src/ZF/UNITY/Follows.thy
author paulson
Wed, 09 Jul 2003 11:39:34 +0200
changeset 14093 24382760fd89
parent 14052 e9c9f69e4f63
child 14095 a1ba833d6b61
permissions -rw-r--r--
converting more theories to Isar scripts, and tidying
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     1
(*  Title:      ZF/UNITY/Follows
14093
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
     2
    ID:         $Id \<in> Follows.thy,v 1.1 2003/05/28 16:13:42 paulson Exp $
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     3
    Author:     Sidi O Ehmety, Cambridge University Computer Laboratory
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     4
    Copyright   2002  University of Cambridge
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     5
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     6
Theory ported from HOL.
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     7
*)
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
     8
14093
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
     9
header{*The "Follows" relation of Charpentier and Sivilotte*}
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    10
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    11
theory Follows = SubstAx + Increasing:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    12
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    13
constdefs
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    14
  Follows :: "[i, i, i=>i, i=>i] => i"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    15
  "Follows(A, r, f, g) == 
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    16
            Increasing(A, r, g) Int
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    17
            Increasing(A, r,f) Int
14093
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    18
            Always({s \<in> state. <f(s), g(s)>:r}) Int
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    19
           (\<Inter>k \<in> A. {s \<in> state. <k, g(s)>:r} LeadsTo {s \<in> state. <k,f(s)>:r})"
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    20
consts
14093
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    21
  Incr :: "[i=>i]=>i"   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    22
  n_Incr :: "[i=>i]=>i"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    23
  m_Incr :: "[i=>i]=>i"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    24
  s_Incr :: "[i=>i]=>i"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    25
  n_Fols :: "[i=>i, i=>i]=>i"   (infixl "n'_Fols" 65)
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    26
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    27
syntax
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    28
  Follows' :: "[i=>i, i=>i, i, i] => i"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    29
        ("(_ /Fols _ /Wrt (_ /'/ _))" [60, 0, 0, 60] 60)
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    30
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    31
  
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    32
translations
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    33
  "Incr(f)" == "Increasing(list(nat), prefix(nat), f)"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    34
  "n_Incr(f)" == "Increasing(nat, Le, f)"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    35
  "s_Incr(f)" == "Increasing(Pow(nat), SetLe(nat), f)"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    36
  "m_Incr(f)" == "Increasing(Mult(nat), MultLe(nat, Le), f)"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    37
  
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    38
  "f n_Fols g" == "Follows(nat, Le, f, g)"
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    39
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
    40
  "Follows'(f,g,r,A)" == "Follows(A,r,f,g)"
14093
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    41
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    42
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    43
(*Does this hold for "invariant"?*)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    44
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    45
lemma Follows_cong: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    46
     "[|A=A'; r=r'; !!x. x \<in> state ==> f(x)=f'(x); !!x. x \<in> state ==> g(x)=g'(x)|] ==> Follows(A, r, f, g) = Follows(A', r', f', g')"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    47
by (simp add: Increasing_def Follows_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    48
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    49
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    50
lemma subset_Always_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    51
"[| mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A & g(x):A |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    52
   Always({x \<in> state. <f(x), g(x)> \<in> r})<=Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    53
apply (unfold mono1_def metacomp_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    54
apply (auto simp add: Always_eq_includes_reachable)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    55
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    56
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    57
lemma imp_Always_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    58
"[| F \<in> Always({x \<in> state. <f(x), g(x)> \<in> r});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    59
    mono1(A, r, B, s, h); \<forall>x \<in> state. f(x):A & g(x):A |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    60
    F \<in> Always({x \<in> state. <(h comp f)(x), (h comp g)(x)> \<in> s})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    61
by (blast intro: subset_Always_comp [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    62
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    63
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    64
lemma imp_Always_comp2: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    65
"[| F \<in> Always({x \<in> state. <f1(x), f(x)> \<in> r});   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    66
    F \<in> Always({x \<in> state. <g1(x), g(x)> \<in> s});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    67
