# HG changeset patch # User wenzelm # Date 1452625553 -3600 # Node ID ec2f0dad8b98b98ddaf77e0b62d9d8e3755f157f # Parent 18a217591310e0b395b62b2c36ed2ac99e2413a4# Parent b855771b39798fa3a5b0b88a82eeabc87e184e36 merged diff -r 18a217591310 -r ec2f0dad8b98 src/CCL/CCL.thy --- a/src/CCL/CCL.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/CCL/CCL.thy Tue Jan 12 20:05:53 2016 +0100 @@ -320,17 +320,17 @@ apply blast done -lemma POgenXH: - " : POgen(R) \ t= bot | (t=true \ t'=true) | (t=false \ t'=false) | - (EX a a' b b'. t= \ t'= \ : R \ : R) | +lemma POgenXH: + " : POgen(R) \ t= bot | (t=true \ t'=true) | (t=false \ t'=false) | + (EX a a' b b'. t= \ t'= \ : R \ : R) | (EX f f'. t=lam x. f(x) \ t'=lam x. f'(x) \ (ALL x. : R))" apply (unfold POgen_def SIM_def) apply (rule iff_refl [THEN XHlemma2]) done -lemma poXH: - "t [= t' \ t=bot | (t=true \ t'=true) | (t=false \ t'=false) | - (EX a a' b b'. t= \ t'= \ a [= a' \ b [= b') | +lemma poXH: + "t [= t' \ t=bot | (t=true \ t'=true) | (t=false \ t'=false) | + (EX a a' b b'. t= \ t'= \ a [= a' \ b [= b') | (EX f f'. t=lam x. f(x) \ t'=lam x. f'(x) \ (ALL x. f(x) [= f'(x)))" apply (simp add: PO_iff del: ex_simps) apply (rule POgen_mono @@ -438,18 +438,18 @@ apply blast done -lemma EQgenXH: - " : EQgen(R) \ (t=bot \ t'=bot) | (t=true \ t'=true) | - (t=false \ t'=false) | - (EX a a' b b'. t= \ t'= \ : R \ : R) | +lemma EQgenXH: + " : EQgen(R) \ (t=bot \ t'=bot) | (t=true \ t'=true) | + (t=false \ t'=false) | + (EX a a' b b'. t= \ t'= \ : R \ : R) | (EX f f'. t=lam x. f(x) \ t'=lam x. f'(x) \ (ALL x. : R))" apply (unfold EQgen_def SIM_def) apply (rule iff_refl [THEN XHlemma2]) done -lemma eqXH: - "t=t' \ (t=bot \ t'=bot) | (t=true \ t'=true) | (t=false \ t'=false) | - (EX a a' b b'. t= \ t'= \ a=a' \ b=b') | +lemma eqXH: + "t=t' \ (t=bot \ t'=bot) | (t=true \ t'=true) | (t=false \ t'=false) | + (EX a a' b b'. t= \ t'= \ a=a' \ b=b') | (EX f f'. t=lam x. f(x) \ t'=lam x. f'(x) \ (ALL x. f(x)=f'(x)))" apply (subgoal_tac " : EQ \ (t=bot \ t'=bot) | (t=true \ t'=true) | (t=false \ t'=false) | diff -r 18a217591310 -r ec2f0dad8b98 src/CCL/Set.thy --- a/src/CCL/Set.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/CCL/Set.thy Tue Jan 12 20:05:53 2016 +0100 @@ -9,62 +9,18 @@ typedecl 'a set instance set :: ("term") "term" .. -consts - Collect :: "['a \ o] \ 'a set" (*comprehension*) - Compl :: "('a set) \ 'a set" (*complement*) - Int :: "['a set, 'a set] \ 'a set" (infixl "Int" 70) - Un :: "['a set, 'a set] \ 'a set" (infixl "Un" 65) - Union :: "(('a set)set) \ 'a set" (*...of a set*) - Inter :: "(('a set)set) \ 'a set" (*...of a set*) - UNION :: "['a set, 'a \ 'b set] \ 'b set" (*general*) - INTER :: "['a set, 'a \ 'b set] \ 'b set" (*general*) - Ball :: "['a set, 'a \ o] \ o" (*bounded quants*) - Bex :: "['a set, 'a \ o] \ o" (*bounded quants*) - mono :: "['a set \ 'b set] \ o" (*monotonicity*) - mem :: "['a, 'a set] \ o" (infixl ":" 50) (*membership*) - subset :: "['a set, 'a set] \ o" (infixl "<=" 50) - singleton :: "'a \ 'a set" ("{_}") - empty :: "'a set" ("{}") + +subsection \Set comprehension and membership\ + +axiomatization Collect :: "['a \ o] \ 'a set" + and mem :: "['a, 'a set] \ o" (infixl ":" 50) +where mem_Collect_iff: "(a : Collect(P)) \ P(a)" + and set_extension: "A = B \ (ALL x. x:A \ x:B)" syntax - "_Coll" :: "[idt, o] \ 'a set" ("(1{_./ _})") (*collection*) - - (* Big Intersection / Union *) - - "_INTER" :: "[idt, 'a set, 'b set] \ 'b set" ("(INT _:_./ _)" [0, 0, 0] 10) - "_UNION" :: "[idt, 'a set, 'b set] \ 'b set" ("(UN _:_./ _)" [0, 0, 0] 10) - - (* Bounded Quantifiers *) - - "_Ball" :: "[idt, 'a set, o] \ o" ("(ALL _:_./ _)" [0, 0, 0] 10) - "_Bex" :: "[idt, 'a set, o] \ o" ("(EX _:_./ _)" [0, 0, 0] 10) - + "_Coll" :: "[idt, o] \ 'a set" ("(1{_./ _})") translations - "{x. P}" == "CONST Collect(\x. P)" - "INT x:A. B" == "CONST INTER(A, \x. B)" - "UN x:A. B" == "CONST UNION(A, \x. B)" - "ALL x:A. P" == "CONST Ball(A, \x. P)" - "EX x:A. P" == "CONST Bex(A, \x. P)" - -axiomatization where - mem_Collect_iff: "(a : {x. P(x)}) \ P(a)" and - set_extension: "A = B \ (ALL x. x:A \ x:B)" - -defs - Ball_def: "Ball(A, P) == ALL x. x:A \ P(x)" - Bex_def: "Bex(A, P) == EX x. x:A \ P(x)" - mono_def: "mono(f) == (ALL A B. A <= B \ f(A) <= f(B))" - subset_def: "A <= B == ALL x:A. x:B" - singleton_def: "{a} == {x. x=a}" - empty_def: "{} == {x. False}" - Un_def: "A Un B == {x. x:A | x:B}" - Int_def: "A Int B == {x. x:A \ x:B}" - Compl_def: "Compl(A) == {x. \x:A}" - INTER_def: "INTER(A, B) == {y. ALL x:A. y: B(x)}" - UNION_def: "UNION(A, B) == {y. EX x:A. y: B(x)}" - Inter_def: "Inter(S) == (INT x:S. x)" - Union_def: "Union(S) == (UN x:S. x)" - + "{x. P}" == "CONST Collect(\x. P)" lemma CollectI: "P(a) \ a : {x. P(x)}" apply (rule mem_Collect_iff [THEN iffD2]) @@ -85,6 +41,19 @@ subsection \Bounded quantifiers\ +definition Ball :: "['a set, 'a \ o] \ o" + where "Ball(A, P) == ALL x. x:A \ P(x)" + +definition Bex :: "['a set, 'a \ o] \ o" + where "Bex(A, P) == EX x. x:A \ P(x)" + +syntax + "_Ball" :: "[idt, 'a set, o] \ o" ("(ALL _:_./ _)" [0, 0, 0] 10) + "_Bex" :: "[idt, 'a set, o] \ o" ("(EX _:_./ _)" [0, 0, 0] 10) +translations + "ALL x:A. P" == "CONST Ball(A, \x. P)" + "EX x:A. P" == "CONST Bex(A, \x. P)" + lemma ballI: "(\x. x:A \ P(x)) \ ALL x:A. P(x)" by (simp add: Ball_def) @@ -107,8 +76,7 @@ lemma ball_rew: "(ALL x:A. True) \ True" by (blast intro: ballI) - -subsection \Congruence rules\ +subsubsection \Congruence rules\ lemma ball_cong: "\A = A'; \x. x:A' \ P(x) \ P'(x)\ \ @@ -121,6 +89,52 @@ by (blast intro: bexI elim: bexE) +subsection \Further operations\ + +definition subset :: "['a set, 'a set] \ o" (infixl "<=" 50) + where "A <= B == ALL x:A. x:B" + +definition mono :: "['a set \ 'b set] \ o" + where "mono(f) == (ALL A B. A <= B \ f(A) <= f(B))" + +definition singleton :: "'a \ 'a set" ("{_}") + where "{a} == {x. x=a}" + +definition empty :: "'a set" ("{}") + where "{} == {x. False}" + +definition Un :: "['a set, 'a set] \ 'a set" (infixl "Un" 65) + where "A Un B == {x. x:A | x:B}" + +definition Int :: "['a set, 'a set] \ 'a set" (infixl "Int" 70) + where "A Int B == {x. x:A \ x:B}" + +definition Compl :: "('a set) \ 'a set" + where "Compl(A) == {x. \x:A}" + + +subsection \Big Intersection / Union\ + +definition INTER :: "['a set, 'a \ 'b set] \ 'b set" + where "INTER(A, B) == {y. ALL x:A. y: B(x)}" + +definition UNION :: "['a set, 'a \ 'b set] \ 'b set" + where "UNION(A, B) == {y. EX x:A. y: B(x)}" + +syntax + "_INTER" :: "[idt, 'a set, 'b set] \ 'b set" ("(INT _:_./ _)" [0, 0, 0] 10) + "_UNION" :: "[idt, 'a set, 'b set] \ 'b set" ("(UN _:_./ _)" [0, 0, 0] 10) +translations + "INT x:A. B" == "CONST INTER(A, \x. B)" + "UN x:A. B" == "CONST UNION(A, \x. B)" + +definition Inter :: "(('a set)set) \ 'a set" + where "Inter(S) == (INT x:S. x)" + +definition Union :: "(('a set)set) \ 'a set" + where "Union(S) == (UN x:S. x)" + + subsection \Rules for subsets\ lemma subsetI: "(\x. x:A \ x:B) \ A <= B" diff -r 18a217591310 -r ec2f0dad8b98 src/CCL/Term.thy --- a/src/CCL/Term.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/CCL/Term.thy Tue Jan 12 20:05:53 2016 +0100 @@ -9,48 +9,69 @@ imports CCL begin -consts +definition one :: "i" + where "one == true" - one :: "i" +definition "if" :: "[i,i,i]\i" ("(3if _/ then _/ else _)" [0,0,60] 60) + where "if b then t else u == case(b, t, u, \ x y. bot, \v. bot)" - "if" :: "[i,i,i]\i" ("(3if _/ then _/ else _)" [0,0,60] 60) +definition inl :: "i\i" + where "inl(a) == " - inl :: "i\i" - inr :: "i\i" - "when" :: "[i,i\i,i\i]\i" +definition inr :: "i\i" + where "inr(b) == " + +definition split :: "[i,[i,i]\i]\i" + where "split(t,f) == case(t, bot, bot, f, \u. bot)" - split :: "[i,[i,i]\i]\i" - fst :: "i\i" - snd :: "i\i" - thd :: "i\i" +definition "when" :: "[i,i\i,i\i]\i" + where "when(t,f,g) == split(t, \b x. if b then f(x) else g(x))" + +definition fst :: "i\i" + where "fst(t) == split(t, \x y. x)" - zero :: "i" - succ :: "i\i" - ncase :: "[i,i,i\i]\i" - nrec :: "[i,i,[i,i]\i]\i" +definition snd :: "i\i" + where "snd(t) == split(t, \x y. y)" + +definition thd :: "i\i" + where "thd(t) == split(t, \x p. split(p, \y z. z))" + +definition zero :: "i" + where "zero == inl(one)" - nil :: "i" ("([])") - cons :: "[i,i]\i" (infixr "$" 80) - lcase :: "[i,i,[i,i]\i]\i" - lrec :: "[i,i,[i,i,i]\i]\i" +definition succ :: "i\i" + where "succ(n) == inr(n)" + +definition ncase :: "[i,i,i\i]\i" + where "ncase(n,b,c) == when(n, \x. b, \y. c(y))" - "let" :: "[i,i\i]\i" - letrec :: "[[i,i\i]\i,(i\i)\i]\i" - letrec2 :: "[[i,i,i\i\i]\i,(i\i\i)\i]\i" - letrec3 :: "[[i,i,i,i\i\i\i]\i,(i\i\i\i)\i]\i" + +no_syntax + "_Let" :: "[letbinds, 'a] => 'a" ("(let (_)/ in (_))" 10) + +definition "let" :: "[i,i\i]\i" + where "let(t, f) == case(t,f(true),f(false), \x y. f(), \u. f(lam x. u(x)))" syntax - "_let" :: "[id,i,i]\i" ("(3let _ be _/ in _)" - [0,0,60] 60) + "_Let" :: "[letbinds, 'a] => 'a" ("(let (_)/ in (_))" 10) - "_letrec" :: "[id,id,i,i]\i" ("(3letrec _ _ be _/ in _)" - [0,0,0,60] 60) +definition letrec :: "[[i,i\i]\i,(i\i)\i]\i" + where "letrec(h, b) == b(\x. fix(\f. lam x. h(x,\y. f`y))`x)" + +definition letrec2 :: "[[i,i,i\i\i]\i,(i\i\i)\i]\i" + where "letrec2 (h, f) == + letrec (\p g'. split(p,\x y. h(x,y,\u v. g'())), \g'. f(\x y. g'()))" - "_letrec2" :: "[id,id,id,i,i]\i" ("(3letrec _ _ _ be _/ in _)" - [0,0,0,0,60] 60) +definition letrec3 :: "[[i,i,i,i\i\i\i]\i,(i\i\i\i)\i]\i" + where "letrec3 (h, f) == + letrec (\p g'. split(p,\x xs. split(xs,\y z. h(x,y,z,\u v w. g'(>)))), + \g'. f(\x y z. g'(>)))" - "_letrec3" :: "[id,id,id,id,i,i]\i" ("(3letrec _ _ _ _ be _/ in _)" - [0,0,0,0,0,60] 60) +syntax + "_let" :: "[id,i,i]\i" ("(3let _ be _/ in _)" [0,0,60] 60) + "_letrec" :: "[id,id,i,i]\i" ("(3letrec _ _ be _/ in _)" [0,0,0,60] 60) + "_letrec2" :: "[id,id,id,i,i]\i" ("(3letrec _ _ _ be _/ in _)" [0,0,0,0,60] 60) + "_letrec3" :: "[id,id,id,id,i,i]\i" ("(3letrec _ _ _ _ be _/ in _)" [0,0,0,0,0,60] 60) ML \ (** Quantifier translations: variable binding **) @@ -107,42 +128,24 @@ (@{const_syntax letrec3}, K letrec3_tr')] \ -consts - napply :: "[i\i,i,i]\i" ("(_ ^ _ ` _)" [56,56,56] 56) + +definition nrec :: "[i,i,[i,i]\i]\i" + where "nrec(n,b,c) == letrec g x be ncase(x, b, \y. c(y,g(y))) in g(n)" + +definition nil :: "i" ("([])") + where "[] == inl(one)" -defs - one_def: "one == true" - if_def: "if b then t else u == case(b, t, u, \ x y. bot, \v. bot)" - inl_def: "inl(a) == " - inr_def: "inr(b) == " - when_def: "when(t,f,g) == split(t, \b x. if b then f(x) else g(x))" - split_def: "split(t,f) == case(t, bot, bot, f, \u. bot)" - fst_def: "fst(t) == split(t, \x y. x)" - snd_def: "snd(t) == split(t, \x y. y)" - thd_def: "thd(t) == split(t, \x p. split(p, \y z. z))" - zero_def: "zero == inl(one)" - succ_def: "succ(n) == inr(n)" - ncase_def: "ncase(n,b,c) == when(n, \x. b, \y. c(y))" - nrec_def: " nrec(n,b,c) == letrec g x be ncase(x, b, \y. c(y,g(y))) in g(n)" - nil_def: "[] == inl(one)" - cons_def: "h$t == inr()" - lcase_def: "lcase(l,b,c) == when(l, \x. b, \y. split(y,c))" - lrec_def: "lrec(l,b,c) == letrec g x be lcase(x, b, \h t. c(h,t,g(t))) in g(l)" +definition cons :: "[i,i]\i" (infixr "$" 80) + where "h$t == inr()" + +definition lcase :: "[i,i,[i,i]\i]\i" + where "lcase(l,b,c) == when(l, \x. b, \y. split(y,c))" - let_def: "let x be t in f(x) == case(t,f(true),f(false), \x y. f(), \u. f(lam x. u(x)))" - letrec_def: - "letrec g x be h(x,g) in b(g) == b(\x. fix(\f. lam x. h(x,\y. f`y))`x)" +definition lrec :: "[i,i,[i,i,i]\i]\i" + where "lrec(l,b,c) == letrec g x be lcase(x, b, \h t. c(h,t,g(t))) in g(l)" - letrec2_def: "letrec g x y be h(x,y,g) in f(g)== - letrec g' p be split(p,\x y. h(x,y,\u v. g'())) - in f(\x y. g'())" - - letrec3_def: "letrec g x y z be h(x,y,z,g) in f(g) == - letrec g' p be split(p,\x xs. split(xs,\y z. h(x,y,z,\u v w. g'(>)))) - in f(\x y z. g'(>))" - - napply_def: "f ^n` a == nrec(n,a,\x g. f(g))" - +definition napply :: "[i\i,i,i]\i" ("(_ ^ _ ` _)" [56,56,56] 56) + where "f ^n` a == nrec(n,a,\x g. f(g))" lemmas simp_can_defs = one_def inl_def inr_def and simp_ncan_defs = if_def when_def split_def fst_def snd_def thd_def diff -r 18a217591310 -r ec2f0dad8b98 src/CCL/Type.thy --- a/src/CCL/Type.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/CCL/Type.thy Tue Jan 12 20:05:53 2016 +0100 @@ -9,42 +9,39 @@ imports Term begin -consts - - Subtype :: "['a set, 'a \ o] \ 'a set" - Bool :: "i set" - Unit :: "i set" - Plus :: "[i set, i set] \ i set" (infixr "+" 55) - Pi :: "[i set, i \ i set] \ i set" - Sigma :: "[i set, i \ i set] \ i set" - Nat :: "i set" - List :: "i set \ i set" - Lists :: "i set \ i set" - ILists :: "i set \ i set" - TAll :: "(i set \ i set) \ i set" (binder "TALL " 55) - TEx :: "(i set \ i set) \ i set" (binder "TEX " 55) - Lift :: "i set \ i set" ("(3[_])") - - SPLIT :: "[i, [i, i] \ i set] \ i set" +definition Subtype :: "['a set, 'a \ o] \ 'a set" + where "Subtype(A, P) == {x. x:A \ P(x)}" syntax - "_Pi" :: "[idt, i set, i set] \ i set" ("(3PROD _:_./ _)" - [0,0,60] 60) + "_Subtype" :: "[idt, 'a set, o] \ 'a set" ("(1{_: _ ./ _})") +translations + "{x: A. B}" == "CONST Subtype(A, \x. B)" - "_Sigma" :: "[idt, i set, i set] \ i set" ("(3SUM _:_./ _)" - [0,0,60] 60) +definition Unit :: "i set" + where "Unit == {x. x=one}" + +definition Bool :: "i set" + where "Bool == {x. x=true | x=false}" + +definition Plus :: "[i set, i set] \ i set" (infixr "+" 55) + where "A+B == {x. (EX a:A. x=inl(a)) | (EX b:B. x=inr(b))}" - "_arrow" :: "[i set, i set] \ i set" ("(_ ->/ _)" [54, 53] 53) - "_star" :: "[i set, i set] \ i set" ("(_ */ _)" [56, 55] 55) - "_Subtype" :: "[idt, 'a set, o] \ 'a set" ("(1{_: _ ./ _})") +definition Pi :: "[i set, i \ i set] \ i set" + where "Pi(A,B) == {x. EX b. x=lam x. b(x) \ (ALL x:A. b(x):B(x))}" + +definition Sigma :: "[i set, i \ i set] \ i set" + where "Sigma(A,B) == {x. EX a:A. EX b:B(a).x=}" +syntax + "_Pi" :: "[idt, i set, i set] \ i set" ("(3PROD _:_./ _)" [0,0,60] 60) + "_Sigma" :: "[idt, i set, i set] \ i set" ("(3SUM _:_./ _)" [0,0,60] 60) + "_arrow" :: "[i set, i set] \ i set" ("(_ ->/ _)" [54, 53] 53) + "_star" :: "[i set, i set] \ i set" ("(_ */ _)" [56, 55] 55) translations - "PROD x:A. B" => "CONST Pi(A, \x. B)" - "A -> B" => "CONST Pi(A, \_. B)" - "SUM x:A. B" => "CONST Sigma(A, \x. B)" - "A * B" => "CONST Sigma(A, \_. B)" - "{x: A. B}" == "CONST Subtype(A, \x. B)" - + "PROD x:A. B" \ "CONST Pi(A, \x. B)" + "A -> B" \ "CONST Pi(A, \_. B)" + "SUM x:A. B" \ "CONST Sigma(A, \x. B)" + "A * B" \ "CONST Sigma(A, \_. B)" print_translation \ [(@{const_syntax Pi}, fn _ => Syntax_Trans.dependent_tr' (@{syntax_const "_Pi"}, @{syntax_const "_arrow"})), @@ -52,28 +49,34 @@ fn _ => Syntax_Trans.dependent_tr' (@{syntax_const "_Sigma"}, @{syntax_const "_star"}))] \ -defs - Subtype_def: "{x:A. P(x)} == {x. x:A \ P(x)}" - Unit_def: "Unit == {x. x=one}" - Bool_def: "Bool == {x. x=true | x=false}" - Plus_def: "A+B == {x. (EX a:A. x=inl(a)) | (EX b:B. x=inr(b))}" - Pi_def: "Pi(A,B) == {x. EX b. x=lam x. b(x) \ (ALL x:A. b(x):B(x))}" - Sigma_def: "Sigma(A,B) == {x. EX a:A. EX b:B(a).x=}" - Nat_def: "Nat == lfp(\X. Unit + X)" - List_def: "List(A) == lfp(\X. Unit + A*X)" +definition Nat :: "i set" + where "Nat == lfp(\X. Unit + X)" + +definition List :: "i set \ i set" + where "List(A) == lfp(\X. Unit + A*X)" + +definition Lists :: "i set \ i set" + where "Lists(A) == gfp(\X. Unit + A*X)" + +definition ILists :: "i set \ i set" + where "ILists(A) == gfp(\X.