--- a/src/CCL/Gfp.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/CCL/Gfp.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,7 +10,7 @@
begin
definition
- gfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> "greatest fixed point"
+ gfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> \<open>greatest fixed point\<close>
"gfp(f) == Union({u. u <= f(u)})"
(* gfp(f) is the least upper bound of {u. u <= f(u)} *)
--- a/src/CCL/Lfp.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/CCL/Lfp.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,7 +10,7 @@
begin
definition
- lfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> "least fixed point"
+ lfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> \<open>least fixed point\<close>
"lfp(f) == Inter({u. f(u) <= u})"
(* lfp(f) is the greatest lower bound of {u. f(u) <= u} *)
--- a/src/CTT/CTT.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/CTT/CTT.thy Tue Jan 16 09:30:00 2018 +0100
@@ -239,12 +239,10 @@
\<comment> \<open>The type T\<close>
- \<comment> \<open>
- Martin-Löf's book (page 68) discusses elimination and computation.
+ \<comment> \<open>Martin-Löf's book (page 68) discusses elimination and computation.
Elimination can be derived by computation and equality of types,
but with an extra premise \<open>C(x)\<close> type \<open>x:T\<close>.
- Also computation can be derived from elimination.
- \<close>
+ Also computation can be derived from elimination.\<close>
TF: "T type" and
TI: "tt : T" and
--- a/src/Doc/Eisbach/Manual.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Eisbach/Manual.thy Tue Jan 16 09:30:00 2018 +0100
@@ -249,16 +249,16 @@
\<close>
lemmas [intros] =
- conjI \<comment> \<open>@{thm conjI}\<close>
- impI \<comment> \<open>@{thm impI}\<close>
- disjCI \<comment> \<open>@{thm disjCI}\<close>
- iffI \<comment> \<open>@{thm iffI}\<close>
- notI \<comment> \<open>@{thm notI}\<close>
+ conjI \<comment> \<open>@{thm conjI}\<close>
+ impI \<comment> \<open>@{thm impI}\<close>
+ disjCI \<comment> \<open>@{thm disjCI}\<close>
+ iffI \<comment> \<open>@{thm iffI}\<close>
+ notI \<comment> \<open>@{thm notI}\<close>
lemmas [elims] =
- impCE \<comment> \<open>@{thm impCE}\<close>
- conjE \<comment> \<open>@{thm conjE}\<close>
- disjE \<comment> \<open>@{thm disjE}\<close>
+ impCE \<comment> \<open>@{thm impCE}\<close>
+ conjE \<comment> \<open>@{thm conjE}\<close>
+ disjE \<comment> \<open>@{thm disjE}\<close>
lemma "(A \<or> B) \<and> (A \<longrightarrow> C) \<and> (B \<longrightarrow> C) \<longrightarrow> C"
by prop_solver
--- a/src/Doc/Functions/Functions.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Functions/Functions.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1095,11 +1095,11 @@
let ?R = "measure (\<lambda>x. 101 - x)"
show "wf ?R" ..
- fix n :: nat assume "\<not> 100 < n" \<comment> "Assumptions for both calls"
+ fix n :: nat assume "\<not> 100 < n" \<comment> \<open>Assumptions for both calls\<close>
- thus "(n + 11, n) \<in> ?R" by simp \<comment> "Inner call"
+ thus "(n + 11, n) \<in> ?R" by simp \<comment> \<open>Inner call\<close>
- assume inner_trm: "f91_dom (n + 11)" \<comment> "Outer call"
+ assume inner_trm: "f91_dom (n + 11)" \<comment> \<open>Outer call\<close>
with f91_estimate have "n + 11 < f91 (n + 11) + 11" .
with \<open>\<not> 100 < n\<close> show "(f91 (n + 11), n) \<in> ?R" by simp
qed
--- a/src/Doc/Isar_Ref/Synopsis.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Isar_Ref/Synopsis.thy Tue Jan 16 09:30:00 2018 +0100
@@ -669,9 +669,9 @@
begin
assume a: A and b: B
thm conjI
- thm conjI [of A B] \<comment> "instantiation"
- thm conjI [of A B, OF a b] \<comment> "instantiation and composition"
- thm conjI [OF a b] \<comment> "composition via unification (trivial)"
+ thm conjI [of A B] \<comment> \<open>instantiation\<close>
+ thm conjI [of A B, OF a b] \<comment> \<open>instantiation and composition\<close>
+ thm conjI [OF a b] \<comment> \<open>composition via unification (trivial)\<close>
thm conjI [OF \<open>A\<close> \<open>B\<close>]
thm conjI [OF disjI1]
@@ -704,9 +704,9 @@
fix x
assume "A x"
show "B x" \<proof>
- } \<comment> "implicit block structure made explicit"
+ } \<comment> \<open>implicit block structure made explicit\<close>
note \<open>\<And>x. A x \<Longrightarrow> B x\<close>
- \<comment> "side exit for the resulting rule"
+ \<comment> \<open>side exit for the resulting rule\<close>
qed
end
@@ -722,10 +722,10 @@
begin
assume r\<^sub>1: "A \<Longrightarrow> B \<Longrightarrow> C" \<comment> \<open>simple rule (Horn clause)\<close>
- have A \<proof> \<comment> "prefix of facts via outer sub-proof"
+ have A \<proof> \<comment> \<open>prefix of facts via outer sub-proof\<close>
then have C
proof (rule r\<^sub>1)
- show B \<proof> \<comment> "remaining rule premises via inner sub-proof"
+ show B \<proof> \<comment> \<open>remaining rule premises via inner sub-proof\<close>
qed
have C
--- a/src/Doc/Logics_ZF/FOL_examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Logics_ZF/FOL_examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -3,22 +3,22 @@
theory FOL_examples imports FOL begin
lemma "EX y. ALL x. P(y)-->P(x)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule exCI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule allI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule allE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
txt\<open>see below for @{text allI} combined with @{text swap}\<close>
apply (erule allI [THEN [2] swap])
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule notE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
done
--- a/src/Doc/Logics_ZF/IFOL_examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Logics_ZF/IFOL_examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -4,35 +4,35 @@
text\<open>Quantifier example from the book Logic and Computation\<close>
lemma "(EX y. ALL x. Q(x,y)) --> (ALL x. EX y. Q(x,y))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule allI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule exI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule exE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule allE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
txt\<open>Now @{text "apply assumption"} fails\<close>
oops
text\<open>Trying again, with the same first two steps\<close>
lemma "(EX y. ALL x. Q(x,y)) --> (ALL x. EX y. Q(x,y))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule allI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule exE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule exI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule allE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
done
lemma "(EX y. ALL x. Q(x,y)) --> (ALL x. EX y. Q(x,y))"
@@ -40,17 +40,17 @@
text\<open>Example of Dyckhoff's method\<close>
lemma "~ ~ ((P-->Q) | (Q-->P))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (unfold not_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule disj_impE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule imp_impE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule imp_impE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
apply (erule FalseE)+
done
--- a/src/Doc/Logics_ZF/If.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Logics_ZF/If.thy Tue Jan 16 09:30:00 2018 +0100
@@ -12,32 +12,32 @@
lemma ifI:
"[| P ==> Q; ~P ==> R |] ==> if(P,Q,R)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (simp add: if_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply blast
done
lemma ifE:
"[| if(P,Q,R); [| P; Q |] ==> S; [| ~P; R |] ==> S |] ==> S"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (simp add: if_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply blast
done
lemma if_commute: "if(P, if(Q,A,B), if(Q,C,D)) <-> if(Q, if(P,A,C), if(P,B,D))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule iffI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule ifE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule ifE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule ifI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule ifI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
oops
text\<open>Trying again from the beginning in order to use @{text blast}\<close>
@@ -49,34 +49,34 @@
lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,A,B))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by blast
text\<open>Trying again from the beginning in order to prove from the definitions\<close>
lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,A,B))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (simp add: if_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply blast
done
text\<open>An invalid formula. High-level rules permit a simpler diagnosis\<close>
lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,B,A))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply auto
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
(*The next step will fail unless subgoals remain*)
apply (tactic all_tac)
oops
text\<open>Trying again from the beginning in order to prove from the definitions\<close>
lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,B,A))"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (simp add: if_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (auto)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
(*The next step will fail unless subgoals remain*)
apply (tactic all_tac)
oops
--- a/src/Doc/Logics_ZF/ZF_examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Logics_ZF/ZF_examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -14,9 +14,9 @@
text\<open>Induction via tactic emulation\<close>
lemma Br_neq_left [rule_format]: "l \<in> bt(A) ==> \<forall>x r. Br(x, l, r) \<noteq> l"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (induct_tac l)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply auto
done
@@ -27,18 +27,18 @@
text\<open>The new induction method, which I don't understand\<close>
lemma Br_neq_left': "l \<in> bt(A) ==> (!!x r. Br(x, l, r) \<noteq> l)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (induct set: bt)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply auto
done
lemma Br_iff: "Br(a,l,r) = Br(a',l',r') <-> a=a' & l=l' & r=r'"
- \<comment> "Proving a freeness theorem."
+ \<comment> \<open>Proving a freeness theorem.\<close>
by (blast elim!: bt.free_elims)
inductive_cases Br_in_bt: "Br(a,l,r) \<in> bt(A)"
- \<comment> "An elimination rule, for type-checking."
+ \<comment> \<open>An elimination rule, for type-checking.\<close>
text \<open>
@{thm[display] Br_in_bt[no_vars]}
@@ -124,25 +124,25 @@
done
lemma "Pow(A Int B) = Pow(A) Int Pow(B)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule equalityI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Int_greatest)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Int_lower1 [THEN Pow_mono])
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Int_lower2 [THEN Pow_mono])
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule subsetI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule IntE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule PowI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (drule PowD)+
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Int_greatest)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (assumption+)
done
@@ -152,50 +152,50 @@
lemma "C\<subseteq>D ==> Union(C) \<subseteq> Union(D)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule subsetI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule UnionE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule UnionI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule subsetD)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
done
text\<open>A more abstract version of the same proof\<close>
lemma "C\<subseteq>D ==> Union(C) \<subseteq> Union(D)"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Union_least)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule Union_upper)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule subsetD, assumption)
done
lemma "[| a \<in> A; f \<in> A->B; g \<in> C->D; A \<inter> C = 0 |] ==> (f \<union> g)`a = f`a"
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule apply_equality)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule UnI1)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule apply_Pair)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule fun_disjoint_Un)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
done
--- a/src/Doc/Prog_Prove/Isar.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Prog_Prove/Isar.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1153,10 +1153,10 @@
proof(induction "Suc m" arbitrary: m rule: ev.induct)
fix n assume IH: "\<And>m. n = Suc m \<Longrightarrow> \<not> ev m"
show "\<not> ev (Suc n)"
- proof \<comment>"contradiction"
+ proof \<comment> \<open>contradiction\<close>
assume "ev(Suc n)"
thus False
- proof cases \<comment>"rule inversion"
+ proof cases \<comment> \<open>rule inversion\<close>
fix k assume "n = Suc k" "ev k"
thus False using IH by auto
qed
--- a/src/Doc/Sugar/Sugar.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Sugar/Sugar.thy Tue Jan 16 09:30:00 2018 +0100
@@ -455,7 +455,7 @@
\<close>
lemma True
proof -
- \<comment> "pretty trivial"
+ \<comment> \<open>pretty trivial\<close>
show True by force
qed
text_raw \<open>
--- a/src/Doc/Tutorial/Documents/Documents.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Documents/Documents.thy Tue Jan 16 09:30:00 2018 +0100
@@ -484,9 +484,9 @@
\<close>
lemma "A --> A"
- \<comment> "a triviality of propositional logic"
- \<comment> "(should not really bother)"
- by (rule impI) \<comment> "implicit assumption step involved here"
+ \<comment> \<open>a triviality of propositional logic\<close>
+ \<comment> \<open>(should not really bother)\<close>
+ by (rule impI) \<comment> \<open>implicit assumption step involved here\<close>
text \<open>
\noindent The above output has been produced as follows:
--- a/src/Doc/Tutorial/Protocol/Event.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Protocol/Event.thy Tue Jan 16 09:30:00 2018 +0100
@@ -73,7 +73,7 @@
Says A B X => parts {X} \<union> used evs
| Gets A X => used evs
| Notes A X => parts {X} \<union> used evs)"
- \<comment>\<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
+ \<comment> \<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
follows @{term Says} in real protocols. Seems difficult to change.
See @{text Gets_correct} in theory @{text "Guard/Extensions.thy"}.\<close>
--- a/src/Doc/Tutorial/Protocol/Message.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Protocol/Message.thy Tue Jan 16 09:30:00 2018 +0100
@@ -35,7 +35,7 @@
type_synonym key = nat
consts invKey :: "key \<Rightarrow> key"
(*<*)
-consts all_symmetric :: bool \<comment>\<open>true if all keys are symmetric\<close>
+consts all_symmetric :: bool \<comment> \<open>true if all keys are symmetric\<close>
specification (invKey)
invKey [simp]: "invKey (invKey K) = K"
@@ -88,7 +88,7 @@
definition keysFor :: "msg set => key set" where
- \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
+ \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
"keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
--- a/src/Doc/Tutorial/Rules/Basic.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Rules/Basic.thy Tue Jan 16 09:30:00 2018 +0100
@@ -90,11 +90,11 @@
lemma "\<lbrakk>x = f x; triple (f x) (f x) x\<rbrakk> \<Longrightarrow> triple x x x"
apply (erule ssubst)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply assumption
done
@@ -148,9 +148,9 @@
lemma "\<lbrakk>\<not>(P\<longrightarrow>Q); \<not>(R\<longrightarrow>Q)\<rbrakk> \<Longrightarrow> R"
apply (erule_tac Q="R\<longrightarrow>Q" in contrapos_np)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (intro impI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by (erule notE)
text \<open>
@@ -160,11 +160,11 @@
lemma "(P \<or> Q) \<and> R \<Longrightarrow> P \<or> Q \<and> R"
apply (intro disjCI conjI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (elim conjE disjE)
apply assumption
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by (erule contrapos_np, rule conjI)
text\<open>
@@ -240,18 +240,18 @@
text\<open>rename_tac\<close>
lemma "x < y \<Longrightarrow> \<forall>x y. P x (f y)"
apply (intro allI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rename_tac v w)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
oops
lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (h x); P a\<rbrakk> \<Longrightarrow> P(h (h a))"
apply (frule spec)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (drule mp, assumption)
apply (drule spec)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by (drule mp)
lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (f x); P a\<rbrakk> \<Longrightarrow> P(f (f a))"
@@ -275,11 +275,11 @@
lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (h x); P a\<rbrakk> \<Longrightarrow> P(h (h a))"
apply (frule spec)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (drule mp, assumption)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (drule_tac x = "h a" in spec)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by (drule mp)
text \<open>
@@ -289,15 +289,15 @@
lemma mult_dvd_mono: "\<lbrakk>i dvd m; j dvd n\<rbrakk> \<Longrightarrow> i*j dvd (m*n :: nat)"
apply (simp add: dvd_def)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule exE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (erule exE)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rename_tac l)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule_tac x="k*l" in exI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply simp
done
@@ -433,11 +433,11 @@
lemma "\<forall>y. R y y \<Longrightarrow> \<exists>x. \<forall>y. R x y"
apply (rule exI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (rule allI)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (drule spec)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
oops
lemma "\<forall>x. \<exists>y. x=y"
--- a/src/Doc/Tutorial/Rules/TPrimes.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Rules/TPrimes.thy Tue Jan 16 09:30:00 2018 +0100
@@ -29,13 +29,13 @@
(*gcd(m,n) divides m and n. The conjunctions don't seem provable separately*)
lemma gcd_dvd_both: "(gcd m n dvd m) \<and> (gcd m n dvd n)"
apply (induct_tac m n rule: gcd.induct)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (case_tac "n=0")
txt\<open>subgoals after the case tac
@{subgoals[display,indent=0,margin=65]}
\<close>
apply (simp_all)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
by (blast dest: dvd_mod_imp_dvd)
--- a/src/Doc/Tutorial/Rules/Tacticals.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Rules/Tacticals.thy Tue Jan 16 09:30:00 2018 +0100
@@ -22,18 +22,18 @@
text\<open>defer and prefer\<close>
lemma "hard \<and> (P \<or> ~P) \<and> (Q\<longrightarrow>Q)"
-apply (intro conjI) \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-defer 1 \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-apply blast+ \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+apply (intro conjI) \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+defer 1 \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+apply blast+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
oops
lemma "ok1 \<and> ok2 \<and> doubtful"
-apply (intro conjI) \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
-prefer 3 \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+apply (intro conjI) \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
+prefer 3 \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
oops
lemma "bigsubgoal1 \<and> bigsubgoal2 \<and> bigsubgoal3 \<and> bigsubgoal4 \<and> bigsubgoal5 \<and> bigsubgoal6"
-apply (intro conjI) \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+apply (intro conjI) \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
txt\<open>@{subgoals[display,indent=0,margin=65]}
A total of 6 subgoals...
\<close>
--- a/src/Doc/Tutorial/Types/Numbers.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/Doc/Tutorial/Types/Numbers.thy Tue Jan 16 09:30:00 2018 +0100
@@ -71,14 +71,14 @@
lemma "(n - 1) * (n + 1) = n * n - (1::nat)"
apply (clarsimp split: nat_diff_split iff del: less_Suc0)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (subgoal_tac "n=0", force, arith)
done
lemma "(n - 2) * (n + 2) = n * n - (4::nat)"
apply (simp split: nat_diff_split, clarify)
- \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
+ \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
apply (subgoal_tac "n=0 | n=1", force, arith)
done
--- a/src/FOL/ex/Intuitionistic.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/FOL/ex/Intuitionistic.thy Tue Jan 16 09:30:00 2018 +0100
@@ -82,12 +82,12 @@
The attempt to prove them terminates quickly!\<close>
lemma "((P \<longrightarrow> Q) \<longrightarrow> P) \<longrightarrow> P"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
-apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
lemma "(P \<and> Q \<longrightarrow> R) \<longrightarrow> (P \<longrightarrow> R) \<or> (Q \<longrightarrow> R)"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
-apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
@@ -121,7 +121,7 @@
lemma
"(\<forall>x. \<exists>y. \<forall>z. p(x) \<and> q(y) \<and> r(z)) \<longleftrightarrow>
(\<forall>z. \<exists>y. \<forall>x. p(x) \<and> q(y) \<and> r(z))"
- by (tactic \<open>IntPr.best_dup_tac @{context} 1\<close>) \<comment>\<open>SLOW\<close>
+ by (tactic \<open>IntPr.best_dup_tac @{context} 1\<close>) \<comment> \<open>SLOW\<close>
text\<open>Problem 3.1\<close>
lemma "\<not> (\<exists>x. \<forall>y. mem(y,x) \<longleftrightarrow> \<not> mem(x,x))"
@@ -239,28 +239,28 @@
lemma "((\<forall>x. P(x)) \<longrightarrow> Q) \<longrightarrow> (\<exists>x. P(x) \<longrightarrow> Q)"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
- apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+ apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
lemma "(P \<longrightarrow> (\<exists>x. Q(x))) \<longrightarrow> (\<exists>x. P \<longrightarrow> Q(x))"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
- apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+ apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
lemma "(\<forall>x. P(x) \<or> Q) \<longrightarrow> ((\<forall>x. P(x)) \<or> Q)"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
- apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+ apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
lemma "(\<forall>x. \<not> \<not> P(x)) \<longrightarrow> \<not> \<not> (\<forall>x. P(x))"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
- apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+ apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
text \<open>Classically but not intuitionistically valid. Proved by a bug in 1986!\<close>
lemma "\<exists>x. Q(x) \<longrightarrow> (\<forall>x. Q(x))"
apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
- apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
+ apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
oops
@@ -326,7 +326,7 @@
"(\<not> \<not> (\<exists>x. p(x)) \<longleftrightarrow> \<not> \<not> (\<exists>x. q(x))) \<and>
(\<forall>x. \<forall>y. p(x) \<and> q(y) \<longrightarrow> (r(x) \<longleftrightarrow> s(y)))
\<longrightarrow> ((\<forall>x. p(x) \<longrightarrow> r(x)) \<longleftrightarrow> (\<forall>x. q(x) \<longrightarrow> s(x)))"
- oops \<comment>\<open>NOT PROVED\<close>
+ oops \<comment> \<open>NOT PROVED\<close>
text\<open>27\<close>
lemma
@@ -398,7 +398,7 @@
(\<forall>x z. \<not> P(x,z) \<longrightarrow> (\<exists>y. Q(y,z))) \<and>
(\<not> \<not> (\<exists>x y. Q(x,y)) \<longrightarrow> (\<forall>x. R(x,x)))
\<longrightarrow> \<not> \<not> (\<forall>x. \<exists>y. R(x,y))"
- oops \<comment>\<open>NOT PROVED\<close>
+ oops \<comment> \<open>NOT PROVED\<close>
text\<open>39\<close>
lemma "\<not> (\<exists>x. \<forall>y. F(y,x) \<longleftrightarrow> \<not> F(y,y))"
--- a/src/FOL/ex/Locale_Test/Locale_Test1.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/FOL/ex/Locale_Test/Locale_Test1.thy Tue Jan 16 09:30:00 2018 +0100
@@ -731,12 +731,12 @@
proof -
show "dgrp(prod)" by unfold_locales
from this interpret d: dgrp .
- \<comment> Unit
+ \<comment> \<open>Unit\<close>
have "dgrp.one(prod) = glob_one(prod)" by (rule d.one_def)
also have "... = glob_one(prod) ** one" by (simp add: rone)
also have "... = one" by (simp add: glob_lone)
finally show "dgrp.one(prod) = one" .
- \<comment> Inverse
+ \<comment> \<open>Inverse\<close>
then have "dgrp.inv(prod, x) ** x = inv(x) ** x" by (simp add: glob_linv d.linv linv)
then show "dgrp.inv(prod, x) = inv(x)" by (simp add: rcancel)
qed
--- a/src/FOLP/ex/Intuitionistic.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/FOLP/ex/Intuitionistic.thy Tue Jan 16 09:30:00 2018 +0100
@@ -138,7 +138,7 @@
text "Problem ~~17"
schematic_goal "?p : ~~(((P & (Q-->R))-->S) <-> ((~P | Q | S) & (~P | ~R | S)))"
- by (tactic \<open>IntPr.fast_tac @{context} 1\<close>) \<comment> slow
+ by (tactic \<open>IntPr.fast_tac @{context} 1\<close>) \<comment> \<open>slow\<close>
subsection \<open>Examples with quantifiers\<close>
@@ -261,7 +261,7 @@
(ALL x. S(x) & R(x) --> L(x)) &
(ALL x. M(x) --> R(x))
--> (ALL x. P(x) & M(x) --> L(x))"
- by (tactic "IntPr.best_tac @{context} 1") \<comment> slow
+ by (tactic "IntPr.best_tac @{context} 1") \<comment> \<open>slow\<close>
text "Problem 39"
schematic_goal "?p : ~ (EX x. ALL y. F(y,x) <-> ~F(y,y))"
@@ -270,7 +270,7 @@
text "Problem 40. AMENDED"
schematic_goal "?p : (EX y. ALL x. F(x,y) <-> F(x,x)) -->
~(ALL x. EX y. ALL z. F(z,y) <-> ~ F(z,x))"
- by (tactic "IntPr.best_tac @{context} 1") \<comment> slow
+ by (tactic "IntPr.best_tac @{context} 1") \<comment> \<open>slow\<close>
text "Problem 44"
schematic_goal "?p : (ALL x. f(x) -->
--- a/src/HOL/Algebra/AbelCoset.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/AbelCoset.thy Tue Jan 16 09:30:00 2018 +0100
@@ -41,12 +41,12 @@
definition
A_FactGroup :: "[('a,'b) ring_scheme, 'a set] \<Rightarrow> ('a set) monoid" (infixl "A'_Mod" 65)
- \<comment>\<open>Actually defined for groups rather than monoids\<close>
+ \<comment> \<open>Actually defined for groups rather than monoids\<close>
where "A_FactGroup G H = FactGroup \<lparr>carrier = carrier G, mult = add G, one = zero G\<rparr> H"
definition
a_kernel :: "('a, 'm) ring_scheme \<Rightarrow> ('b, 'n) ring_scheme \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> 'a set"
- \<comment>\<open>the kernel of a homomorphism (additive)\<close>
+ \<comment> \<open>the kernel of a homomorphism (additive)\<close>
where "a_kernel G H h =
kernel \<lparr>carrier = carrier G, mult = add G, one = zero G\<rparr>
\<lparr>carrier = carrier H, mult = add H, one = zero H\<rparr> h"
@@ -687,7 +687,7 @@
by (rule subgroup.rcos_module [OF a_subgroup a_group,
folded a_r_coset_def a_inv_def, simplified monoid_record_simps])
-\<comment>"variant"
+\<comment> \<open>variant\<close>
lemma (in abelian_subgroup) a_rcos_module_minus:
assumes "ring G"
assumes carr: "x \<in> carrier G" "x' \<in> carrier G"
--- a/src/HOL/Algebra/Bij.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Bij.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,7 +10,7 @@
definition
Bij :: "'a set \<Rightarrow> ('a \<Rightarrow> 'a) set"
- \<comment>\<open>Only extensional functions, since otherwise we get too many.\<close>
+ \<comment> \<open>Only extensional functions, since otherwise we get too many.\<close>
where "Bij S = extensional S \<inter> {f. bij_betw f S S}"
definition
--- a/src/HOL/Algebra/Coset.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Coset.thy Tue Jan 16 09:30:00 2018 +0100
@@ -85,7 +85,7 @@
lemma (in group) coset_join2:
"\<lbrakk>x \<in> carrier G; subgroup H G; x\<in>H\<rbrakk> \<Longrightarrow> H #> x = H"
- \<comment>\<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
+ \<comment> \<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
by (force simp add: subgroup.m_closed r_coset_def solve_equation)
lemma (in monoid) r_coset_subset_G:
@@ -831,7 +831,7 @@
definition
FactGroup :: "[('a,'b) monoid_scheme, 'a set] \<Rightarrow> ('a set) monoid" (infixl "Mod" 65)
- \<comment>\<open>Actually defined for groups rather than monoids\<close>
+ \<comment> \<open>Actually defined for groups rather than monoids\<close>
where "FactGroup G H = \<lparr>carrier = rcosets\<^bsub>G\<^esub> H, mult = set_mult G, one = H\<rparr>"
lemma (in normal) setmult_closed:
@@ -897,7 +897,7 @@
definition
kernel :: "('a, 'm) monoid_scheme \<Rightarrow> ('b, 'n) monoid_scheme \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> 'a set"
- \<comment>\<open>the kernel of a homomorphism\<close>
+ \<comment> \<open>the kernel of a homomorphism\<close>
where "kernel G H h = {x. x \<in> carrier G \<and> h x = \<one>\<^bsub>H\<^esub>}"
lemma (in group_hom) subgroup_kernel: "subgroup (kernel G H h) G"
--- a/src/HOL/Algebra/Divisibility.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Divisibility.thy Tue Jan 16 09:30:00 2018 +0100
@@ -2106,7 +2106,7 @@
qed
-\<comment>"A version using @{const factors}, more complicated"
+\<comment> \<open>A version using @{const factors}, more complicated\<close>
lemma (in factorial_monoid) factors_irreducible_prime:
assumes pirr: "irreducible G p"
and pcarr: "p \<in> carrier G"
--- a/src/HOL/Algebra/Group.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Group.thy Tue Jan 16 09:30:00 2018 +0100
@@ -26,7 +26,7 @@
definition
Units :: "_ => 'a set"
- \<comment>\<open>The set of invertible elements\<close>
+ \<comment> \<open>The set of invertible elements\<close>
where "Units G = {y. y \<in> carrier G \<and> (\<exists>x \<in> carrier G. x \<otimes>\<^bsub>G\<^esub> y = \<one>\<^bsub>G\<^esub> \<and> y \<otimes>\<^bsub>G\<^esub> x = \<one>\<^bsub>G\<^esub>)}"
consts
@@ -98,7 +98,7 @@
moreover from x y xinv yinv have "x \<otimes> (y \<otimes> y') \<otimes> x' = \<one>" by simp
moreover note x y
ultimately show ?thesis unfolding Units_def
- \<comment> "Must avoid premature use of \<open>hyp_subst_tac\<close>."
+ \<comment> \<open>Must avoid premature use of \<open>hyp_subst_tac\<close>.\<close>
apply (rule_tac CollectI)
apply (rule)
apply (fast)
--- a/src/HOL/Algebra/Ideal.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Ideal.thy Tue Jan 16 09:30:00 2018 +0100
@@ -828,7 +828,7 @@
subsection \<open>Derived Theorems\<close>
-\<comment>"A non-zero cring that has only the two trivial ideals is a field"
+\<comment> \<open>A non-zero cring that has only the two trivial ideals is a field\<close>
lemma (in cring) trivialideals_fieldI:
assumes carrnzero: "carrier R \<noteq> {\<zero>}"
and haveideals: "{I. ideal I R} = {{\<zero>}, carrier R}"
@@ -921,7 +921,7 @@
qed
qed (simp add: zeroideal oneideal)
-\<comment>"Jacobson Theorem 2.2"
+\<comment> \<open>Jacobson Theorem 2.2\<close>
lemma (in cring) trivialideals_eq_field:
assumes carrnzero: "carrier R \<noteq> {\<zero>}"
shows "({I. ideal I R} = {{\<zero>}, carrier R}) = field R"
--- a/src/HOL/Algebra/IntRing.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/IntRing.thy Tue Jan 16 09:30:00 2018 +0100
@@ -59,14 +59,14 @@
and "one \<Z> = 1"
and "pow \<Z> x n = x^n"
proof -
- \<comment> "Specification"
+ \<comment> \<open>Specification\<close>
show "monoid \<Z>" by standard auto
then interpret int: monoid \<Z> .
- \<comment> "Carrier"
+ \<comment> \<open>Carrier\<close>
show "carrier \<Z> = UNIV" by simp
- \<comment> "Operations"
+ \<comment> \<open>Operations\<close>
{ fix x y show "mult \<Z> x y = x * y" by simp }
show "one \<Z> = 1" by simp
show "pow \<Z> x n = x^n" by (induct n) simp_all
@@ -75,11 +75,11 @@
interpretation int: comm_monoid \<Z>
rewrites "finprod \<Z> f A = prod f A"
proof -
- \<comment> "Specification"
+ \<comment> \<open>Specification\<close>
show "comm_monoid \<Z>" by standard auto
then interpret int: comm_monoid \<Z> .
- \<comment> "Operations"
+ \<comment> \<open>Operations\<close>
{ fix x y have "mult \<Z> x y = x * y" by simp }
note mult = this
have one: "one \<Z> = 1" by simp
@@ -93,14 +93,14 @@
and int_add_eq: "add \<Z> x y = x + y"
and int_finsum_eq: "finsum \<Z> f A = sum f A"
proof -
- \<comment> "Specification"
+ \<comment> \<open>Specification\<close>
show "abelian_monoid \<Z>" by standard auto
then interpret int: abelian_monoid \<Z> .
- \<comment> "Carrier"
+ \<comment> \<open>Carrier\<close>
show "carrier \<Z> = UNIV" by simp
- \<comment> "Operations"
+ \<comment> \<open>Operations\<close>
{ fix x y show "add \<Z> x y = x + y" by simp }
note add = this
show zero: "zero \<Z> = 0"
@@ -121,7 +121,7 @@
and int_a_inv_eq: "a_inv \<Z> x = - x"
and int_a_minus_eq: "a_minus \<Z> x y = x - y"
proof -
- \<comment> "Specification"
+ \<comment> \<open>Specification\<close>
show "abelian_group \<Z>"
proof (rule abelian_groupI)
fix x
@@ -130,7 +130,7 @@
by simp arith
qed auto
then interpret int: abelian_group \<Z> .
- \<comment> "Operations"
+ \<comment> \<open>Operations\<close>
{ fix x y have "add \<Z> x y = x + y" by simp }
note add = this
have zero: "zero \<Z> = 0" by simp
--- a/src/HOL/Algebra/Lattice.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/Lattice.thy Tue Jan 16 09:30:00 2018 +0100
@@ -52,11 +52,11 @@
definition
LEAST_FP :: "('a, 'b) gorder_scheme \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> 'a" ("LFP\<index>") where
- "LEAST_FP L f = \<Sqinter>\<^bsub>L\<^esub> {u \<in> carrier L. f u \<sqsubseteq>\<^bsub>L\<^esub> u}" \<comment>\<open>least fixed point\<close>
+ "LEAST_FP L f = \<Sqinter>\<^bsub>L\<^esub> {u \<in> carrier L. f u \<sqsubseteq>\<^bsub>L\<^esub> u}" \<comment> \<open>least fixed point\<close>
definition
GREATEST_FP:: "('a, 'b) gorder_scheme \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> 'a" ("GFP\<index>") where
- "GREATEST_FP L f = \<Squnion>\<^bsub>L\<^esub> {u \<in> carrier L. u \<sqsubseteq>\<^bsub>L\<^esub> f u}" \<comment>\<open>greatest fixed point\<close>
+ "GREATEST_FP L f = \<Squnion>\<^bsub>L\<^esub> {u \<in> carrier L. u \<sqsubseteq>\<^bsub>L\<^esub> f u}" \<comment> \<open>greatest fixed point\<close>
subsection \<open>Dual operators\<close>
--- a/src/HOL/Algebra/QuotRing.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/QuotRing.thy Tue Jan 16 09:30:00 2018 +0100
@@ -84,28 +84,28 @@
text \<open>The quotient is a ring\<close>
lemma (in ideal) quotient_is_ring: "ring (R Quot I)"
apply (rule ringI)
- \<comment>\<open>abelian group\<close>
+ \<comment> \<open>abelian group\<close>
apply (rule comm_group_abelian_groupI)
apply (simp add: FactRing_def)
apply (rule a_factorgroup_is_comm_group[unfolded A_FactGroup_def'])
- \<comment>\<open>mult monoid\<close>
+ \<comment> \<open>mult monoid\<close>
apply (rule monoidI)
apply (simp_all add: FactRing_def A_RCOSETS_def RCOSETS_def
a_r_coset_def[symmetric])
- \<comment>\<open>mult closed\<close>
+ \<comment> \<open>mult closed\<close>
apply (clarify)
apply (simp add: rcoset_mult_add, fast)
- \<comment>\<open>mult \<open>one_closed\<close>\<close>
+ \<comment> \<open>mult \<open>one_closed\<close>\<close>
apply force
- \<comment>\<open>mult assoc\<close>
+ \<comment> \<open>mult assoc\<close>
apply clarify
apply (simp add: rcoset_mult_add m_assoc)
- \<comment>\<open>mult one\<close>
+ \<comment> \<open>mult one\<close>
apply clarify
apply (simp add: rcoset_mult_add)
apply clarify
apply (simp add: rcoset_mult_add)
- \<comment>\<open>distr\<close>
+ \<comment> \<open>distr\<close>
apply clarify
apply (simp add: rcoset_mult_add a_rcos_sum l_distr)
apply clarify
@@ -225,7 +225,7 @@
apply (simp add: FactRing_def A_RCOSETS_defs a_r_coset_def[symmetric], clarsimp)
apply (simp add: rcoset_mult_add) defer 1
proof (rule ccontr, simp)
- \<comment>\<open>Quotient is not empty\<close>
+ \<comment> \<open>Quotient is not empty\<close>
assume "\<zero>\<^bsub>R Quot I\<^esub> = \<one>\<^bsub>R Quot I\<^esub>"
then have II1: "I = I +> \<one>" by (simp add: FactRing_def)
from a_rcos_self[OF one_closed] have "\<one> \<in> I"
@@ -233,11 +233,11 @@
then have "I = carrier R" by (rule one_imp_carrier)
with I_notcarr show False by simp
next
- \<comment>\<open>Existence of Inverse\<close>
+ \<comment> \<open>Existence of Inverse\<close>
fix a
assume IanI: "I +> a \<noteq> I" and acarr: "a \<in> carrier R"
- \<comment>\<open>Helper ideal \<open>J\<close>\<close>
+ \<comment> \<open>Helper ideal \<open>J\<close>\<close>
define J :: "'a set" where "J = (carrier R #> a) <+> I"
have idealJ: "ideal J R"
apply (unfold J_def, rule add_ideals)
@@ -245,7 +245,7 @@
apply (rule is_ideal)
done
- \<comment>\<open>Showing @{term "J"} not smaller than @{term "I"}\<close>
+ \<comment> \<open>Showing @{term "J"} not smaller than @{term "I"}\<close>
have IinJ: "I \<subseteq> J"
proof (rule, simp add: J_def r_coset_def set_add_defs)
fix x
@@ -256,7 +256,7 @@
with Zcarr and xI show "\<exists>xa\<in>carrier R. \<exists>k\<in>I. x = xa \<otimes> a \<oplus> k" by fast
qed
- \<comment>\<open>Showing @{term "J \<noteq> I"}\<close>
+ \<comment> \<open>Showing @{term "J \<noteq> I"}\<close>
have anI: "a \<notin> I"
proof (rule ccontr, simp)
assume "a \<in> I"
@@ -274,7 +274,7 @@
from aJ and anI have JnI: "J \<noteq> I" by fast
- \<comment>\<open>Deducing @{term "J = carrier R"} because @{term "I"} is maximal\<close>
+ \<comment> \<open>Deducing @{term "J = carrier R"} because @{term "I"} is maximal\<close>
from idealJ and IinJ have "J = I \<or> J = carrier R"
proof (rule I_maximal, unfold J_def)
have "carrier R #> a \<subseteq> carrier R"
@@ -285,7 +285,7 @@
with JnI have Jcarr: "J = carrier R" by simp
- \<comment>\<open>Calculating an inverse for @{term "a"}\<close>
+ \<comment> \<open>Calculating an inverse for @{term "a"}\<close>
from one_closed[folded Jcarr]
have "\<exists>r\<in>carrier R. \<exists>i\<in>I. \<one> = r \<otimes> a \<oplus> i"
by (simp add: J_def r_coset_def set_add_defs)
@@ -294,7 +294,7 @@
from one and rcarr and acarr and iI[THEN a_Hcarr]
have rai1: "a \<otimes> r = \<ominus>i \<oplus> \<one>" by algebra
- \<comment>\<open>Lifting to cosets\<close>
+ \<comment> \<open>Lifting to cosets\<close>
from iI have "\<ominus>i \<oplus> \<one> \<in> I +> \<one>"
by (intro a_rcosI, simp, intro a_subset, simp)
with rai1 have "a \<otimes> r \<in> I +> \<one>" by simp
--- a/src/HOL/Algebra/RingHom.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Algebra/RingHom.thy Tue Jan 16 09:30:00 2018 +0100
@@ -102,7 +102,7 @@
subsection \<open>The Kernel of a Ring Homomorphism\<close>
-\<comment>"the kernel of a ring homomorphism is an ideal"
+\<comment> \<open>the kernel of a ring homomorphism is an ideal\<close>
lemma (in ring_hom_ring) kernel_is_ideal:
shows "ideal (a_kernel R S h) R"
apply (rule idealI)
--- a/src/HOL/Analysis/Brouwer_Fixpoint.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Brouwer_Fixpoint.thy Tue Jan 16 09:30:00 2018 +0100
@@ -130,7 +130,7 @@
lemma kuhn_counting_lemma:
fixes bnd compo compo' face S F
defines "nF s == card {f\<in>F. face f s \<and> compo' f}"
- assumes [simp, intro]: "finite F" \<comment> "faces" and [simp, intro]: "finite S" \<comment> "simplices"
+ assumes [simp, intro]: "finite F" \<comment> \<open>faces\<close> and [simp, intro]: "finite S" \<comment> \<open>simplices\<close>
and "\<And>f. f \<in> F \<Longrightarrow> bnd f \<Longrightarrow> card {s\<in>S. face f s} = 1"
and "\<And>f. f \<in> F \<Longrightarrow> \<not> bnd f \<Longrightarrow> card {s\<in>S. face f s} = 2"
and "\<And>s. s \<in> S \<Longrightarrow> compo s \<Longrightarrow> nF s = 1"
@@ -2572,7 +2572,7 @@
moreover have False if "1 < dd (x - a)"
using x that dd2 [of "x - a" 1] \<open>x \<noteq> a\<close> closure_affine_hull
by (auto simp: rel_frontier_def)
- ultimately have "dd (x - a) = 1" \<comment>\<open>similar to another proof above\<close>
+ ultimately have "dd (x - a) = 1" \<comment> \<open>similar to another proof above\<close>
by fastforce
with that show ?thesis
by (simp add: rel_frontier_def)
--- a/src/HOL/Analysis/Cauchy_Integral_Theorem.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Cauchy_Integral_Theorem.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6151,7 +6151,7 @@
apply (clarsimp simp del: divide_const_simps)
apply (metis add.commute dist_commute le_less_trans mem_ball real_gt_half_sum w)
done
- \<comment>\<open>Replacing @{term r} and the original (weak) premises\<close>
+ \<comment> \<open>Replacing @{term r} and the original (weak) premises\<close>
obtain r where "0 < r" and holfc: "f holomorphic_on cball z r" and w: "w \<in> ball z r"
apply (rule that [of "(r + dist w z) / 2"])
apply (simp_all add: fh')
--- a/src/HOL/Analysis/Complex_Transcendental.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Complex_Transcendental.thy Tue Jan 16 09:30:00 2018 +0100
@@ -2851,7 +2851,7 @@
lemma sin_Arcsin [simp]: "sin(Arcsin z) = z"
proof -
have "\<i>*z*2 + csqrt (1 - z\<^sup>2)*2 = 0 \<longleftrightarrow> (\<i>*z)*2 + csqrt (1 - z\<^sup>2)*2 = 0"
- by (simp add: algebra_simps) \<comment>\<open>Cancelling a factor of 2\<close>
+ by (simp add: algebra_simps) \<comment> \<open>Cancelling a factor of 2\<close>
moreover have "... \<longleftrightarrow> (\<i>*z) + csqrt (1 - z\<^sup>2) = 0"
by (metis Arcsin_body_lemma distrib_right no_zero_divisors zero_neq_numeral)
ultimately show ?thesis
@@ -3024,7 +3024,7 @@
lemma cos_Arccos [simp]: "cos(Arccos z) = z"
proof -
have "z*2 + \<i> * (2 * csqrt (1 - z\<^sup>2)) = 0 \<longleftrightarrow> z*2 + \<i> * csqrt (1 - z\<^sup>2)*2 = 0"
- by (simp add: algebra_simps) \<comment>\<open>Cancelling a factor of 2\<close>
+ by (simp add: algebra_simps) \<comment> \<open>Cancelling a factor of 2\<close>
moreover have "... \<longleftrightarrow> z + \<i> * csqrt (1 - z\<^sup>2) = 0"
by (metis distrib_right mult_eq_0_iff zero_neq_numeral)
ultimately show ?thesis
--- a/src/HOL/Analysis/Conformal_Mappings.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Conformal_Mappings.thy Tue Jan 16 09:30:00 2018 +0100
@@ -980,7 +980,7 @@
proof -
have f0: "(f \<longlongrightarrow> 0) at_infinity"
proof -
- have DIM_complex[intro]: "2 \<le> DIM(complex)" \<comment>\<open>should not be necessary!\<close>
+ have DIM_complex[intro]: "2 \<le> DIM(complex)" \<comment> \<open>should not be necessary!\<close>
by simp
have "continuous_on (inverse ` (ball 0 r - {0})) f"
using continuous_on_subset holf holomorphic_on_imp_continuous_on by blast
--- a/src/HOL/Analysis/Improper_Integral.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Improper_Integral.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1501,7 +1501,7 @@
using bounded_integrals_over_subintervals [OF int_gab] unfolding bounded_pos real_norm_def by blast
show "(\<lambda>x. f x \<bullet> j) absolutely_integrable_on cbox a b"
using g
- proof \<comment>\<open>A lot of duplication in the two proofs\<close>
+ proof \<comment> \<open>A lot of duplication in the two proofs\<close>
assume fg [rule_format]: "\<forall>x\<in>cbox a b. f x \<bullet> j \<le> g x"
have "(\<lambda>x. (f x \<bullet> j)) = (\<lambda>x. g x - (g x - (f x \<bullet> j)))"
by simp
--- a/src/HOL/Analysis/Linear_Algebra.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Linear_Algebra.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1726,7 +1726,7 @@
apply auto
done
-lemma approachable_lt_le2: \<comment>\<open>like the above, but pushes aside an extra formula\<close>
+lemma approachable_lt_le2: \<comment> \<open>like the above, but pushes aside an extra formula\<close>
"(\<exists>(d::real) > 0. \<forall>x. Q x \<longrightarrow> f x < d \<longrightarrow> P x) \<longleftrightarrow> (\<exists>d>0. \<forall>x. f x \<le> d \<longrightarrow> Q x \<longrightarrow> P x)"
apply auto
apply (rule_tac x="d/2" in exI, auto)
--- a/src/HOL/Analysis/Path_Connected.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Path_Connected.thy Tue Jan 16 09:30:00 2018 +0100
@@ -2078,7 +2078,7 @@
}
then have pcx: "path_component (- s) x (a + C *\<^sub>R (x - a))"
by (force simp: closed_segment_def intro!: path_connected_linepath)
- define D where "D = B / norm(y - a)" \<comment>\<open>massive duplication with the proof above\<close>
+ define D where "D = B / norm(y - a)" \<comment> \<open>massive duplication with the proof above\<close>
{ fix u
assume u: "(1 - u) *\<^sub>R y + u *\<^sub>R (a + D *\<^sub>R (y - a)) \<in> s" and "0 \<le> u" "u \<le> 1"
have DD: "1 \<le> 1 + (D - 1) * u"
--- a/src/HOL/Analysis/Starlike.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Starlike.thy Tue Jan 16 09:30:00 2018 +0100
@@ -3795,7 +3795,7 @@
{ fix u v x
assume uv: "sum u t = 1" "\<forall>x\<in>s. 0 \<le> v x" "sum v s = 1"
"(\<Sum>x\<in>s. v x *\<^sub>R x) = (\<Sum>v\<in>t. u v *\<^sub>R v)" "x \<in> t"
- then have s: "s = (s - t) \<union> t" \<comment>\<open>split into separate cases\<close>
+ then have s: "s = (s - t) \<union> t" \<comment> \<open>split into separate cases\<close>
using assms by auto
have [simp]: "(\<Sum>x\<in>t. v x *\<^sub>R x) + (\<Sum>x\<in>s - t. v x *\<^sub>R x) = (\<Sum>x\<in>t. u x *\<^sub>R x)"
"sum v t + sum v (s - t) = 1"
@@ -3913,7 +3913,7 @@
using assms by (simp add: aff_independent_finite)
{ fix a b and d::real
assume ab: "a \<in> s" "b \<in> s" "a \<noteq> b"
- then have s: "s = (s - {a,b}) \<union> {a,b}" \<comment>\<open>split into separate cases\<close>
+ then have s: "s = (s - {a,b}) \<union> {a,b}" \<comment> \<open>split into separate cases\<close>
by auto
have "(\<Sum>x\<in>s. if x = a then - d else if x = b then d else 0) = 0"
"(\<Sum>x\<in>s. (if x = a then - d else if x = b then d else 0) *\<^sub>R x) = d *\<^sub>R b - d *\<^sub>R a"
--- a/src/HOL/Analysis/Tagged_Division.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Tagged_Division.thy Tue Jan 16 09:30:00 2018 +0100
@@ -2353,10 +2353,10 @@
have realff: "(real w) * 2^m < (real v) * 2^n \<longleftrightarrow> w * 2^m < v * 2^n" for m n v w
using of_nat_less_iff less_imp_of_nat_less by fastforce
have *: "\<forall>v w. ?K0(m,v) \<subseteq> ?K0(n,w) \<or> ?K0(n,w) \<subseteq> ?K0(m,v) \<or> interior(?K0(m,v)) \<inter> interior(?K0(n,w)) = {}"
- for m n \<comment>\<open>The symmetry argument requires a single HOL formula\<close>
+ for m n \<comment> \<open>The symmetry argument requires a single HOL formula\<close>
proof (rule linorder_wlog [where a=m and b=n], intro allI impI)
fix v w m and n::nat
- assume "m \<le> n" \<comment>\<open>WLOG we can assume @{term"m \<le> n"}, when the first disjunct becomes impossible\<close>
+ assume "m \<le> n" \<comment> \<open>WLOG we can assume @{term"m \<le> n"}, when the first disjunct becomes impossible\<close>
have "?K0(n,w) \<subseteq> ?K0(m,v) \<or> interior(?K0(m,v)) \<inter> interior(?K0(n,w)) = {}"
apply (simp add: subset_box disjoint_interval)
apply (rule ccontr)
--- a/src/HOL/Analysis/Topology_Euclidean_Space.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Analysis/Topology_Euclidean_Space.thy Tue Jan 16 09:30:00 2018 +0100
@@ -4387,7 +4387,7 @@
"compact (s :: 'a::metric_space set) \<longleftrightarrow> seq_compact s"
using compact_imp_seq_compact seq_compact_imp_heine_borel by blast
-lemma compact_def: \<comment>\<open>this is the definition of compactness in HOL Light\<close>
+lemma compact_def: \<comment> \<open>this is the definition of compactness in HOL Light\<close>
"compact (S :: 'a::metric_space set) \<longleftrightarrow>
(\<forall>f. (\<forall>n. f n \<in> S) \<longrightarrow> (\<exists>l\<in>S. \<exists>r::nat\<Rightarrow>nat. strict_mono r \<and> (f \<circ> r) \<longlonglongrightarrow> l))"
unfolding compact_eq_seq_compact_metric seq_compact_def by auto
@@ -5036,7 +5036,7 @@
lemma Lim_trivial_limit: "trivial_limit net \<Longrightarrow> (f \<longlongrightarrow> l) net"
by simp
-lemmas continuous_on = continuous_on_def \<comment> "legacy theorem name"
+lemmas continuous_on = continuous_on_def \<comment> \<open>legacy theorem name\<close>
lemma continuous_within_subset:
"continuous (at x within s) f \<Longrightarrow> t \<subseteq> s \<Longrightarrow> continuous (at x within t) f"
--- a/src/HOL/Auth/CertifiedEmail.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/CertifiedEmail.thy Tue Jan 16 09:30:00 2018 +0100
@@ -31,20 +31,20 @@
inductive_set certified_mail :: "event list set"
where
- Nil: \<comment>\<open>The empty trace\<close>
+ Nil: \<comment> \<open>The empty trace\<close>
"[] \<in> certified_mail"
-| Fake: \<comment>\<open>The Spy may say anything he can say. The sender field is correct,
+| Fake: \<comment> \<open>The Spy may say anything he can say. The sender field is correct,
but agents don't use that information.\<close>
"[| evsf \<in> certified_mail; X \<in> synth(analz(spies evsf))|]
==> Says Spy B X # evsf \<in> certified_mail"
-| FakeSSL: \<comment>\<open>The Spy may open SSL sessions with TTP, who is the only agent
+| FakeSSL: \<comment> \<open>The Spy may open SSL sessions with TTP, who is the only agent
equipped with the necessary credentials to serve as an SSL server.\<close>
"[| evsfssl \<in> certified_mail; X \<in> synth(analz(spies evsfssl))|]
==> Notes TTP \<lbrace>Agent Spy, Agent TTP, X\<rbrace> # evsfssl \<in> certified_mail"
-| CM1: \<comment>\<open>The sender approaches the recipient. The message is a number.\<close>
+| CM1: \<comment> \<open>The sender approaches the recipient. The message is a number.\<close>
"[|evs1 \<in> certified_mail;
Key K \<notin> used evs1;
K \<in> symKeys;
@@ -55,7 +55,7 @@
Number cleartext, Nonce q, S2TTP\<rbrace> # evs1
\<in> certified_mail"
-| CM2: \<comment>\<open>The recipient records @{term S2TTP} while transmitting it and her
+| CM2: \<comment> \<open>The recipient records @{term S2TTP} while transmitting it and her
password to @{term TTP} over an SSL channel.\<close>
"[|evs2 \<in> certified_mail;
Gets R \<lbrace>Agent S, Agent TTP, em, Number BothAuth, Number cleartext,
@@ -66,7 +66,7 @@
Notes TTP \<lbrace>Agent R, Agent TTP, S2TTP, Key(RPwd R), hr\<rbrace> # evs2
\<in> certified_mail"
-| CM3: \<comment>\<open>@{term TTP} simultaneously reveals the key to the recipient and gives
+| CM3: \<comment> \<open>@{term TTP} simultaneously reveals the key to the recipient and gives
a receipt to the sender. The SSL channel does not authenticate
the client (@{term R}), but @{term TTP} accepts the message only
if the given password is that of the claimed sender, @{term R}.
--- a/src/HOL/Auth/Event.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Event.thy Tue Jan 16 09:30:00 2018 +0100
@@ -72,7 +72,7 @@
Says A B X => parts {X} \<union> used evs
| Gets A X => used evs
| Notes A X => parts {X} \<union> used evs)"
- \<comment>\<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
+ \<comment> \<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
follows @{term Says} in real protocols. Seems difficult to change.
