| products/Sources/formale Sprachen/Isabelle/HOL/HOLCF/IOA/NTP/ |
|
Quellcode-Bibliothek© Kompilation durch diese Firma[Weder Korrektheit noch Funktionsfähigkeit der Software werden zugesichert.]Datei: Impl.thy Sprache: IsabelleOriginal von: Isabelle© |
|
||||||
|
(* Title: HOL/HOLCF/IOA/NTP/Impl.thy
Author: Tobias Nipkow & Konrad Slind *) section \<open>The implementation\<close> theory Impl imports Sender Receiver Abschannel begin type_synonym 'm impl_state = "'m sender_state * 'm receiver_state * 'm packet multiset * bool multiset" (* sender_state * receiver_state * srch_state * rsch_state *) definition impl_ioa :: "('m action, 'm impl_state)ioa" where impl_def: "impl_ioa == (sender_ioa \ definition sen :: "'m impl_state => 'm sender_state" where "sen = fst" definition rec :: "'m impl_state => 'm receiver_state" where "rec = fst \ definition srch :: "'m impl_state => 'm packet multiset" where "srch = fst \ definition rsch :: "'m impl_state => bool multiset" where "rsch = snd \ definition hdr_sum :: "'m packet multiset => bool => nat" where "hdr_sum M b == countm M (%pkt. hdr(pkt) = b)" (* Lemma 5.1 *) definition "inv1(s) \ (\<forall>b. count (rsent(rec s)) b = count (srcvd(sen s)) b + count (rsch s) b) \<and> (\<forall>b. count (ssent(sen s)) b = hdr_sum (rrcvd(rec s)) b + hdr_sum (srch s) b)" (* Lemma 5.2 *) definition "inv2(s) == (rbit(rec(s)) = sbit(sen(s)) & ssending(sen(s)) & count (rsent(rec s)) (~sbit(sen s)) <= count (ssent(sen s)) (~sbit(sen s)) & count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s))) | (rbit(rec(s)) = (~sbit(sen(s))) & rsending(rec(s)) & count (ssent(sen s)) (~sbit(sen s)) <= count (rsent(rec s)) (sbit(sen s)) & count (rsent(rec s)) (sbit(sen s)) <= count (ssent(sen s)) (sbit(sen s)))" (* Lemma 5.3 *) definition "inv3(s) \ rbit(rec(s)) = sbit(sen(s)) \<longrightarrow> (\<forall>m. sq(sen(s))=[] | m \<noteq> hd(sq(sen(s))) \<longrightarrow> count (rrcvd(rec s)) (sbit(sen(s)),m) + count (srch s) (sbit(sen(s)),m) \<le> count (rsent(rec s)) (~sbit(sen s)))" (* Lemma 5.4 *) definition "inv4(s) == rbit(rec(s)) = (~sbit(sen(s))) --> sq(sen(s)) ~= []" subsection \<open>Invariants\<close> declare le_SucI [simp] lemmas impl_ioas = impl_def sender_ioa_def receiver_ioa_def srch_ioa_thm [THEN eq_reflection] rsch_ioa_thm [THEN eq_reflection] lemmas "transitions" = sender_trans_def receiver_trans_def srch_trans_def rsch_trans_def lemmas [simp] = ioa_triple_proj starts_of_par trans_of_par4 in_sender_asig in_receiver_asig in_srch_asig in_rsch_asig declare let_weak_cong [cong] lemma [simp]: "fst(x) = sen(x)" "fst(snd(x)) = rec(x)" "fst(snd(snd(x))) = srch(x)" "snd(snd(snd(x))) = rsch(x)" by (simp_all add: sen_def rec_def srch_def rsch_def) lemma [simp]: "a\ \<or> a\<in>actions(receiver_asig) \<or> a\<in>actions(srch_asig) \<or> a\<in>actions(rsch_asig)" by (induct a) simp_all declare split_paired_All [simp del] (* Three Simp_sets in different sizes ---------------------------------------------- 1) simpset() does not unfold the transition relations 2) ss unfolds transition relations 3) renname_ss unfolds transitions and the abstract channel *) ML \<open> val ss = simpset_of (\<^context> addsimps @{thms "transitions"}); val rename_ss = simpset_of (put_simpset ss \<^context> addsimps @{thms unfold_renaming}); fun tac ctxt = asm_simp_tac (put_simpset ss ctxt |> Simplifier.add_cong @{thm conj_cong} |> Splitter.add_split @{thm if_split}) fun tac_ren ctxt = asm_simp_tac (put_simpset rename_ss ctxt |> Simplifier.add_cong @{thm conj_cong} |> Splitter.add_split @{thm if_split}) \<close> subsubsection \<open>Invariant 