" and x1="s" in + take_lemma_induct [THEN mp]) + (*better support for A = \x. True*) apply (simp add: Filter_lemma1) apply (simp add: Filter_lemma2 Filter_lemma3) apply simp @@ -1033,36 +954,29 @@ declare FilterPQ [simp] -(* --------------------------------------------------------------- *) -(* Alternative Proof of MapConc *) -(* --------------------------------------------------------------- *) - +subsubsection \Alternative Proof of \MapConc\\ - -lemma MapConc_takelemma: "Map f$(x@@y) = (Map f$x) @@ (Map f$y)" - apply (rule_tac A1="%x. True" and x1="x" in - take_lemma_in_eq_out [THEN mp]) +lemma MapConc_takelemma: "Map f $ (x @@ y) = (Map f $ x) @@ (Map f $ y)" + apply (rule_tac A1="\x. True" and x1="x" in take_lemma_in_eq_out [THEN mp]) apply auto done - ML \ - fun Seq_case_tac ctxt s i = Rule_Insts.res_inst_tac ctxt [((("x", 0), Position.none), s)] [] @{thm Seq_cases} i - THEN hyp_subst_tac ctxt i THEN hyp_subst_tac ctxt (i+1) THEN hyp_subst_tac ctxt (i+2); + THEN hyp_subst_tac ctxt i THEN hyp_subst_tac ctxt (i + 1) THEN hyp_subst_tac ctxt (i + 2); (* on a\s only simp_tac, as full_simp_tac is uncomplete and often causes errors *) fun Seq_case_simp_tac ctxt s i = Seq_case_tac ctxt s i - THEN asm_simp_tac ctxt (i+2) - THEN asm_full_simp_tac ctxt (i+1) + THEN asm_simp_tac ctxt (i + 2) + THEN asm_full_simp_tac ctxt (i + 1) THEN asm_full_simp_tac ctxt i; (* rws are definitions to be unfolded for admissibility check *) fun Seq_induct_tac ctxt s rws i = Rule_Insts.res_inst_tac ctxt [((("x", 0), Position.none), s)] [] @{thm Seq_induct} i - THEN (REPEAT_DETERM (CHANGED (asm_simp_tac ctxt (i+1)))) + THEN (REPEAT_DETERM (CHANGED (asm_simp_tac ctxt (i + 1)))) THEN simp_tac (ctxt addsimps rws) i; fun Seq_Finite_induct_tac ctxt i = diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/ShortExecutions.thy --- a/src/HOL/HOLCF/IOA/ShortExecutions.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/ShortExecutions.thy Mon Jan 11 00:04:23 2016 +0100 @@ -153,7 +153,7 @@ done -lemma MapCut: "Map f$(Cut (P o f) s) = Cut P (Map f$s)" +lemma MapCut: "Map f$(Cut (P \ f) s) = Cut P (Map f$s)" apply (rule_tac A1 = "%x. True" and Q1 = "%x. \ P (f x) " and x1 = "s" in take_lemma_less_induct [THEN mp]) prefer 3 apply (fast) diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/TL.thy --- a/src/HOL/HOLCF/IOA/TL.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/TL.thy Mon Jan 11 00:04:23 2016 +0100 @@ -42,138 +42,109 @@ lemma simple: "\\(\<^bold>\ P) = (\<^bold>\ \\P)" -apply (rule ext) -apply (simp add: Diamond_def NOT_def Box_def) -done + by (auto simp add: Diamond_def NOT_def Box_def) lemma Boxnil: "nil \ \P" -apply (simp add: satisfies_def Box_def tsuffix_def suffix_def nil_is_Conc) -done + by (simp add: satisfies_def Box_def tsuffix_def suffix_def nil_is_Conc) -lemma Diamondnil: "~(nil \ \P)" -apply (simp add: Diamond_def satisfies_def NOT_def) -apply (cut_tac Boxnil) -apply (simp add: satisfies_def) -done +lemma Diamondnil: "\ (nil \ \P)" + using Boxnil by (simp add: Diamond_def satisfies_def NOT_def) -lemma Diamond_def2: "(\F) s = (? s2. tsuffix s2 s & F s2)" -apply (simp