# HG changeset patch # User wenzelm # Date 1451509072 -3600 # Node ID f1599e98c4d08c369303af5a68d5e4d5936a219f # Parent 1f2788fb0b8beff0eefc177ac895b69733367a80 isabelle update_cartouches -c -t; diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Abschannel.thy --- a/src/HOL/HOLCF/IOA/ABP/Abschannel.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Abschannel.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The transmission channel *} +section \The transmission channel\ theory Abschannel imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action Lemmas diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Abschannel_finite.thy --- a/src/HOL/HOLCF/IOA/ABP/Abschannel_finite.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Abschannel_finite.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The transmission channel -- finite version *} +section \The transmission channel -- finite version\ theory Abschannel_finite imports Abschannel "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action Lemmas diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Action.thy --- a/src/HOL/HOLCF/IOA/ABP/Action.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Action.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The set of all actions of the system *} +section \The set of all actions of the system\ theory Action imports Packet diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Correctness.thy --- a/src/HOL/HOLCF/IOA/ABP/Correctness.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Correctness.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The main correctness proof: System_fin implements System *} +section \The main correctness proof: System_fin implements System\ theory Correctness imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Env Impl Impl_finite @@ -67,7 +67,7 @@ asig_projections set_lemmas -subsection {* lemmas about reduce *} +subsection \lemmas about reduce\ lemma l_iff_red_nil: "(reduce l = []) = (l = [])" by (induct l) (auto split: list.split) @@ -75,28 +75,28 @@ lemma hd_is_reduce_hd: "s ~= [] --> hd s = hd (reduce s)" by (induct s) (auto split: list.split) -text {* to be used in the following Lemma *} +text \to be used in the following Lemma\ lemma rev_red_not_nil [rule_format]: "l ~= [] --> reverse (reduce l) ~= []" by (induct l) (auto split: list.split) -text {* shows applicability of the induction hypothesis of the following Lemma 1 *} +text \shows applicability of the induction hypothesis of the following Lemma 1\ lemma last_ind_on_first: "l ~= [] ==> hd (reverse (reduce (a # l))) = hd (reverse (reduce l))" apply simp - apply (tactic {* auto_tac (put_simpset HOL_ss @{context} + apply (tactic \auto_tac (put_simpset HOL_ss @{context} addsimps (@{thms reverse.simps} @ [@{thm hd_append}, @{thm rev_red_not_nil}]) - |> Splitter.add_split @{thm list.split}) *}) + |> Splitter.add_split @{thm list.split})\) done -text {* Main Lemma 1 for @{text "S_pkt"} in showing that reduce is refinement. *} +text \Main Lemma 1 for \S_pkt\ in showing that reduce is refinement.\ lemma reduce_hd: "if x=hd(reverse(reduce(l))) & reduce(l)~=[] then reduce(l@[x])=reduce(l) else reduce(l@[x])=reduce(l)@[x]" apply (simplesubst split_if) apply (rule conjI) -txt {* @{text "-->"} *} +txt \\-->\\ apply (induct_tac "l") apply (simp (no_asm)) apply (case_tac "list=[]") @@ -108,7 +108,7 @@ apply (erule exE)+ apply hypsubst apply (simp del: reduce_Cons add: last_ind_on_first l_iff_red_nil) -txt {* @{text "<--"} *} +txt \\<--\\ apply (simp (no_asm) add: and_de_morgan_and_absorbe l_iff_red_nil) apply (induct_tac "l") apply (simp (no_asm)) @@ -120,7 +120,7 @@ done -text {* Main Lemma 2 for R_pkt in showing that reduce is refinement. *} +text \Main Lemma 2 for R_pkt in showing that reduce is refinement.\ lemma reduce_tl: "s~=[] ==> if hd(s)=hd(tl(s)) & tl(s)~=[] then reduce(tl(s))=reduce(s) else @@ -132,23 +132,23 @@ done -subsection {* Channel Abstraction *} +subsection \Channel Abstraction\ declare split_if [split del] lemma channel_abstraction: "is_weak_ref_map reduce ch_ioa ch_fin_ioa" apply (simp (no_asm) add: is_weak_ref_map_def) -txt {* main-part *} +txt \main-part\ apply (rule allI)+ apply (rule imp_conj_lemma) apply (induct_tac "a") -txt {* 2 cases *} +txt \2 cases\ apply (simp_all (no_asm) cong del: if_weak_cong add: externals_def) -txt {* fst case *} +txt \fst case\ apply (rule impI) apply (rule disjI2) apply (rule reduce_hd) -txt {* snd case *} +txt \snd case\ apply (rule impI) apply (erule conjE)+ apply (erule disjE) @@ -164,49 +164,49 @@ declare split_if [split] lemma sender_abstraction: "is_weak_ref_map reduce srch_ioa srch_fin_ioa" -apply (tactic {* +apply (tactic \ simp_tac (put_simpset HOL_ss @{context} addsimps [@{thm srch_fin_ioa_def}, @{thm rsch_fin_ioa_def}, @{thm srch_ioa_def}, @{thm rsch_ioa_def}, @{thm rename_through_pmap}, - @{thm channel_abstraction}]) 1 *}) + @{thm channel_abstraction}]) 1\) done lemma receiver_abstraction: "is_weak_ref_map reduce rsch_ioa rsch_fin_ioa" -apply (tactic {* +apply (tactic \ simp_tac (put_simpset HOL_ss @{context} addsimps [@{thm srch_fin_ioa_def}, @{thm rsch_fin_ioa_def}, @{thm srch_ioa_def}, @{thm rsch_ioa_def}, @{thm rename_through_pmap}, - @{thm channel_abstraction}]) 1 *}) + @{thm channel_abstraction}]) 1\) done -text {* 3 thms that do not hold generally! The lucky restriction here is - the absence of internal actions. *} +text \3 thms that do not hold generally! The lucky restriction here is + the absence of internal actions.\ lemma sender_unchanged: "is_weak_ref_map (%id. id) sender_ioa sender_ioa" apply (simp (no_asm) add: is_weak_ref_map_def) -txt {* main-part *} +txt \main-part\ apply (rule allI)+ apply (induct_tac a) -txt {* 7 cases *} +txt \7 cases\ apply (simp_all (no_asm) add: externals_def) done -text {* 2 copies of before *} +text \2 copies of before\ lemma receiver_unchanged: "is_weak_ref_map (%id. id) receiver_ioa receiver_ioa" apply (simp (no_asm) add: is_weak_ref_map_def) -txt {* main-part *} +txt \main-part\ apply (rule allI)+ apply (induct_tac a) -txt {* 7 cases *} +txt \7 cases\ apply (simp_all (no_asm) add: externals_def) done lemma env_unchanged: "is_weak_ref_map (%id. id) env_ioa env_ioa" apply (simp (no_asm) add: is_weak_ref_map_def) -txt {* main-part *} +txt \main-part\ apply (rule allI)+ apply (induct_tac a) -txt {* 7 cases *} +txt \7 cases\ apply (simp_all (no_asm) add: externals_def) done @@ -218,7 +218,7 @@ apply simp_all done -text {* totally the same as before *} +text \totally the same as before\ lemma compat_single_fin_ch: "compatible srch_fin_ioa rsch_fin_ioa" apply (simp add: compatible_def Int_def) apply (rule set_eqI) @@ -240,7 +240,7 @@ apply simp_all done -text {* 5 proofs totally the same as before *} +text \5 proofs totally the same as before\ lemma compat_rec_fin: "compatible receiver_ioa (srch_fin_ioa \ rsch_fin_ioa)" apply (simp del: del_simps add: compatible_def asig_of_par asig_comp_def actions_def Int_def) @@ -291,13 +291,13 @@ done -text {* lemmata about externals of channels *} +text \lemmata about externals of channels\ lemma ext_single_ch: "externals(asig_of(srch_fin_ioa)) = externals(asig_of(srch_ioa)) & externals(asig_of(rsch_fin_ioa)) = externals(asig_of(rsch_ioa))" by (simp add: externals_def) -subsection {* Soundness of Abstraction *} +subsection \Soundness of Abstraction\ lemmas ext_simps = externals_of_par ext_single_ch and compat_simps = compat_single_ch compat_single_fin_ch compat_rec diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Env.thy --- a/src/HOL/HOLCF/IOA/ABP/Env.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Env.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,14 +2,14 @@ Author: Olaf Müller *) -section {* The environment *} +section \The environment\ theory Env imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action begin type_synonym - 'm env_state = bool -- {* give next bit to system *} + 'm env_state = bool \ \give next bit to system\ definition env_asig :: "'m action signature" where diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Impl.thy --- a/src/HOL/HOLCF/IOA/ABP/Impl.