    mono2(A, r, B, s, C, t, h);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    68
    \<forall>x \<in> state. f1(x):A & f(x):A & g1(x):B & g(x):B |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    69
  ==> F \<in> Always({x \<in> state. <h(f1(x), g1(x)), h(f(x), g(x))> \<in> t})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    70
apply (auto simp add: Always_eq_includes_reachable mono2_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    71
apply (auto dest!: subsetD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    72
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    73
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    74
(* comp LeadsTo *)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    75
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    76
lemma subset_LeadsTo_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    77
"[| mono1(A, r, B, s, h); refl(A,r); trans[B](s);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    78
        \<forall>x \<in> state. f(x):A & g(x):A |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    79
  (\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} LeadsTo {s \<in> state. <j,f(s)> \<in> r}) <=  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    80
 (\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} LeadsTo {x \<in> state. <k, (h comp f)(x)> \<in> s})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    81
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    82
apply (unfold mono1_def metacomp_def, clarify)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    83
apply (simp_all (no_asm_use) add: INT_iff)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    84
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    85
apply (rule single_LeadsTo_I)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    86
prefer 2 apply (blast dest: LeadsTo_type [THEN subsetD], auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    87
apply (rotate_tac 5)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    88
apply (drule_tac x = "g (sa) " in bspec)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    89
apply (erule_tac [2] LeadsTo_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    90
apply (auto simp add: part_order_def refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    91
apply (rule_tac b = "h (g (sa))" in trans_onD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    92
apply blast
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    93
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    94
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    95
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    96
lemma imp_LeadsTo_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    97
"[| F:(\<Inter>j \<in> A. {s \<in> state. <j, g(s)> \<in> r} LeadsTo {s \<in> state. <j,f(s)> \<in> r});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    98
    mono1(A, r, B, s, h); refl(A,r); trans[B](s);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
    99
    \<forall>x \<in> state. f(x):A & g(x):A |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   100
   F:(\<Inter>k \<in> B. {x \<in> state. <k, (h comp g)(x)> \<in> s} LeadsTo {x \<in> state. <k, (h comp f)(x)> \<in> s})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   101
apply (rule subset_LeadsTo_comp [THEN subsetD], auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   102
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   103
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   104
lemma imp_LeadsTo_comp_right: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   105
"[| F \<in> Increasing(B, s, g);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   106
  \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} LeadsTo {s \<in> state. <j,f1(s)> \<in> r};  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   107
  mono2(A, r, B, s, C, t, h); refl(A, r); refl(B, s); trans[C](t);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   108
  \<forall>x \<in> state. f1(x):A & f(x):A & g(x):B; k \<in> C |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   109
  F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} LeadsTo {x \<in> state. <k, h(f1(x), g(x))> \<in> t}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   110
apply (unfold mono2_def Increasing_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   111
apply (rule single_LeadsTo_I, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   112
apply (drule_tac x = "g (sa) " and A = B in bspec)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   113
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   114
apply (drule_tac x = "f (sa) " and P = "%j. F \<in> ?X (j) \<longmapsto>w ?Y (j) " in bspec)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   115
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   116
apply (rule PSP_Stable [THEN LeadsTo_weaken], blast, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   117
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   118
apply (force simp add: part_order_def refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   119
apply (force simp add: part_order_def refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   120
apply (drule_tac x = "f1 (x) " and x1 = "f (sa) " and P2 = "%x y. \<forall>u\<in>B. ?P (x,y,u) " in bspec [THEN bspec])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   121
apply (drule_tac [3] x = "g (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) --> ?d (x,y) \<in> t" in bspec [THEN bspec])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   122
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   123
apply (rule_tac b = "h (f (sa), g (sa))" and A = C in trans_onD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   124
apply (auto simp add: part_order_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   125
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   126
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   127
lemma imp_LeadsTo_comp_left: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   128
"[| F \<in> Increasing(A, r, f);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   129
