tm2: thys2/Hoare_gen.thy@1cde7bf45858 (annotated)

25 a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	1	header {*
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	2	Generic Separation Logic
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	3	*}
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	4
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	5	theory Hoare_gen
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	6	imports Main
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	7	"../progtut/Tactical" "../Separation_Algebra/Sep_Tactics"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	8	begin
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	9
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	10	ML_file "../Separation_Algebra/sep_tactics.ML"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	11
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	12	definition pasrt :: "bool \<Rightarrow> (('a::sep_algebra) \<Rightarrow> bool)" ("<_>" [72] 71)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	13	where "pasrt b = (\<lambda> s . s = 0 \<and> b)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	14
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	15	lemma sep_conj_cond1: "(p \<and>* <cond> \<and>* q) = (<cond> \<and>* p \<and>* q)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	16	by(simp add: sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	17
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	18	lemma sep_conj_cond2: "(p \<and>* <cond>) = (<cond> \<and>* p)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	19	by(simp add: sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	20
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	21	lemma sep_conj_cond3: "((<cond> \<and>* p) \<and>* r) = (<cond> \<and>* p \<and>* r)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	22	by (metis sep.mult_assoc)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	23
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	24	lemmas sep_conj_cond = sep_conj_cond1 sep_conj_cond2 sep_conj_cond3
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	25
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	26	lemma cond_true_eq[simp]: "<True> = \<box>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	27	by(unfold sep_empty_def pasrt_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	28
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	29	lemma cond_true_eq1: "(<True> \<and>* p) = p"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	30	by(simp)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	31
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	32	lemma false_simp [simp]: "<False> = sep_false" (* move *)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	33	by (simp add:pasrt_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	34
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	35	lemma cond_true_eq2: "(p \<and>* <True>) = p"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	36	by simp
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	37
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	38	lemma condD: "(<b> ** r) s \<Longrightarrow> b \<and> r s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	39	by (unfold sep_conj_def pasrt_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	40
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	41	locale sep_exec =
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	42	fixes step :: "'conf \<Rightarrow> 'conf"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	43	and recse:: "'conf \<Rightarrow> 'a::sep_algebra"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	44	begin
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	45
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	46	definition "run n = step ^^ n"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	47
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	48	lemma run_add: "run (n1 + n2) s = run n1 (run n2 s)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	49	apply (unfold run_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	50	by (metis funpow_add o_apply)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	51
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	52	definition
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	53	Hoare_gen :: "('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> bool"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	54	("(\<lbrace>(1_)\<rbrace> / (_)/ \<lbrace>(1_)\<rbrace>)" 50)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	55	where
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	56	"\<lbrace> p \<rbrace> c \<lbrace> q \<rbrace> \<equiv>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	57	(\<forall> s r. (pcr) (recse s) \<longrightarrow> (\<exists> k. ((q c r) (recse (run (Suc k) s)))))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	58
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	59	lemma HoareI [case_names Pre]:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	60	assumes h: "\<And> r s. (pcr) (recse s) \<Longrightarrow> (\<exists> k. ((q c r) (recse (run (Suc k) s))))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	61	shows "\<lbrace> p \<rbrace> c \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	62	using h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	63	by (unfold Hoare_gen_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	64
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	65	lemma frame_rule:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	66	assumes h: "\<lbrace> p \<rbrace> c \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	67	shows "\<lbrace> p r \<rbrace> c \<lbrace> q r \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	68	proof(induct rule: HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	69	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	70	hence "(p \<and>* c \<and>* r \<and>* r') (recse s')" by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	71	from h[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	72	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	73	by (metis sep_conj_assoc sep_conj_left_commute)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	74	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	75
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	76	lemma sequencing:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	77	assumes h1: "\<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	78	and h2: "\<lbrace>q\<rbrace> c \<lbrace>r\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	79	shows "\<lbrace>p\<rbrace> c \<lbrace>r\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	80	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	81	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	82	from h1[unfolded Hoare_gen_def, rule_format, OF Pre]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	83	obtain k1 where "(q \<and>* c \<and>* r') (recse (run (Suc k1) s'))" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	84	from h2[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	85	obtain k2 where "(r \<and>* c \<and>* r') (recse (run (Suc k2) (run (Suc k1) s')))" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	86	thus ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	87	apply (rule_tac x = "Suc (k1 + k2)" in exI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	88	by (metis add_Suc_right nat_add_commute sep_exec.run_add)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	89	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	90
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	91	lemma pre_stren:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	92	assumes h1: "\<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	93	and h2: "\<And>s. r s \<Longrightarrow> p s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	94	shows "\<lbrace>r\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	95	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	96	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	97	with h2
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	98	have "(p \<and>* c \<and>* r') (recse s')"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	99	by (metis sep_conj_impl1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	100	from h1[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	101	show ?case .
