--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/HOL/UNITY/Extend.ML Wed Mar 03 10:32:35 1999 +0100
@@ -0,0 +1,388 @@
+(* Title: HOL/UNITY/Extend.ML
+ ID: $Id$
+ Author: Lawrence C Paulson, Cambridge University Computer Laboratory
+ Copyright 1999 University of Cambridge
+
+Extending of state sets
+ function f (forget) maps the extended state to the original state
+ function g (forgotten) maps the extended state to the "extending part"
+*)
+
+ Goal "inj f ==> (f a : f``A) = (a : A)";
+ by (blast_tac (claset() addDs [injD]) 1);
+ qed "inj_image_mem_iff";
+
+
+ Goal "inj f ==> (f``A = f``B) = (A = B)";
+ by (blast_tac (claset() addSEs [equalityE]
+ addDs [injD]) 1);
+ qed "inj_image_eq_iff";
+
+
+val rinst = read_instantiate_sg (sign_of thy);
+
+ (*** General lemmas ***)
+
+Open_locale "Extend";
+
+val slice_def = thm "slice_def";
+val f_act_def = thm "f_act_def";
+
+(*** Trivial properties of f, g, h ***)
+
+val inj_h = thm "inj_h";
+val surj_h = thm "surj_h";
+Addsimps [inj_h, inj_h RS inj_eq, surj_h];
+
+val f_def = thm "f_def";
+val g_def = thm "g_def";
+
+Goal "f(h(x,y)) = x";
+by (simp_tac (simpset() addsimps [f_def]) 1);
+qed "f_h_eq";
+Addsimps [f_h_eq];
+
+Goal "g(h(x,y)) = y";
+by (simp_tac (simpset() addsimps [g_def]) 1);
+qed "g_h_eq";
+Addsimps [g_h_eq];
+
+Goal "h(f z, g z) = z";
+by (cut_inst_tac [("y", "z")] (surj_h RS surjD) 1);
+by Auto_tac;
+qed "h_f_g_eq";
+
+
+(*** extend_set: basic properties ***)
+
+Goalw [extend_set_def]
+ "(h(x,y)) : extend_set h A = (x : A)";
+by Auto_tac;
+qed "mem_extend_set_iff";
+AddIffs [mem_extend_set_iff];
+
+Goal "inj (extend_set h)";
+by (rtac injI 1);
+by (rewtac extend_set_def);
+by (etac equalityE 1);
+by (blast_tac (claset() addSDs [inj_h RS inj_image_mem_iff RS iffD1]) 1);
+qed "inj_extend_set";
+
+Goalw [extend_set_def]
+ "extend_set h (A Un B) = extend_set h A Un extend_set h B";
+by Auto_tac;
+qed "extend_set_Un_distrib";
+
+Goalw [extend_set_def]
+ "extend_set h (A Int B) = extend_set h A Int extend_set h B";
+by Auto_tac;
+qed "extend_set_Int_distrib";
+
+Goalw [extend_set_def]
+ "extend_set h (A - B) = extend_set h A - extend_set h B";
+by Auto_tac;
+qed "extend_set_Diff_distrib";
+
+Goalw [extend_set_def] "extend_set h (Union A) = (UN X:A. extend_set h X)";
+by (Blast_tac 1);
+qed "extend_set_Union";
+
+Goalw [extend_set_def]
+ "(extend_set h A <= - extend_set h B) = (A <= - B)";
+by Auto_tac;
+qed "extend_set_subset_Compl_eq";
+
+
+Goalw [extend_set_def] "f `` extend_set h A = A";
+by Auto_tac;
+by (blast_tac (claset() addIs [f_h_eq RS sym]) 1);
+qed "f_image_extend_set";
+Addsimps [f_image_extend_set];
+
+
+(*** extend_act ***)
+
+Goalw [extend_act_def]
+ "((h(s,y), h(s',y)) : extend_act h act) = ((s, s') : act)";
+by Auto_tac;
+qed "mem_extend_act_iff";
+AddIffs [mem_extend_act_iff];
+
+Goal "inj (extend_act h)";
+by (rtac injI 1);
+by (rewtac extend_act_def);
+by (force_tac (claset() addSEs [equalityE]
+ addIs [h_f_g_eq RS sym],
+ simpset()) 1);
+qed "inj_extend_act";
+
+Goalw [extend_set_def, extend_act_def]
+ "extend_act h act ^^ (extend_set h A) = extend_set h (act ^^ A)";
+by (Force_tac 1);
+qed "extend_act_Image";
+Addsimps [extend_act_Image];
+
+Goalw [extend_set_def, extend_act_def]
+ "(extend_set h A <= extend_set h B) = (A <= B)";
+by (Force_tac 1);
+qed "extend_set_strict_mono";