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Impl.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The implementation *} +section \The implementation\ theory Impl imports Sender Receiver Abschannel diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Impl_finite.thy --- a/src/HOL/HOLCF/IOA/ABP/Impl_finite.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Impl_finite.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The implementation *} +section \The implementation\ theory Impl_finite imports Sender Receiver Abschannel_finite diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Lemmas.thy --- a/src/HOL/HOLCF/IOA/ABP/Lemmas.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Lemmas.thy Wed Dec 30 21:57:52 2015 +0100 @@ -6,7 +6,7 @@ imports Main begin -subsection {* Logic *} +subsection \Logic\ lemma and_de_morgan_and_absorbe: "(~(A&B)) = ((~A)&B| ~B)" by blast @@ -18,7 +18,7 @@ by blast -subsection {* Sets *} +subsection \Sets\ lemma set_lemmas: "f(x) : (UN x. {f(x)})" @@ -27,8 +27,8 @@ "!!a. (!x y. a ~= f x y) ==> a ~: (UN x y. {f x y})" by auto -text {* 2 Lemmas to add to @{text "set_lemmas"}, used also for action handling, - namely for Intersections and the empty list (compatibility of IOA!). *} +text \2 Lemmas to add to \set_lemmas\, used also for action handling, + namely for Intersections and the empty list (compatibility of IOA!).\ lemma singleton_set: "(UN b.{x. x=f(b)})= (UN b.{f(b)})" by blast @@ -36,7 +36,7 @@ by blast -subsection {* Lists *} +subsection \Lists\ lemma cons_not_nil: "l ~= [] --> (? x xs. l = (x#xs))" by (induct l) simp_all diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Packet.thy --- a/src/HOL/HOLCF/IOA/ABP/Packet.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Packet.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Packets *} +section \Packets\ theory Packet imports Main diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Receiver.thy --- a/src/HOL/HOLCF/IOA/ABP/Receiver.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Receiver.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,14 +2,14 @@ Author: Olaf Müller *) -section {* The implementation: receiver *} +section \The implementation: receiver\ theory Receiver imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action Lemmas begin type_synonym - 'm receiver_state = "'m list * bool" -- {* messages, mode *} + 'm receiver_state = "'m list * bool" \ \messages, mode\ definition rq :: "'m receiver_state => 'm list" where diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Sender.thy --- a/src/HOL/HOLCF/IOA/ABP/Sender.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Sender.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,14 +2,14 @@ Author: Olaf Müller *) -section {* The implementation: sender *} +section \The implementation: sender\ theory Sender imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action Lemmas begin type_synonym - 'm sender_state = "'m list * bool" -- {* messages, Alternating Bit *} + 'm sender_state = "'m list * bool" \ \messages, Alternating Bit\ definition sq :: "'m sender_state => 'm list" where diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ABP/Spec.thy --- a/src/HOL/HOLCF/IOA/ABP/Spec.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ABP/Spec.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The specification of reliable transmission *} +section \The specification of reliable transmission\ theory Spec imports IOA Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Abschannel.thy --- a/src/HOL/HOLCF/IOA/NTP/Abschannel.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Abschannel.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The (faulty) transmission channel (both directions) *} +section \The (faulty) transmission channel (both directions)\ theory Abschannel imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Action.thy --- a/src/HOL/HOLCF/IOA/NTP/Action.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Action.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The set of all actions of the system *} +section \The set of all actions of the system\ theory Action imports Packet diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Correctness.thy --- a/src/HOL/HOLCF/IOA/NTP/Correctness.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Correctness.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The main correctness proof: Impl implements Spec *} +section \The main correctness proof: Impl implements Spec\ theory Correctness imports Impl Spec @@ -13,7 +13,7 @@ "hom s = rq(rec(s)) @ (if rbit(rec s) = sbit(sen s) then sq(sen s) else tl(sq(sen s)))" -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *} +setup \map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\ lemmas hom_ioas = Spec.ioa_def Spec.trans_def sender_trans_def receiver_trans_def impl_ioas and impl_asigs = sender_asig_def receiver_asig_def srch_asig_def rsch_asig_def @@ -21,10 +21,10 @@ declare split_paired_All [simp del] -text {* +text \ A lemma about restricting the action signature of the implementation to that of the specification. -*} +\ lemma externals_lemma: "a:externals(asig_of(Automata.restrict impl_ioa (externals spec_sig))) = @@ -43,12 +43,12 @@ apply (induct_tac "a") apply (simp_all (no_asm) add: actions_def asig_projections) - txt {* 2 *} + txt \2\ apply (simp (no_asm) add: impl_ioas) apply (simp (no_asm) add: impl_asigs) apply (simp (no_asm) add: asig_of_par asig_comp_def asig_projections) apply (simp (no_asm) add: "transitions"(1) unfold_renaming) - txt {* 1 *} + txt \1\ apply (simp (no_asm) add: impl_ioas) apply (simp (no_asm) add: impl_asigs) apply (simp (no_asm) add: asig_of_par asig_comp_def asig_projections) @@ -57,7 +57,7 @@ lemmas sels = sbit_def sq_def ssending_def rbit_def rq_def rsending_def -text {* Proof of correctness *} +text \Proof of correctness\ lemma ntp_correct: "is_weak_ref_map hom (Automata.restrict impl_ioa (externals spec_sig)) spec_ioa" apply (unfold Spec.ioa_def is_weak_ref_map_def) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Impl.thy --- a/src/HOL/HOLCF/IOA/NTP/Impl.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Impl.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The implementation *} +section \The implementation\ theory Impl imports Sender Receiver Abschannel @@ -59,7 +59,7 @@ definition "inv4(s) == rbit(rec(s)) = (~sbit(sen(s))) --> sq(sen(s)) ~= []" -subsection {* Invariants *} +subsection \Invariants\ declare le_SucI [simp] @@ -101,7 +101,7 @@ 2) ss unfolds transition relations 3) renname_ss unfolds transitions and the abstract channel *) -ML {* +ML \ val ss = simpset_of (@{context} addsimps @{thms "transitions"}); val rename_ss = simpset_of (put_simpset ss @{context} addsimps @{thms unfold_renaming}); @@ -111,10 +111,10 @@ fun tac_ren ctxt = asm_simp_tac (put_simpset rename_ss ctxt |> Simplifier.add_cong @{thm conj_cong} |> Splitter.add_split @{thm split_if}) -*} +\ -subsubsection {* Invariant 1 *} +subsubsection \Invariant 1\ lemma raw_inv1: "invariant impl_ioa inv1" @@ -124,7 +124,7 @@ apply (simp (no_asm) del: trans_of_par4 add: imp_conjR inv1_def) -txt {* Split proof in two *} +txt \Split proof in two\ apply (rule conjI) (* First half *) @@ -135,28 +135,28 @@ apply (tactic "tac @{context} 1") apply (tactic "tac_ren @{context} 1") -txt {* 5 + 1 *} +txt \5 + 1\ apply (tactic "tac @{context} 1") apply (tactic "tac_ren @{context} 1") -txt {* 4 + 1 *} -apply (tactic {* EVERY1[tac @{context}, tac @{context}, tac @{context}, tac @{context}] *}) +txt \4 + 1\ +apply (tactic \EVERY1[tac @{context}, tac @{context}, tac @{context}, tac @{context}]\) -txt {* Now the other half *} +txt \Now the other half\ apply (simp add: Impl.inv1_def split del: split_if) apply (induct_tac a) apply (tactic "EVERY1 [tac @{context}, tac @{context}]") -txt {* detour 1 *} +txt \detour 1\ apply (tactic "tac @{context} 1") apply (tactic "tac_ren @{context} 1") apply (rule impI) apply (erule conjE)+ apply (simp (no_asm_simp) add: hdr_sum_def Multiset.count_def Multiset.countm_nonempty_def split add: split_if) -txt {* detour 2 *} +txt \detour 2\ apply (tactic "tac @{context} 1") apply (tactic "tac_ren @{context} 1") apply (rule impI) @@ -190,79 +190,79 @@ -subsubsection {* INVARIANT 2 *} +subsubsection \INVARIANT 2\ lemma raw_inv2: "invariant impl_ioa inv2" apply (rule invariantI1) - txt {* Base case *} + txt \Base case\ apply (simp add: inv2_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: split_if) apply (induct_tac "a") - txt {* 10 cases. First 4 are simple, since state doesn't change *} + txt \10 cases. First 4 are simple, since state doesn't change\ - ML_prf {* val tac2 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv2_def}]) *} + ML_prf \val tac2 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv2_def}])\ - txt {* 10 - 7 *} + txt \10 - 7\ apply (tactic "EVERY1 [tac2,tac2,tac2,tac2]") - txt {* 6 *} - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *}) + txt \6\ + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\) - txt {* 6 - 5 *} + txt \6 - 5\ apply (tactic "EVERY1 [tac2,tac2]") - txt {* 4 *} - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *}) + txt \4\ + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\) apply (tactic "tac2 1") - txt {* 3 *} - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE})] 1 *}) + txt \3\ + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE})] 1\) apply (tactic "tac2 1") - apply (tactic {* fold_goals_tac @{context} [rewrite_rule @{context} [@{thm Packet.hdr_def}] - (@{thm Impl.hdr_sum_def})] *}) + apply (tactic \fold_goals_tac @{context} [rewrite_rule @{context} [@{thm Packet.hdr_def}] + (@{thm Impl.hdr_sum_def})]\) apply arith - txt {* 2 *} + txt \2\ apply (tactic "tac2 1") - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\) apply (intro strip) apply (erule conjE)+ apply simp - txt {* 1 *} + txt \1\ apply (tactic "tac2 1") - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1\) apply (intro strip) apply (erule conjE)+ - apply (tactic {* fold_goals_tac @{context} - [rewrite_rule @{context} [@{thm Packet.hdr_def}] (@{thm Impl.hdr_sum_def})] *}) + apply (tactic \fold_goals_tac @{context} + [rewrite_rule @{context} [@{thm Packet.hdr_def}] (@{thm Impl.hdr_sum_def})]\) apply simp done -subsubsection {* INVARIANT 3 *} +subsubsection \INVARIANT 3\ lemma raw_inv3: "invariant impl_ioa inv3" apply (rule invariantI) - txt {* Base case *} + txt \Base case\ apply (simp add: Impl.inv3_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: split_if) apply (induct_tac "a") - ML_prf {* val tac3 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv3_def}]) *} + ML_prf \val tac3 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv3_def}])\ - txt {* 10 - 8 *} + txt \10 - 8\ apply (tactic "EVERY1[tac3,tac3,tac3]") @@ -272,29 +272,29 @@ apply (erule exE) apply simp - txt {* 7 *} + txt \7\ apply (tactic "tac3 1") apply (tactic "tac_ren @{context} 1") apply force - txt {* 6 - 3 *} + txt \6 - 3\ apply (tactic "EVERY1[tac3,tac3,tac3,tac3]") - txt {* 2 *} + txt \2\ apply (tactic "asm_full_simp_tac (put_simpset ss @{context}) 1") apply (simp (no_asm) add: inv3_def) apply (intro strip, (erule conjE)+) apply (rule imp_disjL [THEN iffD1]) apply (rule impI) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] - (@{thm raw_inv2} RS @{thm invariantE})] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] + (@{thm raw_inv2} RS @{thm invariantE})] 1\) apply simp apply (erule conjE)+ apply (rule_tac j = "count (ssent (sen s)) (~sbit (sen s))" and k = "count (rsent (rec s)) (sbit (sen s))" in le_trans) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm inv1_def}] - (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm inv1_def}] + (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1\) apply (simp add: hdr_sum_def Multiset.count_def) apply (rule add_le_mono) apply (rule countm_props) @@ -303,56 +303,56 @@ apply (simp (no_asm)) apply assumption - txt {* 1 *} + txt \1\ apply (tactic "tac3 1") apply (intro strip, (erule conjE)+) apply (rule imp_disjL [THEN iffD1]) apply (rule impI) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] - (@{thm raw_inv2} RS @{thm invariantE})] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] + (@{thm raw_inv2} RS @{thm invariantE})] 1\) apply simp done -subsubsection {* INVARIANT 4 *} +subsubsection \INVARIANT 4\ lemma raw_inv4: "invariant impl_ioa inv4" apply (rule invariantI) - txt {* Base case *} + txt \Base case\ apply (simp add: Impl.inv4_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: split_if) apply (induct_tac "a") - ML_prf {* val tac4 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv4_def}]) *} + ML_prf \val tac4 = asm_full_simp_tac (put_simpset ss @{context} addsimps [@{thm inv4_def}])\ - txt {* 10 - 2 *} + txt \10 - 2\ apply (tactic "EVERY1[tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4]") - txt {* 2 b *} + txt \2 b\ apply (intro strip, (erule conjE)+) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] - (@{thm raw_inv2} RS @{thm invariantE})] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] + (@{thm raw_inv2} RS @{thm invariantE})] 1\) apply simp - txt {* 1 *} + txt \1\ apply (tactic "tac4 1") apply (intro strip, (erule conjE)+) apply (rule ccontr) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] - (@{thm raw_inv2} RS @{thm invariantE})] 1 *}) - apply (tactic {* forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv3_def}] - (@{thm raw_inv3} RS @{thm invariantE})] 1 *}) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv2_def}] + (@{thm raw_inv2} RS @{thm invariantE})] 1\) + apply (tactic \forward_tac @{context} [rewrite_rule @{context} [@{thm Impl.inv3_def}] + (@{thm raw_inv3} RS @{thm invariantE})] 1\) apply simp apply (rename_tac m, erule_tac x = "m" in allE) apply simp done -text {* rebind them *} +text \rebind them\ lemmas inv1 = raw_inv1 [THEN invariantE, unfolded inv1_def] and inv2 = raw_inv2 [THEN invariantE, unfolded inv2_def] diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Lemmas.thy --- a/src/HOL/HOLCF/IOA/NTP/Lemmas.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Lemmas.thy Wed Dec 30 21:57:52 2015 +0100 @@ -6,13 +6,13 @@ imports Main begin -subsubsection {* Logic *} +subsubsection \Logic\ lemma neg_flip: "(X = (~ Y)) = ((~X) = Y)" by blast -subsection {* Sets *} +subsection \Sets\ lemma set_lemmas: "f(x) : (UN x. {f(x)})" @@ -22,7 +22,7 @@ by auto -subsection {* Arithmetic *} +subsection \Arithmetic\ lemma pred_suc: "0 (x - 1 = y) = (x = Suc(y))" by (simp add: diff_Suc split add: nat.split) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Multiset.thy --- a/src/HOL/HOLCF/IOA/NTP/Multiset.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Multiset.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* Axiomatic multisets *} +section \Axiomatic multisets\ theory Multiset imports Lemmas diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Packet.thy --- a/src/HOL/HOLCF/IOA/NTP/Packet.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Packet.thy Wed Dec 30 21:57:52 2015 +0100 @@ -18,7 +18,7 @@ "msg == snd" -text {* Instantiation of a tautology? *} +text \Instantiation of a tautology?\ lemma eq_packet_imp_eq_hdr: "!x. x = packet --> hdr(x) = hdr(packet)" by simp diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Receiver.thy --- a/src/HOL/HOLCF/IOA/NTP/Receiver.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Receiver.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The implementation: receiver *} +section \The implementation: receiver\ theory Receiver imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Sender.thy --- a/src/HOL/HOLCF/IOA/NTP/Sender.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Sender.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The implementation: sender *} +section \The implementation: sender\ theory Sender imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/NTP/Spec.thy --- a/src/HOL/HOLCF/IOA/NTP/Spec.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/NTP/Spec.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Tobias Nipkow & Konrad Slind *) -section {* The specification of reliable transmission *} +section \The specification of reliable transmission\ theory Spec imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/Storage/Action.thy --- a/src/HOL/HOLCF/IOA/Storage/Action.