{} + A*X)" - Lists_def: "Lists(A) == gfp(\X. Unit + A*X)" - ILists_def: "ILists(A) == gfp(\X.{} + A*X)" + +definition TAll :: "(i set \ i set) \ i set" (binder "TALL " 55) + where "TALL X. B(X) == Inter({X. EX Y. X=B(Y)})" - Tall_def: "TALL X. B(X) == Inter({X. EX Y. X=B(Y)})" - Tex_def: "TEX X. B(X) == Union({X. EX Y. X=B(Y)})" - Lift_def: "[A] == A Un {bot}" +definition TEx :: "(i set \ i set) \ i set" (binder "TEX " 55) + where "TEX X. B(X) == Union({X. EX Y. X=B(Y)})" - SPLIT_def: "SPLIT(p,B) == Union({A. EX x y. p= \ A=B(x,y)})" +definition Lift :: "i set \ i set" ("(3[_])") + where "[A] == A Un {bot}" + +definition SPLIT :: "[i, [i, i] \ i set] \ i set" + where "SPLIT(p,B) == Union({A. EX x y. p= \ A=B(x,y)})" lemmas simp_type_defs = - Subtype_def Unit_def Bool_def Plus_def Sigma_def Pi_def Lift_def Tall_def Tex_def + Subtype_def Unit_def Bool_def Plus_def Sigma_def Pi_def Lift_def TAll_def TEx_def and ind_type_defs = Nat_def List_def and simp_data_defs = one_def inl_def inr_def and ind_data_defs = zero_def succ_def nil_def cons_def diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/JEdit.thy --- a/src/Doc/JEdit/JEdit.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/Doc/JEdit/JEdit.thy Tue Jan 12 20:05:53 2016 +0100 @@ -948,6 +948,29 @@ \ +section \Proof state output \label{sec:state-output}\ + +text \ + FIXME + \figref{fig:output-and-state} versus \figref{fig:output-including-state} + + \begin{figure}[htb] + \begin{center} + \includegraphics[scale=0.333]{output-and-state} + \end{center} + \caption{Separate proof state display (right) and other output (bottom).} + \label{fig:output-and-state} + \end{figure} + + \begin{figure}[htb] + \begin{center} + \includegraphics[scale=0.333]{output-including-state} + \end{center} + \caption{Proof state display within the regular output panel} + \label{fig:output-including-state} + \end{figure} +\ + section \Query \label{sec:query}\ text \ @@ -967,7 +990,7 @@ \begin{center} \includegraphics[scale=0.333]{query} \end{center} - \caption{An instance of the Query panel} + \caption{An instance of the Query panel: find theorems} \label{fig:query} \end{figure} @@ -1655,6 +1678,22 @@ \ +section \Markdown structure\ + +text \ + FIXME + \figref{fig:markdown-document} + + \begin{figure}[htb] + \begin{center} + \includegraphics[scale=0.333]{markdown-document} + \end{center} + \caption{Markdown structure within document text} + \label{fig:markdown-document} + \end{figure} +\ + + section \Citations and Bib{\TeX} entries\ text \ @@ -1694,6 +1733,22 @@ \ +chapter \ML debugger\ + +text \ + FIXME + \figref{fig:ml-debugger} + + \begin{figure}[htb] + \begin{center} + \includegraphics[scale=0.333]{ml-debugger} + \end{center} + \caption{ML debugger} + \label{fig:ml-debugger} + \end{figure} +\ + + chapter \Miscellaneous tools\ section \Timing\ diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/auto-tools.png Binary file src/Doc/JEdit/document/auto-tools.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/bibtex-mode.png Binary file src/Doc/JEdit/document/bibtex-mode.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/cite-completion.png Binary file src/Doc/JEdit/document/cite-completion.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/isabelle-jedit-hdpi.png Binary file src/Doc/JEdit/document/isabelle-jedit-hdpi.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/isabelle-jedit.png Binary file src/Doc/JEdit/document/isabelle-jedit.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/markdown-document.png Binary file src/Doc/JEdit/document/markdown-document.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/ml-debugger.png Binary file src/Doc/JEdit/document/ml-debugger.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/output-and-state.png Binary file src/Doc/JEdit/document/output-and-state.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/output-including-state.png Binary file src/Doc/JEdit/document/output-including-state.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/output.png Binary file src/Doc/JEdit/document/output.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/popup1.png Binary file src/Doc/JEdit/document/popup1.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/popup2.png Binary file src/Doc/JEdit/document/popup2.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/query.png Binary file src/Doc/JEdit/document/query.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/sidekick-document.png Binary file src/Doc/JEdit/document/sidekick-document.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/sidekick.png Binary file src/Doc/JEdit/document/sidekick.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/sledgehammer.png Binary file src/Doc/JEdit/document/sledgehammer.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/JEdit/document/theories.png Binary file src/Doc/JEdit/document/theories.png has changed diff -r 18a217591310 -r ec2f0dad8b98 src/Doc/ROOT --- a/src/Doc/ROOT Tue Jan 12 16:59:32 2016 +0100 +++ b/src/Doc/ROOT Tue Jan 12 20:05:53 2016 +0100 @@ -207,15 +207,19 @@ "bibtex-mode.png" "build" "cite-completion.png" + "isabelle-jedit-hdpi.png" "isabelle-jedit.png" - "isabelle-jedit-hdpi.png" + "markdown-document.png" + "ml-debugger.png" + "output-and-state.png" + "output-including-state.png" "output.png" - "query.png" "popup1.png" "popup2.png" + "query.png" "root.tex" + "sidekick-document.png" "sidekick.png" - "sidekick-document.png" "sledgehammer.png" "theories.png" diff -r 18a217591310 -r ec2f0dad8b98 src/FOLP/IFOLP.thy --- a/src/FOLP/IFOLP.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/FOLP/IFOLP.thy Tue Jan 12 20:05:53 2016 +0100 @@ -28,15 +28,12 @@ eq :: "['a,'a] => o" (infixl "=" 50) True :: "o" False :: "o" - Not :: "o => o" ("~ _" [40] 40) conj :: "[o,o] => o" (infixr "&" 35) disj :: "[o,o] => o" (infixr "|" 30) imp :: "[o,o] => o" (infixr "-->" 25) - iff :: "[o,o] => o" (infixr "<->" 25) (*Quantifiers*) All :: "('a => o) => o" (binder "ALL " 10) Ex :: "('a => o) => o" (binder "EX " 10) - Ex1 :: "('a => o) => o" (binder "EX! " 10) (*Rewriting gadgets*) NORM :: "o => o" norm :: "'a => 'a" @@ -157,12 +154,15 @@ (**** Definitions ****) -defs -not_def: "~P == P-->False" -iff_def: "P<->Q == (P-->Q) & (Q-->P)" +definition Not :: "o => o" ("~ _" [40] 40) + where not_def: "~P == P-->False" + +definition iff :: "[o,o] => o" (infixr "<->" 25) + where "P<->Q == (P-->Q) & (Q-->P)" (*Unique existence*) -ex1_def: "EX! x. P(x) == EX x. P(x) & (ALL y. P(y) --> y=x)" +definition Ex1 :: "('a => o) => o" (binder "EX! " 10) + where ex1_def: "EX! x. P(x) == EX x. P(x) & (ALL y. P(y) --> y=x)" (*Rewriting -- special constants to flag normalized terms and formulae*) axiomatization where diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/Auth/All_Symmetric.thy --- a/src/HOL/Auth/All_Symmetric.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/Auth/All_Symmetric.thy Tue Jan 12 20:05:53 2016 +0100 @@ -4,7 +4,10 @@ text \All keys are symmetric\ -defs all_symmetric_def: "all_symmetric \ True" +overloading all_symmetric \ all_symmetric +begin + definition "all_symmetric \ True" +end lemma isSym_keys: "K \ symKeys" by (simp add: symKeys_def all_symmetric_def invKey_symmetric) diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/Bali/Example.thy --- a/src/HOL/Bali/Example.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/Bali/Example.thy Tue Jan 12 20:05:53 2016 +0100 @@ -141,12 +141,16 @@ lemma neq_Main_SXcpt [simp]: "Main\SXcpt xn" by (simp add: SXcpt_def) + subsubsection "classes and interfaces" -defs - - Object_mdecls_def: "Object_mdecls \ []" - SXcpt_mdecls_def: "SXcpt_mdecls \ []" +overloading + Object_mdecls \ Object_mdecls + SXcpt_mdecls \ SXcpt_mdecls +begin + definition "Object_mdecls \ []" + definition "SXcpt_mdecls \ []" +end axiomatization foo :: mname diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/HOL.thy --- a/src/HOL/HOL.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/HOL.thy Tue Jan 12 20:05:53 2016 +0100 @@ -69,25 +69,38 @@ typedecl bool -judgment - Trueprop :: "bool \ prop" ("(_)" 5) +judgment Trueprop :: "bool \ prop" ("(_)" 5) + +axiomatization implies :: "[bool, bool] \ bool" (infixr "\" 25) + and eq :: "['a, 'a] \ bool" (infixl "=" 50) + and The :: "('a \ bool) \ 'a" + -axiomatization - implies :: "[bool, bool] \ bool" (infixr "\" 25) and - eq :: "['a, 'a] \ bool" (infixl "=" 50) and - The :: "('a \ bool) \ 'a" +subsubsection \Defined connectives and quantifiers\ + +definition True :: bool + where "True \ ((\x::bool. x) = (\x. x))" + +definition All :: "('a \ bool) \ bool" (binder "\" 10) + where "All P \ (P = (\x. True))" -consts - True :: bool - False :: bool - Not :: "bool \ bool" ("\ _" [40] 40) +definition Ex :: "('a \ bool) \ bool" (binder "\" 10) + where "Ex P \ \Q. (\x. P x \ Q) \ Q" + +definition False :: bool + where "False \ (\P. P)" + +definition Not :: "bool \ bool" ("\ _" [40] 40) + where not_def: "\ P \ P \ False" - conj :: "[bool, bool] \ bool" (infixr "\" 35) - disj :: "[bool, bool] \ bool" (infixr "\" 30) +definition conj :: "[bool, bool] \ bool" (infixr "\" 35) + where and_def: "P \ Q \ \R. (P \ Q \ R) \ R" - All :: "('a \ bool) \ bool" (binder "\" 10) - Ex :: "('a \ bool) \ bool" (binder "\" 10) - Ex1 :: "('a \ bool) \ bool" (binder "\!" 10) +definition disj :: "[bool, bool] \ bool" (infixr "\" 30) + where or_def: "P \ Q \ \R. (P \ R) \ (Q \ R) \ R" + +definition Ex1 :: "('a \ bool) \ bool" (binder "\!" 10) + where "Ex1 P \ \x. P x \ (\y. P y \ y = x)" subsubsection \Additional concrete syntax\ @@ -167,16 +180,6 @@ iff: "(P \ Q) \ (Q \ P) \ (P = Q)" and True_or_False: "(P = True) \ (P = False)" -defs - True_def: "True \ ((\x::bool. x) = (\x. x))" - All_def: "All P \ (P = (\x. True))" - Ex_def: "Ex P \ \Q. (\x. P x \ Q) \ Q" - False_def: "False \ (\P. P)" - not_def: "\ P \ P \ False" - and_def: "P \ Q \ \R. (P \ Q \ R) \ R" - or_def: "P \ Q \ \R. (P \ R) \ (Q \ R) \ R" - Ex1_def: "Ex1 P \ \x. P x \ (\y. P y \ y = x)" - definition If :: "bool \ 'a \ 'a \ 'a" ("(if (_)/ then (_)/ else (_))" [0, 0, 10] 10) where "If P x y \ (THE z::'a. (P = True \ z = x) \ (P = False \ z = y))" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/IMPP/EvenOdd.thy --- a/src/HOL/IMPP/EvenOdd.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/IMPP/EvenOdd.thy Tue Jan 12 20:05:53 2016 +0100 @@ -29,8 +29,10 @@ THEN Loc Res:==(%s. 1) ELSE(Loc Res:=CALL Even (%s. s - 1)))" -defs - bodies_def: "bodies == [(Even,evn),(Odd,odd)]" +overloading bodies \ bodies +begin + definition "bodies == [(Even,evn),(Odd,odd)]" +end definition Z_eq_Arg_plus :: "nat => nat assn" ("Z=Arg+_" [50]50) where diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/IMPP/Misc.thy --- a/src/HOL/IMPP/Misc.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/IMPP/Misc.thy Tue Jan 12 20:05:53 2016 +0100 @@ -8,13 +8,29 @@ imports Hoare begin -defs - newlocs_def: "newlocs == %x. undefined" - setlocs_def: "setlocs s l' == case s of st g l => st g l'" - getlocs_def: "getlocs s == case s of st g l => l" - update_def: "update s vn v == case vn of - Glb gn => (case s of st g l => st (g(gn:=v)) l) - | Loc ln => (case s of st g l => st g (l(ln:=v)))" +overloading + newlocs \ newlocs + setlocs \ setlocs + getlocs \ getlocs + update \ update +begin + +definition newlocs :: locals + where "newlocs == %x. undefined" + +definition setlocs :: "state => locals => state" + where "setlocs s l' == case s of st g l => st g l'" + +definition getlocs :: "state => locals" + where "getlocs s == case s of st g l => l" + +definition update :: "state => vname => val => state" + where "update s vn v == + case vn of + Glb gn => (case s of st g l => st (g(gn:=v)) l) + | Loc ln => (case s of st g l => st g (l(ln:=v)))" + +end subsection "state access" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/IOA/Asig.thy --- a/src/HOL/IOA/Asig.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/IOA/Asig.thy Tue Jan 12 20:05:53 2016 +0100 @@ -9,41 +9,31 @@ imports Main begin -type_synonym - 'a signature = "('a set * 'a set * 'a set)" +type_synonym 'a signature = "('a set * 'a set * 'a set)" + +definition "inputs" :: "'action signature => 'action set" + where asig_inputs_def: "inputs == fst" -consts - "actions" :: "'action signature => 'action set" - "inputs" :: "'action signature => 'action set" - "outputs" :: "'action signature => 'action set" - "internals" :: "'action signature => 'action set" - externals :: "'action signature => 'action set" +definition "outputs" :: "'action signature => 'action set" + where asig_outputs_def: "outputs == (fst o snd)" - is_asig ::"'action signature => bool" - mk_ext_asig ::"'action signature => 'action signature" - - -defs +definition "internals" :: "'action signature => 'action set" + where asig_internals_def: "internals == (snd o snd)" -asig_inputs_def: "inputs == fst" -asig_outputs_def: "outputs == (fst o snd)" -asig_internals_def: "internals == (snd o snd)" +definition "actions" :: "'action signature => 'action set" + where actions_def: "actions(asig) == (inputs(asig) Un outputs(asig) Un internals(asig))" -actions_def: - "actions(asig) == (inputs(asig) Un outputs(asig) Un internals(asig))" - -externals_def: - "externals(asig) == (inputs(asig) Un outputs(asig))" +definition externals :: "'action signature => 'action set" + where externals_def: "externals(asig) == (inputs(asig) Un outputs(asig))" -is_asig_def: - "is_asig(triple) == - ((inputs(triple) Int outputs(triple) = {}) & - (outputs(triple) Int internals(triple) = {}) & - (inputs(triple) Int internals(triple) = {}))" +definition is_asig :: "'action signature => bool" + where "is_asig(triple) == + ((inputs(triple) Int outputs(triple) = {}) & + (outputs(triple) Int internals(triple) = {}) & + (inputs(triple) Int internals(triple) = {}))" - -mk_ext_asig_def: - "mk_ext_asig(triple) == (inputs(triple), outputs(triple), {})" +definition mk_ext_asig :: "'action signature => 'action signature" + where "mk_ext_asig(triple) == (inputs(triple), outputs(triple), {})" lemmas asig_projections = asig_inputs_def asig_outputs_def asig_internals_def diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/IOA/IOA.thy --- a/src/HOL/IOA/IOA.