See \<open>Gets_correct\<close> in theory \<open>Guard/Extensions.thy\<close>.\<close>
--- a/src/HOL/Auth/KerberosIV.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/KerberosIV.thy Tue Jan 16 09:30:00 2018 +0100
@@ -18,7 +18,7 @@
axiomatization where
Tgs_not_bad [iff]: "Tgs \<notin> bad"
- \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
+ \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
definition
(* authKeys are those contained in an authTicket *)
@@ -1343,7 +1343,7 @@
apply (erule rev_mp)
apply (erule kerbIV.induct)
apply (rule_tac [9] impI)+
- \<comment>\<open>The Oops1 case is unusual: must simplify
+ \<comment> \<open>The Oops1 case is unusual: must simplify
@{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
\<open>analz_mono_contra\<close> weaken it to
@{term "Authkey \<notin> analz (spies evs)"},
--- a/src/HOL/Auth/KerberosIV_Gets.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/KerberosIV_Gets.thy Tue Jan 16 09:30:00 2018 +0100
@@ -18,7 +18,7 @@
axiomatization where
Tgs_not_bad [iff]: "Tgs \<notin> bad"
- \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
+ \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
definition
(* authKeys are those contained in an authTicket *)
@@ -1057,7 +1057,7 @@
add: analz_image_freshK_simps AKcryptSK_Says shrK_not_AKcryptSK
Oops2_not_AKcryptSK Auth_fresh_not_AKcryptSK
Serv_fresh_not_AKcryptSK Says_Tgs_AKcryptSK Spy_analz_shrK)
- \<comment>\<open>18 seconds on a 1.8GHz machine??\<close>
+ \<comment> \<open>18 seconds on a 1.8GHz machine??\<close>
txt\<open>Fake\<close>
apply spy_analz
txt\<open>Reception\<close>
@@ -1211,7 +1211,7 @@
apply (erule rev_mp)
apply (erule kerbIV_gets.induct)
apply (rule_tac [10] impI)+
- \<comment>\<open>The Oops1 case is unusual: must simplify
+ \<comment> \<open>The Oops1 case is unusual: must simplify
@{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
\<open>analz_mono_contra\<close> weaken it to
@{term "Authkey \<notin> analz (spies evs)"},
--- a/src/HOL/Auth/KerberosV.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/KerberosV.thy Tue Jan 16 09:30:00 2018 +0100
@@ -19,7 +19,7 @@
axiomatization where
Tgs_not_bad [iff]: "Tgs \<notin> bad"
- \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
+ \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
definition
(* authKeys are those contained in an authTicket *)
@@ -1062,7 +1062,7 @@
apply (erule rev_mp)
apply (erule kerbV.induct)
apply (rule_tac [9] impI)+
- \<comment>\<open>The Oops1 case is unusual: must simplify
+ \<comment> \<open>The Oops1 case is unusual: must simplify
@{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
\<open>analz_mono_contra\<close> weaken it to
@{term "Authkey \<notin> analz (spies evs)"},
--- a/src/HOL/Auth/Message.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Message.thy Tue Jan 16 09:30:00 2018 +0100
@@ -20,8 +20,8 @@
key = nat
consts
- all_symmetric :: bool \<comment>\<open>true if all keys are symmetric\<close>
- invKey :: "key=>key" \<comment>\<open>inverse of a symmetric key\<close>
+ all_symmetric :: bool \<comment> \<open>true if all keys are symmetric\<close>
+ invKey :: "key=>key" \<comment> \<open>inverse of a symmetric key\<close>
specification (invKey)
invKey [simp]: "invKey (invKey K) = K"
@@ -35,17 +35,17 @@
definition symKeys :: "key set" where
"symKeys == {K. invKey K = K}"
-datatype \<comment>\<open>We allow any number of friendly agents\<close>
+datatype \<comment> \<open>We allow any number of friendly agents\<close>
agent = Server | Friend nat | Spy
datatype
- msg = Agent agent \<comment>\<open>Agent names\<close>
- | Number nat \<comment>\<open>Ordinary integers, timestamps, ...\<close>
- | Nonce nat \<comment>\<open>Unguessable nonces\<close>
- | Key key \<comment>\<open>Crypto keys\<close>
- | Hash msg \<comment>\<open>Hashing\<close>
- | MPair msg msg \<comment>\<open>Compound messages\<close>
- | Crypt key msg \<comment>\<open>Encryption, public- or shared-key\<close>
+ msg = Agent agent \<comment> \<open>Agent names\<close>
+ | Number nat \<comment> \<open>Ordinary integers, timestamps, ...\<close>
+ | Nonce nat \<comment> \<open>Unguessable nonces\<close>
+ | Key key \<comment> \<open>Crypto keys\<close>
+ | Hash msg \<comment> \<open>Hashing\<close>
+ | MPair msg msg \<comment> \<open>Compound messages\<close>
+ | Crypt key msg \<comment> \<open>Encryption, public- or shared-key\<close>
text\<open>Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...\<close>
@@ -57,11 +57,11 @@
definition HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) where
- \<comment>\<open>Message Y paired with a MAC computed with the help of X\<close>
+ \<comment> \<open>Message Y paired with a MAC computed with the help of X\<close>
"Hash[X] Y == \<lbrace>Hash\<lbrace>X,Y\<rbrace>, Y\<rbrace>"
definition keysFor :: "msg set => key set" where
- \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
+ \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
"keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
@@ -317,7 +317,7 @@
by simp (metis Suc_n_not_le_n)
next
case (MPair X Y)
- then show ?case \<comment>\<open>metis works out the necessary sum itself!\<close>
+ then show ?case \<comment> \<open>metis works out the necessary sum itself!\<close>
by (simp add: parts_insert2) (metis le_trans nat_le_linear)
qed auto
--- a/src/HOL/Auth/OtwayRees.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/OtwayRees.thy Tue Jan 16 09:30:00 2018 +0100
@@ -196,7 +196,7 @@
apply (erule rev_mp)
apply (erule rev_mp)
apply (erule otway.induct, simp_all)
-apply blast+ \<comment>\<open>OR3 and OR4\<close>
+apply blast+ \<comment> \<open>OR3 and OR4\<close>
done
@@ -259,11 +259,11 @@
Crypt (shrK B) \<lbrace>NB, Key K\<rbrace>\<rbrace> \<in> set evs)"
apply (erule otway.induct, force,
drule_tac [4] OR2_parts_knows_Spy, simp_all, blast)
- subgoal \<comment>\<open>OR1: by freshness\<close>
+ subgoal \<comment> \<open>OR1: by freshness\<close>
by blast
- subgoal \<comment>\<open>OR3\<close>
+ subgoal \<comment> \<open>OR3\<close>
by (blast dest!: no_nonce_OR1_OR2 intro: unique_NA)
- subgoal \<comment>\<open>OR4\<close>
+ subgoal \<comment> \<open>OR4\<close>
by (blast intro!: Crypt_imp_OR1)
done
@@ -296,15 +296,15 @@
Notes Spy \<lbrace>NA, NB, Key K\<rbrace> \<notin> set evs -->
Key K \<notin> analz (knows Spy evs)"
apply (erule otway.induct, force, simp_all)
- subgoal \<comment>\<open>Fake\<close>
+ subgoal \<comment> \<open>Fake\<close>
by spy_analz
- subgoal \<comment>\<open>OR2\<close>
+ subgoal \<comment> \<open>OR2\<close>
by (drule OR2_analz_knows_Spy) (auto simp: analz_insert_eq)
- subgoal \<comment>\<open>OR3\<close>
+ subgoal \<comment> \<open>OR3\<close>
by (auto simp add: analz_insert_freshK pushes)
- subgoal \<comment>\<open>OR4\<close>
+ subgoal \<comment> \<open>OR4\<close>
by (drule OR4_analz_knows_Spy) (auto simp: analz_insert_eq)
- subgoal \<comment>\<open>Oops\<close>
+ subgoal \<comment> \<open>Oops\<close>
by (auto simp add: Says_Server_message_form analz_insert_freshK unique_session_keys)
done
@@ -372,7 +372,7 @@
apply (erule rev_mp, erule rev_mp)
apply (erule otway.induct, force,
drule_tac [4] OR2_parts_knows_Spy, simp_all)
-apply blast+ \<comment>\<open>Fake, OR2\<close>
+apply blast+ \<comment> \<open>Fake, OR2\<close>
done
text\<open>If the encrypted message appears, and B has used Nonce NB,
@@ -390,13 +390,13 @@
\<in> set evs)"
apply simp
apply (erule otway.induct, force, simp_all)
- subgoal \<comment>\<open>Fake\<close>
+ subgoal \<comment> \<open>Fake\<close>
by blast
- subgoal \<comment>\<open>OR2\<close>
+ subgoal \<comment> \<open>OR2\<close>
by (force dest!: OR2_parts_knows_Spy)
- subgoal \<comment>\<open>OR3\<close>
- by (blast dest: unique_NB dest!: no_nonce_OR1_OR2) \<comment>\<open>OR3\<close>
- subgoal \<comment>\<open>OR4\<close>
+ subgoal \<comment> \<open>OR3\<close>
+ by (blast dest: unique_NB dest!: no_nonce_OR1_OR2) \<comment> \<open>OR3\<close>
+ subgoal \<comment> \<open>OR4\<close>
by (blast dest!: Crypt_imp_OR2)
done
--- a/src/HOL/Auth/OtwayRees_AN.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/OtwayRees_AN.thy Tue Jan 16 09:30:00 2018 +0100
@@ -23,31 +23,31 @@
inductive_set otway :: "event list set"
where
- Nil: \<comment>\<open>The empty trace\<close>
+ Nil: \<comment> \<open>The empty trace\<close>
"[] \<in> otway"
- | Fake: \<comment>\<open>The Spy may say anything he can say. The sender field is correct,
+ | Fake: \<comment> \<open>The Spy may say anything he can say. The sender field is correct,
but agents don't use that information.\<close>
"[| evsf \<in> otway; X \<in> synth (analz (knows Spy evsf)) |]
==> Says Spy B X # evsf \<in> otway"
- | Reception: \<comment>\<open>A message that has been sent can be received by the
+ | Reception: \<comment> \<open>A message that has been sent can be received by the
intended recipient.\<close>
"[| evsr \<in> otway; Says A B X \<in>set evsr |]
==> Gets B X # evsr \<in> otway"
- | OR1: \<comment>\<open>Alice initiates a protocol run\<close>
+ | OR1: \<comment> \<open>Alice initiates a protocol run\<close>
"evs1 \<in> otway
==> Says A B \<lbrace>Agent A, Agent B, Nonce NA\<rbrace> # evs1 \<in> otway"
- | OR2: \<comment>\<open>Bob's response to Alice's message.\<close>
+ | OR2: \<comment> \<open>Bob's response to Alice's message.\<close>
"[| evs2 \<in> otway;
Gets B \<lbrace>Agent A, Agent B, Nonce NA\<rbrace> \<in>set evs2 |]
==> Says B Server \<lbrace>Agent A, Agent B, Nonce NA, Nonce NB\<rbrace>
# evs2 \<in> otway"
- | OR3: \<comment>\<open>The Server receives Bob's message. Then he sends a new
+ | OR3: \<comment> \<open>The Server receives Bob's message. Then he sends a new
session key to Bob with a packet for forwarding to Alice.\<close>
"[| evs3 \<in> otway; Key KAB \<notin> used evs3;
Gets Server \<lbrace>Agent A, Agent B, Nonce NA, Nonce NB\<rbrace>
@@ -57,7 +57,7 @@
Crypt (shrK B) \<lbrace>Nonce NB, Agent A, Agent B, Key KAB\<rbrace>\<rbrace>
# evs3 \<in> otway"
- | OR4: \<comment>\<open>Bob receives the Server's (?) message and compares the Nonces with
+ | OR4: \<comment> \<open>Bob receives the Server's (?) message and compares the Nonces with
those in the message he previously sent the Server.
Need @{term "B \<noteq> Server"} because we allow messages to self.\<close>
"[| evs4 \<in> otway; B \<noteq> Server;
@@ -66,7 +66,7 @@
\<in>set evs4 |]
==> Says B A X # evs4 \<in> otway"
- | Oops: \<comment>\<open>This message models possible leaks of session keys. The nonces
+ | Oops: \<comment> \<open>This message models possible leaks of session keys. The nonces
identify the protocol run.\<close>
"[| evso \<in> otway;
Says Server B
@@ -185,7 +185,7 @@
evs \<in> otway |]
==> A=A' & B=B' & NA=NA' & NB=NB'"
apply (erule rev_mp, erule rev_mp, erule otway.induct, simp_all)
-apply blast+ \<comment>\<open>OR3 and OR4\<close>
+apply blast+ \<comment> \<open>OR3 and OR4\<close>
done
@@ -201,7 +201,7 @@
\<in> set evs)"
apply (erule otway.induct, force)
apply (simp_all add: ex_disj_distrib)
-apply blast+ \<comment>\<open>Fake, OR3\<close>
+apply blast+ \<comment> \<open>Fake, OR3\<close>
done
@@ -232,8 +232,8 @@
apply (frule_tac [7] Says_Server_message_form)
apply (drule_tac [6] OR4_analz_knows_Spy)
apply (simp_all add: analz_insert_eq analz_insert_freshK pushes)
-apply spy_analz \<comment>\<open>Fake\<close>
-apply (blast dest: unique_session_keys)+ \<comment>\<open>OR3, OR4, Oops\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply (blast dest: unique_session_keys)+ \<comment> \<open>OR3, OR4, Oops\<close>
done
@@ -270,7 +270,7 @@
Crypt (shrK B) \<lbrace>NB, Agent A, Agent B, Key K\<rbrace>\<rbrace>
\<in> set evs)"
apply (erule otway.induct, force, simp_all add: ex_disj_distrib)
-apply blast+ \<comment>\<open>Fake, OR3\<close>
+apply blast+ \<comment> \<open>Fake, OR3\<close>
done
--- a/src/HOL/Auth/OtwayRees_Bad.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/OtwayRees_Bad.thy Tue Jan 16 09:30:00 2018 +0100
@@ -20,27 +20,27 @@
inductive_set otway :: "event list set"
where
- Nil: \<comment>\<open>The empty trace\<close>
+ Nil: \<comment> \<open>The empty trace\<close>
"[] \<in> otway"
- | Fake: \<comment>\<open>The Spy may say anything he can say. The sender field is correct,
+ | Fake: \<comment> \<open>The Spy may say anything he can say. The sender field is correct,
but agents don't use that information.\<close>
"[| evsf \<in> otway; X \<in> synth (analz (knows Spy evsf)) |]
==> Says Spy B X # evsf \<in> otway"
- | Reception: \<comment>\<open>A message that has been sent can be received by the
+ | Reception: \<comment> \<open>A message that has been sent can be received by the
intended recipient.\<close>
"[| evsr \<in> otway; Says A B X \<in>set evsr |]
==> Gets B X # evsr \<in> otway"
- | OR1: \<comment>\<open>Alice initiates a protocol run\<close>
+ | OR1: \<comment> \<open>Alice initiates a protocol run\<close>
"[| evs1 \<in> otway; Nonce NA \<notin> used evs1 |]
==> Says A B \<lbrace>Nonce NA, Agent A, Agent B,
Crypt (shrK A) \<lbrace>Nonce NA, Agent A, Agent B\<rbrace>\<rbrace>
# evs1 \<in> otway"
- | OR2: \<comment>\<open>Bob's response to Alice's message.
+ | OR2: \<comment> \<open>Bob's response to Alice's message.
This variant of the protocol does NOT encrypt NB.\<close>
"[| evs2 \<in> otway; Nonce NB \<notin> used evs2;
Gets B \<lbrace>Nonce NA, Agent A, Agent B, X\<rbrace> \<in> set evs2 |]
@@ -49,7 +49,7 @@
Crypt (shrK B) \<lbrace>Nonce NA, Agent A, Agent B\<rbrace>\<rbrace>
# evs2 \<in> otway"
- | OR3: \<comment>\<open>The Server receives Bob's message and checks that the three NAs
+ | OR3: \<comment> \<open>The Server receives Bob's message and checks that the three NAs
match. Then he sends a new session key to Bob with a packet for
forwarding to Alice.\<close>
"[| evs3 \<in> otway; Key KAB \<notin> used evs3;
@@ -65,7 +65,7 @@
Crypt (shrK B) \<lbrace>Nonce NB, Key KAB\<rbrace>\<rbrace>
# evs3 \<in> otway"
- | OR4: \<comment>\<open>Bob receives the Server's (?) message and compares the Nonces with
+ | OR4: \<comment> \<open>Bob receives the Server's (?) message and compares the Nonces with
those in the message he previously sent the Server.
Need @{term "B \<noteq> Server"} because we allow messages to self.\<close>
"[| evs4 \<in> otway; B \<noteq> Server;
@@ -76,7 +76,7 @@
\<in> set evs4 |]
==> Says B A \<lbrace>Nonce NA, X\<rbrace> # evs4 \<in> otway"
- | Oops: \<comment>\<open>This message models possible leaks of session keys. The nonces
+ | Oops: \<comment> \<open>This message models possible leaks of session keys. The nonces
identify the protocol run.\<close>
"[| evso \<in> otway;
Says Server B \<lbrace>Nonce NA, X, Crypt (shrK B) \<lbrace>Nonce NB, Key K\<rbrace>\<rbrace>
@@ -202,7 +202,7 @@
apply (erule rev_mp)
apply (erule rev_mp)
apply (erule otway.induct, simp_all)
-apply blast+ \<comment>\<open>OR3 and OR4\<close>
+apply blast+ \<comment> \<open>OR3 and OR4\<close>
done
@@ -221,8 +221,8 @@
apply (drule_tac [6] OR4_analz_knows_Spy)
apply (drule_tac [4] OR2_analz_knows_Spy)
apply (simp_all add: analz_insert_eq analz_insert_freshK pushes)
-apply spy_analz \<comment>\<open>Fake\<close>
-apply (blast dest: unique_session_keys)+ \<comment>\<open>OR3, OR4, Oops\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply (blast dest: unique_session_keys)+ \<comment> \<open>OR3, OR4, Oops\<close>
done
@@ -266,11 +266,11 @@
Crypt (shrK B) \<lbrace>NB, Key K\<rbrace>\<rbrace> \<in> set evs)"
apply (erule otway.induct, force,
drule_tac [4] OR2_parts_knows_Spy, simp_all)
-apply blast \<comment>\<open>Fake\<close>
-apply blast \<comment>\<open>OR1: it cannot be a new Nonce, contradiction.\<close>
+apply blast \<comment> \<open>Fake\<close>
+apply blast \<comment> \<open>OR1: it cannot be a new Nonce, contradiction.\<close>
txt\<open>OR3 and OR4\<close>
apply (simp_all add: ex_disj_distrib)
- prefer 2 apply (blast intro!: Crypt_imp_OR1) \<comment>\<open>OR4\<close>
+ prefer 2 apply (blast intro!: Crypt_imp_OR1) \<comment> \<open>OR4\<close>
txt\<open>OR3\<close>
apply clarify
(*The hypotheses at this point suggest an attack in which nonce NB is used
--- a/src/HOL/Auth/Public.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Public.thy Tue Jan 16 09:30:00 2018 +0100
@@ -132,17 +132,17 @@
are symmetric.\<close>
consts
- shrK :: "agent => key" \<comment>\<open>long-term shared keys\<close>
+ shrK :: "agent => key" \<comment> \<open>long-term shared keys\<close>
specification (shrK)
inj_shrK: "inj shrK"
- \<comment>\<open>No two agents have the same long-term key\<close>
+ \<comment> \<open>No two agents have the same long-term key\<close>
apply (rule exI [of _ "case_agent 0 (\<lambda>n. n + 2) 1"])
apply (simp add: inj_on_def split: agent.split)
done
axiomatization where
- sym_shrK [iff]: "shrK X \<in> symKeys" \<comment>\<open>All shared keys are symmetric\<close>
+ sym_shrK [iff]: "shrK X \<in> symKeys" \<comment> \<open>All shared keys are symmetric\<close>
text\<open>Injectiveness: Agents' long-term keys are distinct.\<close>
lemmas shrK_injective = inj_shrK [THEN inj_eq]
@@ -394,7 +394,7 @@
by (blast intro: analz_mono [THEN [2] rev_subsetD])
lemmas analz_image_freshK_simps =
- simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
+ simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
disj_comms
image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
analz_insert_eq Un_upper2 [THEN analz_mono, THEN subsetD]
--- a/src/HOL/Auth/Shared.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Shared.thy Tue Jan 16 09:30:00 2018 +0100
@@ -16,7 +16,7 @@
specification (shrK)
inj_shrK: "inj shrK"
- \<comment>\<open>No two agents have the same long-term key\<close>
+ \<comment> \<open>No two agents have the same long-term key\<close>
apply (rule exI [of _ "case_agent 0 (\<lambda>n. n + 2) 1"])
apply (simp add: inj_on_def split: agent.split)
done
@@ -175,7 +175,7 @@
erase occurrences of forwarded message components (X). **)
lemmas analz_image_freshK_simps =
- simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
+ simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
disj_comms
image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
analz_insert_eq Un_upper2 [THEN analz_mono, THEN [2] rev_subsetD]
--- a/src/HOL/Auth/Smartcard/EventSC.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Smartcard/EventSC.thy Tue Jan 16 09:30:00 2018 +0100
@@ -95,7 +95,7 @@
| C_Gets C X => used evs
| Outpts C A X => parts{X} \<union> (used evs)
| A_Gets A X => used evs)"
- \<comment>\<open>@{term Gets} always follows @{term Says} in real protocols.
+ \<comment> \<open>@{term Gets} always follows @{term Says} in real protocols.
Likewise, @{term C_Gets} will always have to follow @{term Inputs}
and @{term A_Gets} will always have to follow @{term Outpts}\<close>
--- a/src/HOL/Auth/Smartcard/Smartcard.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Smartcard/Smartcard.thy Tue Jan 16 09:30:00 2018 +0100
@@ -25,9 +25,9 @@
Pairkey :: "agent * agent => nat" and
pairK :: "agent * agent => key"
where
- inj_shrK: "inj shrK" and \<comment>\<open>No two smartcards store the same key\<close>
- inj_crdK: "inj crdK" and \<comment>\<open>Nor do two cards\<close>
- inj_pin : "inj pin" and \<comment>\<open>Nor do two agents have the same pin\<close>
+ inj_shrK: "inj shrK" and \<comment> \<open>No two smartcards store the same key\<close>
+ inj_crdK: "inj crdK" and \<comment> \<open>Nor do two cards\<close>
+ inj_pin : "inj pin" and \<comment> \<open>Nor do two agents have the same pin\<close>
(*pairK is injective on each component, if we assume encryption to be a PRF
or at least collision free *)
@@ -340,7 +340,7 @@
erase occurrences of forwarded message components (X). **)
lemmas analz_image_freshK_simps =
- simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
+ simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
disj_comms
image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
analz_insert_eq Un_upper2 [THEN analz_mono, THEN [2] rev_subsetD]
--- a/src/HOL/Auth/TLS.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/TLS.thy Tue Jan 16 09:30:00 2018 +0100
@@ -72,14 +72,14 @@
specification (PRF)
inj_PRF: "inj PRF"
- \<comment>\<open>the pseudo-random function is collision-free\<close>
+ \<comment> \<open>the pseudo-random function is collision-free\<close>
apply (rule exI [of _ "%(x,y,z). prod_encode(x, prod_encode(y,z))"])
apply (simp add: inj_on_def prod_encode_eq)
done
specification (sessionK)
inj_sessionK: "inj sessionK"
- \<comment>\<open>sessionK is collision-free; also, no clientK clashes with any serverK.\<close>
+ \<comment> \<open>sessionK is collision-free; also, no clientK clashes with any serverK.\<close>
apply (rule exI [of _
"%((x,y,z), r). prod_encode(case_role 0 1 r,
prod_encode(x, prod_encode(y,z)))"])
@@ -87,25 +87,25 @@
done
axiomatization where
- \<comment>\<open>sessionK makes symmetric keys\<close>
+ \<comment> \<open>sessionK makes symmetric keys\<close>
isSym_sessionK: "sessionK nonces \<in> symKeys" and
- \<comment>\<open>sessionK never clashes with a long-term symmetric key
+ \<comment> \<open>sessionK never clashes with a long-term symmetric key
(they don't exist in TLS anyway)\<close>
sessionK_neq_shrK [iff]: "sessionK nonces \<noteq> shrK A"
inductive_set tls :: "event list set"
where
- Nil: \<comment>\<open>The initial, empty trace\<close>
+ Nil: \<comment> \<open>The initial, empty trace\<close>
"[] \<in> tls"
- | Fake: \<comment>\<open>The Spy may say anything he can say. The sender field is correct,
+ | Fake: \<comment> \<open>The Spy may say anything he can say. The sender field is correct,
but agents don't use that information.\<close>
"[| evsf \<in> tls; X \<in> synth (analz (spies evsf)) |]
==> Says Spy B X # evsf \<in> tls"
- | SpyKeys: \<comment>\<open>The spy may apply @{term PRF} and @{term sessionK}
+ | SpyKeys: \<comment> \<open>The spy may apply @{term PRF} and @{term sessionK}
to available nonces\<close>
"[| evsSK \<in> tls;
{Nonce NA, Nonce NB, Nonce M} <= analz (spies evsSK) |]
@@ -113,7 +113,7 @@
Key (sessionK((NA,NB,M),role))\<rbrace> # evsSK \<in> tls"
| ClientHello:
- \<comment>\<open>(7.4.1.2)
+ \<comment> \<open>(7.4.1.2)
PA represents \<open>CLIENT_VERSION\<close>, \<open>CIPHER_SUITES\<close> and \<open>COMPRESSION_METHODS\<close>.
It is uninterpreted but will be confirmed in the FINISHED messages.
NA is CLIENT RANDOM, while SID is \<open>SESSION_ID\<close>.
@@ -125,7 +125,7 @@
# evsCH \<in> tls"
| ServerHello:
- \<comment>\<open>7.4.1.3 of the TLS Internet-Draft
+ \<comment> \<open>7.4.1.3 of the TLS Internet-Draft
PB represents \<open>CLIENT_VERSION\<close>, \<open>CIPHER_SUITE\<close> and \<open>COMPRESSION_METHOD\<close>.
SERVER CERTIFICATE (7.4.2) is always present.
\<open>CERTIFICATE_REQUEST\<close> (7.4.4) is implied.\<close>
@@ -135,11 +135,11 @@
==> Says B A \<lbrace>Nonce NB, Number SID, Number PB\<rbrace> # evsSH \<in> tls"
| Certificate:
- \<comment>\<open>SERVER (7.4.2) or CLIENT (7.4.6) CERTIFICATE.\<close>
+ \<comment> \<open>SERVER (7.4.2) or CLIENT (7.4.6) CERTIFICATE.\<close>
"evsC \<in> tls ==> Says B A (certificate B (pubK B)) # evsC \<in> tls"
| ClientKeyExch:
- \<comment>\<open>CLIENT KEY EXCHANGE (7.4.7).
+ \<comment> \<open>CLIENT KEY EXCHANGE (7.4.7).
The client, A, chooses PMS, the PREMASTER SECRET.
She encrypts PMS using the supplied KB, which ought to be pubK B.
We assume @{term "PMS \<notin> range PRF"} because a clash betweem the PMS
@@ -154,7 +154,7 @@
# evsCX \<in> tls"
| CertVerify:
- \<comment>\<open>The optional Certificate Verify (7.4.8) message contains the
+ \<comment> \<open>The optional Certificate Verify (7.4.8) message contains the
specific components listed in the security analysis, F.1.1.2.
It adds the pre-master-secret, which is also essential!
Checking the signature, which is the only use of A's certificate,
@@ -165,12 +165,12 @@
==> Says A B (Crypt (priK A) (Hash\<lbrace>Nonce NB, Agent B, Nonce PMS\<rbrace>))
# evsCV \<in> tls"
- \<comment>\<open>Finally come the FINISHED messages (7.4.8), confirming PA and PB
+ \<comment> \<open>Finally come the FINISHED messages (7.4.8), confirming PA and PB
among other things. The master-secret is PRF(PMS,NA,NB).
Either party may send its message first.\<close>
| ClientFinished:
- \<comment>\<open>The occurrence of \<open>Notes A \<lbrace>Agent B, Nonce PMS\<rbrace>\<close> stops the
+ \<comment> \<open>The occurrence of \<open>Notes A \<lbrace>Agent B, Nonce PMS\<rbrace>\<close> stops the
rule's applying when the Spy has satisfied the \<open>Says A B\<close> by
repaying messages sent by the true client; in that case, the
Spy does not know PMS and could not send ClientFinished. One
@@ -189,7 +189,7 @@
# evsCF \<in> tls"
| ServerFinished:
- \<comment>\<open>Keeping A' and A'' distinct means B cannot even check that the
+ \<comment> \<open>Keeping A' and A'' distinct means B cannot even check that the
two messages originate from the same source.\<close>
"[| evsSF \<in> tls;
Says A' B \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>
@@ -204,7 +204,7 @@
# evsSF \<in> tls"
| ClientAccepts:
- \<comment>\<open>Having transmitted ClientFinished and received an identical
+ \<comment> \<open>Having transmitted ClientFinished and received an identical
message encrypted with serverK, the client stores the parameters
needed to resume this session. The "Notes A ..." premise is
used to prove \<open>Notes_master_imp_Crypt_PMS\<close>.\<close>
@@ -220,7 +220,7 @@
Notes A \<lbrace>Number SID, Agent A, Agent B, Nonce M\<rbrace> # evsCA \<in> tls"
| ServerAccepts:
- \<comment>\<open>Having transmitted ServerFinished and received an identical
+ \<comment> \<open>Having transmitted ServerFinished and received an identical
message encrypted with clientK, the server stores the parameters
needed to resume this session. The "Says A'' B ..." premise is
used to prove \<open>Notes_master_imp_Crypt_PMS\<close>.\<close>
@@ -237,7 +237,7 @@
Notes B \<lbrace>Number SID, Agent A, Agent B, Nonce M\<rbrace> # evsSA \<in> tls"
| ClientResume:
- \<comment>\<open>If A recalls the \<open>SESSION_ID\<close>, then she sends a FINISHED
+ \<comment> \<open>If A recalls the \<open>SESSION_ID\<close>, then she sends a FINISHED
message using the new nonces and stored MASTER SECRET.\<close>
"[| evsCR \<in> tls;
Says A B \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>: set evsCR;
@@ -250,7 +250,7 @@
# evsCR \<in> tls"
| ServerResume:
- \<comment>\<open>Resumption (7.3): If B finds the \<open>SESSION_ID\<close> then he can
+ \<comment> \<open>Resumption (7.3): If B finds the \<open>SESSION_ID\<close> then he can
send a FINISHED message using the recovered MASTER SECRET\<close>
"[| evsSR \<in> tls;
Says A' B \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>: set evsSR;
@@ -263,7 +263,7 @@
\<in> tls"
| Oops:
- \<comment>\<open>The most plausible compromise is of an old session key. Losing
+ \<comment> \<open>The most plausible compromise is of an old session key. Losing
the MASTER SECRET or PREMASTER SECRET is more serious but
rather unlikely. The assumption @{term "A\<noteq>Spy"} is essential:
otherwise the Spy could learn session keys merely by
--- a/src/HOL/Auth/Yahalom.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Yahalom.thy Tue Jan 16 09:30:00 2018 +0100
@@ -53,7 +53,7 @@
# evs3 \<in> yahalom"
| YM4:
- \<comment>\<open>Alice receives the Server's (?) message, checks her Nonce, and
+ \<comment> \<open>Alice receives the Server's (?) message, checks her Nonce, and
uses the new session key to send Bob his Nonce. The premise
@{term "A \<noteq> Server"} is needed for \<open>Says_Server_not_range\<close>.
Alice can check that K is symmetric by its length.\<close>
@@ -234,9 +234,9 @@
apply (erule yahalom.induct, force,
drule_tac [6] YM4_analz_knows_Spy)
apply (simp_all add: pushes analz_insert_eq analz_insert_freshK)
- subgoal \<comment>\<open>Fake\<close> by spy_analz
- subgoal \<comment>\<open>YM3\<close> by blast
- subgoal \<comment>\<open>Oops\<close> by (blast dest: unique_session_keys)
+ subgoal \<comment> \<open>Fake\<close> by spy_analz
+ subgoal \<comment> \<open>YM3\<close> by blast
+ subgoal \<comment> \<open>Oops\<close> by (blast dest: unique_session_keys)
done
text\<open>Final version\<close>
@@ -314,8 +314,8 @@
apply (erule yahalom.induct, force,
frule_tac [6] YM4_parts_knows_Spy)
apply (analz_mono_contra, simp_all)
- subgoal \<comment>\<open>Fake\<close> by blast
- subgoal \<comment>\<open>YM3\<close> by blast
+ subgoal \<comment> \<open>Fake\<close> by blast
+ subgoal \<comment> \<open>YM3\<close> by blast
txt\<open>YM4. A is uncompromised because NB is secure
A's certificate guarantees the existence of the Server message\<close>
apply (blast dest!: Gets_imp_Says Crypt_Spy_analz_bad
@@ -397,10 +397,10 @@
@{term Says_Server_KeyWithNonce}, we get @{prop "~ KeyWithNonce K NB
evs"}; then simplification can apply the induction hypothesis with
@{term "KK = {K}"}.\<close>
- subgoal \<comment>\<open>Fake\<close> by spy_analz
- subgoal \<comment>\<open>YM2\<close> by blast
- subgoal \<comment>\<open>YM3\<close> by blast
- subgoal \<comment>\<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
+ subgoal \<comment> \<open>Fake\<close> by spy_analz
+ subgoal \<comment> \<open>YM2\<close> by blast
+ subgoal \<comment> \<open>YM3\<close> by blast
+ subgoal \<comment> \<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
by (metis A_trusts_YM3 Gets_imp_analz_Spy Gets_imp_knows_Spy KeyWithNonce_def
Spy_analz_shrK analz.Fst analz.Snd analz_shrK_Decrypt parts.Fst parts.Inj)
done
@@ -484,13 +484,13 @@
frule_tac [6] YM4_analz_knows_Spy)
apply (simp_all add: split_ifs pushes new_keys_not_analzd analz_insert_eq
analz_insert_freshK)
- subgoal \<comment>\<open>Fake\<close> by spy_analz
- subgoal \<comment>\<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
- subgoal \<comment>\<open>YM2\<close> by blast
- subgoal \<comment>\<open>YM3: because no NB can also be an NA\<close>
+ subgoal \<comment> \<open>Fake\<close> by spy_analz
+ subgoal \<comment> \<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
+ subgoal \<comment> \<open>YM2\<close> by blast
+ subgoal \<comment> \<open>YM3: because no NB can also be an NA\<close>
by (blast dest!: no_nonce_YM1_YM2 dest: Gets_imp_Says Says_unique_NB)
- subgoal \<comment>\<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
- \<comment>\<open>Case analysis on whether Aa is bad;
+ subgoal \<comment> \<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
+ \<comment> \<open>Case analysis on whether Aa is bad;
use \<open>Says_unique_NB\<close> to identify message components: @{term "Aa=A"}, @{term "Ba=B"}\<close>
apply clarify
apply (blast dest!: Says_unique_NB analz_shrK_Decrypt
@@ -498,7 +498,7 @@
dest: Gets_imp_Says Says_imp_spies Says_Server_imp_YM2
Spy_not_see_encrypted_key)
done
- subgoal \<comment>\<open>Oops case: if the nonce is betrayed now, show that the Oops event is
+ subgoal \<comment> \<open>Oops case: if the nonce is betrayed now, show that the Oops event is
covered by the quantified Oops assumption.\<close>
apply clarsimp
apply (metis Says_Server_imp_YM2 Gets_imp_Says Says_Server_not_range Says_unique_NB no_nonce_YM1_YM2 parts.Snd single_Nonce_secrecy spies_partsEs(1))
@@ -596,10 +596,10 @@
apply (erule yahalom.induct, force,
frule_tac [6] YM4_parts_knows_Spy)
apply (analz_mono_contra, simp_all)
- subgoal \<comment>\<open>Fake\<close> by blast
- subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
+ subgoal \<comment> \<open>Fake\<close> by blast
+ subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
by (force dest!: Crypt_imp_keysFor)
- subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
+ subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
otherwise by unicity of session keys\<close>
by (blast dest!: Gets_imp_Says A_trusts_YM3 B_trusts_YM4_shrK Crypt_Spy_analz_bad
dest: Says_imp_knows_Spy [THEN parts.Inj] unique_session_keys)
--- a/src/HOL/Auth/Yahalom2.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Yahalom2.thy Tue Jan 16 09:30:00 2018 +0100
@@ -144,9 +144,9 @@
apply (erule rev_mp)
apply (erule yahalom.induct, force,
frule_tac [6] YM4_parts_knows_Spy, simp_all)
-subgoal \<comment>\<open>Fake\<close> by (force dest!: keysFor_parts_insert)
-subgoal \<comment>\<open>YM3 \<close>by blast
-subgoal \<comment>\<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj])
+subgoal \<comment> \<open>Fake\<close> by (force dest!: keysFor_parts_insert)
+subgoal \<comment> \<open>YM3\<close>by blast
+subgoal \<comment> \<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj])
done
@@ -400,10 +400,10 @@
apply (erule yahalom.induct, force,
frule_tac [6] YM4_parts_knows_Spy)
apply (analz_mono_contra, simp_all)
- subgoal \<comment>\<open>Fake\<close> by blast
- subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
+ subgoal \<comment> \<open>Fake\<close> by blast
+ subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
by (force dest!: Crypt_imp_keysFor)
- subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
+ subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
otherwise by unicity of session keys\<close>
by (blast dest!: B_trusts_YM4_shrK dest: secure_unique_session_keys)
done
--- a/src/HOL/Auth/ZhouGollmann.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/ZhouGollmann.thy Tue Jan 16 09:30:00 2018 +0100
@@ -21,7 +21,7 @@
definition broken :: "agent set" where
- \<comment>\<open>the compromised honest agents; TTP is included as it's not allowed to
+ \<comment> \<open>the compromised honest agents; TTP is included as it's not allowed to
use the protocol\<close>
"broken == bad - {Spy}"
--- a/src/HOL/Bali/AxSem.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/AxSem.thy Tue Jan 16 09:30:00 2018 +0100
@@ -36,7 +36,7 @@
\end{itemize}
\<close>
-type_synonym res = vals \<comment>\<open>result entry\<close>
+type_synonym res = vals \<comment> \<open>result entry\<close>
abbreviation (input)
Val where "Val x == In1 x"
@@ -57,7 +57,7 @@
"\<lambda>Var:v . b" == "(\<lambda>v. b) \<circ> CONST the_In2"
"\<lambda>Vals:v. b" == "(\<lambda>v. b) \<circ> CONST the_In3"
- \<comment>\<open>relation on result values, state and auxiliary variables\<close>
+ \<comment> \<open>relation on result values, state and auxiliary variables\<close>
type_synonym 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
translations
(type) "'a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
@@ -496,7 +496,7 @@
| Abrupt: "G,A\<turnstile>{P\<leftarrow>(undefined3 t) \<and>. Not \<circ> normal} t\<succ> {P}"
- \<comment>\<open>variables\<close>
+ \<comment> \<open>variables\<close>
| LVar: " G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"
| FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};
@@ -506,7 +506,7 @@
| AVar: "\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
- \<comment>\<open>expressions\<close>
+ \<comment> \<open>expressions\<close>
| NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}"
@@ -569,7 +569,7 @@
\<Longrightarrow>
G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"
- \<comment>\<open>expression lists\<close>
+ \<comment> \<open>expression lists\<close>
| Nil: "G,A\<turnstile>{Normal (P\<leftarrow>Vals [])} []\<doteq>\<succ> {P}"
@@ -577,7 +577,7 @@
\<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>
G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"
- \<comment>\<open>statements\<close>
+ \<comment> \<open>statements\<close>
| Skip: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"
@@ -629,8 +629,7 @@
\<comment> \<open>Some dummy rules for the intermediate terms \<open>Callee\<close>,
\<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> only used by the smallstep
-semantics.
-\<close>
+semantics.\<close>
| InsInitV: " G,A\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
| InsInitE: " G,A\<turnstile>{Normal P} InsInitE c e-\<succ> {Q}"
| Callee: " G,A\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
--- a/src/HOL/Bali/AxSound.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/AxSound.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1993,7 +1993,7 @@
assume P: "P Y s0 Z"
show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)"
proof -
- \<comment>\<open>From the given hypothesises \<open>valid_e\<close> and \<open>valid_c\<close>
+ \<comment> \<open>From the given hypothesises \<open>valid_e\<close> and \<open>valid_c\<close>
we can only reach the state after unfolding the loop once, i.e.
@{term "P \<diamondsuit> s2 Z"}, where @{term s2} is the state after executing
@{term c}. To gain validity of the further execution of while, to
@@ -2002,8 +2002,7 @@
too. We can achieve this, by performing induction on the
evaluation relation, with all
the necessary preconditions to apply \<open>valid_e\<close> and
- \<open>valid_c\<close> in the goal.
-\<close>
+ \<open>valid_c\<close> in the goal.\<close>
{
fix t s s' v
assume "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s')"
--- a/src/HOL/Bali/Decl.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Decl.thy Tue Jan 16 09:30:00 2018 +0100
@@ -70,14 +70,14 @@
fix x y z::acc_modi
show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
by (auto simp add: le_acc_def less_acc_def split: acc_modi.split)
- show "x \<le> x" \<comment> reflexivity
+ show "x \<le> x" \<comment> \<open>reflexivity\<close>
by (auto simp add: le_acc_def)
{
- assume "x \<le> y" "y \<le> z" \<comment> transitivity
+ assume "x \<le> y" "y \<le> z" \<comment> \<open>transitivity\<close>
then show "x \<le> z"
by (auto simp add: le_acc_def less_acc_def split: acc_modi.split)
next
- assume "x \<le> y" "y \<le> x" \<comment> antisymmetry
+ assume "x \<le> y" "y \<le> x" \<comment> \<open>antisymmetry\<close>
moreover have "\<forall> x y. x < (y::acc_modi) \<and> y < x \<longrightarrow> False"
by (auto simp add: less_acc_def split: acc_modi.split)
ultimately show "x = y" by (unfold le_acc_def) iprover
@@ -296,13 +296,13 @@
subsection \<open>Interface\<close>
-record ibody = decl + \<comment>\<open>interface body\<close>
- imethods :: "(sig \<times> mhead) list" \<comment>\<open>method heads\<close>
+record ibody = decl + \<comment> \<open>interface body\<close>
+ imethods :: "(sig \<times> mhead) list" \<comment> \<open>method heads\<close>
-record iface = ibody + \<comment>\<open>interface\<close>
- isuperIfs:: "qtname list" \<comment>\<open>superinterface list\<close>
+record iface = ibody + \<comment> \<open>interface\<close>
+ isuperIfs:: "qtname list" \<comment> \<open>superinterface list\<close>
type_synonym
- idecl \<comment>\<open>interface declaration, cf. 9.1\<close>
+ idecl \<comment> \<open>interface declaration, cf. 9.1\<close>
= "qtname \<times> iface"
translations
@@ -325,16 +325,16 @@
by (simp add: ibody_def)
subsection \<open>Class\<close>
-record cbody = decl + \<comment>\<open>class body\<close>
+record cbody = decl + \<comment> \<open>class body\<close>
cfields:: "fdecl list"
methods:: "mdecl list"
- init :: "stmt" \<comment>\<open>initializer\<close>
+ init :: "stmt" \<comment> \<open>initializer\<close>
-record "class" = cbody + \<comment>\<open>class\<close>
- super :: "qtname" \<comment>\<open>superclass\<close>
- superIfs:: "qtname list" \<comment>\<open>implemented interfaces\<close>
+record "class" = cbody + \<comment> \<open>class\<close>
+ super :: "qtname" \<comment> \<open>superclass\<close>
+ superIfs:: "qtname list" \<comment> \<open>implemented interfaces\<close>
type_synonym
- cdecl \<comment>\<open>class declaration, cf. 8.1\<close>
+ cdecl \<comment> \<open>class declaration, cf. 8.1\<close>
= "qtname \<times> class"
translations
@@ -370,16 +370,16 @@
subsubsection "standard classes"
consts
- Object_mdecls :: "mdecl list" \<comment>\<open>methods of Object\<close>
- SXcpt_mdecls :: "mdecl list" \<comment>\<open>methods of SXcpts\<close>
+ Object_mdecls :: "mdecl list" \<comment> \<open>methods of Object\<close>
+ SXcpt_mdecls :: "mdecl list" \<comment> \<open>methods of SXcpts\<close>
definition
- ObjectC :: "cdecl" \<comment>\<open>declaration of root class\<close> where
+ ObjectC :: "cdecl" \<comment> \<open>declaration of root class\<close> where
"ObjectC = (Object,\<lparr>access=Public,cfields=[],methods=Object_mdecls,
init=Skip,super=undefined,superIfs=[]\<rparr>)"
definition
- SXcptC ::"xname \<Rightarrow> cdecl" \<comment>\<open>declarations of throwable classes\<close> where
+ SXcptC ::"xname \<Rightarrow> cdecl" \<comment> \<open>declarations of throwable classes\<close> where
"SXcptC xn = (SXcpt xn,\<lparr>access=Public,cfields=[],methods=SXcpt_mdecls,
init=Skip,
super=if xn = Throwable then Object
@@ -448,11 +448,11 @@
subsubsection "subinterface and subclass relation, in anticipation of TypeRel.thy"
definition
- subint1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subinterface\<close>
+ subint1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct subinterface\<close>
where "subint1 G = {(I,J). \<exists>i\<in>iface G I: J\<in>set (isuperIfs i)}"
definition
- subcls1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subclass\<close>
+ subcls1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct subclass\<close>
where "subcls1 G = {(C,D). C\<noteq>Object \<and> (\<exists>c\<in>class G C: super c = D)}"
abbreviation
@@ -815,7 +815,7 @@
definition
imethds :: "prog \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> mhead) tables" where
- \<comment>\<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
+ \<comment> \<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
"imethds G I = iface_rec G I
(\<lambda>I i ts. (Un_tables ts) \<oplus>\<oplus>
(set_option \<circ> table_of (map (\<lambda>(s,m). (s,I,m)) (imethods i))))"
--- a/src/HOL/Bali/DeclConcepts.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/DeclConcepts.thy Tue Jan 16 09:30:00 2018 +0100
@@ -250,28 +250,28 @@
definition
decliface :: "qtname \<times> 'a decl_scheme \<Rightarrow> qtname" where
- "decliface = fst" \<comment>\<open>get the interface component\<close>
+ "decliface = fst" \<comment> \<open>get the interface component\<close>
definition
mbr :: "qtname \<times> memberdecl \<Rightarrow> memberdecl" where
- "mbr = snd" \<comment>\<open>get the memberdecl component\<close>
+ "mbr = snd" \<comment> \<open>get the memberdecl component\<close>
definition
mthd :: "'b \<times> 'a \<Rightarrow> 'a" where
- "mthd = snd" \<comment>\<open>get the method component\<close>
- \<comment>\<open>also used for mdecl, mhead\<close>
+ "mthd = snd" \<comment> \<open>get the method component\<close>
+ \<comment> \<open>also used for mdecl, mhead\<close>
definition
fld :: "'b \<times> 'a decl_scheme \<Rightarrow> 'a decl_scheme" where
- "fld = snd" \<comment>\<open>get the field component\<close>
- \<comment>\<open>also used for \<open>((vname \<times> qtname)\<times> field)\<close>\<close>
+ "fld = snd" \<comment> \<open>get the field component\<close>
+ \<comment> \<open>also used for \<open>((vname \<times> qtname)\<times> field)\<close>\<close>
\<comment> \<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
definition
fname:: "vname \<times> 'a \<Rightarrow> vname"
where "fname = fst"
- \<comment>\<open>also used for fdecl\<close>
+ \<comment> \<open>also used for fdecl\<close>
definition
declclassf:: "(vname \<times> qtname) \<Rightarrow> qtname"
@@ -326,7 +326,7 @@
lemma declclassf_simp[simp]:"declclassf (n,c) = c"
by (simp add: declclassf_def)
- \<comment>\<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
+ \<comment> \<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
definition
fldname :: "vname \<times> qtname \<Rightarrow> vname"
--- a/src/HOL/Bali/DefiniteAssignment.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/DefiniteAssignment.thy Tue Jan 16 09:30:00 2018 +0100
@@ -59,7 +59,7 @@
| "jumpNestingOkS jmps (If(e) c1 Else c2) = (jumpNestingOkS jmps c1 \<and>
jumpNestingOkS jmps c2)"
| "jumpNestingOkS jmps (l\<bullet> While(e) c) = jumpNestingOkS ({Cont l} \<union> jmps) c"
-\<comment>\<open>The label of the while loop only handles continue jumps. Breaks are only
+\<comment> \<open>The label of the while loop only handles continue jumps. Breaks are only
handled by @{term Lab}\<close>
| "jumpNestingOkS jmps (Jmp j) = (j \<in> jmps)"
| "jumpNestingOkS jmps (Throw e) = True"
@@ -68,9 +68,9 @@
| "jumpNestingOkS jmps (c1 Finally c2) = (jumpNestingOkS jmps c1 \<and>
jumpNestingOkS jmps c2)"
| "jumpNestingOkS jmps (Init C) = True"
- \<comment>\<open>wellformedness of the program must enshure that for all initializers
+ \<comment> \<open>wellformedness of the program must enshure that for all initializers
jumpNestingOkS {} holds\<close>
-\<comment>\<open>Dummy analysis for intermediate smallstep term @{term FinA}\<close>
+\<comment> \<open>Dummy analysis for intermediate smallstep term @{term FinA}\<close>
| "jumpNestingOkS jmps (FinA a c) = False"
@@ -216,7 +216,7 @@
| False\<Rightarrow> (case (constVal e1) of
None \<Rightarrow> None
| Some v \<Rightarrow> constVal e2)))"
-\<comment>\<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
+\<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
It requires that all tree expressions are constant even if we can decide
which branch to choose, provided the constant value of @{term b}\<close>
| "constVal (Call accC statT mode objRef mn pTs args) = None"
@@ -282,10 +282,10 @@
constant false/true will also lead to UNIV.\<close>
primrec assigns_if :: "bool \<Rightarrow> expr \<Rightarrow> lname set"
where
- "assigns_if b (NewC c) = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
-| "assigns_if b (NewA t e) = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
+ "assigns_if b (NewC c) = UNIV" \<comment> \<open>can never evaluate to Boolean\<close>
+| "assigns_if b (NewA t e) = UNIV" \<comment> \<open>can never evaluate to Boolean\<close>
| "assigns_if b (Cast t e) = assigns_if b e"
-| "assigns_if b (Inst e r) = assignsE e" \<comment>\<open>Inst has type Boolean but
+| "assigns_if b (Inst e r) = assignsE e" \<comment> \<open>Inst has type Boolean but
e is a reference type\<close>
| "assigns_if b (Lit val) = (if val=Bool b then {} else UNIV)"
| "assigns_if b (UnOp unop e) = (case constVal (UnOp unop e) of
@@ -311,7 +311,7 @@
else assignsE e1 \<union> assignsE e2))
| Some v \<Rightarrow> (if v=Bool b then {} else UNIV))"
-| "assigns_if b (Super) = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
+| "assigns_if b (Super) = UNIV" \<comment> \<open>can never evaluate to Boolean\<close>
| "assigns_if b (Acc v) = (assignsV v)"
| "assigns_if b (v := e) = (assignsE (Ass v e))"
| "assigns_if b (c? e1 : e2) = (assignsE c) \<union>
@@ -499,13 +499,13 @@
type_synonym breakass = "(label, lname) tables"
-\<comment>\<open>Mapping from a break label, to the set of variables that will be assigned
+\<comment> \<open>Mapping from a break label, to the set of variables that will be assigned
if the evaluation terminates with this break\<close>
record assigned =
- nrm :: "lname set" \<comment>\<open>Definetly assigned variables
+ nrm :: "lname set" \<comment> \<open>Definetly assigned variables
for normal completion\<close>
- brk :: "breakass" \<comment>\<open>Definetly assigned variables for
+ brk :: "breakass" \<comment> \<open>Definetly assigned variables for
abrupt completion with a break\<close>
definition
@@ -556,7 +556,7 @@
\<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A"
-\<comment>\<open>Note that @{term E} is not further used, because we take the specialized
+\<comment> \<open>Note that @{term E} is not further used, because we take the specialized
sets that also consider if the expression evaluates to true or false.
Inside of @{term e} there is no {\tt break} or {\tt finally}, so the break
map of @{term E} will be the trivial one. So
@@ -571,8 +571,7 @@
maps will trivially map to @{term UNIV} and if a break occurs it will map
to @{term UNIV} too, because @{term "assigns_if False e = UNIV"}. So
in the intersection of the break maps the path @{term c2} will have no
- contribution.
-\<close>
+ contribution.\<close>
| Loop: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E;
Env\<turnstile> (B \<union> assigns_if True e) \<guillemotright>\<langle>c\<rangle>\<guillemotright> C;
@@ -580,7 +579,7 @@
brk A = brk C\<rbrakk>
\<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A"
-\<comment>\<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule.
+\<comment> \<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule.
For the @{term "nrm A"} the set @{term "B \<union> assigns_if False e"}
will be @{term UNIV} if the condition is constantly true. To normally exit
the while loop, we must consider the body @{term c} to be completed
@@ -588,8 +587,7 @@
the label @{term l} of the loop
only handles continue labels, not break labels. The break label will be
handled by an enclosing @{term Lab} statement. So we don't have to
- handle the breaks specially.
-\<close>
+ handle the breaks specially.\<close>
| Jmp: "\<lbrakk>jump=Ret \<longrightarrow> Result \<in> B;
nrm A = UNIV;
@@ -599,13 +597,12 @@
| Ret \<Rightarrow> \<lambda> k. UNIV)\<rbrakk>
\<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A"
-\<comment>\<open>In case of a break to label @{term l} the corresponding break set is all
+\<comment> \<open>In case of a break to label @{term l} the corresponding break set is all
variables assigned before the break. The assigned variables for normal
completion of the @{term Jmp} is @{term UNIV}, because the statement will
never complete normally. For continue and return the break map is the
trivial one. In case of a return we enshure that the result value is
- assigned.
-\<close>
+ assigned.\<close>
| Throw: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E; nrm A = UNIV; brk A = (\<lambda> l. UNIV)\<rbrakk>
\<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Throw e\<rangle>\<guillemotright> A"
@@ -622,7 +619,7 @@
brk A = ((brk C1) \<Rightarrow>\<union>\<^sub>\<forall> (nrm C2)) \<Rightarrow>\<inter> (brk C2)\<rbrakk>
\<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A"
-\<comment>\<open>The set of assigned variables before execution @{term c2} are the same
+\<comment> \<open>The set of assigned variables before execution @{term c2} are the same
as before execution @{term c1}, because @{term c1} could throw an exception
and so we can't guarantee that any variable will be assigned in @{term c1}.
The \<open>Finally\<close> statement completes
@@ -635,10 +632,9 @@
break will appear in the overall result state. We don't know if
@{term c1} completed normally or abruptly (maybe with an exception not only
a break) so @{term c1} has no contribution to the break map following this
- path.
-\<close>
+ path.\<close>
-\<comment>\<open>Evaluation of expressions and the break sets of definite assignment:
+\<comment> \<open>Evaluation of expressions and the break sets of definite assignment:
Thinking of a Java expression we assume that we can never have
a break statement inside of a expression. So for all expressions the
break sets could be set to the trivial one: @{term "\<lambda> l. UNIV"}.
@@ -657,17 +653,15 @@
right now. So we have decided to adjust the rules of definite assignment
to fit to these circumstances. If an initialization is involved during
evaluation of the expression (evaluation rules \<open>FVar\<close>, \<open>NewC\<close>
- and \<open>NewA\<close>
-\<close>
+ and \<open>NewA\<close>\<close>
| Init: "Env\<turnstile> B \<guillemotright>\<langle>Init C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>"
-\<comment>\<open>Wellformedness of a program will ensure, that every static initialiser
+\<comment> \<open>Wellformedness of a program will ensure, that every static initialiser
is definetly assigned and the jumps are nested correctly. The case here
for @{term Init} is just for convenience, to get a proper precondition
for the induction hypothesis in various proofs, so that we don't have to
expand the initialisation on every point where it is triggerred by the
- evaluation rules.
-\<close>
+ evaluation rules.\<close>
| NewC: "Env\<turnstile> B \<guillemotright>\<langle>NewC C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>"
| NewA: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A
@@ -715,9 +709,8 @@
nrm A = B; brk A = (\<lambda> k. UNIV)\<rbrakk>
\<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Acc (LVar vn)\<rangle>\<guillemotright> A"
-\<comment>\<open>To properly access a local variable we have to test the definite
- assignment here. The variable must occur in the set @{term B}
-\<close>
+\<comment> \<open>To properly access a local variable we have to test the definite
+ assignment here. The variable must occur in the set @{term B}\<close>
| Acc: "\<lbrakk>\<forall> vn. v \<noteq> LVar vn;
Env\<turnstile> B \<guillemotright>\<langle>v\<rangle>\<guillemotright> A\<rbrakk>
@@ -773,8 +766,7 @@
rules, and therefor we have to establish the definite assignment of the
sub-evaluation during the type-safety proof. Note that well-typedness is
also a precondition for type-safety and so we can omit some assertion
- that are already ensured by well-typedness.
-\<close>
+ that are already ensured by well-typedness.\<close>
| Methd: "\<lbrakk>methd (prg Env) D sig = Some m;
Env\<turnstile> B \<guillemotright>\<langle>Body (declclass m) (stmt (mbody (mthd m)))\<rangle>\<guillemotright> A
\<rbrakk>
@@ -796,8 +788,7 @@
definite assignment only talks about normal completion and breaks. So
for a return the @{term Jump} rule ensures that the result variable is
set and then this information must be carried over to the @{term Body}
- rule by the conformance predicate of the state.
-\<close>
+ rule by the conformance predicate of the state.\<close>
| LVar: "Env\<turnstile> B \<guillemotright>\<langle>LVar vn\<rangle>\<guillemotright> \<lparr>nrm=B, brk=\<lambda> l. UNIV\<rparr>"
| FVar: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A
--- a/src/HOL/Bali/Eval.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Eval.thy Tue Jan 16 09:30:00 2018 +0100
@@ -354,7 +354,7 @@
-lemma init_lvars_def2: \<comment>\<open>better suited for simplification\<close>
+lemma init_lvars_def2: \<comment> \<open>better suited for simplification\<close>
"init_lvars G C sig mode a' pvs (x,s) =
set_lvars
(\<lambda> k.
@@ -377,7 +377,7 @@
(let m = the (methd G C sig)
in Body (declclass m) (stmt (mbody (mthd m))))"
-lemma body_def2: \<comment>\<open>better suited for simplification\<close>
+lemma body_def2: \<comment> \<open>better suited for simplification\<close>
"body G C sig = Body (declclass (the (methd G C sig)))
(stmt (mbody (mthd (the (methd G C sig)))))"
apply (unfold body_def Let_def)
@@ -411,7 +411,7 @@
,upd_gobj oref n v s))
in ((the (cs n),f),abupd (raise_if (\<not>i in_bounds k) IndOutBound \<circ> np a') s))"
-lemma fvar_def2: \<comment>\<open>better suited for simplification\<close>
+lemma fvar_def2: \<comment> \<open>better suited for simplification\<close>
"fvar C stat fn a' s =
((the
(values
@@ -426,7 +426,7 @@
apply (simp (no_asm) add: Let_def split_beta)
done
-lemma avar_def2: \<comment>\<open>better suited for simplification\<close>
+lemma avar_def2: \<comment> \<open>better suited for simplification\<close>
"avar G i' a' s =
((the ((snd(snd(the_Arr (globs (store s) (Heap (the_Addr a'))))))
(Inr (the_Intg i')))
@@ -470,7 +470,7 @@
inductive
halloc :: "[prog,state,obj_tag,loc,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>halloc _\<succ>_\<rightarrow> _"[61,61,61,61,61]60) for G::prog
-where \<comment>\<open>allocating objects on the heap, cf. 12.5\<close>
+where \<comment> \<open>allocating objects on the heap, cf. 12.5\<close>
Abrupt:
"G\<turnstile>(Some x,s) \<midarrow>halloc oi\<succ>undefined\<rightarrow> (Some x,s)"
@@ -482,7 +482,7 @@
G\<turnstile>Norm s \<midarrow>halloc oi\<succ>a\<rightarrow> (x,init_obj G oi' (Heap a) s)"
inductive sxalloc :: "[prog,state,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>sxalloc\<rightarrow> _"[61,61,61]60) for G::prog
-where \<comment>\<open>allocating exception objects for
+where \<comment> \<open>allocating exception objects for
standard exceptions (other than OutOfMemory)\<close>
Norm: "G\<turnstile> Norm s \<midarrow>sxalloc\<rightarrow> Norm s"
@@ -512,42 +512,41 @@
| "G\<turnstile>s \<midarrow>e=\<succ>vf\<rightarrow> s' \<equiv> G\<turnstile>s \<midarrow>In2 e\<succ>\<rightarrow> (In2 vf, s')"
| "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v \<rightarrow> s' \<equiv> G\<turnstile>s \<midarrow>In3 e\<succ>\<rightarrow> (In3 v, s')"
-\<comment>\<open>propagation of abrupt completion\<close>
+\<comment> \<open>propagation of abrupt completion\<close>
- \<comment>\<open>cf. 14.1, 15.5\<close>
+ \<comment> \<open>cf. 14.1, 15.5\<close>
| Abrupt:
"G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<rightarrow> (undefined3 t, (Some xc, s))"
-\<comment>\<open>execution of statements\<close>
+\<comment> \<open>execution of statements\<close>
- \<comment>\<open>cf. 14.5\<close>
+ \<comment> \<open>cf. 14.5\<close>
| Skip: "G\<turnstile>Norm s \<midarrow>Skip\<rightarrow> Norm s"
- \<comment>\<open>cf. 14.7\<close>
+ \<comment> \<open>cf. 14.7\<close>
| Expr: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Expr e\<rightarrow> s1"
| Lab: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c \<rightarrow> s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<rightarrow> abupd (absorb l) s1"
- \<comment>\<open>cf. 14.2\<close>
+ \<comment> \<open>cf. 14.2\<close>
| Comp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1 \<rightarrow> s1;
G\<turnstile> s1 \<midarrow>c2 \<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>c1;; c2\<rightarrow> s2"
- \<comment>\<open>cf. 14.8.2\<close>
+ \<comment> \<open>cf. 14.8.2\<close>
| If: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
G\<turnstile> s1\<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2 \<rightarrow> s2"
- \<comment>\<open>cf. 14.10, 14.10.1\<close>
+ \<comment> \<open>cf. 14.10, 14.10.1\<close>
- \<comment>\<open>A continue jump from the while body @{term c} is handled by
+ \<comment> \<open>A continue jump from the while body @{term c} is handled by
this rule. If a continue jump with the proper label was invoked inside
@{term c} this label (Cont l) is deleted out of the abrupt component of
the state before the iterative evaluation of the while statement.
- A break jump is handled by the Lab Statement \<open>Lab l (while\<dots>)\<close>.