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/Storage/Action.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The set of all actions of the system *} +section \The set of all actions of the system\ theory Action imports Main diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/Storage/Correctness.thy --- a/src/HOL/HOLCF/IOA/Storage/Correctness.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/Storage/Correctness.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Correctness Proof *} +section \Correctness Proof\ theory Correctness imports SimCorrectness Spec Impl @@ -30,29 +30,29 @@ "is_simulation sim_relation impl_ioa spec_ioa" apply (simp (no_asm) add: is_simulation_def) apply (rule conjI) -txt {* start states *} +txt \start states\ apply (auto)[1] apply (rule_tac x = " ({},False) " in exI) apply (simp add: sim_relation_def starts_of_def spec_ioa_def impl_ioa_def) -txt {* main-part *} +txt \main-part\ apply (rule allI)+ apply (rule imp_conj_lemma) apply (rename_tac k b used c k' b' a) apply (induct_tac "a") apply (simp_all (no_asm) add: sim_relation_def impl_ioa_def impl_trans_def trans_of_def) apply auto -txt {* NEW *} +txt \NEW\ apply (rule_tac x = "(used,True)" in exI) apply simp apply (rule transition_is_ex) apply (simp (no_asm) add: spec_ioa_def spec_trans_def trans_of_def) -txt {* LOC *} +txt \LOC\ apply (rule_tac x = " (used Un {k},False) " in exI) apply (simp add: less_SucI) apply (rule transition_is_ex) apply (simp (no_asm) add: spec_ioa_def spec_trans_def trans_of_def) apply fast -txt {* FREE *} +txt \FREE\ apply (rename_tac nat, rule_tac x = " (used - {nat},c) " in exI) apply simp apply (rule transition_is_ex) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/Storage/Impl.thy --- a/src/HOL/HOLCF/IOA/Storage/Impl.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/Storage/Impl.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The implementation of a memory *} +section \The implementation of a memory\ theory Impl imports IOA Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/Storage/Spec.thy --- a/src/HOL/HOLCF/IOA/Storage/Spec.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/Storage/Spec.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The specification of a memory *} +section \The specification of a memory\ theory Spec imports "~~/src/HOL/HOLCF/IOA/meta_theory/IOA" Action diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ex/TrivEx.thy --- a/src/HOL/HOLCF/IOA/ex/TrivEx.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ex/TrivEx.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Trivial Abstraction Example *} +section \Trivial Abstraction Example\ theory TrivEx imports Abstraction @@ -51,9 +51,9 @@ "is_abstraction h_abs C_ioa A_ioa" apply (unfold is_abstraction_def) apply (rule conjI) -txt {* start states *} +txt \start states\ apply (simp (no_asm) add: h_abs_def starts_of_def C_ioa_def A_ioa_def) -txt {* step case *} +txt \step case\ apply (rule allI)+ apply (rule imp_conj_lemma) apply (simp (no_asm) add: trans_of_def C_ioa_def A_ioa_def C_trans_def A_trans_def) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/ex/TrivEx2.thy --- a/src/HOL/HOLCF/IOA/ex/TrivEx2.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/ex/TrivEx2.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Trivial Abstraction Example with fairness *} +section \Trivial Abstraction Example with fairness\ theory TrivEx2 imports IOA Abstraction @@ -58,9 +58,9 @@ "is_abstraction h_abs C_ioa A_ioa" apply (unfold is_abstraction_def) apply (rule conjI) -txt {* start states *} +txt \start states\ apply (simp (no_asm) add: h_abs_def starts_of_def C_ioa_def A_ioa_def) -txt {* step case *} +txt \step case\ apply (rule allI)+ apply (rule imp_conj_lemma) apply (simp (no_asm) add: trans_of_def C_ioa_def A_ioa_def C_trans_def A_trans_def) @@ -81,9 +81,9 @@ "is_live_abstraction h_abs (C_ioa, WF C_ioa {INC}) (A_ioa, WF A_ioa {INC})" apply (unfold is_live_abstraction_def) apply auto -txt {* is_abstraction *} +txt \is_abstraction\ apply (rule h_abs_is_abstraction) -txt {* temp_weakening *} +txt \temp_weakening\ apply abstraction apply (erule Enabled_implication) done diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Abstraction.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Abstraction.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Abstraction.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Abstraction Theory -- tailored for I/O automata *} +section \Abstraction Theory -- tailored for I/O automata\ theory Abstraction imports LiveIOA @@ -14,7 +14,7 @@ cex_abs :: "('s1 => 's2) => ('a,'s1)execution => ('a,'s2)execution" where "cex_abs f ex = (f (fst ex), Map (%(a,t). (a,f t))$(snd ex))" definition - -- {* equals cex_abs on Sequences -- after ex2seq application *} + \ \equals cex_abs on Sequences -- after ex2seq application\ cex_absSeq :: "('s1 => 's2) => ('a option,'s1)transition Seq => ('a option,'s2)transition Seq" where "cex_absSeq f = (%s. Map (%(s,a,t). (f s,a,f t))$s)" @@ -102,8 +102,8 @@ --> is_exec_frag A (cex_abs h (s,xs))" apply (unfold cex_abs_def) apply simp -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1 *}) -txt {* main case *} +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) +txt \main case\ apply (auto dest: reachable.reachable_n simp add: is_abstraction_def) done @@ -112,10 +112,10 @@ apply (simp add: weakeningIOA_def) apply auto apply (simp add: executions_def) -txt {* start state *} +txt \start state\ apply (rule conjI) apply (simp add: is_abstraction_def cex_abs_def) -txt {* is-execution-fragment *} +txt \is-execution-fragment\ apply (erule exec_frag_abstraction) apply (simp add: reachable.reachable_0) done @@ -202,7 +202,7 @@ ==> mk_trace C$xs = mk_trace A$(snd (cex_abs f (s,xs)))" apply (unfold cex_abs_def mk_trace_def filter_act_def) apply simp -apply (tactic {* pair_induct_tac @{context} "xs" [] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [] 1\) done @@ -218,13 +218,13 @@ apply (rule_tac x = "cex_abs h ex" in exI) apply auto (* Traces coincide *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (rule traces_coincide_abs) apply (simp (no_asm) add: externals_def) apply (auto)[1] (* cex_abs is execution *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) (* start state *) apply (rule conjI) @@ -235,7 +235,7 @@ (* Liveness *) apply (simp add: temp_weakening_def2) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) done (* FIX: NAch Traces.ML bringen *) @@ -348,29 +348,29 @@ done -subsubsection {* Box *} +subsubsection \Box\ (* FIX: should be same as nil_is_Conc2 when all nils are turned to right side !! *) lemma UU_is_Conc: "(UU = x @@ y) = (((x::'a Seq)= UU) | (x=nil & y=UU))" -apply (tactic {* Seq_case_simp_tac @{context} "x" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "x" 1\) done lemma ex2seqConc [rule_format]: "Finite s1 --> (! ex. (s~=nil & s~=UU & ex2seq ex = s1 @@ s) --> (? ex'. s = ex2seq ex'))" apply (rule impI) -apply (tactic {* Seq_Finite_induct_tac @{context} 1 *}) +apply (tactic \Seq_Finite_induct_tac @{context} 1\) apply blast (* main case *) apply clarify -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) (* UU case *) apply (simp add: nil_is_Conc) (* nil case *) apply (simp add: nil_is_Conc) (* cons case *) -apply (tactic {* pair_tac @{context} "aa" 1 *}) +apply (tactic \pair_tac @{context} "aa" 1\) apply auto done @@ -388,11 +388,11 @@ (* FIX: NAch Sequence.ML bringen *) lemma Mapnil: "(Map f$s = nil) = (s=nil)" -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) done lemma MapUU: "(Map f$s = UU) = (s=UU)" -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) done @@ -422,7 +422,7 @@ done -subsubsection {* Init *} +subsubsection \Init\ lemma strength_Init: "[| state_strengthening P Q h |] @@ -430,35 +430,35 @@ apply (unfold temp_strengthening_def state_strengthening_def temp_sat_def satisfies_def Init_def unlift_def) apply auto -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done -subsubsection {* Next *} +subsubsection \Next\ lemma TL_ex2seq_UU: "(TL$(ex2seq (cex_abs h ex))=UU) = (TL$(ex2seq ex)=UU)" -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done lemma TL_ex2seq_nil: "(TL$(ex2seq (cex_abs h ex))=nil) = (TL$(ex2seq ex)=nil)" -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done (* FIX: put to Sequence Lemmas *) lemma MapTL: "Map f$(TL$s) = TL$(Map f$s)" -apply (tactic {* Seq_induct_tac @{context} "s" [] 1 *}) +apply (tactic \Seq_induct_tac @{context} "s" [] 1\) done (* important property of cex_absSeq: As it is a 1to1 correspondence, @@ -473,19 +473,19 @@ (* important property of ex2seq: can be shiftet, as defined "pointwise" *) lemma TLex2seq: "[| (snd ex)~=UU ; (snd ex)~=nil |] ==> (? ex'. TL$(ex2seq ex) = ex2seq ex')" -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) apply auto done lemma ex2seqnilTL: "(TL$(ex2seq ex)~=nil) = ((snd ex)~=nil & (snd ex)~=UU)" -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done @@ -508,7 +508,7 @@ done -text {* Localizing Temporal Weakenings - 2 *} +text \Localizing Temporal Weakenings - 2\ lemma weak_Init: "[| state_weakening P Q h |] @@ -516,13 +516,13 @@ apply (simp add: temp_weakening_def2 state_weakening_def2 temp_sat_def satisfies_def Init_def unlift_def) apply auto -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done -text {* Localizing Temproal Strengthenings - 3 *} +text \Localizing Temproal Strengthenings - 3\ lemma strength_Diamond: "[| temp_strengthening P Q h |] @@ -544,7 +544,7 @@ done -text {* Localizing Temporal Weakenings - 3 *} +text \Localizing Temporal Weakenings - 3\ lemma weak_Diamond: "[| temp_weakening P Q h |] @@ -602,13 +602,13 @@ strength_IMPLIES strength_Box strength_Next strength_Init strength_Diamond strength_Leadsto weak_WF weak_SF -ML {* +ML \ fun abstraction_tac ctxt = SELECT_GOAL (auto_tac (ctxt addSIs @{thms weak_strength_lemmas} addsimps [@{thm state_strengthening_def}, @{thm state_weakening_def}])) -*} +\ -method_setup abstraction = {* Scan.succeed (SIMPLE_METHOD' o abstraction_tac) *} +method_setup abstraction = \Scan.succeed (SIMPLE_METHOD' o abstraction_tac)\ end diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Asig.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Asig.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Asig.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller, Tobias Nipkow & Konrad Slind *) -section {* Action signatures *} +section \Action signatures\ theory Asig imports Main diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Automata.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Automata.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Automata.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller, Konrad Slind, Tobias Nipkow *) -section {* The I/O automata of Lynch and Tuttle in HOLCF *} +section \The I/O automata of Lynch and Tuttle in HOLCF\ theory Automata imports Asig diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/CompoExecs.thy --- a/src/HOL/HOLCF/IOA/meta_theory/CompoExecs.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/CompoExecs.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Compositionality on Execution level *} +section \Compositionality on Execution level\ theory CompoExecs imports Traces @@ -215,7 +215,7 @@ --> is_exec_frag A (fst s, Filter_ex2 (asig_of A)$(ProjA2$xs)) & is_exec_frag B (snd s, Filter_ex2 (asig_of B)$(ProjB2$xs))" -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) (* main case *) apply (auto simp add: trans_of_defs2) done @@ -229,8 +229,8 @@ --> stutter (asig_of A) (fst s,ProjA2$xs) & stutter (asig_of B) (snd s,ProjB2$xs)" -apply (tactic {* pair_induct_tac @{context} "xs" - [@{thm stutter_def}, @{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" + [@{thm stutter_def}, @{thm is_exec_frag_def}] 1\) (* main case *) apply (auto simp add: trans_of_defs2) done @@ -243,8 +243,8 @@ lemma lemma_1_1c: "!s. (is_exec_frag (A\B) (s,xs) --> Forall (%x. fst x:act (A\B)) xs)" -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, - @{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, + @{thm is_exec_frag_def}] 1\) (* main case *) apply auto apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) @@ -263,13 +263,13 @@ Forall (%x. fst x:act (A\B)) xs --> is_exec_frag (A\B) (s,xs)" -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, - @{thm is_exec_frag_def}, @{thm stutter_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm Forall_def}, @{thm sforall_def}, + @{thm is_exec_frag_def}, @{thm stutter_def}] 1\) apply (auto simp add: trans_of_defs1 actions_asig_comp asig_of_par) done -subsection {* COMPOSITIONALITY on EXECUTION Level -- Main Theorem *} +subsection \COMPOSITIONALITY on EXECUTION Level -- Main Theorem\ lemma compositionality_ex: "(ex:executions(A\B)) = @@ -279,7 +279,7 @@ Forall (%x. fst x:act (A\B)) (snd ex))" apply (simp (no_asm) add: executions_def ProjB_def Filter_ex_def ProjA_def starts_of_par) -apply (tactic {* pair_tac @{context} "ex" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) apply (rule iffI) (* ==> *) apply (erule conjE)+ @@ -290,7 +290,7 @@ done -subsection {* COMPOSITIONALITY on EXECUTION Level -- for Modules *} +subsection \COMPOSITIONALITY on EXECUTION Level -- for Modules\ lemma compositionality_ex_modules: "Execs (A\B) = par_execs (Execs A) (Execs B)" diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/CompoScheds.thy --- a/src/HOL/HOLCF/IOA/meta_theory/CompoScheds.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/CompoScheds.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Compositionality on Schedule level *} +section \Compositionality on Schedule level\ theory CompoScheds imports CompoExecs @@ -149,7 +149,7 @@ mkex2_cons_2 [simp] mkex2_cons_3 [simp] -subsection {* mkex *} +subsection \mkex\ lemma mkex_UU: "mkex A B UU (s,exA) (t,exB) = ((s,t),UU)" apply (simp add: mkex_def) @@ -191,7 +191,7 @@ declare composch_simps [simp] -subsection {* COMPOSITIONALITY on SCHEDULE Level *} +subsection \COMPOSITIONALITY on SCHEDULE Level\ subsubsection "Lemmas for ==>" @@ -215,7 +215,7 @@ lemma lemma_2_1b: "filter_act$(ProjA2$xs) =filter_act$xs & filter_act$(ProjB2$xs) =filter_act$xs" -apply (tactic {* pair_induct_tac @{context} "xs" [] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [] 1\) done @@ -230,8 +230,8 @@ lemma sch_actions_in_AorB: "!s. is_exec_frag (A\B) (s,xs) --> Forall (%x. x:act (A\B)) (filter_act$xs)" -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, @{thm Forall_def}, - @{thm sforall_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, @{thm Forall_def}, + @{thm sforall_def}] 1\) (* main case *) apply auto apply (simp add: trans_of_defs2 actions_asig_comp asig_of_par) @@ -251,20 +251,20 @@ Filter (%a. a:act B)$sch << filter_act$exB --> filter_act$(snd (mkex A B sch (s,exA) (t,exB))) = sch" -apply (tactic {* Seq_induct_tac @{context} "sch" [@{thm Filter_def}, @{thm Forall_def}, - @{thm sforall_def}, @{thm mkex_def}] 1 *}) +apply (tactic \Seq_induct_tac @{context} "sch" [@{thm Filter_def}, @{thm Forall_def}, + @{thm sforall_def}, @{thm mkex_def}] 1\) (* main case *) (* splitting into 4 cases according to a:A, a:B *) apply auto (* Case y:A, y:B *) -apply (tactic {* Seq_case_simp_tac @{context} "exA" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) (* Case exA=UU, Case exA=nil*) (* These UU and nil cases are the only places where the assumption filter A sch< to generate a contradiction using ~a\ss<< UU(nil), using theorems Cons_not_less_UU and Cons_not_less_nil *) -apply (tactic {* Seq_case_simp_tac @{context} "exB" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) (* Case exA=a\x, exB=b\y *) (* here it is important that Seq_case_simp_tac uses no !full!