  \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} LeadsTo {x \<in> state. <j,g1(x)> \<in> s};  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   130
  mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   131
  \<forall>x \<in> state. f(x):A & g1(x):B & g(x):B; k \<in> C |] ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   132
  F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} LeadsTo {x \<in> state. <k, h(f(x), g1(x))> \<in> t}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   133
apply (unfold mono2_def Increasing_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   134
apply (rule single_LeadsTo_I, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   135
apply (drule_tac x = "f (sa) " and P = "%k. F \<in> Stable (?X (k))" in bspec)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   136
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   137
apply (drule_tac x = "g (sa) " in bspec)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   138
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   139
apply (rule PSP_Stable [THEN LeadsTo_weaken], blast, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   140
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   141
apply (force simp add: part_order_def refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   142
apply (force simp add: part_order_def refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   143
apply (drule_tac x = "f (x) " and x1 = "f (sa) " in bspec [THEN bspec])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   144
apply (drule_tac [3] x = "g1 (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) --> ?d (x,y) \<in> t" in bspec [THEN bspec])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   145
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   146
apply (rule_tac b = "h (f (sa), g (sa))" and A = C in trans_onD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   147
apply (auto simp add: part_order_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   148
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   149
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   150
(**  This general result is used to prove Follows Un, munion, etc. **)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   151
lemma imp_LeadsTo_comp2: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   152
"[| F \<in> Increasing(A, r, f1) Int  Increasing(B, s, g);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   153
  \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} LeadsTo {s \<in> state. <j,f1(s)> \<in> r};  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   154
  \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} LeadsTo {x \<in> state. <j,g1(x)> \<in> s};  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   155
  mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   156
  \<forall>x \<in> state. f(x):A & g1(x):B & f1(x):A &g(x):B; k \<in> C |] 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   157
  ==> F:{x \<in> state. <k, h(f(x), g(x))> \<in> t} LeadsTo {x \<in> state. <k, h(f1(x), g1(x))> \<in> t}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   158
apply (rule_tac B = "{x \<in> state. <k, h (f1 (x), g (x))> \<in> t}" in LeadsTo_Trans)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   159
apply (blast intro: imp_LeadsTo_comp_right)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   160
apply (blast intro: imp_LeadsTo_comp_left)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   161
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   162
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   163
(* Follows type *)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   164
lemma Follows_type: "Follows(A, r, f, g)<=program"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   165
apply (unfold Follows_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   166
apply (blast dest: Increasing_type [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   167
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   168
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   169
lemma Follows_into_program [TC]: "F \<in> Follows(A, r, f, g) ==> F \<in> program"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   170
by (blast dest: Follows_type [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   171
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   172
lemma FollowsD: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   173
"F \<in> Follows(A, r, f, g)==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   174
  F \<in> program & (\<exists>a. a \<in> A) & (\<forall>x \<in> state. f(x):A & g(x):A)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   175
apply (unfold Follows_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   176
apply (blast dest: IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   177
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   178
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   179
lemma Follows_constantI: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   180
 "[| F \<in> program; c \<in> A; refl(A, r) |] ==> F \<in> Follows(A, r, %x. c, %x. c)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   181
apply (unfold Follows_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   182
apply (auto simp add: refl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   183
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   184
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   185
lemma subset_Follows_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   186
"[| mono1(A, r, B, s, h); refl(A, r); trans[B](s) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   187
   ==> Follows(A, r, f, g) <= Follows(B, s,  h comp f, h comp g)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   188
apply (unfold Follows_def, clarify)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   189
apply (frule_tac f = g in IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   190
apply (frule_tac f = f in IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   191
apply (rule IntI)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   192
apply (rule_tac [2] h = h in imp_LeadsTo_comp)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   193
prefer 5 apply assumption