-\<close>
+ A break jump is handled by the Lab Statement \<open>Lab l (while\<dots>)\<close>.\<close>
| Loop: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
if the_Bool b
then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2 \<and>
@@ -557,16 +556,16 @@
| Jmp: "G\<turnstile>Norm s \<midarrow>Jmp j\<rightarrow> (Some (Jump j), s)"
- \<comment>\<open>cf. 14.16\<close>
+ \<comment> \<open>cf. 14.16\<close>
| Throw: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Throw e\<rightarrow> abupd (throw a') s1"
- \<comment>\<open>cf. 14.18.1\<close>
+ \<comment> \<open>cf. 14.18.1\<close>
| Try: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1; G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2;
if G,s2\<turnstile>catch C then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(C vn) c2\<rightarrow> s3"
- \<comment>\<open>cf. 14.18.2\<close>
+ \<comment> \<open>cf. 14.18.2\<close>
| Fin: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1,s1);
G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2;
s3=(if (\<exists> err. x1=Some (Error err))
@@ -574,7 +573,7 @@
else abupd (abrupt_if (x1\<noteq>None) x1) s2) \<rbrakk>
\<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<rightarrow> s3"
- \<comment>\<open>cf. 12.4.2, 8.5\<close>
+ \<comment> \<open>cf. 12.4.2, 8.5\<close>
| Init: "\<lbrakk>the (class G C) = c;
if inited C (globs s0) then s3 = Norm s0
else (G\<turnstile>Norm (init_class_obj G C s0)
@@ -582,7 +581,7 @@
G\<turnstile>set_lvars empty s1 \<midarrow>init c\<rightarrow> s2 \<and> s3 = restore_lvars s1 s2)\<rbrakk>
\<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s3"
- \<comment>\<open>This class initialisation rule is a little bit inaccurate. Look at the
+ \<comment> \<open>This class initialisation rule is a little bit inaccurate. Look at the
exact sequence:
(1) The current class object (the static fields) are initialised
(\<open>init_class_obj\<close>),
@@ -602,31 +601,30 @@
superclass initialisation and afterwards set the correct values.
But as long as we don't take memory overflow into account
when allocating class objects, we can leave things as they are for
- convenience.
-\<close>
-\<comment>\<open>evaluation of expressions\<close>
+ convenience.\<close>
+\<comment> \<open>evaluation of expressions\<close>
- \<comment>\<open>cf. 15.8.1, 12.4.1\<close>
+ \<comment> \<open>cf. 15.8.1, 12.4.1\<close>
| NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s1;
G\<turnstile> s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<rightarrow> s2"
- \<comment>\<open>cf. 15.9.1, 12.4.1\<close>
+ \<comment> \<open>cf. 15.9.1, 12.4.1\<close>
| NewA: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>i'\<rightarrow> s2;
G\<turnstile>abupd (check_neg i') s2 \<midarrow>halloc (Arr T (the_Intg i'))\<succ>a\<rightarrow> s3\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<rightarrow> s3"
- \<comment>\<open>cf. 15.15\<close>
+ \<comment> \<open>cf. 15.15\<close>
| Cast: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
s2 = abupd (raise_if (\<not>G,store s1\<turnstile>v fits T) ClassCast) s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Cast T e-\<succ>v\<rightarrow> s2"
- \<comment>\<open>cf. 15.19.2\<close>
+ \<comment> \<open>cf. 15.19.2\<close>
| Inst: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
b = (v\<noteq>Null \<and> G,store s1\<turnstile>v fits RefT T)\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<rightarrow> s1"
- \<comment>\<open>cf. 15.7.1\<close>
+ \<comment> \<open>cf. 15.7.1\<close>
| Lit: "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<rightarrow> Norm s"
| UnOp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk>
@@ -638,19 +636,19 @@
\<rbrakk>
\<Longrightarrow> G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<rightarrow> s2"
- \<comment>\<open>cf. 15.10.2\<close>
+ \<comment> \<open>cf. 15.10.2\<close>
| Super: "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<rightarrow> Norm s"
- \<comment>\<open>cf. 15.2\<close>
+ \<comment> \<open>cf. 15.2\<close>
| Acc: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v,f)\<rightarrow> s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<rightarrow> s1"
- \<comment>\<open>cf. 15.25.1\<close>
+ \<comment> \<open>cf. 15.25.1\<close>
| Ass: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(w,f)\<rightarrow> s1;
G\<turnstile> s1 \<midarrow>e-\<succ>v \<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>va:=e-\<succ>v\<rightarrow> assign f v s2"
- \<comment>\<open>cf. 15.24\<close>
+ \<comment> \<open>cf. 15.24\<close>
| Cond: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1;
G\<turnstile> s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<rightarrow> s2"
@@ -672,9 +670,8 @@
body was introduced to properly trigger class
initialisation. Without class initialisation we
could just evaluate the body statement.
- \end{itemize}
-\<close>
- \<comment>\<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5\<close>
+ \end{itemize}\<close>
+ \<comment> \<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5\<close>
| Call:
"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1; G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2;
D = invocation_declclass G mode (store s2) a' statT \<lparr>name=mn,parTs=pTs\<rparr>;
@@ -683,10 +680,9 @@
G\<turnstile>s3' \<midarrow>Methd D \<lparr>name=mn,parTs=pTs\<rparr>-\<succ>v\<rightarrow> s4\<rbrakk>
\<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>{accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ>v\<rightarrow> (restore_lvars s2 s4)"
-\<comment>\<open>The accessibility check is after @{term init_lvars}, to keep it simple.
+\<comment> \<open>The accessibility check is after @{term init_lvars}, to keep it simple.
@{term init_lvars} already tests for the absence of a null-pointer
- reference in case of an instance method invocation.
-\<close>
+ reference in case of an instance method invocation.\<close>
| Methd: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<rightarrow> s1"
@@ -698,40 +694,39 @@
else s2)\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)
\<rightarrow>abupd (absorb Ret) s3"
- \<comment>\<open>cf. 14.15, 12.4.1\<close>
- \<comment>\<open>We filter out a break/continue in @{term s2}, so that we can proof
+ \<comment> \<open>cf. 14.15, 12.4.1\<close>
+ \<comment> \<open>We filter out a break/continue in @{term s2}, so that we can proof
definite assignment
correct, without the need of conformance of the state. By this the
different parts of the typesafety proof can be disentangled a little.\<close>
-\<comment>\<open>evaluation of variables\<close>
+\<comment> \<open>evaluation of variables\<close>
- \<comment>\<open>cf. 15.13.1, 15.7.2\<close>
+ \<comment> \<open>cf. 15.13.1, 15.7.2\<close>
| LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<rightarrow> Norm s"
- \<comment>\<open>cf. 15.10.1, 12.4.1\<close>
+ \<comment> \<open>cf. 15.10.1, 12.4.1\<close>
| FVar: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2;
(v,s2') = fvar statDeclC stat fn a s2;
s3 = check_field_access G accC statDeclC fn stat a s2' \<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<rightarrow> s3"
- \<comment>\<open>The accessibility check is after @{term fvar}, to keep it simple.
+ \<comment> \<open>The accessibility check is after @{term fvar}, to keep it simple.
@{term fvar} already tests for the absence of a null-pointer reference
- in case of an instance field
-\<close>
+ in case of an instance field\<close>
- \<comment>\<open>cf. 15.12.1, 15.25.1\<close>
+ \<comment> \<open>cf. 15.12.1, 15.25.1\<close>
| AVar: "\<lbrakk>G\<turnstile> Norm s0 \<midarrow>e1-\<succ>a\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e2-\<succ>i\<rightarrow> s2;
(v,s2') = avar G i a s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<rightarrow> s2'"
-\<comment>\<open>evaluation of expression lists\<close>
+\<comment> \<open>evaluation of expression lists\<close>
- \<comment>\<open>cf. 15.11.4.2\<close>
+ \<comment> \<open>cf. 15.11.4.2\<close>
| Nil:
"G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<rightarrow> Norm s0"
- \<comment>\<open>cf. 15.6.4\<close>
+ \<comment> \<open>cf. 15.6.4\<close>
| Cons: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e -\<succ> v \<rightarrow> s1;
G\<turnstile> s1 \<midarrow>es\<doteq>\<succ>vs\<rightarrow> s2\<rbrakk> \<Longrightarrow>
G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<rightarrow> s2"
--- a/src/HOL/Bali/Evaln.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Evaln.thy Tue Jan 16 09:30:00 2018 +0100
@@ -46,12 +46,12 @@
| "G\<turnstile>s \<midarrow>e=\<succ>vf \<midarrow>n\<rightarrow> s' \<equiv> G\<turnstile>s \<midarrow>In2 e\<succ>\<midarrow>n\<rightarrow> (In2 vf, s')"
| "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v \<midarrow>n\<rightarrow> s' \<equiv> G\<turnstile>s \<midarrow>In3 e\<succ>\<midarrow>n\<rightarrow> (In3 v , s')"
-\<comment>\<open>propagation of abrupt completion\<close>
+\<comment> \<open>propagation of abrupt completion\<close>
| Abrupt: "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (undefined3 t,(Some xc,s))"
-\<comment>\<open>evaluation of variables\<close>
+\<comment> \<open>evaluation of variables\<close>
| LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s"
@@ -67,7 +67,7 @@
-\<comment>\<open>evaluation of expressions\<close>
+\<comment> \<open>evaluation of expressions\<close>
| NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1;
G\<turnstile> s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
@@ -129,7 +129,7 @@
G\<turnstile>Norm s0 \<midarrow>Body D c
-\<succ>the (locals (store s2) Result)\<midarrow>n\<rightarrow>abupd (absorb Ret) s3"
-\<comment>\<open>evaluation of expression lists\<close>
+\<comment> \<open>evaluation of expression lists\<close>
| Nil:
"G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<midarrow>n\<rightarrow> Norm s0"
@@ -139,7 +139,7 @@
G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<midarrow>n\<rightarrow> s2"
-\<comment>\<open>execution of statements\<close>
+\<comment> \<open>execution of statements\<close>
| Skip: "G\<turnstile>Norm s \<midarrow>Skip\<midarrow>n\<rightarrow> Norm s"
--- a/src/HOL/Bali/Name.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Name.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6,17 +6,17 @@
theory Name imports Basis begin
(* cf. 6.5 *)
-typedecl tnam \<comment>\<open>ordinary type name, i.e. class or interface name\<close>
-typedecl pname \<comment>\<open>package name\<close>
-typedecl mname \<comment>\<open>method name\<close>
-typedecl vname \<comment>\<open>variable or field name\<close>
-typedecl label \<comment>\<open>label as destination of break or continue\<close>
+typedecl tnam \<comment> \<open>ordinary type name, i.e. class or interface name\<close>
+typedecl pname \<comment> \<open>package name\<close>
+typedecl mname \<comment> \<open>method name\<close>
+typedecl vname \<comment> \<open>variable or field name\<close>
+typedecl label \<comment> \<open>label as destination of break or continue\<close>
-datatype ename \<comment>\<open>expression name\<close>
+datatype ename \<comment> \<open>expression name\<close>
= VNam vname
- | Res \<comment>\<open>special name to model the return value of methods\<close>
+ | Res \<comment> \<open>special name to model the return value of methods\<close>
-datatype lname \<comment>\<open>names for local variables and the This pointer\<close>
+datatype lname \<comment> \<open>names for local variables and the This pointer\<close>
= EName ename
| This
abbreviation VName :: "vname \<Rightarrow> lname"
@@ -25,7 +25,7 @@
abbreviation Result :: lname
where "Result == EName Res"
-datatype xname \<comment>\<open>names of standard exceptions\<close>
+datatype xname \<comment> \<open>names of standard exceptions\<close>
= Throwable
| NullPointer | OutOfMemory | ClassCast
| NegArrSize | IndOutBound | ArrStore
@@ -39,12 +39,12 @@
done
-datatype tname \<comment>\<open>type names for standard classes and other type names\<close>
+datatype tname \<comment> \<open>type names for standard classes and other type names\<close>
= Object'
| SXcpt' xname
| TName tnam
-record qtname = \<comment>\<open>qualified tname cf. 6.5.3, 6.5.4\<close>
+record qtname = \<comment> \<open>qualified tname cf. 6.5.3, 6.5.4\<close>
pid :: pname
tid :: tname
@@ -82,7 +82,7 @@
(type) "'a qtname_scheme" <= (type) "\<lparr>pid::pname,tid::tname,\<dots>::'a\<rparr>"
-axiomatization java_lang::pname \<comment>\<open>package java.lang\<close>
+axiomatization java_lang::pname \<comment> \<open>package java.lang\<close>
definition
Object :: qtname
--- a/src/HOL/Bali/State.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/State.thy Tue Jan 16 09:30:00 2018 +0100
@@ -19,17 +19,17 @@
subsubsection "objects"
-datatype obj_tag = \<comment>\<open>tag for generic object\<close>
- CInst qtname \<comment>\<open>class instance\<close>
- | Arr ty int \<comment>\<open>array with component type and length\<close>
- \<comment>\<open>| CStat qtname the tag is irrelevant for a class object,
+datatype obj_tag = \<comment> \<open>tag for generic object\<close>
+ CInst qtname \<comment> \<open>class instance\<close>
+ | Arr ty int \<comment> \<open>array with component type and length\<close>
+ \<comment> \<open>| CStat qtname the tag is irrelevant for a class object,
i.e. the static fields of a class,
since its type is given already by the reference to
it (see below)\<close>
-type_synonym vn = "fspec + int" \<comment>\<open>variable name\<close>
+type_synonym vn = "fspec + int" \<comment> \<open>variable name\<close>
record obj =
- tag :: "obj_tag" \<comment>\<open>generalized object\<close>
+ tag :: "obj_tag" \<comment> \<open>generalized object\<close>
"values" :: "(vn, val) table"
translations
@@ -130,7 +130,7 @@
subsubsection "object references"
-type_synonym oref = "loc + qtname" \<comment>\<open>generalized object reference\<close>
+type_synonym oref = "loc + qtname" \<comment> \<open>generalized object reference\<close>
syntax
Heap :: "loc \<Rightarrow> oref"
Stat :: "qtname \<Rightarrow> oref"
@@ -213,7 +213,7 @@
subsubsection "stores"
-type_synonym globs \<comment>\<open>global variables: heap and static variables\<close>
+type_synonym globs \<comment> \<open>global variables: heap and static variables\<close>
= "(oref , obj) table"
type_synonym heap
= "(loc , obj) table"
@@ -580,7 +580,7 @@
subsubsection "full program state"
type_synonym
- state = "abopt \<times> st" \<comment>\<open>state including abruption information\<close>
+ state = "abopt \<times> st" \<comment> \<open>state including abruption information\<close>
translations
(type) "abopt" <= (type) "abrupt option"
--- a/src/HOL/Bali/Table.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Table.thy Tue Jan 16 09:30:00 2018 +0100
@@ -29,16 +29,16 @@
\end{itemize}
\<close>
-type_synonym ('a, 'b) table \<comment>\<open>table with key type 'a and contents type 'b\<close>
+type_synonym ('a, 'b) table \<comment> \<open>table with key type 'a and contents type 'b\<close>
= "'a \<rightharpoonup> 'b"
-type_synonym ('a, 'b) tables \<comment>\<open>non-unique table with key 'a and contents 'b\<close>
+type_synonym ('a, 'b) tables \<comment> \<open>non-unique table with key 'a and contents 'b\<close>
= "'a \<Rightarrow> 'b set"
subsubsection "map of / table of"
abbreviation
- table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table" \<comment>\<open>concrete table\<close>
+ table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table" \<comment> \<open>concrete table\<close>
where "table_of \<equiv> map_of"
translations
@@ -53,7 +53,7 @@
definition cond_override :: "('b \<Rightarrow>'b \<Rightarrow> bool) \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b) table" where
-\<comment>\<open>when merging tables old and new, only override an entry of table old when
+\<comment> \<open>when merging tables old and new, only override an entry of table old when
the condition cond holds\<close>
"cond_override cond old new =
(\<lambda>k.
@@ -276,13 +276,13 @@
where "(t hidings s entails R) = (\<forall>k. \<forall>x\<in>t k. \<forall>y\<in>s k. R x y)"
definition
- \<comment>\<open>variant for unique table:\<close>
+ \<comment> \<open>variant for unique table:\<close>
hiding_entails :: "('a, 'b) table \<Rightarrow> ('a, 'c) table \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
("_ hiding _ entails _" 20)
where "(t hiding s entails R) = (\<forall>k. \<forall>x\<in>t k: \<forall>y\<in>s k: R x y)"
definition
- \<comment>\<open>variant for a unique table and conditional overriding:\<close>
+ \<comment> \<open>variant for a unique table and conditional overriding:\<close>
cond_hiding_entails :: "('a, 'b) table \<Rightarrow> ('a, 'c) table
\<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
("_ hiding _ under _ entails _" 20)
--- a/src/HOL/Bali/Term.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Term.thy Tue Jan 16 09:30:00 2018 +0100
@@ -57,25 +57,25 @@
-type_synonym locals = "(lname, val) table" \<comment>\<open>local variables\<close>
+type_synonym locals = "(lname, val) table" \<comment> \<open>local variables\<close>
datatype jump
- = Break label \<comment>\<open>break\<close>
- | Cont label \<comment>\<open>continue\<close>
- | Ret \<comment>\<open>return from method\<close>
+ = Break label \<comment> \<open>break\<close>
+ | Cont label \<comment> \<open>continue\<close>
+ | Ret \<comment> \<open>return from method\<close>
-datatype xcpt \<comment>\<open>exception\<close>
- = Loc loc \<comment>\<open>location of allocated execption object\<close>
- | Std xname \<comment>\<open>intermediate standard exception, see Eval.thy\<close>
+datatype xcpt \<comment> \<open>exception\<close>
+ = Loc loc \<comment> \<open>location of allocated execption object\<close>
+ | Std xname \<comment> \<open>intermediate standard exception, see Eval.thy\<close>
datatype error
- = AccessViolation \<comment>\<open>Access to a member that isn't permitted\<close>
- | CrossMethodJump \<comment>\<open>Method exits with a break or continue\<close>
+ = AccessViolation \<comment> \<open>Access to a member that isn't permitted\<close>
+ | CrossMethodJump \<comment> \<open>Method exits with a break or continue\<close>
-datatype abrupt \<comment>\<open>abrupt completion\<close>
- = Xcpt xcpt \<comment>\<open>exception\<close>
- | Jump jump \<comment>\<open>break, continue, return\<close>
+datatype abrupt \<comment> \<open>abrupt completion\<close>
+ = Xcpt xcpt \<comment> \<open>exception\<close>
+ | Jump jump \<comment> \<open>break, continue, return\<close>
| Error error \<comment> \<open>runtime errors, we wan't to detect and proof absent
in welltyped programms\<close>
type_synonym
@@ -90,26 +90,26 @@
translations
(type) "locals" <= (type) "(lname, val) table"
-datatype inv_mode \<comment>\<open>invocation mode for method calls\<close>
- = Static \<comment>\<open>static\<close>
- | SuperM \<comment>\<open>super\<close>
- | IntVir \<comment>\<open>interface or virtual\<close>
+datatype inv_mode \<comment> \<open>invocation mode for method calls\<close>
+ = Static \<comment> \<open>static\<close>
+ | SuperM \<comment> \<open>super\<close>
+ | IntVir \<comment> \<open>interface or virtual\<close>
-record sig = \<comment>\<open>signature of a method, cf. 8.4.2\<close>
- name ::"mname" \<comment>\<open>acutally belongs to Decl.thy\<close>
+record sig = \<comment> \<open>signature of a method, cf. 8.4.2\<close>
+ name ::"mname" \<comment> \<open>acutally belongs to Decl.thy\<close>
parTs::"ty list"
translations
(type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list\<rparr>"
(type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list,\<dots>::'a\<rparr>"
-\<comment>\<open>function codes for unary operations\<close>
+\<comment> \<open>function codes for unary operations\<close>
datatype unop = UPlus \<comment> \<open>{\tt +} unary plus\<close>
| UMinus \<comment> \<open>{\tt -} unary minus\<close>
| UBitNot \<comment> \<open>{\tt ~} bitwise NOT\<close>
| UNot \<comment> \<open>{\tt !} logical complement\<close>
-\<comment>\<open>function codes for binary operations\<close>
+\<comment> \<open>function codes for binary operations\<close>
datatype binop = Mul \<comment> \<open>{\tt * } multiplication\<close>
| Div \<comment> \<open>{\tt /} division\<close>
| Mod \<comment> \<open>{\tt \%} remainder\<close>
@@ -141,81 +141,81 @@
\<close>
datatype var
- = LVar lname \<comment>\<open>local variable (incl. parameters)\<close>
+ = LVar lname \<comment> \<open>local variable (incl. parameters)\<close>
| FVar qtname qtname bool expr vname ("{_,_,_}_.._"[10,10,10,85,99]90)
- \<comment>\<open>class field\<close>
- \<comment>\<open>@{term "{accC,statDeclC,stat}e..fn"}\<close>
- \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
- \<comment>\<open>the code is declared. Annotation only needed for\<close>
- \<comment>\<open>evaluation to check accessibility)\<close>
- \<comment>\<open>\<open>statDeclC\<close>: static declaration class of field\<close>
- \<comment>\<open>\<open>stat\<close>: static or instance field?\<close>
- \<comment>\<open>\<open>e\<close>: reference to object\<close>
- \<comment>\<open>\<open>fn\<close>: field name\<close>
+ \<comment> \<open>class field\<close>
+ \<comment> \<open>@{term "{accC,statDeclC,stat}e..fn"}\<close>
+ \<comment> \<open>\<open>accC\<close>: accessing class (static class were\<close>
+ \<comment> \<open>the code is declared. Annotation only needed for\<close>
+ \<comment> \<open>evaluation to check accessibility)\<close>
+ \<comment> \<open>\<open>statDeclC\<close>: static declaration class of field\<close>
+ \<comment> \<open>\<open>stat\<close>: static or instance field?\<close>
+ \<comment> \<open>\<open>e\<close>: reference to object\<close>
+ \<comment> \<open>\<open>fn\<close>: field name\<close>
| AVar expr expr ("_.[_]"[90,10 ]90)
- \<comment>\<open>array component\<close>
- \<comment>\<open>@{term "e1.[e2]"}: e1 array reference; e2 index\<close>
+ \<comment> \<open>array component\<close>
+ \<comment> \<open>@{term "e1.[e2]"}: e1 array reference; e2 index\<close>
| InsInitV stmt var
- \<comment>\<open>insertion of initialization before evaluation\<close>
- \<comment>\<open>of var (technical term for smallstep semantics.)\<close>
+ \<comment> \<open>insertion of initialization before evaluation\<close>
+ \<comment> \<open>of var (technical term for smallstep semantics.)\<close>
and expr
- = NewC qtname \<comment>\<open>class instance creation\<close>
+ = NewC qtname \<comment> \<open>class instance creation\<close>
| NewA ty expr ("New _[_]"[99,10 ]85)
- \<comment>\<open>array creation\<close>
- | Cast ty expr \<comment>\<open>type cast\<close>
+ \<comment> \<open>array creation\<close>
+ | Cast ty expr \<comment> \<open>type cast\<close>
| Inst expr ref_ty ("_ InstOf _"[85,99] 85)
- \<comment>\<open>instanceof\<close>
- | Lit val \<comment>\<open>literal value, references not allowed\<close>
- | UnOp unop expr \<comment>\<open>unary operation\<close>
- | BinOp binop expr expr \<comment>\<open>binary operation\<close>
+ \<comment> \<open>instanceof\<close>
+ | Lit val \<comment> \<open>literal value, references not allowed\<close>
+ | UnOp unop expr \<comment> \<open>unary operation\<close>
+ | BinOp binop expr expr \<comment> \<open>binary operation\<close>
- | Super \<comment>\<open>special Super keyword\<close>
- | Acc var \<comment>\<open>variable access\<close>
+ | Super \<comment> \<open>special Super keyword\<close>
+ | Acc var \<comment> \<open>variable access\<close>
| Ass var expr ("_:=_" [90,85 ]85)
- \<comment>\<open>variable assign\<close>
- | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) \<comment>\<open>conditional\<close>
+ \<comment> \<open>variable assign\<close>
+ | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) \<comment> \<open>conditional\<close>
| Call qtname ref_ty inv_mode expr mname "(ty list)" "(expr list)"
("{_,_,_}_\<cdot>_'( {_}_')"[10,10,10,85,99,10,10]85)
- \<comment>\<open>method call\<close>
- \<comment>\<open>@{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} "\<close>
- \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
- \<comment>\<open>the call code is declared. Annotation only needed for\<close>
- \<comment>\<open>evaluation to check accessibility)\<close>
- \<comment>\<open>\<open>statT\<close>: static declaration class/interface of\<close>
- \<comment>\<open>method\<close>
- \<comment>\<open>\<open>mode\<close>: invocation mode\<close>
- \<comment>\<open>\<open>e\<close>: reference to object\<close>
- \<comment>\<open>\<open>mn\<close>: field name\<close>
- \<comment>\<open>\<open>pTs\<close>: types of parameters\<close>
- \<comment>\<open>\<open>args\<close>: the actual parameters/arguments\<close>
- | Methd qtname sig \<comment>\<open>(folded) method (see below)\<close>
- | Body qtname stmt \<comment>\<open>(unfolded) method body\<close>
+ \<comment> \<open>method call\<close>
+ \<comment> \<open>@{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} "\<close>
+ \<comment> \<open>\<open>accC\<close>: accessing class (static class were\<close>
+ \<comment> \<open>the call code is declared. Annotation only needed for\<close>
+ \<comment> \<open>evaluation to check accessibility)\<close>
+ \<comment> \<open>\<open>statT\<close>: static declaration class/interface of\<close>
+ \<comment> \<open>method\<close>
+ \<comment> \<open>\<open>mode\<close>: invocation mode\<close>
+ \<comment> \<open>\<open>e\<close>: reference to object\<close>
+ \<comment> \<open>\<open>mn\<close>: field name\<close>
+ \<comment> \<open>\<open>pTs\<close>: types of parameters\<close>
+ \<comment> \<open>\<open>args\<close>: the actual parameters/arguments\<close>
+ | Methd qtname sig \<comment> \<open>(folded) method (see below)\<close>
+ | Body qtname stmt \<comment> \<open>(unfolded) method body\<close>
| InsInitE stmt expr
- \<comment>\<open>insertion of initialization before\<close>
- \<comment>\<open>evaluation of expr (technical term for smallstep sem.)\<close>
- | Callee locals expr \<comment>\<open>save callers locals in callee-Frame\<close>
- \<comment>\<open>(technical term for smallstep semantics)\<close>
+ \<comment> \<open>insertion of initialization before\<close>
+ \<comment> \<open>evaluation of expr (technical term for smallstep sem.)\<close>
+ | Callee locals expr \<comment> \<open>save callers locals in callee-Frame\<close>
+ \<comment> \<open>(technical term for smallstep semantics)\<close>
and stmt
- = Skip \<comment>\<open>empty statement\<close>
- | Expr expr \<comment>\<open>expression statement\<close>
+ = Skip \<comment> \<open>empty statement\<close>
+ | Expr expr \<comment> \<open>expression statement\<close>
| Lab jump stmt ("_\<bullet> _" [ 99,66]66)
- \<comment>\<open>labeled statement; handles break\<close>
+ \<comment> \<open>labeled statement; handles break\<close>
| Comp stmt stmt ("_;; _" [ 66,65]65)
| If' expr stmt stmt ("If'(_') _ Else _" [ 80,79,79]70)
| Loop label expr stmt ("_\<bullet> While'(_') _" [ 99,80,79]70)
- | Jmp jump \<comment>\<open>break, continue, return\<close>
+ | Jmp jump \<comment> \<open>break, continue, return\<close>
| Throw expr
| TryC stmt qtname vname stmt ("Try _ Catch'(_ _') _" [79,99,80,79]70)
- \<comment>\<open>@{term "Try c1 Catch(C vn) c2"}\<close>
- \<comment>\<open>\<open>c1\<close>: block were exception may be thrown\<close>
- \<comment>\<open>\<open>C\<close>: execption class to catch\<close>
- \<comment>\<open>\<open>vn\<close>: local name for exception used in \<open>c2\<close>\<close>
- \<comment>\<open>\<open>c2\<close>: block to execute when exception is cateched\<close>
+ \<comment> \<open>@{term "Try c1 Catch(C vn) c2"}\<close>
+ \<comment> \<open>\<open>c1\<close>: block were exception may be thrown\<close>
+ \<comment> \<open>\<open>C\<close>: execption class to catch\<close>
+ \<comment> \<open>\<open>vn\<close>: local name for exception used in \<open>c2\<close>\<close>
+ \<comment> \<open>\<open>c2\<close>: block to execute when exception is cateched\<close>
| Fin stmt stmt ("_ Finally _" [ 79,79]70)
- | FinA abopt stmt \<comment>\<open>Save abruption of first statement\<close>
- \<comment>\<open>technical term for smallstep sem.)\<close>
- | Init qtname \<comment>\<open>class initialization\<close>
+ | FinA abopt stmt \<comment> \<open>Save abruption of first statement\<close>
+ \<comment> \<open>technical term for smallstep sem.)\<close>
+ | Init qtname \<comment> \<open>class initialization\<close>
datatype_compat var expr stmt
@@ -254,7 +254,7 @@
abbreviation
Return :: "expr \<Rightarrow> stmt"
- where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" \<comment>\<open>\tt Res := e;; Jmp Ret\<close>
+ where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" \<comment> \<open>\tt Res := e;; Jmp Ret\<close>
abbreviation
StatRef :: "ref_ty \<Rightarrow> expr"
@@ -432,7 +432,7 @@
where
"eval_unop UPlus v = Intg (the_Intg v)"
| "eval_unop UMinus v = Intg (- (the_Intg v))"
-| "eval_unop UBitNot v = Intg 42" \<comment> "FIXME: Not yet implemented"
+| "eval_unop UBitNot v = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
| "eval_unop UNot v = Bool (\<not> the_Bool v)"
subsubsection \<open>Evaluation of binary operations\<close>
@@ -444,10 +444,10 @@
| "eval_binop Plus v1 v2 = Intg ((the_Intg v1) + (the_Intg v2))"
| "eval_binop Minus v1 v2 = Intg ((the_Intg v1) - (the_Intg v2))"
-\<comment> "Be aware of the explicit coercion of the shift distance to nat"
+\<comment> \<open>Be aware of the explicit coercion of the shift distance to nat\<close>
| "eval_binop LShift v1 v2 = Intg ((the_Intg v1) * (2^(nat (the_Intg v2))))"
| "eval_binop RShift v1 v2 = Intg ((the_Intg v1) div (2^(nat (the_Intg v2))))"
-| "eval_binop RShiftU v1 v2 = Intg 42" \<comment>"FIXME: Not yet implemented"
+| "eval_binop RShiftU v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
| "eval_binop Less v1 v2 = Bool ((the_Intg v1) < (the_Intg v2))"
| "eval_binop Le v1 v2 = Bool ((the_Intg v1) \<le> (the_Intg v2))"
@@ -456,11 +456,11 @@
| "eval_binop Eq v1 v2 = Bool (v1=v2)"
| "eval_binop Neq v1 v2 = Bool (v1\<noteq>v2)"
-| "eval_binop BitAnd v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
+| "eval_binop BitAnd v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
| "eval_binop And v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
-| "eval_binop BitXor v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
+| "eval_binop BitXor v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
| "eval_binop Xor v1 v2 = Bool ((the_Bool v1) \<noteq> (the_Bool v2))"
-| "eval_binop BitOr v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
+| "eval_binop BitOr v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
| "eval_binop Or v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
| "eval_binop CondAnd v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
| "eval_binop CondOr v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
--- a/src/HOL/Bali/Trans.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Trans.thy Tue Jan 16 09:30:00 2018 +0100
@@ -236,14 +236,13 @@
| InsInitFVar:
"G\<turnstile>(\<langle>InsInitV Skip ({accC,statDeclC,stat}Lit a..fn)\<rangle>,Norm s)
\<mapsto>1 (\<langle>{accC,statDeclC,stat}Lit a..fn\<rangle>,Norm s)"
-\<comment> \<open>Notice, that we do not have literal values for \<open>vars\<close>.
+\<comment> \<open>Notice, that we do not have literal values for \<open>vars\<close>.
The rules for accessing variables (\<open>Acc\<close>) and assigning to variables
(\<open>Ass\<close>), test this with the predicate \<open>groundVar\<close>. After
initialisation is done and the \<open>FVar\<close> is evaluated, we can't just
throw away the \<open>InsInitFVar\<close> term and return a literal value, as in the
cases of \<open>New\<close> or \<open>NewC\<close>. Instead we just return the evaluated
-\<open>FVar\<close> and test for initialisation in the rule \<open>FVar\<close>.
-\<close>
+\<open>FVar\<close> and test for initialisation in the rule \<open>FVar\<close>.\<close>
| AVarE1: "\<lbrakk>G\<turnstile>(\<langle>e1\<rangle>,Norm s) \<mapsto>1 (\<langle>e1'\<rangle>,s')\<rbrakk>
--- a/src/HOL/Bali/Type.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Type.thy Tue Jan 16 09:30:00 2018 +0100
@@ -14,21 +14,21 @@
\end{itemize}
\<close>
-datatype prim_ty \<comment>\<open>primitive type, cf. 4.2\<close>
- = Void \<comment>\<open>result type of void methods\<close>
+datatype prim_ty \<comment> \<open>primitive type, cf. 4.2\<close>
+ = Void \<comment> \<open>result type of void methods\<close>
| Boolean
| Integer
-datatype ref_ty \<comment>\<open>reference type, cf. 4.3\<close>
- = NullT \<comment>\<open>null type, cf. 4.1\<close>
- | IfaceT qtname \<comment>\<open>interface type\<close>
- | ClassT qtname \<comment>\<open>class type\<close>
- | ArrayT ty \<comment>\<open>array type\<close>
+datatype ref_ty \<comment> \<open>reference type, cf. 4.3\<close>
+ = NullT \<comment> \<open>null type, cf. 4.1\<close>
+ | IfaceT qtname \<comment> \<open>interface type\<close>
+ | ClassT qtname \<comment> \<open>class type\<close>
+ | ArrayT ty \<comment> \<open>array type\<close>
-and ty \<comment>\<open>any type, cf. 4.1\<close>
- = PrimT prim_ty \<comment>\<open>primitive type\<close>
- | RefT ref_ty \<comment>\<open>reference type\<close>
+and ty \<comment> \<open>any type, cf. 4.1\<close>
+ = PrimT prim_ty \<comment> \<open>primitive type\<close>
+ | RefT ref_ty \<comment> \<open>reference type\<close>
abbreviation "NT == RefT NullT"
abbreviation "Iface I == RefT (IfaceT I)"
--- a/src/HOL/Bali/TypeRel.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/TypeRel.thy Tue Jan 16 09:30:00 2018 +0100
@@ -32,8 +32,8 @@
(*subclseq, by translation*) (* subclass + identity *)
definition
- implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct implementation\<close>
- \<comment>\<open>direct implementation, cf. 8.1.3\<close>
+ implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct implementation\<close>
+ \<comment> \<open>direct implementation, cf. 8.1.3\<close>
where "implmt1 G = {(C,I). C\<noteq>Object \<and> (\<exists>c\<in>class G C: I\<in>set (superIfs c))}"
@@ -43,7 +43,7 @@
abbreviation
subint_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<preceq>I _" [71,71,71] 70)
- where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" \<comment>\<open>cf. 9.1.3\<close>
+ where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" \<comment> \<open>cf. 9.1.3\<close>
abbreviation
implmt1_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<leadsto>1_" [71,71,71] 70)
@@ -334,7 +334,7 @@
apply auto
done
-inductive \<comment>\<open>implementation, cf. 8.1.4\<close>
+inductive \<comment> \<open>implementation, cf. 8.1.4\<close>
implmt :: "prog \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> bool" ("_\<turnstile>_\<leadsto>_" [71,71,71] 70)
for G :: prog
where
@@ -369,13 +369,13 @@
subsubsection "widening relation"
inductive
- \<comment>\<open>widening, viz. method invocation conversion, cf. 5.3
+ \<comment> \<open>widening, viz. method invocation conversion, cf. 5.3
i.e. kind of syntactic subtyping\<close>
widen :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>_" [71,71,71] 70)
for G :: prog
where
- refl: "G\<turnstile>T\<preceq>T" \<comment>\<open>identity conversion, cf. 5.1.1\<close>
-| subint: "G\<turnstile>I\<preceq>I J \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" \<comment>\<open>wid.ref.conv.,cf. 5.1.4\<close>
+ refl: "G\<turnstile>T\<preceq>T" \<comment> \<open>identity conversion, cf. 5.1.1\<close>
+| subint: "G\<turnstile>I\<preceq>I J \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" \<comment> \<open>wid.ref.conv.,cf. 5.1.4\<close>
| int_obj: "G\<turnstile>Iface I\<preceq> Class Object"
| subcls: "G\<turnstile>C\<preceq>\<^sub>C D \<Longrightarrow> G\<turnstile>Class C\<preceq> Class D"
| implmt: "G\<turnstile>C\<leadsto>I \<Longrightarrow> G\<turnstile>Class C\<preceq> Iface I"
@@ -594,7 +594,7 @@
*)
(* more detailed than necessary for type-safety, see above rules. *)
-inductive \<comment>\<open>narrowing reference conversion, cf. 5.1.5\<close>
+inductive \<comment> \<open>narrowing reference conversion, cf. 5.1.5\<close>
narrow :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<succ>_" [71,71,71] 70)
for G :: prog
where
@@ -645,7 +645,7 @@
subsubsection "casting relation"
-inductive \<comment>\<open>casting conversion, cf. 5.5\<close>
+inductive \<comment> \<open>casting conversion, cf. 5.5\<close>
cast :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>? _" [71,71,71] 70)
for G :: prog
where
--- a/src/HOL/Bali/TypeSafe.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/TypeSafe.thy Tue Jan 16 09:30:00 2018 +0100
@@ -588,7 +588,7 @@
qed
corollary DynT_mheadsE [consumes 7]:
-\<comment>\<open>Same as \<open>DynT_mheadsD\<close> but better suited for application in
+\<comment> \<open>Same as \<open>DynT_mheadsD\<close> but better suited for application in
typesafety proof\<close>
assumes invC_compatible: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT"
and wf: "wf_prog G"
@@ -1906,8 +1906,7 @@
called type safe. To remedy the situation we would have to change
the evaulation rule, so that it only has a type safe evaluation if
we actually get a boolean value for the condition. That b is actually
- a boolean value is part of @{term hyp_e}. See also Loop
-\<close>
+ a boolean value is part of @{term hyp_e}. See also Loop\<close>
next
case (Loop s0 e b s1 c s2 l s3 L accC T A)
note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
@@ -2624,8 +2623,7 @@
values of the expected types, and arbitrary if the inputs have
unexpected types. The proof can easily be adapted since we
have the hypothesis that the values have a proper type.
- This also applies to unary operations.
-\<close>
+ This also applies to unary operations.\<close>
from eval_e1 have
s0_s1:"dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
by (rule dom_locals_eval_mono_elim)
--- a/src/HOL/Bali/Value.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/Value.thy Tue Jan 16 09:30:00 2018 +0100
@@ -7,14 +7,14 @@
theory Value imports Type begin
-typedecl loc \<comment>\<open>locations, i.e. abstract references on objects\<close>
+typedecl loc \<comment> \<open>locations, i.e. abstract references on objects\<close>
datatype val
- = Unit \<comment>\<open>dummy result value of void methods\<close>
- | Bool bool \<comment>\<open>Boolean value\<close>
- | Intg int \<comment>\<open>integer value\<close>
- | Null \<comment>\<open>null reference\<close>
- | Addr loc \<comment>\<open>addresses, i.e. locations of objects\<close>
+ = Unit \<comment> \<open>dummy result value of void methods\<close>
+ | Bool bool \<comment> \<open>Boolean value\<close>
+ | Intg int \<comment> \<open>integer value\<close>
+ | Null \<comment> \<open>null reference\<close>
+ | Addr loc \<comment> \<open>addresses, i.e. locations of objects\<close>
primrec the_Bool :: "val \<Rightarrow> bool"
@@ -36,13 +36,13 @@
| "typeof dt Null = Some NT"
| "typeof dt (Addr a) = dt a"
-primrec defpval :: "prim_ty \<Rightarrow> val" \<comment>\<open>default value for primitive types\<close>
+primrec defpval :: "prim_ty \<Rightarrow> val" \<comment> \<open>default value for primitive types\<close>
where
"defpval Void = Unit"
| "defpval Boolean = Bool False"
| "defpval Integer = Intg 0"
-primrec default_val :: "ty \<Rightarrow> val" \<comment>\<open>default value for all types\<close>
+primrec default_val :: "ty \<Rightarrow> val" \<comment> \<open>default value for all types\<close>
where
"default_val (PrimT pt) = defpval pt"
| "default_val (RefT r ) = Null"
--- a/src/HOL/Bali/WellType.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Bali/WellType.thy Tue Jan 16 09:30:00 2018 +0100
@@ -29,12 +29,12 @@
\<close>
type_synonym lenv
- = "(lname, ty) table" \<comment>\<open>local variables, including This and Result\<close>
+ = "(lname, ty) table" \<comment> \<open>local variables, including This and Result\<close>
record env =
- prg:: "prog" \<comment>\<open>program\<close>
- cls:: "qtname" \<comment>\<open>current package and class name\<close>
- lcl:: "lenv" \<comment>\<open>local environment\<close>
+ prg:: "prog" \<comment> \<open>program\<close>
+ cls:: "qtname" \<comment> \<open>current package and class name\<close>
+ lcl:: "lenv" \<comment> \<open>local environment\<close>
translations
(type) "lenv" <= (type) "(lname, ty) table"
@@ -44,7 +44,7 @@
abbreviation
- pkg :: "env \<Rightarrow> pname" \<comment>\<open>select the current package from an environment\<close>
+ pkg :: "env \<Rightarrow> pname" \<comment> \<open>select the current package from an environment\<close>
where "pkg e == pid (cls e)"
subsubsection "Static overloading: maximally specific methods "
@@ -52,7 +52,7 @@
type_synonym
emhead = "ref_ty \<times> mhead"
-\<comment>\<open>Some mnemotic selectors for emhead\<close>
+\<comment> \<open>Some mnemotic selectors for emhead\<close>
definition
"declrefT" :: "emhead \<Rightarrow> ref_ty"
where "declrefT = fst"
@@ -107,20 +107,20 @@
| "mheads G S (ArrayT T) = accObjectmheads G S (ArrayT T)"
definition
- \<comment>\<open>applicable methods, cf. 15.11.2.1\<close>
+ \<comment> \<open>applicable methods, cf. 15.11.2.1\<close>
appl_methds :: "prog \<Rightarrow> qtname \<Rightarrow> ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
"appl_methds G S rt = (\<lambda> sig.
{(mh,pTs') |mh pTs'. mh \<in> mheads G S rt \<lparr>name=name sig,parTs=pTs'\<rparr> \<and>
G\<turnstile>(parTs sig)[\<preceq>]pTs'})"
definition
- \<comment>\<open>more specific methods, cf. 15.11.2.2\<close>
+ \<comment> \<open>more specific methods, cf. 15.11.2.2\<close>
more_spec :: "prog \<Rightarrow> emhead \<times> ty list \<Rightarrow> emhead \<times> ty list \<Rightarrow> bool" where
"more_spec G = (\<lambda>(mh,pTs). \<lambda>(mh',pTs'). G\<turnstile>pTs[\<preceq>]pTs')"
(*more_spec G \<equiv>\<lambda>((d,h),pTs). \<lambda>((d',h'),pTs'). G\<turnstile>RefT d\<preceq>RefT d'\<and>G\<turnstile>pTs[\<preceq>]pTs'*)
definition
- \<comment>\<open>maximally specific methods, cf. 15.11.2.2\<close>
+ \<comment> \<open>maximally specific methods, cf. 15.11.2.2\<close>
max_spec :: "prog \<Rightarrow> qtname \<Rightarrow> ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
"max_spec G S rt sig = {m. m \<in>appl_methds G S rt sig \<and>
(\<forall>m'\<in>appl_methds G S rt sig. more_spec G m' m \<longrightarrow> m'=m)}"
@@ -262,13 +262,13 @@
| "E,dt\<Turnstile>e\<Colon>=T \<equiv> E,dt\<Turnstile>In2 e\<Colon>Inl T"
| "E,dt\<Turnstile>e\<Colon>\<doteq>T \<equiv> E,dt\<Turnstile>In3 e\<Colon>Inr T"
-\<comment>\<open>well-typed statements\<close>
+\<comment> \<open>well-typed statements\<close>
| Skip: "E,dt\<Turnstile>Skip\<Colon>\<surd>"
| Expr: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Expr e\<Colon>\<surd>"
- \<comment>\<open>cf. 14.6\<close>
+ \<comment> \<open>cf. 14.6\<close>
| Lab: "E,dt\<Turnstile>c\<Colon>\<surd> \<Longrightarrow>
E,dt\<Turnstile>l\<bullet> c\<Colon>\<surd>"
@@ -276,62 +276,61 @@
E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>c1;; c2\<Colon>\<surd>"
- \<comment>\<open>cf. 14.8\<close>
+ \<comment> \<open>cf. 14.8\<close>
| If: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
E,dt\<Turnstile>c1\<Colon>\<surd>;
E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>If(e) c1 Else c2\<Colon>\<surd>"
- \<comment>\<open>cf. 14.10\<close>
+ \<comment> \<open>cf. 14.10\<close>
| Loop: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
E,dt\<Turnstile>c\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>l\<bullet> While(e) c\<Colon>\<surd>"
- \<comment>\<open>cf. 14.13, 14.15, 14.16\<close>
+ \<comment> \<open>cf. 14.13, 14.15, 14.16\<close>
| Jmp: "E,dt\<Turnstile>Jmp jump\<Colon>\<surd>"
- \<comment>\<open>cf. 14.16\<close>
+ \<comment> \<open>cf. 14.16\<close>
| Throw: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class tn;
prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Throw e\<Colon>\<surd>"
- \<comment>\<open>cf. 14.18\<close>
+ \<comment> \<open>cf. 14.18\<close>
| Try: "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable;
lcl E (VName vn)=None; E \<lparr>lcl := lcl E(VName vn\<mapsto>Class tn)\<rparr>,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk>
\<Longrightarrow>
E,dt\<Turnstile>Try c1 Catch(tn vn) c2\<Colon>\<surd>"
- \<comment>\<open>cf. 14.18\<close>
+ \<comment> \<open>cf. 14.18\<close>
| Fin: "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>c1 Finally c2\<Colon>\<surd>"
| Init: "\<lbrakk>is_class (prg E) C\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Init C\<Colon>\<surd>"
- \<comment>\<open>@{term Init} is created on the fly during evaluation (see Eval.thy).
+ \<comment> \<open>@{term Init} is created on the fly during evaluation (see Eval.thy).
The class isn't necessarily accessible from the points @{term Init}
is called. Therefor we only demand @{term is_class} and not
- @{term is_acc_class} here.
-\<close>
+ @{term is_acc_class} here.\<close>
-\<comment>\<open>well-typed expressions\<close>
+\<comment> \<open>well-typed expressions\<close>
- \<comment>\<open>cf. 15.8\<close>
+ \<comment> \<open>cf. 15.8\<close>
| NewC: "\<lbrakk>is_acc_class (prg E) (pkg E) C\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>NewC C\<Colon>-Class C"
- \<comment>\<open>cf. 15.9\<close>
+ \<comment> \<open>cf. 15.9\<close>
| NewA: "\<lbrakk>is_acc_type (prg E) (pkg E) T;
E,dt\<Turnstile>i\<Colon>-PrimT Integer\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>New T[i]\<Colon>-T.[]"
- \<comment>\<open>cf. 15.15\<close>
+ \<comment> \<open>cf. 15.15\<close>
| Cast: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T; is_acc_type (prg E) (pkg E) T';
prg E\<turnstile>T\<preceq>? T'\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Cast T' e\<Colon>-T'"
- \<comment>\<open>cf. 15.19.2\<close>
+ \<comment> \<open>cf. 15.19.2\<close>
| Inst: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT T; is_acc_type (prg E) (pkg E) (RefT T');
prg E\<turnstile>RefT T\<preceq>? RefT T'\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>e InstOf T'\<Colon>-PrimT Boolean"
- \<comment>\<open>cf. 15.7.1\<close>
+ \<comment> \<open>cf. 15.7.1\<close>
| Lit: "\<lbrakk>typeof dt x = Some T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Lit x\<Colon>-T"
@@ -344,28 +343,28 @@
\<Longrightarrow>
E,dt\<Turnstile>BinOp binop e1 e2\<Colon>-T"
- \<comment>\<open>cf. 15.10.2, 15.11.1\<close>
+ \<comment> \<open>cf. 15.10.2, 15.11.1\<close>
| Super: "\<lbrakk>lcl E This = Some (Class C); C \<noteq> Object;
class (prg E) C = Some c\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Super\<Colon>-Class (super c)"
- \<comment>\<open>cf. 15.13.1, 15.10.1, 15.12\<close>
+ \<comment> \<open>cf. 15.13.1, 15.10.1, 15.12\<close>
| Acc: "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Acc va\<Colon>-T"
- \<comment>\<open>cf. 15.25, 15.25.1\<close>
+ \<comment> \<open>cf. 15.25, 15.25.1\<close>
| Ass: "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T; va \<noteq> LVar This;
E,dt\<Turnstile>v \<Colon>-T';
prg E\<turnstile>T'\<preceq>T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>va:=v\<Colon>-T'"
- \<comment>\<open>cf. 15.24\<close>
+ \<comment> \<open>cf. 15.24\<close>
| Cond: "\<lbrakk>E,dt\<Turnstile>e0\<Colon>-PrimT Boolean;
E,dt\<Turnstile>e1\<Colon>-T1; E,dt\<Turnstile>e2\<Colon>-T2;
prg E\<turnstile>T1\<preceq>T2 \<and> T = T2 \<or> prg E\<turnstile>T2\<preceq>T1 \<and> T = T1\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>e0 ? e1 : e2\<Colon>-T"
- \<comment>\<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
+ \<comment> \<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
| Call: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT statT;
E,dt\<Turnstile>ps\<Colon>\<doteq>pTs;
max_spec (prg E) (cls E) statT \<lparr>name=mn,parTs=pTs\<rparr>
@@ -377,7 +376,7 @@
methd (prg E) C sig = Some m;
E,dt\<Turnstile>Body (declclass m) (stmt (mbody (mthd m)))\<Colon>-T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Methd C sig\<Colon>-T"
- \<comment>\<open>The class @{term C} is the dynamic class of the method call
+ \<comment> \<open>The class @{term C} is the dynamic class of the method call
(cf. Eval.thy).
It hasn't got to be directly accessible from the current package
@{term "(pkg E)"}.
@@ -385,43 +384,41 @@
@{term Call}).
Note that l is just a dummy value. It is only used in the smallstep
semantics. To proof typesafety directly for the smallstep semantics
- we would have to assume conformance of l here!
-\<close>
+ we would have to assume conformance of l here!\<close>
| Body: "\<lbrakk>is_class (prg E) D;
E,dt\<Turnstile>blk\<Colon>\<surd>;
(lcl E) Result = Some T;
is_type (prg E) T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>Body D blk\<Colon>-T"
-\<comment>\<open>The class @{term D} implementing the method must not directly be
+\<comment> \<open>The class @{term D} implementing the method must not directly be
accessible from the current package @{term "(pkg E)"}, but can also
be indirectly accessible due to inheritance (enshured in @{term Call})
The result type hasn't got to be accessible in Java! (If it is not
accessible you can only assign it to Object).
- For dummy value l see rule @{term Methd}.
-\<close>
+ For dummy value l see rule @{term Methd}.\<close>
-\<comment>\<open>well-typed variables\<close>
+\<comment> \<open>well-typed variables\<close>
- \<comment>\<open>cf. 15.13.1\<close>
+ \<comment> \<open>cf. 15.13.1\<close>
| LVar: "\<lbrakk>lcl E vn = Some T; is_acc_type (prg E) (pkg E) T\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>LVar vn\<Colon>=T"
- \<comment>\<open>cf. 15.10.1\<close>
+ \<comment> \<open>cf. 15.10.1\<close>
| FVar: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class C;
accfield (prg E) (cls E) C fn = Some (statDeclC,f)\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>{cls E,statDeclC,is_static f}e..fn\<Colon>=(type f)"
- \<comment>\<open>cf. 15.12\<close>
+ \<comment> \<open>cf. 15.12\<close>
| AVar: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T.[];
E,dt\<Turnstile>i\<Colon>-PrimT Integer\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>e.[i]\<Colon>=T"
-\<comment>\<open>well-typed expression lists\<close>
+\<comment> \<open>well-typed expression lists\<close>
- \<comment>\<open>cf. 15.11.???\<close>
+ \<comment> \<open>cf. 15.11.???\<close>
| Nil: "E,dt\<Turnstile>[]\<Colon>\<doteq>[]"
- \<comment>\<open>cf. 15.11.???\<close>
+ \<comment> \<open>cf. 15.11.???\<close>
| Cons: "\<lbrakk>E,dt\<Turnstile>e \<Colon>-T;
E,dt\<Turnstile>es\<Colon>\<doteq>Ts\<rbrakk> \<Longrightarrow>
E,dt\<Turnstile>e#es\<Colon>\<doteq>T#Ts"
@@ -588,13 +585,12 @@
apply auto
done
-\<comment>\<open>In the special syntax to distinguish the typing judgements for expressions,
+\<comment> \<open>In the special syntax to distinguish the typing judgements for expressions,
statements, variables and expression lists the kind of term corresponds
to the kind of type in the end e.g. An statement (injection @{term In3}
into terms, always has type void (injection @{term Inl} into the generalised
types. The following simplification procedures establish these kinds of
- correlation.
-\<close>
+ correlation.\<close>
lemma wt_expr_eq: "E,dt\<Turnstile>In1l t\<Colon>U = (\<exists>T. U=Inl T \<and> E,dt\<Turnstile>t\<Colon>-T)"
by (auto, frule wt_Inj_elim, auto)
--- a/src/HOL/Binomial.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Binomial.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1194,7 +1194,7 @@
qed
lemma card_length_sum_list: "card {l::nat list. size l = m \<and> sum_list l = N} = (N + m - 1) choose N"
- \<comment> "by Holden Lee, tidied by Tobias Nipkow"
+ \<comment> \<open>by Holden Lee, tidied by Tobias Nipkow\<close>
proof (cases m)
case 0
then show ?thesis
@@ -1205,7 +1205,7 @@
by (simp add: Suc)
then show ?thesis
proof (induct "N + m - 1" arbitrary: N m)
- case 0 \<comment> "In the base case, the only solution is [0]."
+ case 0 \<comment> \<open>In the base case, the only solution is [0].\<close>
have [simp]: "{l::nat list. length l = Suc 0 \<and> (\<forall>n\<in>set l. n = 0)} = {[0]}"
by (auto simp: length_Suc_conv)
have "m = 1 \<and> N = 0"
--- a/src/HOL/Cardinals/Wellorder_Extension.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Cardinals/Wellorder_Extension.thy Tue Jan 16 09:30:00 2018 +0100
@@ -160,7 +160,7 @@
\<open>Refl m\<close> and \<open>x \<notin> Field m\<close>
by (auto simp: I_def init_seg_of_def refl_on_def)
ultimately
- \<comment>\<open>This contradicts maximality of m:\<close>
+ \<comment> \<open>This contradicts maximality of m:\<close>
show False using max and \<open>x \<notin> Field m\<close> unfolding Field_def by blast
qed
have "p \<subseteq> m"
--- a/src/HOL/Computational_Algebra/Euclidean_Algorithm.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Computational_Algebra/Euclidean_Algorithm.thy Tue Jan 16 09:30:00 2018 +0100
@@ -69,8 +69,7 @@
qualified definition lcm :: "'a \<Rightarrow> 'a \<Rightarrow> 'a"
where "lcm a b = normalize (a * b) div gcd a b"
-qualified definition Lcm :: "'a set \<Rightarrow> 'a" \<comment>
- \<open>Somewhat complicated definition of Lcm that has the advantage of working
+qualified definition Lcm :: "'a set \<Rightarrow> 'a" \<comment> \<open>Somewhat complicated definition of Lcm that has the advantage of working
for infinite sets as well\<close>
where
[code del]: "Lcm A = (if \<exists>l. l \<noteq> 0 \<and> (\<forall>a\<in>A. a dvd l) then
--- a/src/HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy Tue Jan 16 09:30:00 2018 +0100
@@ -31,7 +31,7 @@
shows "x > 1 \<Longrightarrow> x \<le> 2 ^ 20 * log 2 x + 1 \<and> (sin x)\<^sup>2 + (cos x)\<^sup>2 = 1"
using [[quickcheck_approximation_custom_seed = 1]]
using [[quickcheck_approximation_epsilon = 0.00000001]]
- \<comment>\<open>avoids spurious counterexamples in approximate computation of @{term "(sin x)\<^sup>2 + (cos x)\<^sup>2"}
+ \<comment> \<open>avoids spurious counterexamples in approximate computation of @{term "(sin x)\<^sup>2 + (cos x)\<^sup>2"}
and therefore avoids expensive failing attempts for certification\<close>
quickcheck[approximation, expect=counterexample, size=20]
oops
--- a/src/HOL/Deriv.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Deriv.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1216,14 +1216,14 @@
then show ?thesis
proof cases
case 1
- \<comment>\<open>@{term f} attains its maximum within the interval\<close>
+ \<comment> \<open>@{term f} attains its maximum within the interval\<close>
obtain d where d: "0 < d" and bound: "\<forall>y. \<bar>x - y\<bar> < d \<longrightarrow> a \<le> y \<and> y \<le> b"
using lemma_interval [OF 1] by blast
then have bound': "\<forall>y. \<bar>x - y\<bar> < d \<longrightarrow> f y \<le> f x"
using x_max by blast
obtain l where der: "DERIV f x :> l"
using differentiableD [OF dif [OF conjI [OF 1]]] ..