_simp_tac for the cons case, as otherwise mkex_cons_3 would not be rewritten without use of rotate_tac: then tactic @@ -272,11 +272,11 @@ apply simp (* Case y:A, y~:B *) -apply (tactic {* Seq_case_simp_tac @{context} "exA" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "exA" 1\) apply simp (* Case y~:A, y:B *) -apply (tactic {* Seq_case_simp_tac @{context} "exB" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "exB" 1\) apply simp (* Case y~:A, y~:B *) @@ -286,7 +286,7 @@ (* generalizing the proof above to a proof method *) -ML {* +ML \ local val defs = [@{thm Filter_def}, @{thm Forall_def}, @{thm sforall_def}, @{thm mkex_def}, @@ -310,12 +310,12 @@ ] end -*} +\ -method_setup mkex_induct = {* +method_setup mkex_induct = \ Scan.lift (Args.name -- Args.name -- Args.name) >> (fn ((sch, exA), exB) => fn ctxt => SIMPLE_METHOD' (mkex_induct_tac ctxt sch exA exB)) -*} +\ (*--------------------------------------------------------------------------- @@ -393,7 +393,7 @@ --------------------------------------------------------------------------- *) lemma Zip_Map_fst_snd: "Zip$(Map fst$y)$(Map snd$y) = y" -apply (tactic {* Seq_induct_tac @{context} "y" [] 1 *}) +apply (tactic \Seq_induct_tac @{context} "y" [] 1\) done @@ -421,8 +421,8 @@ Filter (%a. a:act B)$sch = filter_act$(snd exB) |] ==> Filter_ex (asig_of A) (ProjA (mkex A B sch exA exB)) = exA" apply (simp add: ProjA_def Filter_ex_def) -apply (tactic {* pair_tac @{context} "exA" 1 *}) -apply (tactic {* pair_tac @{context} "exB" 1 *}) +apply (tactic \pair_tac @{context} "exA" 1\) +apply (tactic \pair_tac @{context} "exB" 1\) apply (rule conjI) apply (simp (no_asm) add: mkex_def) apply (simplesubst trick_against_eq_in_ass) @@ -462,8 +462,8 @@ Filter (%a. a:act B)$sch = filter_act$(snd exB) |] ==> Filter_ex (asig_of B) (ProjB (mkex A B sch exA exB)) = exB" apply (simp add: ProjB_def Filter_ex_def) -apply (tactic {* pair_tac @{context} "exA" 1 *}) -apply (tactic {* pair_tac @{context} "exB" 1 *}) +apply (tactic \pair_tac @{context} "exA" 1\) +apply (tactic \pair_tac @{context} "exB" 1\) apply (rule conjI) apply (simp (no_asm) add: mkex_def) apply (simplesubst trick_against_eq_in_ass) @@ -508,7 +508,7 @@ apply (simp add: compositionality_ex) apply (simp (no_asm) add: Filter_ex_def ProjB_def lemma_2_1a lemma_2_1b) apply (simp add: executions_def) -apply (tactic {* pair_tac @{context} "ex" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) apply (erule conjE) apply (simp add: sch_actions_in_AorB) @@ -519,20 +519,20 @@ apply (rename_tac exA exB) apply (rule_tac x = "mkex A B sch exA exB" in bexI) (* mkex actions are just the oracle *) -apply (tactic {* pair_tac @{context} "exA" 1 *}) -apply (tactic {* pair_tac @{context} "exB" 1 *}) +apply (tactic \pair_tac @{context} "exA" 1\) +apply (tactic \pair_tac @{context} "exB" 1\) apply (simp add: Mapfst_mkex_is_sch) (* mkex is an execution -- use compositionality on ex-level *) apply (simp add: compositionality_ex) apply (simp add: stutter_mkex_on_A stutter_mkex_on_B filter_mkex_is_exB filter_mkex_is_exA) -apply (tactic {* pair_tac @{context} "exA" 1 *}) -apply (tactic {* pair_tac @{context} "exB" 1 *}) +apply (tactic \pair_tac @{context} "exA" 1\) +apply (tactic \pair_tac @{context} "exB" 1\) apply (simp add: mkex_actions_in_AorB) done -subsection {* COMPOSITIONALITY on SCHEDULE Level -- for Modules *} +subsection \COMPOSITIONALITY on SCHEDULE Level -- for Modules\ lemma compositionality_sch_modules: "Scheds (A\B) = par_scheds (Scheds A) (Scheds B)" diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/CompoTraces.thy --- a/src/HOL/HOLCF/IOA/meta_theory/CompoTraces.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/CompoTraces.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Compositionality on Trace level *} +section \Compositionality on Trace level\ theory CompoTraces imports CompoScheds ShortExecutions @@ -70,7 +70,7 @@ by (blast intro: finiteR_mksch) -declaration {* fn _ => Simplifier.map_ss (Simplifier.set_mksym (K (K NONE))) *} +declaration \fn _ => Simplifier.map_ss (Simplifier.set_mksym (K (K NONE)))\ subsection "mksch rewrite rules" @@ -165,7 +165,7 @@ declare compotr_simps [simp] -subsection {* COMPOSITIONALITY on TRACE Level *} +subsection \COMPOSITIONALITY on TRACE Level\ subsubsection "Lemmata for ==>" @@ -201,8 +201,8 @@ "!!A B. compatible A B ==> ! schA schB. Forall (%x. x:act (A\B)) tr --> Forall (%x. x:act (A\B)) (mksch A B$tr$schA$schB)" -apply (tactic {* Seq_induct_tac @{context} "tr" - [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1 *}) +apply (tactic \Seq_induct_tac @{context} "tr" + [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1\) apply auto apply (simp add: actions_of_par) apply (case_tac "a:act A") @@ -229,8 +229,8 @@ lemma ForallBnAmksch [rule_format (no_asm)]: "!!A B. compatible B A ==> ! schA schB. (Forall (%x. x:act B & x~:act A) tr --> Forall (%x. x:act B & x~:act A) (mksch A B$tr$schA$schB))" -apply (tactic {* Seq_induct_tac @{context} "tr" - [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1 *}) +apply (tactic \Seq_induct_tac @{context} "tr" + [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1\) apply auto apply (rule Forall_Conc_impl [THEN mp]) apply (simp add: intA_is_not_actB int_is_act) @@ -239,8 +239,8 @@ lemma ForallAnBmksch [rule_format (no_asm)]: "!!A B. compatible A B ==> ! schA schB. (Forall (%x. x:act A & x~:act B) tr --> Forall (%x. x:act A & x~:act B) (mksch A B$tr$schA$schB))" -apply (tactic {* Seq_induct_tac @{context} "tr" - [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1 *}) +apply (tactic \Seq_induct_tac @{context} "tr" + [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1\) apply auto apply (rule Forall_Conc_impl [THEN mp]) apply (simp add: intA_is_not_actB int_is_act) @@ -414,8 +414,8 @@ Filter (%a. a:act B)$tr << Filter (%a. a:ext B)$schB --> Filter (%a. a:ext (A\B))$(mksch A B$tr$schA$schB) = tr" -apply (tactic {* Seq_induct_tac @{context} "tr" - [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1 *}) +apply (tactic \Seq_induct_tac @{context} "tr" + [@{thm Forall_def}, @{thm sforall_def}, @{thm mksch_def}] 1\) (* main case *) (* splitting into 4 cases according to a:A, a:B *) apply auto @@ -955,7 +955,7 @@ -subsection {* COMPOSITIONALITY on TRACE Level -- for Modules *} +subsection \COMPOSITIONALITY on TRACE Level -- for Modules\ lemma compositionality_tr_modules: @@ -970,7 +970,7 @@ done -declaration {* fn _ => Simplifier.map_ss (Simplifier.set_mksym Simplifier.default_mk_sym) *} +declaration \fn _ => Simplifier.map_ss (Simplifier.set_mksym Simplifier.default_mk_sym)\ end diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Compositionality.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Compositionality.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Compositionality.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Compositionality of I/O automata *} +section \Compositionality of I/O automata\ theory Compositionality imports CompoTraces begin diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Deadlock.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Deadlock.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Deadlock.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,13 +2,13 @@ Author: Olaf Müller *) -section {* Deadlock freedom of I/O Automata *} +section \Deadlock freedom of I/O Automata\ theory Deadlock imports RefCorrectness CompoScheds begin -text {* input actions may always be added to a schedule *} +text \input actions may always be added to a schedule\ lemma scheds_input_enabled: "[| Filter (%x. x:act A)$sch : schedules A; a:inp A; input_enabled A; Finite sch|] @@ -17,7 +17,7 @@ apply auto apply (frule inp_is_act) apply (simp add: executions_def) -apply (tactic {* pair_tac @{context} "ex" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) apply (rename_tac s ex) apply (subgoal_tac "Finite ex") prefer 2 @@ -47,12 +47,12 @@ apply assumption done -text {* +text \ Deadlock freedom: component B cannot block an out or int action of component A in every schedule. Needs compositionality on schedule level, input-enabledness, compatibility and distributivity of is_exec_frag over @@ -*} +\ declare split_if [split del] lemma IOA_deadlock_free: "[| a : local A; Finite sch; sch : schedules (A\B); diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/IOA.thy --- a/src/HOL/HOLCF/IOA/meta_theory/IOA.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/IOA.