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	102	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	103
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	104	lemma post_weaken:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	105	assumes h1: "\<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	106	and h2: "\<And> s. q s \<Longrightarrow> r s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	107	shows "\<lbrace>p\<rbrace> c \<lbrace>r\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	108	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	109	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	110	from h1[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	111	obtain k where "(q \<and>* c \<and>* r') (recse (run (Suc k) s'))" by blast
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	112	with h2
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	113	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	114	by (metis sep_conj_impl1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	115	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	116
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	117	lemma hoare_adjust:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	118	assumes h1: "\<lbrace>p1\<rbrace> c \<lbrace>q1\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	119	and h2: "\<And>s. p s \<Longrightarrow> p1 s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	120	and h3: "\<And>s. q1 s \<Longrightarrow> q s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	121	shows "\<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	122	using h1 h2 h3 post_weaken pre_stren
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	123	by (metis)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	124
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	125	lemma code_exI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	126	assumes h: "\<And> k. \<lbrace>p\<rbrace> c(k) \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	127	shows "\<lbrace>p\<rbrace> EXS k. c(k) \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	128	proof(unfold pred_ex_def, induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	129	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	130	then obtain k where "(p \<and>* (\<lambda> s. c k s) \<and>* r') (recse s')"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	131	by (auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	132	from h[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	133	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	134	by (auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	135	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	136
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	137	lemma code_extension:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	138	assumes h: "\<lbrace> p \<rbrace> c \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	139	shows "\<lbrace> p \<rbrace> c ** e \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	140	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	141	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	142	hence "(p \<and>* c \<and>* e \<and>* r') (recse s')" by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	143	from h[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	144	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	145	by (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	146	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	147
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	148	lemma code_extension1:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	149	assumes h: "\<lbrace> p \<rbrace> c \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	150	shows "\<lbrace> p \<rbrace> e ** c \<lbrace> q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	151	by (metis code_extension h sep.mult_commute)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	152
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	153	lemma composition:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	154	assumes h1: "\<lbrace>p\<rbrace> c1 \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	155	and h2: "\<lbrace>q\<rbrace> c2 \<lbrace>r\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	156	shows "\<lbrace>p\<rbrace> c1 ** c2 \<lbrace>r\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	157	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	158	case (Pre r' s')
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	159	hence "(p \<and>* c1 \<and>* c2 \<and>* r') (recse s')" by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	160	from h1[unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	161	obtain k1 where "(q \<and>* c2 \<and>* c1 \<and>* r') (recse (run (Suc k1) s'))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	162	by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	163	from h2[unfolded Hoare_gen_def, rule_format, OF this, folded run_add]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	164	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	165	by (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	166	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	167
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	168
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	169	definition
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	170	IHoare :: "('b::sep_algebra \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	171	('b \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> bool) \<Rightarrow> bool"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	172	("(1_).(\<lbrace>(1_)\<rbrace> / (_)/ \<lbrace>(1_)\<rbrace>)" 50)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	173	where
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	174	"I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace> = (\<forall>s'. \<lbrace> EXS s. <P s> \<and>* <(s ## s')> \<and>* I(s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	175	\<lbrace> EXS s. <Q s> \<and>* <(s ## s')> \<and>* I(s + s')\<rbrace>)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	176
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	177	lemma IHoareI [case_names IPre]:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	178	assumes h: "\<And>s' s r cnf . (<P s> \<and>* <(s ## s')> \<and>* I(s + s') \<and>* c \<and>* r) (recse cnf) \<Longrightarrow>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	179	(\<exists>k t. (<Q t> \<and>* <(t ## s')> \<and>* I(t + s') \<and>* c \<and>* r) (recse (run (Suc k) cnf)))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	180	shows "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	181	unfolding IHoare_def