- \<comment>\<open>the derivative at a local maximum is zero\<close>
+ \<comment> \<open>the derivative at a local maximum is zero\<close>
have "l = 0"
by (rule DERIV_local_max [OF der d bound'])
with 1 der show ?thesis by auto
--- a/src/HOL/Finite_Set.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Finite_Set.thy Tue Jan 16 09:30:00 2018 +0100
@@ -67,7 +67,7 @@
subsubsection \<open>Choice principles\<close>
-lemma ex_new_if_finite: \<comment> "does not depend on def of finite at all"
+lemma ex_new_if_finite: \<comment> \<open>does not depend on def of finite at all\<close>
assumes "\<not> finite (UNIV :: 'a set)" and "finite A"
shows "\<exists>a::'a. a \<notin> A"
proof -
--- a/src/HOL/Fun_Def.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Fun_Def.thy Tue Jan 16 09:30:00 2018 +0100
@@ -295,7 +295,7 @@
ML_file "Tools/Function/scnp_reconstruct.ML"
ML_file "Tools/Function/fun_cases.ML"
-ML_val \<comment> "setup inactive"
+ML_val \<comment> \<open>setup inactive\<close>
\<open>
Context.theory_map (Function_Common.set_termination_prover
(K (ScnpReconstruct.decomp_scnp_tac [ScnpSolve.MAX, ScnpSolve.MIN, ScnpSolve.MS])))
--- a/src/HOL/HOL.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/HOL.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1341,8 +1341,7 @@
if_False
if_cancel
if_eq_cancel
- imp_disjL \<comment>
- \<open>In general it seems wrong to add distributive laws by default: they
+ imp_disjL \<comment> \<open>In general it seems wrong to add distributive laws by default: they
might cause exponential blow-up. But \<open>imp_disjL\<close> has been in for a while
and cannot be removed without affecting existing proofs. Moreover,
rewriting by \<open>(P \<or> Q \<longrightarrow> R) = ((P \<longrightarrow> R) \<and> (Q \<longrightarrow> R))\<close> might be justified on the
--- a/src/HOL/HOLCF/Cont.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/HOLCF/Cont.thy Tue Jan 16 09:30:00 2018 +0100
@@ -18,7 +18,7 @@
subsection \<open>Definitions\<close>
-definition monofun :: "('a \<Rightarrow> 'b) \<Rightarrow> bool" \<comment> "monotonicity"
+definition monofun :: "('a \<Rightarrow> 'b) \<Rightarrow> bool" \<comment> \<open>monotonicity\<close>
where "monofun f \<longleftrightarrow> (\<forall>x y. x \<sqsubseteq> y \<longrightarrow> f x \<sqsubseteq> f y)"
definition cont :: "('a::cpo \<Rightarrow> 'b::cpo) \<Rightarrow> bool"
--- a/src/HOL/HOLCF/IMP/HoareEx.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/HOLCF/IMP/HoareEx.thy Tue Jan 16 09:30:00 2018 +0100
@@ -24,7 +24,7 @@
apply (unfold hoare_valid_def)
apply (simp (no_asm))
apply (rule fix_ind)
- apply (simp (no_asm)) \<comment> "simplifier with enhanced \<open>adm\<close>-tactic"
+ apply (simp (no_asm)) \<comment> \<open>simplifier with enhanced \<open>adm\<close>-tactic\<close>
apply (simp (no_asm))
apply (simp (no_asm))
apply blast
--- a/src/HOL/HOLCF/Tutorial/Domain_ex.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/HOLCF/Tutorial/Domain_ex.thy Tue Jan 16 09:30:00 2018 +0100
@@ -57,7 +57,7 @@
\<close>
domain 'a d7 = d7a "'a d7 \<oplus> int lift" | d7b "'a \<otimes> 'a d7" | d7c (lazy "'a d7 \<rightarrow> 'a")
- \<comment> "Indirect recursion detected, skipping proofs of (co)induction rules"
+ \<comment> \<open>Indirect recursion detected, skipping proofs of (co)induction rules\<close>
text \<open>Note that \<open>d7.induct\<close> is absent.\<close>
@@ -94,12 +94,12 @@
domain 'a flattree = Tip | Branch "'a flattree" "'a flattree"
lemma "\<lbrakk>P \<bottom>; P Tip; \<And>x y. \<lbrakk>x \<noteq> \<bottom>; y \<noteq> \<bottom>; P x; P y\<rbrakk> \<Longrightarrow> P (Branch\<cdot>x\<cdot>y)\<rbrakk> \<Longrightarrow> P x"
-by (rule flattree.induct) \<comment> "no admissibility requirement"
+by (rule flattree.induct) \<comment> \<open>no admissibility requirement\<close>
text \<open>Trivial datatypes will produce a warning message.\<close>
domain triv = Triv triv triv
- \<comment> "domain \<open>Domain_ex.triv\<close> is empty!"
+ \<comment> \<open>domain \<open>Domain_ex.triv\<close> is empty!\<close>
lemma "(x::triv) = \<bottom>" by (induct x, simp_all)
--- a/src/HOL/Hoare/Hoare_Logic.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare/Hoare_Logic.thy Tue Jan 16 09:30:00 2018 +0100
@@ -92,7 +92,7 @@
lemma Compl_Collect: "-(Collect b) = {x. ~(b x)}"
by blast
-lemmas AbortRule = SkipRule \<comment> "dummy version"
+lemmas AbortRule = SkipRule \<comment> \<open>dummy version\<close>
ML_file "hoare_tac.ML"
method_setup vcg = \<open>
--- a/src/HOL/Hoare/SchorrWaite.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare/SchorrWaite.thy Tue Jan 16 09:30:00 2018 +0100
@@ -11,7 +11,7 @@
section \<open>Machinery for the Schorr-Waite proof\<close>
definition
- \<comment> "Relations induced by a mapping"
+ \<comment> \<open>Relations induced by a mapping\<close>
rel :: "('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<times> 'a) set"
where "rel m = {(x,y). m x = Ref y}"
@@ -83,7 +83,7 @@
done
definition
- \<comment> "Restriction of a relation"
+ \<comment> \<open>Restriction of a relation\<close>
restr ::"('a \<times> 'a) set \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('a \<times> 'a) set" ("(_/ | _)" [50, 51] 50)
where "restr r m = {(x,y). (x,y) \<in> r \<and> \<not> m x}"
@@ -115,7 +115,7 @@
done
definition
- \<comment> "A short form for the stack mapping function for List"
+ \<comment> \<open>A short form for the stack mapping function for List\<close>
S :: "('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref)"
where "S c l r = (\<lambda>x. if c x then r x else l x)"
@@ -146,7 +146,7 @@
done
primrec
- \<comment>"Recursive definition of what is means for a the graph/stack structure to be reconstructible"
+ \<comment> \<open>Recursive definition of what is means for a the graph/stack structure to be reconstructible\<close>
stkOk :: "('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow>'a list \<Rightarrow> bool"
where
stkOk_nil: "stkOk c l r iL iR t [] = True"
@@ -314,7 +314,7 @@
with i3 have poI3: "R = reachable ?Rb ?B" by (simp add:reachable_def)
moreover
- \<comment> "If it is reachable and not marked, it is still reachable using..."
+ \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4
let "?Rb" = "relS {l, r(p \<rightarrow> t)} | m"
let "?B" = "{p} \<union> set (map (r(p \<rightarrow> t)) stack_tl)"
@@ -331,7 +331,7 @@
by (clarsimp simp:restr_def relS_def)
(fastforce simp add:rel_def Image_iff addrs_def dest:rel_upd1)
qed
- \<comment> "We now bring a term from the right to the left of the subset relation."
+ \<comment> \<open>We now bring a term from the right to the left of the subset relation.\<close>
hence subset: "?Ra\<^sup>* `` addrs ?A - ?Rb\<^sup>* `` addrs ?T \<subseteq> ?Rb\<^sup>* `` addrs ?B"
by blast
have poI4: "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B"
@@ -350,7 +350,7 @@
qed
moreover
- \<comment> "If it is marked, then it is reachable"
+ \<comment> \<open>If it is marked, then it is reachable\<close>
from i5 have poI5: "\<forall>x. m x \<longrightarrow> x \<in> R" .
moreover
@@ -371,11 +371,11 @@
}
moreover
- \<comment> "Proofs of the Swing and Push arm follow."
- \<comment> "Since they are in principle simmilar to the Pop arm proof,"
- \<comment> "we show fewer comments and use frequent pattern matching."
+ \<comment> \<open>Proofs of the Swing and Push arm follow.\<close>
+ \<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close>
+ \<comment> \<open>we show fewer comments and use frequent pattern matching.\<close>
{
- \<comment> "Swing arm"
+ \<comment> \<open>Swing arm\<close>
assume ifB1: "?ifB1" and nifB2: "\<not>?ifB2"
from ifB1 whileB have pNotNull: "p \<noteq> Null" by clarsimp
then obtain addr_p where addr_p_eq: "p = Ref addr_p" by clarsimp
@@ -419,7 +419,7 @@
have swI3: "?swI3" by (simp add:reachable_def)
moreover
- \<comment> "If it is reachable and not marked, it is still reachable using..."
+ \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4
let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B" = ?swI4
let ?T = "{t}"
@@ -449,7 +449,7 @@
qed
moreover
- \<comment> "If it is marked, then it is reachable"
+ \<comment> \<open>If it is marked, then it is reachable\<close>
from i5
have "?swI5" .
moreover
@@ -472,7 +472,7 @@
moreover
{
- \<comment> "Push arm"
+ \<comment> \<open>Push arm\<close>
assume nifB1: "\<not>?ifB1"
from nifB1 whileB have tNotNull: "t \<noteq> Null" by clarsimp
then obtain addr_t where addr_t_eq: "t = Ref addr_t" by clarsimp
@@ -516,7 +516,7 @@
have puI3: "?puI3" by (simp add:reachable_def)
moreover
- \<comment> "If it is reachable and not marked, it is still reachable using..."
+ \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4
let "\<forall>x. x \<in> R \<and> \<not> ?new_m x \<longrightarrow> x \<in> reachable ?Rb ?B" = ?puI4
let ?T = "{t}"
@@ -546,7 +546,7 @@
qed
moreover
- \<comment> "If it is marked, then it is reachable"
+ \<comment> \<open>If it is marked, then it is reachable\<close>
from i5
have "?puI5"
by (auto simp:addrs_def i3 reachable_def addr_t_eq fun_upd_apply intro:self_reachable)
--- a/src/HOL/Hoare_Parallel/Gar_Coll.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/Gar_Coll.thy Tue Jan 16 09:30:00 2018 +0100
@@ -162,7 +162,7 @@
apply force
apply force
apply force
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply(simp add:Proper_Edges_def Proper_Roots_def Graph6 Graph7 Graph8 Graph12)
apply (erule disjE)
@@ -188,10 +188,10 @@
apply(erule subset_psubset_trans)
apply(erule Graph11)
apply fast
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply force
apply force
-\<comment>\<open>last\<close>
+\<comment> \<open>last\<close>
apply clarify
apply simp
apply(subgoal_tac "ind x = length (E x)")
@@ -246,10 +246,10 @@
apply force
apply force
apply force
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply clarify
apply(simp add:BtoW_def Proper_Edges_def)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
apply (erule disjE)
@@ -286,7 +286,7 @@
apply(erule subset_psubset_trans)
apply(erule Graph11)
apply fast
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply clarify
apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
apply (erule disjE)
@@ -303,7 +303,7 @@
apply arith
apply (simp add: BtoW_def)
apply (simp add: BtoW_def)
-\<comment>\<open>last\<close>
+\<comment> \<open>last\<close>
apply clarify
apply simp
apply(subgoal_tac "ind x = length (E x)")
@@ -520,7 +520,7 @@
"interfree_aux (Some Propagate_Black, {}, Some Redirect_Edge)"
apply (unfold modules )
apply interfree_aux
-\<comment>\<open>11 subgoals left\<close>
+\<comment> \<open>11 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(clarify, simp add:abbrev Graph6 Graph12)
@@ -535,7 +535,7 @@
apply (force simp add:BtoW_def)
apply(erule Graph4)
apply simp+
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(erule conjE)+
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
@@ -547,7 +547,7 @@
apply (force simp add:BtoW_def)
apply(erule Graph4)
apply simp+
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(erule conjE)+
apply(rule conjI)
@@ -562,9 +562,9 @@
apply simp+
apply(simp add:BtoW_def nth_list_update)
apply force
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(rule conjI)
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
@@ -588,9 +588,9 @@
apply simp+
apply(force simp add:BtoW_def)
apply(force simp add:BtoW_def)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12)
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
apply clarify
@@ -615,21 +615,21 @@
"interfree_aux (Some Propagate_Black, {}, Some Color_Target)"
apply (unfold modules )
apply interfree_aux
-\<comment>\<open>11 subgoals left\<close>
+\<comment> \<open>11 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)+
apply(erule conjE)+
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
erule allE, erule impE, assumption, erule impE, assumption,
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
apply(erule conjE)+
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
erule allE, erule impE, assumption, erule impE, assumption,
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
apply clarify
apply (rule conjI)
@@ -638,9 +638,9 @@
erule allE, erule impE, assumption, erule impE, assumption,
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
apply(simp add:nth_list_update)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
apply (rule conjI)
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
@@ -651,15 +651,15 @@
apply(simp add:nth_list_update)
apply(rule impI,rule impI, case_tac "M x!T=Black",rotate_tac -1, force simp add: BtoW_def Graph10,
erule subset_psubset_trans, erule Graph11, force)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
erule allE, erule impE, assumption, erule impE, assumption,
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply(simp add:abbrev)
done
@@ -674,9 +674,9 @@
"interfree_aux (Some Count, {}, Some Redirect_Edge)"
apply (unfold modules)
apply interfree_aux
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply(simp_all add:abbrev Graph6 Graph12)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply(clarify, simp add:abbrev Graph6 Graph12,
erule disjE,erule disjI1,rule disjI2,rule subset_trans, erule Graph3,force,force)+
done
@@ -693,17 +693,17 @@
"interfree_aux (Some Count, {}, Some Color_Target)"
apply (unfold modules )
apply interfree_aux
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply(simp_all add:abbrev Graph7 Graph8 Graph12)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply(clarify,simp add:abbrev Graph7 Graph8 Graph12,
erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)+
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
apply(rule conjI)
apply(erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
apply(simp add:nth_list_update)
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12,
erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
done
@@ -769,9 +769,9 @@
apply(simp_all add:collector_mutator_interfree)
apply(unfold modules collector_defs Mut_init_def)
apply(tactic \<open>TRYALL (interfree_aux_tac @{context})\<close>)
-\<comment>\<open>32 subgoals left\<close>
+\<comment> \<open>32 subgoals left\<close>
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
-\<comment>\<open>20 subgoals left\<close>
+\<comment> \<open>20 subgoals left\<close>
apply(tactic\<open>TRYALL (clarify_tac @{context})\<close>)
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
@@ -800,10 +800,10 @@
apply(simp_all add:collector_mutator_interfree)
apply(unfold modules collector_defs Mut_init_def)
apply(tactic \<open>TRYALL (interfree_aux_tac @{context})\<close>)
-\<comment>\<open>64 subgoals left\<close>
+\<comment> \<open>64 subgoals left\<close>
apply(simp_all add:nth_list_update Invariants Append_to_free0)+
apply(tactic\<open>TRYALL (clarify_tac @{context})\<close>)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply force
apply(simp add:Append_to_free2)
apply force
--- a/src/HOL/Hoare_Parallel/Graph.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/Graph.thy Tue Jan 16 09:30:00 2018 +0100
@@ -191,12 +191,12 @@
apply clarify
apply simp
apply(case_tac "\<exists>i<length path - 1. (fst(E!R),T)=(path!(Suc i),path!i)")
-\<comment>\<open>the changed edge is part of the path\<close>
+\<comment> \<open>the changed edge is part of the path\<close>
apply(erule exE)
apply(drule_tac P = "\<lambda>i. i<length path - 1 \<and> (fst(E!R),T)=(path!Suc i,path!i)" in Ex_first_occurrence)
apply clarify
apply(erule disjE)
-\<comment>\<open>T is NOT a root\<close>
+\<comment> \<open>T is NOT a root\<close>
apply clarify
apply(rule_tac x = "(take m path)@patha" in exI)
apply(subgoal_tac "\<not>(length path\<le>m)")
@@ -240,7 +240,7 @@
apply(subgoal_tac "Suc (i - m)=(Suc i - m)" )
prefer 2 apply arith
apply simp
-\<comment>\<open>T is a root\<close>
+\<comment> \<open>T is a root\<close>
apply(case_tac "m=0")
apply force
apply(rule_tac x = "take (Suc m) path" in exI)
@@ -253,7 +253,7 @@
apply(case_tac "R=j")
apply(force simp add: nth_list_update)
apply(force simp add: nth_list_update)
-\<comment>\<open>the changed edge is not part of the path\<close>
+\<comment> \<open>the changed edge is not part of the path\<close>
apply(rule_tac x = "path" in exI)
apply simp
apply clarify
@@ -276,7 +276,7 @@
apply(erule disjE)
prefer 2 apply force
apply clarify
-\<comment>\<open>there exist a black node in the path to T\<close>
+\<comment> \<open>there exist a black node in the path to T\<close>
apply(case_tac "\<exists>m<length path. M!(path!m)=Black")
apply(erule exE)
apply(drule_tac P = "\<lambda>m. m<length path \<and> M!(path!m)=Black" in Ex_first_occurrence)
@@ -318,7 +318,7 @@
apply(erule disjE)
prefer 2 apply force
apply clarify
-\<comment>\<open>there exist a black node in the path to T\<close>
+\<comment> \<open>there exist a black node in the path to T\<close>
apply(case_tac "\<exists>m<length path. M!(path!m)=Black")
apply(erule exE)
apply(drule_tac P = "\<lambda>m. m<length path \<and> M!(path!m)=Black" in Ex_first_occurrence)
--- a/src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy Tue Jan 16 09:30:00 2018 +0100
@@ -249,12 +249,12 @@
apply(unfold Mul_Propagate_Black_def)
apply annhoare
apply(simp_all add:Mul_PBInv_def mul_collector_defs Mul_Auxk_def Graph6 Graph7 Graph8 Graph12 mul_collector_defs Queue_def)
-\<comment>\<open>8 subgoals left\<close>
+\<comment> \<open>8 subgoals left\<close>
apply force
apply force
apply force
apply(force simp add:BtoW_def Graph_defs)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply(simp add: mul_collector_defs Graph12 Graph6 Graph7 Graph8)
apply(disjE_tac)
@@ -269,7 +269,7 @@
apply(force)
apply(force)
apply(rule disjI2, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply clarify
apply(conjI_tac)
apply(disjE_tac)
@@ -278,7 +278,7 @@
apply(erule less_SucE)
apply force
apply (simp add:BtoW_def)
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply clarify
apply simp
apply(disjE_tac)
@@ -342,11 +342,11 @@
apply (unfold Mul_Count_def)
apply annhoare
apply(simp_all add:Mul_CountInv_def mul_collector_defs Mul_Auxk_def Graph6 Graph7 Graph8 Graph12 mul_collector_defs Queue_def)
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply force
apply force
apply force
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply(conjI_tac)
apply(disjE_tac)
@@ -357,7 +357,7 @@
back
apply force
apply force
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply clarify
apply(conjI_tac)
apply(disjE_tac)
@@ -369,9 +369,9 @@
apply simp
apply(rotate_tac -1)
apply (force simp add:Blacks_def)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply force
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply clarify
apply(drule_tac x = "ind x" in le_imp_less_or_eq)
apply (simp_all add:Blacks_def)
@@ -566,7 +566,7 @@
apply (unfold mul_modules)
apply interfree_aux
apply(simp_all add:mul_mutator_defs mul_collector_defs Mul_PBInv_def nth_list_update Graph6)
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -574,7 +574,7 @@
apply(rule conjI)
apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -582,7 +582,7 @@
apply(rule conjI)
apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -606,7 +606,7 @@
apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1, erule le_less_trans)
apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -630,7 +630,7 @@
apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1, erule le_less_trans)
apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -686,7 +686,7 @@
apply (force simp add: nth_list_update)
apply(rule impI, (rule disjI2)+, erule le_trans)
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply clarify
apply(rule conjI)
apply(disjE_tac)
@@ -756,7 +756,7 @@
apply(rule disjI1, erule less_le_trans)
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply force
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply clarify
apply(disjE_tac)
apply(simp_all add:Graph6)
@@ -795,7 +795,7 @@
apply (unfold mul_modules)
apply interfree_aux
apply(simp_all add: mul_collector_defs mul_mutator_defs)
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply clarify
apply (simp add:Graph7 Graph8 Graph12)
apply(disjE_tac)
@@ -805,7 +805,7 @@
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
apply((rule disjI2)+,erule subset_psubset_trans, erule Graph11, simp)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply clarify
apply (simp add:Graph7 Graph8 Graph12)
apply(disjE_tac)
@@ -815,7 +815,7 @@
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
apply((rule disjI2)+,erule subset_psubset_trans, erule Graph11, simp)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply clarify
apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
apply(disjE_tac)
@@ -833,7 +833,7 @@
apply(erule le_trans)
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
apply(rule disjI2,rule disjI1,erule subset_psubset_trans, erule Graph11, simp)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
apply(disjE_tac)
@@ -851,7 +851,7 @@
apply(erule le_trans)
apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
apply(rule disjI2,rule disjI1,erule subset_psubset_trans, erule Graph11, simp)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply clarify
apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
apply(case_tac "M x!(T (Muts x!j))=Black")
@@ -866,7 +866,7 @@
apply(rule conjI)
apply(rule disjI2,rule disjI1, erule subset_psubset_trans,simp add:Graph11)
apply (force simp add:nth_list_update)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply clarify
apply(simp add:Mul_Auxk_def Graph7 Graph8 Graph12)
apply(case_tac "M x!(T (Muts x!j))=Black")
@@ -887,7 +887,7 @@
apply(rule conjI)
apply(rule disjI2,rule disjI1, erule subset_psubset_trans,simp add:Graph11)
apply (force simp add:nth_list_update)
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply clarify
apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
apply(case_tac "M x!(T (Muts x!j))=Black")
@@ -914,7 +914,7 @@
interfree_aux (Some(Mul_Count n ),{},Some(Mul_Redirect_Edge j n))"
apply (unfold mul_modules)
apply interfree_aux
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def Graph6)
apply clarify
apply disjE_tac
@@ -928,9 +928,9 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>8 subgoals left\<close>
+\<comment> \<open>8 subgoals left\<close>
apply(simp add:mul_mutator_defs nth_list_update)
-\<comment>\<open>7 subgoals left\<close>
+\<comment> \<open>7 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs)
apply clarify
apply disjE_tac
@@ -944,7 +944,7 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
apply clarify
apply disjE_tac
@@ -958,7 +958,7 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
apply clarify
apply disjE_tac
@@ -972,7 +972,7 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
apply clarify
apply disjE_tac
@@ -986,9 +986,9 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply(simp add:mul_mutator_defs nth_list_update)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
apply clarify
apply disjE_tac
@@ -1002,7 +1002,7 @@
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(simp add:Graph6)
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply(simp add:mul_mutator_defs nth_list_update)
done
@@ -1019,7 +1019,7 @@
apply (unfold mul_modules)
apply interfree_aux
apply(simp_all add:mul_collector_defs mul_mutator_defs Mul_CountInv_def)
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12)
@@ -1033,7 +1033,7 @@
apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
apply (simp add: Graph7 Graph8 Graph12)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12)
@@ -1047,7 +1047,7 @@
apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
apply (simp add: Graph7 Graph8 Graph12)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12)
@@ -1061,7 +1061,7 @@
apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
apply (simp add: Graph7 Graph8 Graph12)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12)
@@ -1075,7 +1075,7 @@
apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
apply (simp add: Graph7 Graph8 Graph12)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
-\<comment>\<open>2 subgoals left\<close>
+\<comment> \<open>2 subgoals left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12 nth_list_update)
@@ -1093,7 +1093,7 @@
apply(rule conjI)
apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
apply (simp add: nth_list_update)
-\<comment>\<open>1 subgoal left\<close>
+\<comment> \<open>1 subgoal left\<close>
apply clarify
apply disjE_tac
apply (simp add: Graph7 Graph8 Graph12)
@@ -1171,11 +1171,11 @@
apply(simp_all add:mul_collector_mutator_interfree)
apply(unfold mul_modules mul_collector_defs mul_mutator_defs)
apply(tactic \<open>TRYALL (interfree_aux_tac @{context})\<close>)
-\<comment>\<open>42 subgoals left\<close>
+\<comment> \<open>42 subgoals left\<close>
apply (clarify,simp add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)+
-\<comment>\<open>24 subgoals left\<close>
+\<comment> \<open>24 subgoals left\<close>
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
-\<comment>\<open>14 subgoals left\<close>
+\<comment> \<open>14 subgoals left\<close>
apply(tactic \<open>TRYALL (clarify_tac @{context})\<close>)
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
apply(tactic \<open>TRYALL (resolve_tac @{context} [conjI])\<close>)
@@ -1184,57 +1184,57 @@
apply(tactic \<open>TRYALL (eresolve_tac @{context} [conjE])\<close>)
apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
-\<comment>\<open>72 subgoals left\<close>
+\<comment> \<open>72 subgoals left\<close>
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
-\<comment>\<open>35 subgoals left\<close>
+\<comment> \<open>35 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI1],
resolve_tac @{context} [subset_trans],
eresolve_tac @{context} @{thms Graph3},
force_tac @{context},
assume_tac @{context}])\<close>)
-\<comment>\<open>28 subgoals left\<close>
+\<comment> \<open>28 subgoals left\<close>
apply(tactic \<open>TRYALL (eresolve_tac @{context} [conjE])\<close>)
apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
-\<comment>\<open>34 subgoals left\<close>
+\<comment> \<open>34 subgoals left\<close>
apply(rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
apply(case_tac [!] "M x!(T (Muts x ! j))=Black")
apply(simp_all add:Graph10)
-\<comment>\<open>47 subgoals left\<close>
+\<comment> \<open>47 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[REPEAT o resolve_tac @{context} [disjI2],
eresolve_tac @{context} @{thms subset_psubset_trans},
eresolve_tac @{context} @{thms Graph11},
force_tac @{context}])\<close>)
-\<comment>\<open>41 subgoals left\<close>
+\<comment> \<open>41 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
resolve_tac @{context} [disjI1],
eresolve_tac @{context} @{thms le_trans},
force_tac (@{context} addsimps @{thms Queue_def less_Suc_eq_le le_length_filter_update})])\<close>)
-\<comment>\<open>35 subgoals left\<close>
+\<comment> \<open>35 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
resolve_tac @{context} [disjI1],
eresolve_tac @{context} @{thms psubset_subset_trans},
resolve_tac @{context} @{thms Graph9},
force_tac @{context}])\<close>)
-\<comment>\<open>31 subgoals left\<close>
+\<comment> \<open>31 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
resolve_tac @{context} [disjI1],
eresolve_tac @{context} @{thms subset_psubset_trans},
eresolve_tac @{context} @{thms Graph11},
force_tac @{context}])\<close>)
-\<comment>\<open>29 subgoals left\<close>
+\<comment> \<open>29 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[REPEAT o resolve_tac @{context} [disjI2],
eresolve_tac @{context} @{thms subset_psubset_trans},
eresolve_tac @{context} @{thms subset_psubset_trans},
eresolve_tac @{context} @{thms Graph11},
force_tac @{context}])\<close>)
-\<comment>\<open>25 subgoals left\<close>
+\<comment> \<open>25 subgoals left\<close>
apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
resolve_tac @{context} [disjI2],
resolve_tac @{context} [disjI1],
eresolve_tac @{context} @{thms le_trans},
force_tac (@{context} addsimps @{thms Queue_def less_Suc_eq_le le_length_filter_update})])\<close>)
-\<comment>\<open>10 subgoals left\<close>
+\<comment> \<open>10 subgoals left\<close>
apply(rule disjI2,rule disjI2,rule conjI,erule less_le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update, rule disjI1, rule less_imp_le, erule less_le_trans, force simp add:Queue_def less_Suc_eq_le le_length_filter_update)+
done
@@ -1247,9 +1247,9 @@
apply(simp_all add:mul_collector_mutator_interfree)
apply(unfold mul_modules mul_collector_defs mul_mutator_defs)
apply(tactic \<open>TRYALL (interfree_aux_tac @{context})\<close>)
-\<comment>\<open>76 subgoals left\<close>
+\<comment> \<open>76 subgoals left\<close>
apply (clarsimp simp add: nth_list_update)+
-\<comment>\<open>56 subgoals left\<close>
+\<comment> \<open>56 subgoals left\<close>
apply (clarsimp simp add: Mul_AppendInv_def Append_to_free0 nth_list_update)+
done
@@ -1269,7 +1269,7 @@
COEND
\<lbrace>False\<rbrace>"
apply oghoare
-\<comment>\<open>Strengthening the precondition\<close>
+\<comment> \<open>Strengthening the precondition\<close>
apply(rule Int_greatest)
apply (case_tac n)
apply(force simp add: Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
@@ -1279,15 +1279,15 @@
apply(case_tac i)
apply(simp add:Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
apply(simp add: Mul_Mutator_def mul_mutator_defs mul_collector_defs nth_append nth_map_upt)
-\<comment>\<open>Collector\<close>
+\<comment> \<open>Collector\<close>
apply(rule Mul_Collector)
-\<comment>\<open>Mutator\<close>
+\<comment> \<open>Mutator\<close>
apply(erule Mul_Mutator)
-\<comment>\<open>Interference freedom\<close>
+\<comment> \<open>Interference freedom\<close>
apply(simp add:Mul_interfree_Collector_Mutator)
apply(simp add:Mul_interfree_Mutator_Collector)
apply(simp add:Mul_interfree_Mutator_Mutator)
-\<comment>\<open>Weakening of the postcondition\<close>
+\<comment> \<open>Weakening of the postcondition\<close>
apply(case_tac n)
apply(simp add:Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
apply(simp add:Mul_Mutator_def mul_mutator_defs mul_collector_defs nth_append)
--- a/src/HOL/Hoare_Parallel/OG_Examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/OG_Examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -41,7 +41,7 @@
COEND
\<lbrace>\<acute>pr1=0 \<and> \<not>\<acute>in1 \<and> \<acute>pr2=0 \<and> \<not>\<acute>in2\<rbrace>"
apply oghoare
-\<comment>\<open>104 verification conditions.\<close>
+\<comment> \<open>104 verification conditions.\<close>
apply auto
done
@@ -89,7 +89,7 @@
COEND
\<lbrace>False\<rbrace>"
apply oghoare
-\<comment>\<open>122 vc\<close>
+\<comment> \<open>122 vc\<close>
apply auto
done
@@ -116,7 +116,7 @@
COEND
\<lbrace>False\<rbrace>"
apply oghoare
-\<comment>\<open>38 vc\<close>
+\<comment> \<open>38 vc\<close>
apply auto
done
@@ -135,7 +135,7 @@
COEND
\<lbrace>False\<rbrace>"
apply oghoare
-\<comment>\<open>20 vc\<close>
+\<comment> \<open>20 vc\<close>
apply auto
done
@@ -167,40 +167,40 @@
COEND
\<lbrace>False\<rbrace>"
apply oghoare
-\<comment>\<open>35 vc\<close>
+\<comment> \<open>35 vc\<close>
apply simp_all
-\<comment>\<open>16 vc\<close>
+\<comment> \<open>16 vc\<close>
apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
-\<comment>\<open>11 vc\<close>
+\<comment> \<open>11 vc\<close>
apply simp_all
apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
-\<comment>\<open>10 subgoals left\<close>
+\<comment> \<open>10 subgoals left\<close>
apply(erule less_SucE)
apply simp
apply simp
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply(case_tac "i=k")
apply force
apply simp
apply(case_tac "i=l")
apply force
apply force
-\<comment>\<open>8 subgoals left\<close>
+\<comment> \<open>8 subgoals left\<close>
prefer 8
apply force
apply force
-\<comment>\<open>6 subgoals left\<close>
+\<comment> \<open>6 subgoals left\<close>
prefer 6
apply(erule_tac x=j in allE)
apply fastforce
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
prefer 5
apply(case_tac [!] "j=k")
-\<comment>\<open>10 subgoals left\<close>
+\<comment> \<open>10 subgoals left\<close>
apply simp_all
apply(erule_tac x=k in allE)
apply force
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply(case_tac "j=l")
apply simp
apply(erule_tac x=k in allE)
@@ -211,7 +211,7 @@
apply(erule_tac x=k in allE)
apply(erule_tac x=l in allE)
apply force
-\<comment>\<open>8 subgoals left\<close>
+\<comment> \<open>8 subgoals left\<close>
apply force
apply(case_tac "j=l")
apply simp
@@ -220,21 +220,21 @@
apply force
apply force
apply force
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply(erule_tac x=k in allE)
apply(erule_tac x=l in allE)
apply(case_tac "j=l")
apply force
apply force
apply force
-\<comment>\<open>3 subgoals left\<close>
+\<comment> \<open>3 subgoals left\<close>
apply(erule_tac x=k in allE)
apply(erule_tac x=l in allE)
apply(case_tac "j=l")
apply force
apply force
apply force
-\<comment>\<open>1 subgoals left\<close>
+\<comment> \<open>1 subgoals left\<close>
apply(erule_tac x=k in allE)
apply(erule_tac x=l in allE)
apply(case_tac "j=l")
@@ -294,9 +294,9 @@
COEND
\<lbrace>f(\<acute>x)=0 \<or> f(\<acute>y)=0\<rbrace>"
apply oghoare
-\<comment>\<open>98 verification conditions\<close>
+\<comment> \<open>98 verification conditions\<close>
apply auto
-\<comment>\<open>auto takes about 3 minutes !!\<close>
+\<comment> \<open>auto takes about 3 minutes !!\<close>
done
text \<open>Easier Version: without AWAIT. Apt and Olderog. page 256:\<close>
@@ -327,9 +327,9 @@
COEND
\<lbrace>f(\<acute>x)=0 \<or> f(\<acute>y)=0\<rbrace>"
apply oghoare
-\<comment>\<open>20 vc\<close>
+\<comment> \<open>20 vc\<close>
apply auto
-\<comment>\<open>auto takes aprox. 2 minutes.\<close>
+\<comment> \<open>auto takes aprox. 2 minutes.\<close>
done
subsection \<open>Producer/Consumer\<close>
@@ -429,19 +429,19 @@
COEND
\<lbrace> \<forall>k<length a. (a ! k)=(\<acute>b ! k)\<rbrace>"
apply oghoare
-\<comment>\<open>138 vc\<close>
+\<comment> \<open>138 vc\<close>
apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
-\<comment>\<open>112 subgoals left\<close>
+\<comment> \<open>112 subgoals left\<close>
apply(simp_all (no_asm))
-\<comment>\<open>43 subgoals left\<close>
+\<comment> \<open>43 subgoals left\<close>
apply(tactic \<open>ALLGOALS (conjI_Tac @{context} (K all_tac))\<close>)
-\<comment>\<open>419 subgoals left\<close>
+\<comment> \<open>419 subgoals left\<close>
apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
-\<comment>\<open>99 subgoals left\<close>
+\<comment> \<open>99 subgoals left\<close>
apply(simp_all only:length_0_conv [THEN sym])
-\<comment>\<open>20 subgoals left\<close>
+\<comment> \<open>20 subgoals left\<close>
apply (simp_all del:length_0_conv length_greater_0_conv add: nth_list_update mod_lemma)
-\<comment>\<open>9 subgoals left\<close>
+\<comment> \<open>9 subgoals left\<close>
apply (force simp add:less_Suc_eq)
apply(hypsubst_thin, drule sym)
apply (force simp add:less_Suc_eq)+
--- a/src/HOL/Hoare_Parallel/OG_Hoare.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/OG_Hoare.thy Tue Jan 16 09:30:00 2018 +0100
@@ -120,19 +120,19 @@
apply (unfold com_validity_def)
apply(rule oghoare_induct)
apply simp_all
-\<comment>\<open>Basic\<close>
+\<comment> \<open>Basic\<close>
apply(simp add: SEM_def sem_def)
apply(fast dest: rtrancl_imp_UN_relpow Basic_ntran)
-\<comment>\<open>Seq\<close>
+\<comment> \<open>Seq\<close>
apply(rule impI)
apply(rule subset_trans)
prefer 2 apply simp
apply(simp add: L3_5ii L3_5i)
-\<comment>\<open>Cond\<close>
+\<comment> \<open>Cond\<close>
apply(simp add: L3_5iv)
-\<comment>\<open>While\<close>
+\<comment> \<open>While\<close>
apply (force simp add: L3_5v dest: SEM_fwhile)
-\<comment>\<open>Conseq\<close>
+\<comment> \<open>Conseq\<close>
apply(force simp add: SEM_def sem_def)
done
@@ -175,11 +175,11 @@
(\<forall>q. \<turnstile> c q \<longrightarrow> (if co' = None then t\<in>q else t \<in> pre(the co') \<and> \<turnstile> (the co') q )))"
apply(rule ann_transition_transition.induct [THEN conjunct1])
apply simp_all
-\<comment>\<open>Basic\<close>
+\<comment> \<open>Basic\<close>
apply clarify
apply(frule ann_hoare_case_analysis)
apply force
-\<comment>\<open>Seq\<close>
+\<comment> \<open>Seq\<close>
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply(fast intro: AnnConseq)
@@ -190,21 +190,21 @@
apply force
apply(rule AnnSeq,simp)
apply(fast intro: AnnConseq)
-\<comment>\<open>Cond1\<close>
+\<comment> \<open>Cond1\<close>
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply(fast intro: AnnConseq)
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply(fast intro: AnnConseq)
-\<comment>\<open>Cond2\<close>
+\<comment> \<open>Cond2\<close>
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply(fast intro: AnnConseq)
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply(fast intro: AnnConseq)
-\<comment>\<open>While\<close>
+\<comment> \<open>While\<close>
apply clarify
apply(frule ann_hoare_case_analysis,simp)
apply force
@@ -215,7 +215,7 @@
apply simp
apply(rule AnnWhile)
apply simp_all
-\<comment>\<open>Await\<close>
+\<comment> \<open>Await\<close>
apply(frule ann_hoare_case_analysis,simp)
apply clarify
apply(drule atom_hoare_sound)
@@ -349,7 +349,7 @@
prefer 11
apply(rule TrueI)
apply simp_all
-\<comment>\<open>Basic\<close>
+\<comment> \<open>Basic\<close>
apply(erule_tac x = "i" in all_dupE, erule (1) notE impE)
apply(erule_tac x = "j" in allE , erule (1) notE impE)
apply(simp add: interfree_def)
@@ -366,12 +366,12 @@
apply(force intro: converse_rtrancl_into_rtrancl
simp add: com_validity_def SEM_def sem_def All_None_def)
apply(simp add:assertions_lemma)
-\<comment>\<open>Seqs\<close>
+\<comment> \<open>Seqs\<close>
apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
apply(drule Parallel_Strong_Soundness_Seq,simp+)
apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
apply(drule Parallel_Strong_Soundness_Seq,simp+)
-\<comment>\<open>Await\<close>
+\<comment> \<open>Await\<close>
apply(rule_tac x = "i" in allE , assumption , erule (1) notE impE)
apply(erule_tac x = "j" in allE , erule (1) notE impE)
apply(simp add: interfree_def)
@@ -398,9 +398,9 @@
else t\<in>pre(the(com(Rs ! j))) \<and> \<turnstile> the(com(Rs ! j)) post(Ts ! j))) \<and> interfree Rs"
apply(erule rtrancl_induct2)
apply clarify
-\<comment>\<open>Base\<close>
+\<comment> \<open>Base\<close>
apply force
-\<comment>\<open>Induction step\<close>
+\<comment> \<open>Induction step\<close>
apply clarify
apply(drule Parallel_length_post_PStar)
apply clarify
@@ -432,7 +432,7 @@
apply (unfold com_validity_def)
apply(rule oghoare_induct)
apply(rule TrueI)+
-\<comment>\<open>Parallel\<close>
+\<comment> \<open>Parallel\<close>
apply(simp add: SEM_def sem_def)
apply(clarify, rename_tac x y i Ts')
apply(frule Parallel_length_post_PStar)
@@ -446,19 +446,19 @@
apply(drule_tac s = "length Rs" in sym)
apply(erule allE, erule impE, assumption)
apply(force dest: nth_mem simp add: All_None_def)
-\<comment>\<open>Basic\<close>
+\<comment> \<open>Basic\<close>
apply(simp add: SEM_def sem_def)
apply(force dest: rtrancl_imp_UN_relpow Basic_ntran)
-\<comment>\<open>Seq\<close>
+\<comment> \<open>Seq\<close>
apply(rule subset_trans)
prefer 2 apply assumption
apply(simp add: L3_5ii L3_5i)
-\<comment>\<open>Cond\<close>
+\<comment> \<open>Cond\<close>
apply(simp add: L3_5iv)
-\<comment>\<open>While\<close>
+\<comment> \<open>While\<close>
apply(simp add: L3_5v)
apply (blast dest: SEM_fwhile)
-\<comment>\<open>Conseq\<close>
+\<comment> \<open>Conseq\<close>
apply(auto simp add: SEM_def sem_def)
done
--- a/src/HOL/Hoare_Parallel/RG_Examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/RG_Examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -269,7 +269,7 @@
\<lbrace>\<forall>i<n. (\<acute>X i) mod n=i \<and> (\<forall>j<\<acute>X i. j mod n=i \<longrightarrow> \<not>P(B!j)) \<and>
(\<acute>Y i<m \<longrightarrow> P(B!(\<acute>Y i)) \<and> \<acute>Y i\<le> m+i) \<and> (\<exists>j<n. \<acute>Y j \<le> \<acute>X i)\<rbrace>]"
apply(rule Parallel)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply force+
apply clarify
apply simp
--- a/src/HOL/Hoare_Parallel/RG_Hoare.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/RG_Hoare.thy Tue Jan 16 09:30:00 2018 +0100
@@ -458,7 +458,7 @@
apply(subgoal_tac "x\<in> cp (Some(Await b P)) s")
apply(erule_tac i=i in unique_ctran_Await,force,simp_all)
apply(simp add:cp_def)
-\<comment>\<open>here starts the different part.\<close>
+\<comment> \<open>here starts the different part.\<close>
apply(erule ctran.cases,simp_all)
apply(drule Star_imp_cptn)
apply clarify
@@ -740,7 +740,7 @@
apply (simp del:list.map)
apply(simp only:last_lift_not_None)
apply simp
-\<comment>\<open>\<open>\<exists>i<length x. fst (x ! i) = Some Q\<close>\<close>
+\<comment> \<open>\<open>\<exists>i<length x. fst (x ! i) = Some Q\<close>\<close>
apply(erule exE)
apply(drule_tac n=i and P="\<lambda>i. i < length x \<and> fst (x ! i) = Some Q" in Ex_first_occurrence)
apply clarify
@@ -882,13 +882,13 @@
apply(erule cptn_mod.induct)
apply safe
apply (simp_all del:last.simps)
-\<comment>\<open>5 subgoals left\<close>
+\<comment> \<open>5 subgoals left\<close>
apply(simp add:comm_def)
-\<comment>\<open>4 subgoals left\<close>
+\<comment> \<open>4 subgoals left\<close>
apply(rule etran_in_comm)
apply(erule mp)
apply(erule tl_of_assum_in_assum,simp)
-\<comment>\<open>While-None\<close>
+\<comment> \<open>While-None\<close>
apply(ind_cases "((Some (While b P), s), None, t) \<in> ctran" for s t)
apply(simp add:comm_def)
apply(simp add:cptn_iff_cptn_mod [THEN sym])
@@ -913,7 +913,7 @@
apply simp
apply clarify
apply (simp add:last_length)
-\<comment>\<open>WhileOne\<close>
+\<comment> \<open>WhileOne\<close>
apply(thin_tac "P = While b P \<longrightarrow> Q" for Q)
apply(rule ctran_in_comm,simp)
apply(simp add:Cons_lift del:list.map)
@@ -949,23 +949,23 @@
apply(case_tac "fst(xs!i)")
apply force
apply force
-\<comment>\<open>last=None\<close>
+\<comment> \<open>last=None\<close>
apply clarify
apply(subgoal_tac "(map (lift (While b P)) ((Some P, sa) # xs))\<noteq>[]")
apply(drule last_conv_nth)
apply (simp del:list.map)
apply(simp only:last_lift_not_None)
apply simp
-\<comment>\<open>WhileMore\<close>
+\<comment> \<open>WhileMore\<close>
apply(thin_tac "P = While b P \<longrightarrow> Q" for Q)
apply(rule ctran_in_comm,simp del:last.simps)
-\<comment>\<open>metiendo la hipotesis antes de dividir la conclusion.\<close>
+\<comment> \<open>metiendo la hipotesis antes de dividir la conclusion.\<close>
apply(subgoal_tac "(Some (While b P), snd (last ((Some P, sa) # xs))) # ys \<in> assum (pre, rely)")
apply (simp del:last.simps)
prefer 2
apply(erule assum_after_body)
apply (simp del:last.simps)+
-\<comment>\<open>lo de antes.\<close>
+\<comment> \<open>lo de antes.\<close>
apply(simp add:comm_def del:list.map last.simps)
apply(rule conjI)
apply clarify
@@ -1001,7 +1001,7 @@
apply(case_tac "fst(xs!i)")
apply force
apply force
-\<comment>\<open>\<open>i \<ge> length xs\<close>\<close>
+\<comment> \<open>\<open>i \<ge> length xs\<close>\<close>
apply(subgoal_tac "i-length xs <length ys")
prefer 2
apply arith
@@ -1012,7 +1012,7 @@
apply(erule mp)
apply(case_tac "last((Some P, sa) # xs)")
apply(simp add:lift_def del:last.simps)
-\<comment>\<open>\<open>i>length xs\<close>\<close>
+\<comment> \<open>\<open>i>length xs\<close>\<close>
apply(case_tac "i-length xs")
apply arith
apply(simp add:nth_append del:list.map last.simps)
@@ -1021,7 +1021,7 @@
prefer 2
apply arith
apply simp
-\<comment>\<open>last=None\<close>
+\<comment> \<open>last=None\<close>
apply clarify
apply(case_tac ys)
apply(simp add:Cons_lift del:list.map last.simps)
@@ -1107,16 +1107,16 @@
\<longrightarrow> (snd(clist!i!j), snd(clist!i!Suc j)) \<in> Guar(xs!i)"
apply(unfold par_cp_def)
apply (rule ccontr)
-\<comment>\<open>By contradiction:\<close>
+\<comment> \<open>By contradiction:\<close>
apply simp
apply(erule exE)
-\<comment>\<open>the first c-tran that does not satisfy the guarantee-condition is from \<open>\<sigma>_i\<close> at step \<open>m\<close>.\<close>
+\<comment> \<open>the first c-tran that does not satisfy the guarantee-condition is from \<open>\<sigma>_i\<close> at step \<open>m\<close>.\<close>
apply(drule_tac n=j and P="\<lambda>j. \<exists>i. H i j" for H in Ex_first_occurrence)
apply(erule exE)
apply clarify
-\<comment>\<open>\<open>\<sigma>_i \<in> A(pre, rely_1)\<close>\<close>
+\<comment> \<open>\<open>\<sigma>_i \<in> A(pre, rely_1)\<close>\<close>
apply(subgoal_tac "take (Suc (Suc m)) (clist!i) \<in> assum(Pre(xs!i), Rely(xs!i))")
-\<comment>\<open>but this contradicts \<open>\<Turnstile> \<sigma>_i sat [pre_i,rely_i,guar_i,post_i]\<close>\<close>
+\<comment> \<open>but this contradicts \<open>\<Turnstile> \<sigma>_i sat [pre_i,rely_i,guar_i,post_i]\<close>\<close>
apply(erule_tac x=i and P="\<lambda>i. H i \<longrightarrow> \<Turnstile> (J i) sat [I i,K i,M i,N i]" for H J I K M N in allE,erule impE,assumption)
apply(simp add:com_validity_def)
apply(erule_tac x=s in allE)
@@ -1142,9 +1142,9 @@
apply(simp add:conjoin_def compat_label_def)
apply clarify
apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (P j) \<or> Q j" for H P Q in allE,simp)
-\<comment>\<open>each etran in \<open>\<sigma>_1[0\<dots>m]\<close> corresponds to\<close>
+\<comment> \<open>each etran in \<open>\<sigma>_1[0\<dots>m]\<close> corresponds to\<close>
apply(erule disjE)
-\<comment>\<open>a c-tran in some \<open>\<sigma>_{ib}\<close>\<close>
+\<comment> \<open>a c-tran in some \<open>\<sigma>_{ib}\<close>\<close>
apply clarify
apply(case_tac "i=ib",simp)
apply(erule etranE,simp)
@@ -1160,7 +1160,7 @@
apply(simp add:same_state_def)
apply(erule_tac x=i and P="\<lambda>j. (T j) \<longrightarrow> (\<forall>i. (H j i) \<longrightarrow> (snd (d j i))=(snd (e j i)))" for T H d e in all_dupE)
apply(erule_tac x=ib and P="\<lambda>j. (T j) \<longrightarrow> (\<forall>i. (H j i) \<longrightarrow> (snd (d j i))=(snd (e j i)))" for T H d e in allE,simp)
-\<comment>\<open>or an e-tran in \<open>\<sigma>\<close>,
+\<comment> \<open>or an e-tran in \<open>\<sigma>\<close>,
therefore it satisfies \<open>rely \<or> guar_{ib}\<close>\<close>
apply (force simp add:par_assum_def same_state_def)
done
--- a/src/HOL/Hoare_Parallel/RG_Tran.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Hoare_Parallel/RG_Tran.thy Tue Jan 16 09:30:00 2018 +0100
@@ -178,20 +178,20 @@
\<longrightarrow> (Some a, s) # (Q, t) # xs \<in> cptn_mod"
apply(induct a)
apply simp_all
-\<comment>\<open>basic\<close>
+\<comment> \<open>basic\<close>
apply clarify
apply(erule ctran.cases,simp_all)
apply(rule CptnModNone,rule Basic,simp)
apply clarify
apply(erule ctran.cases,simp_all)
-\<comment>\<open>Seq1\<close>
+\<comment> \<open>Seq1\<close>
apply(rule_tac xs="[(None,ta)]" in CptnModSeq2)
apply(erule CptnModNone)
apply(rule CptnModOne)
apply simp
apply simp
apply(simp add:lift_def)
-\<comment>\<open>Seq2\<close>
+\<comment> \<open>Seq2\<close>
apply(erule_tac x=sa in allE)
apply(erule_tac x="Some P2" in allE)
apply(erule allE,erule impE, assumption)
@@ -208,12 +208,12 @@
apply (simp add:last_length)
apply (simp add:last_length)
apply(simp add:lift_def)
-\<comment>\<open>Cond\<close>
+\<comment> \<open>Cond\<close>
apply clarify
apply(erule ctran.cases,simp_all)
apply(force elim: CptnModCondT)
apply(force elim: CptnModCondF)
-\<comment>\<open>While\<close>
+\<comment> \<open>While\<close>
apply clarify
apply(erule ctran.cases,simp_all)
apply(rule CptnModNone,erule WhileF,simp)
@@ -223,7 +223,7 @@
apply(force elim:CptnModWhile1)
apply clarify
apply(force simp add:last_length elim:CptnModWhile2)
-\<comment>\<open>await\<close>
+\<comment> \<open>await\<close>
apply clarify
apply(erule ctran.cases,simp_all)
apply(rule CptnModNone,erule Await,simp+)
@@ -295,7 +295,7 @@
apply(erule CondT,simp)
apply(rule CptnComp)
apply(erule CondF,simp)
-\<comment>\<open>Seq1\<close>
+\<comment> \<open>Seq1\<close>
apply(erule cptn.cases,simp_all)
apply(rule CptnOne)
apply clarify
@@ -315,7 +315,7 @@
apply(rule Seq2,simp)
apply(drule_tac P=P1 in lift_is_cptn)
apply(simp add:lift_def)
-\<comment>\<open>Seq2\<close>
+\<comment> \<open>Seq2\<close>
apply(rule cptn_append_is_cptn)
apply(drule_tac P=P1 in lift_is_cptn)
apply(simp add:lift_def)
@@ -325,12 +325,12 @@
apply(rule last_fst_esp)
apply (simp add:last_length)
apply(simp add:Cons_lift lift_def split_def last_conv_nth)
-\<comment>\<open>While1\<close>
+\<comment> \<open>While1\<close>
apply(rule CptnComp)
apply(rule WhileT,simp)
apply(drule_tac P="While b P" in lift_is_cptn)
apply(simp add:lift_def)
-\<comment>\<open>While2\<close>
+\<comment> \<open>While2\<close>
apply(rule CptnComp)
apply(rule WhileT,simp)
apply(rule cptn_append_is_cptn)
@@ -496,7 +496,7 @@
apply clarify
apply(erule_tac x="0" and P="\<lambda>j. H j \<longrightarrow> (P j \<or> Q j)" for H P Q in all_dupE, simp)
apply(erule disjE)
-\<comment>\<open>first step is a Component step\<close>
+\<comment> \<open>first step is a Component step\<close>
apply clarify
apply simp
apply(subgoal_tac "a=(xs[i:=(fst(clist!i!0))])")
@@ -516,7 +516,7 @@
apply(erule etranE,simp)
apply(rule ParCptnComp)
apply(erule ParComp,simp)
-\<comment>\<open>applying the induction hypothesis\<close>
+\<comment> \<open>applying the induction hypothesis\<close>
apply(erule_tac x="xs[i := fst (clist ! i ! 0)]" in allE)
apply(erule_tac x="snd (clist ! i ! 0)" in allE)
apply(erule mp)
@@ -630,7 +630,7 @@
apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (length (s j) = t)" for H s t in allE,force)
apply force
apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (length (s j) = t)" for H s t in allE,force)
-\<comment>\<open>first step is an environmental step\<close>
+\<comment> \<open>first step is an environmental step\<close>
apply clarify
apply(erule par_etran.cases)
apply simp
--- a/src/HOL/IMP/Abs_Int0.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_Int0.thy Tue Jan 16 09:30:00 2018 +0100
@@ -232,7 +232,7 @@
proof(simp add: CS_def AI_def)
assume 1: "pfp (step' \<top>) (bot c) = Some C"
have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
- have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment>"transfer the pfp'"
+ have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment> \<open>transfer the pfp'\<close>
proof(rule order_trans)
show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
--- a/src/HOL/IMP/Abs_Int1.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_Int1.thy Tue Jan 16 09:30:00 2018 +0100
@@ -59,7 +59,7 @@
proof(simp add: CS_def AI_def)
assume 1: "pfp (step' \<top>) (bot c) = Some C"
have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
- have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment>"transfer the pfp'"
+ have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment> \<open>transfer the pfp'\<close>
proof(rule order_trans)
show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
--- a/src/HOL/IMP/Abs_Int2.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_Int2.thy Tue Jan 16 09:30:00 2018 +0100
@@ -170,7 +170,7 @@
proof(simp add: CS_def AI_def)
assume 1: "pfp (step' \<top>) (bot c) = Some C"
have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
- have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment>"transfer the pfp'"
+ have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C" \<comment> \<open>transfer the pfp'\<close>
proof(rule order_trans)
show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
--- a/src/HOL/IMP/Abs_Int3.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_Int3.thy Tue Jan 16 09:30:00 2018 +0100
@@ -552,7 +552,7 @@
case 3 thus ?case by(rule m_ivl_widen)
next
case 4 from 4(2) show ?case by(rule n_ivl_narrow)
- \<comment> "note that the first assms is unnecessary for intervals"
+ \<comment> \<open>note that the first assms is unnecessary for intervals\<close>
qed
lemma iter_winden_step_ivl_termination:
--- a/src/HOL/IMP/Abs_Int_init.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_Int_init.thy Tue Jan 16 09:30:00 2018 +0100
@@ -4,6 +4,6 @@
Vars Collecting Abs_Int_Tests
begin
-hide_const (open) top bot dom \<comment>"to avoid qualified names"
+hide_const (open) top bot dom \<comment> \<open>to avoid qualified names\<close>
end
--- a/src/HOL/IMP/Abs_State.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Abs_State.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,15 +10,15 @@
"fun_rep [] = (\<lambda>x. \<top>)" |
"fun_rep ((x,a)#ps) = (fun_rep ps) (x := a)"
-lemma fun_rep_map_of[code]: \<comment>"original def is too slow"
+lemma fun_rep_map_of[code]: \<comment> \<open>original def is too slow\<close>
"fun_rep ps = (%x. case map_of ps x of None \<Rightarrow> \<top> | Some a \<Rightarrow> a)"
by(induction ps rule: fun_rep.induct) auto
definition eq_st :: "('a::top) st_rep \<Rightarrow> 'a st_rep \<Rightarrow> bool" where
"eq_st S1 S2 = (fun_rep S1 = fun_rep S2)"
-hide_type st \<comment>"hide previous def to avoid long names"
-declare [[typedef_overloaded]] \<comment>"allow quotient types to depend on classes"
+hide_type st \<comment> \<open>hide previous def to avoid long names\<close>
+declare [[typedef_overloaded]] \<comment> \<open>allow quotient types to depend on classes\<close>
quotient_type 'a st = "('a::top) st_rep" / eq_st
morphisms rep_st St
--- a/src/HOL/IMP/Big_Step.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Big_Step.thy Tue Jan 16 09:30:00 2018 +0100
@@ -120,7 +120,7 @@
shows "t = s"
proof-
from assms show ?thesis
- proof cases \<comment>"inverting assms"
+ proof cases \<comment> \<open>inverting assms\<close>
case IfTrue thm IfTrue
thus ?thesis by blast
next
@@ -147,7 +147,7 @@
with c1
show "(c1;; (c2;; c3), s) \<Rightarrow> s'" by (rule Seq)
next
- \<comment> "The other direction is analogous"
+ \<comment> \<open>The other direction is analogous\<close>
assume "(c1;; (c2;; c3), s) \<Rightarrow> s'"
thus "(c1;; c2;; c3, s) \<Rightarrow> s'" by auto
qed
@@ -176,40 +176,40 @@
lemma unfold_while:
"(WHILE b DO c) \<sim> (IF b THEN c;; WHILE b DO c ELSE SKIP)" (is "?w \<sim> ?iw")
proof -
- \<comment> "to show the equivalence, we look at the derivation tree for"
- \<comment> "each side and from that construct a derivation tree for the other side"
+ \<comment> \<open>to show the equivalence, we look at the derivation tree for\<close>
+ \<comment> \<open>each side and from that construct a derivation tree for the other side\<close>
have "(?iw, s) \<Rightarrow> t" if assm: "(?w, s) \<Rightarrow> t" for s t
proof -
from assm show ?thesis
- proof cases \<comment>"rule inversion on \<open>(?w, s) \<Rightarrow> t\<close>"
+ proof cases \<comment> \<open>rule inversion on \<open>(?w, s) \<Rightarrow> t\<close>\<close>
case WhileFalse
thus ?thesis by blast
next
case WhileTrue
from \<open>bval b s\<close> \<open>(?w, s) \<Rightarrow> t\<close> obtain s' where
"(c, s) \<Rightarrow> s'" and "(?w, s') \<Rightarrow> t" by auto
- \<comment> "now we can build a derivation tree for the @{text IF}"
- \<comment> "first, the body of the True-branch:"
+ \<comment> \<open>now we can build a derivation tree for the @{text IF}\<close>
+ \<comment> \<open>first, the body of the True-branch:\<close>
hence "(c;; ?w, s) \<Rightarrow> t" by (rule Seq)
- \<comment> "then the whole @{text IF}"
+ \<comment> \<open>then the whole @{text IF}\<close>
with \<open>bval b s\<close> show ?thesis by (rule IfTrue)
qed
qed
moreover
- \<comment> "now the other direction:"
+ \<comment> \<open>now the other direction:\<close>
have "(?w, s) \<Rightarrow> t" if assm: "(?iw, s) \<Rightarrow> t" for s t
proof -
from assm show ?thesis
- proof cases \<comment>"rule inversion on \<open>(?iw, s) \<Rightarrow> t\<close>"
+ proof cases \<comment> \<open>rule inversion on \<open>(?iw, s) \<Rightarrow> t\<close>\<close>
case IfFalse
hence "s = t" using \<open>(?iw, s) \<Rightarrow> t\<close> by blast
thus ?thesis using \<open>\<not>bval b s\<close> by blast
next
case IfTrue
- \<comment> "and for this, only the Seq-rule is applicable:"
+ \<comment> \<open>and for this, only the Seq-rule is applicable:\<close>
from \<open>(c;; ?w, s) \<Rightarrow> t\<close> obtain s' where
"(c, s) \<Rightarrow> s'" and "(?w, s') \<Rightarrow> t" by auto
- \<comment> "with this information, we can build a derivation tree for @{text WHILE}"
+ \<comment> \<open>with this information, we can build a derivation tree for @{text WHILE}\<close>
with \<open>bval b s\<close> show ?thesis by (rule WhileTrue)
qed
qed
@@ -267,14 +267,14 @@
theorem
"(c,s) \<Rightarrow> t \<Longrightarrow> (c,s) \<Rightarrow> t' \<Longrightarrow> t' = t"
proof (induction arbitrary: t' rule: big_step.induct)
- \<comment> "the only interesting case, @{text WhileTrue}:"
+ \<comment> \<open>the only interesting case, @{text WhileTrue}:\<close>
fix b c s s\<^sub>1 t t'
- \<comment> "The assumptions of the rule:"
+ \<comment> \<open>The assumptions of the rule:\<close>
assume "bval b s" and "(c,s) \<Rightarrow> s\<^sub>1" and "(WHILE b DO c,s\<^sub>1) \<Rightarrow> t"
\<comment> \<open>Ind.Hyp; note the @{text"\<And>"} because of arbitrary:\<close>
assume IHc: "\<And>t'. (c,s) \<Rightarrow> t' \<Longrightarrow> t' = s\<^sub>1"
assume IHw: "\<And>t'. (WHILE b DO c,s\<^sub>1) \<Rightarrow> t' \<Longrightarrow> t' = t"
- \<comment> "Premise of implication:"
+ \<comment> \<open>Premise of implication:\<close>
assume "(WHILE b DO c,s) \<Rightarrow> t'"
with \<open>bval b s\<close> obtain s\<^sub>1' where
c: "(c,s) \<Rightarrow> s\<^sub>1'" and
@@ -282,7 +282,7 @@
by auto
from c IHc have "s\<^sub>1' = s\<^sub>1" by blast
with w IHw show "t' = t" by blast
-qed blast+ \<comment> "prove the rest automatically"
+qed blast+ \<comment> \<open>prove the rest automatically\<close>
text_raw\<open>}%endsnip\<close>
end
--- a/src/HOL/IMP/Star.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/IMP/Star.thy Tue Jan 16 09:30:00 2018 +0100
@@ -7,7 +7,7 @@
refl: "star r x x" |
step: "r x y \<Longrightarrow> star r y z \<Longrightarrow> star r x z"
-hide_fact (open) refl step \<comment>"names too generic"
+hide_fact (open) refl step \<comment> \<open>names too generic\<close>
lemma star_trans:
"star r x y \<Longrightarrow> star r y z \<Longrightarrow> star r x z"
--- a/src/HOL/Imperative_HOL/Heap.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Imperative_HOL/Heap.thy Tue Jan 16 09:30:00 2018 +0100
@@ -44,8 +44,8 @@
but keeping them separate makes some later proofs simpler.