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/IOA/IOA.thy Tue Jan 12 20:05:53 2016 +0100 @@ -15,183 +15,148 @@ type_synonym ('a, 's) transition = "('s * 'a * 's)" type_synonym ('a,'s) ioa = "'a signature * 's set * ('a, 's) transition set" -consts +(* IO automata *) + +definition state_trans :: "['action signature, ('action,'state)transition set] => bool" + where "state_trans asig R == + (!triple. triple:R --> fst(snd(triple)):actions(asig)) & + (!a. (a:inputs(asig)) --> (!s1. ? s2. (s1,a,s2):R))" + +definition asig_of :: "('action,'state)ioa => 'action signature" + where "asig_of == fst" - (* IO automata *) - state_trans::"['action signature, ('action,'state)transition set] => bool" - asig_of ::"('action,'state)ioa => 'action signature" - starts_of ::"('action,'state)ioa => 'state set" - trans_of ::"('action,'state)ioa => ('action,'state)transition set" - IOA ::"('action,'state)ioa => bool" +definition starts_of :: "('action,'state)ioa => 'state set" + where "starts_of == (fst o snd)" + +definition trans_of :: "('action,'state)ioa => ('action,'state)transition set" + where "trans_of == (snd o snd)" - (* Executions, schedules, and traces *) +definition IOA :: "('action,'state)ioa => bool" + where "IOA(ioa) == (is_asig(asig_of(ioa)) & + (~ starts_of(ioa) = {}) & + state_trans (asig_of ioa) (trans_of ioa))" + + +(* Executions, schedules, and traces *) - is_execution_fragment ::"[('action,'state)ioa, ('action,'state)execution] => bool" - has_execution ::"[('action,'state)ioa, ('action,'state)execution] => bool" - executions :: "('action,'state)ioa => ('action,'state)execution set" - mk_trace :: "[('action,'state)ioa, 'action oseq] => 'action oseq" - reachable :: "[('action,'state)ioa, 'state] => bool" - invariant :: "[('action,'state)ioa, 'state=>bool] => bool" - has_trace :: "[('action,'state)ioa, 'action oseq] => bool" - traces :: "('action,'state)ioa => 'action oseq set" - NF :: "'a oseq => 'a oseq" +(* An execution fragment is modelled with a pair of sequences: + the first is the action options, the second the state sequence. + Finite executions have None actions from some point on. *) +definition is_execution_fragment :: "[('action,'state)ioa, ('action,'state)execution] => bool" + where "is_execution_fragment A ex == + let act = fst(ex); state = snd(ex) + in !n a. (act(n)=None --> state(Suc(n)) = state(n)) & + (act(n)=Some(a) --> (state(n),a,state(Suc(n))):trans_of(A))" + +definition executions :: "('action,'state)ioa => ('action,'state)execution set" + where "executions(ioa) == {e. snd e 0:starts_of(ioa) & is_execution_fragment ioa e}" - (* Composition of action signatures and automata *) + +definition reachable :: "[('action,'state)ioa, 'state] => bool" + where "reachable ioa s == (? ex:executions(ioa). ? n. (snd ex n) = s)" + +definition invariant :: "[('action,'state)ioa, 'state=>bool] => bool" + where "invariant A P == (!s. reachable A s --> P(s))" + + +(* Composition of action signatures and automata *) + +consts compatible_asigs ::"('a => 'action signature) => bool" asig_composition ::"('a => 'action signature) => 'action signature" compatible_ioas ::"('a => ('action,'state)ioa) => bool" ioa_composition ::"('a => ('action, 'state)ioa) =>('action,'a => 'state)ioa" - (* binary composition of action signatures and automata *) - compat_asigs ::"['action signature, 'action signature] => bool" - asig_comp ::"['action signature, 'action signature] => 'action signature" - compat_ioas ::"[('action,'s)ioa, ('action,'t)ioa] => bool" - par ::"[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa" (infixr "||" 10) + +(* binary composition of action signatures and automata *) - (* Filtering and hiding *) - filter_oseq :: "('a => bool) => 'a oseq => 'a oseq" +definition compat_asigs ::"['action signature, 'action signature] => bool" + where "compat_asigs a1 a2 == + (((outputs(a1) Int outputs(a2)) = {}) & + ((internals(a1) Int actions(a2)) = {}) & + ((internals(a2) Int actions(a1)) = {}))" - restrict_asig :: "['a signature, 'a set] => 'a signature" - restrict :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa" +definition compat_ioas ::"[('action,'s)ioa, ('action,'t)ioa] => bool" + where "compat_ioas ioa1 ioa2 == compat_asigs (asig_of(ioa1)) (asig_of(ioa2))" - (* Notions of correctness *) - ioa_implements :: "[('action,'state1)ioa, ('action,'state2)ioa] => bool" - - (* Instantiation of abstract IOA by concrete actions *) - rename:: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa" +definition asig_comp :: "['action signature, 'action signature] => 'action signature" + where "asig_comp a1 a2 == + (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)), + (outputs(a1) Un outputs(a2)), + (internals(a1) Un internals(a2))))" -defs - -state_trans_def: - "state_trans asig R == - (!triple. triple:R --> fst(snd(triple)):actions(asig)) & - (!a. (a:inputs(asig)) --> (!s1. ? s2. (s1,a,s2):R))" +definition par :: "[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa" (infixr "||" 10) + where "(ioa1 || ioa2) == + (asig_comp (asig_of ioa1) (asig_of ioa2), + {pr. fst(pr):starts_of(ioa1) & snd(pr):starts_of(ioa2)}, + {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) + in (a:actions(asig_of(ioa1)) | a:actions(asig_of(ioa2))) & + (if a:actions(asig_of(ioa1)) then + (fst(s),a,fst(t)):trans_of(ioa1) + else fst(t) = fst(s)) + & + (if a:actions(asig_of(ioa2)) then + (snd(s),a,snd(t)):trans_of(ioa2) + else snd(t) = snd(s))})" -asig_of_def: "asig_of == fst" -starts_of_def: "starts_of == (fst o snd)" -trans_of_def: "trans_of == (snd o snd)" - -ioa_def: - "IOA(ioa) == (is_asig(asig_of(ioa)) & - (~ starts_of(ioa) = {}) & - state_trans (asig_of ioa) (trans_of ioa))" - - -(* An execution fragment is modelled with a pair of sequences: - * the first is the action options, the second the state sequence. - * Finite executions have None actions from some point on. - *******) -is_execution_fragment_def: - "is_execution_fragment A ex == - let act = fst(ex); state = snd(ex) - in !n a. (act(n)=None --> state(Suc(n)) = state(n)) & - (act(n)=Some(a) --> (state(n),a,state(Suc(n))):trans_of(A))" - - -executions_def: - "executions(ioa) == {e. snd e 0:starts_of(ioa) & - is_execution_fragment ioa e}" - - -reachable_def: - "reachable ioa s == (? ex:executions(ioa). ? n. (snd ex n) = s)" - - -invariant_def: "invariant A P == (!s. reachable A s --> P(s))" - +(* Filtering and hiding *) (* Restrict the trace to those members of the set s *) -filter_oseq_def: - "filter_oseq p s == +definition filter_oseq :: "('a => bool) => 'a oseq => 'a oseq" + where "filter_oseq p s == (%i. case s(i) of None => None | Some(x) => if p x then Some x else None)" - -mk_trace_def: - "mk_trace(ioa) == filter_oseq(%a. a:externals(asig_of(ioa)))" - +definition mk_trace :: "[('action,'state)ioa, 'action oseq] => 'action oseq" + where "mk_trace(ioa) == filter_oseq(%a. a:externals(asig_of(ioa)))" (* Does an ioa have an execution with the given trace *) -has_trace_def: - "has_trace ioa b == - (? ex:executions(ioa). b = mk_trace ioa (fst ex))" +definition has_trace :: "[('action,'state)ioa, 'action oseq] => bool" + where "has_trace ioa b == (? ex:executions(ioa). b = mk_trace ioa (fst ex))" -normal_form_def: - "NF(tr) == @nf. ? f. mono(f) & (!i. nf(i)=tr(f(i))) & +definition NF :: "'a oseq => 'a oseq" + where "NF(tr) == @nf. ? f. mono(f) & (!i. nf(i)=tr(f(i))) & (!j. j ~: range(f) --> nf(j)= None) & - (!i. nf(i)=None --> (nf (Suc i)) = None) " + (!i. nf(i)=None --> (nf (Suc i)) = None)" (* All the traces of an ioa *) - - traces_def: - "traces(ioa) == {trace. ? tr. trace=NF(tr) & has_trace ioa tr}" - -(* - traces_def: - "traces(ioa) == {tr. has_trace ioa tr}" -*) - -compat_asigs_def: - "compat_asigs a1 a2 == - (((outputs(a1) Int outputs(a2)) = {}) & - ((internals(a1) Int actions(a2)) = {}) & - ((internals(a2) Int actions(a1)) = {}))" - - -compat_ioas_def: - "compat_ioas ioa1 ioa2 == compat_asigs (asig_of(ioa1)) (asig_of(ioa2))" +definition traces :: "('action,'state)ioa => 'action oseq set" + where "traces(ioa) == {trace. ? tr. trace=NF(tr) & has_trace ioa tr}" -asig_comp_def: - "asig_comp a1 a2 == - (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)), - (outputs(a1) Un outputs(a2)), - (internals(a1) Un internals(a2))))" - - -par_def: - "(ioa1 || ioa2) == - (asig_comp (asig_of ioa1) (asig_of ioa2), - {pr. fst(pr):starts_of(ioa1) & snd(pr):starts_of(ioa2)}, - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in (a:actions(asig_of(ioa1)) | a:actions(asig_of(ioa2))) & - (if a:actions(asig_of(ioa1)) then - (fst(s),a,fst(t)):trans_of(ioa1) - else fst(t) = fst(s)) - & - (if a:actions(asig_of(ioa2)) then - (snd(s),a,snd(t)):trans_of(ioa2) - else snd(t) = snd(s))})" - - -restrict_asig_def: - "restrict_asig asig actns == +definition restrict_asig :: "['a signature, 'a set] => 'a signature" + where "restrict_asig asig actns == (inputs(asig) Int actns, outputs(asig) Int actns, internals(asig) Un (externals(asig) - actns))" - -restrict_def: - "restrict ioa actns == +definition restrict :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa" + where "restrict ioa actns == (restrict_asig (asig_of ioa) actns, starts_of(ioa), trans_of(ioa))" -ioa_implements_def: - "ioa_implements ioa1 ioa2 == + +(* Notions of correctness *) + +definition ioa_implements :: "[('action,'state1)ioa, ('action,'state2)ioa] => bool" + where "ioa_implements ioa1 ioa2 == ((inputs(asig_of(ioa1)) = inputs(asig_of(ioa2))) & (outputs(asig_of(ioa1)) = outputs(asig_of(ioa2))) & traces(ioa1) <= traces(ioa2))" -rename_def: -"rename ioa ren == - (({b. ? x. Some(x)= ren(b) & x : inputs(asig_of(ioa))}, - {b. ? x. Some(x)= ren(b) & x : outputs(asig_of(ioa))}, - {b. ? x. Some(x)= ren(b) & x : internals(asig_of(ioa))}), - starts_of(ioa) , - {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) - in - ? x. Some(x) = ren(a) & (s,x,t):trans_of(ioa)})" + +(* Instantiation of abstract IOA by concrete actions *) + +definition rename :: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa" + where "rename ioa ren == + (({b. ? x. Some(x)= ren(b) & x : inputs(asig_of(ioa))}, + {b. ? x. Some(x)= ren(b) & x : outputs(asig_of(ioa))}, + {b. ? x. Some(x)= ren(b) & x : internals(asig_of(ioa))}), + starts_of(ioa) , + {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr)) + in + ? x. Some(x) = ren(a) & (s,x,t):trans_of(ioa)})" declare Let_def [simp] @@ -206,7 +171,7 @@ lemma trans_in_actions: "[| IOA(A); (s1,a,s2):trans_of(A) |] ==> a:actions(asig_of(A))" - apply (unfold ioa_def state_trans_def actions_def is_asig_def) + apply (unfold IOA_def state_trans_def actions_def is_asig_def) apply (erule conjE)+ apply (erule allE, erule impE, assumption) apply simp diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/Library/Old_Datatype.thy --- a/src/HOL/Library/Old_Datatype.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/Library/Old_Datatype.thy Tue Jan 12 20:05:53 2016 +0100 @@ -26,80 +26,67 @@ type_synonym 'a item = "('a, unit) node set" type_synonym ('a, 'b) dtree = "('a, 'b) node set" -consts - Push :: "[('b + nat), nat => ('b + nat)] => (nat => ('b + nat))" - - Push_Node :: "[('b + nat), ('a, 'b) node] => ('a, 'b) node" - ndepth :: "('a, 'b) node => nat" +definition Push :: "[('b + nat), nat => ('b + nat)] => (nat => ('b + nat))" + (*crude "lists" of nats -- needed for the constructions*) + where "Push == (%b h. case_nat b h)" - Atom :: "('a + nat) => ('a, 'b) dtree" - Leaf :: "'a => ('a, 'b) dtree" - Numb :: "nat => ('a, 'b) dtree" - Scons :: "[('a, 'b) dtree, ('a, 'b) dtree] => ('a, 'b) dtree" - In0 :: "('a, 'b) dtree => ('a, 'b) dtree" - In1 :: "('a, 'b) dtree => ('a, 'b) dtree" - Lim :: "('b => ('a, 'b) dtree) => ('a, 'b) dtree" - - ntrunc :: "[nat, ('a, 'b) dtree] => ('a, 'b) dtree" - - uprod :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" - usum :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" - - Split :: "[[('a, 'b) dtree, ('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" - Case :: "[[('a, 'b) dtree]=>'c, [('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" - - dprod :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] - => (('a, 'b) dtree * ('a, 'b) dtree)set" - dsum :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] - => (('a, 'b) dtree * ('a, 'b) dtree)set" +definition Push_Node :: "[('b + nat), ('a, 'b) node] => ('a, 'b) node" + where "Push_Node == (%n x. Abs_Node (apfst (Push n) (Rep_Node x)))" -defs +(** operations on S-expressions -- sets of nodes **) - Push_Node_def: "Push_Node == (%n x. Abs_Node (apfst (Push n) (Rep_Node x)))" - - (*crude "lists" of nats -- needed for the constructions*) - Push_def: "Push == (%b h. case_nat b h)" +(*S-expression constructors*) +definition Atom :: "('a + nat) => ('a, 'b) dtree" + where "Atom == (%x. {Abs_Node((%k. Inr 0, x))})" +definition Scons :: "[('a, 'b) dtree, ('a, 'b) dtree] => ('a, 'b) dtree" + where "Scons M N == (Push_Node (Inr 1) ` M) Un (Push_Node (Inr (Suc 1)) ` N)" - (** operations on S-expressions -- sets of nodes **) +(*Leaf nodes, with arbitrary or nat labels*) +definition Leaf :: "'a => ('a, 'b) dtree" + where "Leaf == Atom o Inl" +definition Numb :: "nat => ('a, 'b) dtree" + where "Numb == Atom o Inr" - (*S-expression constructors*) - Atom_def: "Atom == (%x. {Abs_Node((%k. Inr 0, x))})" - Scons_def: "Scons M N == (Push_Node (Inr 1) ` M) Un (Push_Node (Inr (Suc 1)) ` N)" - - (*Leaf nodes, with arbitrary or nat labels*) - Leaf_def: "Leaf == Atom o Inl" - Numb_def: "Numb == Atom o Inr" +(*Injections of the "disjoint sum"*) +definition In0 :: "('a, 'b) dtree => ('a, 'b) dtree" + where "In0(M) == Scons (Numb 0) M" +definition In1 :: "('a, 'b) dtree => ('a, 'b) dtree" + where "In1(M) == Scons (Numb 1) M" - (*Injections of the "disjoint sum"*) - In0_def: "In0(M) == Scons (Numb 0) M" - In1_def: "In1(M) == Scons (Numb 1) M" +(*Function spaces*) +definition Lim :: "('b => ('a, 'b) dtree) => ('a, 'b) dtree" + where "Lim f == \{z. ? x. z = Push_Node (Inl x) ` (f x)}" - (*Function spaces*) - Lim_def: "Lim f == \{z. ? x. z = Push_Node (Inl x) ` (f x)}" +(*the set of nodes with depth less than k*) +definition ndepth :: "('a, 'b) node => nat" + where "ndepth(n) == (%(f,x). LEAST k. f k = Inr 0) (Rep_Node n)" +definition ntrunc :: "[nat, ('a, 'b) dtree] => ('a, 'b) dtree" + where "ntrunc k N == {n. n:N & ndepth(n) ('a, 'b) dtree set" + where "uprod A B == UN x:A. UN y:B. { Scons x y }" +definition usum :: "[('a, 'b) dtree set, ('a, 'b) dtree set]=> ('a, 'b) dtree set" + where "usum A B == In0`A Un In1`B" - (*products and sums for the "universe"*) - uprod_def: "uprod A B == UN x:A. UN y:B. { Scons x y }" - usum_def: "usum A B == In0`A Un In1`B" +(*the corresponding eliminators*) +definition Split :: "[[('a, 'b) dtree, ('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" + where "Split c M == THE u. EX x y. M = Scons x y & u = c x y" - (*the corresponding eliminators*) - Split_def: "Split c M == THE u. EX x y. M = Scons x y & u = c x y" - - Case_def: "Case c d M == THE u. (EX x . M = In0(x) & u = c(x)) - | (EX y . M = In1(y) & u = d(y))" +definition Case :: "[[('a, 'b) dtree]=>'c, [('a, 'b) dtree]=>'c, ('a, 'b) dtree] => 'c" + where "Case c d M == THE u. (EX x . M = In0(x) & u = c(x)) | (EX y . M = In1(y) & u = d(y))" - (** equality for the "universe" **) - - dprod_def: "dprod r s == UN (x,x'):r. UN (y,y'):s. {(Scons x y, Scons x' y')}" +(** equality for the "universe" **) - dsum_def: "dsum r s == (UN (x,x'):r. {(In0(x),In0(x'))}) Un - (UN (y,y'):s. {(In1(y),In1(y'))})" +definition dprod :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] + => (('a, 'b) dtree * ('a, 'b) dtree)set" + where "dprod r s == UN (x,x'):r. UN (y,y'):s. {(Scons x y, Scons x' y')}" +definition dsum :: "[(('a, 'b) dtree * ('a, 'b) dtree)set, (('a, 'b) dtree * ('a, 'b) dtree)set] + => (('a, 'b) dtree * ('a, 'b) dtree)set" + where "dsum r s == (UN (x,x'):r. {(In0(x),In0(x'))}) Un (UN (y,y'):s. {(In1(y),In1(y'))})" lemma apfst_convE: diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/MicroJava/DFA/Semilat.thy --- a/src/HOL/MicroJava/DFA/Semilat.