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	182	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	183	fix s'
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	184	show " \<lbrace>EXS s. <P s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	185	\<lbrace>EXS s. <Q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	186	proof(unfold pred_ex_def, induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	187	case (Pre r s)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	188	then obtain sa where "(<P sa> \<and>* <(sa ## s')> \<and>* I (sa + s') \<and>* c \<and>* r) (recse s)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	189	by (auto elim!:sep_conjE intro!:sep_conjI simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	190	hence " (\<exists>k t. (<Q t> \<and>* <(t##s')> \<and>* I(t + s') \<and>* c \<and>* r) (recse (run (Suc k) s)))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	191	by (rule h)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	192	then obtain k t where h2: "(<Q t> \<and>* <(t ## s')> \<and>* I(t + s') \<and>* c \<and>* r) (recse (run (Suc k) s))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	193	by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	194	thus "\<exists>k. ((\<lambda>s. \<exists>sa. (<Q sa> \<and>* <(sa ## s')> \<and>* I (sa + s')) s) \<and>* c \<and>* r) (recse (run (Suc k) s))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	195	apply (rule_tac x = k in exI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	196	by (auto intro!:sep_conjI elim!:sep_conjE simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	197	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	198	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	199
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	200	lemma I_frame_rule:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	201	assumes h: "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	202	shows "I. \<lbrace>P \<and>* R\<rbrace> c \<lbrace>Q \<and>* R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	203	proof(induct rule:IHoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	204	case (IPre s' s r cnf)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	205	hence "((<(P \<and>* R) s> \<and>* <(s##s')> \<and>* I (s + s')) \<and>* c \<and>* r) (recse cnf)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	206	by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	207	then obtain s1 s2
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	208	where h1: "((<P s1> \<and>* <((s1 + s2) ## s')> \<and>I (s1 + s2 + s')) \<and> c \<and>* r) (recse cnf)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	209	"s1 ## s2" "s1 + s2 ## s'" "P s1" "R s2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	210	by (unfold pasrt_def, auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	211	hence "((EXS s. <P s> \<and>* <(s ## s2 +s')> \<and>I (s + (s2 + s'))) \<and> c \<and>* r) (recse cnf)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	212	apply (sep_cancel, unfold pred_ex_def, auto intro!:sep_conjI sep_disj_addI3 elim!:sep_conjE)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	213	apply (rule_tac x = s1 in exI, unfold pasrt_def,
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	214	auto intro!:sep_conjI sep_disj_addI3 elim!:sep_conjE simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	215	by (metis sep_add_assoc sep_add_disjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	216	from h[unfolded IHoare_def Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	217	obtain k s where
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	218	"((<Q s> \<and>* <(s ## s2 + s')> \<and>* I (s + (s2 + s'))) \<and>* c \<and>* r) (recse (run (Suc k) cnf))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	219	by (unfold pasrt_def pred_ex_def, auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	220	thus ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	221	proof(rule_tac x = k in exI, rule_tac x = "s + s2" in exI, sep_cancel+)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	222	fix h ha
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	223	assume hh: "(<Q s> \<and>* <(s ## s2 + s')> \<and>* I (s + (s2 + s'))) ha"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	224	show " (<(Q \<and>* R) (s + s2)> \<and>* <(s + s2 ## s')> \<and>* I (s + s2 + s')) ha"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	225	proof -
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	226	from hh have h0: "s ## s2 + s'"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	227	by (metis pasrt_def sep_conjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	228	with h1(2, 3)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	229	have h2: "s + s2 ## s'"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	230	by (metis sep_add_disjD sep_disj_addI1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	231	moreover from h1(2, 3) h2 have h3: "(s + (s2 + s')) = (s + s2 + s')"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	232	by (metis `s ## s2 + s'` sep_add_assoc sep_add_disjD sep_disj_addD1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	233	moreover from hh have "Q s" by (metis pasrt_def sep_conjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	234	moreover from h0 h1(2) h1(3) have "s ## s2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	235	by (metis sep_add_disjD sep_disj_addD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	236	moreover note h1(5)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	237	ultimately show ?thesis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	238	by (smt h0 hh sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	239	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	240	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	241	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	242
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	243	lemma I_sequencing:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	244	assumes h1: "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	245	and h2: "I. \<lbrace>Q\<rbrace> c \<lbrace>R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	246	shows "I. \<lbrace>P\<rbrace> c \<lbrace>R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	247	using h1 h2 sequencing
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	248	by (smt IHoare_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	249
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	250	lemma I_pre_stren:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	251	assumes h1: "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	252	and h2: "\<And>s. R s \<Longrightarrow> P s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	253	shows "I. \<lbrace>R\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	254	proof(unfold IHoare_def, default)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	255	fix s'