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   194
apply (auto intro: imp_Increasing_comp imp_Always_comp simp del: INT_simps)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   195
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   196
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   197
lemma imp_Follows_comp: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   198
"[| F \<in> Follows(A, r, f, g);  mono1(A, r, B, s, h); refl(A, r); trans[B](s) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   199
  ==>  F \<in> Follows(B, s,  h comp f, h comp g)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   200
apply (blast intro: subset_Follows_comp [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   201
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   202
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   203
(* 2-place monotone operation \<in> this general result is used to prove Follows_Un, Follows_munion *)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   204
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   205
(* 2-place monotone operation \<in> this general result is 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   206
   used to prove Follows_Un, Follows_munion *)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   207
lemma imp_Follows_comp2: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   208
"[| F \<in> Follows(A, r, f1, f);  F \<in> Follows(B, s, g1, g);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   209
   mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   210
   ==> F \<in> Follows(C, t, %x. h(f1(x), g1(x)), %x. h(f(x), g(x)))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   211
apply (unfold Follows_def, clarify)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   212
apply (frule_tac f = g in IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   213
apply (frule_tac f = f in IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   214
apply (rule IntI, safe)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   215
apply (rule_tac [3] h = h in imp_Always_comp2)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   216
prefer 5 apply assumption
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   217
apply (rule_tac [2] h = h in imp_Increasing_comp2)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   218
prefer 4 apply assumption
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   219
apply (rule_tac h = h in imp_Increasing_comp2)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   220
prefer 3 apply assumption
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   221
apply simp_all
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   222
apply (blast dest!: IncreasingD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   223
apply (rule_tac h = h in imp_LeadsTo_comp2)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   224
prefer 4 apply assumption
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   225
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   226
  prefer 3 apply (simp add: mono2_def) 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   227
apply (blast dest: IncreasingD)+
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   228
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   229
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   230
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   231
lemma Follows_trans:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   232
     "[| F \<in> Follows(A, r, f, g);  F \<in> Follows(A,r, g, h);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   233
         trans[A](r) |] ==> F \<in> Follows(A, r, f, h)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   234
apply (frule_tac f = f in FollowsD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   235
apply (frule_tac f = g in FollowsD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   236
apply (simp add: Follows_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   237
apply (simp add: Always_eq_includes_reachable INT_iff, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   238
apply (rule_tac [2] B = "{s \<in> state. <k, g (s) > \<in> r}" in LeadsTo_Trans)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   239
apply (rule_tac b = "g (x) " in trans_onD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   240
apply blast+
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   241
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   242
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   243
(** Destruction rules for Follows **)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   244
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   245
lemma Follows_imp_Increasing_left: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   246
     "F \<in> Follows(A, r, f,g) ==> F \<in> Increasing(A, r, f)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   247
by (unfold Follows_def, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   248
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   249
lemma Follows_imp_Increasing_right: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   250
     "F \<in> Follows(A, r, f,g) ==> F \<in> Increasing(A, r, g)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   251
by (unfold Follows_def, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   252
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   253
lemma Follows_imp_Always: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   254
 "F :Follows(A, r, f, g) ==> F \<in> Always({s \<in> state. <f(s),g(s)> \<in> r})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   255
by (unfold Follows_def, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   256
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   257
lemma Follows_imp_LeadsTo: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   258
 "[| F \<in> Follows(A, r, f, g); k \<in> A |]  ==>  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   259
  F: {s \<in> state. <k,g(s)> \<in> r } LeadsTo {s \<in> state. <k,f(s)> \<in> r}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   260
by (unfold Follows_def, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   261
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   262