\<close>
-type_synonym addr = nat \<comment> "untyped heap references"
-type_synonym heap_rep = nat \<comment> "representable values"
+type_synonym addr = nat \<comment> \<open>untyped heap references\<close>
+type_synonym heap_rep = nat \<comment> \<open>representable values\<close>
record heap =
arrays :: "typerep \<Rightarrow> addr \<Rightarrow> heap_rep list"
@@ -55,8 +55,8 @@
definition empty :: heap where
"empty = \<lparr>arrays = (\<lambda>_ _. []), refs = (\<lambda>_ _. 0), lim = 0\<rparr>"
-datatype 'a array = Array addr \<comment> "note the phantom type 'a"
-datatype 'a ref = Ref addr \<comment> "note the phantom type 'a"
+datatype 'a array = Array addr \<comment> \<open>note the phantom type 'a\<close>
+datatype 'a ref = Ref addr \<comment> \<open>note the phantom type 'a\<close>
primrec addr_of_array :: "'a array \<Rightarrow> addr" where
"addr_of_array (Array x) = x"
--- a/src/HOL/Imperative_HOL/Ref.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Imperative_HOL/Ref.thy Tue Jan 16 09:30:00 2018 +0100
@@ -61,7 +61,7 @@
text \<open>Primitives\<close>
lemma noteq_sym: "r =!= s \<Longrightarrow> s =!= r"
- and unequal [simp]: "r \<noteq> r' \<longleftrightarrow> r =!= r'" \<comment> "same types!"
+ and unequal [simp]: "r \<noteq> r' \<longleftrightarrow> r =!= r'" \<comment> \<open>same types!\<close>
by (auto simp add: noteq_def)
lemma noteq_irrefl: "r =!= r \<Longrightarrow> False"
--- a/src/HOL/Induct/ABexp.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Induct/ABexp.thy Tue Jan 16 09:30:00 2018 +0100
@@ -55,7 +55,7 @@
"evala env (substa (Var (v := a')) a) = evala (env (v := evala env a')) a"
and subst1_bexp:
"evalb env (substb (Var (v := a')) b) = evalb (env (v := evala env a')) b"
- \<comment> \<open>one variable\<close>
+ \<comment> \<open>one variable\<close>
by (induct a and b) simp_all
lemma subst_all_aexp:
--- a/src/HOL/Induct/Comb.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Induct/Comb.thy Tue Jan 16 09:30:00 2018 +0100
@@ -70,7 +70,7 @@
definition
diamond :: "('a * 'a)set \<Rightarrow> bool" where
- \<comment>\<open>confluence; Lambda/Commutation treats this more abstractly\<close>
+ \<comment> \<open>confluence; Lambda/Commutation treats this more abstractly\<close>
"diamond(r) = (\<forall>x y. (x,y) \<in> r -->
(\<forall>y'. (x,y') \<in> r -->
(\<exists>z. (y,z) \<in> r & (y',z) \<in> r)))"
--- a/src/HOL/Isar_Examples/Hoare.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Isar_Examples/Hoare.thy Tue Jan 16 09:30:00 2018 +0100
@@ -400,7 +400,7 @@
lemma Compl_Collect: "- Collect b = {x. \<not> b x}"
by blast
-lemmas AbortRule = SkipRule \<comment> "dummy version"
+lemmas AbortRule = SkipRule \<comment> \<open>dummy version\<close>
ML_file "~~/src/HOL/Hoare/hoare_tac.ML"
--- a/src/HOL/Library/Cardinality.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Library/Cardinality.thy Tue Jan 16 09:30:00 2018 +0100
@@ -519,7 +519,7 @@
(\<lambda>_. List.coset xs \<subseteq> set ys))"
by simp
-notepad begin \<comment> "test code setup"
+notepad begin \<comment> \<open>test code setup\<close>
have "List.coset [True] = set [False] \<and>
List.coset [] \<subseteq> List.set [True, False] \<and>
finite (List.coset [True])"
--- a/src/HOL/Library/Code_Test.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Library/Code_Test.thy Tue Jan 16 09:30:00 2018 +0100
@@ -132,10 +132,8 @@
"xml_of_term (Code_Evaluation.Const x ty) = [xml.tagged (STR ''0'') (Some x) (xml_of_typ ty)]"
"xml_of_term (Code_Evaluation.App t1 t2) = [xml.tagged (STR ''5'') None [xml.node (xml_of_term t1), xml.node (xml_of_term t2)]]"
"xml_of_term (Code_Evaluation.Abs x ty t) = [xml.tagged (STR ''4'') (Some x) [xml.node (xml_of_typ ty), xml.node (xml_of_term t)]]"
- \<comment> \<open>
- FIXME: @{const Code_Evaluation.Free} is used only in @{theory Quickcheck_Narrowing} to represent
- uninstantiated parameters in constructors. Here, we always translate them to @{ML Free} variables.
-\<close>
+ \<comment> \<open>FIXME: @{const Code_Evaluation.Free} is used only in @{theory Quickcheck_Narrowing} to represent
+ uninstantiated parameters in constructors. Here, we always translate them to @{ML Free} variables.\<close>
"xml_of_term (Code_Evaluation.Free x ty) = [xml.tagged (STR ''1'') (Some x) (xml_of_typ ty)]"
by(simp_all add: xml_of_term_def xml_tree_anything)
--- a/src/HOL/Library/Extended_Nonnegative_Real.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Library/Extended_Nonnegative_Real.thy Tue Jan 16 09:30:00 2018 +0100
@@ -330,7 +330,7 @@
end
-lemma ennreal_zero_less_one: "0 < (1::ennreal)" \<comment> \<open>TODO: remove \<close>
+lemma ennreal_zero_less_one: "0 < (1::ennreal)" \<comment> \<open>TODO: remove\<close>
by transfer auto
instance ennreal :: dioid
--- a/src/HOL/Library/Omega_Words_Fun.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Library/Omega_Words_Fun.thy Tue Jan 16 09:30:00 2018 +0100
@@ -529,20 +529,20 @@
proof -
have "\<exists>k. range (suffix k x) \<subseteq> limit x"
proof -
- \<comment> "The set of letters that are not in the limit is certainly finite."
+ \<comment> \<open>The set of letters that are not in the limit is certainly finite.\<close>
from fin have "finite (range x - limit x)"
by simp
- \<comment> "Moreover, any such letter occurs only finitely often"
+ \<comment> \<open>Moreover, any such letter occurs only finitely often\<close>
moreover
have "\<forall>a \<in> range x - limit x. finite (x -` {a})"
by (auto simp add: limit_vimage)
- \<comment> "Thus, there are only finitely many occurrences of such letters."
+ \<comment> \<open>Thus, there are only finitely many occurrences of such letters.\<close>
ultimately have "finite (UN a : range x - limit x. x -` {a})"
by (blast intro: finite_UN_I)
- \<comment> "Therefore these occurrences are within some initial interval."
+ \<comment> \<open>Therefore these occurrences are within some initial interval.\<close>
then obtain k where "(UN a : range x - limit x. x -` {a}) \<subseteq> {..<k}"
by (blast dest: finite_nat_bounded)
- \<comment> "This is just the bound we are looking for."
+ \<comment> \<open>This is just the bound we are looking for.\<close>
hence "\<forall>m. k \<le> m \<longrightarrow> x m \<in> limit x"
by (auto simp add: limit_vimage)
hence "range (suffix k x) \<subseteq> limit x"
@@ -624,11 +624,11 @@
fix a assume a: "a \<in> set w"
then obtain k where k: "k < length w \<and> w!k = a"
by (auto simp add: set_conv_nth)
- \<comment> "the following bound is terrible, but it simplifies the proof"
+ \<comment> \<open>the following bound is terrible, but it simplifies the proof\<close>
from nempty k have "\<forall>m. w\<^sup>\<omega> ((Suc m)*(length w) + k) = a"
by (simp add: mod_add_left_eq [symmetric])
moreover
- \<comment> "why is the following so hard to prove??"
+ \<comment> \<open>why is the following so hard to prove??\<close>
have "\<forall>m. m < (Suc m)*(length w) + k"
proof
fix m
@@ -672,10 +672,10 @@
shows "\<exists>a \<in> (f -` {x}). a \<in> limit w"
proof (rule ccontr)
assume contra: "\<not> ?thesis"
- \<comment> "hence, every element in the pre-image occurs only finitely often"
+ \<comment> \<open>hence, every element in the pre-image occurs only finitely often\<close>
then have "\<forall>a \<in> (f -` {x}). finite {n. w n = a}"
by (simp add: limit_def Inf_many_def)
- \<comment> "so there are only finitely many occurrences of any such element"
+ \<comment> \<open>so there are only finitely many occurrences of any such element\<close>
with fin have "finite (\<Union> a \<in> (f -` {x}). {n. w n = a})"
by auto
\<comment> \<open>these are precisely those positions where $x$ occurs in $f \circ w$\<close>
@@ -683,7 +683,7 @@
have "(\<Union> a \<in> (f -` {x}). {n. w n = a}) = {n. f(w n) = x}"
by auto
ultimately
- \<comment> "so $x$ can occur only finitely often in the translated word"
+ \<comment> \<open>so $x$ can occur only finitely often in the translated word\<close>
have "finite {n. f(w n) = x}"
by simp
\<comment> \<open>\ldots\ which yields a contradiction\<close>
--- a/src/HOL/List.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/List.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1296,7 +1296,7 @@
subsubsection \<open>@{const set}\<close>
-declare list.set[code_post] \<comment>"pretty output"
+declare list.set[code_post] \<comment> \<open>pretty output\<close>
lemma finite_set [iff]: "finite (set xs)"
by (induct xs) auto
--- a/src/HOL/Metis_Examples/Message.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Metis_Examples/Message.thy Tue Jan 16 09:30:00 2018 +0100
@@ -19,8 +19,8 @@
type_synonym key = nat
consts
- all_symmetric :: bool \<comment>\<open>true if all keys are symmetric\<close>
- invKey :: "key=>key" \<comment>\<open>inverse of a symmetric key\<close>
+ all_symmetric :: bool \<comment> \<open>true if all keys are symmetric\<close>
+ invKey :: "key=>key" \<comment> \<open>inverse of a symmetric key\<close>
specification (invKey)
invKey [simp]: "invKey (invKey K) = K"
@@ -34,17 +34,17 @@
definition symKeys :: "key set" where
"symKeys == {K. invKey K = K}"
-datatype \<comment>\<open>We allow any number of friendly agents\<close>
+datatype \<comment> \<open>We allow any number of friendly agents\<close>
agent = Server | Friend nat | Spy
datatype
- msg = Agent agent \<comment>\<open>Agent names\<close>
- | Number nat \<comment>\<open>Ordinary integers, timestamps, ...\<close>
- | Nonce nat \<comment>\<open>Unguessable nonces\<close>
- | Key key \<comment>\<open>Crypto keys\<close>
- | Hash msg \<comment>\<open>Hashing\<close>
- | MPair msg msg \<comment>\<open>Compound messages\<close>
- | Crypt key msg \<comment>\<open>Encryption, public- or shared-key\<close>
+ msg = Agent agent \<comment> \<open>Agent names\<close>
+ | Number nat \<comment> \<open>Ordinary integers, timestamps, ...\<close>
+ | Nonce nat \<comment> \<open>Unguessable nonces\<close>
+ | Key key \<comment> \<open>Crypto keys\<close>
+ | Hash msg \<comment> \<open>Hashing\<close>
+ | MPair msg msg \<comment> \<open>Compound messages\<close>
+ | Crypt key msg \<comment> \<open>Encryption, public- or shared-key\<close>
text\<open>Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...\<close>
@@ -56,11 +56,11 @@
definition HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) where
- \<comment>\<open>Message Y paired with a MAC computed with the help of X\<close>
+ \<comment> \<open>Message Y paired with a MAC computed with the help of X\<close>
"Hash[X] Y == \<lbrace> Hash\<lbrace>X,Y\<rbrace>, Y\<rbrace>"
definition keysFor :: "msg set => key set" where
- \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
+ \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
"keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
--- a/src/HOL/Metis_Examples/Trans_Closure.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Metis_Examples/Trans_Closure.thy Tue Jan 16 09:30:00 2018 +0100
@@ -16,11 +16,11 @@
type_synonym addr = nat
datatype val
- = Unit \<comment> "dummy result value of void expressions"
- | Null \<comment> "null reference"
- | Bool bool \<comment> "Boolean value"
- | Intg int \<comment> "integer value"
- | Addr addr \<comment> "addresses of objects in the heap"
+ = Unit \<comment> \<open>dummy result value of void expressions\<close>
+ | Null \<comment> \<open>null reference\<close>
+ | Bool bool \<comment> \<open>Boolean value\<close>
+ | Intg int \<comment> \<open>integer value\<close>
+ | Addr addr \<comment> \<open>addresses of objects in the heap\<close>
consts R :: "(addr \<times> addr) set"
--- a/src/HOL/MicroJava/BV/BVSpec.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/BV/BVSpec.thy Tue Jan 16 09:30:00 2018 +0100
@@ -16,20 +16,20 @@
\<close>
definition
- \<comment> "The program counter will always be inside the method:"
+ \<comment> \<open>The program counter will always be inside the method:\<close>
check_bounded :: "instr list \<Rightarrow> exception_table \<Rightarrow> bool" where
"check_bounded ins et \<longleftrightarrow>
(\<forall>pc < length ins. \<forall>pc' \<in> set (succs (ins!pc) pc). pc' < length ins) \<and>
(\<forall>e \<in> set et. fst (snd (snd e)) < length ins)"
definition
- \<comment> "The method type only contains declared classes:"
+ \<comment> \<open>The method type only contains declared classes:\<close>
check_types :: "jvm_prog \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> JVMType.state list \<Rightarrow> bool" where
"check_types G mxs mxr phi \<longleftrightarrow> set phi \<subseteq> states G mxs mxr"
definition
- \<comment> "An instruction is welltyped if it is applicable and its effect"
- \<comment> "is compatible with the type at all successor instructions:"
+ \<comment> \<open>An instruction is welltyped if it is applicable and its effect\<close>
+ \<comment> \<open>is compatible with the type at all successor instructions:\<close>
wt_instr :: "[instr,jvm_prog,ty,method_type,nat,p_count,
exception_table,p_count] \<Rightarrow> bool" where
"wt_instr i G rT phi mxs max_pc et pc \<longleftrightarrow>
@@ -43,10 +43,10 @@
G \<turnstile> Some ([],(OK (Class C))#((map OK pTs))@(replicate mxl Err)) <=' phi!0"
definition
- \<comment> "A method is welltyped if the body is not empty, if execution does not"
- \<comment> "leave the body, if the method type covers all instructions and mentions"
- \<comment> "declared classes only, if the method calling convention is respected, and"
- \<comment> "if all instructions are welltyped."
+ \<comment> \<open>A method is welltyped if the body is not empty, if execution does not\<close>
+ \<comment> \<open>leave the body, if the method type covers all instructions and mentions\<close>
+ \<comment> \<open>declared classes only, if the method calling convention is respected, and\<close>
+ \<comment> \<open>if all instructions are welltyped.\<close>
wt_method :: "[jvm_prog,cname,ty list,ty,nat,nat,instr list,
exception_table,method_type] \<Rightarrow> bool" where
"wt_method G C pTs rT mxs mxl ins et phi \<longleftrightarrow>
@@ -59,7 +59,7 @@
(\<forall>pc. pc<max_pc \<longrightarrow> wt_instr (ins!pc) G rT phi mxs max_pc et pc))"
definition
- \<comment> "A program is welltyped if it is wellformed and all methods are welltyped"
+ \<comment> \<open>A program is welltyped if it is wellformed and all methods are welltyped\<close>
wt_jvm_prog :: "[jvm_prog,prog_type] \<Rightarrow> bool" where
"wt_jvm_prog G phi \<longleftrightarrow>
wf_prog (\<lambda>G C (sig,rT,(maxs,maxl,b,et)).
--- a/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Tue Jan 16 09:30:00 2018 +0100
@@ -136,23 +136,23 @@
\<Longrightarrow> G,phi \<turnstile>JVM (find_handler G (Some xcp) hp frs)\<surd>"
(is "\<And>f. \<lbrakk> ?wt; ?adr; ?hp; ?correct (None, hp, f#frs) \<rbrakk> \<Longrightarrow> ?correct (?find frs)")
proof (induct frs)
- \<comment> "the base case is trivial, as it should be"
+ \<comment> \<open>the base case is trivial, as it should be\<close>
show "?correct (?find [])" by (simp add: correct_state_def)
- \<comment> "we will need both forms \<open>wt_jvm_prog\<close> and \<open>wf_prog\<close> later"
+ \<comment> \<open>we will need both forms \<open>wt_jvm_prog\<close> and \<open>wf_prog\<close> later\<close>
assume wt: ?wt
then obtain mb where wf: "wf_prog mb G" by (simp add: wt_jvm_prog_def)
- \<comment> "these two don't change in the induction:"
+ \<comment> \<open>these two don't change in the induction:\<close>
assume adr: ?adr
assume hp: ?hp
- \<comment> "the assumption for the cons case:"
+ \<comment> \<open>the assumption for the cons case:\<close>
fix f f' frs'
assume cr: "?correct (None, hp, f#f'#frs')"
- \<comment> "the induction hypothesis as produced by Isabelle, immediatly simplified
- with the fixed assumptions above"
+ \<comment> \<open>the induction hypothesis as produced by Isabelle, immediatly simplified
+ with the fixed assumptions above\<close>
assume "\<And>f. \<lbrakk> ?wt; ?adr; ?hp; ?correct (None, hp, f#frs') \<rbrakk> \<Longrightarrow> ?correct (?find frs')"
with wt adr hp
have IH: "\<And>f. ?correct (None, hp, f#frs') \<Longrightarrow> ?correct (?find frs')" by blast
@@ -355,7 +355,7 @@
phi_pc': "phi C sig ! handler = Some (ST', LT')" and
frame': "correct_frame G hp (ST',LT') maxl ins ?f'"
proof (cases "ins!pc")
- case Return \<comment> "can't generate exceptions:"
+ case Return \<comment> \<open>can't generate exceptions:\<close>
with xp' have False by (simp add: split_beta split: if_split_asm)
thus ?thesis ..
next
@@ -570,7 +570,7 @@
}
ultimately
show ?thesis by (rule that)
- qed (use xp' in auto) \<comment> "the other instructions don't generate exceptions"
+ qed (use xp' in auto) \<comment> \<open>the other instructions don't generate exceptions\<close>
from state' meth hp_ok "class" frames phi_pc' frame' prehp
have ?thesis by (unfold correct_state_def) simp
--- a/src/HOL/MicroJava/BV/Effect.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/BV/Effect.thy Tue Jan 16 09:30:00 2018 +0100
@@ -52,9 +52,9 @@
= (PrimT Integer#ST,LT)" |
"eff' (Ifcmpeq b, G, (ts1#ts2#ST,LT)) = (ST,LT)" |
"eff' (Goto b, G, s) = s" |
- \<comment> "Return has no successor instruction in the same method"
+ \<comment> \<open>Return has no successor instruction in the same method\<close>
"eff' (Return, G, s) = s" |
- \<comment> "Throw always terminates abruptly"
+ \<comment> \<open>Throw always terminates abruptly\<close>
"eff' (Throw, G, s) = s" |
"eff' (Invoke C mn fpTs, G, (ST,LT)) = (let ST' = drop (length fpTs) ST
in (fst (snd (the (method (G,C) (mn,fpTs))))#(tl ST'),LT))"
--- a/src/HOL/MicroJava/BV/JVMType.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/BV/JVMType.thy Tue Jan 16 09:30:00 2018 +0100
@@ -12,8 +12,8 @@
type_synonym locvars_type = "ty err list"
type_synonym opstack_type = "ty list"
type_synonym state_type = "opstack_type \<times> locvars_type"
-type_synonym state = "state_type option err" \<comment> "for Kildall"
-type_synonym method_type = "state_type option list" \<comment> "for BVSpec"
+type_synonym state = "state_type option err" \<comment> \<open>for Kildall\<close>
+type_synonym method_type = "state_type option list" \<comment> \<open>for BVSpec\<close>
type_synonym class_type = "sig \<Rightarrow> method_type"
type_synonym prog_type = "cname \<Rightarrow> class_type"
--- a/src/HOL/MicroJava/Comp/CorrCompTp.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/Comp/CorrCompTp.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1269,7 +1269,7 @@
apply (intro strip)
apply (rule conjI)
- \<comment> "app"
+ \<comment> \<open>app\<close>
apply (rule Call_app [THEN app_mono_mxs])
apply assumption+
apply (rule HOL.refl)
@@ -1281,7 +1281,7 @@
apply (simp add: wf_prog_ws_prog [THEN comp_method])
apply (simp add: max_spec_preserves_length [symmetric])
- \<comment> "\<open>check_type\<close>"
+ \<comment> \<open>\<open>check_type\<close>\<close>
apply (simp add: max_ssize_def ssize_sto_def)
apply (simp add: max_of_list_def)
apply (subgoal_tac "(max (length pTsa + length ST) (length ST)) = (length pTsa + length ST)")
--- a/src/HOL/MicroJava/Comp/LemmasComp.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/Comp/LemmasComp.thy Tue Jan 16 09:30:00 2018 +0100
@@ -349,7 +349,7 @@
apply (simp add: map_of_map2)
apply (simp (no_asm_simp) add: compMethod_def split_beta)
- \<comment> "remaining subgoals"
+ \<comment> \<open>remaining subgoals\<close>
apply (auto intro: inv_f_eq simp add: inj_on_def is_class_def)
done
--- a/src/HOL/MicroJava/DFA/Kildall.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/DFA/Kildall.thy Tue Jan 16 09:30:00 2018 +0100
@@ -348,10 +348,10 @@
r = "{(ss',ss) . ss <[r] ss'} <*lex*> finite_psubset"
in while_rule)
-\<comment> "Invariant holds initially:"
+\<comment> \<open>Invariant holds initially:\<close>
apply (simp add:stables_def)
-\<comment> "Invariant is preserved:"
+\<comment> \<open>Invariant is preserved:\<close>
apply(simp add: stables_def split_paired_all)
apply(rename_tac ss w)
apply(subgoal_tac "(SOME p. p \<in> w) \<in> w")
@@ -393,16 +393,16 @@
apply (blast dest!: boundedD)
-\<comment> "Postcondition holds upon termination:"
+\<comment> \<open>Postcondition holds upon termination:\<close>
apply(clarsimp simp add: stables_def split_paired_all)
-\<comment> "Well-foundedness of the termination relation:"
+\<comment> \<open>Well-foundedness of the termination relation:\<close>
apply (rule wf_lex_prod)
apply (insert orderI [THEN acc_le_listI])
apply (simp add: acc_def lesssub_def wfP_wf_eq [symmetric])
apply (rule wf_finite_psubset)
-\<comment> "Loop decreases along termination relation:"
+\<comment> \<open>Loop decreases along termination relation:\<close>
apply(simp add: stables_def split_paired_all)
apply(rename_tac ss w)
apply(subgoal_tac "(SOME p. p \<in> w) \<in> w")
--- a/src/HOL/MicroJava/J/Conform.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Conform.thy Tue Jan 16 09:30:00 2018 +0100
@@ -7,7 +7,7 @@
theory Conform imports State WellType Exceptions begin
-type_synonym 'c env' = "'c prog \<times> (vname \<rightharpoonup> ty)" \<comment> "same as \<open>env\<close> of \<open>WellType.thy\<close>"
+type_synonym 'c env' = "'c prog \<times> (vname \<rightharpoonup> ty)" \<comment> \<open>same as \<open>env\<close> of \<open>WellType.thy\<close>\<close>
definition hext :: "aheap => aheap => bool" ("_ \<le>| _" [51,51] 50) where
"h\<le>|h' == \<forall>a C fs. h a = Some(C,fs) --> (\<exists>fs'. h' a = Some(C,fs'))"
--- a/src/HOL/MicroJava/J/Decl.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Decl.thy Tue Jan 16 09:30:00 2018 +0100
@@ -8,23 +8,23 @@
theory Decl imports Type begin
type_synonym
- fdecl = "vname \<times> ty" \<comment> "field declaration, cf. 8.3 (, 9.3)"
+ fdecl = "vname \<times> ty" \<comment> \<open>field declaration, cf. 8.3 (, 9.3)\<close>
type_synonym
- sig = "mname \<times> ty list" \<comment> "signature of a method, cf. 8.4.2"
+ sig = "mname \<times> ty list" \<comment> \<open>signature of a method, cf. 8.4.2\<close>
type_synonym
- 'c mdecl = "sig \<times> ty \<times> 'c" \<comment> "method declaration in a class"
+ 'c mdecl = "sig \<times> ty \<times> 'c" \<comment> \<open>method declaration in a class\<close>
type_synonym
'c "class" = "cname \<times> fdecl list \<times> 'c mdecl list"
- \<comment> "class = superclass, fields, methods"
+ \<comment> \<open>class = superclass, fields, methods\<close>
type_synonym
- 'c cdecl = "cname \<times> 'c class" \<comment> "class declaration, cf. 8.1"
+ 'c cdecl = "cname \<times> 'c class" \<comment> \<open>class declaration, cf. 8.1\<close>
type_synonym
- 'c prog = "'c cdecl list" \<comment> "program"
+ 'c prog = "'c cdecl list" \<comment> \<open>program\<close>
translations
--- a/src/HOL/MicroJava/J/Eval.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Eval.thy Tue Jan 16 09:30:00 2018 +0100
@@ -8,7 +8,7 @@
theory Eval imports State WellType begin
- \<comment> "Auxiliary notions"
+ \<comment> \<open>Auxiliary notions\<close>
definition fits :: "java_mb prog \<Rightarrow> state \<Rightarrow> val \<Rightarrow> ty \<Rightarrow> bool" ("_,_\<turnstile>_ fits _"[61,61,61,61]60) where
"G,s\<turnstile>a' fits T \<equiv> case T of PrimT T' \<Rightarrow> False | RefT T' \<Rightarrow> a'=Null \<or> G\<turnstile>obj_ty(lookup_obj s a')\<preceq>T"
@@ -23,7 +23,7 @@
"new_xcpt_var vn \<equiv> \<lambda>(x,s). Norm (lupd(vn\<mapsto>the x) s)"
- \<comment> "Evaluation relations"
+ \<comment> \<open>Evaluation relations\<close>
inductive
eval :: "[java_mb prog,xstate,expr,val,xstate] => bool "
@@ -36,21 +36,21 @@
for G :: "java_mb prog"
where
- \<comment> "evaluation of expressions"
+ \<comment> \<open>evaluation of expressions\<close>
- XcptE:"G\<turnstile>(Some xc,s) -e\<succ>undefined-> (Some xc,s)" \<comment> "cf. 15.5"
+ XcptE:"G\<turnstile>(Some xc,s) -e\<succ>undefined-> (Some xc,s)" \<comment> \<open>cf. 15.5\<close>
- \<comment> "cf. 15.8.1"
+ \<comment> \<open>cf. 15.8.1\<close>
| NewC: "[| h = heap s; (a,x) = new_Addr h;
h'= h(a\<mapsto>(C,init_vars (fields (G,C)))) |] ==>
G\<turnstile>Norm s -NewC C\<succ>Addr a-> c_hupd h' (x,s)"
- \<comment> "cf. 15.15"
+ \<comment> \<open>cf. 15.15\<close>
| Cast: "[| G\<turnstile>Norm s0 -e\<succ>v-> (x1,s1);
x2 = raise_if (\<not> cast_ok G C (heap s1) v) ClassCast x1 |] ==>
G\<turnstile>Norm s0 -Cast C e\<succ>v-> (x2,s1)"
- \<comment> "cf. 15.7.1"
+ \<comment> \<open>cf. 15.7.1\<close>
| Lit: "G\<turnstile>Norm s -Lit v\<succ>v-> Norm s"
| BinOp:"[| G\<turnstile>Norm s -e1\<succ>v1-> s1;
@@ -59,27 +59,27 @@
| Add => Intg (the_Intg v1 + the_Intg v2)) |] ==>
G\<turnstile>Norm s -BinOp bop e1 e2\<succ>v-> s2"
- \<comment> "cf. 15.13.1, 15.2"
+ \<comment> \<open>cf. 15.13.1, 15.2\<close>
| LAcc: "G\<turnstile>Norm s -LAcc v\<succ>the (locals s v)-> Norm s"
- \<comment> "cf. 15.25.1"
+ \<comment> \<open>cf. 15.25.1\<close>
| LAss: "[| G\<turnstile>Norm s -e\<succ>v-> (x,(h,l));
l' = (if x = None then l(va\<mapsto>v) else l) |] ==>
G\<turnstile>Norm s -va::=e\<succ>v-> (x,(h,l'))"
- \<comment> "cf. 15.10.1, 15.2"
+ \<comment> \<open>cf. 15.10.1, 15.2\<close>
| FAcc: "[| G\<turnstile>Norm s0 -e\<succ>a'-> (x1,s1);
v = the (snd (the (heap s1 (the_Addr a'))) (fn,T)) |] ==>
G\<turnstile>Norm s0 -{T}e..fn\<succ>v-> (np a' x1,s1)"
- \<comment> "cf. 15.25.1"
+ \<comment> \<open>cf. 15.25.1\<close>
| FAss: "[| G\<turnstile> Norm s0 -e1\<succ>a'-> (x1,s1); a = the_Addr a';
G\<turnstile>(np a' x1,s1) -e2\<succ>v -> (x2,s2);
h = heap s2; (c,fs) = the (h a);
h' = h(a\<mapsto>(c,(fs((fn,T)\<mapsto>v)))) |] ==>
G\<turnstile>Norm s0 -{T}e1..fn:=e2\<succ>v-> c_hupd h' (x2,s2)"
- \<comment> "cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5, 14.15"
+ \<comment> \<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5, 14.15\<close>
| Call: "[| G\<turnstile>Norm s0 -e\<succ>a'-> s1; a = the_Addr a';
G\<turnstile>s1 -ps[\<succ>]pvs-> (x,(h,l)); dynT = fst (the (h a));
(md,rT,pns,lvars,blk,res) = the (method (G,dynT) (mn,pTs));
@@ -88,43 +88,43 @@
G\<turnstile>Norm s0 -{C}e..mn({pTs}ps)\<succ>v-> (x4,(heap s4,l))"
- \<comment> "evaluation of expression lists"
+ \<comment> \<open>evaluation of expression lists\<close>
- \<comment> "cf. 15.5"
+ \<comment> \<open>cf. 15.5\<close>
| XcptEs:"G\<turnstile>(Some xc,s) -e[\<succ>]undefined-> (Some xc,s)"
- \<comment> "cf. 15.11.???"
+ \<comment> \<open>cf. 15.11.???\<close>
| Nil: "G\<turnstile>Norm s0 -[][\<succ>][]-> Norm s0"
- \<comment> "cf. 15.6.4"
+ \<comment> \<open>cf. 15.6.4\<close>
| Cons: "[| G\<turnstile>Norm s0 -e \<succ> v -> s1;
G\<turnstile> s1 -es[\<succ>]vs-> s2 |] ==>
G\<turnstile>Norm s0 -e#es[\<succ>]v#vs-> s2"
- \<comment> "execution of statements"
+ \<comment> \<open>execution of statements\<close>
- \<comment> "cf. 14.1"
+ \<comment> \<open>cf. 14.1\<close>
| XcptS:"G\<turnstile>(Some xc,s) -c-> (Some xc,s)"
- \<comment> "cf. 14.5"
+ \<comment> \<open>cf. 14.5\<close>
| Skip: "G\<turnstile>Norm s -Skip-> Norm s"
- \<comment> "cf. 14.7"
+ \<comment> \<open>cf. 14.7\<close>
| Expr: "[| G\<turnstile>Norm s0 -e\<succ>v-> s1 |] ==>
G\<turnstile>Norm s0 -Expr e-> s1"
- \<comment> "cf. 14.2"
+ \<comment> \<open>cf. 14.2\<close>
| Comp: "[| G\<turnstile>Norm s0 -c1-> s1;
G\<turnstile> s1 -c2-> s2|] ==>
G\<turnstile>Norm s0 -c1;; c2-> s2"
- \<comment> "cf. 14.8.2"
+ \<comment> \<open>cf. 14.8.2\<close>
| Cond: "[| G\<turnstile>Norm s0 -e\<succ>v-> s1;
G\<turnstile> s1 -(if the_Bool v then c1 else c2)-> s2|] ==>
G\<turnstile>Norm s0 -If(e) c1 Else c2-> s2"
- \<comment> "cf. 14.10, 14.10.1"
+ \<comment> \<open>cf. 14.10, 14.10.1\<close>
| LoopF:"[| G\<turnstile>Norm s0 -e\<succ>v-> s1; \<not>the_Bool v |] ==>
G\<turnstile>Norm s0 -While(e) c-> s1"
| LoopT:"[| G\<turnstile>Norm s0 -e\<succ>v-> s1; the_Bool v;
--- a/src/HOL/MicroJava/J/Example.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Example.thy Tue Jan 16 09:30:00 2018 +0100
@@ -135,7 +135,7 @@
lemma map_of_Cons2 [simp]: "aa\<noteq>k ==> map_of ((k,bb)#ps) aa = map_of ps aa"
apply (simp (no_asm_simp))
done
-declare map_of_Cons [simp del] \<comment> "sic!"
+declare map_of_Cons [simp del] \<comment> \<open>sic!\<close>
lemma class_tprg_Object [simp]: "class tprg Object = Some (undefined, [], [])"
apply (unfold ObjectC_def class_def)
@@ -377,25 +377,25 @@
lemmas t = ty_expr_ty_exprs_wt_stmt.intros
schematic_goal wt_test: "(tprg, empty(e\<mapsto>Class Base))\<turnstile>
Expr(e::=NewC Ext);; Expr({Base}LAcc e..foo({?pTs'}[Lit Null]))\<surd>"
-apply (rule ty_expr_ty_exprs_wt_stmt.intros) \<comment> ";;"
-apply (rule t) \<comment> "Expr"
-apply (rule t) \<comment> "LAss"
+apply (rule ty_expr_ty_exprs_wt_stmt.intros) \<comment> \<open>;;\<close>
+apply (rule t) \<comment> \<open>Expr\<close>
+apply (rule t) \<comment> \<open>LAss\<close>
apply simp \<comment> \<open>\<open>e \<noteq> This\<close>\<close>
-apply (rule t) \<comment> "LAcc"
+apply (rule t) \<comment> \<open>LAcc\<close>
apply (simp (no_asm))
apply (simp (no_asm))
-apply (rule t) \<comment> "NewC"
+apply (rule t) \<comment> \<open>NewC\<close>
apply (simp (no_asm))
apply (simp (no_asm))
-apply (rule t) \<comment> "Expr"
-apply (rule t) \<comment> "Call"
-apply (rule t) \<comment> "LAcc"
+apply (rule t) \<comment> \<open>Expr\<close>
+apply (rule t) \<comment> \<open>Call\<close>
+apply (rule t) \<comment> \<open>LAcc\<close>
apply (simp (no_asm))
apply (simp (no_asm))
-apply (rule t) \<comment> "Cons"
-apply (rule t) \<comment> "Lit"
+apply (rule t) \<comment> \<open>Cons\<close>
+apply (rule t) \<comment> \<open>Lit\<close>
apply (simp (no_asm))
-apply (rule t) \<comment> "Nil"
+apply (rule t) \<comment> \<open>Nil\<close>
apply (simp (no_asm))
apply (rule max_spec_foo_Base)
done
@@ -408,38 +408,38 @@
" [|new_Addr (heap (snd s0)) = (a, None)|] ==>
tprg\<turnstile>s0 -test-> ?s"
apply (unfold test_def)
-\<comment> "?s = s3 "
-apply (rule e) \<comment> ";;"
-apply (rule e) \<comment> "Expr"
-apply (rule e) \<comment> "LAss"
-apply (rule e) \<comment> "NewC"
+\<comment> \<open>?s = s3\<close>
+apply (rule e) \<comment> \<open>;;\<close>
+apply (rule e) \<comment> \<open>Expr\<close>
+apply (rule e) \<comment> \<open>LAss\<close>
+apply (rule e) \<comment> \<open>NewC\<close>
apply force
apply force
apply (simp (no_asm))
apply (erule thin_rl)
-apply (rule e) \<comment> "Expr"
-apply (rule e) \<comment> "Call"
-apply (rule e) \<comment> "LAcc"
+apply (rule e) \<comment> \<open>Expr\<close>
+apply (rule e) \<comment> \<open>Call\<close>
+apply (rule e) \<comment> \<open>LAcc\<close>
apply force
-apply (rule e) \<comment> "Cons"
-apply (rule e) \<comment> "Lit"
-apply (rule e) \<comment> "Nil"
+apply (rule e) \<comment> \<open>Cons\<close>
+apply (rule e) \<comment> \<open>Lit\<close>
+apply (rule e) \<comment> \<open>Nil\<close>
apply (simp (no_asm))
apply (force simp add: foo_Ext_def)
apply (simp (no_asm))
-apply (rule e) \<comment> "Expr"
-apply (rule e) \<comment> "FAss"
-apply (rule e) \<comment> "Cast"
-apply (rule e) \<comment> "LAcc"
+apply (rule e) \<comment> \<open>Expr\<close>
+apply (rule e) \<comment> \<open>FAss\<close>
+apply (rule e) \<comment> \<open>Cast\<close>
+apply (rule e) \<comment> \<open>LAcc\<close>
apply (simp (no_asm))
apply (simp (no_asm))
apply (simp (no_asm))
-apply (rule e) \<comment> "XcptE"
+apply (rule e) \<comment> \<open>XcptE\<close>
apply (simp (no_asm))
apply (rule surjective_pairing [symmetric, THEN[2]trans], subst prod.inject, force)
apply (simp (no_asm))
apply (simp (no_asm))
-apply (rule e) \<comment> "XcptE"
+apply (rule e) \<comment> \<open>XcptE\<close>
done
end
--- a/src/HOL/MicroJava/J/JTypeSafe.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/JTypeSafe.thy Tue Jan 16 09:30:00 2018 +0100
@@ -198,15 +198,15 @@
apply( rule eval_evals_exec_induct)
apply( unfold c_hupd_def)
-\<comment> "several simplifications, XcptE, XcptEs, XcptS, Skip, Nil??"
+\<comment> \<open>several simplifications, XcptE, XcptEs, XcptS, Skip, Nil??\<close>
apply( simp_all)
apply( tactic "ALLGOALS (REPEAT o resolve_tac @{context} [impI, allI])")
apply( tactic \<open>ALLGOALS (eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}]
THEN_ALL_NEW (full_simp_tac (put_simpset (simpset_of @{theory_context Conform}) @{context})))\<close>)
apply(tactic "ALLGOALS (EVERY' [REPEAT o (eresolve_tac @{context} [conjE]), REPEAT o hyp_subst_tac @{context}])")
-\<comment> "Level 7"
-\<comment> "15 NewC"
+\<comment> \<open>Level 7\<close>
+\<comment> \<open>15 NewC\<close>
apply (drule sym)
apply( drule new_AddrD)
apply( erule disjE)
@@ -221,13 +221,13 @@
apply( rule_tac [2] rtrancl.rtrancl_refl)
apply( simp (no_asm))
-\<comment> "for Cast"
+\<comment> \<open>for Cast\<close>
defer 1
-\<comment> "14 Lit"
+\<comment> \<open>14 Lit\<close>
apply( erule conf_litval)
-\<comment> "13 BinOp"
+\<comment> \<open>13 BinOp\<close>
apply (tactic "forward_hyp_tac @{context}")
apply (tactic "forward_hyp_tac @{context}")
apply( rule conjI, erule (1) hext_trans)
@@ -236,34 +236,34 @@
apply( drule eval_no_xcpt)
apply( simp split: binop.split)
-\<comment> "12 LAcc"
+\<comment> \<open>12 LAcc\<close>
apply simp
apply( fast elim: conforms_localD [THEN lconfD])
-\<comment> "for FAss"
+\<comment> \<open>for FAss\<close>
apply( tactic \<open>EVERY'[eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}]
THEN_ALL_NEW (full_simp_tac @{context}), REPEAT o (eresolve_tac @{context} [conjE]), hyp_subst_tac @{context}] 3\<close>)
-\<comment> "for if"
+\<comment> \<open>for if\<close>
apply( tactic \<open>(Induct_Tacs.case_tac @{context} "the_Bool v" [] NONE THEN_ALL_NEW
(asm_full_simp_tac @{context})) 7\<close>)
apply (tactic "forward_hyp_tac @{context}")
-\<comment> "11+1 if"
+\<comment> \<open>11+1 if\<close>
prefer 7
apply( fast intro: hext_trans)
prefer 7
apply( fast intro: hext_trans)
-\<comment> "10 Expr"
+\<comment> \<open>10 Expr\<close>
prefer 6
apply( fast)
-\<comment> "9 ???"
+\<comment> \<open>9 ???\<close>
apply( simp_all)
-\<comment> "8 Cast"
+\<comment> \<open>8 Cast\<close>
prefer 8
apply (rule conjI)
apply (fast intro: conforms_xcpt_change xconf_raise_if)
@@ -275,7 +275,7 @@
apply assumption+
-\<comment> "7 LAss"
+\<comment> \<open>7 LAss\<close>
apply (fold fun_upd_def)
apply( tactic \<open>(eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}]
THEN_ALL_NEW (full_simp_tac @{context})) 1\<close>)
@@ -284,13 +284,13 @@
apply (simp)
apply( blast intro: conforms_upd_local conf_widen)
-\<comment> "6 FAcc"
+\<comment> \<open>6 FAcc\<close>
apply (rule conjI)
apply (simp add: np_def)
apply (fast intro: conforms_xcpt_change xconf_raise_if)
apply( fast elim!: FAcc_type_sound)
-\<comment> "5 While"
+\<comment> \<open>5 While\<close>
prefer 5
apply(erule_tac V = "a \<longrightarrow> b" for a b in thin_rl)
apply(drule (1) ty_expr_ty_exprs_wt_stmt.Loop)
@@ -298,7 +298,7 @@
apply (tactic "forward_hyp_tac @{context}")
-\<comment> "4 Cond"
+\<comment> \<open>4 Cond\<close>
prefer 4
apply (case_tac "the_Bool v")
apply simp
@@ -306,31 +306,31 @@
apply simp
apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans)
-\<comment> "3 ;;"
+\<comment> \<open>3 ;;\<close>
prefer 3
apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans)
-\<comment> "2 FAss"
+\<comment> \<open>2 FAss\<close>
apply (subgoal_tac "(np a' x1, aa, ba) ::\<preceq> (G, lT)")
prefer 2
apply (simp add: np_def)
apply (fast intro: conforms_xcpt_change xconf_raise_if)
apply( case_tac "x2")
- \<comment> "x2 = None"
+ \<comment> \<open>x2 = None\<close>
apply (simp)
apply (tactic "forward_hyp_tac @{context}", clarify)
apply( drule eval_no_xcpt)
apply( erule FAss_type_sound, rule HOL.refl, assumption+)
- \<comment> "x2 = Some a"
+ \<comment> \<open>x2 = Some a\<close>
apply ( simp (no_asm_simp))
apply( fast intro: hext_trans)
apply( tactic "prune_params_tac @{context}")
-\<comment> "Level 52"
+\<comment> \<open>Level 52\<close>
-\<comment> "1 Call"
+\<comment> \<open>1 Call\<close>
apply( case_tac "x")
prefer 2
apply( clarsimp)
--- a/src/HOL/MicroJava/J/State.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/State.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,10 +10,10 @@
begin
type_synonym
- fields' = "(vname \<times> cname \<rightharpoonup> val)" \<comment> "field name, defining class, value"
+ fields' = "(vname \<times> cname \<rightharpoonup> val)" \<comment> \<open>field name, defining class, value\<close>
type_synonym
- obj = "cname \<times> fields'" \<comment> "class instance with class name and fields"
+ obj = "cname \<times> fields'" \<comment> \<open>class instance with class name and fields\<close>
definition obj_ty :: "obj => ty" where
"obj_ty obj == Class (fst obj)"
@@ -22,10 +22,10 @@
"init_vars == map_of o map (\<lambda>(n,T). (n,default_val T))"
type_synonym aheap = "loc \<rightharpoonup> obj" \<comment> \<open>"\<open>heap\<close>" used in a translation below\<close>
-type_synonym locals = "vname \<rightharpoonup> val" \<comment> "simple state, i.e. variable contents"
+type_synonym locals = "vname \<rightharpoonup> val" \<comment> \<open>simple state, i.e. variable contents\<close>
-type_synonym state = "aheap \<times> locals" \<comment> "heap, local parameter including This"
-type_synonym xstate = "val option \<times> state" \<comment> "state including exception information"
+type_synonym state = "aheap \<times> locals" \<comment> \<open>heap, local parameter including This\<close>
+type_synonym xstate = "val option \<times> state" \<comment> \<open>state including exception information\<close>
abbreviation (input)
heap :: "state => aheap"
--- a/src/HOL/MicroJava/J/Term.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Term.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6,26 +6,26 @@
theory Term imports Value begin
-datatype binop = Eq | Add \<comment> "function codes for binary operation"
+datatype binop = Eq | Add \<comment> \<open>function codes for binary operation\<close>
datatype expr
- = NewC cname \<comment> "class instance creation"
- | Cast cname expr \<comment> "type cast"
- | Lit val \<comment> "literal value, also references"
- | BinOp binop expr expr \<comment> "binary operation"
- | LAcc vname \<comment> "local (incl. parameter) access"
- | LAss vname expr ("_::=_" [90,90]90) \<comment> "local assign"
- | FAcc cname expr vname ("{_}_.._" [10,90,99]90) \<comment> "field access"
+ = NewC cname \<comment> \<open>class instance creation\<close>
+ | Cast cname expr \<comment> \<open>type cast\<close>
+ | Lit val \<comment> \<open>literal value, also references\<close>
+ | BinOp binop expr expr \<comment> \<open>binary operation\<close>
+ | LAcc vname \<comment> \<open>local (incl. parameter) access\<close>
+ | LAss vname expr ("_::=_" [90,90]90) \<comment> \<open>local assign\<close>
+ | FAcc cname expr vname ("{_}_.._" [10,90,99]90) \<comment> \<open>field access\<close>
| FAss cname expr vname
- expr ("{_}_.._:=_" [10,90,99,90]90) \<comment> "field ass."
+ expr ("{_}_.._:=_" [10,90,99,90]90) \<comment> \<open>field ass.\<close>
| Call cname expr mname
- "ty list" "expr list" ("{_}_.._'( {_}_')" [10,90,99,10,10] 90) \<comment> "method call"
+ "ty list" "expr list" ("{_}_.._'( {_}_')" [10,90,99,10,10] 90) \<comment> \<open>method call\<close>
datatype_compat expr
datatype stmt
- = Skip \<comment> "empty statement"
- | Expr expr \<comment> "expression statement"
+ = Skip \<comment> \<open>empty statement\<close>
+ | Expr expr \<comment> \<open>expression statement\<close>
| Comp stmt stmt ("_;; _" [61,60]60)
| Cond expr stmt stmt ("If '(_') _ Else _" [80,79,79]70)
| Loop expr stmt ("While '(_') _" [80,79]70)
--- a/src/HOL/MicroJava/J/Type.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Type.thy Tue Jan 16 09:30:00 2018 +0100
@@ -44,20 +44,20 @@
end
- \<comment> "exceptions"
+ \<comment> \<open>exceptions\<close>
datatype
xcpt
= NullPointer
| ClassCast
| OutOfMemory
-\<comment> "class names"
+\<comment> \<open>class names\<close>
datatype cname
= Object
| Xcpt xcpt
| Cname cnam
-typedecl vnam \<comment> "variable or field name"
+typedecl vnam \<comment> \<open>variable or field name\<close>
instantiation vnam :: equal
begin
@@ -92,7 +92,7 @@
end
-typedecl mname \<comment> "method name"
+typedecl mname \<comment> \<open>method name\<close>
instantiation mname :: equal
begin
@@ -127,26 +127,26 @@
end
-\<comment> "names for \<open>This\<close> pointer and local/field variables"
+\<comment> \<open>names for \<open>This\<close> pointer and local/field variables\<close>
datatype vname
= This
| VName vnam
-\<comment> "primitive type, cf. 4.2"
+\<comment> \<open>primitive type, cf. 4.2\<close>
datatype prim_ty
- = Void \<comment> "'result type' of void methods"
+ = Void \<comment> \<open>'result type' of void methods\<close>
| Boolean
| Integer
-\<comment> "reference type, cf. 4.3"
+\<comment> \<open>reference type, cf. 4.3\<close>
datatype ref_ty
- = NullT \<comment> "null type, cf. 4.1"
- | ClassT cname \<comment> "class type"
+ = NullT \<comment> \<open>null type, cf. 4.1\<close>
+ | ClassT cname \<comment> \<open>class type\<close>
-\<comment> "any type, cf. 4.1"
+\<comment> \<open>any type, cf. 4.1\<close>
datatype ty
- = PrimT prim_ty \<comment> "primitive type"
- | RefT ref_ty \<comment> "reference type"
+ = PrimT prim_ty \<comment> \<open>primitive type\<close>
+ | RefT ref_ty \<comment> \<open>reference type\<close>
abbreviation NT :: ty
where "NT == RefT NullT"
--- a/src/HOL/MicroJava/J/TypeRel.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/TypeRel.thy Tue Jan 16 09:30:00 2018 +0100
@@ -8,7 +8,7 @@
imports Decl
begin
-\<comment> "direct subclass, cf. 8.1.3"
+\<comment> \<open>direct subclass, cf. 8.1.3\<close>
inductive_set
subcls1 :: "'c prog => (cname \<times> cname) set"
@@ -177,12 +177,12 @@
qed
definition "method" :: "'c prog \<times> cname => (sig \<rightharpoonup> cname \<times> ty \<times> 'c)"
- \<comment> "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6"
+ \<comment> \<open>methods of a class, with inheritance, overriding and hiding, cf. 8.4.6\<close>
where [code]: "method \<equiv> \<lambda>(G,C). class_rec G C empty (\<lambda>C fs ms ts.
ts ++ map_of (map (\<lambda>(s,m). (s,(C,m))) ms))"
definition fields :: "'c prog \<times> cname => ((vname \<times> cname) \<times> ty) list"
- \<comment> "list of fields of a class, including inherited and hidden ones"
+ \<comment> \<open>list of fields of a class, including inherited and hidden ones\<close>
where [code]: "fields \<equiv> \<lambda>(G,C). class_rec G C [] (\<lambda>C fs ms ts.
map (\<lambda>(fn,ft). ((fn,C),ft)) fs @ ts)"
@@ -215,12 +215,12 @@
done
-\<comment> "widening, viz. method invocation conversion,cf. 5.3 i.e. sort of syntactic subtyping"
+\<comment> \<open>widening, viz. method invocation conversion,cf. 5.3 i.e. sort of syntactic subtyping\<close>
inductive
widen :: "'c prog => [ty , ty ] => bool" ("_ \<turnstile> _ \<preceq> _" [71,71,71] 70)
for G :: "'c prog"
where
- refl [intro!, simp]: "G\<turnstile> T \<preceq> T" \<comment> "identity conv., cf. 5.1.1"
+ refl [intro!, simp]: "G\<turnstile> T \<preceq> T" \<comment> \<open>identity conv., cf. 5.1.1\<close>
| subcls : "G\<turnstile>C\<preceq>C D ==> G\<turnstile>Class C \<preceq> Class D"
| null [intro!]: "G\<turnstile> NT \<preceq> RefT R"
@@ -228,8 +228,8 @@
lemmas refl = HOL.refl
-\<comment> "casting conversion, cf. 5.5 / 5.1.5"
-\<comment> "left out casts on primitve types"
+\<comment> \<open>casting conversion, cf. 5.5 / 5.1.5\<close>
+\<comment> \<open>left out casts on primitve types\<close>
inductive
cast :: "'c prog => [ty , ty ] => bool" ("_ \<turnstile> _ \<preceq>? _" [71,71,71] 70)
for G :: "'c prog"
--- a/src/HOL/MicroJava/J/Value.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/Value.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6,19 +6,19 @@
theory Value imports Type begin
-typedecl loc' \<comment> "locations, i.e. abstract references on objects"
+typedecl loc' \<comment> \<open>locations, i.e. abstract references on objects\<close>
datatype loc
- = XcptRef xcpt \<comment> "special locations for pre-allocated system exceptions"
- | Loc loc' \<comment> "usual locations (references on objects)"
+ = XcptRef xcpt \<comment> \<open>special locations for pre-allocated system exceptions\<close>
+ | Loc loc' \<comment> \<open>usual locations (references on objects)\<close>
datatype val
- = Unit \<comment> "dummy result value of void methods"
- | Null \<comment> "null reference"
- | Bool bool \<comment> "Boolean value"
- | Intg int \<comment> "integer value, name Intg instead of Int because
- of clash with HOL/Set.thy"
- | Addr loc \<comment> "addresses, i.e. locations of objects "
+ = Unit \<comment> \<open>dummy result value of void methods\<close>
+ | Null \<comment> \<open>null reference\<close>
+ | Bool bool \<comment> \<open>Boolean value\<close>
+ | Intg int \<comment> \<open>integer value, name Intg instead of Int because
+ of clash with HOL/Set.thy\<close>
+ | Addr loc \<comment> \<open>addresses, i.e. locations of objects\<close>
primrec the_Bool :: "val => bool" where
"the_Bool (Bool b) = b"
@@ -29,12 +29,12 @@
primrec the_Addr :: "val => loc" where
"the_Addr (Addr a) = a"
-primrec defpval :: "prim_ty => val" \<comment> "default value for primitive types" where
+primrec defpval :: "prim_ty => val" \<comment> \<open>default value for primitive types\<close> where
"defpval Void = Unit"
| "defpval Boolean = Bool False"
| "defpval Integer = Intg 0"
-primrec default_val :: "ty => val" \<comment> "default value for all types" where
+primrec default_val :: "ty => val" \<comment> \<open>default value for all types\<close> where
"default_val (PrimT pt) = defpval pt"
| "default_val (RefT r ) = Null"
--- a/src/HOL/MicroJava/J/WellType.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/J/WellType.thy Tue Jan 16 09:30:00 2018 +0100
@@ -38,14 +38,14 @@
list_all2 (\<lambda>T T'. G\<turnstile>T\<preceq>T') pTs pTs'"
definition appl_methds :: "'c prog \<Rightarrow> cname \<Rightarrow> sig \<Rightarrow> ((ty \<times> ty) \<times> ty list) set"
- \<comment> "applicable methods, cf. 15.11.2.1"
+ \<comment> \<open>applicable methods, cf. 15.11.2.1\<close>
where "appl_methds G C == \<lambda>(mn, pTs).