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	256	show "\<lbrace>EXS s. <R s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	257	\<lbrace>EXS s. <Q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	258	proof(rule pre_stren)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	259	from h1[unfolded IHoare_def, rule_format, of s']
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	260	show "\<lbrace>EXS s. <P s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	261	\<lbrace>EXS s. <Q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>" .
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	262	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	263	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	264	show "(EXS s. <R s> \<and>* <(s ## s')> \<and>* I (s + s')) s \<Longrightarrow>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	265	(EXS s. <P s> \<and>* <(s ## s')> \<and>* I (s + s')) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	266	apply (unfold pred_ex_def, clarify)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	267	apply (rule_tac x = sa in exI, sep_cancel+)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	268	by (insert h2, auto simp:pasrt_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	269	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	270	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	271
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	272	lemma I_post_weaken:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	273	assumes h1: "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	274	and h2: "\<And> s. Q s \<Longrightarrow> R s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	275	shows "I. \<lbrace>P\<rbrace> c \<lbrace>R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	276	proof(unfold IHoare_def, default)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	277	fix s'
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	278	show "\<lbrace>EXS s. <P s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	279	\<lbrace>EXS s. <R s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	280	proof(rule post_weaken)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	281	from h1[unfolded IHoare_def, rule_format, of s']
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	282	show "\<lbrace>EXS s. <P s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	283	\<lbrace>EXS s. <Q s> \<and>* <(s ## s')> \<and>* I (s + s')\<rbrace>" .
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	284	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	285	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	286	show "(EXS s. <Q s> \<and>* <(s ## s')> \<and>* I (s + s')) s \<Longrightarrow>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	287	(EXS s. <R s> \<and>* <(s ## s')> \<and>* I (s + s')) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	288	apply (unfold pred_ex_def, clarify)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	289	apply (rule_tac x = sa in exI, sep_cancel+)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	290	by (insert h2, auto simp:pasrt_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	291	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	292	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	293
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	294	lemma I_hoare_adjust:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	295	assumes h1: "I. \<lbrace>P1\<rbrace> c \<lbrace>Q1\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	296	and h2: "\<And>s. P s \<Longrightarrow> P1 s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	297	and h3: "\<And>s. Q1 s \<Longrightarrow> Q s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	298	shows "I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	299	using h1 h2 h3 I_post_weaken I_pre_stren
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	300	by (metis)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	301
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	302	lemma I_code_exI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	303	assumes h: "\<And> k. I. \<lbrace>P\<rbrace> c(k) \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	304	shows "I. \<lbrace>P\<rbrace> EXS k. c(k) \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	305	using h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	306	by (smt IHoare_def code_exI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	307
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	308	lemma I_code_extension:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	309	assumes h: "I. \<lbrace> P \<rbrace> c \<lbrace> Q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	310	shows "I. \<lbrace> P \<rbrace> c ** e \<lbrace> Q \<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	311	using h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	312	by (smt IHoare_def sep_exec.code_extension)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	313
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	314	lemma I_composition:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	315	assumes h1: "I. \<lbrace>P\<rbrace> c1 \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	316	and h2: "I. \<lbrace>Q\<rbrace> c2 \<lbrace>R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	317	shows "I. \<lbrace>P\<rbrace> c1 ** c2 \<lbrace>R\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	318	using h1 h2
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	319	by (smt IHoare_def sep_exec.composition)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	320
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	321	lemma pre_condI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	322	assumes h: "cond \<Longrightarrow> \<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	323	shows "\<lbrace><cond> \<and>* p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	324	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	325	case (Pre r s)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	326	hence "cond" "(p \<and>* c \<and>* r) (recse s)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	327	apply (metis pasrt_def sep_conjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	328	by (smt Pre.hyps pasrt_def sep_add_zero sep_conj_commute sep_conj_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	329	from h[OF this(1), unfolded Hoare_gen_def, rule_format, OF this(2)]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	330	show ?case .