lemma Follows_LeadsTo_pfixLe:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   263
     "[| F \<in> Follows(list(nat), gen_prefix(nat, Le), f, g); k \<in> list(nat) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   264
   ==> F \<in> {s \<in> state. k pfixLe g(s)} LeadsTo {s \<in> state. k pfixLe f(s)}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   265
by (blast intro: Follows_imp_LeadsTo)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   266
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   267
lemma Follows_LeadsTo_pfixGe:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   268
     "[| F \<in> Follows(list(nat), gen_prefix(nat, Ge), f, g); k \<in> list(nat) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   269
   ==> F \<in> {s \<in> state. k pfixGe g(s)} LeadsTo {s \<in> state. k pfixGe f(s)}"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   270
by (blast intro: Follows_imp_LeadsTo)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   271
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   272
lemma Always_Follows1: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   273
"[| F \<in> Always({s \<in> state. f(s) = g(s)}); F \<in> Follows(A, r, f, h);   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   274
    \<forall>x \<in> state. g(x):A |] ==> F \<in> Follows(A, r, g, h)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   275
apply (unfold Follows_def Increasing_def Stable_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   276
apply (simp add: INT_iff, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   277
apply (rule_tac [3] C = "{s \<in> state. f (s) =g (s) }" and A = "{s \<in> state. <ka, h (s) > \<in> r}" and A' = "{s \<in> state. <ka, f (s) > \<in> r}" in Always_LeadsTo_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   278
apply (erule_tac A = "{s \<in> state. <ka,f (s) > \<in> r}" and A' = "{s \<in> state. <ka,f (s) > \<in> r}" in Always_Constrains_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   279
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   280
apply (drule Always_Int_I, assumption)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   281
apply (erule_tac A = "{s \<in> state . f (s) = g (s) } \<inter> {s \<in> state . \<langle>f (s), h (s) \<rangle> \<in> r}" in Always_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   282
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   283
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   284
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   285
lemma Always_Follows2: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   286
"[| F \<in> Always({s \<in> state. g(s) = h(s)});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   287
  F \<in> Follows(A, r, f, g); \<forall>x \<in> state. h(x):A |] ==> F \<in> Follows(A, r, f, h)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   288
apply (unfold Follows_def Increasing_def Stable_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   289
apply (simp (no_asm_use) add: INT_iff)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   290
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   291
apply (erule_tac [3] V = "k \<in> A" in thin_rl)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   292
apply (rule_tac [3] C = "{s \<in> state. g (s) =h (s) }" and A = "{s \<in> state. <ka, g (s) > \<in> r}" and A' = "{s \<in> state. <ka, f (s) > \<in> r}" in Always_LeadsTo_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   293
apply (erule_tac A = "{s \<in> state. <ka, g (s) > \<in> r}" and A' = "{s \<in> state. <ka, g (s) > \<in> r}" in Always_Constrains_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   294
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   295
apply (drule Always_Int_I, assumption)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   296
apply (erule_tac A = "{s \<in> state . g (s) = h (s) } \<inter> {s \<in> state . \<langle>f (s), g (s) \<rangle> \<in> r}" in Always_weaken)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   297
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   298
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   299
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   300
(** Union properties (with the subset ordering) **)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   301
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   302
lemma refl_SetLe [simp]: "refl(Pow(A), SetLe(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   303
by (unfold refl_def SetLe_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   304
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   305
lemma trans_on_SetLe [simp]: "trans[Pow(A)](SetLe(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   306
by (unfold trans_on_def SetLe_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   307
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   308
lemma antisym_SetLe [simp]: "antisym(SetLe(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   309
by (unfold antisym_def SetLe_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   310
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   311
lemma part_order_SetLe [simp]: "part_order(Pow(A), SetLe(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   312
by (unfold part_order_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   313
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   314
lemma increasing_Un:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   315
     "[| F \<in> Increasing.increasing(Pow(A), SetLe(A), f);   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   316
         F \<in> Increasing.increasing(Pow(A), SetLe(A), g) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   317
     ==> F \<in> Increasing.increasing(Pow(A), SetLe(A), %x. f(x) Un g(x))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   318
by (rule_tac h = "op Un" in imp_increasing_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   319
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   320
lemma Increasing_Un:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   321
     "[| F \<in> Increasing(Pow(A), SetLe(A), f);   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   322
         F \<in> Increasing(Pow(A), SetLe(A), g) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   323