add: Diamond_def NOT_def Box_def) -done - +lemma Diamond_def2: "(\F) s \ (\s2. tsuffix s2 s \ F s2)" + by (simp add: Diamond_def NOT_def Box_def) -subsection "TLA Axiomatization by Merz" +subsection \TLA Axiomatization by Merz\ lemma suffix_refl: "suffix s s" -apply (simp add: suffix_def) -apply (rule_tac x = "nil" in exI) -apply auto -done + apply (simp add: suffix_def) + apply (rule_tac x = "nil" in exI) + apply auto + done -lemma reflT: "s~=UU & s~=nil --> (s \ \F \<^bold>\ F)" -apply (simp add: satisfies_def IMPLIES_def Box_def) -apply (rule impI)+ -apply (erule_tac x = "s" in allE) -apply (simp add: tsuffix_def suffix_refl) -done - +lemma reflT: "s \ UU \ s \ nil \ (s \ \F \<^bold>\ F)" + apply (simp add: satisfies_def IMPLIES_def Box_def) + apply (rule impI)+ + apply (erule_tac x = "s" in allE) + apply (simp add: tsuffix_def suffix_refl) + done -lemma suffix_trans: "[| suffix y x ; suffix z y |] ==> suffix z x" -apply (simp add: suffix_def) -apply auto -apply (rule_tac x = "s1 @@ s1a" in exI) -apply auto -apply (simp (no_asm) add: Conc_assoc) -done +lemma suffix_trans: "suffix y x \ suffix z y \ suffix z x" + apply (simp add: suffix_def) + apply auto + apply (rule_tac x = "s1 @@ s1a" in exI) + apply auto + apply (simp add: Conc_assoc) + done lemma transT: "s \ \F \<^bold>\ \\F" -apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def tsuffix_def) -apply auto -apply (drule suffix_trans) -apply assumption -apply (erule_tac x = "s2a" in allE) -apply auto -done - + apply (simp add: satisfies_def IMPLIES_def Box_def tsuffix_def) + apply auto + apply (drule suffix_trans) + apply assumption + apply (erule_tac x = "s2a" in allE) + apply auto + done lemma normalT: "s \ \(F \<^bold>\ G) \<^bold>\ \F \<^bold>\ \G" -apply (simp (no_asm) add: satisfies_def IMPLIES_def Box_def) -done + by (simp add: satisfies_def IMPLIES_def Box_def) -subsection "TLA Rules by Lamport" +subsection \TLA Rules by Lamport\ -lemma STL1a: "validT P ==> validT (\P)" -apply (simp add: validT_def satisfies_def Box_def tsuffix_def) -done +lemma STL1a: "validT P \ validT (\P)" + by (simp add: validT_def satisfies_def Box_def tsuffix_def) -lemma STL1b: "valid P ==> validT (Init P)" -apply (simp add: valid_def validT_def satisfies_def Init_def) -done +lemma STL1b: "valid P \ validT (Init P)" + by (simp add: valid_def validT_def satisfies_def Init_def) -lemma STL1: "valid P ==> validT (\(Init P))" -apply (rule STL1a) -apply (erule STL1b) -done +lemma STL1: "valid P \ validT (\(Init P))" + apply (rule STL1a) + apply (erule STL1b) + done -(* Note that unlift and HD is not at all used !!! *) -lemma STL4: "valid (P \<^bold>\ Q) ==> validT (\(Init P) \<^bold>\ \(Init Q))" -apply (simp add: valid_def validT_def satisfies_def IMPLIES_def Box_def Init_def) -done +(*Note that unlift and HD is not at all used!