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	331	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	332
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	333	lemma I_pre_condI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	334	assumes h: "cond \<Longrightarrow> I.\<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	335	shows "I.\<lbrace><cond> \<and>* P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	336	using h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	337	by (smt IHoareI condD cond_true_eq2 sep.mult_commute)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	338
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	339	lemma code_condI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	340	assumes h: "b \<Longrightarrow> \<lbrace>p\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	341	shows "\<lbrace>p\<rbrace> <b>**c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	342	proof(induct rule: HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	343	case (Pre r s)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	344	hence h1: "b" "(p \<and>* c \<and>* r) (recse s)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	345	apply (metis condD sep_conjD sep_conj_assoc)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	346	by (smt Pre.hyps condD sep_conj_impl)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	347	from h[OF h1(1), unfolded Hoare_gen_def, rule_format, OF h1(2)]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	348	and h1(1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	349	show ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	350	by (metis (full_types) cond_true_eq1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	351	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	352
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	353	lemma I_code_condI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	354	assumes h: "b \<Longrightarrow> I. \<lbrace>P\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	355	shows "I.\<lbrace>P\<rbrace> <b>**c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	356	using h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	357	by (smt IHoareI condD cond_true_eq2 sep.mult_commute sep_conj_cond1)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	358
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	359	lemma precond_exI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	360	assumes h:"\<And>x. \<lbrace>p x\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	361	shows "\<lbrace>EXS x. p x\<rbrace> c \<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	362	proof(induct rule:HoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	363	case (Pre r s)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	364	then obtain x where "(p x \<and>* c \<and>* r) (recse s)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	365	by (unfold pred_ex_def, auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	366	from h[of x, unfolded Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	367	show ?case .