1\<close> lemma raw_inv1: "invariant impl_ioa inv1" apply (unfold impl_ioas) apply (rule invariantI) apply (simp add: inv1_def hdr_sum_def srcvd_def ssent_def rsent_def rrcvd_def) apply (simp (no_asm) del: trans_of_par4 add: imp_conjR inv1_def) txt \<open>Split proof in two\<close> apply (rule conjI) (* First half *) apply (simp add: Impl.inv1_def split del: if_split) apply (induct_tac a) apply (tactic "EVERY1[tac \<^context>, tac \<^context>, tac \<^context>, tac \<^context>]") apply (tactic "tac \<^context> 1") apply (tactic "tac_ren \<^context> 1") txt \<open>5 + 1\<close> apply (tactic "tac \<^context> 1") apply (tactic "tac_ren \<^context> 1") txt \<open>4 + 1\<close> apply (tactic \<open>EVERY1[tac \<^context>, tac \<^context>, tac \<^context>, tac \<^context>]\<clo txt \<open>Now the other half\<close> apply (simp add: Impl.inv1_def split del: if_split) apply (induct_tac a) apply (tactic "EVERY1 [tac \<^context>, tac \<^context>]") txt \<open>detour 1\<close> apply (tactic "tac \<^context> 1") apply (tactic "tac_ren \<^context> 1") apply (rule impI) apply (erule conjE)+ apply (simp (no_asm_simp) add: hdr_sum_def Multiset.count_def Multiset.countm_nonempty split: if_split) txt \<open>detour 2\<close> apply (tactic "tac \<^context> 1") apply (tactic "tac_ren \<^context> 1") apply (rule impI) apply (erule conjE)+ apply (simp add: Impl.hdr_sum_def Multiset.count_def Multiset.countm_nonempty_def Multiset.delm_nonempty_def split: if_split) apply (rule allI) apply (rule conjI) apply (rule impI) apply hypsubst apply (rule pred_suc [THEN iffD1]) apply (drule less_le_trans) apply (cut_tac eq_packet_imp_eq_hdr [unfolded Packet.hdr_def, THEN countm_props]) apply assumption apply assumption apply (rule countm_done_delm [THEN mp, symmetric]) apply (rule refl) apply (simp (no_asm_simp) add: Multiset.count_def) apply (rule impI) apply (simp add: neg_flip) apply hypsubst apply (rule countm_spurious_delm) apply (simp (no_asm)) apply (tactic "EVERY1 [tac \<^context>, tac \<^context>, tac \<^context>, tac \<^context>, tac \<^context>, tac \<^context>]") done subsubsection \<open>INVARIANT 2\<close> lemma raw_inv2: "invariant impl_ioa inv2" apply (rule invariantI1) txt \<open>Base case\<close> apply (simp add: inv2_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: if_split) apply (induct_tac "a") txt \<open>10 cases. First 4 are simple, since state doesn't change\<close> ML_prf \<open>val tac2 = asm_full_simp_tac (put_simpset ss \<^context> addsimps [@{thm inv2_de txt \<open>10 - 7\<close> apply (tactic "EVERY1 [tac2,tac2,tac2,tac2]") txt \<open>6\<close> apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv1_def}] (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\<close>) txt \<open>6 - 5\<close> apply (tactic "EVERY1 [tac2,tac2]") txt \<open>4\<close> apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv1_def}] (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\<close>) apply (tactic "tac2 1") txt \<open>3\<close> apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv1_def}] (@{thm raw_inv1} RS @{thm invariantE})] 1\<close>) apply (tactic "tac2 1") apply (tactic \<open>fold_goals_tac \<^context> [rewrite_rule \<^context> [@{thm Packet.hdr_d (@{thm Impl.hdr_sum_def})]\<close>) apply arith txt \<open>2\<close> apply (tactic "tac2 1") apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv1_def}] (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct1] 1\<close>) apply (intro strip) apply (erule conjE)+ apply simp txt \<open>1\<close> apply (tactic "tac2 1") apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv1_def}] (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1\<close>) apply (intro strip) apply (erule conjE)+ apply (tactic \<open>fold_goals_tac \<^context> [rewrite_rule \<^context> [@{thm Packet.hdr_def}] (@{thm Impl.hdr_sum_def})]\<close>) apply simp done subsubsection \<open>INVARIANT 3\<close> lemma raw_inv3: "invariant impl_ioa inv3" apply (rule invariantI) txt \<open>Base case\<close> apply (simp add: Impl.inv3_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: if_split) apply (induct_tac "a") ML_prf \<open>val tac3 = asm_full_simp_tac (put_simpset ss \<^context> addsimps [@{thm inv3_de txt \<open>10 - 8\<close> apply (tactic "EVERY1[tac3,tac3,tac3]") apply (tactic "tac_ren \<^context> 1") apply (intro strip, (erule conjE)+) apply hypsubst apply (erule exE) apply simp txt \<open>7\<close> apply (tactic "tac3 1") apply (tactic "tac_ren \<^context> 1") apply force txt \<open>6 - 3\<close> apply (tactic "EVERY1[tac3,tac3,tac3,tac3]") txt \<open>2\<close> apply (tactic "asm_full_simp_tac (put_simpset ss \<^context>) 1") apply (simp (no_asm) add: inv3_def) apply (intro strip, (erule conjE)+) apply (rule imp_disjL [THEN iffD1]) apply (rule impI) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv2_def}] (@{thm raw_inv2} RS @{thm invariantE})] 1\<close>) apply simp apply (erule conjE)+ apply (rule_tac j = "count (ssent (sen s)) (~sbit (sen s))" and k = "count (rsent (rec s)) (sbit (sen s))" in le_trans) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm inv1_def}] (@{thm raw_inv1} RS @{thm invariantE}) RS conjunct2] 1\<close>) apply (simp add: hdr_sum_def Multiset.count_def) apply (rule add_le_mono) apply (rule countm_props) apply (simp (no_asm)) apply (rule countm_props) apply (simp (no_asm)) apply assumption txt \<open>1\<close> apply (tactic "tac3 1") apply (intro strip, (erule conjE)+) apply (rule imp_disjL [THEN iffD1]) apply (rule impI) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv2_def}] (@{thm raw_inv2} RS @{thm invariantE})] 1\<close>) apply simp done subsubsection \<open>INVARIANT 4\<close> lemma raw_inv4: "invariant impl_ioa inv4" apply (rule invariantI) txt \<open>Base case\<close> apply (simp add: Impl.inv4_def receiver_projections sender_projections impl_ioas) apply (simp (no_asm_simp) add: impl_ioas split del: if_split) apply (induct_tac "a") ML_prf \<open>val tac4 = asm_full_simp_tac (put_simpset ss \<^context> addsimps [@{thm inv4_de txt \<open>10 - 2\<close> apply (tactic "EVERY1[tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4,tac4]") txt \<open>2 b\<close> apply (intro strip, (erule conjE)+) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv2_def}] (@{thm raw_inv2} RS @{thm invariantE})] 1\<close>) apply simp txt \<open>1\<close> apply (tactic "tac4 1") apply (intro strip, (erule conjE)+) apply (rule ccontr) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv2_def}] (@{thm raw_inv2} RS @{thm invariantE})] 1\<close>) apply (tactic \<open>forward_tac \<^context> [rewrite_rule \<^context> [@{thm Impl.inv3_def}] (@{thm raw_inv3} RS @{thm invariantE})] 1\<close>) apply simp apply (rename_tac m, erule_tac x = "m" in allE) apply simp done text \<open>rebind them\<close> lemmas inv1 = raw_inv1 [THEN invariantE, unfolded inv1_def] and inv2 = raw_inv2 [THEN invariantE, unfolded inv2_def] and inv3 = raw_inv3 [THEN invariantE, unfolded inv3_def] and inv4 = raw_inv4 [THEN invariantE, unfolded inv4_def] end ¤ Dauer der Verarbeitung: 0.2 Sekunden (vorverarbeitet) ¤ |
Haftungshinweis
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:Die farbliche Syntaxdarstellung ist noch experimentell.Bot Zugriff |