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/MicroJava/DFA/Semilat.thy Tue Jan 12 20:05:53 2016 +0100 @@ -15,23 +15,26 @@ type_synonym 'a binop = "'a \ 'a \ 'a" type_synonym 'a sl = "'a set \ 'a ord \ 'a binop" -consts - "lesub" :: "'a \ 'a ord \ 'a \ bool" - "lesssub" :: "'a \ 'a ord \ 'a \ bool" - "plussub" :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" -(*<*) +definition lesub :: "'a \ 'a ord \ 'a \ bool" + where "lesub x r y \ r x y" + +definition lesssub :: "'a \ 'a ord \ 'a \ bool" + where "lesssub x r y \ lesub x r y \ x \ y" + +definition plussub :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" + where "plussub x f y = f x y" + notation (ASCII) "lesub" ("(_ /<='__ _)" [50, 1000, 51] 50) and "lesssub" ("(_ /<'__ _)" [50, 1000, 51] 50) and "plussub" ("(_ /+'__ _)" [65, 1000, 66] 65) -(*>*) + notation "lesub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and "lesssub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and "plussub" ("(_ /\\<^bsub>_\<^esub> _)" [65, 0, 66] 65) -(*<*) + (* allow \ instead of \..\ *) - abbreviation (input) lesub1 :: "'a \ 'a ord \ 'a \ bool" ("(_ /\\<^sub>_ _)" [50, 1000, 51] 50) where "x \\<^sub>r y == x \\<^bsub>r\<^esub> y" @@ -43,12 +46,6 @@ abbreviation (input) plussub1 :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" ("(_ /\\<^sub>_ _)" [65, 1000, 66] 65) where "x \\<^sub>f y == x \\<^bsub>f\<^esub> y" -(*>*) - -defs - lesub_def: "x \\<^sub>r y \ r x y" - lesssub_def: "x \\<^sub>r y \ x \\<^sub>r y \ x \ y" - plussub_def: "x \\<^sub>f y \ f x y" definition ord :: "('a \ 'a) set \ 'a ord" where "ord r \ \x y. (x,y) \ r" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/MicroJava/J/Example.thy --- a/src/HOL/MicroJava/J/Example.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/MicroJava/J/Example.thy Tue Jan 12 20:05:53 2016 +0100 @@ -82,31 +82,33 @@ declare Base_not_Xcpt [symmetric, simp] declare Ext_not_Xcpt [symmetric, simp] -consts - foo_Base:: java_mb - foo_Ext :: java_mb - BaseC :: "java_mb cdecl" - ExtC :: "java_mb cdecl" - test :: stmt - foo :: mname - a :: loc - b :: loc +definition foo_Base :: java_mb + where "foo_Base == ([x],[],Skip,LAcc x)" -defs - foo_Base_def:"foo_Base == ([x],[],Skip,LAcc x)" - BaseC_def:"BaseC == (Base, (Object, +definition foo_Ext :: java_mb + where "foo_Ext == ([x],[],Expr( {Ext}Cast Ext + (LAcc x)..vee:=Lit (Intg Numeral1)), + Lit Null)" + +consts foo :: mname + +definition BaseC :: "java_mb cdecl" + where "BaseC == (Base, (Object, [(vee, PrimT Boolean)], [((foo,[Class Base]),Class Base,foo_Base)]))" - foo_Ext_def:"foo_Ext == ([x],[],Expr( {Ext}Cast Ext - (LAcc x)..vee:=Lit (Intg Numeral1)), - Lit Null)" - ExtC_def: "ExtC == (Ext, (Base , + +definition ExtC :: "java_mb cdecl" + where "ExtC == (Ext, (Base , [(vee, PrimT Integer)], [((foo,[Class Base]),Class Ext,foo_Ext)]))" - test_def:"test == Expr(e::=NewC Ext);; +definition test :: stmt + where "test == Expr(e::=NewC Ext);; Expr({Base}LAcc e..foo({[Class Base]}[Lit Null]))" +consts + a :: loc + b :: loc abbreviation NP :: xcpt where diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/MicroJava/J/TypeRel.thy --- a/src/HOL/MicroJava/J/TypeRel.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/MicroJava/J/TypeRel.thy Tue Jan 12 20:05:53 2016 +0100 @@ -176,14 +176,18 @@ by(rule finite_acyclic_wf_converse[OF finite_subcls1]) qed -consts - "method" :: "'c prog \ cname => ( sig \ cname \ ty \ 'c)" (* ###curry *) - field :: "'c prog \ cname => ( vname \ cname \ ty )" (* ###curry *) - fields :: "'c prog \ cname => ((vname \ cname) \ ty) list" (* ###curry *) +definition "method" :: "'c prog \ cname => (sig \ cname \ ty \ 'c)" + \ "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6" + where [code]: "method \ \(G,C). class_rec G C empty (\C fs ms ts. + ts ++ map_of (map (\(s,m). (s,(C,m))) ms))" -\ "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6" -defs method_def [code]: "method \ \(G,C). class_rec G C empty (\C fs ms ts. - ts ++ map_of (map (\(s,m). (s,(C,m))) ms))" +definition fields :: "'c prog \ cname => ((vname \ cname) \ ty) list" + \ "list of fields of a class, including inherited and hidden ones" + where [code]: "fields \ \(G,C). class_rec G C [] (\C fs ms ts. + map (\(fn,ft). ((fn,C),ft)) fs @ ts)" + +definition field :: "'c prog \ cname => (vname \ cname \ ty)" + where [code]: "field == map_of o (map (\((fn,fd),ft). (fn,(fd,ft)))) o fields" lemma method_rec_lemma: "[|class G C = Some (D,fs,ms); wf ((subcls1 G)^-1)|] ==> method (G,C) = (if C = Object then empty else method (G,D)) ++ @@ -194,11 +198,6 @@ apply auto done - -\ "list of fields of a class, including inherited and hidden ones" -defs fields_def [code]: "fields \ \(G,C). class_rec G C [] (\C fs ms ts. - map (\(fn,ft). ((fn,C),ft)) fs @ ts)" - lemma fields_rec_lemma: "[|class G C = Some (D,fs,ms); wf ((subcls1 G)^-1)|] ==> fields (G,C) = map (\(fn,ft). ((fn,C),ft)) fs @ (if C = Object then [] else fields (G,D))" @@ -208,9 +207,6 @@ apply auto done - -defs field_def [code]: "field == map_of o (map (\((fn,fd),ft). (fn,(fd,ft)))) o fields" - lemma field_fields: "field (G,C) fn = Some (fd, fT) \ map_of (fields (G,C)) (fn, fd) = Some fT" apply (unfold field_def) diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/MicroJava/J/WellType.thy --- a/src/HOL/MicroJava/J/WellType.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/MicroJava/J/WellType.thy Tue Jan 12 20:05:53 2016 +0100 @@ -33,24 +33,20 @@ localT :: "'c env => (vname \ ty)" where "localT == snd" -consts - more_spec :: "'c prog => (ty \ 'x) \ ty list => - (ty \ 'x) \ ty list => bool" - appl_methds :: "'c prog => cname => sig => ((ty \ ty) \ ty list) set" - max_spec :: "'c prog => cname => sig => ((ty \ ty) \ ty list) set" +definition more_spec :: "'c prog \ (ty \ 'x) \ ty list \ (ty \ 'x) \ ty list \ bool" + where "more_spec G == \((d,h),pTs). \((d',h'),pTs'). G\d\d' \ + list_all2 (\T T'. G\T\T') pTs pTs'" -defs - more_spec_def: "more_spec G == \((d,h),pTs). \((d',h'),pTs'). G\d\d' \ - list_all2 (\T T'. G\T\T') pTs pTs'" - +definition appl_methds :: "'c prog \ cname \ sig \ ((ty \ ty) \ ty list) set" \ "applicable methods, cf. 15.11.2.1" - appl_methds_def: "appl_methds G C == \(mn, pTs). + where "appl_methds G C == \(mn, pTs). {((Class md,rT),pTs') |md rT mb pTs'. method (G,C) (mn, pTs') = Some (md,rT,mb) \ list_all2 (\T T'. G\T\T') pTs pTs'}" +definition max_spec :: "'c prog \ cname \ sig \ ((ty \ ty) \ ty list) set" \ "maximally specific methods, cf. 15.11.2.2" - max_spec_def: "max_spec G C sig == {m. m \appl_methds G C sig \ + where "max_spec G C sig == {m. m \appl_methds G C sig \ (\m'\appl_methds G C sig. more_spec G m' m --> m' = m)}" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/Nitpick_Examples/Refute_Nits.thy --- a/src/HOL/Nitpick_Examples/Refute_Nits.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/Nitpick_Examples/Refute_Nits.thy Tue Jan 12 20:05:53 2016 +0100 @@ -1273,10 +1273,20 @@ consts inverse :: "'a \ 'a" -defs (overloaded) -inverse_bool: "inverse (b::bool) \ \ b" -inverse_set: "inverse (S::'a set) \ -S" -inverse_pair: "inverse p \ (inverse (fst p), inverse (snd p))" +overloading inverse_bool \ "inverse :: bool \ bool" +begin + definition "inverse (b::bool) \ \ b" +end + +overloading inverse_set \ "inverse :: 'a set \ 'a set" +begin + definition "inverse (S::'a set) \ -S" +end + +overloading inverse_pair \ "inverse :: 'a \ 'b \ 'a \ 'b" +begin + definition "inverse_pair p \ (inverse (fst p), inverse (snd p))" +end lemma "inverse b" nitpick [expect = genuine] diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/Nominal/Nominal.thy --- a/src/HOL/Nominal/Nominal.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/Nominal/Nominal.thy Tue Jan 12 20:05:53 2016 +0100 @@ -2416,11 +2416,15 @@ consts fresh_star :: "'b \ 'a \ bool" ("_ \* _" [100,100] 100) -defs (overloaded) - fresh_star_set: "xs\*c \ \x\xs. x\c" - -defs (overloaded) - fresh_star_list: "xs\*c \ \x\set xs. x\c" +overloading fresh_star_set \ "fresh_star :: 'b set \ 'a \ bool" +begin + definition fresh_star_set: "xs\*c \ \x::'b\xs. x\(c::'a)" +end + +overloading frsh_star_list \ "fresh_star :: 'b list \ 'a \ bool" +begin + definition fresh_star_list: "xs\*c \ \x::'b\set xs. x\(c::'a)" +end lemmas fresh_star_def = fresh_star_list fresh_star_set diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/ROOT diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Action.thy --- a/src/HOL/TLA/Action.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Action.thy Tue Jan 12 20:05:53 2016 +0100 @@ -9,25 +9,19 @@ imports Stfun begin - -(** abstract syntax **) - -type_synonym 'a trfun = "(state * state) \ 'a" -type_synonym action = "bool trfun" +type_synonym 'a trfun = "state \ state \ 'a" +type_synonym action = "bool trfun" instance prod :: (world, world) world .. -consts - (** abstract syntax **) - before :: "'a stfun \ 'a trfun" - after :: "'a stfun \ 'a trfun" - unch :: "'a stfun \ action" +definition enabled :: "action \ stpred" + where "enabled A s \ \u. (s,u) \ A" + - SqAct :: "[action, 'a stfun] \ action" - AnAct :: "[action, 'a stfun] \ action" - enabled :: "action \ stpred" - -(** concrete syntax **) +consts + before :: "'a stfun \ 'a trfun" + after :: "'a stfun \ 'a trfun" + unch :: "'a stfun \ action" syntax (* Syntax for writing action expressions in arbitrary contexts *) @@ -40,8 +34,6 @@ (*** Priming: same as "after" ***) "_prime" :: "lift \ lift" ("(_`)" [100] 99) - "_SqAct" :: "[lift, lift] \ lift" ("([_]'_(_))" [0,1000] 99) - "_AnAct" :: "[lift, lift] \ lift" ("(<_>'_(_))" [0,1000] 99) "_Enabled" :: "lift \ lift" ("(Enabled _)" [100] 100) translations @@ -50,25 +42,30 @@ "_after" == "CONST after" "_prime" => "_after" "_unchanged" == "CONST unch" - "_SqAct" == "CONST SqAct" - "_AnAct" == "CONST AnAct" "_Enabled" == "CONST enabled" - "w \ [A]_v" <= "_SqAct A v w" - "w \ _v" <= "_AnAct A v w" "s \ Enabled A" <= "_Enabled A s" "w \ unchanged f" <= "_unchanged f w" axiomatization where unl_before: "(ACT $v) (s,t) \ v s" and unl_after: "(ACT v$) (s,t) \ v t" and - unchanged_def: "(s,t) \ unchanged v \ (v t = v s)" -defs - square_def: "ACT [A]_v \ ACT (A \ unchanged v)" - angle_def: "ACT _v \ ACT (A \ \ unchanged v)" + +definition SqAct :: "[action, 'a stfun] \ action" + where square_def: "SqAct A v \ ACT (A \ unchanged v)" + +definition AnAct :: "[action, 'a stfun] \ action" + where angle_def: "AnAct A v \ ACT (A \ \ unchanged v)" - enabled_def: "s \ Enabled A \ \u. (s,u) \ A" +syntax + "_SqAct" :: "[lift, lift] \ lift" ("([_]'_(_))" [0, 1000] 99) + "_AnAct" :: "[lift, lift] \ lift" ("(<_>'_(_))" [0, 1000] 99) +translations + "_SqAct" == "CONST SqAct" + "_AnAct" == "CONST AnAct" + "w \ [A]_v" \ "_SqAct A v w" + "w \ _v" \ "_AnAct A v w" (* The following assertion specializes "intI" for any world type diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Buffer/Buffer.thy --- a/src/HOL/TLA/Buffer/Buffer.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Buffer/Buffer.thy Tue Jan 12 20:05:53 2016 +0100 @@ -8,31 +8,35 @@ imports "../TLA" begin -consts - (* actions *) - BInit :: "'a stfun \ 'a list stfun \ 'a stfun \ stpred" - Enq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" - Deq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" - Next :: "'a stfun \ 'a list stfun \ 'a stfun \ action" +(* actions *) + +definition BInit :: "'a stfun \ 'a list stfun \ 'a stfun \ stpred" + where "BInit ic q oc == PRED q = #[]" - (* temporal formulas *) - IBuffer :: "'a stfun \ 'a list stfun \ 'a stfun \ temporal" - Buffer :: "'a stfun \ 'a stfun \ temporal" +definition Enq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Enq ic q oc == ACT (ic$ \ $ic) + \ (q$ = $q @ [ ic$ ]) + \ (oc$ = $oc)" -defs - BInit_def: "BInit ic q oc == PRED q = #[]" - Enq_def: "Enq ic q oc == ACT (ic$ \ $ic) - \ (q$ = $q @ [ ic$ ]) - \ (oc$ = $oc)" - Deq_def: "Deq ic q oc == ACT ($q \ #[]) - \ (oc$ = hd< $q >) - \ (q$ = tl< $q >) - \ (ic$ = $ic)" - Next_def: "Next ic q oc == ACT (Enq ic q oc \ Deq ic q oc)" - IBuffer_def: "IBuffer ic q oc == TEMP Init (BInit ic q oc) - \ \[Next ic q oc]_(ic,q,oc) - \ WF(Deq ic q oc)_(ic,q,oc)" - Buffer_def: "Buffer ic oc == TEMP (\\q. IBuffer ic q oc)" +definition Deq :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Deq ic q oc == ACT ($q \ #[]) + \ (oc$ = hd< $q >) + \ (q$ = tl< $q >) + \ (ic$ = $ic)" + +definition Next :: "'a stfun \ 'a list stfun \ 'a stfun \ action" + where "Next ic q oc == ACT (Enq ic q oc \ Deq ic q oc)" + + +(* temporal formulas *) + +definition IBuffer :: "'a stfun \ 'a list stfun \ 'a stfun \ temporal" + where "IBuffer ic q oc == TEMP Init (BInit ic q oc) + \ \[Next ic q oc]_(ic,q,oc) + \ WF(Deq ic q oc)_(ic,q,oc)" + +definition Buffer :: "'a stfun \ 'a stfun \ temporal" + where "Buffer ic oc == TEMP (\\q. IBuffer ic q oc)" (* ---------------------------- Data lemmas ---------------------------- *) diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Init.thy --- a/src/HOL/TLA/Init.