{((Class md,rT),pTs') |md rT mb pTs'.
method (G,C) (mn, pTs') = Some (md,rT,mb) \<and>
list_all2 (\<lambda>T T'. G\<turnstile>T\<preceq>T') pTs pTs'}"
definition max_spec :: "'c prog \<Rightarrow> cname \<Rightarrow> sig \<Rightarrow> ((ty \<times> ty) \<times> ty list) set"
- \<comment> "maximally specific methods, cf. 15.11.2.2"
+ \<comment> \<open>maximally specific methods, cf. 15.11.2.2\<close>
where "max_spec G C sig == {m. m \<in>appl_methds G C sig \<and>
(\<forall>m'\<in>appl_methds G C sig.
more_spec G m' m --> m' = m)}"
@@ -96,8 +96,8 @@
type_synonym
java_mb = "vname list \<times> (vname \<times> ty) list \<times> stmt \<times> expr"
-\<comment> "method body with parameter names, local variables, block, result expression."
-\<comment> "local variables might include This, which is hidden anyway"
+\<comment> \<open>method body with parameter names, local variables, block, result expression.\<close>
+\<comment> \<open>local variables might include This, which is hidden anyway\<close>
inductive
ty_expr :: "'c env => expr => ty => bool" ("_ \<turnstile> _ :: _" [51, 51, 51] 50)
@@ -106,19 +106,19 @@
where
NewC: "[| is_class (prg E) C |] ==>
- E\<turnstile>NewC C::Class C" \<comment> "cf. 15.8"
+ E\<turnstile>NewC C::Class C" \<comment> \<open>cf. 15.8\<close>
- \<comment> "cf. 15.15"
+ \<comment> \<open>cf. 15.15\<close>
| Cast: "[| E\<turnstile>e::C; is_class (prg E) D;
prg E\<turnstile>C\<preceq>? Class D |] ==>
E\<turnstile>Cast D e:: Class D"
- \<comment> "cf. 15.7.1"
+ \<comment> \<open>cf. 15.7.1\<close>
| Lit: "[| typeof (\<lambda>v. None) x = Some T |] ==>
E\<turnstile>Lit x::T"
- \<comment> "cf. 15.13.1"
+ \<comment> \<open>cf. 15.13.1\<close>
| LAcc: "[| localT E v = Some T; is_type (prg E) T |] ==>
E\<turnstile>LAcc v::T"
@@ -128,42 +128,42 @@
else T' = T \<and> T = PrimT Integer|] ==>
E\<turnstile>BinOp bop e1 e2::T'"
- \<comment> "cf. 15.25, 15.25.1"
+ \<comment> \<open>cf. 15.25, 15.25.1\<close>
| LAss: "[| v ~= This;
E\<turnstile>LAcc v::T;
E\<turnstile>e::T';
prg E\<turnstile>T'\<preceq>T |] ==>
E\<turnstile>v::=e::T'"
- \<comment> "cf. 15.10.1"
+ \<comment> \<open>cf. 15.10.1\<close>
| FAcc: "[| E\<turnstile>a::Class C;
field (prg E,C) fn = Some (fd,fT) |] ==>
E\<turnstile>{fd}a..fn::fT"
- \<comment> "cf. 15.25, 15.25.1"
+ \<comment> \<open>cf. 15.25, 15.25.1\<close>
| FAss: "[| E\<turnstile>{fd}a..fn::T;
E\<turnstile>v ::T';
prg E\<turnstile>T'\<preceq>T |] ==>
E\<turnstile>{fd}a..fn:=v::T'"
- \<comment> "cf. 15.11.1, 15.11.2, 15.11.3"
+ \<comment> \<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
| Call: "[| E\<turnstile>a::Class C;
E\<turnstile>ps[::]pTs;
max_spec (prg E) C (mn, pTs) = {((md,rT),pTs')} |] ==>
E\<turnstile>{C}a..mn({pTs'}ps)::rT"
-\<comment> "well-typed expression lists"
+\<comment> \<open>well-typed expression lists\<close>
- \<comment> "cf. 15.11.???"
+ \<comment> \<open>cf. 15.11.???\<close>
| Nil: "E\<turnstile>[][::][]"
- \<comment> "cf. 15.11.???"
+ \<comment> \<open>cf. 15.11.???\<close>
| Cons:"[| E\<turnstile>e::T;
E\<turnstile>es[::]Ts |] ==>
E\<turnstile>e#es[::]T#Ts"
-\<comment> "well-typed statements"
+\<comment> \<open>well-typed statements\<close>
| Skip:"E\<turnstile>Skip\<surd>"
@@ -174,13 +174,13 @@
E\<turnstile>s2\<surd> |] ==>
E\<turnstile>s1;; s2\<surd>"
- \<comment> "cf. 14.8"
+ \<comment> \<open>cf. 14.8\<close>
| Cond:"[| E\<turnstile>e::PrimT Boolean;
E\<turnstile>s1\<surd>;
E\<turnstile>s2\<surd> |] ==>
E\<turnstile>If(e) s1 Else s2\<surd>"
- \<comment> "cf. 14.10"
+ \<comment> \<open>cf. 14.10\<close>
| Loop:"[| E\<turnstile>e::PrimT Boolean;
E\<turnstile>s\<surd> |] ==>
E\<turnstile>While(e) s\<surd>"
--- a/src/HOL/MicroJava/JVM/JVMExec.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/JVM/JVMExec.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,7 +10,7 @@
fun
exec :: "jvm_prog \<times> jvm_state => jvm_state option"
-\<comment> "exec is not recursive. fun is just used for pattern matching"
+\<comment> \<open>exec is not recursive. fun is just used for pattern matching\<close>
where
"exec (G, xp, hp, []) = None"
--- a/src/HOL/MicroJava/JVM/JVMExecInstr.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/JVM/JVMExecInstr.thy Tue Jan 16 09:30:00 2018 +0100
@@ -67,8 +67,8 @@
else []
in
(xp', hp, frs'@(stk, vars, Cl, sig, pc)#frs))" |
- \<comment> "Because exception handling needs the pc of the Invoke instruction,"
- \<comment> "Invoke doesn't change stk and pc yet (\<open>Return\<close> does that)."
+ \<comment> \<open>Because exception handling needs the pc of the Invoke instruction,\<close>
+ \<comment> \<open>Invoke doesn't change stk and pc yet (\<open>Return\<close> does that).\<close>
"exec_instr Return G hp stk0 vars Cl sig0 pc frs =
(if frs=[] then
@@ -78,8 +78,8 @@
(mn,pt) = sig0; n = length pt
in
(None, hp, (val#(drop (n+1) stk),loc,C,sig,pc+1)#tl frs))"
- \<comment> "Return drops arguments from the caller's stack and increases"
- \<comment> "the program counter in the caller" |
+ \<comment> \<open>Return drops arguments from the caller's stack and increases\<close>
+ \<comment> \<open>the program counter in the caller\<close> |
"exec_instr Pop G hp stk vars Cl sig pc frs =
(None, hp, (tl stk, vars, Cl, sig, pc+1)#frs)" |
--- a/src/HOL/MicroJava/JVM/JVMInstructions.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/JVM/JVMInstructions.thy Tue Jan 16 09:30:00 2018 +0100
@@ -9,35 +9,35 @@
datatype
- instr = Load nat \<comment> "load from local variable"
- | Store nat \<comment> "store into local variable"
- | LitPush val \<comment> "push a literal (constant)"
- | New cname \<comment> "create object"
- | Getfield vname cname \<comment> "Fetch field from object"
- | Putfield vname cname \<comment> "Set field in object "
- | Checkcast cname \<comment> "Check whether object is of given type"
- | Invoke cname mname "(ty list)" \<comment> "inv. instance meth of an object"
- | Return \<comment> "return from method"
- | Pop \<comment> "pop top element from opstack"
- | Dup \<comment> "duplicate top element of opstack"
- | Dup_x1 \<comment> "duplicate top element and push 2 down"
- | Dup_x2 \<comment> "duplicate top element and push 3 down"
- | Swap \<comment> "swap top and next to top element"
- | IAdd \<comment> "integer addition"
- | Goto int \<comment> "goto relative address"
- | Ifcmpeq int \<comment> "branch if int/ref comparison succeeds"
- | Throw \<comment> "throw top of stack as exception"
+ instr = Load nat \<comment> \<open>load from local variable\<close>
+ | Store nat \<comment> \<open>store into local variable\<close>
+ | LitPush val \<comment> \<open>push a literal (constant)\<close>
+ | New cname \<comment> \<open>create object\<close>
+ | Getfield vname cname \<comment> \<open>Fetch field from object\<close>
+ | Putfield vname cname \<comment> \<open>Set field in object\<close>
+ | Checkcast cname \<comment> \<open>Check whether object is of given type\<close>
+ | Invoke cname mname "(ty list)" \<comment> \<open>inv. instance meth of an object\<close>
+ | Return \<comment> \<open>return from method\<close>
+ | Pop \<comment> \<open>pop top element from opstack\<close>
+ | Dup \<comment> \<open>duplicate top element of opstack\<close>
+ | Dup_x1 \<comment> \<open>duplicate top element and push 2 down\<close>
+ | Dup_x2 \<comment> \<open>duplicate top element and push 3 down\<close>
+ | Swap \<comment> \<open>swap top and next to top element\<close>
+ | IAdd \<comment> \<open>integer addition\<close>
+ | Goto int \<comment> \<open>goto relative address\<close>
+ | Ifcmpeq int \<comment> \<open>branch if int/ref comparison succeeds\<close>
+ | Throw \<comment> \<open>throw top of stack as exception\<close>
type_synonym
bytecode = "instr list"
type_synonym
exception_entry = "p_count \<times> p_count \<times> p_count \<times> cname"
- \<comment> "start-pc, end-pc, handler-pc, exception type"
+ \<comment> \<open>start-pc, end-pc, handler-pc, exception type\<close>
type_synonym
exception_table = "exception_entry list"
type_synonym
jvm_method = "nat \<times> nat \<times> bytecode \<times> exception_table"
- \<comment> "max stacksize, size of register set, instruction sequence, handler table"
+ \<comment> \<open>max stacksize, size of register set, instruction sequence, handler table\<close>
type_synonym
jvm_prog = "jvm_method prog"
--- a/src/HOL/MicroJava/JVM/JVMState.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/MicroJava/JVM/JVMState.thy Tue Jan 16 09:30:00 2018 +0100
@@ -22,11 +22,11 @@
sig \<times>
p_count"
- \<comment> "operand stack"
- \<comment> "local variables (including this pointer and method parameters)"
- \<comment> "name of class where current method is defined"
- \<comment> "method name + parameter types"
- \<comment> "program counter within frame"
+ \<comment> \<open>operand stack\<close>
+ \<comment> \<open>local variables (including this pointer and method parameters)\<close>
+ \<comment> \<open>name of class where current method is defined\<close>
+ \<comment> \<open>method name + parameter types\<close>
+ \<comment> \<open>program counter within frame\<close>
subsection \<open>Exceptions\<close>
@@ -35,7 +35,7 @@
subsection \<open>Runtime State\<close>
type_synonym
- jvm_state = "val option \<times> aheap \<times> frame list" \<comment> "exception flag, heap, frames"
+ jvm_state = "val option \<times> aheap \<times> frame list" \<comment> \<open>exception flag, heap, frames\<close>
subsection \<open>Lemmas\<close>
--- a/src/HOL/Mirabelle/ex/Ex.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Mirabelle/ex/Ex.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6,7 +6,7 @@
"cd \"$ISABELLE_HOME/src/HOL/Analysis\"; isabelle mirabelle arith Inner_Product.thy";
if rc <> 0 then error ("Mirabelle example failed: " ^ string_of_int rc)
else ();
-\<close> \<comment> "some arbitrary small test case"
+\<close> \<comment> \<open>some arbitrary small test case\<close>
end
--- a/src/HOL/NanoJava/AxSem.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/NanoJava/AxSem.thy Tue Jan 16 09:30:00 2018 +0100
@@ -72,13 +72,13 @@
Impl (D,m) {Q} ==>
A \<turnstile> {P} Meth (C,m) {Q}"
- \<comment>\<open>\<open>\<Union>Z\<close> instead of \<open>\<forall>Z\<close> in the conclusion and\\
+ \<comment> \<open>\<open>\<Union>Z\<close> instead of \<open>\<forall>Z\<close> in the conclusion and\\
Z restricted to type state due to limitations of the inductive package\<close>
| Impl: "\<forall>Z::state. A\<union> (\<Union>Z. (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms) |\<turnstile>
(\<lambda>Cm. (P Z Cm, body Cm, Q Z Cm))`Ms ==>
A |\<turnstile> (\<lambda>Cm. (P Z Cm, Impl Cm, Q Z Cm))`Ms"
-\<comment>\<open>structural rules\<close>
+\<comment> \<open>structural rules\<close>
| Asm: " a \<in> A ==> A |\<turnstile> {a}"
@@ -86,12 +86,12 @@
| ConjE: "[|A |\<turnstile> C; c \<in> C |] ==> A |\<turnstile> {c}"
- \<comment>\<open>Z restricted to type state due to limitations of the inductive package\<close>
+ \<comment> \<open>Z restricted to type state due to limitations of the inductive package\<close>
| Conseq:"[| \<forall>Z::state. A \<turnstile> {P' Z} c {Q' Z};
\<forall>s t. (\<forall>Z. P' Z s --> Q' Z t) --> (P s --> Q t) |] ==>
A \<turnstile> {P} c {Q }"
- \<comment>\<open>Z restricted to type state due to limitations of the inductive package\<close>
+ \<comment> \<open>Z restricted to type state due to limitations of the inductive package\<close>
| eConseq:"[| \<forall>Z::state. A \<turnstile>\<^sub>e {P' Z} e {Q' Z};
\<forall>s v t. (\<forall>Z. P' Z s --> Q' Z v t) --> (P s --> Q v t) |] ==>
A \<turnstile>\<^sub>e {P} e {Q }"
--- a/src/HOL/NanoJava/Decl.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/NanoJava/Decl.thy Tue Jan 16 09:30:00 2018 +0100
@@ -8,8 +8,8 @@
theory Decl imports Term begin
datatype ty
- = NT \<comment>\<open>null type\<close>
- | Class cname \<comment>\<open>class type\<close>
+ = NT \<comment> \<open>null type\<close>
+ | Class cname \<comment> \<open>class type\<close>
text\<open>Field declaration\<close>
type_synonym fdecl
@@ -45,9 +45,9 @@
(type) "prog " \<leftharpoondown> (type) "cdecl list"
axiomatization
- Prog :: prog \<comment>\<open>program as a global value\<close>
+ Prog :: prog \<comment> \<open>program as a global value\<close>
and
- Object :: cname \<comment>\<open>name of root class\<close>
+ Object :: cname \<comment> \<open>name of root class\<close>
definition "class" :: "cname \<rightharpoonup> class" where
--- a/src/HOL/NanoJava/State.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/NanoJava/State.thy Tue Jan 16 09:30:00 2018 +0100
@@ -14,8 +14,8 @@
typedecl loc
datatype val
- = Null \<comment>\<open>null reference\<close>
- | Addr loc \<comment>\<open>address, i.e. location of object\<close>
+ = Null \<comment> \<open>null reference\<close>
+ | Addr loc \<comment> \<open>address, i.e. location of object\<close>
type_synonym fields
= "(fname \<rightharpoonup> val)"
@@ -59,7 +59,7 @@
definition get_local :: "state => vname => val" ("_<_>" [99,0] 99) where
"get_local s x \<equiv> the (locals s x)"
-\<comment>\<open>local function:\<close>
+\<comment> \<open>local function:\<close>
definition get_obj :: "state => loc => obj" where
"get_obj s a \<equiv> the (heap s a)"
@@ -69,7 +69,7 @@
definition get_field :: "state => loc => fname => val" where
"get_field s a f \<equiv> the (snd (get_obj s a) f)"
-\<comment>\<open>local function:\<close>
+\<comment> \<open>local function:\<close>
definition hupd :: "loc => obj => state => state" ("hupd'(_\<mapsto>_')" [10,10] 1000) where
"hupd a obj s \<equiv> s (| heap := ((heap s)(a\<mapsto>obj))|)"
--- a/src/HOL/NanoJava/Term.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/NanoJava/Term.thy Tue Jan 16 09:30:00 2018 +0100
@@ -6,15 +6,15 @@
theory Term imports Main begin
-typedecl cname \<comment>\<open>class name\<close>
-typedecl mname \<comment>\<open>method name\<close>
-typedecl fname \<comment>\<open>field name\<close>
-typedecl vname \<comment>\<open>variable name\<close>
+typedecl cname \<comment> \<open>class name\<close>
+typedecl mname \<comment> \<open>method name\<close>
+typedecl fname \<comment> \<open>field name\<close>
+typedecl vname \<comment> \<open>variable name\<close>
axiomatization
- This \<comment>\<open>This pointer\<close>
- Par \<comment>\<open>method parameter\<close>
- Res :: vname \<comment>\<open>method result\<close>
+ This \<comment> \<open>This pointer\<close>
+ Par \<comment> \<open>method parameter\<close>
+ Res :: vname \<comment> \<open>method result\<close>
\<comment> \<open>Inequality axioms are not required for the meta theory.\<close>
(*
where
@@ -24,21 +24,21 @@
*)
datatype stmt
- = Skip \<comment>\<open>empty statement\<close>
+ = Skip \<comment> \<open>empty statement\<close>
| Comp stmt stmt ("_;; _" [91,90 ] 90)
| Cond expr stmt stmt ("If '(_') _ Else _" [ 3,91,91] 91)
| Loop vname stmt ("While '(_') _" [ 3,91 ] 91)
- | LAss vname expr ("_ :== _" [99, 95] 94) \<comment>\<open>local assignment\<close>
- | FAss expr fname expr ("_.._:==_" [95,99,95] 94) \<comment>\<open>field assignment\<close>
- | Meth "cname \<times> mname" \<comment>\<open>virtual method\<close>
- | Impl "cname \<times> mname" \<comment>\<open>method implementation\<close>
+ | LAss vname expr ("_ :== _" [99, 95] 94) \<comment> \<open>local assignment\<close>
+ | FAss expr fname expr ("_.._:==_" [95,99,95] 94) \<comment> \<open>field assignment\<close>
+ | Meth "cname \<times> mname" \<comment> \<open>virtual method\<close>
+ | Impl "cname \<times> mname" \<comment> \<open>method implementation\<close>
and expr
- = NewC cname ("new _" [ 99] 95) \<comment>\<open>object creation\<close>
- | Cast cname expr \<comment>\<open>type cast\<close>
- | LAcc vname \<comment>\<open>local access\<close>
- | FAcc expr fname ("_.._" [95,99] 95) \<comment>\<open>field access\<close>
+ = NewC cname ("new _" [ 99] 95) \<comment> \<open>object creation\<close>
+ | Cast cname expr \<comment> \<open>type cast\<close>
+ | LAcc vname \<comment> \<open>local access\<close>
+ | FAcc expr fname ("_.._" [95,99] 95) \<comment> \<open>field access\<close>
| Call cname expr mname expr
- ("{_}_.._'(_')" [99,95,99,95] 95) \<comment>\<open>method call\<close>
+ ("{_}_.._'(_')" [99,95,99,95] 95) \<comment> \<open>method call\<close>
end
--- a/src/HOL/NanoJava/TypeRel.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/NanoJava/TypeRel.thy Tue Jan 16 09:30:00 2018 +0100
@@ -103,7 +103,7 @@
apply (subst cut_apply, auto intro: subcls1I)
done
-\<comment>\<open>Methods of a class, with inheritance and hiding\<close>
+\<comment> \<open>Methods of a class, with inheritance and hiding\<close>
definition "method" :: "cname => (mname \<rightharpoonup> methd)" where
"method C \<equiv> class_rec C methods"
@@ -115,7 +115,7 @@
done
-\<comment>\<open>Fields of a class, with inheritance and hiding\<close>
+\<comment> \<open>Fields of a class, with inheritance and hiding\<close>
definition field :: "cname => (fname \<rightharpoonup> ty)" where
"field C \<equiv> class_rec C flds"
--- a/src/HOL/Nominal/Examples/Fsub.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nominal/Examples/Fsub.thy Tue Jan 16 09:30:00 2018 +0100
@@ -702,7 +702,7 @@
using a b
apply(nominal_induct T avoiding: \<Gamma> rule: ty.strong_induct)
apply(auto simp add: ty.supp abs_supp supp_atm closed_in_def)
- \<comment>\<open>Too bad that this instantiation cannot be found automatically by
+ \<comment> \<open>Too bad that this instantiation cannot be found automatically by
\isakeyword{auto}; \isakeyword{blast} would find it if we had not used
an explicit definition for \<open>closed_in_def\<close>.\<close>
apply(drule_tac x="(TVarB tyvrs ty2)#\<Gamma>" in meta_spec)
@@ -969,7 +969,7 @@
qed
} note transitivity_lemma = this
- { \<comment>\<open>The transitivity proof is now by the auxiliary lemma.\<close>
+ { \<comment> \<open>The transitivity proof is now by the auxiliary lemma.\<close>
case 1
from \<open>\<Gamma> \<turnstile> S <: Q\<close> and \<open>\<Gamma> \<turnstile> Q <: T\<close>
show "\<Gamma> \<turnstile> S <: T" by (rule transitivity_lemma)
--- a/src/HOL/Nominal/Examples/SN.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nominal/Examples/SN.thy Tue Jan 16 09:30:00 2018 +0100
@@ -509,7 +509,7 @@
shows "\<theta><t> \<in> RED \<tau>"
using a b
proof(nominal_induct avoiding: \<theta> rule: typing.strong_induct)
- case (t3 a \<Gamma> \<sigma> t \<tau> \<theta>) \<comment>"lambda case"
+ case (t3 a \<Gamma> \<sigma> t \<tau> \<theta>) \<comment> \<open>lambda case\<close>
have ih: "\<And>\<theta>. \<theta> closes ((a,\<sigma>)#\<Gamma>) \<Longrightarrow> \<theta><t> \<in> RED \<tau>" by fact
have \<theta>_cond: "\<theta> closes \<Gamma>" by fact
have fresh: "a\<sharp>\<Gamma>" "a\<sharp>\<theta>" by fact+
@@ -547,12 +547,12 @@
shows "(id \<Gamma>) closes \<Gamma>"
apply(auto)
apply(simp add: id_maps)
-apply(subgoal_tac "CR3 T") \<comment>"A"
+apply(subgoal_tac "CR3 T") \<comment> \<open>A\<close>
apply(drule CR3_implies_CR4)
apply(simp add: CR4_def)
apply(drule_tac x="Var x" in spec)
apply(force simp add: NEUT_def NORMAL_Var)
-\<comment>"A"
+\<comment> \<open>A\<close>
apply(rule RED_props)
done
--- a/src/HOL/Nominal/Nominal.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nominal/Nominal.thy Tue Jan 16 09:30:00 2018 +0100
@@ -770,7 +770,7 @@
apply(rule at_prm_eq_refl)
done
-\<comment>"there always exists an atom that is not being in a finite set"
+\<comment> \<open>there always exists an atom that is not being in a finite set\<close>
lemma ex_in_inf:
fixes A::"'x set"
assumes at: "at TYPE('x)"
@@ -833,7 +833,7 @@
then show "\<exists>(b::'x). a\<noteq>b" by blast
qed
-\<comment>"the at-props imply the pt-props"
+\<comment> \<open>the at-props imply the pt-props\<close>
lemma at_pt_inst:
assumes at: "at TYPE('x)"
shows "pt TYPE('x) TYPE('x)"
@@ -1354,7 +1354,7 @@
apply(simp add: pt_pi_rev[OF pt, OF at])
done
-\<comment> "some helper lemmas for the pt_perm_supp_ineq lemma"
+\<comment> \<open>some helper lemmas for the pt_perm_supp_ineq lemma\<close>
lemma Collect_permI:
fixes pi :: "'x prm"
and x :: "'a"
@@ -1672,7 +1672,7 @@
shows "pi\<bullet>(c\<sharp>x) = (pi\<bullet>c)\<sharp>(pi\<bullet>x)"
by (simp add: pt_fresh_left_ineq[OF pta, OF ptb, OF at, OF cp] dj_perm_forget[OF dj] perm_bool)
-\<comment>"the co-set of a finite set is infinte"
+\<comment> \<open>the co-set of a finite set is infinte\<close>
lemma finite_infinite:
assumes a: "finite {b::'x. P b}"
and b: "infinite (UNIV::'x set)"
@@ -2015,7 +2015,7 @@
by (simp add: perm_fun_def pt_rev_pi[OF pt, OF at])
-\<comment>"sometimes pt_fun_app_eq does too much; this lemma 'corrects it'"
+\<comment> \<open>sometimes pt_fun_app_eq does too much; this lemma 'corrects it'\<close>
lemma pt_perm:
fixes x :: "'a"
and pi1 :: "'x prm"
@@ -2056,7 +2056,7 @@
qed
qed
-\<comment> "two helper lemmas for the equivariance of functions"
+\<comment> \<open>two helper lemmas for the equivariance of functions\<close>
lemma pt_swap_eq_aux:
fixes y :: "'a"
and pi :: "'x prm"
@@ -2819,7 +2819,7 @@
thus "fr1 = fr2" by force
qed
-\<comment> "packaging the freshness lemma into a function"
+\<comment> \<open>packaging the freshness lemma into a function\<close>
definition fresh_fun :: "('x\<Rightarrow>'a)\<Rightarrow>'a" where
"fresh_fun (h) \<equiv> THE fr. (\<forall>(a::'x). a\<sharp>h \<longrightarrow> (h a) = fr)"
@@ -3068,7 +3068,7 @@
show "?LHS=?RHS"
proof -
have "(c=a) \<or> (c=b) \<or> (c\<noteq>a \<and> c\<noteq>b)" by blast
- moreover \<comment>"case c=a"
+ moreover \<comment> \<open>case c=a\<close>
{ have "nSome(x) = nSome([(a,b)]\<bullet>y)" using a2 by simp
also have "\<dots> = nSome([(b,a)]\<bullet>y)" by (simp, rule pt3[OF pt], rule at_ds5[OF at])
finally have "nSome(x) = nSome([(b,a)]\<bullet>y)" by simp
@@ -3076,7 +3076,7 @@
assume "c=a"
ultimately have "?LHS=?RHS" using a1 a3 by simp
}
- moreover \<comment> "case c=b"
+ moreover \<comment> \<open>case c=b\<close>
{ have a4: "y=[(a,b)]\<bullet>x" using a2 by (simp only: pt_swap_bij[OF pt, OF at])
hence "a\<sharp>([(a,b)]\<bullet>x)" using a3 by simp
hence "b\<sharp>x" by (simp add: at_calc[OF at] pt_fresh_left[OF pt, OF at])
@@ -3084,7 +3084,7 @@
assume "c=b"
ultimately have "?LHS=?RHS" using a1 a4 by simp
}
- moreover \<comment> "case c\<noteq>a \<and> c\<noteq>b"
+ moreover \<comment> \<open>case c\<noteq>a \<and> c\<noteq>b\<close>
{ assume a5: "c\<noteq>a \<and> c\<noteq>b"
moreover
have "c\<sharp>x = c\<sharp>y" using a2 a5 by (force simp add: at_calc[OF at] pt_fresh_left[OF pt, OF at])
--- a/src/HOL/Nonstandard_Analysis/HSEQ.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nonstandard_Analysis/HSEQ.thy Tue Jan 16 09:30:00 2018 +0100
@@ -17,7 +17,7 @@
definition NSLIMSEQ :: "(nat \<Rightarrow> 'a::real_normed_vector) \<Rightarrow> 'a \<Rightarrow> bool"
("((_)/ \<longlonglongrightarrow>\<^sub>N\<^sub>S (_))" [60, 60] 60) where
- \<comment>\<open>Nonstandard definition of convergence of sequence\<close>
+ \<comment> \<open>Nonstandard definition of convergence of sequence\<close>
"X \<longlonglongrightarrow>\<^sub>N\<^sub>S L \<longleftrightarrow> (\<forall>N \<in> HNatInfinite. ( *f* X) N \<approx> star_of L)"
definition nslim :: "(nat \<Rightarrow> 'a::real_normed_vector) \<Rightarrow> 'a"
--- a/src/HOL/Nonstandard_Analysis/HTranscendental.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nonstandard_Analysis/HTranscendental.thy Tue Jan 16 09:30:00 2018 +0100
@@ -13,7 +13,7 @@
definition
exphr :: "real => hypreal" where
- \<comment>\<open>define exponential function using standard part\<close>
+ \<comment> \<open>define exponential function using standard part\<close>
"exphr x = st(sumhr (0, whn, %n. inverse (fact n) * (x ^ n)))"
definition
@@ -603,7 +603,7 @@
done
lemma STAR_cos_Infinitesimal_approx2:
- fixes x :: hypreal \<comment>\<open>perhaps could be generalised, like many other hypreal results\<close>
+ fixes x :: hypreal \<comment> \<open>perhaps could be generalised, like many other hypreal results\<close>
shows "x \<in> Infinitesimal ==> ( *f* cos) x \<approx> 1 - (x\<^sup>2)/2"
apply (rule STAR_cos_Infinitesimal [THEN approx_trans])
apply (auto intro: Infinitesimal_SReal_divide Infinitesimal_mult
--- a/src/HOL/Nonstandard_Analysis/NSCA.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Nonstandard_Analysis/NSCA.thy Tue Jan 16 09:30:00 2018 +0100
@@ -14,7 +14,7 @@
SComplex :: "hcomplex set" where
"SComplex \<equiv> Standard"
-definition \<comment>\<open>standard part map\<close>
+definition \<comment> \<open>standard part map\<close>
stc :: "hcomplex => hcomplex" where
"stc x = (SOME r. x \<in> HFinite \<and> r\<in>SComplex \<and> r \<approx> x)"
--- a/src/HOL/Orderings.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Orderings.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1439,7 +1439,7 @@
then show "P (LEAST x. P x)" and "(LEAST x. P x) \<le> k" by auto
qed
-\<comment> "The following 3 lemmas are due to Brian Huffman"
+\<comment> \<open>The following 3 lemmas are due to Brian Huffman\<close>
lemma LeastI_ex: "\<exists>x. P x \<Longrightarrow> P (Least P)"
by (erule exE) (erule LeastI)
--- a/src/HOL/Predicate_Compile_Examples/Examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Predicate_Compile_Examples/Examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -235,7 +235,7 @@
type_synonym vname = nat
type_synonym vvalue = int
-type_synonym var_assign = "vname \<Rightarrow> vvalue" \<comment>"variable assignment"
+type_synonym var_assign = "vname \<Rightarrow> vvalue" \<comment> \<open>variable assignment\<close>
datatype ir_expr =
IrConst vvalue
@@ -264,7 +264,7 @@
subsection \<open>Another semantics\<close>
-type_synonym name = nat \<comment>"For simplicity in examples"
+type_synonym name = nat \<comment> \<open>For simplicity in examples\<close>
type_synonym state' = "name \<Rightarrow> nat"
datatype aexp = N nat | V name | Plus aexp aexp
--- a/src/HOL/Probability/ex/Dining_Cryptographers.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Probability/ex/Dining_Cryptographers.thy Tue Jan 16 09:30:00 2018 +0100
@@ -64,7 +64,7 @@
have foldl_coin:
"\<not> ?XOR (\<lambda>c. coin dc c \<noteq> coin dc (c + 1)) n"
proof -
- define n' where "n' = n" \<comment> "Need to hide n, as it is hidden in coin"
+ define n' where "n' = n" \<comment> \<open>Need to hide n, as it is hidden in coin\<close>
have "?XOR (\<lambda>c. coin dc c \<noteq> coin dc (c + 1)) n'
= (coin dc 0 \<noteq> coin dc n')"
by (induct n') auto
@@ -81,7 +81,7 @@
next
assume "\<exists>k<n. payer dc = Some k"
then obtain k where "k < n" and "payer dc = Some k" by auto
- define l where "l = n" \<comment> "Need to hide n, as it is hidden in coin, payer etc."
+ define l where "l = n" \<comment> \<open>Need to hide n, as it is hidden in coin, payer etc.\<close>
have "?XOR (\<lambda>c. (payer dc = Some c) \<noteq> (coin dc c \<noteq> coin dc (c + 1))) l =
((k < l) \<noteq> ?XOR (\<lambda>c. (coin dc c \<noteq> coin dc (c + 1))) l)"
using \<open>payer dc = Some k\<close> by (induct l) auto
--- a/src/HOL/Product_Type.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Product_Type.thy Tue Jan 16 09:30:00 2018 +0100
@@ -35,7 +35,7 @@
setup \<open>Sign.parent_path\<close>
declare case_split [cases type: bool]
- \<comment> "prefer plain propositional version"
+ \<comment> \<open>prefer plain propositional version\<close>
lemma [code]: "HOL.equal False P \<longleftrightarrow> \<not> P"
and [code]: "HOL.equal True P \<longleftrightarrow> P"
--- a/src/HOL/Proofs/Lambda/NormalForm.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Proofs/Lambda/NormalForm.thy Tue Jan 16 09:30:00 2018 +0100
@@ -146,7 +146,7 @@
lemma app_Var_NF: "NF t \<Longrightarrow> \<exists>t'. t \<degree> Var i \<rightarrow>\<^sub>\<beta>\<^sup>* t' \<and> NF t'"
apply (induct set: NF)
- apply (simplesubst app_last) \<comment>\<open>Using \<open>subst\<close> makes extraction fail\<close>
+ apply (simplesubst app_last) \<comment> \<open>Using \<open>subst\<close> makes extraction fail\<close>
apply (rule exI)
apply (rule conjI)
apply (rule rtranclp.rtrancl_refl)
--- a/src/HOL/Quickcheck_Examples/Quickcheck_Examples.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Quickcheck_Examples/Quickcheck_Examples.thy Tue Jan 16 09:30:00 2018 +0100
@@ -141,13 +141,13 @@
theorem "plant (rev (leaves xt)) = mirror xt"
quickcheck[random, expect = counterexample]
quickcheck[exhaustive, expect = counterexample]
- \<comment>\<open>Wrong!\<close>
+ \<comment> \<open>Wrong!\<close>
oops
theorem "plant((leaves xt) @ (leaves yt)) = Branch xt yt"
quickcheck[random, expect = counterexample]
quickcheck[exhaustive, expect = counterexample]
- \<comment>\<open>Wrong!\<close>
+ \<comment> \<open>Wrong!\<close>
oops
datatype 'a ntree = Tip "'a" | Node "'a" "'a ntree" "'a ntree"
@@ -163,7 +163,7 @@
theorem "hd (inOrder xt) = root xt"
quickcheck[random, expect = counterexample]
quickcheck[exhaustive, expect = counterexample]
- \<comment>\<open>Wrong!\<close>
+ \<comment> \<open>Wrong!\<close>
oops
--- a/src/HOL/SET_Protocol/Cardholder_Registration.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/SET_Protocol/Cardholder_Registration.thy Tue Jan 16 09:30:00 2018 +0100
@@ -26,7 +26,7 @@
KeyCryptKey_Nil:
"KeyCryptKey DK K [] = False"
| KeyCryptKey_Cons:
- \<comment>\<open>Says is the only important case.
+ \<comment> \<open>Says is the only important case.
1st case: CR5, where KC3 encrypts KC2.
2nd case: any use of priEK C.
Revision 1.12 has a more complicated version with separate treatment of
@@ -51,7 +51,7 @@
KeyCryptNonce_Nil:
"KeyCryptNonce EK K [] = False"
| KeyCryptNonce_Cons:
- \<comment>\<open>Says is the only important case.
+ \<comment> \<open>Says is the only important case.
1st case: CR3, where KC1 encrypts NC2 (distinct from CR5 due to EXH);
2nd case: CR5, where KC3 encrypts NC3;
3rd case: CR6, where KC2 encrypts NC3;
@@ -59,8 +59,7 @@
5th case: any use of @{term "priEK C"} (including CardSecret).
NB the only Nonces we need to keep secret are CardSecret and NonceCCA.
But we can't prove \<open>Nonce_compromise\<close> unless the relation covers ALL
- nonces that the protocol keeps secret.
-\<close>
+ nonces that the protocol keeps secret.\<close>
"KeyCryptNonce DK N (ev # evs) =
(KeyCryptNonce DK N evs |
(case ev of
@@ -91,22 +90,22 @@
set_cr :: "event list set"
where
- Nil: \<comment>\<open>Initial trace is empty\<close>
+ Nil: \<comment> \<open>Initial trace is empty\<close>
"[] \<in> set_cr"
-| Fake: \<comment>\<open>The spy MAY say anything he CAN say.\<close>
+| Fake: \<comment> \<open>The spy MAY say anything he CAN say.\<close>
"[| evsf \<in> set_cr; X \<in> synth (analz (knows Spy evsf)) |]
==> Says Spy B X # evsf \<in> set_cr"
-| Reception: \<comment>\<open>If A sends a message X to B, then B might receive it\<close>
+| Reception: \<comment> \<open>If A sends a message X to B, then B might receive it\<close>
"[| evsr \<in> set_cr; Says A B X \<in> set evsr |]
==> Gets B X # evsr \<in> set_cr"
-| SET_CR1: \<comment>\<open>CardCInitReq: C initiates a run, sending a nonce to CCA\<close>
+| SET_CR1: \<comment> \<open>CardCInitReq: C initiates a run, sending a nonce to CCA\<close>
"[| evs1 \<in> set_cr; C = Cardholder k; Nonce NC1 \<notin> used evs1 |]
==> Says C (CA i) \<lbrace>Agent C, Nonce NC1\<rbrace> # evs1 \<in> set_cr"
-| SET_CR2: \<comment>\<open>CardCInitRes: CA responds sending NC1 and its certificates\<close>
+| SET_CR2: \<comment> \<open>CardCInitRes: CA responds sending NC1 and its certificates\<close>
"[| evs2 \<in> set_cr;
Gets (CA i) \<lbrace>Agent C, Nonce NC1\<rbrace> \<in> set evs2 |]
==> Says (CA i) C
@@ -116,7 +115,7 @@
# evs2 \<in> set_cr"
| SET_CR3:
- \<comment>\<open>RegFormReq: C sends his PAN and a new nonce to CA.
+ \<comment> \<open>RegFormReq: C sends his PAN and a new nonce to CA.
C verifies that
- nonce received is the same as that sent;
- certificates are signed by RCA;
@@ -140,7 +139,7 @@
# evs3 \<in> set_cr"
| SET_CR4:
- \<comment>\<open>RegFormRes:
+ \<comment> \<open>RegFormRes:
CA responds sending NC2 back with a new nonce NCA, after checking that
- the digital envelope is correctly encrypted by @{term "pubEK (CA i)"}
- the entire message is encrypted with the same key found inside the
@@ -156,7 +155,7 @@
# evs4 \<in> set_cr"
| SET_CR5:
- \<comment>\<open>CertReq: C sends his PAN, a new nonce, its proposed public signature key
+ \<comment> \<open>CertReq: C sends his PAN, a new nonce, its proposed public signature key
and its half of the secret value to CA.
We now assume that C has a fixed key pair, and he submits (pubSK C).
The protocol does not require this key to be fresh.
@@ -183,13 +182,12 @@
# evs5 \<in> set_cr"
- \<comment>\<open>CertRes: CA responds sending NC3 back with its half of the secret value,
+ \<comment> \<open>CertRes: CA responds sending NC3 back with its half of the secret value,
its signature certificate and the new cardholder signature
certificate. CA checks to have never certified the key proposed by C.
NOTE: In Merchant Registration, the corresponding rule (4)
uses the "sign" primitive. The encryption below is actually @{term EncK},
- which is just @{term "Crypt K (sign SK X)"}.
-\<close>
+ which is just @{term "Crypt K (sign SK X)"}.\<close>
| SET_CR6:
"[| evs6 \<in> set_cr;
@@ -343,8 +341,8 @@
apply (erule set_cr.induct)
apply (frule_tac [8] Gets_certificate_valid)
apply (frule_tac [6] Gets_certificate_valid, simp_all)
-apply (force dest!: usedI keysFor_parts_insert) \<comment>\<open>Fake\<close>
-apply (blast,auto) \<comment>\<open>Others\<close>
+apply (force dest!: usedI keysFor_parts_insert) \<comment> \<open>Fake\<close>
+apply (blast,auto) \<comment> \<open>Others\<close>
done
@@ -553,8 +551,8 @@
apply (erule set_cr.induct)
apply (rule_tac [!] allI) +
apply (rule_tac [!] impI [THEN Key_analz_image_Key_lemma, THEN impI])+
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
-apply (valid_certificate_tac [6]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
+apply (valid_certificate_tac [6]) \<comment> \<open>for message 5\<close>
apply (erule_tac [9] msg6_KeyCryptKey_disj [THEN disjE])
apply (simp_all
del: image_insert image_Un imp_disjL
@@ -563,10 +561,10 @@
K_fresh_not_KeyCryptKey
DK_fresh_not_KeyCryptKey ball_conj_distrib
analz_image_priEK disj_simps)
- \<comment>\<open>9 seconds on a 1.6GHz machine\<close>
+ \<comment> \<open>9 seconds on a 1.6GHz machine\<close>
apply spy_analz
-apply blast \<comment>\<open>3\<close>
-apply blast \<comment>\<open>5\<close>
+apply blast \<comment> \<open>3\<close>
+apply blast \<comment> \<open>5\<close>
done
text\<open>The remaining quantifiers seem to be essential.
@@ -579,8 +577,8 @@
Cardholder c \<notin> bad -->
Key K \<notin> analz (knows Spy evs)"
apply (erule set_cr.induct)
-apply (frule_tac [8] Gets_certificate_valid) \<comment>\<open>for message 5\<close>
-apply (frule_tac [6] Gets_certificate_valid) \<comment>\<open>for message 3\<close>
+apply (frule_tac [8] Gets_certificate_valid) \<comment> \<open>for message 5\<close>
+apply (frule_tac [6] Gets_certificate_valid) \<comment> \<open>for message 3\<close>
apply (erule_tac [11] msg6_KeyCryptKey_disj [THEN disjE])
apply (simp_all del: image_insert image_Un imp_disjL
add: symKey_compromise fresh_notin_analz_knows_Spy
@@ -589,8 +587,8 @@
K_fresh_not_KeyCryptKey
DK_fresh_not_KeyCryptKey
analz_image_priEK)
- \<comment>\<open>2.5 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
+ \<comment> \<open>2.5 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
apply (auto intro: analz_into_parts [THEN usedI] in_parts_Says_imp_used)
done
@@ -680,7 +678,7 @@
"[|cardSK \<notin> symKeys; \<forall>C. cardSK \<noteq> priEK C; evs \<in> set_cr|] ==>
Key cardSK \<notin> analz (knows Spy evs) --> ~ KeyCryptNonce cardSK N evs"
apply (erule set_cr.induct, analz_mono_contra, simp_all)
-apply (blast dest: not_KeyCryptKey_cardSK) \<comment>\<open>6\<close>
+apply (blast dest: not_KeyCryptKey_cardSK) \<comment> \<open>6\<close>
done
subsubsection\<open>Lemmas for message 5 and 6:
@@ -723,8 +721,8 @@
apply (erule set_cr.induct)
apply (rule_tac [!] allI)+
apply (rule_tac [!] impI [THEN Nonce_analz_image_Key_lemma])+
-apply (frule_tac [8] Gets_certificate_valid) \<comment>\<open>for message 5\<close>
-apply (frule_tac [6] Gets_certificate_valid) \<comment>\<open>for message 3\<close>
+apply (frule_tac [8] Gets_certificate_valid) \<comment> \<open>for message 5\<close>
+apply (frule_tac [6] Gets_certificate_valid) \<comment> \<open>for message 3\<close>
apply (frule_tac [11] msg6_KeyCryptNonce_disj)
apply (erule_tac [13] disjE)
apply (simp_all del: image_insert image_Un
@@ -734,13 +732,13 @@
N_fresh_not_KeyCryptNonce
DK_fresh_not_KeyCryptNonce K_fresh_not_KeyCryptKey
ball_conj_distrib analz_image_priEK)
- \<comment>\<open>14 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply blast \<comment>\<open>3\<close>
-apply blast \<comment>\<open>5\<close>
+ \<comment> \<open>14 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply blast \<comment> \<open>3\<close>
+apply blast \<comment> \<open>5\<close>
txt\<open>Message 6\<close>
apply (metis symKey_compromise)
- \<comment>\<open>cardSK compromised\<close>
+ \<comment> \<open>cardSK compromised\<close>
txt\<open>Simplify again--necessary because the previous simplification introduces
some logical connectives\<close>
apply (force simp del: image_insert image_Un imp_disjL
@@ -773,12 +771,12 @@
Cardholder k \<notin> bad & CA i \<notin> bad)"
apply (erule_tac P = "U \<in> H" for H in rev_mp)
apply (erule set_cr.induct)
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
apply (simp_all del: image_insert image_Un imp_disjL
add: analz_image_keys_simps analz_knows_absorb
analz_knows_absorb2 notin_image_iff)
- \<comment>\<open>4 seconds on a 1.6GHz machine\<close>
-apply (simp_all (no_asm_simp)) \<comment>\<open>leaves 4 subgoals\<close>
+ \<comment> \<open>4 seconds on a 1.6GHz machine\<close>
+apply (simp_all (no_asm_simp)) \<comment> \<open>leaves 4 subgoals\<close>
apply (blast intro!: analz_insertI)+
done
@@ -798,8 +796,8 @@
\<in> parts (knows Spy evs) -->
Nonce CardSecret \<notin> analz (knows Spy evs)"
apply (erule set_cr.induct, analz_mono_contra)
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
-apply (valid_certificate_tac [6]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
+apply (valid_certificate_tac [6]) \<comment> \<open>for message 5\<close>
apply (frule_tac [9] msg6_KeyCryptNonce_disj [THEN disjE])
apply (simp_all
del: image_insert image_Un imp_disjL
@@ -809,15 +807,15 @@
N_fresh_not_KeyCryptNonce DK_fresh_not_KeyCryptNonce
ball_conj_distrib Nonce_compromise symKey_compromise
analz_image_priEK)
- \<comment>\<open>2.5 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
+ \<comment> \<open>2.5 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
apply (simp_all (no_asm_simp))
-apply blast \<comment>\<open>1\<close>
-apply (blast dest!: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment>\<open>2\<close>
-apply blast \<comment>\<open>3\<close>
-apply (blast dest: NC2_not_CardSecret Gets_imp_knows_Spy [THEN analz.Inj] analz_symKeys_Decrypt) \<comment>\<open>4\<close>
-apply blast \<comment>\<open>5\<close>
-apply (blast dest: KC2_secrecy)+ \<comment>\<open>Message 6: two cases\<close>
+apply blast \<comment> \<open>1\<close>
+apply (blast dest!: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment> \<open>2\<close>
+apply blast \<comment> \<open>3\<close>
+apply (blast dest: NC2_not_CardSecret Gets_imp_knows_Spy [THEN analz.Inj] analz_symKeys_Decrypt) \<comment> \<open>4\<close>
+apply blast \<comment> \<open>5\<close>
+apply (blast dest: KC2_secrecy)+ \<comment> \<open>Message 6: two cases\<close>
done
@@ -864,8 +862,8 @@
\<in> parts (knows Spy evs) -->
Nonce NonceCCA \<notin> analz (knows Spy evs)"
apply (erule set_cr.induct, analz_mono_contra)
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
-apply (valid_certificate_tac [6]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
+apply (valid_certificate_tac [6]) \<comment> \<open>for message 5\<close>
apply (frule_tac [9] msg6_KeyCryptNonce_disj [THEN disjE])
apply (simp_all
del: image_insert image_Un imp_disjL
@@ -875,14 +873,14 @@
N_fresh_not_KeyCryptNonce DK_fresh_not_KeyCryptNonce
ball_conj_distrib Nonce_compromise symKey_compromise
analz_image_priEK)
- \<comment>\<open>3 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply blast \<comment>\<open>1\<close>
-apply (blast dest!: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment>\<open>2\<close>
-apply blast \<comment>\<open>3\<close>
-apply (blast dest: NC2_not_NonceCCA) \<comment>\<open>4\<close>
-apply blast \<comment>\<open>5\<close>
-apply (blast dest: KC2_secrecy)+ \<comment>\<open>Message 6: two cases\<close>
+ \<comment> \<open>3 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply blast \<comment> \<open>1\<close>
+apply (blast dest!: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment> \<open>2\<close>
+apply blast \<comment> \<open>3\<close>
+apply (blast dest: NC2_not_NonceCCA) \<comment> \<open>4\<close>
+apply blast \<comment> \<open>5\<close>
+apply (blast dest: KC2_secrecy)+ \<comment> \<open>Message 6: two cases\<close>
done
@@ -935,16 +933,16 @@
apply (erule set_cr.induct)
apply (rule_tac [!] allI impI)+
apply (rule_tac [!] analz_image_pan_lemma)
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
-apply (valid_certificate_tac [6]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
+apply (valid_certificate_tac [6]) \<comment> \<open>for message 5\<close>
apply (erule_tac [9] msg6_cardSK_disj [THEN disjE])
apply (simp_all
del: image_insert image_Un
add: analz_image_keys_simps disjoint_image_iff
notin_image_iff analz_image_priEK)
- \<comment>\<open>6 seconds on a 1.6GHz machine\<close>
+ \<comment> \<open>6 seconds on a 1.6GHz machine\<close>
apply spy_analz
-apply (simp add: insert_absorb) \<comment>\<open>6\<close>
+apply (simp add: insert_absorb) \<comment> \<open>6\<close>
done
lemma analz_insert_pan:
@@ -966,18 +964,18 @@
& (CA i) \<in> bad"
apply (erule rev_mp)
apply (erule set_cr.induct)
-apply (valid_certificate_tac [8]) \<comment>\<open>for message 5\<close>
-apply (valid_certificate_tac [6]) \<comment>\<open>for message 5\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>for message 5\<close>
+apply (valid_certificate_tac [6]) \<comment> \<open>for message 5\<close>
apply (erule_tac [9] msg6_cardSK_disj [THEN disjE])
apply (simp_all
del: image_insert image_Un
add: analz_image_keys_simps analz_insert_pan analz_image_pan
notin_image_iff analz_image_priEK)
- \<comment>\<open>3.5 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>fake\<close>
-apply blast \<comment>\<open>3\<close>
-apply blast \<comment>\<open>5\<close>
-apply (simp (no_asm_simp) add: insert_absorb) \<comment>\<open>6\<close>
+ \<comment> \<open>3.5 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>fake\<close>
+apply blast \<comment> \<open>3\<close>
+apply blast \<comment> \<open>5\<close>
+apply (simp (no_asm_simp) add: insert_absorb) \<comment> \<open>6\<close>
done
--- a/src/HOL/SET_Protocol/Merchant_Registration.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/SET_Protocol/Merchant_Registration.thy Tue Jan 16 09:30:00 2018 +0100
@@ -20,26 +20,26 @@
set_mr :: "event list set"
where
- Nil: \<comment>\<open>Initial trace is empty\<close>
+ Nil: \<comment> \<open>Initial trace is empty\<close>
"[] \<in> set_mr"
-| Fake: \<comment>\<open>The spy MAY say anything he CAN say.\<close>
+| Fake: \<comment> \<open>The spy MAY say anything he CAN say.\<close>
"[| evsf \<in> set_mr; X \<in> synth (analz (knows Spy evsf)) |]
==> Says Spy B X # evsf \<in> set_mr"
-| Reception: \<comment>\<open>If A sends a message X to B, then B might receive it\<close>
+| Reception: \<comment> \<open>If A sends a message X to B, then B might receive it\<close>
"[| evsr \<in> set_mr; Says A B X \<in> set evsr |]
==> Gets B X # evsr \<in> set_mr"
-| SET_MR1: \<comment>\<open>RegFormReq: M requires a registration form to a CA\<close>
+| SET_MR1: \<comment> \<open>RegFormReq: M requires a registration form to a CA\<close>
"[| evs1 \<in> set_mr; M = Merchant k; Nonce NM1 \<notin> used evs1 |]
==> Says M (CA i) \<lbrace>Agent M, Nonce NM1\<rbrace> # evs1 \<in> set_mr"
-| SET_MR2: \<comment>\<open>RegFormRes: CA replies with the registration form and the
+| SET_MR2: \<comment> \<open>RegFormRes: CA replies with the registration form and the
certificates for her keys\<close>
"[| evs2 \<in> set_mr; Nonce NCA \<notin> used evs2;
Gets (CA i) \<lbrace>Agent M, Nonce NM1\<rbrace> \<in> set evs2 |]
@@ -49,7 +49,7 @@
# evs2 \<in> set_mr"
| SET_MR3:
- \<comment>\<open>CertReq: M submits the key pair to be certified. The Notes
+ \<comment> \<open>CertReq: M submits the key pair to be certified. The Notes
event allows KM1 to be lost if M is compromised. Piero remarks
that the agent mentioned inside the signature is not verified to
correspond to M. As in CR, each Merchant has fixed key pairs. M
@@ -70,7 +70,7 @@
# evs3 \<in> set_mr"
| SET_MR4:
- \<comment>\<open>CertRes: CA issues the certificates for merSK and merEK,
+ \<comment> \<open>CertRes: CA issues the certificates for merSK and merEK,
while checking never to have certified the m even
separately. NOTE: In Cardholder Registration the
corresponding rule (6) doesn't use the "sign" primitive. "The
@@ -192,10 +192,10 @@
==> Key K \<notin> used evs --> K \<in> symKeys -->
K \<notin> keysFor (parts (knows Spy evs))"
apply (erule set_mr.induct, simp_all)
-apply (force dest!: usedI keysFor_parts_insert) \<comment>\<open>Fake\<close>
-apply force \<comment>\<open>Message 2\<close>
-apply (blast dest: Gets_certificate_valid) \<comment>\<open>Message 3\<close>
-apply force \<comment>\<open>Message 4\<close>
+apply (force dest!: usedI keysFor_parts_insert) \<comment> \<open>Fake\<close>
+apply force \<comment> \<open>Message 2\<close>
+apply (blast dest: Gets_certificate_valid) \<comment> \<open>Message 3\<close>
+apply force \<comment> \<open>Message 4\<close>
done
@@ -292,9 +292,9 @@
add: analz_image_keys_simps abbrev_simps analz_knows_absorb
analz_knows_absorb2 analz_Key_image_insert_eq notin_image_iff
Spy_analz_private_Key analz_image_priEK)
- \<comment>\<open>5 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply auto \<comment>\<open>Message 3\<close>
+ \<comment> \<open>5 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply auto \<comment> \<open>Message 3\<close>
done
lemma symKey_secrecy [rule_format]:
@@ -312,9 +312,9 @@
analz_knows_absorb2 analz_Key_image_insert_eq
symKey_compromise notin_image_iff Spy_analz_private_Key
analz_image_priEK)
-apply spy_analz \<comment>\<open>Fake\<close>
-apply force \<comment>\<open>Message 1\<close>
-apply (auto intro: analz_into_parts [THEN usedI] in_parts_Says_imp_used) \<comment>\<open>Message 3\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply force \<comment> \<open>Message 1\<close>
+apply (auto intro: analz_into_parts [THEN usedI] in_parts_Says_imp_used) \<comment> \<open>Message 3\<close>
done
subsection\<open>Unicity\<close>
--- a/src/HOL/SET_Protocol/Message_SET.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/SET_Protocol/Message_SET.thy Tue Jan 16 09:30:00 2018 +0100
@@ -35,8 +35,8 @@
type_synonym key = nat
consts
- all_symmetric :: bool \<comment>\<open>true if all keys are symmetric\<close>
- invKey :: "key=>key" \<comment>\<open>inverse of a symmetric key\<close>
+ all_symmetric :: bool \<comment> \<open>true if all keys are symmetric\<close>
+ invKey :: "key=>key" \<comment> \<open>inverse of a symmetric key\<close>
specification (invKey)
invKey [simp]: "invKey (invKey K) = K"
@@ -57,14 +57,14 @@
text\<open>Messages\<close>
datatype
- msg = Agent agent \<comment>\<open>Agent names\<close>
- | Number nat \<comment>\<open>Ordinary integers, timestamps, ...\<close>
- | Nonce nat \<comment>\<open>Unguessable nonces\<close>
- | Pan nat \<comment>\<open>Unguessable Primary Account Numbers (??)\<close>
- | Key key \<comment>\<open>Crypto keys\<close>
- | Hash msg \<comment>\<open>Hashing\<close>
- | MPair msg msg \<comment>\<open>Compound messages\<close>
- | Crypt key msg \<comment>\<open>Encryption, public- or shared-key\<close>
+ msg = Agent agent \<comment> \<open>Agent names\<close>
+ | Number nat \<comment> \<open>Ordinary integers, timestamps, ...\<close>
+ | Nonce nat \<comment> \<open>Unguessable nonces\<close>
+ | Pan nat \<comment> \<open>Unguessable Primary Account Numbers (??)\<close>
+ | Key key \<comment> \<open>Crypto keys\<close>
+ | Hash msg \<comment> \<open>Hashing\<close>
+ | MPair msg msg \<comment> \<open>Compound messages\<close>
+ | Crypt key msg \<comment> \<open>Encryption, public- or shared-key\<close>
(*Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...*)
@@ -81,7 +81,7 @@
(curry prod_encode 2)
(curry prod_encode 3)
(prod_encode (4,0))"
- \<comment>\<open>maps each agent to a unique natural number, for specifications\<close>
+ \<comment> \<open>maps each agent to a unique natural number, for specifications\<close>
text\<open>The function is indeed injective\<close>
lemma inj_nat_of_agent: "inj nat_of_agent"
--- a/src/HOL/SET_Protocol/Public_SET.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/SET_Protocol/Public_SET.thy Tue Jan 16 09:30:00 2018 +0100
@@ -21,7 +21,7 @@
consts
publicKey :: "[bool, agent] => key"
- \<comment>\<open>the boolean is TRUE if a signing key\<close>
+ \<comment> \<open>the boolean is TRUE if a signing key\<close>
abbreviation "pubEK == publicKey False"
abbreviation "pubSK == publicKey True"
@@ -110,7 +110,7 @@
specification (pan)
inj_pan: "inj pan"
- \<comment>\<open>No two agents have the same PAN\<close>
+ \<comment> \<open>No two agents have the same PAN\<close>
(*<*)
apply (rule exI [of _ "nat_of_agent"])
apply (simp add: inj_on_def inj_nat_of_agent [THEN inj_eq])
@@ -120,7 +120,7 @@
declare inj_pan [THEN inj_eq, iff]
consts
- XOR :: "nat*nat => nat" \<comment>\<open>no properties are assumed of exclusive-or\<close>
+ XOR :: "nat*nat => nat" \<comment> \<open>no properties are assumed of exclusive-or\<close>
subsection\<open>Signature Primitives\<close>
@@ -170,19 +170,19 @@
subsection\<open>Encryption Primitives\<close>
definition EXcrypt :: "[key,key,msg,msg] => msg" where
- \<comment>\<open>Extra Encryption\<close>
+ \<comment> \<open>Extra Encryption\<close>
(*K: the symmetric key EK: the public encryption key*)
"EXcrypt K EK M m =
\<lbrace>Crypt K \<lbrace>M, Hash m\<rbrace>, Crypt EK \<lbrace>Key K, m\<rbrace>\<rbrace>"
definition EXHcrypt :: "[key,key,msg,msg] => msg" where
- \<comment>\<open>Extra Encryption with Hashing\<close>
+ \<comment> \<open>Extra Encryption with Hashing\<close>
(*K: the symmetric key EK: the public encryption key*)
"EXHcrypt K EK M m =
\<lbrace>Crypt K \<lbrace>M, Hash m\<rbrace>, Crypt EK \<lbrace>Key K, m, Hash M\<rbrace>\<rbrace>"
definition Enc :: "[key,key,key,msg] => msg" where
- \<comment>\<open>Simple Encapsulation with SIGNATURE\<close>
+ \<comment> \<open>Simple Encapsulation with SIGNATURE\<close>
(*SK: the sender's signing key
K: the symmetric key
EK: the public encryption key*)
@@ -190,7 +190,7 @@
\<lbrace>Crypt K (sign SK M), Crypt EK (Key K)\<rbrace>"
definition EncB :: "[key,key,key,msg,msg] => msg" where
- \<comment>\<open>Encapsulation with Baggage. Keys as above, and baggage b.\<close>
+ \<comment> \<open>Encapsulation with Baggage. Keys as above, and baggage b.\<close>
"EncB SK K EK M b =
\<lbrace>Enc SK K EK \<lbrace>M, Hash b\<rbrace>, b\<rbrace>"
@@ -386,7 +386,7 @@
text\<open>Reverse the normal simplification of "image" to build up (not break down)
the set of keys. Based on \<open>analz_image_freshK_ss\<close>, but simpler.\<close>
lemmas analz_image_keys_simps =
- simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
+ simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
image_insert [THEN sym] image_Un [THEN sym]
rangeI symKeys_neq_imp_neq
insert_Key_singleton insert_Key_image Un_assoc [THEN sym]
--- a/src/HOL/SET_Protocol/Purchase.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/SET_Protocol/Purchase.thy Tue Jan 16 09:30:00 2018 +0100
@@ -54,30 +54,30 @@
consts
CardSecret :: "nat => nat"
- \<comment>\<open>Maps Cardholders to CardSecrets.