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* The theory of I/O automata in HOLCF *} +section \The theory of I/O automata in HOLCF\ theory IOA imports SimCorrectness Compositionality Deadlock diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/LiveIOA.thy --- a/src/HOL/HOLCF/IOA/meta_theory/LiveIOA.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/LiveIOA.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Live I/O automata -- specified by temproal formulas *} +section \Live I/O automata -- specified by temproal formulas\ theory LiveIOA imports TLS @@ -61,14 +61,14 @@ apply (rule_tac x = "corresp_ex A f ex" in exI) apply auto (* Traces coincide, Lemma 1 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (erule lemma_1 [THEN spec, THEN mp]) apply (simp (no_asm) add: externals_def) apply (auto)[1] apply (simp add: executions_def reachable.reachable_0) (* corresp_ex is execution, Lemma 2 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) (* start state *) apply (rule conjI) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Pred.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Pred.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Pred.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Logical Connectives lifted to predicates *} +section \Logical Connectives lifted to predicates\ theory Pred imports Main diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/RefCorrectness.thy --- a/src/HOL/HOLCF/IOA/meta_theory/RefCorrectness.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/RefCorrectness.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Correctness of Refinement Mappings in HOLCF/IOA *} +section \Correctness of Refinement Mappings in HOLCF/IOA\ theory RefCorrectness imports RefMappings @@ -180,7 +180,7 @@ !s. reachable C s & is_exec_frag C (s,xs) --> mk_trace C$xs = mk_trace A$(snd (corresp_ex A f (s,xs)))" apply (unfold corresp_ex_def) -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) (* cons case *) apply (auto simp add: mk_traceConc) apply (frule reachable.reachable_n) @@ -208,7 +208,7 @@ --> is_exec_frag A (s,xs @@ ys))" apply (rule impI) -apply (tactic {* Seq_Finite_induct_tac @{context} 1 *}) +apply (tactic \Seq_Finite_induct_tac @{context} 1\) (* main case *) apply (auto simp add: split_paired_all) done @@ -228,7 +228,7 @@ apply (unfold corresp_ex_def) apply simp -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}] 1\) (* main case *) apply auto apply (rule_tac t = "f x2" in lemma_2_1) @@ -271,13 +271,13 @@ apply (rule_tac x = "corresp_ex A f ex" in bexI) (* Traces coincide, Lemma 1 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (erule lemma_1 [THEN spec, THEN mp]) apply assumption+ apply (simp add: executions_def reachable.reachable_0) (* corresp_ex is execution, Lemma 2 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) (* start state *) apply (rule conjI) @@ -322,13 +322,13 @@ apply auto (* Traces coincide, Lemma 1 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (erule lemma_1 [THEN spec, THEN mp]) apply assumption+ apply (simp add: executions_def reachable.reachable_0) (* corresp_ex is execution, Lemma 2 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) (* start state *) apply (rule conjI) @@ -349,14 +349,14 @@ apply auto (* Traces coincide, Lemma 1 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (erule lemma_1 [THEN spec, THEN mp]) apply (simp (no_asm) add: externals_def) apply (auto)[1] apply (simp add: executions_def reachable.reachable_0) (* corresp_ex is execution, Lemma 2 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) (* start state *) apply (rule conjI) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/RefMappings.thy --- a/src/HOL/HOLCF/IOA/meta_theory/RefMappings.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/RefMappings.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Refinement Mappings in HOLCF/IOA *} +section \Refinement Mappings in HOLCF/IOA\ theory RefMappings imports Traces diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Seq.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Seq.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Seq.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Partial, Finite and Infinite Sequences (lazy lists), modeled as domain *} +section \Partial, Finite and Infinite Sequences (lazy lists), modeled as domain\ theory Seq imports "../../HOLCF" @@ -51,9 +51,9 @@ "Infinite x == ~(seq_finite x)" -subsection {* recursive equations of operators *} +subsection \recursive equations of operators\ -subsubsection {* smap *} +subsubsection \smap\ fixrec smap :: "('a -> 'b) -> 'a seq -> 'b seq" @@ -64,7 +64,7 @@ lemma smap_UU [simp]: "smap$f$UU=UU" by fixrec_simp -subsubsection {* sfilter *} +subsubsection \sfilter\ fixrec sfilter :: "('a -> tr) -> 'a seq -> 'a seq" @@ -77,7 +77,7 @@ lemma sfilter_UU [simp]: "sfilter$P$UU=UU" by fixrec_simp -subsubsection {* sforall2 *} +subsubsection \sforall2\ fixrec sforall2 :: "('a -> tr) -> 'a seq -> tr" @@ -92,7 +92,7 @@ definition sforall_def: "sforall P t == (sforall2$P$t ~=FF)" -subsubsection {* stakewhile *} +subsubsection \stakewhile\ fixrec stakewhile :: "('a -> tr) -> 'a seq -> 'a seq" @@ -105,7 +105,7 @@ lemma stakewhile_UU [simp]: "stakewhile$P$UU=UU" by fixrec_simp -subsubsection {* sdropwhile *} +subsubsection \sdropwhile\ fixrec sdropwhile :: "('a -> tr) -> 'a seq -> 'a seq" @@ -118,7 +118,7 @@ lemma sdropwhile_UU [simp]: "sdropwhile$P$UU=UU" by fixrec_simp -subsubsection {* slast *} +subsubsection \slast\ fixrec slast :: "'a seq -> 'a" @@ -130,7 +130,7 @@ lemma slast_UU [simp]: "slast$UU=UU" by fixrec_simp -subsubsection {* sconc *} +subsubsection \sconc\ fixrec sconc :: "'a seq -> 'a seq -> 'a seq" @@ -153,7 +153,7 @@ declare sconc_cons' [simp del] -subsubsection {* sflat *} +subsubsection \sflat\ fixrec sflat :: "('a seq) seq -> 'a seq" @@ -169,7 +169,7 @@ declare sflat_cons' [simp del] -subsubsection {* szip *} +subsubsection \szip\ fixrec szip :: "'a seq -> 'b seq -> ('a*'b) seq" diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Sequence.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Sequence.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Sequence.thy Wed Dec 30 21:57:52 2015 +0100 @@ -93,7 +93,7 @@ by (simp add: Map_def Consq_def flift2_def) -subsubsection {* Filter *} +subsubsection \Filter\ lemma Filter_UU: "Filter P$UU =UU" by (simp add: Filter_def) @@ -106,7 +106,7 @@ by (simp add: Filter_def Consq_def flift2_def If_and_if) -subsubsection {* Forall *} +subsubsection \Forall\ lemma Forall_UU: "Forall P UU" by (simp add: Forall_def sforall_def) @@ -118,13 +118,13 @@ by (simp add: Forall_def sforall_def Consq_def flift2_def) -subsubsection {* Conc *} +subsubsection \Conc\ lemma Conc_cons: "(x\xs) @@ y = x\(xs @@y)" by (simp add: Consq_def) -subsubsection {* Takewhile *} +subsubsection \Takewhile\ lemma Takewhile_UU: "Takewhile P$UU =UU" by (simp add: Takewhile_def) @@ -137,7 +137,7 @@ by (simp add: Takewhile_def Consq_def flift2_def If_and_if) -subsubsection {* DropWhile *} +subsubsection \DropWhile\ lemma Dropwhile_UU: "Dropwhile P$UU =UU" by (simp add: Dropwhile_def) @@ -150,7 +150,7 @@ by (simp add: Dropwhile_def Consq_def flift2_def If_and_if) -subsubsection {* Last *} +subsubsection \Last\ lemma Last_UU: "Last$UU =UU" by (simp add: Last_def) @@ -165,7 +165,7 @@ done -subsubsection {* Flat *} +subsubsection \Flat\ lemma Flat_UU: "Flat$UU =UU" by (simp add: Flat_def) @@ -177,7 +177,7 @@ by (simp add: Flat_def Consq_def) -subsubsection {* Zip *} +subsubsection \Zip\ lemma Zip_unfold: "Zip = (LAM t1 t2. case t1 of @@ -1075,7 +1075,7 @@ done -ML {* +ML \ fun Seq_case_tac ctxt s i = Rule_Insts.res_inst_tac ctxt [((("x", 0), Position.none), s)] [] @{thm Seq_cases} i @@ -1109,6 +1109,6 @@ THEN (REPEAT_DETERM (CHANGED (simp_tac ctxt (i+1)))) THEN simp_tac (ctxt addsimps rws) i; -*} +\ end diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/ShortExecutions.thy --- a/src/HOL/HOLCF/IOA/meta_theory/ShortExecutions.