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	368	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	369
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	370	lemma I_precond_exI:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	371	assumes h:"\<And>x. I. \<lbrace>P x\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	372	shows "I.\<lbrace>EXS x. P x\<rbrace> c \<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	373	proof(induct rule:IHoareI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	374	case (IPre s' s r cnf)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	375	then obtain x
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	376	where "((EXS s. <P x s> \<and>* <(s ## s')> \<and>* I (s + s')) \<and>* c \<and>* r) (recse cnf)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	377	by ( auto elim!:sep_conjE intro!:sep_conjI simp:pred_ex_def pasrt_def sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	378	from h[unfolded IHoare_def Hoare_gen_def, rule_format, OF this]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	379	obtain k t
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	380	where "((<Q t> \<and>* <(t ## s')> \<and>* I (t + s')) \<and>* c \<and>* r) (recse (run (Suc k) cnf))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	381	by (unfold pred_ex_def, auto elim!:sep_conjE intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	382	thus ?case
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	383	by (auto simp:sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	384	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	385
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	386	lemma hoare_sep_false:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	387	"\<lbrace>sep_false\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	388	\<lbrace>q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	389	by(unfold Hoare_gen_def, clarify, simp)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	390
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	391	lemma I_hoare_sep_false:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	392	"I. \<lbrace>sep_false\<rbrace> c
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	393	\<lbrace>Q\<rbrace>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	394	by (smt IHoareI condD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	395
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	396	end
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	397
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	398	instantiation set :: (type)sep_algebra
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	399	begin
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	400
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	401	definition set_zero_def: "0 = {}"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	402
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	403	definition plus_set_def: "s1 + s2 = s1 \<union> s2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	404
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	405	definition sep_disj_set_def: "sep_disj s1 s2 = (s1 \<inter> s2 = {})"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	406
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	407	lemmas set_ins_def = sep_disj_set_def plus_set_def set_zero_def
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	408
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	409	instance
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	410	apply(default)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	411	apply(simp add:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	412	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	413	apply (metis inf_commute)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	414	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	415	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	416	apply (metis sup_commute)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	417	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	418	apply (metis (lifting) Un_assoc)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	419	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	420	apply (metis (lifting) Int_Un_distrib Un_empty inf_sup_distrib1 sup_eq_bot_iff)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	421	apply(simp add:sep_disj_set_def plus_set_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	422	by (metis (lifting) Int_Un_distrib Int_Un_distrib2 sup_eq_bot_iff)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	423	end
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	424
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	425	section {* A big operator of infinite separation conjunction *}
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	426
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	427	definition "fam_conj I cpt s = (\<exists> p. (s = (\<Union> i \<in> I. p(i))) \<and>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	428	(\<forall> i \<in> I. cpt i (p i)) \<and>
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	429	(\<forall> i \<in> I. \<forall> j \<in> I. i \<noteq> j \<longrightarrow> p(i) ## p(j)))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	430
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	431	lemma fam_conj_zero_simp: "fam_conj {} cpt = <True>"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	432	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	433	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	434	show "fam_conj {} cpt s = (<True>) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	435	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	436	assume "fam_conj {} cpt s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	437	then obtain p where "s = (\<Union> i \<in> {}. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	438	by (unfold fam_conj_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	439	hence "s = {}" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	440	thus "(<True>) s" by (metis pasrt_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	441	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	442	assume "(<True>) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	443	hence eq_s: "s = {}" by (metis pasrt_def set_zero_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	444	let ?p = "\<lambda> i. {}"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	445	have "(s = (\<Union> i \<in> {}. ?p(i)))" by (unfold eq_s, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	446	moreover have "(\<forall> i \<in> {}. cpt i (?p i))" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	447	moreover have "(\<forall> i \<in> {}. \<forall> j \<in> {}. i \<noteq> j \<longrightarrow> ?p(i) ## ?p(j))" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	448	ultimately show "fam_conj {} cpt s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	449	by (unfold eq_s fam_conj_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	450	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	451	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	452