     ==> F \<in> Increasing(Pow(A), SetLe(A), %x. f(x) Un g(x))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   324
by (rule_tac h = "op Un" in imp_Increasing_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   325
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   326
lemma Always_Un:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   327
     "[| F \<in> Always({s \<in> state. f1(s) <= f(s)});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   328
     F \<in> Always({s \<in> state. g1(s) <= g(s)}) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   329
      ==> F \<in> Always({s \<in> state. f1(s) Un g1(s) <= f(s) Un g(s)})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   330
by (simp add: Always_eq_includes_reachable, blast)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   331
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   332
lemma Follows_Un: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   333
"[| F \<in> Follows(Pow(A), SetLe(A), f1, f);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   334
     F \<in> Follows(Pow(A), SetLe(A), g1, g) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   335
     ==> F \<in> Follows(Pow(A), SetLe(A), %s. f1(s) Un g1(s), %s. f(s) Un g(s))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   336
by (rule_tac h = "op Un" in imp_Follows_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   337
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   338
(** Multiset union properties (with the MultLe ordering) **)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   339
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   340
lemma refl_MultLe [simp]: "refl(Mult(A), MultLe(A,r))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   341
by (unfold MultLe_def refl_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   342
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   343
lemma MultLe_refl1 [simp]: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   344
 "[| multiset(M); mset_of(M)<=A |] ==> <M, M> \<in> MultLe(A, r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   345
apply (unfold MultLe_def id_def lam_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   346
apply (auto simp add: Mult_iff_multiset)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   347
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   348
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   349
lemma MultLe_refl2 [simp]: "M \<in> Mult(A) ==> <M, M> \<in> MultLe(A, r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   350
by (unfold MultLe_def id_def lam_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   351
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   352
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   353
lemma trans_on_MultLe [simp]: "trans[Mult(A)](MultLe(A,r))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   354
apply (unfold MultLe_def trans_on_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   355
apply (auto intro: trancl_trans simp add: multirel_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   356
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   357
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   358
lemma MultLe_type: "MultLe(A, r)<= (Mult(A) * Mult(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   359
apply (unfold MultLe_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   360
apply (drule multirel_type [THEN subsetD], auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   361
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   362
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   363
lemma MultLe_trans:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   364
     "[| <M,K> \<in> MultLe(A,r); <K,N> \<in> MultLe(A,r) |] ==> <M,N> \<in> MultLe(A,r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   365
apply (cut_tac A=A in trans_on_MultLe)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   366
apply (drule trans_onD, assumption)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   367
apply (auto dest: MultLe_type [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   368
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   369
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   370
lemma part_order_imp_part_ord: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   371
     "part_order(A, r) ==> part_ord(A, r-id(A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   372
apply (unfold part_order_def part_ord_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   373
apply (simp add: refl_def id_def lam_def irrefl_def, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   374
apply (simp (no_asm) add: trans_on_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   375
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   376
apply (blast dest: trans_onD)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   377
apply (simp (no_asm_use) add: antisym_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   378
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   379
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   380
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   381
lemma antisym_MultLe [simp]: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   382
  "part_order(A, r) ==> antisym(MultLe(A,r))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   383
apply (unfold MultLe_def antisym_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   384
apply (drule part_order_imp_part_ord, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   385
apply (drule irrefl_on_multirel)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   386
apply (frule multirel_type [THEN subsetD])
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   387
apply (drule multirel_trans)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   388
apply (auto simp add: irrefl_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   389
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   390
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   391
lemma part_order_MultLe [simp]:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   392
     "part_order(A, r) ==>  part_order(Mult(A), MultLe(A, r))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   393