+Addsimps [extend_set_strict_mono];
+
+Goalw [extend_set_def, extend_act_def]
+ "Domain (extend_act h act) = extend_set h (Domain act)";
+by (Force_tac 1);
+qed "Domain_extend_act";
+
+Goalw [extend_set_def, extend_act_def]
+ "extend_act h Id = Id";
+by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1);
+qed "extend_act_Id";
+Addsimps [extend_act_Id];
+
+Goal "Id : extend_act h `` Acts F";
+by (auto_tac (claset() addSIs [extend_act_Id RS sym],
+ simpset() addsimps [image_iff]));
+qed "Id_mem_extend_act";
+
+
+(**** extend ****)
+
+(*** Basic properties ***)
+
+Goalw [extend_set_def, extend_def]
+ "Init (extend h F) = extend_set h (Init F)";
+by Auto_tac;
+qed "Init_extend";
+
+Goal "Acts (extend h F) = (extend_act h `` Acts F)";
+by (auto_tac (claset() addSIs [extend_act_Id RS sym],
+ simpset() addsimps [extend_def, image_iff]));
+qed "Acts_extend";
+
+Addsimps [Init_extend, Acts_extend];
+
+Goalw [SKIP_def] "extend h SKIP = SKIP";
+by (rtac program_equalityI 1);
+by (auto_tac (claset() addIs [h_f_g_eq RS sym],
+ simpset() addsimps [extend_set_def]));
+qed "extend_SKIP";
+Addsimps [extend_SKIP];
+
+Goal "inj (extend h)";
+by (rtac injI 1);
+by (rewtac extend_def);
+by (etac program_equalityE 1);
+by (full_simp_tac
+ (simpset() addsimps [inj_extend_set RS inj_eq,
+ inj_extend_act RS inj_image_eq_iff,
+ Id_mem_extend_act RS insert_absorb]) 1);
+by (blast_tac (claset() addIs [program_equalityI]) 1);
+qed "inj_extend";
+
+Goal "extend h (F Join G) = extend h F Join extend h G";
+by (rtac program_equalityI 1);
+by (simp_tac (simpset() addsimps [image_Un, Acts_Join]) 2);
+by (simp_tac (simpset() addsimps [extend_set_Int_distrib]) 1);
+qed "extend_Join";
+Addsimps [extend_Join];
+
+
+(*** Safety: constrains, stable ***)
+
+Goal "(extend h F : constrains (extend_set h A) (extend_set h B)) = \
+\ (F : constrains A B)";
+by (simp_tac (simpset() addsimps [constrains_def]) 1);
+qed "extend_constrains";
+
+Goal "(extend h F : stable (extend_set h A)) = (F : stable A)";
+by (asm_simp_tac (simpset() addsimps [stable_def, extend_constrains]) 1);
+qed "extend_stable";
+
+Goal "(extend h F : invariant (extend_set h A)) = (F : invariant A)";
+by (asm_simp_tac (simpset() addsimps [invariant_def, extend_stable]) 1);
+qed "extend_invariant";
+
+(** Substitution Axiom versions: Constrains, Stable **)
+
+Goal "p : reachable (extend h F) ==> f p : reachable F";
+by (etac reachable.induct 1);
+by (auto_tac
+ (claset() addIs reachable.intrs,
+ simpset() addsimps [extend_set_def, extend_act_def, image_iff]));
+qed "reachable_extend_f";
+
+Goal "h(s,y) : reachable (extend h F) ==> s : reachable F";
+by (force_tac (claset() addSDs [reachable_extend_f], simpset()) 1);
+qed "h_reachable_extend";
+
+Goalw [extend_set_def]
+ "reachable (extend h F) = extend_set h (reachable F)";
+by (rtac equalityI 1);
+by (force_tac (claset() addIs [h_f_g_eq RS sym]
+ addSDs [reachable_extend_f],
+ simpset()) 1);
+by (Clarify_tac 1);
+by (etac reachable.induct 1);
+by (ALLGOALS (force_tac (claset() addIs reachable.intrs,
+ simpset())));
+qed "reachable_extend_eq";
+
+Goal "(extend h F : Constrains (extend_set h A) (extend_set h B)) = \
+\ (F : Constrains A B)";
+by (simp_tac
+ (simpset() addsimps [Constrains_def, reachable_extend_eq,
+ extend_constrains, extend_set_Int_distrib RS sym]) 1);