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/ShortExecutions.thy Wed Dec 30 21:57:52 2015 +0100 @@ -6,12 +6,12 @@ imports Traces begin -text {* - Some properties about @{text "Cut ex"}, defined as follows: +text \ + Some properties about \Cut ex\, defined as follows: - For every execution ex there is another shorter execution @{text "Cut ex"} + For every execution ex there is another shorter execution \Cut ex\ that has the same trace as ex, but its schedule ends with an external action. -*} +\ definition oraclebuild :: "('a => bool) => 'a Seq -> 'a Seq -> 'a Seq" where @@ -47,12 +47,12 @@ LastActExtsmall2: "[| Finite sch1; LastActExtsch A (sch1 @@ sch2) |] ==> LastActExtsch A sch2" -ML {* +ML \ fun thin_tac' ctxt j = rotate_tac (j - 1) THEN' eresolve_tac ctxt [thin_rl] THEN' rotate_tac (~ (j - 1)) -*} +\ subsection "oraclebuild rewrite rules" @@ -225,7 +225,7 @@ apply auto apply (rule_tac x = "filter_act$ (Cut (%a. fst a:ext A) (snd ex))" in exI) apply (simp add: executions_def) -apply (tactic {* pair_tac @{context} "ex" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) apply auto apply (rule_tac x = " (x1,Cut (%a. fst a:ext A) x2) " in exI) apply (simp (no_asm_simp)) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/SimCorrectness.thy --- a/src/HOL/HOLCF/IOA/meta_theory/SimCorrectness.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/SimCorrectness.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Correctness of Simulations in HOLCF/IOA *} +section \Correctness of Simulations in HOLCF/IOA\ theory SimCorrectness imports Simulations @@ -156,7 +156,7 @@ done -subsection {* TRACE INCLUSION Part 1: Traces coincide *} +subsection \TRACE INCLUSION Part 1: Traces coincide\ subsubsection "Lemmata for <==" @@ -170,7 +170,7 @@ !s s'. reachable C s & is_exec_frag C (s,ex) & (s,s'): R --> mk_trace C$ex = mk_trace A$((corresp_ex_simC A R$ex) s')" -apply (tactic {* pair_induct_tac @{context} "ex" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "ex" [@{thm is_exec_frag_def}] 1\) (* cons case *) apply auto apply (rename_tac ex a t s s') @@ -195,7 +195,7 @@ !s s'. reachable C s & is_exec_frag C (s,ex) & (s,s'):R --> is_exec_frag A (s',(corresp_ex_simC A R$ex) s')" -apply (tactic {* pair_induct_tac @{context} "ex" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "ex" [@{thm is_exec_frag_def}] 1\) (* main case *) apply auto apply (rename_tac ex a t s s') @@ -265,7 +265,7 @@ apply (rule_tac x = "corresp_ex_sim A R ex" in bexI) (* Traces coincide, Lemma 1 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (rename_tac s ex) apply (simp (no_asm) add: corresp_ex_sim_def) apply (rule_tac s = "s" in traces_coincide_sim) @@ -273,7 +273,7 @@ apply (simp add: executions_def reachable.reachable_0 sim_starts1) (* corresp_ex_sim is execution, Lemma 2 *) - apply (tactic {* pair_tac @{context} "ex" 1 *}) + apply (tactic \pair_tac @{context} "ex" 1\) apply (simp add: executions_def) apply (rename_tac s ex) diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Simulations.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Simulations.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Simulations.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Simulations in HOLCF/IOA *} +section \Simulations in HOLCF/IOA\ theory Simulations imports RefCorrectness diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/TL.thy --- a/src/HOL/HOLCF/IOA/meta_theory/TL.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/TL.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* A General Temporal Logic *} +section \A General Temporal Logic\ theory TL imports Pred Sequence @@ -147,7 +147,7 @@ "s~=UU & s~=nil --> tsuffix s2 (TL$s) --> tsuffix s2 s" apply (unfold tsuffix_def suffix_def) apply auto -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) apply (rule_tac x = "a\s1" in exI) apply auto done diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/TLS.thy --- a/src/HOL/HOLCF/IOA/meta_theory/TLS.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/TLS.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Temporal Logic of Steps -- tailored for I/O automata *} +section \Temporal Logic of Steps -- tailored for I/O automata\ theory TLS imports IOA TL @@ -92,10 +92,10 @@ lemmas [simp del] = HOL.ex_simps HOL.all_simps split_paired_Ex -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *} +setup \map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\ -subsection {* ex2seqC *} +subsection \ex2seqC\ lemma ex2seqC_unfold: "ex2seqC = (LAM ex. (%s. case ex of nil => (s,None,s)\nil @@ -151,13 +151,13 @@ lemma ex2seq_nUUnnil: "ex2seq exec ~= UU & ex2seq exec ~= nil" -apply (tactic {* pair_tac @{context} "exec" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "exec" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done -subsection {* Interface TL -- TLS *} +subsection \Interface TL -- TLS\ (* uses the fact that in executions states overlap, which is lost in after the translation via ex2seq !! *) @@ -172,31 +172,31 @@ apply (simp split add: split_if) (* TL = UU *) apply (rule conjI) -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) (* TL = nil *) apply (rule conjI) -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_tac @{context} "x2" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_tac @{context} "x2" 1\) apply (simp add: unlift_def) apply fast apply (simp add: unlift_def) apply fast apply (simp add: unlift_def) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) (* TL =cons *) apply (simp add: unlift_def) -apply (tactic {* pair_tac @{context} "ex" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "x2" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \pair_tac @{context} "ex" 1\) +apply (tactic \Seq_case_simp_tac @{context} "x2" 1\) +apply (tactic \pair_tac @{context} "a" 1\) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) done end diff -r 1f2788fb0b8b -r f1599e98c4d0 src/HOL/HOLCF/IOA/meta_theory/Traces.thy --- a/src/HOL/HOLCF/IOA/meta_theory/Traces.thy Wed Dec 30 21:56:12 2015 +0100 +++ b/src/HOL/HOLCF/IOA/meta_theory/Traces.thy Wed Dec 30 21:57:52 2015 +0100 @@ -2,7 +2,7 @@ Author: Olaf Müller *) -section {* Executions and Traces of I/O automata in HOLCF *} +section \Executions and Traces of I/O automata in HOLCF\ theory Traces imports Sequence Automata @@ -203,7 +203,7 @@ lemmas [simp del] = HOL.ex_simps HOL.all_simps split_paired_Ex declare Let_def [simp] -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *} +setup \map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\ lemmas exec_rws = executions_def is_exec_frag_def @@ -367,8 +367,8 @@ lemma execfrag_in_sig: "!! A. is_trans_of A ==> ! s. is_exec_frag A (s,xs) --> Forall (%a. a:act A) (filter_act$xs)" -apply (tactic {* pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, - @{thm Forall_def}, @{thm sforall_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "xs" [@{thm is_exec_frag_def}, + @{thm Forall_def}, @{thm sforall_def}] 1\) (* main case *) apply (auto simp add: is_trans_of_def) done @@ -377,7 +377,7 @@ "!! A.[| is_trans_of A; x:executions A |] ==> Forall (%a. a:act A) (filter_act$(snd x))" apply (simp add: executions_def) -apply (tactic {* pair_tac @{context} "x" 1 *}) +apply (tactic \pair_tac @{context} "x" 1\) apply (rule execfrag_in_sig [THEN spec, THEN mp]) apply auto done @@ -394,10 +394,10 @@ (* only admissible in y, not if done in x !! *) lemma execfrag_prefixclosed: "!x s. is_exec_frag A (s,x) & y< is_exec_frag A (s,y)" -apply (tactic {* pair_induct_tac @{context} "y" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "y" [@{thm is_exec_frag_def}] 1\) apply (intro strip) -apply (tactic {* Seq_case_simp_tac @{context} "x" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "x" 1\) +apply (tactic \pair_tac @{context} "a" 1\) apply auto done @@ -409,10 +409,10 @@ lemma exec_prefix2closed [rule_format]: "! y s. is_exec_frag A (s,x@@y) --> is_exec_frag A (s,x)" -apply (tactic {* pair_induct_tac @{context} "x" [@{thm is_exec_frag_def}] 1 *}) +apply (tactic \pair_induct_tac @{context} "x" [@{thm is_exec_frag_def}] 1\) apply (intro strip) -apply (tactic {* Seq_case_simp_tac @{context} "s" 1 *}) -apply (tactic {* pair_tac @{context} "a" 1 *}) +apply (tactic \Seq_case_simp_tac @{context} "s" 1\) +apply (tactic \pair_tac @{context} "a" 1\) apply auto done