+ \<comment> \<open>Maps Cardholders to CardSecrets.
A CardSecret of 0 means no cerificate, must use unsigned format.\<close>
PANSecret :: "nat => nat"
- \<comment>\<open>Maps Cardholders to PANSecrets.\<close>
+ \<comment> \<open>Maps Cardholders to PANSecrets.\<close>
inductive_set
set_pur :: "event list set"
where
- Nil: \<comment>\<open>Initial trace is empty\<close>
+ Nil: \<comment> \<open>Initial trace is empty\<close>
"[] \<in> set_pur"
-| Fake: \<comment>\<open>The spy MAY say anything he CAN say.\<close>
+| Fake: \<comment> \<open>The spy MAY say anything he CAN say.\<close>
"[| evsf \<in> set_pur; X \<in> synth(analz(knows Spy evsf)) |]
==> Says Spy B X # evsf \<in> set_pur"
-| Reception: \<comment>\<open>If A sends a message X to B, then B might receive it\<close>
+| Reception: \<comment> \<open>If A sends a message X to B, then B might receive it\<close>
"[| evsr \<in> set_pur; Says A B X \<in> set evsr |]
==> Gets B X # evsr \<in> set_pur"
| Start:
- \<comment>\<open>Added start event which is out-of-band for SET: the Cardholder and
+ \<comment> \<open>Added start event which is out-of-band for SET: the Cardholder and
the merchant agree on the amounts and uses \<open>LID_M\<close> as an
identifier.
This is suggested by the External Interface Guide. The Programmer's
@@ -94,7 +94,7 @@
# evsStart \<in> set_pur"
| PInitReq:
- \<comment>\<open>Purchase initialization, page 72 of Formal Protocol Desc.\<close>
+ \<comment> \<open>Purchase initialization, page 72 of Formal Protocol Desc.\<close>
"[|evsPIReq \<in> set_pur;
Transaction = \<lbrace>Agent M, Agent C, Number OrderDesc, Number PurchAmt\<rbrace>;
Nonce Chall_C \<notin> used evsPIReq;
@@ -103,7 +103,7 @@
==> Says C M \<lbrace>Number LID_M, Nonce Chall_C\<rbrace> # evsPIReq \<in> set_pur"
| PInitRes:
- \<comment>\<open>Merchant replies with his own label XID and the encryption
+ \<comment> \<open>Merchant replies with his own label XID and the encryption
key certificate of his chosen Payment Gateway. Page 74 of Formal
Protocol Desc. We use \<open>LID_M\<close> to identify Cardholder\<close>
"[|evsPIRes \<in> set_pur;
@@ -121,7 +121,7 @@
# evsPIRes \<in> set_pur"
| PReqUns:
- \<comment>\<open>UNSIGNED Purchase request (CardSecret = 0).
+ \<comment> \<open>UNSIGNED Purchase request (CardSecret = 0).
Page 79 of Formal Protocol Desc.
Merchant never sees the amount in clear. This holds of the real
protocol, where XID identifies the transaction. We omit
@@ -150,7 +150,7 @@
# evsPReqU \<in> set_pur"
| PReqS:
- \<comment>\<open>SIGNED Purchase request. Page 77 of Formal Protocol Desc.
+ \<comment> \<open>SIGNED Purchase request. Page 77 of Formal Protocol Desc.
We could specify the equation
@{term "PIReqSigned = \<lbrace> PIDualSigned, OIDualSigned \<rbrace>"}, since the
Formal Desc. gives PIHead the same format in the unsigned case.
@@ -183,7 +183,7 @@
# Notes C \<lbrace>Key KC2, Agent M\<rbrace>
# evsPReqS \<in> set_pur"
- \<comment>\<open>Authorization Request. Page 92 of Formal Protocol Desc.
+ \<comment> \<open>Authorization Request. Page 92 of Formal Protocol Desc.
Sent in response to Purchase Request.\<close>
| AuthReq:
"[| evsAReq \<in> set_pur;
@@ -206,7 +206,7 @@
\<lbrace>Number LID_M, Number XID, Hash OIData, HOD\<rbrace> P_I)
# evsAReq \<in> set_pur"
- \<comment>\<open>Authorization Response has two forms: for UNSIGNED and SIGNED PIs.
+ \<comment> \<open>Authorization Response has two forms: for UNSIGNED and SIGNED PIs.
Page 99 of Formal Protocol Desc.
PI is a keyword (product!), so we call it \<open>P_I\<close>. The hashes HOD and
HOIData occur independently in \<open>P_I\<close> and in M's message.
@@ -215,7 +215,7 @@
optional items for split shipments, recurring payments, etc.\<close>
| AuthResUns:
- \<comment>\<open>Authorization Response, UNSIGNED\<close>
+ \<comment> \<open>Authorization Response, UNSIGNED\<close>
"[| evsAResU \<in> set_pur;
C = Cardholder k; M = Merchant i;
Key KP \<notin> used evsAResU; KP \<in> symKeys;
@@ -232,7 +232,7 @@
# evsAResU \<in> set_pur"
| AuthResS:
- \<comment>\<open>Authorization Response, SIGNED\<close>
+ \<comment> \<open>Authorization Response, SIGNED\<close>
"[| evsAResS \<in> set_pur;
C = Cardholder k;
Key KP \<notin> used evsAResS; KP \<in> symKeys;
@@ -254,7 +254,7 @@
# evsAResS \<in> set_pur"
| PRes:
- \<comment>\<open>Purchase response.\<close>
+ \<comment> \<open>Purchase response.\<close>
"[| evsPRes \<in> set_pur; KP \<in> symKeys; M = Merchant i;
Transaction = \<lbrace>Agent M, Agent C, Number OrderDesc, Number PurchAmt\<rbrace>;
Gets M (EncB (priSK P) KP (pubEK M)
@@ -279,7 +279,7 @@
inj_CardSecret: "inj CardSecret"
inj_PANSecret: "inj PANSecret"
CardSecret_neq_PANSecret: "CardSecret k \<noteq> PANSecret k'"
- \<comment>\<open>No CardSecret equals any PANSecret\<close>
+ \<comment> \<open>No CardSecret equals any PANSecret\<close>
apply (rule_tac x="curry prod_encode 0" in exI)
apply (rule_tac x="curry prod_encode 1" in exI)
apply (simp add: prod_encode_eq inj_on_def)
@@ -414,7 +414,7 @@
"evs \<in> set_pur
==> (Key(invKey (publicKey b A)) \<in> parts(knows Spy evs)) = (A \<in> bad)"
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply auto
done
declare Spy_see_private_Key [THEN [2] rev_iffD1, dest!]
@@ -495,10 +495,10 @@
==> Key K \<notin> used evs --> K \<in> symKeys -->
K \<notin> keysFor (parts (knows Spy evs))"
apply (erule set_pur.induct)
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply auto
-apply (force dest!: usedI keysFor_parts_insert) \<comment>\<open>Fake\<close>
+apply (force dest!: usedI keysFor_parts_insert) \<comment> \<open>Fake\<close>
done
lemma new_keys_not_analzd:
@@ -556,17 +556,17 @@
apply (erule set_pur.induct)
apply (rule_tac [!] allI)+
apply (rule_tac [!] impI [THEN Key_analz_image_Key_lemma, THEN impI])+
-apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment>\<open>AReq\<close>
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment> \<open>AReq\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps disj_simps
analz_Key_image_insert_eq notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>8 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply (blast elim!: ballE)+ \<comment>\<open>PReq: unsigned and signed\<close>
+ \<comment> \<open>8 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply (blast elim!: ballE)+ \<comment> \<open>PReq: unsigned and signed\<close>
done
@@ -589,17 +589,17 @@
apply (erule set_pur.induct)
apply (rule_tac [!] allI)+
apply (rule_tac [!] impI [THEN Nonce_analz_image_Key_lemma])+
-apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment>\<open>AReq\<close>
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment> \<open>AReq\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps disj_simps symKey_compromise
analz_Key_image_insert_eq notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>8 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply (blast elim!: ballE) \<comment>\<open>PReqS\<close>
+ \<comment> \<open>8 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply (blast elim!: ballE) \<comment> \<open>PReqS\<close>
done
lemma PANSecret_notin_spies:
@@ -612,21 +612,21 @@
apply (erule rev_mp)
apply (erule set_pur.induct)
apply (frule_tac [9] AuthReq_msg_in_analz_spies)
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps disj_simps
symKey_compromise pushes sign_def Nonce_compromise
analz_Key_image_insert_eq notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>2.5 seconds on a 1.6GHz machine\<close>
+ \<comment> \<open>2.5 seconds on a 1.6GHz machine\<close>
apply spy_analz
apply (blast dest!: Gets_imp_knows_Spy [THEN analz.Inj])
apply (blast dest: Says_imp_knows_Spy [THEN analz.Inj]
Gets_imp_knows_Spy [THEN analz.Inj])
-apply (blast dest: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment>\<open>PReqS\<close>
+apply (blast dest: Gets_imp_knows_Spy [THEN analz.Inj]) \<comment> \<open>PReqS\<close>
apply (blast dest: Says_imp_knows_Spy [THEN analz.Inj]
- Gets_imp_knows_Spy [THEN analz.Inj]) \<comment>\<open>PRes\<close>
+ Gets_imp_knows_Spy [THEN analz.Inj]) \<comment> \<open>PRes\<close>
done
text\<open>This theorem is a bit silly, in that many CardSecrets are 0!
@@ -653,17 +653,17 @@
apply (erule set_pur.induct)
apply (rule_tac [!] allI impI)+
apply (rule_tac [!] analz_image_pan_lemma)+
-apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment>\<open>AReq\<close>
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment> \<open>AReq\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps
symKey_compromise pushes sign_def
analz_Key_image_insert_eq notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>7 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
+ \<comment> \<open>7 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
apply auto
done
@@ -684,18 +684,18 @@
P \<in> bad"
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment>\<open>AReq\<close>
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment> \<open>AReq\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps analz_insert_pan analz_image_pan
notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>3 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply blast \<comment>\<open>PReqUns: unsigned\<close>
-apply force \<comment>\<open>PReqS: signed\<close>
+ \<comment> \<open>3 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply blast \<comment> \<open>PReqUns: unsigned\<close>
+apply force \<comment> \<open>PReqS: signed\<close>
done
text\<open>Confidentiality of the PAN, signed case.\<close>
@@ -708,18 +708,18 @@
OIDualSign\<rbrace> \<in> set evs & P \<in> bad"
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment>\<open>AReq\<close>
-apply (valid_certificate_tac [8]) \<comment>\<open>PReqS\<close>
-apply (valid_certificate_tac [7]) \<comment>\<open>PReqUns\<close>
+apply (frule_tac [9] AuthReq_msg_in_analz_spies) \<comment> \<open>AReq\<close>
+apply (valid_certificate_tac [8]) \<comment> \<open>PReqS\<close>
+apply (valid_certificate_tac [7]) \<comment> \<open>PReqUns\<close>
apply (simp_all
del: image_insert image_Un imp_disjL
add: analz_image_keys_simps analz_insert_pan analz_image_pan
notin_image_iff
analz_insert_simps analz_image_priEK)
- \<comment>\<open>3 seconds on a 1.6GHz machine\<close>
-apply spy_analz \<comment>\<open>Fake\<close>
-apply force \<comment>\<open>PReqUns: unsigned\<close>
-apply blast \<comment>\<open>PReqS: signed\<close>
+ \<comment> \<open>3 seconds on a 1.6GHz machine\<close>
+apply spy_analz \<comment> \<open>Fake\<close>
+apply force \<comment> \<open>PReqUns: unsigned\<close>
+apply blast \<comment> \<open>PReqS: signed\<close>
done
text\<open>General goal: that C, M and PG agree on those details of the transaction
@@ -747,7 +747,7 @@
apply clarify
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply (blast intro: M_Notes_PG)+
done
@@ -775,7 +775,7 @@
apply clarify
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply (blast intro: M_Notes_PG)+
done
@@ -841,7 +841,7 @@
apply clarify
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply blast+
done
@@ -862,7 +862,7 @@
apply clarify
apply (erule rev_mp)
apply (erule set_pur.induct, simp_all)
-apply (valid_certificate_tac [2]) \<comment>\<open>PReqUns\<close>
+apply (valid_certificate_tac [2]) \<comment> \<open>PReqUns\<close>
apply auto
apply (blast dest: Gets_imp_Says Says_C_PInitRes)
done
@@ -899,7 +899,7 @@
M \<notin> bad; evs \<in> set_pur|] ==> parts {X} \<subseteq> used evs"
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply safe
apply blast+
@@ -911,7 +911,7 @@
C \<notin> bad; evs \<in> set_pur|] ==> parts {X} \<subseteq> used evs"
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply safe
apply blast+
@@ -945,7 +945,7 @@
apply (erule rev_mp)
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply blast
apply blast
@@ -994,7 +994,7 @@
apply (erule rev_mp)
apply (erule rev_mp)
apply (erule set_pur.induct, analz_mono_contra)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply auto
done
@@ -1041,7 +1041,7 @@
apply (erule rev_mp)
apply (erule rev_mp)
apply (erule set_pur.induct)
-apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment>\<open>AuthReq\<close>
+apply (frule_tac [9] AuthReq_msg_in_parts_spies) \<comment> \<open>AuthReq\<close>
apply simp_all
apply blast
apply (metis subsetD insert_subset parts.Fst parts_increasing signed_Hash_imp_used)
--- a/src/HOL/Set.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Set.thy Tue Jan 16 09:30:00 2018 +0100
@@ -14,8 +14,8 @@
typedecl 'a set
-axiomatization Collect :: "('a \<Rightarrow> bool) \<Rightarrow> 'a set" \<comment> "comprehension"
- and member :: "'a \<Rightarrow> 'a set \<Rightarrow> bool" \<comment> "membership"
+axiomatization Collect :: "('a \<Rightarrow> bool) \<Rightarrow> 'a set" \<comment> \<open>comprehension\<close>
+ and member :: "'a \<Rightarrow> 'a set \<Rightarrow> bool" \<comment> \<open>membership\<close>
where mem_Collect_eq [iff, code_unfold]: "member a (Collect P) = P a"
and Collect_mem_eq [simp]: "Collect (\<lambda>x. member x A) = A"
@@ -24,7 +24,7 @@
member ("(_/ \<in> _)" [51, 51] 50)
abbreviation not_member
- where "not_member x A \<equiv> \<not> (x \<in> A)" \<comment> "non-membership"
+ where "not_member x A \<equiv> \<not> (x \<in> A)" \<comment> \<open>non-membership\<close>
notation
not_member ("'(\<notin>')") and
not_member ("(_/ \<notin> _)" [51, 51] 50)
@@ -181,10 +181,10 @@
subset_eq ("(_/ <= _)" [51, 51] 50)
definition Ball :: "'a set \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool"
- where "Ball A P \<longleftrightarrow> (\<forall>x. x \<in> A \<longrightarrow> P x)" \<comment> "bounded universal quantifiers"
+ where "Ball A P \<longleftrightarrow> (\<forall>x. x \<in> A \<longrightarrow> P x)" \<comment> \<open>bounded universal quantifiers\<close>
definition Bex :: "'a set \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool"
- where "Bex A P \<longleftrightarrow> (\<exists>x. x \<in> A \<and> P x)" \<comment> "bounded existential quantifiers"
+ where "Bex A P \<longleftrightarrow> (\<exists>x. x \<in> A \<and> P x)" \<comment> \<open>bounded existential quantifiers\<close>
syntax (ASCII)
"_Ball" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> bool \<Rightarrow> bool" ("(3ALL (_/:_)./ _)" [0, 0, 10] 10)
--- a/src/HOL/Set_Interval.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Set_Interval.thy Tue Jan 16 09:30:00 2018 +0100
@@ -849,15 +849,15 @@
subsubsection \<open>Intervals and numerals\<close>
-lemma lessThan_nat_numeral: \<comment>\<open>Evaluation for specific numerals\<close>
+lemma lessThan_nat_numeral: \<comment> \<open>Evaluation for specific numerals\<close>
"lessThan (numeral k :: nat) = insert (pred_numeral k) (lessThan (pred_numeral k))"
by (simp add: numeral_eq_Suc lessThan_Suc)
-lemma atMost_nat_numeral: \<comment>\<open>Evaluation for specific numerals\<close>
+lemma atMost_nat_numeral: \<comment> \<open>Evaluation for specific numerals\<close>
"atMost (numeral k :: nat) = insert (numeral k) (atMost (pred_numeral k))"
by (simp add: numeral_eq_Suc atMost_Suc)
-lemma atLeastLessThan_nat_numeral: \<comment>\<open>Evaluation for specific numerals\<close>
+lemma atLeastLessThan_nat_numeral: \<comment> \<open>Evaluation for specific numerals\<close>
"atLeastLessThan m (numeral k :: nat) =
(if m \<le> (pred_numeral k) then insert (pred_numeral k) (atLeastLessThan m (pred_numeral k))
else {})"
@@ -2011,7 +2011,7 @@
finally show ?case .
qed simp
-corollary power_diff_sumr2: \<comment>\<open>\<open>COMPLEX_POLYFUN\<close> in HOL Light\<close>
+corollary power_diff_sumr2: \<comment> \<open>\<open>COMPLEX_POLYFUN\<close> in HOL Light\<close>
fixes x :: "'a::{comm_ring,monoid_mult}"
shows "x^n - y^n = (x - y) * (\<Sum>i<n. y^(n - Suc i) * x^i)"
using diff_power_eq_sum[of x "n - 1" y]
--- a/src/HOL/Sum_Type.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Sum_Type.thy Tue Jan 16 09:30:00 2018 +0100
@@ -212,7 +212,7 @@
definition Plus :: "'a set \<Rightarrow> 'b set \<Rightarrow> ('a + 'b) set" (infixr "<+>" 65)
where "A <+> B = Inl ` A \<union> Inr ` B"
-hide_const (open) Plus \<comment> "Valuable identifier"
+hide_const (open) Plus \<comment> \<open>Valuable identifier\<close>
lemma InlI [intro!]: "a \<in> A \<Longrightarrow> Inl a \<in> A <+> B"
by (simp add: Plus_def)
--- a/src/HOL/Transcendental.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Transcendental.thy Tue Jan 16 09:30:00 2018 +0100
@@ -48,7 +48,7 @@
lemma root_test_convergence:
fixes f :: "nat \<Rightarrow> 'a::banach"
- assumes f: "(\<lambda>n. root n (norm (f n))) \<longlonglongrightarrow> x" \<comment> "could be weakened to lim sup"
+ assumes f: "(\<lambda>n. root n (norm (f n))) \<longlonglongrightarrow> x" \<comment> \<open>could be weakened to lim sup\<close>
and "x < 1"
shows "summable f"
proof -
--- a/src/HOL/UNITY/Comp/Alloc.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Comp/Alloc.thy Tue Jan 16 09:30:00 2018 +0100
@@ -12,52 +12,52 @@
subsection\<open>State definitions. OUTPUT variables are locals\<close>
record clientState =
- giv :: "nat list" \<comment>\<open>client's INPUT history: tokens GRANTED\<close>
- ask :: "nat list" \<comment>\<open>client's OUTPUT history: tokens REQUESTED\<close>
- rel :: "nat list" \<comment>\<open>client's OUTPUT history: tokens RELEASED\<close>
+ giv :: "nat list" \<comment> \<open>client's INPUT history: tokens GRANTED\<close>
+ ask :: "nat list" \<comment> \<open>client's OUTPUT history: tokens REQUESTED\<close>
+ rel :: "nat list" \<comment> \<open>client's OUTPUT history: tokens RELEASED\<close>
record 'a clientState_d =
clientState +
- dummy :: 'a \<comment>\<open>dummy field for new variables\<close>
+ dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
definition
- \<comment>\<open>DUPLICATED FROM Client.thy, but with "tok" removed\<close>
- \<comment>\<open>Maybe want a special theory section to declare such maps\<close>
+ \<comment> \<open>DUPLICATED FROM Client.thy, but with "tok" removed\<close>
+ \<comment> \<open>Maybe want a special theory section to declare such maps\<close>
non_dummy :: "'a clientState_d => clientState"
where "non_dummy s = (|giv = giv s, ask = ask s, rel = rel s|)"
definition
- \<comment>\<open>Renaming map to put a Client into the standard form\<close>
+ \<comment> \<open>Renaming map to put a Client into the standard form\<close>
client_map :: "'a clientState_d => clientState*'a"
where "client_map = funPair non_dummy dummy"
record allocState =
- allocGiv :: "nat => nat list" \<comment>\<open>OUTPUT history: source of "giv" for i\<close>
- allocAsk :: "nat => nat list" \<comment>\<open>INPUT: allocator's copy of "ask" for i\<close>
- allocRel :: "nat => nat list" \<comment>\<open>INPUT: allocator's copy of "rel" for i\<close>
+ allocGiv :: "nat => nat list" \<comment> \<open>OUTPUT history: source of "giv" for i\<close>
+ allocAsk :: "nat => nat list" \<comment> \<open>INPUT: allocator's copy of "ask" for i\<close>
+ allocRel :: "nat => nat list" \<comment> \<open>INPUT: allocator's copy of "rel" for i\<close>
record 'a allocState_d =
allocState +
- dummy :: 'a \<comment>\<open>dummy field for new variables\<close>
+ dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
record 'a systemState =
allocState +
- client :: "nat => clientState" \<comment>\<open>states of all clients\<close>
- dummy :: 'a \<comment>\<open>dummy field for new variables\<close>
+ client :: "nat => clientState" \<comment> \<open>states of all clients\<close>
+ dummy :: 'a \<comment> \<open>dummy field for new variables\<close>
-\<comment>\<open>* Resource allocation system specification *\<close>
+\<comment> \<open>* Resource allocation system specification *\<close>
definition
- \<comment>\<open>spec (1)\<close>
+ \<comment> \<open>spec (1)\<close>
system_safety :: "'a systemState program set"
where "system_safety =
Always {s. (\<Sum>i \<in> lessThan Nclients. (tokens o giv o sub i o client)s)
\<le> NbT + (\<Sum>i \<in> lessThan Nclients. (tokens o rel o sub i o client)s)}"
definition
- \<comment>\<open>spec (2)\<close>
+ \<comment> \<open>spec (2)\<close>
system_progress :: "'a systemState program set"
where "system_progress = (INT i : lessThan Nclients.
INT h.
@@ -68,20 +68,20 @@
system_spec :: "'a systemState program set"
where "system_spec = system_safety Int system_progress"
-\<comment>\<open>* Client specification (required) **\<close>
+\<comment> \<open>* Client specification (required) **\<close>
definition
- \<comment>\<open>spec (3)\<close>
+ \<comment> \<open>spec (3)\<close>
client_increasing :: "'a clientState_d program set"
where "client_increasing = UNIV guarantees Increasing ask Int Increasing rel"
definition
- \<comment>\<open>spec (4)\<close>
+ \<comment> \<open>spec (4)\<close>
client_bounded :: "'a clientState_d program set"
where "client_bounded = UNIV guarantees Always {s. ALL elt : set (ask s). elt \<le> NbT}"
definition
- \<comment>\<open>spec (5)\<close>
+ \<comment> \<open>spec (5)\<close>
client_progress :: "'a clientState_d program set"
where "client_progress =
Increasing giv guarantees
@@ -89,12 +89,12 @@
LeadsTo {s. tokens h \<le> (tokens o rel) s})"
definition
- \<comment>\<open>spec: preserves part\<close>
+ \<comment> \<open>spec: preserves part\<close>
client_preserves :: "'a clientState_d program set"
where "client_preserves = preserves giv Int preserves clientState_d.dummy"
definition
- \<comment>\<open>environmental constraints\<close>
+ \<comment> \<open>environmental constraints\<close>
client_allowed_acts :: "'a clientState_d program set"
where "client_allowed_acts =
{F. AllowedActs F =
@@ -105,17 +105,17 @@
where "client_spec = client_increasing Int client_bounded Int client_progress
Int client_allowed_acts Int client_preserves"
-\<comment>\<open>* Allocator specification (required) *\<close>
+\<comment> \<open>* Allocator specification (required) *\<close>
definition
- \<comment>\<open>spec (6)\<close>
+ \<comment> \<open>spec (6)\<close>
alloc_increasing :: "'a allocState_d program set"
where "alloc_increasing =
UNIV guarantees
(INT i : lessThan Nclients. Increasing (sub i o allocGiv))"
definition
- \<comment>\<open>spec (7)\<close>
+ \<comment> \<open>spec (7)\<close>
alloc_safety :: "'a allocState_d program set"
where "alloc_safety =
(INT i : lessThan Nclients. Increasing (sub i o allocRel))
@@ -124,7 +124,7 @@
\<le> NbT + (\<Sum>i \<in> lessThan Nclients. (tokens o sub i o allocRel)s)}"
definition
- \<comment>\<open>spec (8)\<close>
+ \<comment> \<open>spec (8)\<close>
alloc_progress :: "'a allocState_d program set"
where "alloc_progress =
(INT i : lessThan Nclients. Increasing (sub i o allocAsk) Int
@@ -151,13 +151,13 @@
looked at.*)
definition
- \<comment>\<open>spec: preserves part\<close>
+ \<comment> \<open>spec: preserves part\<close>
alloc_preserves :: "'a allocState_d program set"
where "alloc_preserves = preserves allocRel Int preserves allocAsk Int
preserves allocState_d.dummy"
definition
- \<comment>\<open>environmental constraints\<close>
+ \<comment> \<open>environmental constraints\<close>
alloc_allowed_acts :: "'a allocState_d program set"
where "alloc_allowed_acts =
{F. AllowedActs F =
@@ -168,17 +168,17 @@
where "alloc_spec = alloc_increasing Int alloc_safety Int alloc_progress Int
alloc_allowed_acts Int alloc_preserves"
-\<comment>\<open>* Network specification *\<close>
+\<comment> \<open>* Network specification *\<close>
definition
- \<comment>\<open>spec (9.1)\<close>
+ \<comment> \<open>spec (9.1)\<close>
network_ask :: "'a systemState program set"
where "network_ask = (INT i : lessThan Nclients.
Increasing (ask o sub i o client) guarantees
((sub i o allocAsk) Fols (ask o sub i o client)))"
definition
- \<comment>\<open>spec (9.2)\<close>
+ \<comment> \<open>spec (9.2)\<close>
network_giv :: "'a systemState program set"
where "network_giv = (INT i : lessThan Nclients.
Increasing (sub i o allocGiv)
@@ -186,7 +186,7 @@
((giv o sub i o client) Fols (sub i o allocGiv)))"
definition
- \<comment>\<open>spec (9.3)\<close>
+ \<comment> \<open>spec (9.3)\<close>
network_rel :: "'a systemState program set"
where "network_rel = (INT i : lessThan Nclients.
Increasing (rel o sub i o client)
@@ -194,7 +194,7 @@
((sub i o allocRel) Fols (rel o sub i o client)))"
definition
- \<comment>\<open>spec: preserves part\<close>
+ \<comment> \<open>spec: preserves part\<close>
network_preserves :: "'a systemState program set"
where "network_preserves =
preserves allocGiv Int
@@ -202,7 +202,7 @@
preserves (ask o sub i o client))"
definition
- \<comment>\<open>environmental constraints\<close>
+ \<comment> \<open>environmental constraints\<close>
network_allowed_acts :: "'a systemState program set"
where "network_allowed_acts =
{F. AllowedActs F =
@@ -218,7 +218,7 @@
network_preserves"
-\<comment>\<open>* State mappings *\<close>
+\<comment> \<open>* State mappings *\<close>
definition
sysOfAlloc :: "((nat => clientState) * 'a) allocState_d => 'a systemState"
where "sysOfAlloc = (%s. let (cl,xtr) = allocState_d.dummy s
--- a/src/HOL/UNITY/Comp/Client.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Comp/Client.thy Tue Jan 16 09:30:00 2018 +0100
@@ -8,17 +8,17 @@
theory Client imports "../Rename" AllocBase begin
type_synonym
- tokbag = nat \<comment>\<open>tokbags could be multisets...or any ordered type?\<close>
+ tokbag = nat \<comment> \<open>tokbags could be multisets...or any ordered type?\<close>
record state =
- giv :: "tokbag list" \<comment>\<open>input history: tokens granted\<close>
- ask :: "tokbag list" \<comment>\<open>output history: tokens requested\<close>
- rel :: "tokbag list" \<comment>\<open>output history: tokens released\<close>
- tok :: tokbag \<comment>\<open>current token request\<close>
+ giv :: "tokbag list" \<comment> \<open>input history: tokens granted\<close>
+ ask :: "tokbag list" \<comment> \<open>output history: tokens requested\<close>
+ rel :: "tokbag list" \<comment> \<open>output history: tokens released\<close>
+ tok :: tokbag \<comment> \<open>current token request\<close>
record 'a state_d =
state +
- dummy :: 'a \<comment>\<open>new variables\<close>
+ dummy :: 'a \<comment> \<open>new variables\<close>
(*Array indexing is translated to list indexing as A[n] == A!(n-1). *)
--- a/src/HOL/UNITY/Comp/Priority.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Comp/Priority.thy Tue Jan 16 09:30:00 2018 +0100
@@ -17,24 +17,24 @@
consts
init :: "(vertex*vertex)set"
- \<comment>\<open>the initial state\<close>
+ \<comment> \<open>the initial state\<close>
text\<open>Following the definitions given in section 4.4\<close>
definition highest :: "[vertex, (vertex*vertex)set]=>bool"
where "highest i r \<longleftrightarrow> A i r = {}"
- \<comment>\<open>i has highest priority in r\<close>
+ \<comment> \<open>i has highest priority in r\<close>
definition lowest :: "[vertex, (vertex*vertex)set]=>bool"
where "lowest i r \<longleftrightarrow> R i r = {}"
- \<comment>\<open>i has lowest priority in r\<close>
+ \<comment> \<open>i has lowest priority in r\<close>
definition act :: command
where "act i = {(s, s'). s'=reverse i s & highest i s}"
definition Component :: "vertex=>state program"
where "Component i = mk_total_program({init}, {act i}, UNIV)"
- \<comment>\<open>All components start with the same initial state\<close>
+ \<comment> \<open>All components start with the same initial state\<close>
text\<open>Some Abbreviations\<close>
@@ -49,11 +49,11 @@
definition Maximal :: "state set"
- \<comment>\<open>Every ``above'' set has a maximal vertex\<close>
+ \<comment> \<open>Every ``above'' set has a maximal vertex\<close>
where "Maximal = (\<Inter>i. {s. ~highest i s-->(\<exists>j \<in> above i s. highest j s)})"
definition Maximal' :: "state set"
- \<comment>\<open>Maximal vertex: equivalent definition\<close>
+ \<comment> \<open>Maximal vertex: equivalent definition\<close>
where "Maximal' = (\<Inter>i. Highest i Un (\<Union>j. {s. j \<in> above i s} Int Highest j))"
--- a/src/HOL/UNITY/Comp/PriorityAux.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Comp/PriorityAux.thy Tue Jan 16 09:30:00 2018 +0100
@@ -13,11 +13,11 @@
definition symcl :: "(vertex*vertex)set=>(vertex*vertex)set" where
"symcl r == r \<union> (r^-1)"
- \<comment>\<open>symmetric closure: removes the orientation of a relation\<close>
+ \<comment> \<open>symmetric closure: removes the orientation of a relation\<close>
definition neighbors :: "[vertex, (vertex*vertex)set]=>vertex set" where
"neighbors i r == ((r \<union> r^-1)``{i}) - {i}"
- \<comment>\<open>Neighbors of a vertex i\<close>
+ \<comment> \<open>Neighbors of a vertex i\<close>
definition R :: "[vertex, (vertex*vertex)set]=>vertex set" where
"R i r == r``{i}"
@@ -27,7 +27,7 @@
definition reach :: "[vertex, (vertex*vertex)set]=> vertex set" where
"reach i r == (r^+)``{i}"
- \<comment>\<open>reachable and above vertices: the original notation was R* and A*\<close>
+ \<comment> \<open>reachable and above vertices: the original notation was R* and A*\<close>
definition above :: "[vertex, (vertex*vertex)set]=> vertex set" where
"above i r == ((r^-1)^+)``{i}"
@@ -36,18 +36,18 @@
"reverse i r == (r - {(x,y). x=i | y=i} \<inter> r) \<union> ({(x,y). x=i|y=i} \<inter> r)^-1"
definition derive1 :: "[vertex, (vertex*vertex)set, (vertex*vertex)set]=>bool" where
- \<comment>\<open>The original definition\<close>
+ \<comment> \<open>The original definition\<close>
"derive1 i r q == symcl r = symcl q &
(\<forall>k k'. k\<noteq>i & k'\<noteq>i -->((k,k'):r) = ((k,k'):q)) &
A i r = {} & R i q = {}"
definition derive :: "[vertex, (vertex*vertex)set, (vertex*vertex)set]=>bool" where
- \<comment>\<open>Our alternative definition\<close>
+ \<comment> \<open>Our alternative definition\<close>
"derive i r q == A i r = {} & (q = reverse i r)"
axiomatization where
finite_vertex_univ: "finite (UNIV :: vertex set)"
- \<comment>\<open>we assume that the universe of vertices is finite\<close>
+ \<comment> \<open>we assume that the universe of vertices is finite\<close>
declare derive_def [simp] derive1_def [simp] symcl_def [simp]
A_def [simp] R_def [simp]
--- a/src/HOL/UNITY/ProgressSets.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/ProgressSets.thy Tue Jan 16 09:30:00 2018 +0100
@@ -20,12 +20,12 @@
subsection \<open>Complete Lattices and the Operator @{term cl}\<close>
definition lattice :: "'a set set => bool" where
- \<comment>\<open>Meier calls them closure sets, but they are just complete lattices\<close>
+ \<comment> \<open>Meier calls them closure sets, but they are just complete lattices\<close>
"lattice L ==
(\<forall>M. M \<subseteq> L --> \<Inter>M \<in> L) & (\<forall>M. M \<subseteq> L --> \<Union>M \<in> L)"
definition cl :: "['a set set, 'a set] => 'a set" where
- \<comment>\<open>short for ``closure''\<close>
+ \<comment> \<open>short for ``closure''\<close>
"cl L r == \<Inter>{x. x\<in>L & r \<subseteq> x}"
lemma UNIV_in_lattice: "lattice L ==> UNIV \<in> L"
@@ -156,8 +156,8 @@
proved separately because the argument requires a generalization over
all @{term "act \<in> Acts F"}.\<close>
lemma lattice_awp_lemma:
- assumes TXC: "T\<inter>X \<in> C" \<comment>\<open>induction hypothesis in theorem below\<close>
- and BsubX: "B \<subseteq> X" \<comment>\<open>holds in inductive step\<close>
+ assumes TXC: "T\<inter>X \<in> C" \<comment> \<open>induction hypothesis in theorem below\<close>
+ and BsubX: "B \<subseteq> X" \<comment> \<open>holds in inductive step\<close>
and latt: "lattice C"
and TC: "T \<in> C"
and BC: "B \<in> C"
@@ -175,8 +175,8 @@
text\<open>Remainder of the proof of the claim at the bottom of page 97.\<close>
lemma lattice_lemma:
- assumes TXC: "T\<inter>X \<in> C" \<comment>\<open>induction hypothesis in theorem below\<close>
- and BsubX: "B \<subseteq> X" \<comment>\<open>holds in inductive step\<close>
+ assumes TXC: "T\<inter>X \<in> C" \<comment> \<open>induction hypothesis in theorem below\<close>
+ and BsubX: "B \<subseteq> X" \<comment> \<open>holds in inductive step\<close>
and act: "act \<in> Acts F"
and latt: "lattice C"
and TC: "T \<in> C"
@@ -204,7 +204,7 @@
text\<open>Induction step for the main lemma\<close>
lemma progress_induction_step:
- assumes TXC: "T\<inter>X \<in> C" \<comment>\<open>induction hypothesis in theorem below\<close>
+ assumes TXC: "T\<inter>X \<in> C" \<comment> \<open>induction hypothesis in theorem below\<close>
and act: "act \<in> Acts F"
and Xwens: "X \<in> wens_set F B"
and latt: "lattice C"
@@ -444,7 +444,7 @@
assumes leadsTo: "F \<in> A leadsTo B"
and prog: "{X. G' \<in> stable X} \<in> progress_set F UNIV B"
and GG': "G \<le> G'"
- \<comment>\<open>Beware! This is the converse of the refinement relation!\<close>
+ \<comment> \<open>Beware! This is the converse of the refinement relation!\<close>
shows "F\<squnion>G \<in> A leadsTo B"
proof -
from prog have stable: "G' \<in> stable B"
--- a/src/HOL/UNITY/Simple/Lift.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Simple/Lift.thy Tue Jan 16 09:30:00 2018 +0100
@@ -10,21 +10,21 @@
begin
record state =
- floor :: "int" \<comment>\<open>current position of the lift\<close>
- "open" :: "bool" \<comment>\<open>whether the door is opened at floor\<close>
- stop :: "bool" \<comment>\<open>whether the lift is stopped at floor\<close>
- req :: "int set" \<comment>\<open>for each floor, whether the lift is requested\<close>
- up :: "bool" \<comment>\<open>current direction of movement\<close>
- move :: "bool" \<comment>\<open>whether moving takes precedence over opening\<close>
+ floor :: "int" \<comment> \<open>current position of the lift\<close>
+ "open" :: "bool" \<comment> \<open>whether the door is opened at floor\<close>
+ stop :: "bool" \<comment> \<open>whether the lift is stopped at floor\<close>
+ req :: "int set" \<comment> \<open>for each floor, whether the lift is requested\<close>
+ up :: "bool" \<comment> \<open>current direction of movement\<close>
+ move :: "bool" \<comment> \<open>whether moving takes precedence over opening\<close>
axiomatization
- Min :: "int" and \<comment>\<open>least and greatest floors\<close>
- Max :: "int" \<comment>\<open>least and greatest floors\<close>
+ Min :: "int" and \<comment> \<open>least and greatest floors\<close>
+ Max :: "int" \<comment> \<open>least and greatest floors\<close>
where
Min_le_Max [iff]: "Min \<le> Max"
- \<comment>\<open>Abbreviations: the "always" part\<close>
+ \<comment> \<open>Abbreviations: the "always" part\<close>
definition
above :: "state set"
@@ -50,7 +50,7 @@
ready :: "state set"
where "ready = {s. stop s & ~ open s & move s}"
- \<comment>\<open>Further abbreviations\<close>
+ \<comment> \<open>Further abbreviations\<close>
definition
moving :: "state set"
@@ -65,7 +65,7 @@
where "opened = {s. stop s & open s & move s}"
definition
- closed :: "state set" \<comment>\<open>but this is the same as ready!!\<close>
+ closed :: "state set" \<comment> \<open>but this is the same as ready!!\<close>
where "closed = {s. stop s & ~ open s & move s}"
definition
@@ -78,7 +78,7 @@
- \<comment>\<open>The program\<close>
+ \<comment> \<open>The program\<close>
definition
request_act :: "(state*state) set"
@@ -128,7 +128,7 @@
definition
button_press :: "(state*state) set"
- \<comment>\<open>This action is omitted from prior treatments, which therefore are
+ \<comment> \<open>This action is omitted from prior treatments, which therefore are
unrealistic: nobody asks the lift to do anything! But adding this
action invalidates many of the existing progress arguments: various
"ensures" properties fail. Maybe it should be constrained to only
@@ -141,7 +141,7 @@
definition
Lift :: "state program"
- \<comment>\<open>for the moment, we OMIT \<open>button_press\<close>\<close>
+ \<comment> \<open>for the moment, we OMIT \<open>button_press\<close>\<close>
where "Lift = mk_total_program
({s. floor s = Min & ~ up s & move s & stop s &
~ open s & req s = {}},
@@ -150,7 +150,7 @@
UNIV)"
- \<comment>\<open>Invariants\<close>
+ \<comment> \<open>Invariants\<close>
definition
bounded :: "state set"
--- a/src/HOL/UNITY/Simple/Token.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Simple/Token.thy Tue Jan 16 09:30:00 2018 +0100
@@ -16,7 +16,7 @@
subsection\<open>Definitions\<close>
datatype pstate = Hungry | Eating | Thinking
- \<comment>\<open>process states\<close>
+ \<comment> \<open>process states\<close>
record state =
token :: "nat"
--- a/src/HOL/UNITY/Transformers.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/Transformers.thy Tue Jan 16 09:30:00 2018 +0100
@@ -21,15 +21,15 @@
@{term awp} and @{term wens}\<close>
definition wp :: "[('a*'a) set, 'a set] => 'a set" where
- \<comment>\<open>Dijkstra's weakest-precondition operator (for an individual command)\<close>
+ \<comment> \<open>Dijkstra's weakest-precondition operator (for an individual command)\<close>
"wp act B == - (act^-1 `` (-B))"
definition awp :: "['a program, 'a set] => 'a set" where
- \<comment>\<open>Dijkstra's weakest-precondition operator (for a program)\<close>
+ \<comment> \<open>Dijkstra's weakest-precondition operator (for a program)\<close>
"awp F B == (\<Inter>act \<in> Acts F. wp act B)"
definition wens :: "['a program, ('a*'a) set, 'a set] => 'a set" where
- \<comment>\<open>The weakest-ensures transformer\<close>
+ \<comment> \<open>The weakest-ensures transformer\<close>
"wens F act B == gfp(\<lambda>X. (wp act B \<inter> awp F (B \<union> X)) \<union> B)"
text\<open>The fundamental theorem for wp\<close>
@@ -119,7 +119,7 @@
text\<open>Assertion 4.17 in the thesis\<close>
lemma Diff_wens_constrains: "F \<in> (wens F act A - A) co wens F act A"
by (simp add: wens_def gfp_def wp_def awp_def constrains_def, blast)
- \<comment>\<open>Proved instantly, yet remarkably fragile. If \<open>Un_subset_iff\<close>
+ \<comment> \<open>Proved instantly, yet remarkably fragile. If \<open>Un_subset_iff\<close>
is declared as an iff-rule, then it's almost impossible to prove.
One proof is via \<open>meson\<close> after expanding all definitions, but it's
slow!\<close>
--- a/src/HOL/UNITY/UNITY.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/UNITY.thy Tue Jan 16 09:30:00 2018 +0100
@@ -54,7 +54,7 @@
"invariant A == {F. Init F \<subseteq> A} \<inter> stable A"
definition increasing :: "['a => 'b::{order}] => 'a program set" where
- \<comment>\<open>Polymorphic in both states and the meaning of \<open>\<le>\<close>\<close>
+ \<comment> \<open>Polymorphic in both states and the meaning of \<open>\<le>\<close>\<close>
"increasing f == \<Inter>z. stable {s. z \<le> f s}"
--- a/src/HOL/UNITY/WFair.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/UNITY/WFair.thy Tue Jan 16 09:30:00 2018 +0100
@@ -34,7 +34,7 @@
definition
- \<comment>\<open>This definition specifies conditional fairness. The rest of the theory
+ \<comment> \<open>This definition specifies conditional fairness. The rest of the theory
is generic to all forms of fairness. To get weak fairness, conjoin
the inclusion below with @{term "A \<subseteq> Domain act"}, which specifies
that the action is enabled over all of @{term A}.\<close>
@@ -48,7 +48,7 @@
inductive_set
leads :: "'a program => ('a set * 'a set) set"
- \<comment>\<open>LEADS-TO constant for the inductive definition\<close>
+ \<comment> \<open>LEADS-TO constant for the inductive definition\<close>
for F :: "'a program"
where
@@ -60,11 +60,11 @@
definition leadsTo :: "['a set, 'a set] => 'a program set" (infixl "leadsTo" 60) where
- \<comment>\<open>visible version of the LEADS-TO relation\<close>
+ \<comment> \<open>visible version of the LEADS-TO relation\<close>
"A leadsTo B == {F. (A,B) \<in> leads F}"
definition wlt :: "['a program, 'a set] => 'a set" where
- \<comment>\<open>predicate transformer: the largest set that leads to @{term B}\<close>
+ \<comment> \<open>predicate transformer: the largest set that leads to @{term B}\<close>
"wlt F B == \<Union>{A. F \<in> A leadsTo B}"
notation leadsTo (infixl "\<longmapsto>" 60)
--- a/src/HOL/Unix/Unix.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Unix/Unix.thy Tue Jan 16 09:30:00 2018 +0100
@@ -73,7 +73,7 @@
datatype perm =
Readable
| Writable
- | Executable \<comment> "(ignored)"
+ | Executable \<comment> \<open>(ignored)\<close>
type_synonym perms = "perm set"
@@ -875,11 +875,11 @@
apply (unfold bogus_def bogus_path_def)
apply (drule transitions_consD, rule transition.intros,
(force simp add: eval)+, (simp add: eval)?)+
- \<comment> "evaluate all operations"
+ \<comment> \<open>evaluate all operations\<close>
apply (drule transitions_nilD)
- \<comment> "reach final result"
+ \<comment> \<open>reach final result\<close>
apply (simp add: invariant_def eval)
- \<comment> "check the invariant"
+ \<comment> \<open>check the invariant\<close>
done
text \<open>
--- a/src/HOL/Word/Bool_List_Representation.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Word/Bool_List_Representation.thy Tue Jan 16 09:30:00 2018 +0100
@@ -75,14 +75,14 @@
| Cons: "rbl_pred (x # xs) = (if x then False # xs else True # rbl_pred xs)"
primrec rbl_add :: "bool list \<Rightarrow> bool list \<Rightarrow> bool list"
- where \<comment> "result is length of first arg, second arg may be longer"
+ where \<comment> \<open>result is length of first arg, second arg may be longer\<close>
Nil: "rbl_add Nil x = Nil"
| Cons: "rbl_add (y # ys) x =
(let ws = rbl_add ys (tl x)
in (y \<noteq> hd x) # (if hd x \<and> y then rbl_succ ws else ws))"
primrec rbl_mult :: "bool list \<Rightarrow> bool list \<Rightarrow> bool list"
- where \<comment> "result is length of first arg, second arg may be longer"
+ where \<comment> \<open>result is length of first arg, second arg may be longer\<close>
Nil: "rbl_mult Nil x = Nil"
| Cons: "rbl_mult (y # ys) x =
(let ws = False # rbl_mult ys x
--- a/src/HOL/Word/Word.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Word/Word.thy Tue Jan 16 09:30:00 2018 +0100
@@ -68,7 +68,7 @@
where "unat w = nat (uint w)"
definition uints :: "nat \<Rightarrow> int set"
- \<comment> "the sets of integers representing the words"
+ \<comment> \<open>the sets of integers representing the words\<close>
where "uints n = range (bintrunc n)"
definition sints :: "nat \<Rightarrow> int set"
@@ -87,7 +87,7 @@
where "norm_sint n w = (w + 2 ^ (n - 1)) mod 2 ^ n - 2 ^ (n - 1)"
definition scast :: "'a::len word \<Rightarrow> 'b::len word"
- \<comment> "cast a word to a different length"
+ \<comment> \<open>cast a word to a different length\<close>
where "scast w = word_of_int (sint w)"
definition ucast :: "'a::len0 word \<Rightarrow> 'b::len0 word"
@@ -115,7 +115,7 @@
by auto
definition source_size :: "('a::len0 word \<Rightarrow> 'b) \<Rightarrow> nat"
- \<comment> "whether a cast (or other) function is to a longer or shorter length"
+ \<comment> \<open>whether a cast (or other) function is to a longer or shorter length\<close>
where [code del]: "source_size c = (let arb = undefined; x = c arb in size arb)"
definition target_size :: "('a \<Rightarrow> 'b::len0 word) \<Rightarrow> nat"
@@ -385,7 +385,7 @@
where "shiftl1 w = word_of_int (uint w BIT False)"
definition shiftr1 :: "'a word \<Rightarrow> 'a word"
- \<comment> "shift right as unsigned or as signed, ie logical or arithmetic"
+ \<comment> \<open>shift right as unsigned or as signed, ie logical or arithmetic\<close>
where "shiftr1 w = word_of_int (bin_rest (uint w))"
definition shiftl_def: "w << n = (shiftl1 ^^ n) w"
@@ -480,7 +480,7 @@
where "word_rsplit w = map word_of_int (bin_rsplit (len_of TYPE('b)) (len_of TYPE('a), uint w))"
definition max_word :: "'a::len word"
- \<comment> "Largest representable machine integer."
+ \<comment> \<open>Largest representable machine integer.\<close>
where "max_word = word_of_int (2 ^ len_of TYPE('a) - 1)"
lemmas of_nth_def = word_set_bits_def (* FIXME duplicate *)
@@ -3308,8 +3308,8 @@
lemmas slice_take = slice_take' [unfolded word_size]
-\<comment> "shiftr to a word of the same size is just slice,
- slice is just shiftr then ucast"
+\<comment> \<open>shiftr to a word of the same size is just slice,
+ slice is just shiftr then ucast\<close>
lemmas shiftr_slice = trans [OF shiftr_bl [THEN meta_eq_to_obj_eq] slice_take [symmetric]]
lemma slice_shiftr: "slice n w = ucast (w >> n)"
@@ -3519,7 +3519,7 @@
apply (rule refl conjI)+
done
-\<comment> "keep quantifiers for use in simplification"
+\<comment> \<open>keep quantifiers for use in simplification\<close>
lemma test_bit_split':
"word_split c = (a, b) \<longrightarrow>
(\<forall>n m.