+qed "extend_Constrains";
+
+Goal "(extend h F : Stable (extend_set h A)) = (F : Stable A)";
+by (simp_tac (simpset() addsimps [Stable_def, extend_Constrains]) 1);
+qed "extend_Stable";
+
+
+(*** Progress: transient, ensures ***)
+
+Goal "(extend h F : transient (extend_set h A)) = (F : transient A)";
+by (auto_tac (claset(),
+ simpset() addsimps [transient_def, extend_set_subset_Compl_eq,
+ Domain_extend_act]));
+qed "extend_transient";
+
+Goal "(extend h F : ensures (extend_set h A) (extend_set h B)) = \
+\ (F : ensures A B)";
+by (simp_tac
+ (simpset() addsimps [ensures_def, extend_constrains, extend_transient,
+ extend_set_Un_distrib RS sym,
+ extend_set_Diff_distrib RS sym]) 1);
+qed "extend_ensures";
+
+Goal "F : leadsTo A B \
+\ ==> extend h F : leadsTo (extend_set h A) (extend_set h B)";
+by (etac leadsTo_induct 1);
+by (asm_simp_tac (simpset() addsimps [leadsTo_UN, extend_set_Union]) 3);
+by (blast_tac (claset() addIs [leadsTo_Trans]) 2);
+by (asm_simp_tac (simpset() addsimps [leadsTo_Basis, extend_ensures]) 1);
+qed "leadsTo_imp_extend_leadsTo";
+
+(*** Proving the converse takes some doing! ***)
+
+Goalw [slice_def] "slice (Union S) y = (UN x:S. slice x y)";
+by Auto_tac;
+qed "slice_Union";
+
+Goalw [slice_def] "slice (extend_set h A) y = A";
+by Auto_tac;
+qed "slice_extend_set";
+
+Goalw [slice_def] "f``A = (UN y. slice A y)";
+by Auto_tac;
+by (blast_tac (claset() addIs [f_h_eq RS sym]) 2);
+by (best_tac (claset() addIs [h_f_g_eq RS ssubst]) 1);
+qed "image_is_UN_slice";
+
+Goalw [slice_def, transient_def]
+ "extend h F : transient A ==> F : transient (slice A y)";
+by Auto_tac;
+by (rtac bexI 1);
+by Auto_tac;
+by (force_tac (claset(), simpset() addsimps [extend_act_def]) 1);
+qed "extend_transient_slice";
+
+Goal "extend h F : ensures A B ==> F : ensures (slice A y) (f `` B)";
+by (full_simp_tac
+ (simpset() addsimps [ensures_def, extend_constrains, extend_transient,
+ image_Un RS sym,
+ extend_set_Un_distrib RS sym,
+ extend_set_Diff_distrib RS sym]) 1);
+by Safe_tac;
+by (full_simp_tac (simpset() addsimps [constrains_def, extend_act_def,
+ extend_set_def]) 1);
+by (Clarify_tac 1);
+by (ball_tac 1);
+by (full_simp_tac (simpset() addsimps [slice_def, image_iff, Image_iff]) 1);
+by (force_tac (claset() addSIs [h_f_g_eq RS sym], simpset()) 1);
+(*transient*)
+by (dtac extend_transient_slice 1);
+by (etac transient_strengthen 1);
+by (force_tac (claset() addIs [f_h_eq RS sym],
+ simpset() addsimps [slice_def]) 1);
+qed "extend_ensures_slice";
+
+Goal "ALL y. F : leadsTo (slice B y) CU ==> F : leadsTo (f `` B) CU";
+by (simp_tac (simpset() addsimps [image_is_UN_slice]) 1);
+by (blast_tac (claset() addIs [leadsTo_UN]) 1);
+qed "leadsTo_slice_image";
+
+
+Goal "extend h F : leadsTo AU BU \
+\ ==> ALL y. F : leadsTo (slice AU y) (f `` BU)";
+by (etac leadsTo_induct 1);
+by (full_simp_tac (simpset() addsimps [slice_Union]) 3);
+by (blast_tac (claset() addIs [leadsTo_UN]) 3);
+by (blast_tac (claset() addIs [leadsTo_slice_image, leadsTo_Trans]) 2);
+by (blast_tac (claset() addIs [extend_ensures_slice, leadsTo_Basis]) 1);
+qed_spec_mp "extend_leadsTo_slice";
+
+Goal "(extend h F : leadsTo (extend_set h A) (extend_set h B)) = \
+\ (F : leadsTo A B)";
+by Safe_tac;
+by (etac leadsTo_imp_extend_leadsTo 2);
+by (dtac extend_leadsTo_slice 1);