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	453	lemma fam_conj_disj_simp_pre:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	454	assumes h1: "I = I1 + I2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	455	and h2: "I1 ## I2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	456	shows "fam_conj I cpt = (fam_conj I1 cpt \<and>* fam_conj I2 cpt)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	457	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	458	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	459	let ?fm = "fam_conj I cpt" and ?fm1 = "fam_conj I1 cpt" and ?fm2 = "fam_conj I2 cpt"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	460	show "?fm s = (?fm1 \<and>* ?fm2) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	461	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	462	assume "?fm s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	463	then obtain p where pre:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	464	"s = (\<Union> i \<in> I. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	465	"(\<forall> i \<in> I. cpt i (p i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	466	"(\<forall> i \<in> I. \<forall> j \<in> I. i \<noteq> j \<longrightarrow> p(i) ## p(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	467	unfolding fam_conj_def by metis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	468	from pre(1) h1 h2 have "s = (\<Union> i \<in> I1. p(i)) + (\<Union> i \<in> I2. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	469	by (auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	470	moreover from pre h1 have "?fm1 (\<Union> i \<in> I1. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	471	by (unfold fam_conj_def, rule_tac x = p in exI, auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	472	moreover from pre h1 have "?fm2 (\<Union> i \<in> I2. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	473	by (unfold fam_conj_def, rule_tac x = p in exI, auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	474	moreover have "(\<Union> i \<in> I1. p(i)) ## (\<Union> i \<in> I2. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	475	proof -
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	476	{ fix x xa xb
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	477	assume h: "I1 \<inter> I2 = {}"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	478	"\<forall>i\<in>I1 \<union> I2. \<forall>j\<in>I1 \<union> I2. i \<noteq> j \<longrightarrow> p i \<inter> p j = {}"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	479	"xa \<in> I1" "x \<in> p xa" "xb \<in> I2" "x \<in> p xb"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	480	have "p xa \<inter> p xb = {}"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	481	proof(rule h(2)[rule_format])
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	482	from h(1, 3, 5) show "xa \<in> I1 \<union> I2" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	483	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	484	from h(1, 3, 5) show "xb \<in> I1 \<union> I2" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	485	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	486	from h(1, 3, 5) show "xa \<noteq> xb" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	487	qed with h(4, 6) have False by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	488	} with h1 h2 pre(3) show ?thesis by (auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	489	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	490	ultimately show "(?fm1 \<and>* ?fm2) s" by (auto intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	491	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	492	assume "(?fm1 \<and>* ?fm2) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	493	then obtain s1 s2 where pre:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	494	"s = s1 + s2" "s1 ## s2" "?fm1 s1" "?fm2 s2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	495	by (auto dest!:sep_conjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	496	from pre(3) obtain p1 where pre1:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	497	"s1 = (\<Union> i \<in> I1. p1(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	498	"(\<forall> i \<in> I1. cpt i (p1 i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	499	"(\<forall> i \<in> I1. \<forall> j \<in> I1. i \<noteq> j \<longrightarrow> p1(i) ## p1(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	500	unfolding fam_conj_def by metis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	501	from pre(4) obtain p2 where pre2:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	502	"s2 = (\<Union> i \<in> I2. p2(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	503	"(\<forall> i \<in> I2. cpt i (p2 i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	504	"(\<forall> i \<in> I2. \<forall> j \<in> I2. i \<noteq> j \<longrightarrow> p2(i) ## p2(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	505	unfolding fam_conj_def by metis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	506	let ?p = "\<lambda> i. if i \<in> I1 then p1 i else p2 i"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	507	from h2 pre(2)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	508	have "s = (\<Union> i \<in> I. ?p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	509	apply (unfold h1 pre(1) pre1(1) pre2(1) set_ins_def, auto split:if_splits)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	510	by (metis disjoint_iff_not_equal)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	511	moreover from h2 pre1(2) pre2(2) have "(\<forall> i \<in> I. cpt i (?p i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	512	by (unfold h1 set_ins_def, auto split:if_splits)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	513	moreover from pre1(1, 3) pre2(1, 3) pre(2) h2
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	514	have "(\<forall> i \<in> I. \<forall> j \<in> I. i \<noteq> j \<longrightarrow> ?p(i) ## ?p(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	515	apply (unfold h1 set_ins_def, auto split:if_splits)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	516	by (metis IntI empty_iff)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	517	ultimately show "?fm s" by (unfold fam_conj_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	518	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	519	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	520
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	521	lemma fam_conj_disj_simp:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	522	assumes h: "I1 ## I2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	523	shows "fam_conj (I1 + I2) cpt = (fam_conj I1 cpt \<and>* fam_conj I2 cpt)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	524	proof -