@@ -3560,7 +3560,7 @@
lemma word_cat_id: "word_cat a b = b"
by (simp add: word_cat_bin' word_ubin.inverse_norm)
-\<comment> "limited hom result"
+\<comment> \<open>limited hom result\<close>
lemma word_cat_hom:
"len_of TYPE('a::len0) \<le> len_of TYPE('b::len0) + len_of TYPE('c::len0) \<Longrightarrow>
(word_cat (word_of_int w :: 'b word) (b :: 'c word) :: 'a word) =
@@ -3696,7 +3696,7 @@
trans [OF nth_rev_alt [THEN test_bit_cong]
test_bit_rsplit [OF refl asm_rl diff_Suc_less]]
-\<comment> "lazy way of expressing that u and v, and su and sv, have same types"
+\<comment> \<open>lazy way of expressing that u and v, and su and sv, have same types\<close>
lemma word_rsplit_len_indep [OF refl refl refl refl]:
"[u,v] = p \<Longrightarrow> [su,sv] = q \<Longrightarrow> word_rsplit u = su \<Longrightarrow>
word_rsplit v = sv \<Longrightarrow> length su = length sv"
@@ -3932,7 +3932,7 @@
by (induct n) (auto intro!: lth)
-\<comment> "corresponding equalities for word rotation"
+\<comment> \<open>corresponding equalities for word rotation\<close>
lemma to_bl_rotl: "to_bl (word_rotl n w) = rotate n (to_bl w)"
by (simp add: word_bl.Abs_inverse' word_rotl_def)
--- a/src/HOL/Word/Word_Miscellaneous.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Word/Word_Miscellaneous.thy Tue Jan 16 09:30:00 2018 +0100
@@ -63,7 +63,7 @@
apply (erule y)
done
-\<comment> "simplifications for specific word lengths"
+\<comment> \<open>simplifications for specific word lengths\<close>
lemmas n2s_ths [THEN eq_reflection] = add_2_eq_Suc add_2_eq_Suc'
lemmas s2n_ths = n2s_ths [symmetric]
--- a/src/HOL/ZF/HOLZF.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ZF/HOLZF.thy Tue Jan 16 09:30:00 2018 +0100
@@ -188,7 +188,7 @@
definition Field :: "ZF \<Rightarrow> ZF" where
"Field A == union (Domain A) (Range A)"
-definition app :: "ZF \<Rightarrow> ZF => ZF" (infixl "\<acute>" 90) \<comment>\<open>function application\<close> where
+definition app :: "ZF \<Rightarrow> ZF => ZF" (infixl "\<acute>" 90) \<comment> \<open>function application\<close> where
"f \<acute> x == (THE y. Elem (Opair x y) f)"
definition isFun :: "ZF \<Rightarrow> bool" where
--- a/src/HOL/Zorn.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Zorn.thy Tue Jan 16 09:30:00 2018 +0100
@@ -697,15 +697,15 @@
qed
then have 1: "\<forall>R \<in> Chains I. \<exists>u\<in>Field I. \<forall>r\<in>R. (r, u) \<in> I"
by (subst FI) blast
-\<comment>\<open>Zorn's Lemma yields a maximal well-order \<open>m\<close>:\<close>
+\<comment> \<open>Zorn's Lemma yields a maximal well-order \<open>m\<close>:\<close>
then obtain m :: "'a rel"
where "Well_order m"
and max: "\<forall>r. Well_order r \<and> (m, r) \<in> I \<longrightarrow> r = m"
using Zorns_po_lemma[OF 0 1] unfolding FI by fastforce
-\<comment>\<open>Now show by contradiction that \<open>m\<close> covers the whole type:\<close>
+\<comment> \<open>Now show by contradiction that \<open>m\<close> covers the whole type:\<close>
have False if "x \<notin> Field m" for x :: 'a
proof -
-\<comment>\<open>Assuming that \<open>x\<close> is not covered and extend \<open>m\<close> at the top with \<open>x\<close>\<close>
+\<comment> \<open>Assuming that \<open>x\<close> is not covered and extend \<open>m\<close> at the top with \<open>x\<close>\<close>
have "m \<noteq> {}"
proof
assume "m = {}"
@@ -717,14 +717,14 @@
then have "Field m \<noteq> {}" by (auto simp: Field_def)
moreover have "wf (m - Id)"
using \<open>Well_order m\<close> by (simp add: well_order_on_def)
-\<comment>\<open>The extension of \<open>m\<close> by \<open>x\<close>:\<close>
+\<comment> \<open>The extension of \<open>m\<close> by \<open>x\<close>:\<close>
let ?s = "{(a, x) | a. a \<in> Field m}"
let ?m = "insert (x, x) m \<union> ?s"
have Fm: "Field ?m = insert x (Field m)"
by (auto simp: Field_def)
have "Refl m" and "trans m" and "antisym m" and "Total m" and "wf (m - Id)"
using \<open>Well_order m\<close> by (simp_all add: order_on_defs)
-\<comment>\<open>We show that the extension is a well-order\<close>
+\<comment> \<open>We show that the extension is a well-order\<close>
have "Refl ?m"
using \<open>Refl m\<close> Fm unfolding refl_on_def by blast
moreover have "trans ?m" using \<open>trans m\<close> and \<open>x \<notin> Field m\<close>
@@ -743,12 +743,12 @@
qed
ultimately have "Well_order ?m"
by (simp add: order_on_defs)
-\<comment>\<open>We show that the extension is above \<open>m\<close>\<close>
+\<comment> \<open>We show that the extension is above \<open>m\<close>\<close>
moreover have "(m, ?m) \<in> I"
using \<open>Well_order ?m\<close> and \<open>Well_order m\<close> and \<open>x \<notin> Field m\<close>
by (fastforce simp: I_def init_seg_of_def Field_def)
ultimately
-\<comment>\<open>This contradicts maximality of \<open>m\<close>:\<close>
+\<comment> \<open>This contradicts maximality of \<open>m\<close>:\<close>
show False
using max and \<open>x \<notin> Field m\<close> unfolding Field_def by blast
qed
--- a/src/HOL/ex/Classical.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Classical.thy Tue Jan 16 09:30:00 2018 +0100
@@ -429,7 +429,7 @@
(\<forall>x. \<exists>y. R(x,y)) -->
~ (\<forall>x. P x = (\<forall>y. R(x,y) --> ~ P y))"
by (tactic\<open>Meson.safe_best_meson_tac @{context} 1\<close>)
- \<comment>\<open>In contrast, \<open>meson\<close> is SLOW: 7.6s on griffon\<close>
+ \<comment> \<open>In contrast, \<open>meson\<close> is SLOW: 7.6s on griffon\<close>
subsubsection\<open>Pelletier's examples\<close>
@@ -644,7 +644,7 @@
(\<forall>x z. ~P x z --> (\<exists>y. Q y z)) &
((\<exists>x y. Q x y) --> (\<forall>x. R x x))
--> (\<forall>x. \<exists>y. R x y)"
-by blast \<comment>\<open>causes unification tracing messages\<close>
+by blast \<comment> \<open>causes unification tracing messages\<close>
text\<open>Problem 38\<close> text\<open>Quite hard: 422 Horn clauses!!\<close>
@@ -723,7 +723,7 @@
(\<forall>x. (caterpillar x \<or> snail x) \<longrightarrow> (\<exists>y. plant y & eats x y))
\<longrightarrow> (\<exists>x y. animal x & animal y & (\<exists>z. grain z & eats y z & eats x y))"
by (tactic\<open>Meson.safe_best_meson_tac @{context} 1\<close>)
- \<comment>\<open>Nearly twice as fast as \<open>meson\<close>,
+ \<comment> \<open>Nearly twice as fast as \<open>meson\<close>,
which performs iterative deepening rather than best-first search\<close>
text\<open>The Los problem. Circulated by John Harrison\<close>
@@ -803,13 +803,13 @@
lemma "\<forall>x. T(i x x)"
using a b d by blast
-lemma "\<forall>x. T(i x (n(n x)))" \<comment>\<open>Problem 66\<close>
+lemma "\<forall>x. T(i x (n(n x)))" \<comment> \<open>Problem 66\<close>
using a b c d by metis
-lemma "\<forall>x. T(i (n(n x)) x)" \<comment>\<open>Problem 67\<close>
- using a b c d by meson \<comment>\<open>4.9s on griffon. 51061 inferences, depth 21\<close>
+lemma "\<forall>x. T(i (n(n x)) x)" \<comment> \<open>Problem 67\<close>
+ using a b c d by meson \<comment> \<open>4.9s on griffon. 51061 inferences, depth 21\<close>
-lemma "\<forall>x. T(i x (n(n x)))" \<comment>\<open>Problem 68: not proved. Listed as satisfiable in TPTP (LCL078-1)\<close>
+lemma "\<forall>x. T(i x (n(n x)))" \<comment> \<open>Problem 68: not proved. Listed as satisfiable in TPTP (LCL078-1)\<close>
using a b c' d oops
end
--- a/src/HOL/ex/Dedekind_Real.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Dedekind_Real.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1544,7 +1544,7 @@
apply (simp add: linorder_not_le [where 'a = real, symmetric]
linorder_not_le [where 'a = preal]
real_zero_def real_le real_mult)
- \<comment>\<open>Reduce to the (simpler) \<open>\<le>\<close> relation\<close>
+ \<comment> \<open>Reduce to the (simpler) \<open>\<le>\<close> relation\<close>
apply (auto dest!: less_add_left_Ex
simp add: algebra_simps preal_self_less_add_left)
done
--- a/src/HOL/ex/HarmonicSeries.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/HarmonicSeries.thy Tue Jan 16 09:30:00 2018 +0100
@@ -138,7 +138,7 @@
have ant: "0 < Suc M" by fact
{
have suc: "?LHS (Suc M) = ?RHS (Suc M)"
- proof cases \<comment> "show that LHS = c and RHS = c, and thus LHS = RHS"
+ proof cases \<comment> \<open>show that LHS = c and RHS = c, and thus LHS = RHS\<close>
assume mz: "M=0"
{
then have
@@ -274,8 +274,8 @@
theorem DivergenceOfHarmonicSeries:
shows "\<not>summable (\<lambda>n. 1/real (Suc n))"
(is "\<not>summable ?f")
-proof \<comment> "by contradiction"
- let ?s = "suminf ?f" \<comment> "let ?s equal the sum of the harmonic series"
+proof \<comment> \<open>by contradiction\<close>
+ let ?s = "suminf ?f" \<comment> \<open>let ?s equal the sum of the harmonic series\<close>
assume sf: "summable ?f"
then obtain n::nat where ndef: "n = nat \<lceil>2 * ?s\<rceil>" by simp
then have ngt: "1 + real n/2 > ?s" by linarith
--- a/src/HOL/ex/Meson_Test.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Meson_Test.thy Tue Jan 16 09:30:00 2018 +0100
@@ -71,7 +71,7 @@
\<close>
oops
-lemma problem_43: \<comment> "NOW PROVED AUTOMATICALLY!!" (*16 Horn clauses*)
+lemma problem_43: \<comment> \<open>NOW PROVED AUTOMATICALLY!!\<close> (*16 Horn clauses*)
"(\<forall>x. \<forall>y. q x y = (\<forall>z. p z x = (p z y::bool))) --> (\<forall>x. (\<forall>y. q x y = (q y x::bool)))"
apply (rule ccontr)
ML_prf \<open>
--- a/src/HOL/ex/NatSum.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/NatSum.thy Tue Jan 16 09:30:00 2018 +0100
@@ -17,7 +17,7 @@
lemmas [simp] =
ring_distribs
- diff_mult_distrib diff_mult_distrib2 \<comment>\<open>for type nat\<close>
+ diff_mult_distrib diff_mult_distrib2 \<comment> \<open>for type nat\<close>
text \<open>\<^medskip> The sum of the first \<open>n\<close> odd numbers equals \<open>n\<close> squared.\<close>
--- a/src/HOL/ex/Records.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Records.thy Tue Jan 16 09:30:00 2018 +0100
@@ -75,19 +75,19 @@
text \<open>\medskip Equality of records.\<close>
lemma "n = n' ==> p = p' ==> (| xpos = n, ypos = p |) = (| xpos = n', ypos = p' |)"
- \<comment> "introduction of concrete record equality"
+ \<comment> \<open>introduction of concrete record equality\<close>
by simp
lemma "(| xpos = n, ypos = p |) = (| xpos = n', ypos = p' |) ==> n = n'"
- \<comment> "elimination of concrete record equality"
+ \<comment> \<open>elimination of concrete record equality\<close>
by simp
lemma "r (| xpos := n |) (| ypos := m |) = r (| ypos := m |) (| xpos := n |)"
- \<comment> "introduction of abstract record equality"
+ \<comment> \<open>introduction of abstract record equality\<close>
by simp
lemma "r (| xpos := n |) = r (| xpos := n' |) ==> n = n'"
- \<comment> "elimination of abstract record equality (manual proof)"
+ \<comment> \<open>elimination of abstract record equality (manual proof)\<close>
proof -
assume "r (| xpos := n |) = r (| xpos := n' |)" (is "?lhs = ?rhs")
then have "xpos ?lhs = xpos ?rhs" by simp
--- a/src/HOL/ex/Set_Theory.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Set_Theory.thy Tue Jan 16 09:30:00 2018 +0100
@@ -102,7 +102,7 @@
\<Longrightarrow> \<exists>h:: 'a \<Rightarrow> 'b. inj h \<and> surj h"
apply (rule decomposition [where f=f and g=g, THEN exE])
apply (rule_tac x = "(\<lambda>z. if z \<in> x then f z else inv g z)" in exI)
- \<comment>\<open>The term above can be synthesized by a sufficiently detailed proof.\<close>
+ \<comment> \<open>The term above can be synthesized by a sufficiently detailed proof.\<close>
apply (rule bij_if_then_else)
apply (rule_tac [4] refl)
apply (rule_tac [2] inj_on_inv_into)
@@ -179,7 +179,7 @@
lemma "a < b \<and> b < (c::int) \<Longrightarrow> \<exists>A. a \<notin> A \<and> b \<in> A \<and> c \<notin> A"
\<comment> \<open>Example 4.\<close>
- by auto \<comment>\<open>slow\<close>
+ by auto \<comment> \<open>slow\<close>
lemma "P (f b) \<Longrightarrow> \<exists>s A. (\<forall>x \<in> A. P x) \<and> f s \<in> A"
\<comment> \<open>Example 5, page 298.\<close>
--- a/src/HOL/ex/Simproc_Tests.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Simproc_Tests.thy Tue Jan 16 09:30:00 2018 +0100
@@ -346,7 +346,7 @@
end
lemma shows "a*(b*c)/(y*z) = d*(b::'a::linordered_field)*(x*a)/z"
-oops \<comment> "FIXME: need simproc to cover this case"
+oops \<comment> \<open>FIXME: need simproc to cover this case\<close>
subsection \<open>\<open>divide_cancel_factor\<close>\<close>
@@ -374,7 +374,7 @@
lemma
fixes a b c d x y z :: "'a::linordered_field"
shows "a*(b*c)/(y*z) = d*(b)*(x*a)/z"
-oops \<comment> "FIXME: need simproc to cover this case"
+oops \<comment> \<open>FIXME: need simproc to cover this case\<close>
subsection \<open>\<open>linordered_ring_less_cancel_factor\<close>\<close>
@@ -444,7 +444,7 @@
fixes x :: "'a::{linordered_field}"
shows "2/3 * x + x / 3 = uu"
apply (tactic \<open>test @{context} [@{simproc field_combine_numerals}]\<close>)?
-oops \<comment> "FIXME: test fails"
+oops \<comment> \<open>FIXME: test fails\<close>
subsection \<open>\<open>nat_combine_numerals\<close>\<close>
--- a/src/HOL/ex/Unification.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/ex/Unification.thy Tue Jan 16 09:30:00 2018 +0100
@@ -379,10 +379,10 @@
show "wf ?R" by simp
fix M N M' N' :: "'a trm"
- show "((M, M'), (M \<cdot> N, M' \<cdot> N')) \<in> ?R" \<comment> "Inner call"
+ show "((M, M'), (M \<cdot> N, M' \<cdot> N')) \<in> ?R" \<comment> \<open>Inner call\<close>
by (rule measures_lesseq) (auto intro: card_mono)
- fix \<theta> \<comment> "Outer call"
+ fix \<theta> \<comment> \<open>Outer call\<close>
assume inner: "unify_dom (M, M')"
"unify M M' = Some \<theta>"
@@ -417,7 +417,7 @@
lemma unify_computes_MGU:
"unify M N = Some \<sigma> \<Longrightarrow> MGU \<sigma> M N"
proof (induct M N arbitrary: \<sigma> rule: unify.induct)
- case (7 M N M' N' \<sigma>) \<comment> "The interesting case"
+ case (7 M N M' N' \<sigma>) \<comment> \<open>The interesting case\<close>
then obtain \<theta>1 \<theta>2
where "unify M M' = Some \<theta>1"
--- a/src/ZF/AC/AC_Equiv.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/AC/AC_Equiv.thy Tue Jan 16 09:30:00 2018 +0100
@@ -124,7 +124,7 @@
assumes AC18: "A\<noteq>0 & (\<forall>a \<in> A. B(a) \<noteq> 0) \<longrightarrow>
((\<Inter>a \<in> A. \<Union>b \<in> B(a). X(a,b)) =
(\<Union>f \<in> \<Prod>a \<in> A. B(a). \<Inter>a \<in> A. X(a, f`a)))"
- \<comment>"AC18 cannot be expressed within the object-logic"
+ \<comment> \<open>AC18 cannot be expressed within the object-logic\<close>
definition
"AC19 == \<forall>A. A\<noteq>0 & 0\<notin>A \<longrightarrow> ((\<Inter>a \<in> A. \<Union>b \<in> a. b) =
--- a/src/ZF/Cardinal.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Cardinal.thy Tue Jan 16 09:30:00 2018 +0100
@@ -439,10 +439,10 @@
proof (unfold cardinal_def)
show "Card(\<mu> i. i \<approx> A)"
proof (cases "\<exists>i. Ord (i) & i \<approx> A")
- case False thus ?thesis \<comment>\<open>degenerate case\<close>
+ case False thus ?thesis \<comment> \<open>degenerate case\<close>
by (simp add: Least_0 Card_0)
next
- case True \<comment>\<open>real case: @{term A} is isomorphic to some ordinal\<close>
+ case True \<comment> \<open>real case: @{term A} is isomorphic to some ordinal\<close>
then obtain i where i: "Ord(i)" "i \<approx> A" by blast
show ?thesis
proof (rule CardI [OF Ord_Least], rule notI)
@@ -1109,7 +1109,7 @@
next
case (succ x)
hence wfx: "\<And>Z. Z = 0 \<or> (\<exists>z\<in>Z. \<forall>y. z \<in> y \<and> z \<in> x \<and> y \<in> x \<and> z \<in> x \<longrightarrow> y \<notin> Z)"
- by (simp add: wf_on_def wf_def) \<comment>\<open>not easy to erase the duplicate @{term"z \<in> x"}!\<close>
+ by (simp add: wf_on_def wf_def) \<comment> \<open>not easy to erase the duplicate @{term"z \<in> x"}!\<close>
show ?case
proof (rule wf_onI)
fix Z u
--- a/src/ZF/CardinalArith.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/CardinalArith.thy Tue Jan 16 09:30:00 2018 +0100
@@ -28,14 +28,14 @@
definition
jump_cardinal :: "i=>i" where
- \<comment>\<open>This definition is more complex than Kunen's but it more easily proved to
+ \<comment> \<open>This definition is more complex than Kunen's but it more easily proved to
be a cardinal\<close>
"jump_cardinal(K) ==
\<Union>X\<in>Pow(K). {z. r \<in> Pow(K*K), well_ord(X,r) & z = ordertype(X,r)}"
definition
csucc :: "i=>i" where
- \<comment>\<open>needed because @{term "jump_cardinal(K)"} might not be the successor
+ \<comment> \<open>needed because @{term "jump_cardinal(K)"} might not be the successor
of @{term K}\<close>
"csucc(K) == \<mu> L. Card(L) & K<L"
--- a/src/ZF/Cardinal_AC.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Cardinal_AC.thy Tue Jan 16 09:30:00 2018 +0100
@@ -222,7 +222,7 @@
note lt_subset_trans [OF _ _ OU, trans]
show ?thesis
proof (cases "W=0")
- case True \<comment>\<open>solve the easy 0 case\<close>
+ case True \<comment> \<open>solve the easy 0 case\<close>
thus ?thesis by (simp add: CK Card_is_Ord Card_csucc Ord_0_lt_csucc)
next
case False
--- a/src/ZF/Constructible/AC_in_L.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/AC_in_L.thy Tue Jan 16 09:30:00 2018 +0100
@@ -233,20 +233,20 @@
definition
env_form_r :: "[i,i,i]=>i" where
- \<comment>\<open>wellordering on (environment, formula) pairs\<close>
+ \<comment> \<open>wellordering on (environment, formula) pairs\<close>
"env_form_r(f,r,A) ==
rmult(list(A), rlist(A, r),
formula, measure(formula, enum(f)))"
definition
env_form_map :: "[i,i,i,i]=>i" where
- \<comment>\<open>map from (environment, formula) pairs to ordinals\<close>
+ \<comment> \<open>map from (environment, formula) pairs to ordinals\<close>
"env_form_map(f,r,A,z)
== ordermap(list(A) * formula, env_form_r(f,r,A)) ` z"
definition
DPow_ord :: "[i,i,i,i,i]=>o" where
- \<comment>\<open>predicate that holds if @{term k} is a valid index for @{term X}\<close>
+ \<comment> \<open>predicate that holds if @{term k} is a valid index for @{term X}\<close>
"DPow_ord(f,r,A,X,k) ==
\<exists>env \<in> list(A). \<exists>p \<in> formula.
arity(p) \<le> succ(length(env)) &
@@ -255,12 +255,12 @@
definition
DPow_least :: "[i,i,i,i]=>i" where
- \<comment>\<open>function yielding the smallest index for @{term X}\<close>
+ \<comment> \<open>function yielding the smallest index for @{term X}\<close>
"DPow_least(f,r,A,X) == \<mu> k. DPow_ord(f,r,A,X,k)"
definition
DPow_r :: "[i,i,i]=>i" where
- \<comment>\<open>a wellordering on @{term "DPow(A)"}\<close>
+ \<comment> \<open>a wellordering on @{term "DPow(A)"}\<close>
"DPow_r(f,r,A) == measure(DPow(A), DPow_least(f,r,A))"
@@ -332,7 +332,7 @@
definition
rlimit :: "[i,i=>i]=>i" where
- \<comment>\<open>Expresses the wellordering at limit ordinals. The conditional
+ \<comment> \<open>Expresses the wellordering at limit ordinals. The conditional
lets us remove the premise @{term "Limit(i)"} from some theorems.\<close>
"rlimit(i,r) ==
if Limit(i) then
@@ -344,7 +344,7 @@
definition
Lset_new :: "i=>i" where
- \<comment>\<open>This constant denotes the set of elements introduced at level
+ \<comment> \<open>This constant denotes the set of elements introduced at level
@{term "succ(i)"}\<close>
"Lset_new(i) == {x \<in> Lset(succ(i)). lrank(x) = i}"
--- a/src/ZF/Constructible/DPow_absolute.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/DPow_absolute.thy Tue Jan 16 09:30:00 2018 +0100
@@ -510,7 +510,7 @@
definition
is_Lset :: "[i=>o, i, i] => o" where
- \<comment>\<open>We can use the term language below because @{term is_Lset} will
+ \<comment> \<open>We can use the term language below because @{term is_Lset} will
not have to be internalized: it isn't used in any instance of
separation.\<close>
"is_Lset(M,a,z) == is_transrec(M, %x f u. u = (\<Union>y\<in>x. DPow'(f`y)), a, z)"
@@ -570,7 +570,7 @@
is_DPow'(##Lset(i),gy,z), r) &
big_union(##Lset(i),r,u), mr, v, y))]"
apply (simp only: rex_setclass_is_bex [symmetric])
- \<comment>\<open>Convert \<open>\<exists>y\<in>Lset(i)\<close> to \<open>\<exists>y[##Lset(i)]\<close> within the body
+ \<comment> \<open>Convert \<open>\<exists>y\<in>Lset(i)\<close> to \<open>\<exists>y[##Lset(i)]\<close> within the body
of the @{term is_wfrec} application.\<close>
apply (intro FOL_reflections function_reflections
is_wfrec_reflection Replace_reflection DPow'_reflection)
--- a/src/ZF/Constructible/Datatype_absolute.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Datatype_absolute.thy Tue Jan 16 09:30:00 2018 +0100
@@ -765,7 +765,7 @@
definition
is_Member :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>because @{term "Member(x,y) \<equiv> Inl(Inl(\<langle>x,y\<rangle>))"}\<close>
+ \<comment> \<open>because @{term "Member(x,y) \<equiv> Inl(Inl(\<langle>x,y\<rangle>))"}\<close>
"is_Member(M,x,y,Z) ==
\<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inl(M,p,u) & is_Inl(M,u,Z)"
@@ -779,7 +779,7 @@
definition
is_Equal :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>because @{term "Equal(x,y) \<equiv> Inl(Inr(\<langle>x,y\<rangle>))"}\<close>
+ \<comment> \<open>because @{term "Equal(x,y) \<equiv> Inl(Inr(\<langle>x,y\<rangle>))"}\<close>
"is_Equal(M,x,y,Z) ==
\<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inr(M,p,u) & is_Inl(M,u,Z)"
@@ -792,7 +792,7 @@
definition
is_Nand :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>because @{term "Nand(x,y) \<equiv> Inr(Inl(\<langle>x,y\<rangle>))"}\<close>
+ \<comment> \<open>because @{term "Nand(x,y) \<equiv> Inr(Inl(\<langle>x,y\<rangle>))"}\<close>
"is_Nand(M,x,y,Z) ==
\<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inl(M,p,u) & is_Inr(M,u,Z)"
@@ -805,7 +805,7 @@
definition
is_Forall :: "[i=>o,i,i] => o" where
- \<comment>\<open>because @{term "Forall(x) \<equiv> Inr(Inr(p))"}\<close>
+ \<comment> \<open>because @{term "Forall(x) \<equiv> Inr(Inr(p))"}\<close>
"is_Forall(M,p,Z) == \<exists>u[M]. is_Inr(M,p,u) & is_Inr(M,u,Z)"
lemma (in M_trivial) Forall_abs [simp]:
@@ -821,7 +821,7 @@
definition
formula_rec_case :: "[[i,i]=>i, [i,i]=>i, [i,i,i,i]=>i, [i,i]=>i, i, i] => i" where
- \<comment>\<open>the instance of @{term formula_case} in @{term formula_rec}\<close>
+ \<comment> \<open>the instance of @{term formula_case} in @{term formula_rec}\<close>
"formula_rec_case(a,b,c,d,h) ==
formula_case (a, b,
\<lambda>u v. c(u, v, h ` succ(depth(u)) ` u,
@@ -881,7 +881,7 @@
definition
is_formula_case ::
"[i=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i]=>o, i, i] => o" where
- \<comment>\<open>no constraint on non-formulas\<close>
+ \<comment> \<open>no constraint on non-formulas\<close>
"is_formula_case(M, is_a, is_b, is_c, is_d, p, z) ==
(\<forall>x[M]. \<forall>y[M]. finite_ordinal(M,x) \<longrightarrow> finite_ordinal(M,y) \<longrightarrow>
is_Member(M,x,y,p) \<longrightarrow> is_a(x,y,z)) &
@@ -915,7 +915,7 @@
definition
is_formula_rec :: "[i=>o, [i,i,i]=>o, i, i] => o" where
- \<comment>\<open>predicate to relativize the functional @{term formula_rec}\<close>
+ \<comment> \<open>predicate to relativize the functional @{term formula_rec}\<close>
"is_formula_rec(M,MH,p,z) ==
\<exists>dp[M]. \<exists>i[M]. \<exists>f[M]. finite_ordinal(M,dp) & is_depth(M,p,dp) &
successor(M,dp,i) & fun_apply(M,f,p,z) & is_transrec(M,MH,i,f)"
--- a/src/ZF/Constructible/Formula.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Formula.thy Tue Jan 16 09:30:00 2018 +0100
@@ -594,7 +594,7 @@
"Lset(i) == transrec(i, %x f. \<Union>y\<in>x. DPow(f`y))"
definition
- L :: "i=>o" where \<comment>\<open>Kunen's definition VI 1.5, page 167\<close>
+ L :: "i=>o" where \<comment> \<open>Kunen's definition VI 1.5, page 167\<close>
"L(x) == \<exists>i. Ord(i) & x \<in> Lset(i)"
text\<open>NOT SUITABLE FOR REWRITING -- RECURSIVE!\<close>
@@ -837,7 +837,7 @@
text\<open>The rank function for the constructible universe\<close>
definition
- lrank :: "i=>i" where \<comment>\<open>Kunen's definition VI 1.7\<close>
+ lrank :: "i=>i" where \<comment> \<open>Kunen's definition VI 1.7\<close>
"lrank(x) == \<mu> i. x \<in> Lset(succ(i))"
lemma L_I: "[|x \<in> Lset(i); Ord(i)|] ==> L(x)"
--- a/src/ZF/Constructible/Normal.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Normal.thy Tue Jan 16 09:30:00 2018 +0100
@@ -80,8 +80,8 @@
text\<open>The constructions below come from Kunen, \emph{Set Theory}, page 78.\<close>
locale cub_family =
fixes P and A
- fixes next_greater \<comment> "the next ordinal satisfying class @{term A}"
- fixes sup_greater \<comment> "sup of those ordinals over all @{term A}"
+ fixes next_greater \<comment> \<open>the next ordinal satisfying class @{term A}\<close>
+ fixes sup_greater \<comment> \<open>sup of those ordinals over all @{term A}\<close>
assumes closed: "a\<in>A ==> Closed(P(a))"
and unbounded: "a\<in>A ==> Unbounded(P(a))"
and A_non0: "A\<noteq>0"
@@ -335,7 +335,7 @@
apply (frule lt_Ord)
apply (simp add: iterates_omega_def)
apply (rule increasing_LimitI)
- \<comment>"this lemma is @{thm increasing_LimitI [no_vars]}"
+ \<comment> \<open>this lemma is @{thm increasing_LimitI [no_vars]}\<close>
apply (blast intro: UN_upper_lt [of "1"] Normal_imp_Ord
Ord_UN Ord_iterates lt_imp_0_lt
iterates_Normal_increasing, clarify)
--- a/src/ZF/Constructible/Rank.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Rank.thy Tue Jan 16 09:30:00 2018 +0100
@@ -15,7 +15,7 @@
==> separation (M, \<lambda>x. x\<in>A \<longrightarrow> (\<exists>y[M]. (\<exists>p[M].
fun_apply(M,f,x,y) & pair(M,y,x,p) & p \<in> r)))"
and obase_separation:
- \<comment>\<open>part of the order type formalization\<close>
+ \<comment> \<open>part of the order type formalization\<close>
"[| M(A); M(r) |]
==> separation(M, \<lambda>a. \<exists>x[M]. \<exists>g[M]. \<exists>mx[M]. \<exists>par[M].
ordinal(M,x) & membership(M,x,mx) & pred_set(M,A,a,r,par) &
@@ -114,7 +114,7 @@
apply (frule restrict_ord_iso2, assumption+)
apply (frule ord_iso_sym [THEN ord_iso_is_bij, THEN bij_is_fun])
apply (frule apply_type, blast intro: ltD)
- \<comment>\<open>thus @{term "converse(f)`j \<in> Order.pred(A,x,r)"}\<close>
+ \<comment> \<open>thus @{term "converse(f)`j \<in> Order.pred(A,x,r)"}\<close>
apply (simp add: pred_iff)
apply (subgoal_tac
"\<exists>h[M]. h \<in> ord_iso(Order.pred(A,y,r), r,
@@ -137,20 +137,20 @@
definition
obase :: "[i=>o,i,i] => i" where
- \<comment>\<open>the domain of \<open>om\<close>, eventually shown to equal \<open>A\<close>\<close>
+ \<comment> \<open>the domain of \<open>om\<close>, eventually shown to equal \<open>A\<close>\<close>
"obase(M,A,r) == {a\<in>A. \<exists>x[M]. \<exists>g[M]. Ord(x) &
g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x))}"
definition
omap :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>the function that maps wosets to order types\<close>
+ \<comment> \<open>the function that maps wosets to order types\<close>
"omap(M,A,r,f) ==
\<forall>z[M].
z \<in> f \<longleftrightarrow> (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) &
g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
definition
- otype :: "[i=>o,i,i,i] => o" where \<comment>\<open>the order types themselves\<close>
+ otype :: "[i=>o,i,i,i] => o" where \<comment> \<open>the order types themselves\<close>
"otype(M,A,r,i) == \<exists>f[M]. omap(M,A,r,f) & is_range(M,f,i)"
@@ -602,7 +602,7 @@
"[| M(i); M(x); M(g); function(g) |]
==> M(THE z. omult_eqns(i, x, g, z))"
apply (case_tac "Ord(x)")
- prefer 2 apply (simp add: omult_eqns_Not) \<comment>\<open>trivial, non-Ord case\<close>
+ prefer 2 apply (simp add: omult_eqns_Not) \<comment> \<open>trivial, non-Ord case\<close>
apply (erule Ord_cases)
apply (simp add: omult_eqns_0)
apply (simp add: omult_eqns_succ apply_closed oadd_closed)
--- a/src/ZF/Constructible/Rank_Separation.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Rank_Separation.thy Tue Jan 16 09:30:00 2018 +0100
@@ -46,7 +46,7 @@
by (intro FOL_reflections function_reflections fun_plus_reflections)
lemma obase_separation:
- \<comment>\<open>part of the order type formalization\<close>
+ \<comment> \<open>part of the order type formalization\<close>
"[| L(A); L(r) |]
==> separation(L, \<lambda>a. \<exists>x[L]. \<exists>g[L]. \<exists>mx[L]. \<exists>par[L].
ordinal(L,x) & membership(L,x,mx) & pred_set(L,A,a,r,par) &
--- a/src/ZF/Constructible/Reflection.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Reflection.thy Tue Jan 16 09:30:00 2018 +0100
@@ -38,9 +38,9 @@
defines "M(x) == \<exists>a. Ord(a) & x \<in> Mset(a)"
and "Reflects(Cl,P,Q) == Closed_Unbounded(Cl) &
(\<forall>a. Cl(a) \<longrightarrow> (\<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x)))"
- fixes F0 \<comment>\<open>ordinal for a specific value @{term y}\<close>
- fixes FF \<comment>\<open>sup over the whole level, @{term "y\<in>Mset(a)"}\<close>
- fixes ClEx \<comment>\<open>Reflecting ordinals for the formula @{term "\<exists>z. P"}\<close>
+ fixes F0 \<comment> \<open>ordinal for a specific value @{term y}\<close>
+ fixes FF \<comment> \<open>sup over the whole level, @{term "y\<in>Mset(a)"}\<close>
+ fixes ClEx \<comment> \<open>Reflecting ordinals for the formula @{term "\<exists>z. P"}\<close>
defines "F0(P,y) == \<mu> b. (\<exists>z. M(z) & P(<y,z>)) \<longrightarrow>
(\<exists>z\<in>Mset(b). P(<y,z>))"
and "FF(P) == \<lambda>a. \<Union>y\<in>Mset(a). F0(P,y)"
@@ -136,9 +136,9 @@
text\<open>Locale for the induction hypothesis\<close>
locale ex_reflection = reflection +
- fixes P \<comment>"the original formula"
- fixes Q \<comment>"the reflected formula"
- fixes Cl \<comment>"the class of reflecting ordinals"
+ fixes P \<comment> \<open>the original formula\<close>
+ fixes Q \<comment> \<open>the reflected formula\<close>
+ fixes Cl \<comment> \<open>the class of reflecting ordinals\<close>
assumes Cl_reflects: "[| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x)"
lemma (in ex_reflection) ClEx_downward:
--- a/src/ZF/Constructible/Relative.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Relative.thy Tue Jan 16 09:30:00 2018 +0100
@@ -123,7 +123,7 @@
definition
is_range :: "[i=>o,i,i] => o" where
- \<comment>\<open>the cleaner
+ \<comment> \<open>the cleaner
@{term "\<exists>r'[M]. is_converse(M,r,r') & is_domain(M,r',z)"}
unfortunately needs an instance of separation in order to prove
@{term "M(converse(r))"}.\<close>
@@ -200,32 +200,32 @@
definition
ordinal :: "[i=>o,i] => o" where
- \<comment>\<open>an ordinal is a transitive set of transitive sets\<close>
+ \<comment> \<open>an ordinal is a transitive set of transitive sets\<close>
"ordinal(M,a) == transitive_set(M,a) & (\<forall>x[M]. x\<in>a \<longrightarrow> transitive_set(M,x))"
definition
limit_ordinal :: "[i=>o,i] => o" where
- \<comment>\<open>a limit ordinal is a non-empty, successor-closed ordinal\<close>
+ \<comment> \<open>a limit ordinal is a non-empty, successor-closed ordinal\<close>
"limit_ordinal(M,a) ==
ordinal(M,a) & ~ empty(M,a) &
(\<forall>x[M]. x\<in>a \<longrightarrow> (\<exists>y[M]. y\<in>a & successor(M,x,y)))"
definition
successor_ordinal :: "[i=>o,i] => o" where
- \<comment>\<open>a successor ordinal is any ordinal that is neither empty nor limit\<close>
+ \<comment> \<open>a successor ordinal is any ordinal that is neither empty nor limit\<close>
"successor_ordinal(M,a) ==
ordinal(M,a) & ~ empty(M,a) & ~ limit_ordinal(M,a)"
definition
finite_ordinal :: "[i=>o,i] => o" where
- \<comment>\<open>an ordinal is finite if neither it nor any of its elements are limit\<close>
+ \<comment> \<open>an ordinal is finite if neither it nor any of its elements are limit\<close>
"finite_ordinal(M,a) ==
ordinal(M,a) & ~ limit_ordinal(M,a) &
(\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x))"
definition
omega :: "[i=>o,i] => o" where
- \<comment>\<open>omega is a limit ordinal none of whose elements are limit\<close>
+ \<comment> \<open>omega is a limit ordinal none of whose elements are limit\<close>
"omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x))"
definition
@@ -245,7 +245,7 @@
definition
Relation1 :: "[i=>o, i, [i,i]=>o, i=>i] => o" where
- \<comment>\<open>as above, but typed\<close>
+ \<comment> \<open>as above, but typed\<close>
"Relation1(M,A,is_f,f) ==
\<forall>x[M]. \<forall>y[M]. x\<in>A \<longrightarrow> is_f(x,y) \<longleftrightarrow> y = f(x)"
@@ -294,7 +294,7 @@
definition
separation :: "[i=>o, i=>o] => o" where
- \<comment>\<open>The formula \<open>P\<close> should only involve parameters
+ \<comment> \<open>The formula \<open>P\<close> should only involve parameters
belonging to \<open>M\<close> and all its quantifiers must be relativized
to \<open>M\<close>. We do not have separation as a scheme; every instance
that we need must be assumed (and later proved) separately.\<close>
@@ -515,7 +515,7 @@
\<forall>y[M]. y \<in> B \<longleftrightarrow> (\<exists>p[M]. p\<in>r & y \<in> A & pair(M,y,x,p))"
definition
- membership :: "[i=>o,i,i] => o" where \<comment>\<open>membership relation\<close>
+ membership :: "[i=>o,i,i] => o" where \<comment> \<open>membership relation\<close>
"membership(M,A,r) ==
\<forall>p[M]. p \<in> r \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>A & x\<in>y & pair(M,x,y,p)))"
@@ -992,7 +992,7 @@
pair(M,f,b,p) & pair(M,n,b,nb) & is_cons(M,nb,f,cnbf) &
upair(M,cnbf,cnbf,z))"
and is_recfun_separation:
- \<comment>\<open>for well-founded recursion: used to prove \<open>is_recfun_equal\<close>\<close>
+ \<comment> \<open>for well-founded recursion: used to prove \<open>is_recfun_equal\<close>\<close>
"[| M(r); M(f); M(g); M(a); M(b) |]
==> separation(M,
\<lambda>x. \<exists>xa[M]. \<exists>xb[M].
@@ -1428,12 +1428,12 @@
definition
is_Nil :: "[i=>o, i] => o" where
- \<comment>\<open>because @{prop "[] \<equiv> Inl(0)"}\<close>
+ \<comment> \<open>because @{prop "[] \<equiv> Inl(0)"}\<close>
"is_Nil(M,xs) == \<exists>zero[M]. empty(M,zero) & is_Inl(M,zero,xs)"
definition
is_Cons :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>because @{prop "Cons(a, l) \<equiv> Inr(\<langle>a,l\<rangle>)"}\<close>
+ \<comment> \<open>because @{prop "Cons(a, l) \<equiv> Inr(\<langle>a,l\<rangle>)"}\<close>
"is_Cons(M,a,l,Z) == \<exists>p[M]. pair(M,a,l,p) & is_Inr(M,p,Z)"
@@ -1461,13 +1461,13 @@
definition
list_case' :: "[i, [i,i]=>i, i] => i" where
- \<comment>\<open>A version of @{term list_case} that's always defined.\<close>
+ \<comment> \<open>A version of @{term list_case} that's always defined.\<close>
"list_case'(a,b,xs) ==
if quasilist(xs) then list_case(a,b,xs) else 0"
definition
is_list_case :: "[i=>o, i, [i,i,i]=>o, i, i] => o" where
- \<comment>\<open>Returns 0 for non-lists\<close>
+ \<comment> \<open>Returns 0 for non-lists\<close>
"is_list_case(M, a, is_b, xs, z) ==
(is_Nil(M,xs) \<longrightarrow> z=a) &
(\<forall>x[M]. \<forall>l[M]. is_Cons(M,x,l,xs) \<longrightarrow> is_b(x,l,z)) &
@@ -1475,17 +1475,17 @@
definition
hd' :: "i => i" where
- \<comment>\<open>A version of @{term hd} that's always defined.\<close>
+ \<comment> \<open>A version of @{term hd} that's always defined.\<close>
"hd'(xs) == if quasilist(xs) then hd(xs) else 0"
definition
tl' :: "i => i" where
- \<comment>\<open>A version of @{term tl} that's always defined.\<close>
+ \<comment> \<open>A version of @{term tl} that's always defined.\<close>
"tl'(xs) == if quasilist(xs) then tl(xs) else 0"
definition
is_hd :: "[i=>o,i,i] => o" where
- \<comment>\<open>@{term "hd([]) = 0"} no constraints if not a list.
+ \<comment> \<open>@{term "hd([]) = 0"} no constraints if not a list.
Avoiding implication prevents the simplifier's looping.\<close>
"is_hd(M,xs,H) ==
(is_Nil(M,xs) \<longrightarrow> empty(M,H)) &
@@ -1494,7 +1494,7 @@
definition
is_tl :: "[i=>o,i,i] => o" where
- \<comment>\<open>@{term "tl([]) = []"}; see comments about @{term is_hd}\<close>
+ \<comment> \<open>@{term "tl([]) = []"}; see comments about @{term is_hd}\<close>
"is_tl(M,xs,T) ==
(is_Nil(M,xs) \<longrightarrow> T=xs) &
(\<forall>x[M]. \<forall>l[M]. ~ is_Cons(M,x,l,xs) | T=l) &
--- a/src/ZF/Constructible/Satisfies_absolute.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Satisfies_absolute.thy Tue Jan 16 09:30:00 2018 +0100
@@ -176,7 +176,7 @@
definition
is_depth_apply :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>Merely a useful abbreviation for the sequel.\<close>
+ \<comment> \<open>Merely a useful abbreviation for the sequel.\<close>
"is_depth_apply(M,h,p,z) ==
\<exists>dp[M]. \<exists>sdp[M]. \<exists>hsdp[M].
finite_ordinal(M,dp) & is_depth(M,p,dp) & successor(M,dp,sdp) &
@@ -216,7 +216,7 @@
definition
satisfies_is_b :: "[i=>o,i,i,i,i]=>o" where
- \<comment>\<open>We simplify the formula to have just @{term nx} rather than
+ \<comment> \<open>We simplify the formula to have just @{term nx} rather than
introducing @{term ny} with @{term "nx=ny"}\<close>
"satisfies_is_b(M,A) ==
\<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
@@ -259,7 +259,7 @@
definition
satisfies_MH :: "[i=>o,i,i,i,i]=>o" where
- \<comment>\<open>The variable @{term u} is unused, but gives @{term satisfies_MH}
+ \<comment> \<open>The variable @{term u} is unused, but gives @{term satisfies_MH}
the correct arity.\<close>
"satisfies_MH ==
\<lambda>M A u f z.
@@ -327,11 +327,11 @@
pair(M,env,bo,z))"
and
formula_rec_replacement:
- \<comment>\<open>For the @{term transrec}\<close>
+ \<comment> \<open>For the @{term transrec}\<close>
"[|n \<in> nat; M(A)|] ==> transrec_replacement(M, satisfies_MH(M,A), n)"
and
formula_rec_lambda_replacement:
- \<comment>\<open>For the \<open>\<lambda>-abstraction\<close> in the @{term transrec} body\<close>
+ \<comment> \<open>For the \<open>\<lambda>-abstraction\<close> in the @{term transrec} body\<close>
"[|M(g); M(A)|] ==>
strong_replacement (M,
\<lambda>x y. mem_formula(M,x) &
@@ -959,7 +959,7 @@
is_wfrec_reflection)
lemma formula_rec_replacement:
- \<comment>\<open>For the @{term transrec}\<close>
+ \<comment> \<open>For the @{term transrec}\<close>
"[|n \<in> nat; L(A)|] ==> transrec_replacement(L, satisfies_MH(L,A), n)"
apply (rule transrec_replacementI, simp add: nat_into_M)
apply (rule strong_replacementI)
@@ -995,7 +995,7 @@
satisfies_is_d_reflection)
lemma formula_rec_lambda_replacement:
- \<comment>\<open>For the @{term transrec}\<close>
+ \<comment> \<open>For the @{term transrec}\<close>
"[|L(g); L(A)|] ==>
strong_replacement (L,
\<lambda>x y. mem_formula(L,x) &
--- a/src/ZF/Constructible/Separation.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Separation.thy Tue Jan 16 09:30:00 2018 +0100
@@ -274,7 +274,7 @@
by (intro FOL_reflections function_reflections fun_plus_reflections)
lemma is_recfun_separation:
- \<comment>\<open>for well-founded recursion\<close>
+ \<comment> \<open>for well-founded recursion\<close>
"[| L(r); L(f); L(g); L(a); L(b) |]
==> separation(L,
\<lambda>x. \<exists>xa[L]. \<exists>xb[L].
--- a/src/ZF/Constructible/WF_absolute.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/WF_absolute.thy Tue Jan 16 09:30:00 2018 +0100
@@ -60,7 +60,7 @@
definition
rtran_closure_mem :: "[i=>o,i,i,i] => o" where
- \<comment>\<open>The property of belonging to \<open>rtran_closure(r)\<close>\<close>
+ \<comment> \<open>The property of belonging to \<open>rtran_closure(r)\<close>\<close>
"rtran_closure_mem(M,A,r,p) ==
\<exists>nnat[M]. \<exists>n[M]. \<exists>n'[M].
omega(M,nnat) & n\<in>nnat & successor(M,n,n') &
--- a/src/ZF/Constructible/WFrec.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/WFrec.thy Tue Jan 16 09:30:00 2018 +0100
@@ -180,7 +180,7 @@
==> restrict(Y, r -`` {x}) = f"
apply (subgoal_tac "\<forall>y \<in> r-``{x}. \<forall>z. <y,z>:Y \<longleftrightarrow> <y,z>:f")
apply (simp (no_asm_simp) add: restrict_def)
- apply (thin_tac "rall(M,P)" for P)+ \<comment>\<open>essential for efficiency\<close>
+ apply (thin_tac "rall(M,P)" for P)+ \<comment> \<open>essential for efficiency\<close>
apply (frule is_recfun_type [THEN fun_is_rel], blast)
apply (frule pair_components_in_M, assumption, clarify)
apply (rule iffI)
--- a/src/ZF/Constructible/Wellorderings.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Constructible/Wellorderings.thy Tue Jan 16 09:30:00 2018 +0100
@@ -32,18 +32,18 @@
definition
wellfounded :: "[i=>o,i]=>o" where
- \<comment>\<open>EVERY non-empty set has an \<open>r\<close>-minimal element\<close>
+ \<comment> \<open>EVERY non-empty set has an \<open>r\<close>-minimal element\<close>
"wellfounded(M,r) ==
\<forall>x[M]. x\<noteq>0 \<longrightarrow> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
definition
wellfounded_on :: "[i=>o,i,i]=>o" where
- \<comment>\<open>every non-empty SUBSET OF \<open>A\<close> has an \<open>r\<close>-minimal element\<close>
+ \<comment> \<open>every non-empty SUBSET OF \<open>A\<close> has an \<open>r\<close>-minimal element\<close>
"wellfounded_on(M,A,r) ==
\<forall>x[M]. x\<noteq>0 \<longrightarrow> x\<subseteq>A \<longrightarrow> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
definition
wellordered :: "[i=>o,i,i]=>o" where
- \<comment>\<open>linear and wellfounded on \<open>A\<close>\<close>
+ \<comment> \<open>linear and wellfounded on \<open>A\<close>\<close>
"wellordered(M,A,r) ==
transitive_rel(M,A,r) & linear_rel(M,A,r) & wellfounded_on(M,A,r)"
--- a/src/ZF/EquivClass.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/EquivClass.thy Tue Jan 16 09:30:00 2018 +0100
@@ -27,7 +27,7 @@
abbreviation
RESPECTS2 ::"[i=>i=>i, i] => o" (infixr "respects2 " 80) where
"f respects2 r == congruent2(r,r,f)"
- \<comment>\<open>Abbreviation for the common case where the relations are identical\<close>
+ \<comment> \<open>Abbreviation for the common case where the relations are identical\<close>
subsection\<open>Suppes, Theorem 70:
--- a/src/ZF/Induct/Binary_Trees.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Induct/Binary_Trees.thy Tue Jan 16 09:30:00 2018 +0100
@@ -21,11 +21,11 @@
by (induct arbitrary: x r set: bt) auto
lemma Br_iff: "Br(a, l, r) = Br(a', l', r') \<longleftrightarrow> a = a' & l = l' & r = r'"
- \<comment> "Proving a freeness theorem."
+ \<comment> \<open>Proving a freeness theorem.\<close>
by (fast elim!: bt.free_elims)
inductive_cases BrE: "Br(a, l, r) \<in> bt(A)"
- \<comment> "An elimination rule, for type-checking."
+ \<comment> \<open>An elimination rule, for type-checking.\<close>
text \<open>
\medskip Lemmas to justify using @{term bt} in other recursive type
--- a/src/ZF/Int_ZF.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Int_ZF.thy Tue Jan 16 09:30:00 2018 +0100
@@ -17,11 +17,11 @@
"int == (nat*nat)//intrel"
definition
- int_of :: "i=>i" \<comment>\<open>coercion from nat to int\<close> ("$# _" [80] 80) where
+ int_of :: "i=>i" \<comment> \<open>coercion from nat to int\<close> ("$# _" [80] 80) where
"$# m == intrel `` {<natify(m), 0>}"
definition
- intify :: "i=>i" \<comment>\<open>coercion from ANYTHING to int\<close> where
+ intify :: "i=>i" \<comment> \<open>coercion from ANYTHING to int\<close> where
"intify(m) == if m \<in> int then m else $#0"
definition
@@ -50,7 +50,7 @@
definition
zmagnitude :: "i=>i" where
- \<comment>\<open>could be replaced by an absolute value function from int to int?\<close>
+ \<comment> \<open>could be replaced by an absolute value function from int to int?\<close>
"zmagnitude(z) ==
THE m. m\<in>nat & ((~ znegative(z) & z = $# m) |
(znegative(z) & $- z = $# m))"
--- a/src/ZF/List_ZF.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/List_ZF.thy Tue Jan 16 09:30:00 2018 +0100
@@ -98,7 +98,7 @@
definition
nth :: "[i, i]=>i" where
- \<comment>\<open>returns the (n+1)th element of a list, or 0 if the
+ \<comment> \<open>returns the (n+1)th element of a list, or 0 if the
list is too short.\<close>
"nth(n, as) == list_rec(\<lambda>n\<in>nat. 0,
%a l r. \<lambda>n\<in>nat. nat_case(a, %m. r`m, n), as) ` n"
--- a/src/ZF/OrderArith.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/OrderArith.thy Tue Jan 16 09:30:00 2018 +0100
@@ -87,7 +87,7 @@
lemma wf_on_radd: "[| wf[A](r); wf[B](s) |] ==> wf[A+B](radd(A,r,B,s))"
apply (rule wf_onI2)
apply (subgoal_tac "\<forall>x\<in>A. Inl (x) \<in> Ba")
- \<comment>\<open>Proving the lemma, which is needed twice!\<close>
+ \<comment> \<open>Proving the lemma, which is needed twice!\<close>
prefer 2
apply (erule_tac V = "y \<in> A + B" in thin_rl)
apply (rule_tac ballI)
--- a/src/ZF/UNITY/AllocBase.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/UNITY/AllocBase.thy Tue Jan 16 09:30:00 2018 +0100
@@ -45,11 +45,11 @@
"all_distinct(l) == all_distinct0(l)=1"
definition
- state_of :: "i =>i" \<comment>\<open>coersion from anyting to state\<close> where
+ state_of :: "i =>i" \<comment> \<open>coersion from anyting to state\<close> where
"state_of(s) == if s \<in> state then s else st0"
definition
- lift :: "i =>(i=>i)" \<comment>\<open>simplifies the expression of programs\<close> where
+ lift :: "i =>(i=>i)" \<comment> \<open>simplifies the expression of programs\<close> where
"lift(x) == %s. s`x"
text\<open>function to show that the set of variables is infinite\<close>
--- a/src/ZF/UNITY/Distributor.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/UNITY/Distributor.thy Tue Jan 16 09:30:00 2018 +0100
@@ -37,10 +37,10 @@
distr_follows(A, In, iIn, Out) \<inter> distr_allowed_acts(Out)"
locale distr =
- fixes In \<comment>\<open>items to distribute\<close>
- and iIn \<comment>\<open>destinations of items to distribute\<close>
- and Out \<comment>\<open>distributed items\<close>
- and A \<comment>\<open>the type of items being distributed\<close>
+ fixes In \<comment> \<open>items to distribute\<close>
+ and iIn \<comment> \<open>destinations of items to distribute\<close>
+ and Out \<comment> \<open>distributed items\<close>
+ and A \<comment> \<open>the type of items being distributed\<close>
and D
assumes
var_assumes [simp]: "In \<in> var & iIn \<in> var & (\<forall>n. Out(n):var)"
--- a/src/ZF/UNITY/Merge.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/UNITY/Merge.thy Tue Jan 16 09:30:00 2018 +0100
@@ -64,10 +64,10 @@
(** State definitions. OUTPUT variables are locals **)
locale merge =
- fixes In \<comment>\<open>merge's INPUT histories: streams to merge\<close>
- and Out \<comment>\<open>merge's OUTPUT history: merged items\<close>
- and iOut \<comment>\<open>merge's OUTPUT history: origins of merged items\<close>
- and A \<comment>\<open>the type of items being merged\<close>
+ fixes In \<comment> \<open>merge's INPUT histories: streams to merge\<close>
+ and Out \<comment> \<open>merge's OUTPUT history: merged items\<close>
+ and iOut \<comment> \<open>merge's OUTPUT history: origins of merged items\<close>
+ and A \<comment> \<open>the type of items being merged\<close>
and M
assumes var_assumes [simp]:
"(\<forall>n. In(n):var) & Out \<in> var & iOut \<in> var"
--- a/src/ZF/UNITY/Mutex.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/UNITY/Mutex.thy Tue Jan 16 09:30:00 2018 +0100
@@ -27,7 +27,7 @@
abbreviation "u == Var([0,1])"
abbreviation "v == Var([1,0])"
-axiomatization where \<comment>\<open>* Type declarations *\<close>
+axiomatization where \<comment> \<open>* Type declarations *\<close>
p_type: "type_of(p)=bool & default_val(p)=0" and
m_type: "type_of(m)=int & default_val(m)=#0" and
n_type: "type_of(n)=int & default_val(n)=#0" and
--- a/src/ZF/UNITY/UNITY.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/UNITY/UNITY.thy Tue Jan 16 09:30:00 2018 +0100
@@ -20,7 +20,7 @@
definition
mk_program :: "[i,i,i]=>i" where
- \<comment>\<open>The definition yields a program thanks to the coercions
+ \<comment> \<open>The definition yields a program thanks to the coercions
init \<inter> state, acts \<inter> Pow(state*state), etc.\<close>
"mk_program(init, acts, allowed) ==
<init \<inter> state, cons(id(state), acts \<inter> Pow(state*state)),
@@ -70,7 +70,7 @@
definition "constrains" :: "[i, i] => i" (infixl "co" 60) where
"A co B == {F \<in> program. (\<forall>act \<in> Acts(F). act``A\<subseteq>B) & st_set(A)}"
- \<comment>\<open>the condition @{term "st_set(A)"} makes the definition slightly
+ \<comment> \<open>the condition @{term "st_set(A)"} makes the definition slightly
stronger than the HOL one\<close>
definition unless :: "[i, i] => i" (infixl "unless" 60) where
--- a/src/ZF/WF.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/WF.thy Tue Jan 16 09:30:00 2018 +0100
@@ -287,7 +287,7 @@
apply (rule_tac f = "\<lambda>y\<in>r-``{a1}. wftrec (r,y,H)" in is_the_recfun)
apply typecheck
apply (unfold is_recfun_def wftrec_def)
- \<comment>\<open>Applying the substitution: must keep the quantified assumption!\<close>
+ \<comment> \<open>Applying the substitution: must keep the quantified assumption!\<close>
apply (rule lam_cong [OF refl])
apply (drule underD)
apply (fold is_recfun_def)
--- a/src/ZF/ZF_Base.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/ZF_Base.thy Tue Jan 16 09:30:00 2018 +0100
@@ -635,8 +635,8 @@
declare Pow_iff [iff]
-lemmas Pow_bottom = empty_subsetI [THEN PowI] \<comment>\<open>@{term"0 \<in> Pow(B)"}\<close>
-lemmas Pow_top = subset_refl [THEN PowI] \<comment>\<open>@{term"A \<in> Pow(A)"}\<close>
+lemmas Pow_bottom = empty_subsetI [THEN PowI] \<comment> \<open>@{term"0 \<in> Pow(B)"}\<close>
+lemmas Pow_top = subset_refl [THEN PowI] \<comment> \<open>@{term"A \<in> Pow(A)"}\<close>
subsection\<open>Cantor's Theorem: There is no surjection from a set to its powerset.\<close>
--- a/src/ZF/Zorn.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/Zorn.thy Tue Jan 16 09:30:00 2018 +0100
@@ -449,7 +449,7 @@
shows "\<exists>m\<in>field(r). \<forall>a\<in>field(r). <m, a> \<in> r \<longrightarrow> a = m"
proof -
have "Preorder(r)" using po by (simp add: partial_order_on_def)
- \<comment>\<open>Mirror r in the set of subsets below (wrt r) elements of A (?).\<close>
+ \<comment> \<open>Mirror r in the set of subsets below (wrt r) elements of A (?).\<close>
let ?B = "\<lambda>x\<in>field(r). r -`` {x}" let ?S = "?B `` field(r)"
have "\<forall>C\<in>chain(?S). \<exists>U\<in>?S. \<forall>A\<in>C. A \<subseteq> U"
proof (clarsimp simp: chain_def Subset_rel_def bex_image_simp)
--- a/src/ZF/ex/Group.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/ex/Group.thy Tue Jan 16 09:30:00 2018 +0100
@@ -628,7 +628,7 @@
lemma (in group) coset_join2:
"\<lbrakk>x \<in> carrier(G); subgroup(H,G); x\<in>H\<rbrakk> \<Longrightarrow> H #> x = H"
- \<comment>\<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
+ \<comment> \<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
by (force simp add: subgroup.m_closed r_coset_def solve_equation)
lemma (in group) r_coset_subset_G:
@@ -1021,7 +1021,7 @@
definition
FactGroup :: "[i,i] => i" (infixl "Mod" 65) where
- \<comment>\<open>Actually defined for groups rather than monoids\<close>
+ \<comment> \<open>Actually defined for groups rather than monoids\<close>
"G Mod H ==
<rcosets\<^bsub>G\<^esub> H, \<lambda><K1,K2> \<in> (rcosets\<^bsub>G\<^esub> H) \<times> (rcosets\<^bsub>G\<^esub> H). K1 <#>\<^bsub>G\<^esub> K2, H, 0>"
@@ -1085,7 +1085,7 @@
definition
kernel :: "[i,i,i] => i" where
- \<comment>\<open>the kernel of a homomorphism\<close>
+ \<comment> \<open>the kernel of a homomorphism\<close>
"kernel(G,H,h) == {x \<in> carrier(G). h ` x = \<one>\<^bsub>H\<^esub>}"
lemma (in group_hom) subgroup_kernel: "subgroup (kernel(G,H,h), G)"
@@ -1215,7 +1215,7 @@
hence "(\<Union>x\<in>kernel(G,H,h) #> g. {h ` x}) = {y}"
by (auto simp add: y kernel_def r_coset_def)
with g show "\<exists>x\<in>carrier(G Mod kernel(G, H, h)). contents(h `` x) = y"
- \<comment>\<open>The witness is @{term "kernel(G,H,h) #> g"}\<close>
+ \<comment> \<open>The witness is @{term "kernel(G,H,h) #> g"}\<close>
by (force simp add: FactGroup_def RCOSETS_def
image_eq_UN [OF hom_is_fun] kernel_rcoset_subset)
qed
--- a/src/ZF/ex/Limit.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/ex/Limit.thy Tue Jan 16 09:30:00 2018 +0100
@@ -1295,7 +1295,7 @@
apply (simp add: Dinf_def [symmetric])
apply (rule ballI)
apply (simplesubst lub_iprod)
- \<comment>\<open>Subst would rewrite the lhs. We want to change the rhs.\<close>
+ \<comment> \<open>Subst would rewrite the lhs. We want to change the rhs.\<close>
apply (assumption | rule chain_Dinf emb_chain_cpo)+
apply simp
apply (subst Rp_cont [THEN cont_lub])
@@ -1736,7 +1736,7 @@
apply blast
apply assumption
apply (simplesubst eps_split_right_le)
- \<comment>\<open>Subst would rewrite the lhs. We want to change the rhs.\<close>
+ \<comment> \<open>Subst would rewrite the lhs. We want to change the rhs.\<close>
prefer 2 apply assumption
apply simp
apply (assumption | rule add_le_self nat_0I nat_succI)+
--- a/src/ZF/ex/Primes.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/ex/Primes.thy Tue Jan 16 09:30:00 2018 +0100
@@ -12,22 +12,22 @@
"m dvd n == m \<in> nat & n \<in> nat & (\<exists>k \<in> nat. n = m#*k)"
definition
- is_gcd :: "[i,i,i]=>o" \<comment>\<open>definition of great common divisor\<close> where
+ is_gcd :: "[i,i,i]=>o" \<comment> \<open>definition of great common divisor\<close> where
"is_gcd(p,m,n) == ((p dvd m) & (p dvd n)) &
(\<forall>d\<in>nat. (d dvd m) & (d dvd n) \<longrightarrow> d dvd p)"
definition
- gcd :: "[i,i]=>i" \<comment>\<open>Euclid's algorithm for the gcd\<close> where
+ gcd :: "[i,i]=>i" \<comment> \<open>Euclid's algorithm for the gcd\<close> where
"gcd(m,n) == transrec(natify(n),
%n f. \<lambda>m \<in> nat.
if n=0 then m else f`(m mod n)`n) ` natify(m)"
definition
- coprime :: "[i,i]=>o" \<comment>\<open>the coprime relation\<close> where
+ coprime :: "[i,i]=>o" \<comment> \<open>the coprime relation\<close> where
"coprime(m,n) == gcd(m,n) = 1"
definition
- prime :: i \<comment>\<open>the set of prime numbers\<close> where
+ prime :: i \<comment> \<open>the set of prime numbers\<close> where
"prime == {p \<in> nat. 1<p & (\<forall>m \<in> nat. m dvd p \<longrightarrow> m=1 | m=p)}"
--- a/src/ZF/ex/Ramsey.thy Tue Jan 16 09:12:16 2018 +0100
+++ b/src/ZF/ex/Ramsey.thy Tue Jan 16 09:30:00 2018 +0100
@@ -31,7 +31,7 @@
"Symmetric(E) == (\<forall>x y. <x,y>:E \<longrightarrow> <y,x>:E)"
definition
- Atleast :: "[i,i]=>o" where \<comment> "not really necessary: ZF defines cardinality"
+ Atleast :: "[i,i]=>o" where \<comment> \<open>not really necessary: ZF defines cardinality\<close>
"Atleast(n,S) == (\<exists>f. f \<in> inj(n,S))"
definition