+by (full_simp_tac (simpset() addsimps [slice_extend_set]) 1);
+qed "extend_leadsto_eq";
+
+
+(*** guarantees properties ***)
+
+Goalw [f_act_def, extend_act_def] "f_act (extend_act h act1) = act1";
+by (force_tac
+ (claset() addSIs [rev_bexI],
+ simpset() addsimps [image_iff]) 1);
+qed "f_act_extend_act";
+Addsimps [f_act_extend_act];
+
+Goalw [extend_set_def]
+ "f `` (extend_set h A Int B) = (f `` extend_set h A) Int (f``B)";
+by (force_tac (claset() addIs [h_f_g_eq RS sym], simpset()) 1);
+qed "image_extend_set_Int_eq";
+
+Goal "(extend h F) Join G = extend h H ==> EX J. H = F Join J";
+by (etac program_equalityE 1);
+by (auto_tac (claset(), simpset() addsimps [Acts_Join]));
+by (res_inst_tac [("x", "mk_program(f``(Init G), f_act``Acts G)")] exI 1);
+by (rtac program_equalityI 1);
+(*Init*)
+by (REPEAT (dres_inst_tac [("f", "op `` f")] arg_cong 1));
+by (asm_full_simp_tac (simpset() addsimps [image_extend_set_Int_eq]) 1);
+(*Now for the Actions*)
+by (dres_inst_tac [("f", "op `` f_act")] arg_cong 1);
+by (asm_full_simp_tac
+ (simpset() addsimps [Acts_Join, image_Un, image_compose RS sym, o_def]) 1);
+qed "extend_Join_eq_extend_D";
+
+Goal "F : X guarantees Y \
+\ ==> extend h F : (extend h `` X) guarantees (extend h `` Y)";
+by (rtac guaranteesI 1);
+by Auto_tac;
+by (blast_tac (claset() addDs [extend_Join_eq_extend_D, guaranteesD]) 1);
+qed "guarantees_imp_extend_guarantees";
+
+Goal "extend h F : (extend h `` X) guarantees (extend h `` Y) \
+\ ==> F : X guarantees Y";
+by (rtac guaranteesI 1);
+by (rewrite_goals_tac [guarantees_def, component_def]);
+by Auto_tac;
+by (dtac spec 1);
+by (dtac (mp RS mp) 1);
+by (Blast_tac 2);
+by (blast_tac (claset() addSDs [inj_extend RS inj_image_mem_iff RS iffD1]) 2);
+by Auto_tac;
+qed "extend_guarantees_imp_guarantees";
+
+Goal "(extend h F : (extend h `` X) guarantees (extend h `` Y)) \
+\ = (F : X guarantees Y)";
+by (blast_tac (claset() addIs [guarantees_imp_extend_guarantees,
+ extend_guarantees_imp_guarantees]) 1);
+qed "extend_guarantees_eq";
+
+
+Close_locale "Extend";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/HOL/UNITY/Extend.thy Wed Mar 03 10:32:35 1999 +0100
@@ -0,0 +1,42 @@
+(* Title: HOL/UNITY/Extend.thy
+ ID: $Id$
+ Author: Lawrence C Paulson, Cambridge University Computer Laboratory
+ Copyright 1998 University of Cambridge
+
+Extending of state sets
+ function f (forget) maps the extended state to the original state
+ function g (forgotten) maps the extended state to the "extending part"
+*)
+
+Extend = Union + Comp +
+
+constdefs
+
+ extend_set :: "['a*'b => 'c, 'a set] => 'c set"
+ "extend_set h A == h `` (A Times UNIV)"
+
+ extend_act :: "['a*'b => 'c, ('a*'a) set] => ('c * 'c) set"
+ "extend_act h == (%act. UN (s,s'): act. UN y. {(h(s,y), h(s',y))})"
+
+ extend :: "['a*'b => 'c, 'a program] => 'c program"
+ "extend h F == mk_program (extend_set h (Init F),
+ extend_act h `` Acts F)"
+
+locale Extend =
+ fixes
+ f :: 'c => 'a
+ g :: 'c => 'b
+ h :: "'a*'b => 'c" (*isomorphism between 'a * 'b and 'c *)
+ slice :: ['c set, 'b] => 'a set
+ f_act :: "('c * 'c) set => ('a*'a) set"
+
+ assumes
+ inj_h "inj h"
+ surj_h "surj h"
+ defines
+ f_def "f z == fst (inv h z)"
+ g_def "g z == snd (inv h z)"
+ slice_def "slice Z y == {x. h(x,y) : Z}"
+ f_act_def "f_act act == (%(z,z'). (f z, f z')) `` act"
+
+end