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	525	from fam_conj_disj_simp_pre[OF _ h, of "I1 + I2"]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	526	show ?thesis by simp
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	527	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	528
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	529	lemma fam_conj_elm_simp:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	530	assumes h: "i \<in> I"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	531	shows "fam_conj I cpt = (cpt(i) \<and>* fam_conj (I - {i}) cpt)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	532	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	533	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	534	show "fam_conj I cpt s = (cpt i \<and>* fam_conj (I - {i}) cpt) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	535	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	536	assume pre: "fam_conj I cpt s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	537	show "(cpt i \<and>* fam_conj (I - {i}) cpt) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	538	proof -
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	539	from pre obtain p where pres:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	540	"s = (\<Union> i \<in> I. p(i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	541	"(\<forall> i \<in> I. cpt i (p i))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	542	"(\<forall> i \<in> I. \<forall> j \<in> I. i \<noteq> j \<longrightarrow> p(i) ## p(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	543	unfolding fam_conj_def by metis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	544	let ?s = "(\<Union>i\<in>(I - {i}). p i)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	545	from pres(3) h have disj: "(p i) ## ?s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	546	by (auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	547	moreover from pres(1) h have eq_s: "s = (p i) + ?s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	548	by (auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	549	moreover from pres(2) h have "cpt i (p i)" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	550	moreover from pres have "(fam_conj (I - {i}) cpt) ?s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	551	by (unfold fam_conj_def, rule_tac x = p in exI, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	552	ultimately show ?thesis by (auto intro!:sep_conjI)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	553	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	554	next
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	555	let ?fam = "fam_conj (I - {i}) cpt"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	556	assume "(cpt i \<and>* ?fam) s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	557	then obtain s1 s2 where pre:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	558	"s = s1 + s2" "s1 ## s2" "cpt i s1" "?fam s2"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	559	by (auto dest!:sep_conjD)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	560	from pre(4) obtain p where pres:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	561	"s2 = (\<Union> ia \<in> I - {i}. p(ia))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	562	"(\<forall> ia \<in> I - {i}. cpt ia (p ia))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	563	"(\<forall> ia \<in> I - {i}. \<forall> j \<in> I - {i}. ia \<noteq> j \<longrightarrow> p(ia) ## p(j))"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	564	unfolding fam_conj_def by metis
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	565	let ?p = "p(i:=s1)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	566	from h pres(3) pre(2)[unfolded pres(1)]
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	567	have " \<forall>ia\<in>I. \<forall>j\<in>I. ia \<noteq> j \<longrightarrow> ?p ia ## ?p j" by (auto simp:set_ins_def)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	568	moreover from pres(1) pre(1) h pre(2)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	569	have "(s = (\<Union> i \<in> I. ?p(i)))" by (auto simp:set_ins_def split:if_splits)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	570	moreover from pre(3) pres(2) h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	571	have "(\<forall> i \<in> I. cpt i (?p i))" by (auto simp:set_ins_def split:if_splits)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	572	ultimately show "fam_conj I cpt s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	573	by (unfold fam_conj_def, auto)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	574	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	575	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	576
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	577	lemma fam_conj_insert_simp:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	578	assumes h:"i \<notin> I"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	579	shows "fam_conj (insert i I) cpt = (cpt(i) \<and>* fam_conj I cpt)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	580	proof -
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	581	have "i \<in> insert i I" by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	582	from fam_conj_elm_simp[OF this] and h
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	583	show ?thesis by auto
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	584	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	585
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	586	lemmas fam_conj_simps = fam_conj_insert_simp fam_conj_zero_simp
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	587
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	588	lemma "fam_conj {0, 2, 3} cpt = (cpt 2 \<and>* cpt (0::int) \<and>* cpt 3)"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	589	by (simp add:fam_conj_simps sep_conj_ac)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	590
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	591	lemma fam_conj_ext_eq:
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	592	assumes h: "\<And> i . i \<in> I \<Longrightarrow> f i = g i"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	593	shows "fam_conj I f = fam_conj I g"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	594	proof
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	595	fix s
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	596	show "fam_conj I f s = fam_conj I g s"
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	597	by (unfold fam_conj_def, auto simp:h)
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	598	qed
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	599
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	600	end
a5f5b9336007 thys2 added Xingyuan Zhang <xingyuanzhang@126.com> parents: diff changeset	601

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sat, 13 Sep 2014 04:39:07 +0100
changeset 26	1cde7bf45858
parent 25	a5f5b9336007
permissions	-rw-r--r--