*) +lemma STL4: "valid (P \<^bold>\ Q) \ validT (\(Init P) \<^bold>\ \(Init Q))" + by (simp add: valid_def validT_def satisfies_def IMPLIES_def Box_def Init_def) -subsection "LTL Axioms by Manna/Pnueli" +subsection \LTL Axioms by Manna/Pnueli\ -lemma tsuffix_TL [rule_format (no_asm)]: -"s~=UU & s~=nil --> tsuffix s2 (TL$s) --> tsuffix s2 s" -apply (unfold tsuffix_def suffix_def) -apply auto -apply (tactic \Seq_case_simp_tac @{context} "s" 1\) -apply (rule_tac x = "a\s1" in exI) -apply auto -done +lemma tsuffix_TL [rule_format]: "s \ UU \ s \ nil \ tsuffix s2 (TL $ s) \ tsuffix s2 s" + apply (unfold tsuffix_def suffix_def) + apply auto + apply (tactic \Seq_case_simp_tac @{context} "s" 1\) + apply (rule_tac x = "a \ s1" in exI) + apply auto + done lemmas tsuffix_TL2 = conjI [THEN tsuffix_TL] -declare split_if [split del] -lemma LTL1: - "s~=UU & s~=nil --> (s \ \F \<^bold>\ (F \<^bold>\ (Next (\F))))" -apply (unfold Next_def satisfies_def NOT_def IMPLIES_def AND_def Box_def) -apply auto -(* \F \<^bold>\ F *) -apply (erule_tac x = "s" in allE) -apply (simp add: tsuffix_def suffix_refl) -(* \F \<^bold>\ Next \F *) -apply (simp split add: split_if) -apply auto -apply (drule tsuffix_TL2) -apply assumption+ -apply auto -done -declare split_if [split] - +lemma LTL1: "s \ UU \ s \ nil \ (s \ \F \<^bold>\ (F \<^bold>\ (Next (\F))))" + supply split_if [split del] + apply (unfold Next_def satisfies_def NOT_def IMPLIES_def AND_def Box_def) + apply auto + text \\\F \<^bold>\ F\\ + apply (erule_tac x = "s" in allE) + apply (simp add: tsuffix_def suffix_refl) + text \\\F \<^bold>\ Next \F\\ + apply (simp split add: split_if) + apply auto + apply (drule tsuffix_TL2) + apply assumption+ + apply auto + done -lemma LTL2a: - "s \ \<^bold>\ (Next F) \<^bold>\ (Next (\<^bold>\ F))" -apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) -apply simp -done +lemma LTL2a: "s \ \<^bold>\ (Next F) \<^bold>\ (Next (\<^bold>\ F))" + by (simp add: Next_def satisfies_def NOT_def IMPLIES_def) + +lemma LTL2b: "s \ (Next (\<^bold>\ F)) \<^bold>\ (\<^bold>\ (Next F))" + by (simp add: Next_def satisfies_def NOT_def IMPLIES_def) -lemma LTL2b: - "s \ (Next (\<^bold>\ F)) \<^bold>\ (\<^bold>\ (Next F))" -apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) -apply simp -done +lemma LTL3: "ex \ (Next (F \<^bold>\ G)) \<^bold>\ (Next F) \<^bold>\ (Next G)" + by (simp add: Next_def satisfies_def NOT_def IMPLIES_def) -lemma LTL3: -"ex \ (Next (F \<^bold>\ G)) \<^bold>\ (Next F) \<^bold>\ (Next G)" -apply (unfold Next_def satisfies_def NOT_def IMPLIES_def) -apply simp -done - - -lemma ModusPonens: "[| validT (P \<^bold>\ Q); validT P |] ==> validT Q" -apply (simp add: validT_def satisfies_def IMPLIES_def) -done +lemma ModusPonens: "validT (P \<^bold>\ Q) \ validT P \ validT Q" + by (simp add: validT_def satisfies_def IMPLIES_def) end diff -r 57895801cb57 -r bc178c0fe1a1 src/HOL/HOLCF/IOA/Traces.thy --- a/src/HOL/HOLCF/IOA/Traces.thy Sun Jan 10 23:25:11 2016 +0100 +++ b/src/HOL/HOLCF/IOA/Traces.thy Mon Jan 11 00:04:23 2016 +0100 @@ -10,48 +10,48 @@ default_sort type -type_synonym ('a, 's) pairs = "('a * 's) Seq" -type_synonym ('a, 's) execution = "'s * ('a, 's) pairs" +type_synonym ('a, 's) pairs = "('a \ 's) Seq" +type_synonym ('a, 's) execution = "'s \ ('a, 's) pairs" type_synonym 'a trace = "'a Seq" -type_synonym ('a, 's) execution_module = "('a, 's) execution set * 'a signature" -type_synonym 'a