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Init.thy Tue Jan 12 20:05:53 2016 +0100 @@ -16,29 +16,33 @@ type_synonym temporal = "behavior form" - consts - Initial :: "('w::world \ bool) \ temporal" first_world :: "behavior \ ('w::world)" st1 :: "behavior \ state" st2 :: "behavior \ state" +definition Initial :: "('w::world \ bool) \ temporal" + where Init_def: "Initial F sigma = F (first_world sigma)" + syntax "_TEMP" :: "lift \ 'a" ("(TEMP _)") "_Init" :: "lift \ lift" ("(Init _)"[40] 50) - translations "TEMP F" => "(F::behavior \ _)" "_Init" == "CONST Initial" "sigma \ Init F" <= "_Init F sigma" -defs - Init_def: "sigma \ Init F == (first_world sigma) \ F" +overloading + fw_temp \ "first_world :: behavior \ behavior" + fw_stp \ "first_world :: behavior \ state" + fw_act \ "first_world :: behavior \ state \ state" +begin -defs (overloaded) - fw_temp_def: "first_world == \sigma. sigma" - fw_stp_def: "first_world == st1" - fw_act_def: "first_world == \sigma. (st1 sigma, st2 sigma)" +definition "first_world == \sigma. sigma" +definition "first_world == st1" +definition "first_world == \sigma. (st1 sigma, st2 sigma)" + +end lemma const_simps [int_rewrite, simp]: "\ (Init #True) = #True" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Intensional.thy --- a/src/HOL/TLA/Intensional.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Intensional.thy Tue Jan 12 20:05:53 2016 +0100 @@ -17,17 +17,29 @@ type_synonym ('w,'a) expr = "'w \ 'a" (* intention: 'w::world, 'a::type *) type_synonym 'w form = "('w, bool) expr" -consts - Valid :: "('w::world) form \ bool" - const :: "'a \ ('w::world, 'a) expr" - lift :: "['a \ 'b, ('w::world, 'a) expr] \ ('w,'b) expr" - lift2 :: "['a \ 'b \ 'c, ('w::world,'a) expr, ('w,'b) expr] \ ('w,'c) expr" - lift3 :: "['a \ 'b \ 'c \ 'd, ('w::world,'a) expr, ('w,'b) expr, ('w,'c) expr] \ ('w,'d) expr" +definition Valid :: "('w::world) form \ bool" + where "Valid A \ \w. A w" + +definition const :: "'a \ ('w::world, 'a) expr" + where unl_con: "const c w \ c" + +definition lift :: "['a \ 'b, ('w::world, 'a) expr] \ ('w,'b) expr" + where unl_lift: "lift f x w \ f (x w)" + +definition lift2 :: "['a \ 'b \ 'c, ('w::world,'a) expr, ('w,'b) expr] \ ('w,'c) expr" + where unl_lift2: "lift2 f x y w \ f (x w) (y w)" - (* "Rigid" quantification (logic level) *) - RAll :: "('a \ ('w::world) form) \ 'w form" (binder "Rall " 10) - REx :: "('a \ ('w::world) form) \ 'w form" (binder "Rex " 10) - REx1 :: "('a \ ('w::world) form) \ 'w form" (binder "Rex! " 10) +definition lift3 :: "['a \ 'b \ 'c \ 'd, ('w::world,'a) expr, ('w,'b) expr, ('w,'c) expr] \ ('w,'d) expr" + where unl_lift3: "lift3 f x y z w \ f (x w) (y w) (z w)" + +(* "Rigid" quantification (logic level) *) +definition RAll :: "('a \ ('w::world) form) \ 'w form" (binder "Rall " 10) + where unl_Rall: "(Rall x. A x) w \ \x. A x w" +definition REx :: "('a \ ('w::world) form) \ 'w form" (binder "Rex " 10) + where unl_Rex: "(Rex x. A x) w \ \x. A x w" +definition REx1 :: "('a \ ('w::world) form) \ 'w form" (binder "Rex! " 10) + where unl_Rex1: "(Rex! x. A x) w \ \!x. A x w" + (** concrete syntax **) @@ -123,8 +135,6 @@ "_liftList (_liftargs x xs)" == "_liftCons x (_liftList xs)" "_liftList x" == "_liftCons x (_const [])" - - "w \ \A" <= "_liftNot A w" "w \ A \ B" <= "_liftAnd A B w" "w \ A \ B" <= "_liftOr A B w" @@ -134,18 +144,6 @@ "w \ \x. A" <= "_REx x A w" "w \ \!x. A" <= "_REx1 x A w" -defs - Valid_def: "\ A == \w. w \ A" - - unl_con: "LIFT #c w == c" - unl_lift: "lift f x w == f (x w)" - unl_lift2: "LIFT f w == f (x w) (y w)" - unl_lift3: "LIFT f w == f (x w) (y w) (z w)" - - unl_Rall: "w \ \x. A x == \x. (w \ A x)" - unl_Rex: "w \ \x. A x == \x. (w \ A x)" - unl_Rex1: "w \ \!x. A x == \!x. (w \ A x)" - subsection \Lemmas and tactics for "intensional" logics.\ diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/MemClerk.thy --- a/src/HOL/TLA/Memory/MemClerk.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/MemClerk.thy Tue Jan 12 20:05:53 2016 +0100 @@ -74,10 +74,10 @@ unanswered call for that process. *) lemma MClkidle: "\ \$Calling send p \ $(cst!p) = #clkA \ \MClkNext send rcv cst p" - by (auto simp: Return_def MC_action_defs) + by (auto simp: AReturn_def MC_action_defs) lemma MClkbusy: "\ $Calling rcv p \ \MClkNext send rcv cst p" - by (auto simp: Call_def MC_action_defs) + by (auto simp: ACall_def MC_action_defs) (* Enabledness of actions *) @@ -86,7 +86,7 @@ \ Calling send p \ \Calling rcv p \ cst!p = #clkA \ Enabled (MClkFwd send rcv cst p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm MClkFwd_def}, - @{thm Call_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] + @{thm ACall_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\) lemma MClkFwd_ch_enabled: "\ Enabled (MClkFwd send rcv cst p) \ @@ -103,7 +103,7 @@ apply (tactic \action_simp_tac @{context} [@{thm MClkReply_change} RSN (2, @{thm enabled_mono})] [] 1\) apply (tactic \action_simp_tac (@{context} addsimps - [@{thm MClkReply_def}, @{thm Return_def}, @{thm caller_def}, @{thm rtrner_def}]) + [@{thm MClkReply_def}, @{thm AReturn_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\) done diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/Memory.thy --- a/src/HOL/TLA/Memory/Memory.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/Memory.thy Tue Jan 12 20:05:53 2016 +0100 @@ -12,122 +12,135 @@ type_synonym memType = "(Locs \ Vals) stfun" (* intention: MemLocs \ MemVals *) type_synonym resType = "(PrIds \ Vals) stfun" -consts - (* state predicates *) - MInit :: "memType \ Locs \ stpred" - PInit :: "resType \ PrIds \ stpred" - (* auxiliary predicates: is there a pending read/write request for - some process id and location/value? *) - RdRequest :: "memChType \ PrIds \ Locs \ stpred" - WrRequest :: "memChType \ PrIds \ Locs \ Vals \ stpred" + +(* state predicates *) + +definition MInit :: "memType \ Locs \ stpred" + where "MInit mm l == PRED mm!l = #InitVal" + +definition PInit :: "resType \ PrIds \ stpred" + where "PInit rs p == PRED rs!p = #NotAResult" + + +(* auxiliary predicates: is there a pending read/write request for + some process id and location/value? *) + +definition RdRequest :: "memChType \ PrIds \ Locs \ stpred" + where "RdRequest ch p l == PRED Calling ch p \ (arg = #(read l))" + +definition WrRequest :: "memChType \ PrIds \ Locs \ Vals \ stpred" + where "WrRequest ch p l v == PRED Calling ch p \ (arg = #(write l v))" + + +(* actions *) + +(* a read that doesn't raise BadArg *) +definition GoodRead :: "memType \ resType \ PrIds \ Locs \ action" + where "GoodRead mm rs p l == ACT #l \ #MemLoc \ ((rs!p)$ = $(mm!l))" + +(* a read that raises BadArg *) +definition BadRead :: "memType \ resType \ PrIds \ Locs \ action" + where "BadRead mm rs p l == ACT #l \ #MemLoc \ ((rs!p)$ = #BadArg)" - (* actions *) - GoodRead :: "memType \ resType \ PrIds \ Locs \ action" - BadRead :: "memType \ resType \ PrIds \ Locs \ action" - ReadInner :: "memChType \ memType \ resType \ PrIds \ Locs \ action" - Read :: "memChType \ memType \ resType \ PrIds \ action" - GoodWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" - BadWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" - WriteInner :: "memChType \ memType \ resType \ PrIds \ Locs \ Vals \ action" - Write :: "memChType \ memType \ resType \ PrIds \ Locs \ action" - MemReturn :: "memChType \ resType \ PrIds \ action" - MemFail :: "memChType \ resType \ PrIds \ action" - RNext :: "memChType \ memType \ resType \ PrIds \ action" - UNext :: "memChType \ memType \ resType \ PrIds \ action" +(* the read action with l visible *) +definition ReadInner :: "memChType \ memType \ resType \ PrIds \ Locs \ action" + where "ReadInner ch mm rs p l == ACT + $(RdRequest ch p l) + \ (GoodRead mm rs p l \ BadRead mm rs p l) + \ unchanged (rtrner ch ! p)" + +(* the read action with l quantified *) +definition Read :: "memChType \ memType \ resType \ PrIds \ action" + where "Read ch mm rs p == ACT (\l. ReadInner ch mm rs p l)" - (* temporal formulas *) - RPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" - UPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" - MSpec :: "memChType \ memType \ resType \ Locs \ temporal" - IRSpec :: "memChType \ memType \ resType \ temporal" - IUSpec :: "memChType \ memType \ resType \ temporal" +(* similar definitions for the write action *) +definition GoodWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" + where "GoodWrite mm rs p l v == + ACT #l \ #MemLoc \ #v \ #MemVal + \ ((mm!l)$ = #v) \ ((rs!p)$ = #OK)" - RSpec :: "memChType \ resType \ temporal" - USpec :: "memChType \ temporal" +definition BadWrite :: "memType \ resType \ PrIds \ Locs \ Vals \ action" + where "BadWrite mm rs p l v == ACT + \ (#l \ #MemLoc \ #v \ #MemVal) + \ ((rs!p)$ = #BadArg) \ unchanged (mm!l)" - (* memory invariant: in the paper, the invariant is hidden in the definition of - the predicate S used in the implementation proof, but it is easier to verify - at this level. *) - MemInv :: "memType \ Locs \ stpred" +definition WriteInner :: "memChType \ memType \ resType \ PrIds \ Locs \ Vals \ action" + where "WriteInner ch mm rs p l v == ACT + $(WrRequest ch p l v) + \ (GoodWrite mm rs p l v \ BadWrite mm rs p l v) + \ unchanged (rtrner ch ! p)" -defs - MInit_def: "MInit mm l == PRED mm!l = #InitVal" - PInit_def: "PInit rs p == PRED rs!p = #NotAResult" +definition Write :: "memChType \ memType \ resType \ PrIds \ Locs \ action" + where "Write ch mm rs p l == ACT (\v. WriteInner ch mm rs p l v)" + - RdRequest_def: "RdRequest ch p l == PRED - Calling ch p \ (arg = #(read l))" - WrRequest_def: "WrRequest ch p l v == PRED - Calling ch p \ (arg = #(write l v))" - (* a read that doesn't raise BadArg *) - GoodRead_def: "GoodRead mm rs p l == ACT - #l \ #MemLoc \ ((rs!p)$ = $(mm!l))" - (* a read that raises BadArg *) - BadRead_def: "BadRead mm rs p l == ACT - #l \ #MemLoc \ ((rs!p)$ = #BadArg)" - (* the read action with l visible *) - ReadInner_def: "ReadInner ch mm rs p l == ACT - $(RdRequest ch p l) - \ (GoodRead mm rs p l \ BadRead mm rs p l) - \ unchanged (rtrner ch ! p)" - (* the read action with l quantified *) - Read_def: "Read ch mm rs p == ACT (\l. ReadInner ch mm rs p l)" +(* the return action *) +definition MemReturn :: "memChType \ resType \ PrIds \ action" + where "MemReturn ch rs p == ACT + ( ($(rs!p) \ #NotAResult) + \ ((rs!p)$ = #NotAResult) + \ Return ch p (rs!p))" + +(* the failure action of the unreliable memory *) +definition MemFail :: "memChType \ resType \ PrIds \ action" + where "MemFail ch rs p == ACT + $(Calling ch p) + \ ((rs!p)$ = #MemFailure) + \ unchanged (rtrner ch ! p)" - (* similar definitions for the write action *) - GoodWrite_def: "GoodWrite mm rs p l v == ACT - #l \ #MemLoc \ #v \ #MemVal - \ ((mm!l)$ = #v) \ ((rs!p)$ = #OK)" - BadWrite_def: "BadWrite mm rs p l v == ACT - \ (#l \ #MemLoc \ #v \ #MemVal) - \ ((rs!p)$ = #BadArg) \ unchanged (mm!l)" - WriteInner_def: "WriteInner ch mm rs p l v == ACT - $(WrRequest ch p l v) - \ (GoodWrite mm rs p l v \ BadWrite mm rs p l v) - \ unchanged (rtrner ch ! p)" - Write_def: "Write ch mm rs p l == ACT (\v. WriteInner ch mm rs p l v)" +(* next-state relations for reliable / unreliable memory *) +definition RNext :: "memChType \ memType \ resType \ PrIds \ action" + where "RNext ch mm rs p == ACT + ( Read ch mm rs p + \ (\l. Write ch mm rs p l) + \ MemReturn ch rs p)" + +definition UNext :: "memChType \ memType \ resType \ PrIds \ action" + where "UNext ch mm rs p == ACT (RNext ch mm rs p \ MemFail ch rs p)" - (* the return action *) - MemReturn_def: "MemReturn ch rs p == ACT - ( ($(rs!p) \ #NotAResult) - \ ((rs!p)$ = #NotAResult) - \ Return ch p (rs!p))" + +(* temporal formulas *) + +definition RPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" + where "RPSpec ch mm rs p == TEMP + Init(PInit rs p) + \ \[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p) + \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) + \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - (* the failure action of the unreliable memory *) - MemFail_def: "MemFail ch rs p == ACT - $(Calling ch p) - \ ((rs!p)$ = #MemFailure) - \ unchanged (rtrner ch ! p)" - (* next-state relations for reliable / unreliable memory *) - RNext_def: "RNext ch mm rs p == ACT - ( Read ch mm rs p - \ (\l. Write ch mm rs p l) - \ MemReturn ch rs p)" - UNext_def: "UNext ch mm rs p == ACT - (RNext ch mm rs p \ MemFail ch rs p)" +definition UPSpec :: "memChType \ memType \ resType \ PrIds \ temporal" + where "UPSpec ch mm rs p == TEMP + Init(PInit rs p) + \ \[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p) + \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) + \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" + +definition MSpec :: "memChType \ memType \ resType \ Locs \ temporal" + where "MSpec ch mm rs l == TEMP + Init(MInit mm l) + \ \[ \p. Write ch mm rs p l ]_(mm!l)" + +definition IRSpec :: "memChType \ memType \ resType \ temporal" + where "IRSpec ch mm rs == TEMP + (\p. RPSpec ch mm rs p) + \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" - RPSpec_def: "RPSpec ch mm rs p == TEMP - Init(PInit rs p) - \ \[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p) - \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) - \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - UPSpec_def: "UPSpec ch mm rs p == TEMP - Init(PInit rs p) - \ \[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p) - \ WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p) - \ WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)" - MSpec_def: "MSpec ch mm rs l == TEMP - Init(MInit mm l) - \ \[ \p. Write ch mm rs p l ]_(mm!l)" - IRSpec_def: "IRSpec ch mm rs == TEMP - (\p. RPSpec ch mm rs p) - \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" - IUSpec_def: "IUSpec ch mm rs == TEMP - (\p. UPSpec ch mm rs p) - \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" +definition IUSpec :: "memChType \ memType \ resType \ temporal" + where "IUSpec ch mm rs == TEMP + (\p. UPSpec ch mm rs p) + \ (\l. #l \ #MemLoc \ MSpec ch mm rs l)" + +definition RSpec :: "memChType \ resType \ temporal" + where "RSpec ch rs == TEMP (\\mm. IRSpec ch mm rs)" - RSpec_def: "RSpec ch rs == TEMP (\\mm. IRSpec ch mm rs)" - USpec_def: "USpec ch == TEMP (\\mm rs. IUSpec ch mm rs)" +definition USpec :: "memChType \ temporal" + where "USpec ch == TEMP (\\mm rs. IUSpec ch mm rs)" - MemInv_def: "MemInv mm l == PRED #l \ #MemLoc \ mm!l \ #MemVal" +(* memory invariant: in the paper, the invariant is hidden in the definition of + the predicate S used in the implementation proof, but it is easier to verify + at this level. *) +definition MemInv :: "memType \ Locs \ stpred" + where "MemInv mm l == PRED #l \ #MemLoc \ mm!l \ #MemVal" lemmas RM_action_defs = MInit_def PInit_def RdRequest_def WrRequest_def MemInv_def @@ -165,7 +178,7 @@ *) lemma Memoryidle: "\ \$(Calling ch p) \ \ RNext ch mm rs p" - by (auto simp: Return_def RM_action_defs) + by (auto simp: AReturn_def RM_action_defs) (* Enabledness conditions *) @@ -178,7 +191,7 @@ apply (tactic \action_simp_tac @{context} [@{thm MemReturn_change} RSN (2, @{thm enabled_mono}) ] [] 1\) apply (tactic - \action_simp_tac (@{context} addsimps [@{thm MemReturn_def}, @{thm Return_def}, + \action_simp_tac (@{context} addsimps [@{thm MemReturn_def}, @{thm AReturn_def}, @{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\) done diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/MemoryImplementation.thy --- a/src/HOL/TLA/Memory/MemoryImplementation.