apply (frule antisym_MultLe)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   394
apply (auto simp add: part_order_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   395
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   396
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   397
lemma empty_le_MultLe [simp]: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   398
"[| multiset(M); mset_of(M)<= A|] ==> <0, M> \<in> MultLe(A, r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   399
apply (unfold MultLe_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   400
apply (case_tac "M=0")
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   401
apply (auto simp add: FiniteFun.intros)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   402
apply (subgoal_tac "<0 +# 0, 0 +# M> \<in> multirel (A, r - id (A))")
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   403
apply (rule_tac [2] one_step_implies_multirel)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   404
apply (auto simp add: Mult_iff_multiset)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   405
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   406
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   407
lemma empty_le_MultLe2 [simp]: "M \<in> Mult(A) ==> <0, M> \<in> MultLe(A, r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   408
by (simp add: Mult_iff_multiset)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   409
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   410
lemma munion_mono: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   411
"[| <M, N> \<in> MultLe(A, r); <K, L> \<in> MultLe(A, r) |] ==> 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   412
  <M +# K, N +# L> \<in> MultLe(A, r)"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   413
apply (unfold MultLe_def)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   414
apply (auto intro: munion_multirel_mono1 munion_multirel_mono2
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   415
       munion_multirel_mono multiset_into_Mult simp add: Mult_iff_multiset)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   416
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   417
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   418
lemma increasing_munion:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   419
     "[| F \<in> Increasing.increasing(Mult(A), MultLe(A,r), f);   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   420
         F \<in> Increasing.increasing(Mult(A), MultLe(A,r), g) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   421
     ==> F \<in> Increasing.increasing(Mult(A),MultLe(A,r), %x. f(x) +# g(x))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   422
by (rule_tac h = munion in imp_increasing_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   423
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   424
lemma Increasing_munion:
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   425
     "[| F \<in> Increasing(Mult(A), MultLe(A,r), f);   
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   426
         F \<in> Increasing(Mult(A), MultLe(A,r), g)|]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   427
     ==> F \<in> Increasing(Mult(A),MultLe(A,r), %x. f(x) +# g(x))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   428
by (rule_tac h = munion in imp_Increasing_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   429
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   430
lemma Always_munion: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   431
"[| F \<in> Always({s \<in> state. <f1(s),f(s)> \<in> MultLe(A,r)});  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   432
          F \<in> Always({s \<in> state. <g1(s), g(s)> \<in> MultLe(A,r)}); 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   433
  \<forall>x \<in> state. f1(x):Mult(A)&f(x):Mult(A) & g1(x):Mult(A) & g(x):Mult(A)|]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   434
      ==> F \<in> Always({s \<in> state. <f1(s) +# g1(s), f(s) +# g(s)> \<in> MultLe(A,r)})"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   435
apply (rule_tac h = munion in imp_Always_comp2, simp_all)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   436
apply (blast intro: munion_mono, simp_all)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   437
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   438
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   439
lemma Follows_munion: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   440
"[| F \<in> Follows(Mult(A), MultLe(A, r), f1, f);  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   441
    F \<in> Follows(Mult(A), MultLe(A, r), g1, g) |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   442
  ==> F \<in> Follows(Mult(A), MultLe(A, r), %s. f1(s) +# g1(s), %s. f(s) +# g(s))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   443
by (rule_tac h = munion in imp_Follows_comp2, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   444
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   445
(** Used in ClientImp **)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   446
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   447
lemma Follows_msetsum_UN: 
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   448
"!!f. [| \<forall>i \<in> I. F \<in> Follows(Mult(A), MultLe(A, r), f'(i), f(i));  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   449
  \<forall>s. \<forall>i \<in> I. multiset(f'(i, s)) & mset_of(f'(i, s))<=A &  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   450
                        multiset(f(i, s)) & mset_of(f(i, s))<=A ;  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   451
   Finite(I); F \<in> program |]  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   452
        ==> F \<in> Follows(Mult(A),  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   453
                        MultLe(A, r), %x. msetsum(%i. f'(i, x), I, A),  
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   454
                                      %x. msetsum(%i. f(i,  x), I, A))"
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   455
apply (erule rev_mp)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   456