schedule_module = "'a trace set * 'a signature" -type_synonym 'a trace_module = "'a trace set * 'a signature" +type_synonym ('a, 's) execution_module = "('a, 's) execution set \ 'a signature" +type_synonym 'a schedule_module = "'a trace set \ 'a signature" +type_synonym 'a trace_module = "'a trace set \ 'a signature" -(* ------------------- Executions ------------------------------ *) +subsection \Executions\ definition is_exec_fragC :: "('a, 's) ioa \ ('a, 's) pairs \ 's \ tr" -where - "is_exec_fragC A = (fix $ (LAM h ex. (%s. case ex of - nil => TT - | x##xs => (flift1 - (%p. Def ((s,p):trans_of A) andalso (h$xs) (snd p)) - $x) - )))" + where "is_exec_fragC A = + (fix $ + (LAM h ex. + (\s. + case ex of + nil \ TT + | x ## xs \ flift1 (\p. Def ((s, p) \ trans_of A) andalso (h $ xs) (snd p)) $ x)))" -definition is_exec_frag :: "[('a,'s)ioa, ('a,'s)execution] \ bool" - where "is_exec_frag A ex = ((is_exec_fragC A $ (snd ex)) (fst ex) ~= FF)" +definition is_exec_frag :: "('a, 's) ioa \ ('a, 's) execution \ bool" + where "is_exec_frag A ex \ (is_exec_fragC A $ (snd ex)) (fst ex) \ FF" definition executions :: "('a, 's) ioa \ ('a, 's) execution set" - where "executions ioa = {e. ((fst e) \ starts_of(ioa)) \ is_exec_frag ioa e}" + where "executions ioa = {e. fst e \ starts_of ioa \ is_exec_frag ioa e}" -(* ------------------- Schedules ------------------------------ *) +subsection \Schedules\ definition filter_act :: "('a, 's) pairs \ 'a trace" where "filter_act = Map fst" -definition has_schedule :: "[('a, 's) ioa, 'a trace] \ bool" +definition has_schedule :: "('a, 's) ioa \ 'a trace \ bool" where "has_schedule ioa sch \ (\ex \ executions ioa. sch = filter_act $ (snd ex))" definition schedules :: "('a, 's) ioa \ 'a trace set" where "schedules ioa = {sch. has_schedule ioa sch}" -(* ------------------- Traces ------------------------------ *) +subsection \Traces\ -definition has_trace :: "[('a, 's) ioa, 'a trace] \ bool" - where "has_trace ioa tr = (\sch \ schedules ioa. tr = Filter (\a. a \ ext ioa) $ sch)" +definition has_trace :: "('a, 's) ioa \ 'a trace \ bool" + where "has_trace ioa tr \ (\sch \ schedules ioa. tr = Filter (\a. a \ ext ioa) $ sch)" definition traces :: "('a, 's) ioa \ 'a trace set" where "traces ioa \ {tr. has_trace ioa tr}" @@ -60,57 +60,63 @@ where "mk_trace ioa = (LAM tr. Filter (\a. a \ ext ioa) $ (filter_act $ tr))" -(* ------------------- Fair Traces ------------------------------ *) +subsection \Fair Traces\ definition laststate :: "('a, 's) execution \ 's" -where - "laststate ex = (case Last $ (snd ex) of - UU => fst ex - | Def at => snd at)" + where "laststate ex = + (case Last $ (snd ex) of + UU \ fst ex + | Def at \ snd at)" -(* A predicate holds infinitely (finitely) often in a sequence *) - +text \A predicate holds infinitely (finitely) often in a sequence.\ definition inf_often :: "('a \ bool) \ 'a Seq \ bool" where "inf_often P s \ Infinite (Filter P $ s)" -(* filtering P yields a finite or partial sequence *) +text \Filtering \P\ yields a finite or partial sequence.