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/MemoryImplementation.thy Tue Jan 12 20:05:53 2016 +0100 @@ -320,7 +320,7 @@ (* ==================== Lemmas about the environment ============================== *) lemma Envbusy: "\ $(Calling memCh p) \ \ENext p" - by (auto simp: ENext_def Call_def) + by (auto simp: ENext_def ACall_def) (* ==================== Lemmas about the implementation's states ==================== *) @@ -333,7 +333,7 @@ lemma S1Env: "\ ENext p \ $(S1 rmhist p) \ unchanged (c p, r p, m p, rmhist!p) \ (S2 rmhist p)$" - by (force simp: ENext_def Call_def c_def r_def m_def + by (force simp: ENext_def ACall_def c_def r_def m_def caller_def rtrner_def MVNROKBA_def S_def S1_def S2_def Calling_def) lemma S1ClerkUnch: "\ [MClkNext memCh crCh cst p]_(c p) \ $(S1 rmhist p) \ unchanged (c p)" @@ -352,7 +352,7 @@ \ unchanged (rmhist!p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm HNext_def}, @{thm S_def}, @{thm S1_def}, @{thm MemReturn_def}, @{thm RPCFail_def}, @{thm MClkReply_def}, - @{thm Return_def}]) [] [temp_use @{context} @{thm squareE}] 1\) + @{thm AReturn_def}]) [] [temp_use @{context} @{thm squareE}] 1\) (* ------------------------------ State S2 ---------------------------------------- *) @@ -367,7 +367,7 @@ \ unchanged (e p, r p, m p, rmhist!p) \ (S3 rmhist p)$" by (tactic \action_simp_tac (@{context} addsimps [@{thm MClkFwd_def}, - @{thm Call_def}, @{thm e_def}, @{thm r_def}, @{thm m_def}, @{thm caller_def}, + @{thm ACall_def}, @{thm e_def}, @{thm r_def}, @{thm m_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S2_def}, @{thm S3_def}, @{thm Calling_def}]) [] [] 1\) lemma S2RPCUnch: "\ [RPCNext crCh rmCh rst p]_(r p) \ $(S2 rmhist p) \ unchanged (r p)" @@ -380,7 +380,7 @@ \ unchanged (rmhist!p)" using [[fast_solver]] by (auto elim!: squareE [temp_use] simp: HNext_def MemReturn_def RPCFail_def - MClkReply_def Return_def S_def S2_def) + MClkReply_def AReturn_def S_def S2_def) (* ------------------------------ State S3 ---------------------------------------- *) @@ -405,7 +405,7 @@ \ (S4 rmhist p)$ \ unchanged (rmhist!p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm RPCFwd_def}, @{thm HNext_def}, @{thm MemReturn_def}, @{thm RPCFail_def}, - @{thm MClkReply_def}, @{thm Return_def}, @{thm Call_def}, @{thm e_def}, + @{thm MClkReply_def}, @{thm AReturn_def}, @{thm ACall_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S3_def}, @{thm S4_def}, @{thm Calling_def}]) [] [] 1\) @@ -413,7 +413,7 @@ \ unchanged (e p, c p, m p) \ (S6 rmhist p)$" by (tactic \action_simp_tac (@{context} addsimps [@{thm HNext_def}, - @{thm RPCFail_def}, @{thm Return_def}, @{thm e_def}, @{thm c_def}, + @{thm RPCFail_def}, @{thm AReturn_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm MVOKBARF_def}, @{thm S_def}, @{thm S3_def}, @{thm S6_def}, @{thm Calling_def}]) [] [] 1\) @@ -422,7 +422,7 @@ lemma S3Hist: "\ HNext rmhist p \ $(S3 rmhist p) \ unchanged (r p) \ unchanged (rmhist!p)" by (auto simp: HNext_def MemReturn_def RPCFail_def MClkReply_def - Return_def r_def rtrner_def S_def S3_def Calling_def) + AReturn_def r_def rtrner_def S_def S3_def Calling_def) (* ------------------------------ State S4 ---------------------------------------- *) @@ -441,7 +441,7 @@ \ (S4 rmhist p)$ \ unchanged (rmhist!p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm ReadInner_def}, @{thm GoodRead_def}, @{thm BadRead_def}, @{thm HNext_def}, @{thm MemReturn_def}, - @{thm RPCFail_def}, @{thm MClkReply_def}, @{thm Return_def}, @{thm e_def}, + @{thm RPCFail_def}, @{thm MClkReply_def}, @{thm AReturn_def}, @{thm e_def}, @{thm c_def}, @{thm r_def}, @{thm rtrner_def}, @{thm caller_def}, @{thm MVNROKBA_def}, @{thm S_def}, @{thm S4_def}, @{thm RdRequest_def}, @{thm Calling_def}, @{thm MemInv_def}]) [] [] 1\) @@ -455,7 +455,7 @@ \ (S4 rmhist p)$ \ unchanged (rmhist!p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm WriteInner_def}, @{thm GoodWrite_def}, @{thm BadWrite_def}, @{thm HNext_def}, @{thm MemReturn_def}, - @{thm RPCFail_def}, @{thm MClkReply_def}, @{thm Return_def}, @{thm e_def}, + @{thm RPCFail_def}, @{thm MClkReply_def}, @{thm AReturn_def}, @{thm e_def}, @{thm c_def}, @{thm r_def}, @{thm rtrner_def}, @{thm caller_def}, @{thm MVNROKBA_def}, @{thm S_def}, @{thm S4_def}, @{thm WrRequest_def}, @{thm Calling_def}]) [] [] 1\) @@ -471,12 +471,12 @@ lemma S4Return: "\ MemReturn rmCh ires p \ $S4 rmhist p \ unchanged (e p, c p, r p) \ HNext rmhist p \ (S5 rmhist p)$" - by (auto simp: HNext_def MemReturn_def Return_def e_def c_def r_def + by (auto simp: HNext_def MemReturn_def AReturn_def e_def c_def r_def rtrner_def caller_def MVNROKBA_def MVOKBA_def S_def S4_def S5_def Calling_def) lemma S4Hist: "\ HNext rmhist p \ $S4 rmhist p \ (m p)$ = $(m p) \ (rmhist!p)$ = $(rmhist!p)" by (auto simp: HNext_def MemReturn_def RPCFail_def MClkReply_def - Return_def m_def rtrner_def S_def S4_def Calling_def) + AReturn_def m_def rtrner_def S_def S4_def Calling_def) (* ------------------------------ State S5 ---------------------------------------- *) @@ -493,14 +493,14 @@ lemma S5Reply: "\ RPCReply crCh rmCh rst p \ $(S5 rmhist p) \ unchanged (e p, c p, m p,rmhist!p) \ (S6 rmhist p)$" by (tactic \action_simp_tac (@{context} addsimps [@{thm RPCReply_def}, - @{thm Return_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, @{thm MVOKBA_def}, + @{thm AReturn_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, @{thm MVOKBA_def}, @{thm MVOKBARF_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S5_def}, @{thm S6_def}, @{thm Calling_def}]) [] [] 1\) lemma S5Fail: "\ RPCFail crCh rmCh rst p \ $(S5 rmhist p) \ unchanged (e p, c p, m p,rmhist!p) \ (S6 rmhist p)$" by (tactic \action_simp_tac (@{context} addsimps [@{thm RPCFail_def}, - @{thm Return_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, + @{thm AReturn_def}, @{thm e_def}, @{thm c_def}, @{thm m_def}, @{thm MVOKBARF_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S5_def}, @{thm S6_def}, @{thm Calling_def}]) [] [] 1\) @@ -511,7 +511,7 @@ \ (rmhist!p)$ = $(rmhist!p)" using [[fast_solver]] by (auto elim!: squareE [temp_use] simp: HNext_def MemReturn_def RPCFail_def - MClkReply_def Return_def S_def S5_def) + MClkReply_def AReturn_def S_def S5_def) (* ------------------------------ State S6 ---------------------------------------- *) @@ -526,7 +526,7 @@ \ unchanged (e p,r p,m p) \ (S3 rmhist p)$ \ unchanged (rmhist!p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm HNext_def}, - @{thm MClkReply_def}, @{thm MClkRetry_def}, @{thm Call_def}, @{thm Return_def}, + @{thm MClkReply_def}, @{thm MClkRetry_def}, @{thm ACall_def}, @{thm AReturn_def}, @{thm e_def}, @{thm r_def}, @{thm m_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S6_def}, @{thm S3_def}, @{thm Calling_def}]) [] [] 1\) @@ -534,7 +534,7 @@ \ unchanged (e p,r p,m p) \ (S1 rmhist p)$" by (tactic \action_simp_tac (@{context} addsimps [@{thm HNext_def}, - @{thm MemReturn_def}, @{thm RPCFail_def}, @{thm Return_def}, @{thm MClkReply_def}, + @{thm MemReturn_def}, @{thm RPCFail_def}, @{thm AReturn_def}, @{thm MClkReply_def}, @{thm e_def}, @{thm r_def}, @{thm m_def}, @{thm caller_def}, @{thm rtrner_def}, @{thm S_def}, @{thm S6_def}, @{thm S1_def}, @{thm Calling_def}]) [] [] 1\) @@ -545,7 +545,7 @@ by (auto simp: S_def S6_def dest!: Memoryidle [temp_use]) lemma S6Hist: "\ HNext rmhist p \ $S6 rmhist p \ (c p)$ = $(c p) \ (rmhist!p)$ = $(rmhist!p)" - by (auto simp: HNext_def MClkReply_def Return_def c_def rtrner_def S_def S6_def Calling_def) + by (auto simp: HNext_def MClkReply_def AReturn_def c_def rtrner_def S_def S6_def Calling_def) section "Correctness of predicate-action diagram" @@ -676,7 +676,7 @@ apply (drule S6_excl [temp_use]) apply (auto simp: RPCFail_def MemFail_def e_def c_def m_def resbar_def) apply (force simp: S3_def S_def) - apply (auto simp: Return_def) + apply (auto simp: AReturn_def) done lemma Step1_4_4a1: "\ $S4 rmhist p \ (S4 rmhist p)$ \ ReadInner rmCh mm ires p l @@ -724,7 +724,7 @@ @{thm c_def}, @{thm r_def}, @{thm resbar_def}]) [] [] 1\) apply (drule S4_excl [temp_use] S5_excl [temp_use])+ using [[fast_solver]] - apply (auto elim!: squareE [temp_use] simp: MemReturn_def Return_def) + apply (auto elim!: squareE [temp_use] simp: MemReturn_def AReturn_def) done lemma Step1_4_5a: "\ RPCReply crCh rmCh rst p \ $S5 rmhist p \ (S6 rmhist p)$ @@ -733,7 +733,7 @@ apply clarsimp apply (drule S5_excl [temp_use] S6_excl [temp_use])+ apply (auto simp: e_def c_def m_def resbar_def) - apply (auto simp: RPCReply_def Return_def S5_def S_def dest!: MVOKBAnotRF [temp_use]) + apply (auto simp: RPCReply_def AReturn_def S5_def S_def dest!: MVOKBAnotRF [temp_use]) done lemma Step1_4_5b: "\ RPCFail crCh rmCh rst p \ $S5 rmhist p \ (S6 rmhist p)$ @@ -741,7 +741,7 @@ \ MemFail memCh (resbar rmhist) p" apply clarsimp apply (drule S6_excl [temp_use]) - apply (auto simp: e_def c_def m_def RPCFail_def Return_def MemFail_def resbar_def) + apply (auto simp: e_def c_def m_def RPCFail_def AReturn_def MemFail_def resbar_def) apply (auto simp: S5_def S_def) done @@ -752,7 +752,7 @@ apply (drule S6_excl [temp_use])+ apply (tactic \action_simp_tac (@{context} addsimps [@{thm e_def}, @{thm r_def}, @{thm m_def}, @{thm MClkReply_def}, @{thm MemReturn_def}, - @{thm Return_def}, @{thm resbar_def}]) [] [] 1\) + @{thm AReturn_def}, @{thm resbar_def}]) [] [] 1\) apply simp_all (* simplify if-then-else *) apply (tactic \ALLGOALS (action_simp_tac (@{context} addsimps [@{thm MClkReplyVal_def}, @{thm S6_def}, @{thm S_def}]) [] [@{thm MVOKBARFnotNR}])\) @@ -909,7 +909,7 @@ lemma S1_Returndisabled: "\ S1 rmhist p \ \Enabled (_(rtrner memCh!p, resbar rmhist!p))" by (tactic \action_simp_tac (@{context} addsimps [@{thm angle_def}, @{thm MemReturn_def}, - @{thm Return_def}, @{thm S_def}, @{thm S1_def}]) [notI] [@{thm enabledE}] 1\) + @{thm AReturn_def}, @{thm S_def}, @{thm S1_def}]) [notI] [@{thm enabledE}] 1\) lemma RNext_fair: "\ \\S1 rmhist p \ WF(RNext memCh mm (resbar rmhist) p)_(rtrner memCh!p, resbar rmhist!p)" @@ -1088,7 +1088,7 @@ lemma MClkReplyS6: "\ $ImpInv rmhist p \ _(c p) \ $S6 rmhist p" by (tactic \action_simp_tac (@{context} addsimps [@{thm angle_def}, - @{thm MClkReply_def}, @{thm Return_def}, @{thm ImpInv_def}, @{thm S_def}, + @{thm MClkReply_def}, @{thm AReturn_def}, @{thm ImpInv_def}, @{thm S_def}, @{thm S1_def}, @{thm S2_def}, @{thm S3_def}, @{thm S4_def}, @{thm S5_def}]) [] [] 1\) lemma S6MClkReply_enabled: "\ S6 rmhist p \ Enabled (_(c p))" diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/ProcedureInterface.thy --- a/src/HOL/TLA/Memory/ProcedureInterface.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/ProcedureInterface.thy Tue Jan 12 20:05:53 2016 +0100 @@ -16,76 +16,90 @@ *) type_synonym ('a,'r) channel =" (PrIds \ ('a,'r) chan) stfun" + +(* data-level functions *) + consts - (* data-level functions *) cbit :: "('a,'r) chan \ bit" rbit :: "('a,'r) chan \ bit" arg :: "('a,'r) chan \ 'a" res :: "('a,'r) chan \ 'r" - (* state functions *) - caller :: "('a,'r) channel \ (PrIds \ (bit * 'a)) stfun" - rtrner :: "('a,'r) channel \ (PrIds \ (bit * 'r)) stfun" + +(* state functions *) - (* state predicates *) - Calling :: "('a,'r) channel \ PrIds \ stpred" +definition caller :: "('a,'r) channel \ (PrIds \ (bit * 'a)) stfun" + where "caller ch == \s p. (cbit (ch s p), arg (ch s p))" - (* actions *) - ACall :: "('a,'r) channel \ PrIds \ 'a stfun \ action" - AReturn :: "('a,'r) channel \ PrIds \ 'r stfun \ action" +definition rtrner :: "('a,'r) channel \ (PrIds \ (bit * 'r)) stfun" + where "rtrner ch == \s p. (rbit (ch s p), res (ch s p))" + - (* temporal formulas *) - PLegalCaller :: "('a,'r) channel \ PrIds \ temporal" - LegalCaller :: "('a,'r) channel \ temporal" - PLegalReturner :: "('a,'r) channel \ PrIds \ temporal" - LegalReturner :: "('a,'r) channel \ temporal" +(* slice through array-valued state function *) - (* slice through array-valued state function *) - slice :: "('a \ 'b) stfun \ 'a \ 'b stfun" +definition slice :: "('a \ 'b) stfun \ 'a \ 'b stfun" + where "slice x i s \ x s i" syntax - "_slice" :: "[lift, 'a] \ lift" ("(_!_)" [70,70] 70) - - "_Call" :: "['a, 'b, lift] \ lift" ("(Call _ _ _)" [90,90,90] 90) - "_Return" :: "['a, 'b, lift] \ lift" ("(Return _ _ _)" [90,90,90] 90) - + "_slice" :: "[lift, 'a] \ lift" ("(_!