apply (drule Finite_into_Fin)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   457
apply (erule Fin_induct)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   458
apply (simp (no_asm_simp))
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   459
apply (rule Follows_constantI)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   460
apply (simp_all (no_asm_simp) add: FiniteFun.intros)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   461
apply auto
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   462
apply (rule Follows_munion, auto)
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   463
done
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   464
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   465
ML
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   466
{*
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   467
val Follows_cong = thm "Follows_cong";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   468
val subset_Always_comp = thm "subset_Always_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   469
val imp_Always_comp = thm "imp_Always_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   470
val imp_Always_comp2 = thm "imp_Always_comp2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   471
val subset_LeadsTo_comp = thm "subset_LeadsTo_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   472
val imp_LeadsTo_comp = thm "imp_LeadsTo_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   473
val imp_LeadsTo_comp_right = thm "imp_LeadsTo_comp_right";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   474
val imp_LeadsTo_comp_left = thm "imp_LeadsTo_comp_left";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   475
val imp_LeadsTo_comp2 = thm "imp_LeadsTo_comp2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   476
val Follows_type = thm "Follows_type";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   477
val Follows_into_program = thm "Follows_into_program";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   478
val FollowsD = thm "FollowsD";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   479
val Follows_constantI = thm "Follows_constantI";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   480
val subset_Follows_comp = thm "subset_Follows_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   481
val imp_Follows_comp = thm "imp_Follows_comp";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   482
val imp_Follows_comp2 = thm "imp_Follows_comp2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   483
val Follows_trans = thm "Follows_trans";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   484
val Follows_imp_Increasing_left = thm "Follows_imp_Increasing_left";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   485
val Follows_imp_Increasing_right = thm "Follows_imp_Increasing_right";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   486
val Follows_imp_Always = thm "Follows_imp_Always";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   487
val Follows_imp_LeadsTo = thm "Follows_imp_LeadsTo";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   488
val Follows_LeadsTo_pfixLe = thm "Follows_LeadsTo_pfixLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   489
val Follows_LeadsTo_pfixGe = thm "Follows_LeadsTo_pfixGe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   490
val Always_Follows1 = thm "Always_Follows1";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   491
val Always_Follows2 = thm "Always_Follows2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   492
val refl_SetLe = thm "refl_SetLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   493
val trans_on_SetLe = thm "trans_on_SetLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   494
val antisym_SetLe = thm "antisym_SetLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   495
val part_order_SetLe = thm "part_order_SetLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   496
val increasing_Un = thm "increasing_Un";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   497
val Increasing_Un = thm "Increasing_Un";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   498
val Always_Un = thm "Always_Un";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   499
val Follows_Un = thm "Follows_Un";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   500
val refl_MultLe = thm "refl_MultLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   501
val MultLe_refl1 = thm "MultLe_refl1";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   502
val MultLe_refl2 = thm "MultLe_refl2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   503
val trans_on_MultLe = thm "trans_on_MultLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   504
val MultLe_type = thm "MultLe_type";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   505
val MultLe_trans = thm "MultLe_trans";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   506
val part_order_imp_part_ord = thm "part_order_imp_part_ord";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   507
val antisym_MultLe = thm "antisym_MultLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   508
val part_order_MultLe = thm "part_order_MultLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   509
val empty_le_MultLe = thm "empty_le_MultLe";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   510
val empty_le_MultLe2 = thm "empty_le_MultLe2";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   511
val munion_mono = thm "munion_mono";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   512
val increasing_munion = thm "increasing_munion";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   513
val Increasing_munion = thm "Increasing_munion";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   514
val Always_munion = thm "Always_munion";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   515
val Follows_munion = thm "Follows_munion";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   516
val Follows_msetsum_UN = thm "Follows_msetsum_UN";
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   517
*}
24382760fd89 converting more theories to Isar scripts, and tidying
paulson
parents: 14052
diff changeset
   518
14052
e9c9f69e4f63 some new ZF/UNITY material from Sidi Ehmety
paulson
parents:
diff changeset
   519
end