\ definition fin_often :: "('a \ bool) \ 'a Seq \ bool" where "fin_often P s \ \ inf_often P s" -(* fairness of executions *) +subsection \Fairness of executions\ -(* Note that partial execs cannot be wfair as the inf_often predicate in the - else branch prohibits it. However they can be sfair in the case when all W - are only finitely often enabled: Is this the right model? - See LiveIOA for solution conforming with the literature and superseding this one *) +text \ + Note that partial execs cannot be \wfair\ as the inf_often predicate in the + else branch prohibits it. However they can be \sfair\ in the case when all + \W\ are only finitely often enabled: Is this the right model? + + See @{file "LiveIOA.thy"} for solution conforming with the literature and + superseding this one. +\ + definition is_wfair :: "('a, 's) ioa \ 'a set \ ('a, 's) execution \ bool" -where - "is_wfair A W ex \ - (inf_often (\x. fst x \ W) (snd ex) \ inf_often (\x. \ Enabled A W (snd x)) (snd ex))" + where "is_wfair A W ex \ + (inf_often (\x. fst x \ W) (snd ex) \ + inf_often (\x. \ Enabled A W (snd x)) (snd ex))" + definition wfair_ex :: "('a, 's) ioa \ ('a, 's) execution \ bool" -where - "wfair_ex A ex \ (\W \ wfair_of A. - if Finite (snd ex) - then \ Enabled A W (laststate ex) - else is_wfair A W ex)" + where "wfair_ex A ex \ + (\W \ wfair_of A. + if Finite (snd ex) + then \ Enabled A W (laststate ex) + else is_wfair A W ex)" definition is_sfair :: "('a, 's) ioa \ 'a set \ ('a, 's) execution \ bool" -where - "is_sfair A W ex \ - (inf_often (\x. fst x:W) (snd ex) \ fin_often (\x. Enabled A W (snd x)) (snd ex))" + where "is_sfair A W ex \ + (inf_often (\x. fst x \ W) (snd ex) \ + fin_often (\x. Enabled A W (snd x)) (snd ex))" + definition sfair_ex :: "('a, 's)ioa \ ('a, 's) execution \ bool" -where - "sfair_ex A ex \ (\W \ sfair_of A. - if Finite (snd ex) - then ~Enabled A W (laststate ex) - else is_sfair A W ex)" + where "sfair_ex A ex \ + (\W \ sfair_of A. + if Finite (snd ex) + then \ Enabled A W (laststate ex) + else is_sfair A W ex)" definition fair_ex :: "('a, 's) ioa \ ('a, 's) execution \ bool" where "fair_ex A ex \ wfair_ex A ex \ sfair_ex A ex" -(* fair behavior sets *) +text \Fair behavior sets.\ definition fairexecutions :: "('a, 's) ioa \ ('a, 's) execution set" where "fairexecutions A = {ex. ex \ executions A \ fair_ex A ex}" @@ -119,25 +125,24 @@ where "fairtraces A = {mk_trace A $ (snd ex) | ex. ex \ fairexecutions A}" -(* ------------------- Implementation ------------------------------ *) +subsection \Implementation\ -(* Notions of implementation *) +subsubsection \Notions of implementation\ -definition ioa_implements :: "[('a, 's1) ioa, ('a, 's2) ioa] \ bool" (infixr "=<|" 12) -where - "(ioa1 =<| ioa2) \ - (((inputs(asig_of(ioa1)) = inputs(asig_of(ioa2))) \ - (outputs(asig_of(ioa1)) = outputs(asig_of(ioa2)))) \ - traces(ioa1) \ traces(ioa2))" +definition ioa_implements :: "('a, 's1) ioa \ ('a, 's2) ioa \ bool" (infixr "=<|" 12) + where "(ioa1 =<| ioa2) \ + (inputs (asig_of ioa1) = inputs (asig_of ioa2) \ + outputs (asig_of ioa1) = outputs (asig_of ioa2)) \ + traces ioa1 \ traces ioa2" definition fair_implements :: "('a, 's1) ioa \ ('a, 's2) ioa \ bool" -where - "fair_implements C A \ inp C = inp A \ out C = out A \ fairtraces C \ fairtraces A" + where "fair_implements C A \ + inp C = inp A \ out C = out A \ fairtraces C \ fairtraces A" -(* ------------------- Modules ------------------------------ *) +subsection \Modules\ -(* Execution, schedule and trace modules *) +subsubsection \Execution, schedule and trace modules\ definition Execs :: "('a, 's) ioa \ ('a, 's) execution_module" where "Execs A = (executions A, asig_of A)" @@ -148,7 +153,6 @@ definition Traces :: "('a, 's) ioa \ 'a trace_module" where "Traces A = (traces A, asig_of A)" - lemmas [simp del] = HOL.ex_simps HOL.all_simps split_paired_Ex declare Let_def [simp] setup \map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\ @@ -156,56 +160,50 @@ lemmas exec_rws = executions_def is_exec_frag_def - -subsection "recursive equations of operators" +subsection \Recursive equations of operators\ -(* ---------------------------------------------------------------- *) -(* filter_act *) -(* ---------------------------------------------------------------- *) +subsubsection \\filter_act\\ - -lemma filter_act_UU: "filter_act$UU = UU" +lemma filter_act_UU: "filter_act $ UU = UU" by (simp add: filter_act_def) -lemma filter_act_nil: "filter_act$nil = nil" +lemma filter_act_nil: "filter_act $ nil = nil" by (simp add: filter_act_def) -lemma filter_act_cons: "filter_act$(x\xs) = (fst x) \ filter_act$xs" +lemma filter_act_cons: "filter_act $ (x \ xs) = fst x \ filter_act $ xs" by (simp add: filter_act_def) declare filter_act_UU [simp] filter_act_nil [simp] filter_act_cons [simp] -(* ---------------------------------------------------------------- *) -(* mk_trace *) -(* ---------------------------------------------------------------- *) +subsubsection \\mk_trace\\ -lemma mk_trace_UU: "mk_trace A$UU=UU" +lemma mk_trace_UU: "mk_trace A $ UU = UU" by (simp add: mk_trace_def) -lemma mk_trace_nil: "mk_trace A$nil=nil" +lemma mk_trace_nil: "mk_trace A $ nil = nil" by (simp add: mk_trace_def) -lemma mk_trace_cons: "mk_trace A$(at \ xs) = - (if ((fst at):ext A) - then (fst at) \ (mk_trace A$xs) - else mk_trace A$xs)" - +lemma mk_trace_cons: + "mk_trace A $ (at \ xs) = + (if fst at \ ext A + then fst at \ mk_trace A $ xs + else mk_trace A $ xs)" by (simp add: mk_trace_def) declare mk_trace_UU [simp] mk_trace_nil [simp] mk_trace_cons [simp] -(* ---------------------------------------------------------------- *) -(* is_exec_fragC *) -(* ---------------------------------------------------------------- *) +subsubsection \\is_exec_fragC\\ -lemma is_exec_fragC_unfold: "is_exec_fragC A = (LAM ex. (%s. case ex of - nil => TT - | x##xs => (flift1 - (%p. Def ((s,p):trans_of A) andalso (is_exec_fragC A$xs) (snd p)) - $x) - ))" +lemma is_exec_fragC_unfold: + "is_exec_fragC A = + (LAM ex. + (\s. + case ex of + nil \ TT + | x ## xs \ + (flift1 (\p. Def ((s, p) \ trans_of A) andalso (is_exec_fragC A$xs) (snd p)) $ x)))" apply (rule trans) apply (rule fix_eq4) apply (rule is_exec_fragC_def) @@ -213,32 +211,29 @@ apply (simp add: flift1_def) done -lemma is_exec_fragC_UU: "(is_exec_fragC A$UU) s=UU" +lemma is_exec_fragC_UU: "(is_exec_fragC A $ UU) s = UU" apply (subst is_exec_fragC_unfold) apply simp done -lemma is_exec_fragC_nil: "(is_exec_fragC A$nil) s = TT" +lemma is_exec_fragC_nil: "(is_exec_fragC A $ nil) s = TT" apply (subst is_exec_fragC_unfold) apply simp done -lemma is_exec_fragC_cons: "(is_exec_fragC A$(pr\xs)) s = - (Def ((s,pr):trans_of A) - andalso (is_exec_fragC A$xs)(snd pr))" +lemma is_exec_fragC_cons: + "(is_exec_fragC A $ (pr \ xs)) s = + (Def ((s, pr) \ trans_of A) andalso (is_exec_fragC A $ xs) (snd pr))" apply (rule trans) apply (subst is_exec_fragC_unfold) apply (simp add: Consq_def flift1_def) apply simp done - declare is_exec_fragC_UU [simp] is_exec_fragC_nil [simp] is_exec_fragC_cons [simp] -(* ---------------------------------------------------------------- *) -(* is_exec_frag *) -(* ---------------------------------------------------------------- *) +subsubsection \\is_exec_frag\\ lemma is_exec_frag_UU: "is_exec_frag A (s, UU)" by (simp add: is_exec_frag_def) @@ -246,30 +241,26 @@ lemma is_exec_frag_nil: "is_exec_frag A (s, nil)" by (simp add: is_exec_frag_def) -lemma is_exec_frag_cons: "is_exec_frag A (s, (a,t)\ex) = - (((s,a,t):trans_of A) & - is_exec_frag A (t, ex))" +lemma is_exec_frag_cons: + "is_exec_frag A (s, (a, t) \ ex) \ (s, a, t) \ trans_of A \ is_exec_frag A (t, ex)" by (simp add: is_exec_frag_def) - -(* Delsimps [is_exec_fragC_UU,is_exec_fragC_nil,is_exec_fragC_cons]; *) declare is_exec_frag_UU [simp] is_exec_frag_nil [simp] is_exec_frag_cons [simp] -(* ---------------------------------------------------------------------------- *) - section "laststate" -(* ---------------------------------------------------------------------------- *) -lemma laststate_UU: "laststate (s,UU) = s" +subsubsection \\laststate\\ + +lemma laststate_UU: "laststate (s, UU) = s" by (simp add: laststate_def) -lemma laststate_nil: "laststate (s,nil) = s" +lemma laststate_nil: "laststate (s, nil) = s" by (simp add: laststate_def) -lemma laststate_cons: "!! ex. Finite ex ==> laststate (s,at\ex) = laststate (snd at,ex)" - apply (simp (no_asm) add: laststate_def) - apply (case_tac "ex=nil") - apply (simp (no_asm_simp)) - apply (simp (no_asm_simp)) +lemma laststate_cons: "Finite ex \ laststate (s, at \ ex) = laststate (snd at, ex)" + apply (simp add: laststate_def) + apply (cases "ex = nil") + apply simp + apply simp apply (drule Finite_Last1 [THEN mp]) apply assumption apply defined @@ -277,60 +268,56 @@ declare laststate_UU [simp] laststate_nil [simp] laststate_cons [simp] -lemma exists_laststate: "!!ex. Finite ex ==> (! s. ? u. laststate (s,ex)=u)" - apply (tactic "Seq_Finite_induct_tac @{context} 1") - done +lemma exists_laststate: "Finite ex \ \s. \u. laststate (s, ex) = u" + by (tactic "Seq_Finite_induct_tac @{context} 1") -subsection "has_trace, mk_trace" +subsection \\has_trace\ \mk_trace\\ -(* alternative definition of has_trace tailored for the refinement proof, as it does not - take the detour of schedules *) - -lemma has_trace_def2: - "has_trace A b = (? ex:executions A. b = mk_trace A$(snd ex))" +(*alternative