_)" [70,70] 70) translations - "_slice" == "CONST slice" + "_slice" \ "CONST slice" + + +(* state predicates *) + +definition Calling :: "('a,'r) channel \ PrIds \ stpred" + where "Calling ch p == PRED cbit< ch!p > \ rbit< ch!p >" - "_Call" == "CONST ACall" - "_Return" == "CONST AReturn" + +(* actions *) -defs - slice_def: "(PRED (x!i)) s == x s i" +definition ACall :: "('a,'r) channel \ PrIds \ 'a stfun \ action" + where "ACall ch p v \ ACT + \ $Calling ch p + \ (cbit$ \ $rbit) + \ (arg$ = $v)" - caller_def: "caller ch == \s p. (cbit (ch s p), arg (ch s p))" - rtrner_def: "rtrner ch == \s p. (rbit (ch s p), res (ch s p))" +definition AReturn :: "('a,'r) channel \ PrIds \ 'r stfun \ action" + where "AReturn ch p v == ACT + $Calling ch p + \ (rbit$ = $cbit) + \ (res$ = $v)" + +syntax + "_Call" :: "['a, 'b, lift] \ lift" ("(Call _ _ _)" [90,90,90] 90) + "_Return" :: "['a, 'b, lift] \ lift" ("(Return _ _ _)" [90,90,90] 90) +translations + "_Call" \ "CONST ACall" + "_Return" \ "CONST AReturn" + - Calling_def: "Calling ch p == PRED cbit< ch!p > \ rbit< ch!p >" - Call_def: "(ACT Call ch p v) == ACT \ $Calling ch p - \ (cbit$ \ $rbit) - \ (arg$ = $v)" - Return_def: "(ACT Return ch p v) == ACT $Calling ch p - \ (rbit$ = $cbit) - \ (res$ = $v)" - PLegalCaller_def: "PLegalCaller ch p == TEMP - Init(\ Calling ch p) - \ \[\a. Call ch p a ]_((caller ch)!p)" - LegalCaller_def: "LegalCaller ch == TEMP (\p. PLegalCaller ch p)" - PLegalReturner_def: "PLegalReturner ch p == TEMP - \[\v. Return ch p v ]_((rtrner ch)!p)" - LegalReturner_def: "LegalReturner ch == TEMP (\p. PLegalReturner ch p)" +(* temporal formulas *) + +definition PLegalCaller :: "('a,'r) channel \ PrIds \ temporal" + where "PLegalCaller ch p == TEMP + Init(\ Calling ch p) + \ \[\a. Call ch p a ]_((caller ch)!p)" + +definition LegalCaller :: "('a,'r) channel \ temporal" + where "LegalCaller ch == TEMP (\p. PLegalCaller ch p)" + +definition PLegalReturner :: "('a,'r) channel \ PrIds \ temporal" + where "PLegalReturner ch p == TEMP \[\v. Return ch p v ]_((rtrner ch)!p)" + +definition LegalReturner :: "('a,'r) channel \ temporal" + where "LegalReturner ch == TEMP (\p. PLegalReturner ch p)" declare slice_def [simp] -lemmas Procedure_defs = caller_def rtrner_def Calling_def Call_def Return_def +lemmas Procedure_defs = caller_def rtrner_def Calling_def ACall_def AReturn_def PLegalCaller_def LegalCaller_def PLegalReturner_def LegalReturner_def (* Calls and returns change their subchannel *) lemma Call_changed: "\ Call ch p v \ _((caller ch)!p)" - by (auto simp: angle_def Call_def caller_def Calling_def) + by (auto simp: angle_def ACall_def caller_def Calling_def) lemma Return_changed: "\ Return ch p v \ _((rtrner ch)!p)" - by (auto simp: angle_def Return_def rtrner_def Calling_def) + by (auto simp: angle_def AReturn_def rtrner_def Calling_def) end diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/RPC.thy --- a/src/HOL/TLA/Memory/RPC.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/RPC.thy Tue Jan 12 20:05:53 2016 +0100 @@ -12,63 +12,64 @@ type_synonym rpcRcvChType = "memChType" type_synonym rpcStType = "(PrIds \ rpcState) stfun" -consts - (* state predicates *) - RPCInit :: "rpcRcvChType \ rpcStType \ PrIds \ stpred" + +(* state predicates *) - (* actions *) - RPCFwd :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCReject :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCFail :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCReply :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" - RPCNext :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" +definition RPCInit :: "rpcRcvChType \ rpcStType \ PrIds \ stpred" + where "RPCInit rcv rst p == PRED ((rst!p = #rpcA) \ \Calling rcv p)" + + +(* actions *) - (* temporal *) - RPCIPSpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ temporal" - RPCISpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ temporal" - -defs - RPCInit_def: "RPCInit rcv rst p == PRED ((rst!p = #rpcA) \ \Calling rcv p)" +definition RPCFwd :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCFwd send rcv rst p == ACT + $(Calling send p) + \ $(rst!p) = # rpcA + \ IsLegalRcvArg> + \ Call rcv p RPCRelayArg> + \ (rst!p)$ = # rpcB + \ unchanged (rtrner send!p)" - RPCFwd_def: "RPCFwd send rcv rst p == ACT - $(Calling send p) - \ $(rst!p) = # rpcA - \ IsLegalRcvArg> - \ Call rcv p RPCRelayArg> - \ (rst!p)$ = # rpcB - \ unchanged (rtrner send!p)" +definition RPCReject :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCReject send rcv rst p == ACT + $(rst!p) = # rpcA + \ \IsLegalRcvArg> + \ Return send p #BadCall + \ unchanged ((rst!p), (caller rcv!p))" - RPCReject_def: "RPCReject send rcv rst p == ACT - $(rst!p) = # rpcA - \ \IsLegalRcvArg> - \ Return send p #BadCall - \ unchanged ((rst!p), (caller rcv!p))" +definition RPCFail :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCFail send rcv rst p == ACT + \$(Calling rcv p) + \ Return send p #RPCFailure + \ (rst!p)$ = #rpcA + \ unchanged (caller rcv!p)" - RPCFail_def: "RPCFail send rcv rst p == ACT - \$(Calling rcv p) - \ Return send p #RPCFailure - \ (rst!p)$ = #rpcA - \ unchanged (caller rcv!p)" +definition RPCReply :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCReply send rcv rst p == ACT + \$(Calling rcv p) + \ $(rst!p) = #rpcB + \ Return send p res + \ (rst!p)$ = #rpcA + \ unchanged (caller rcv!p)" - RPCReply_def: "RPCReply send rcv rst p == ACT - \$(Calling rcv p) - \ $(rst!p) = #rpcB - \ Return send p res - \ (rst!p)$ = #rpcA - \ unchanged (caller rcv!p)" +definition RPCNext :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ action" + where "RPCNext send rcv rst p == ACT + ( RPCFwd send rcv rst p + \ RPCReject send rcv rst p + \ RPCFail send rcv rst p + \ RPCReply send rcv rst p)" + - RPCNext_def: "RPCNext send rcv rst p == ACT - ( RPCFwd send rcv rst p - \ RPCReject send rcv rst p - \ RPCFail send rcv rst p - \ RPCReply send rcv rst p)" +(* temporal *) - RPCIPSpec_def: "RPCIPSpec send rcv rst p == TEMP - Init RPCInit rcv rst p - \ \[ RPCNext send rcv rst p ]_(rst!p, rtrner send!p, caller rcv!p) - \ WF(RPCNext send rcv rst p)_(rst!p, rtrner send!p, caller rcv!p)" +definition RPCIPSpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ PrIds \ temporal" + where "RPCIPSpec send rcv rst p == TEMP + Init RPCInit rcv rst p + \ \[ RPCNext send rcv rst p ]_(rst!p, rtrner send!p, caller rcv!p) + \ WF(RPCNext send rcv rst p)_(rst!p, rtrner send!p, caller rcv!p)" - RPCISpec_def: "RPCISpec send rcv rst == TEMP (\p. RPCIPSpec send rcv rst p)" +definition RPCISpec :: "rpcSndChType \ rpcRcvChType \ rpcStType \ temporal" + where "RPCISpec send rcv rst == TEMP (\p. RPCIPSpec send rcv rst p)" lemmas RPC_action_defs = @@ -82,7 +83,7 @@ *) lemma RPCidle: "\ \$(Calling send p) \ \RPCNext send rcv rst p" - by (auto simp: Return_def RPC_action_defs) + by (auto simp: AReturn_def RPC_action_defs) lemma RPCbusy: "\ $(Calling rcv p) \ $(rst!p) = #rpcB \ \RPCNext send rcv rst p" by (auto simp: RPC_action_defs) @@ -100,14 +101,14 @@ lemma RPCFail_enabled: "\p. basevars (rtrner send!p, caller rcv!p, rst!p) \ \ \Calling rcv p \ Calling send p \ Enabled (RPCFail send rcv rst p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm RPCFail_def}, - @{thm Return_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] + @{thm AReturn_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\) lemma RPCReply_enabled: "\p. basevars (rtrner send!p, caller rcv!p, rst!p) \ \ \Calling rcv p \ Calling send p \ rst!p = #rpcB \ Enabled (RPCReply send rcv rst p)" by (tactic \action_simp_tac (@{context} addsimps [@{thm RPCReply_def}, - @{thm Return_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] + @{thm AReturn_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\) end diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Memory/RPCParameters.thy --- a/src/HOL/TLA/Memory/RPCParameters.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Memory/RPCParameters.thy Tue Jan 12 20:05:53 2016 +0100 @@ -16,32 +16,28 @@ datatype rpcOp = memcall memOp | othercall Vals datatype rpcState = rpcA | rpcB -consts - (* some particular return values *) - RPCFailure :: Vals - BadCall :: Vals - - (* Translate an rpc call to a memory call and test if the current argument - is legal for the receiver (i.e., the memory). This can now be a little - simpler than for the generic RPC component. RelayArg returns an arbitrary - memory call for illegal arguments. *) - IsLegalRcvArg :: "rpcOp \ bool" - RPCRelayArg :: "rpcOp \ memOp" - -axiomatization where +axiomatization RPCFailure :: Vals and BadCall :: Vals +where (* RPCFailure is different from MemVals and exceptions *) RFNoMemVal: "RPCFailure \ MemVal" and NotAResultNotRF: "NotAResult \ RPCFailure" and OKNotRF: "OK \ RPCFailure" and BANotRF: "BadArg \ RPCFailure" -defs - IsLegalRcvArg_def: "IsLegalRcvArg ra == - case ra of (memcall m) \ True - | (othercall v) \ False" - RPCRelayArg_def: "RPCRelayArg ra == - case ra of (memcall m) \ m - | (othercall v) \ undefined" +(* Translate an rpc call to a memory call and test if the current argument + is legal for the receiver (i.e., the memory). This can now be a little + simpler than for the generic RPC component. RelayArg returns an arbitrary + memory call for illegal arguments. *) + +definition IsLegalRcvArg :: "rpcOp \ bool" + where "IsLegalRcvArg ra == + case ra of (memcall m) \ True + | (othercall v) \ False" + +definition RPCRelayArg :: "rpcOp \ memOp" + where "RPCRelayArg ra == + case ra of (memcall m) \ m + | (othercall v) \ undefined" lemmas [simp] = RFNoMemVal NotAResultNotRF OKNotRF BANotRF NotAResultNotRF [symmetric] OKNotRF [symmetric] BANotRF [symmetric] diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/TLA/Stfun.thy --- a/src/HOL/TLA/Stfun.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/TLA/Stfun.thy Tue Jan 12 20:05:53 2016 +0100 @@ -40,15 +40,17 @@ "PRED P" => "(P::state \ _)" "_stvars" == "CONST stvars" -defs - (* Base variables may be assigned arbitrary (type-correct) values. - Note that vs may be a tuple of variables. The correct identification - of base variables is up to the user who must take care not to - introduce an inconsistency. For example, "basevars (x,x)" would - definitely be inconsistent. - *) - basevars_def: "stvars vs == range vs = UNIV" - +(* Base variables may be assigned arbitrary (type-correct) values. + Note that vs may be a tuple of variables. The correct identification + of base variables is up to the user who must take care not to + introduce an inconsistency. For example, "basevars (x,x)" would + definitely be inconsistent. +*) +overloading stvars \ stvars +begin + definition stvars :: "(state \ 'a) \ bool" + where basevars_def: "stvars vs == range vs = UNIV" +end lemma basevars: "\vs. basevars vs \ \u. vs u = c" apply (unfold basevars_def) diff -r 18a217591310 -r ec2f0dad8b98 src/HOL/ex/Refute_Examples.thy --- a/src/HOL/ex/Refute_Examples.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/HOL/ex/Refute_Examples.thy Tue Jan 12 20:05:53 2016 +0100 @@ -894,10 +894,20 @@ consts inverse :: "'a \ 'a" -defs (overloaded) - inverse_bool: "inverse (b::bool) == ~ b" - inverse_set : "inverse (S::'a set) == -S" - inverse_pair: "inverse p == (inverse (fst p), inverse (snd p))" +overloading inverse_bool \ "inverse :: bool \ bool" +begin + definition "inverse (b::bool) \ \ b" +end + +overloading inverse_set \ "inverse :: 'a set \ 'a set" +begin + definition "inverse (S::'a set) \ -S" +end + +overloading inverse_pair \ "inverse :: 'a \ 'b \ 'a \ 'b" +begin + definition "inverse_pair p \ (inverse (fst p), inverse (snd p))" +end lemma "inverse b" refute [expect = genuine] diff -r 18a217591310 -r ec2f0dad8b98 src/Pure/Thy/document_antiquotations.ML --- a/src/Pure/Thy/document_antiquotations.ML Tue Jan 12 16:59:32 2016 +0100 +++ b/src/Pure/Thy/document_antiquotations.ML Tue Jan 12 20:05:53 2016 +0100 @@ -7,6 +7,27 @@ structure Document_Antiquotations: sig end = struct +(* Markdown errors *) + +local + +fun markdown_error binding = + Thy_Output.antiquotation binding (Scan.succeed ()) + (fn {source, ...} => fn _ => + error ("Bad Markdown structure: illegal " ^ quote (Binding.name_of binding) ^ + Position.here (Position.reset_range (#1 (Token.range_of source))))) + +in + +val _ = + Theory.setup + (markdown_error @{binding item} #> + markdown_error @{binding enum} #> + markdown_error @{binding descr}); + +end; + + (* control spacing *) val _ = diff -r 18a217591310 -r ec2f0dad8b98 src/Sequents/ILL.thy --- a/src/Sequents/ILL.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/Sequents/ILL.thy Tue Jan 12 20:05:53 2016 +0100 @@ -12,14 +12,12 @@ tens :: "[o, o] \ o" (infixr "><" 35) limp :: "[o, o] \ o" (infixr "-o" 45) - liff :: "[o, o] \ o" (infixr "o-o" 45) FShriek :: "o \ o" ("! _" [100] 1000) lconj :: "[o, o] \ o" (infixr "&&" 35) ldisj :: "[o, o] \ o" (infixr "++" 35) zero :: "o" ("0") top :: "o" ("1") eye :: "o" ("I") - aneg :: "o\o" ("~_") (* context manipulation *) @@ -47,11 +45,11 @@ (@{const_syntax PromAux}, K (three_seq_tr' @{syntax_const "_PromAux"}))] \ -defs +definition liff :: "[o, o] \ o" (infixr "o-o" 45) + where "P o-o Q == (P -o Q) >< (Q -o P)" -liff_def: "P o-o Q == (P -o Q) >< (Q -o P)" - -aneg_def: "~A == A -o 0" +definition aneg :: "o\o" ("~_") + where "~A == A -o 0" axiomatization where diff -r 18a217591310 -r ec2f0dad8b98 src/Sequents/Modal0.thy --- a/src/Sequents/Modal0.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/Sequents/Modal0.thy Tue Jan 12 20:05:53 2016 +0100 @@ -12,8 +12,6 @@ consts box :: "o\o" ("[]_" [50] 50) dia :: "o\o" ("<>_" [50] 50) - strimp :: "[o,o]\o" (infixr "--<" 25) - streqv :: "[o,o]\o" (infixr ">-<" 25) Lstar :: "two_seqi" Rstar :: "two_seqi" @@ -36,9 +34,11 @@ (@{const_syntax Rstar}, K (star_tr' @{syntax_const "_Rstar"}))] \ -defs - strimp_def: "P --< Q == [](P \ Q)" - streqv_def: "P >-< Q == (P --< Q) \ (Q --< P)" +definition strimp :: "[o,o]\o" (infixr "--<" 25) + where "P --< Q == [](P \ Q)" + +definition streqv :: "[o,o]\o" (infixr ">-<" 25) + where "P >-< Q == (P --< Q) \ (Q --< P)" lemmas rewrite_rls = strimp_def streqv_def diff -r 18a217591310 -r ec2f0dad8b98 src/ZF/ZF.thy --- a/src/ZF/ZF.thy Tue Jan 12 16:59:32 2016 +0100 +++ b/src/ZF/ZF.thy Tue Jan 12 20:05:53 2016 +0100 @@ -3,147 +3,262 @@ Copyright 1993 University of Cambridge *) -section\Zermelo-Fraenkel Set Theory\ +section \Zermelo-Fraenkel Set Theory\ theory ZF imports "~~/src/FOL/FOL" begin +subsection \Signature\ + declare [[eta_contract = false]] typedecl i instance i :: "term" .. -axiomatization - zero :: "i" ("0") \\the empty set\ and - Pow :: "i => i" \\power sets\ and - Inf :: "i" \\infinite set\ +axiomatization mem :: "[i, i] \ o" (infixl "\" 50) \ \membership relation\ + and zero :: "i" ("0") \ \the empty set\ + and Pow :: "i \ i" \ \power sets\ + and Inf :: "i" \ \infinite set\ + and Union :: "i \ i" ("\_" [90] 90) + and PrimReplace :: "[i, [i, i] \ o] \ i" + +abbreviation not_mem :: "[i, i] \ o" (infixl "\" 50) \ \negated membership relation\ + where "x \ y \ \ (x \ y)" + + +subsection \Bounded Quantifiers\ + +definition Ball :: "[i, i \ o] \ o" + where "Ball(A, P) \ \x. x\A \ P(x)" -text \Bounded Quantifiers\ -consts - Ball :: "[i, i => o] => o" - Bex :: "[i, i => o] => o" +definition Bex :: "[i, i \ o] \ o" + where "Bex(A, P) \ \x. x\A \ P(x)" -text \General Union and Intersection\ -axiomatization Union :: "i => i" ("\_" [90] 90) -consts Inter :: "i => i" ("\_" [90] 90) +syntax + "_Ball" :: "[pttrn, i, o] \ o" ("(3\_\_./ _)" 10) + "_Bex" :: "[pttrn, i, o] \ o" ("(3\_\_./ _)" 10) +translations + "\x\A. P" \ "CONST Ball(A, \x. P)" + "\x\A. P" \ "CONST Bex(A, \x. P)" + + +subsection \Variations on Replacement\ + +(* Derived form of replacement, restricting P to its functional part. + The resulting set (for functional P) is the same as with + PrimReplace, but the rules are simpler. *) +definition Replace :: "[i, [i, i] \ o] \ i" + where "Replace(A,P) == PrimReplace(A, %x y. (EX!z. P(x,z)) & P(x,y))" -text \Variations on Replacement\ -axiomatization PrimReplace :: "[i, [i, i] => o] => i" -consts - Replace :: "[i, [i, i] => o] => i" - RepFun :: "[i, i => i] => i" - Collect :: "[i, i => o] => i" +syntax + "_Replace" :: "[pttrn, pttrn, i, o] => i" ("(1{_ ./ _ \ _, _})") +translations + "{y. x\A, Q}" \ "CONST Replace(A, \x y. Q)" + + +(* Functional form of replacement -- analgous to ML's map functional *) + +definition RepFun :: "[i, i \ i] \ i" + where "RepFun(A,f) == {y . x\A, y=f(x)}" + +syntax + "_RepFun" :: "[i, pttrn, i] => i" ("(1{_ ./ _ \ _})" [51,0,51]) +translations + "{b. x\A}" \ "CONST RepFun(A, \x. b)" + -text\Definite descriptions -- via Replace over the set "1"\ -consts - The :: "(i => o) => i" (binder "THE " 10) - If :: "[o, i, i] => i" ("(if (_)/ then (_)/ else (_))" [10] 10) +(* Separation and Pairing can be derived from the Replacement + and Powerset Axioms using the following definitions. *) +definition Collect :: "[i, i \ o] \ i" + where "Collect(A,P) == {y . x\A, x=y & P(x)}" + +syntax + "_Collect" :: "[pttrn, i, o] \ i" ("(1{_ \ _ ./ _})") +translations + "{x\A. P}" \ "CONST Collect(A, \x. P)" + -abbreviation (input) - old_if :: "[o, i, i] => i" ("if '(_,_,_')") where - "if(P,a,b) == If(P,a,b)" +subsection \General union and intersection\ + +definition Inter :: "i => i" ("\_" [90] 90) + where "\(A) == { x\\(A) . \y\A. x\y}" + +syntax + "_UNION" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) + "_INTER" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) +translations + "\x\A. B" == "CONST Union({B. x\A})" + "\x\A. B" == "CONST Inter({B. x\A})" -text \Finite Sets\ -consts - Upair :: "[i, i] => i" - cons :: "[i, i] => i" - succ :: "i => i" +subsection \Finite sets and binary operations\ + +(*Unordered pairs (Upair) express binary union/intersection and cons; + set enumerations translate as {a,...,z} = cons(a,...,cons(z,0)...)*) + +definition Upair :: "[i, i] => i" + where "Upair(a,b) == {y. x\Pow(Pow(0)), (x=0 & y=a) | (x=Pow(0) & y=b)}" -text \Ordered Pairing\ -consts - Pair :: "[i, i] => i" - fst :: "i => i" - snd :: "i => i" - split :: "[[i, i] => 'a, i] => 'a::{}" \\for pattern-matching\ +definition Subset :: "[i, i] \ o" (infixl "\" 50) \ \subset relation\ + where subset_def: "A \ B \ \x\A. x\B" + +definition Diff :: "[i, i] \ i" (infixl "-" 65) \ \set difference\ + where "A - B == { x\A . ~(x\B) }" -text \Sigma and Pi Operators\ -consts - Sigma :: "[i, i => i] => i" - Pi :: "[i, i => i] => i" +definition Un :: "[i, i] \ i" (infixl "\" 65) \ \binary union\ + where "A \ B == \(Upair(A,B))" + +definition Int :: "[i, i] \ i" (infixl "\" 70) \ \binary intersection\ + where "A \ B == \(Upair(A,B))" -text \Relations and Functions\ -consts - "domain" :: "i => i" - range :: "i => i" - field :: "i => i" - converse :: "i => i" - relation :: "i => o" \\recognizes sets of pairs\ - "function" :: "i => o" \\recognizes functions; can have non-pairs\ - Lambda :: "[i, i => i] => i" - restrict :: "[i, i] => i" +definition cons :: "[i, i] => i" + where "cons(a,A) == Upair(a,a) \ A" + +definition succ :: "i => i" + where "succ(i) == cons(i, i)" -text \Infixes in order of decreasing precedence\ -consts - Image :: "[i, i] => i" (infixl "``" 90) \\image\ - vimage :: "[i, i] => i" (infixl "-``" 90) \\inverse image\ - "apply" :: "[i, i] => i" (infixl "`" 90) \\function application\ - "Int" :: "[i, i] => i" (infixl "\" 70) \\binary intersection\ - "Un" :: "[i, i] => i" (infixl "\" 65) \\binary union\ - Diff :: "[i, i] => i" (infixl "-" 65) \\set difference\ - Subset :: "[i, i] => o" (infixl "\" 50) \\subset relation\ +nonterminal "is" +syntax + "" :: "i \ is" ("_") + "_Enum" :: "[i, is] \ is" ("_,/ _") + "_Finset" :: "is \ i" ("{(_)}") +translations + "{x, xs}" == "CONST cons(x, {xs})" + "{x}" == "CONST cons(x, 0)" + + +subsection \Axioms\ + +(* ZF axioms -- see Suppes p.238 + Axioms for Union, Pow and Replace state existence only, + uniqueness is derivable using extensionality. *) axiomatization - mem :: "[i, i] => o" (infixl "\" 50) \\membership relation\ - -abbreviation - not_mem :: "[i, i] => o" (infixl "\" 50) \\negated membership relation\ - where "x \ y \ \ (x \ y)" +where + extension: "A = B \ A \ B \ B \ A" and + Union_iff: "A \ \(C) \ (\B\C. A\B)" and + Pow_iff: "A \ Pow(B) \ A \ B" and -abbreviation - cart_prod :: "[i, i] => i" (infixr "\" 80) \\Cartesian product\ - where "A \ B \ Sigma(A, \_. B)" + (*We may name this set, though it is not uniquely defined.*) + infinity: "0 \ Inf \ (\y\Inf. succ(y) \ Inf)" and -abbreviation - function_space :: "[i, i] => i" (infixr "->" 60) \\function space\ - where "A -> B \ Pi(A, \_. B)" + (*This formulation facilitates case analysis on A.*) + foundation: "A = 0 \ (\x\A. \y\x. y\A)" and + + (*Schema axiom since predicate P is a higher-order variable*) + replacement: "(\x\A. \y z. P(x,y) \ P(x,z) \ y = z) \ + b \ PrimReplace(A,P) \ (\x\A. P(x,b))" -nonterminal "is" and patterns +subsection \Definite descriptions -- via Replace over the set "1"\ + +definition The :: "(i \ o) \ i" (binder "THE " 10) + where the_def: "The(P) == \({y . x \ {0}, P(y)})" -syntax - "" :: "i => is" ("_") - "_Enum" :: "[i, is] => is" ("_,/ _") +definition If :: "[o, i, i] \ i" ("(if (_)/ then (_)/ else (_))" [10] 10) + where if_def: "if P then a else b == THE z. P & z=a | ~P & z=b" + +abbreviation (input) + old_if :: "[o, i, i] => i" ("if '(_,_,_')") + where "if(P,a,b) == If(P,a,b)" + + +subsection \Ordered Pairing\ - "_Finset" :: "is => i" ("{(_)}") - "_Tuple" :: "[i, is] => i" ("\(_,/ _)\") - "_Collect" :: "[pttrn, i, o] => i" ("(1{_ \ _ ./ _})") - "_Replace" :: "[pttrn, pttrn, i, o] => i" ("(1{_ ./ _ \ _, _})") - "_RepFun" :: "[i, pttrn, i] => i" ("(1{_ ./ _ \ _})" [51,0,51]) - "_UNION" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) - "_INTER" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) - "_PROD" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) - "_SUM" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) - "_lam" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) - "_Ball" :: "[pttrn, i, o] => o" ("(3\_\_./ _)" 10) - "_Bex" :: "[pttrn, i, o] => o" ("(3\_\_./ _)" 10) +(* this "symmetric" definition works better than {{a}, {a,b}} *) +definition Pair :: "[i, i] => i" + where "Pair(a,b) == {{a,a}, {a,b}}" + +definition fst :: "i \ i" + where "fst(p) == THE a. \b. p = Pair(a, b)" - (** Patterns -- extends pre-defined type "pttrn" used in abstractions **) +definition snd :: "i \ i" + where "snd(p) == THE b. \a. p = Pair(a, b)" +definition split :: "[[i, i] \ 'a, i] \ 'a::{}" \ \for pattern-matching\ + where "split(c) == \p. c(fst(p), snd(p))" + +(* Patterns -- extends pre-defined type "pttrn" used in abstractions *) +nonterminal patterns +syntax "_pattern" :: "patterns => pttrn" ("\_\") "" :: "pttrn => patterns" ("_") "_patterns" :: "[pttrn, patterns] => patterns" ("_,/_") - + "_Tuple" :: "[i, is] => i" ("\(_,/ _)\") translations - "{x, xs}" == "CONST cons(x, {xs})" - "{x}" == "CONST cons(x, 0)" - "{x\A. P}" == "CONST Collect(A, \x. P)" - "{y. x\A, Q}" == "CONST Replace(A, \x y. Q)" - "{b. x\A}" == "CONST RepFun(A, \x. b)" - "\x\A. B" == "CONST Inter({B. x\A})" - "\x\A. B" == "CONST Union({B. x\A})" - "\x\A. B" == "CONST Pi(A, \x. B)" - "\x\A. B" == "CONST Sigma(A, \x. B)" - "\x\A. f" == "CONST Lambda(A, \x. f)" - "\x\A. P" == "CONST Ball(A, \x. P)" - "\x\A. P" == "CONST Bex(A, \x. P)" - "\x, y, z\" == "\x, \y, z\\" "\x, y\" == "CONST Pair(x, y)" "\\x,y,zs\.b" == "CONST split(\x \y,zs\.b)" "\\x,y\.b" == "CONST split(\x y. b)" +definition Sigma :: "[i, i \ i] \ i" + where "Sigma(A,B) == \x\A. \y\B(x). {\x,y\}" + +abbreviation cart_prod :: "[i, i] => i" (infixr "\" 80) \ \Cartesian product\ + where "A \ B \ Sigma(A, \_. B)" + + +subsection \Relations and Functions\ + +(*converse of relation r, inverse of function*) +definition converse :: "i \ i" + where "converse(r) == {z. w\r, \x y. w=\x,y\ \ z=\y,x\}" + +definition domain :: "i \ i" + where "domain(r) == {x. w\r, \y. w=\x,y\}" + +definition range :: "i \ i" + where "range(r) == domain(converse(r))" + +definition field :: "i \ i" + where "field(r) == domain(r) \ range(r)" + +definition relation :: "i \ o" \ \recognizes sets of pairs\ + where "relation(r) == \z\r. \x y. z = \x,y\" + +definition function :: "i \ o" \ \recognizes functions; can have non-pairs\ + where "function(r) == \x y. \x,y\ \ r \ (\y'. \x,y'\ \ r \ y = y')" + +definition Image :: "[i, i] \ i" (infixl "``" 90) \ \image\ + where image_def: "r `` A == {y \ range(r). \x\A. \x,y\ \ r}" + +definition vimage :: "[i, i] \ i" (infixl "-``" 90) \ \inverse image\ + where vimage_def: "r -`` A == converse(r)``A" + +(* Restrict the relation r to the domain A *) +definition restrict :: "[i, i] \ i" + where "restrict(r,A) == {z \ r. \x\A. \y. z = \x,y\}" + + +(* Abstraction, application and Cartesian product of a family of sets *) + +definition Lambda :: "[i, i \ i] \ i" + where lam_def: "Lambda(A,b) == {\x,b(x)\. x\A}" + +definition "apply" :: "[i, i] \ i" (infixl "`" 90) \ \function application\ + where "f`a == \(f``{a})" + +definition Pi :: "[i, i \ i] \ i" + where "Pi(A,B) == {f\Pow(Sigma(A,B)). A\domain(f) & function(f)}" + +abbreviation function_space :: "[i, i] \ i" (infixr "->" 60) \ \function space\ + where "A -> B \ Pi(A, \_. B)" + + +(* binder syntax *) + +syntax + "_PROD" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) + "_SUM" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) + "_lam" :: "[pttrn, i, i] => i" ("(3\_\_./ _)" 10) +translations + "\x\A. B" == "CONST Pi(A, \x. B)" + "\x\A. B" == "CONST Sigma(A, \x. B)" + "\x\A. f" == "CONST Lambda(A, \x. f)" + + +subsection \ASCII syntax\ notation (ASCII) cart_prod (infixr "*" 80) and @@ -155,6 +270,8 @@ not_mem (infixl "~:" 50) syntax (ASCII) + "_Ball" :: "[pttrn, i, o] => o" ("(3ALL _:_./ _)" 10) + "_Bex" :: "[pttrn, i, o] => o" ("(3EX _:_./ _)" 10) "_Collect" :: "[pttrn, i, o] => i" ("(1{_: _ ./ _})") "_Replace" :: "[pttrn, pttrn, i, o] => i" ("(1{_ ./ _: _, _})") "_RepFun" :: "[i, pttrn, i] => i" ("(1{_ ./ _: _})" [51,0,51]) @@ -163,104 +280,9 @@ "_PROD" :: "[pttrn, i, i] => i" ("(3PROD _:_./ _)" 10) "_SUM" :: "[pttrn, i, i] => i" ("(3SUM _:_./ _)" 10) "_lam" :: "[pttrn, i, i] => i" ("(3lam _:_./ _)" 10) - "_Ball" :: "[pttrn, i, o] => o" ("(3ALL _:_./ _)" 10) - "_Bex" :: "[pttrn, i, o] => o" ("(3EX _:_./ _)" 10) "_Tuple" :: "[i, is] => i" ("<(_,/ _)>") "_pattern" :: "patterns => pttrn" ("<_>") -defs (* Bounded Quantifiers *) - Ball_def: "Ball(A, P) == \x. x\A \ P(x)" - Bex_def: "Bex(A, P) == \x. x\A & P(x)" - - subset_def: "A \ B == \x\A. x\B" - - -axiomatization where - - (* ZF axioms -- see Suppes p.238 - Axioms for Union, Pow and Replace state existence only, - uniqueness is derivable using extensionality. *) - - extension: "A = B <-> A \ B & B \ A" and - Union_iff: "A \ \(C) <-> (\B\C. A\B)" and - Pow_iff: "A \ Pow(B) <-> A \ B" and - - (*We may name this set, though it is not uniquely defined.*) - infinity: "0\Inf & (\y\Inf. succ(y): Inf)" and - - (*This formulation facilitates case analysis on A.*) - foundation: "A=0 | (\x\A. \y\x. y\A)" and - - (*Schema axiom since predicate P is a higher-order variable*) - replacement: "(\x\A. \y z. P(x,y) & P(x,z) \ y=z) ==> - b \ PrimReplace(A,P) <-> (\x\A. P(x,b))" - - -defs - - (* Derived form of replacement, restricting P to its functional part. - The resulting set (for functional P) is the same as with - PrimReplace, but the rules are simpler. *) - - Replace_def: "Replace(A,P) == PrimReplace(A, %x y. (EX!z. P(x,z)) & P(x,y))" - - (* Functional form of replacement -- analgous to ML's map functional *) - - RepFun_def: "RepFun(A,f) == {y . x\A, y=f(x)}" - - (* Separation and Pairing can be derived from the Replacement - and Powerset Axioms using the following definitions. *) - - Collect_def: "Collect(A,P) == {y . x\A, x=y & P(x)}" - - (*Unordered pairs (Upair) express binary union/intersection and cons; - set enumerations translate as {a,...,z} = cons(a,...,cons(z,0)...)*) - - Upair_def: "Upair(a,b) == {y. x\Pow(Pow(0)), (x=0 & y=a) | (x=Pow(0) & y=b)}" - cons_def: "cons(a,A) == Upair(a,a) \ A" - succ_def: "succ(i) == cons(i, i)" - - (* Difference, general intersection, binary union and small intersection *) - - Diff_def: "A - B == { x\A . ~(x\B) }" - Inter_def: "\(A) == { x\\(A) . \y\A. x\y}" - Un_def: "A \ B == \(Upair(A,B))" - Int_def: "A \ B == \(Upair(A,B))" - - (* definite descriptions *) - the_def: "The(P) == \({y . x \ {0}, P(y)})" - if_def: "if(P,a,b) == THE z. P & z=a | ~P & z=b" - - (* this "symmetric" definition works better than {{a}, {a,b}} *) - Pair_def: " == {{a,a}, {a,b}}" - fst_def: "fst(p) == THE a. \b. p=" - snd_def: "snd(p) == THE b. \a. p=" - split_def: "split(c) == %p. c(fst(p), snd(p))" - Sigma_def: "Sigma(A,B) == \x\A. \y\B(x). {}" - - (* Operations on relations *) - - (*converse of relation r, inverse of function*) - converse_def: "converse(r) == {z. w\r, \x y. w= & z=}" - - domain_def: "domain(r) == {x. w\r, \y. w=}" - range_def: "range(r) == domain(converse(r))" - field_def: "field(r) == domain(r) \ range(r)" - relation_def: "relation(r) == \z\r. \x y. z = " - function_def: "function(r) == - \x y. :r \ (\y'. :r \ y=y')" - image_def: "r `` A == {y \ range(r) . \x\A. \ r}" - vimage_def: "r -`` A == converse(r)``A" - - (* Abstraction, application and Cartesian product of a family of sets *) - - lam_def: "Lambda(A,b) == { . x\A}" - apply_def: "f`a == \(f``{a})" - Pi_def: "Pi(A,B) == {f\Pow(Sigma(A,B)). A<=domain(f) & function(f)}" - - (* Restrict the relation r to the domain A *) - restrict_def: "restrict(r,A) == {z \ r. \x\A. \y. z = }" - subsection \Substitution\