definition of has_trace tailored for the refinement proof, as it does not + take the detour of schedules*) +lemma has_trace_def2: "has_trace A b \ (\ex \ executions A. b = mk_trace A $ (snd ex))" apply (unfold executions_def mk_trace_def has_trace_def schedules_def has_schedule_def [abs_def]) apply auto done -subsection "signatures and executions, schedules" +subsection \Signatures and executions, schedules\ -(* All executions of A have only actions of A. This is only true because of the - predicate state_trans (part of the predicate IOA): We have no dependent types. - For executions of parallel automata this assumption is not needed, as in par_def - this condition is included once more. (see Lemmas 1.1.1c in CompoExecs for example) *) +text \ + All executions of \A\ have only actions of \A\. This is only true because of + the predicate \state_trans\ (part of the predicate \IOA\): We have no + dependent types. For executions of parallel automata this assumption is not + needed, as in \par_def\ this condition is included once more. (See Lemmas + 1.1.1c in CompoExecs for example.) +\ lemma execfrag_in_sig: - "!! A. is_trans_of A ==> - ! s. is_exec_frag A (s,xs) --> Forall (%a. a:act A) (filter_act$xs)" + "is_trans_of A \ \s. is_exec_frag A (s, xs) \ Forall (\a. a \ act A) (filter_act $ xs)" apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, @{thm Forall_def}, @{thm sforall_def}] 1\) - (* main case *) + text \main case\ apply (auto simp add: is_trans_of_def) done lemma exec_in_sig: - "!! A.[| is_trans_of A; x:executions A |] ==> - Forall (%a. a:act A) (filter_act$(snd x))" + "is_trans_of A \ x \ executions A \ Forall (\a. a \ act A) (filter_act $ (snd x))" apply (simp add: executions_def) apply (tactic \pair_tac @{context} "x" 1\) apply (rule execfrag_in_sig [THEN spec, THEN mp]) apply auto done -lemma scheds_in_sig: - "!! A.[| is_trans_of A; x:schedules A |] ==> - Forall (%a. a:act A) x" +lemma scheds_in_sig: "is_trans_of A \ x \ schedules A \ Forall (\a. a \ act A) x" apply (unfold schedules_def has_schedule_def [abs_def]) apply (fast intro!: exec_in_sig) done -subsection "executions are prefix closed" +subsection \Executions are prefix closed\ -(* only admissible in y, not if done in x !! *) -lemma execfrag_prefixclosed: "!x s. is_exec_frag A (s,x) & y< is_exec_frag A (s,y)" +(*only admissible in y, not if done in x!*) +lemma execfrag_prefixclosed: "\x s. is_exec_frag A (s, x) \ y \ x \ is_exec_frag A (s, y)" apply (tactic \pair_induct_tac @{context} "y" [@{thm is_exec_frag_def}] 1\) apply (intro strip) apply (tactic \Seq_case_simp_tac @{context} "x" 1\) @@ -341,11 +328,9 @@ lemmas exec_prefixclosed = conjI [THEN execfrag_prefixclosed [THEN spec, THEN spec, THEN mp]] - -(* second prefix notion for Finite x *) - +(*second prefix notion for Finite x*) lemma exec_prefix2closed [rule_format]: - "! y s. is_exec_frag A (s,x@@y) --> is_exec_frag A (s,x)" + "\y s. is_exec_frag A (s, x @@ y) \ is_exec_frag A (s, x)" apply (tactic \pair_induct_tac @{context} "x" [@{thm is_exec_frag_def}] 1\) apply (intro strip) apply (tactic \Seq_case_simp_tac @{context} "s" 1\)