| (* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| *) |
| |
| theory AttrConf |
| imports Main |
| begin |
| |
| locale AttrConf= |
| fixes noelem::'element |
| and noattr::'attr |
| and noattrconf::"'attrconf" |
| and attr_conf::"'attrconf\<Rightarrow>'attr\<Rightarrow>'attrconf" |
| and is_attrconf::"'attrconf\<Rightarrow>bool" |
| and attr_elem::"'attr\<Rightarrow>'element" |
| and find_elem::"'attrconf\<Rightarrow>'attr\<Rightarrow>bool" |
| and delete_attr::"'attrconf\<Rightarrow>'attr\<Rightarrow>'attrconf" |
| and get_attr::"'attrconf\<Rightarrow>'element\<Rightarrow>'attr" |
| and valid_attrconf::"'attrconf\<Rightarrow>bool" |
| assumes ATTRCONFHLR1:"\<not>is_attrconf noattrconf" |
| assumes ATTRCONFHLR2:"is_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFHLR3:"x=noattrconf\<or>(\<exists>conf attr. x=attr_conf conf attr)" |
| assumes ATTRCONFHLR4:"attr_elem noattr=noelem" |
| assumes ATTRCONFHLR6:"\<not>find_elem noattrconf attr" |
| assumes ATTRCONFHLR7:"attr_elem attrx=attr_elem attr\<Longrightarrow> |
| find_elem(attr_conf conf attrx) attr" |
| assumes ATTRCONFHLR8:"find_elem conf attr\<Longrightarrow> |
| find_elem(attr_conf conf attrx) attr" |
| assumes ATTRCONFHLR9:"(\<not>find_elem conf attr)\<and> |
| attr_elem attrx\<noteq>attr_elem attr\<Longrightarrow> |
| \<not>find_elem(attr_conf conf attrx) attr" |
| assumes ATTRCONFHLR10:"delete_attr noattrconf attr=noattrconf" |
| assumes ATTRCONFHLR11:"attr_elem attrx=attr_elem attr\<Longrightarrow> |
| delete_attr(attr_conf conf attrx) attr=delete_attr conf attr" |
| assumes ATTRCONFHLR12:"attr_elem attrx\<noteq>attr_elem attr\<Longrightarrow> |
| delete_attr(attr_conf conf attrx) attr= |
| attr_conf (delete_attr conf attr) attrx" |
| assumes ATTRCONFHLR13:"get_attr noattrconf elem=noattr" |
| assumes ATTRCONFHLR14:"attr_elem attr=elem\<Longrightarrow> |
| get_attr(attr_conf conf attr) elem=attr" |
| assumes ATTRCONFHLR16:"attr_elem attr\<noteq>elem\<Longrightarrow> |
| get_attr(attr_conf conf attr) elem=get_attr conf elem" |
| assumes ATTRCONFHLR17:"\<not>valid_attrconf noattrconf" |
| assumes ATTRCONFHLR18:"attr_elem attr\<noteq>noelem\<and> |
| conf=noattrconf\<Longrightarrow> |
| valid_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFHLR19:"valid_attrconf conf\<and> |
| (\<not>find_elem conf attr)\<and> |
| attr_elem attr\<noteq>noelem\<Longrightarrow> |
| valid_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFHLR20:"attr_elem attr=noelem\<Longrightarrow>\<not>valid_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFHLR21:"conf\<noteq>noattrconf\<and> |
| \<not>valid_attrconf conf\<Longrightarrow> |
| \<not>valid_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFHLR22:"conf\<noteq>noattrconf\<and> |
| find_elem conf attr\<Longrightarrow> |
| \<not>valid_attrconf(attr_conf conf attr)" |
| assumes ATTRCONFINDUCT:"\<lbrakk>P noattrconf;\<And>conf1 attr1. P conf1\<Longrightarrow>P(attr_conf conf1 attr1)\<rbrakk>\<Longrightarrow>P conf" |
| begin |
| |
| lemma find_total:"find_elem conf attr\<or> |
| attr_elem attrx=attr_elem attr\<Longrightarrow>find_elem(attr_conf conf attrx) attr" |
| proof (erule disjE) |
| assume "find_elem conf attr" |
| from this show "find_elem (attr_conf conf attrx) attr" by (rule ATTRCONFHLR8) |
| next |
| assume "attr_elem attrx = attr_elem attr" |
| from this show "find_elem (attr_conf conf attrx) attr" by (rule ATTRCONFHLR7) |
| qed |
| |
| lemma find_dual: |
| "find_elem conf attr\<or> |
| attr_elem attrx=attr_elem attr= |
| (\<not>((\<not>find_elem conf attr)\<and>attr_elem attrx\<noteq>attr_elem attr))" |
| by blast |
| |
| lemma find_inverse: |
| "find_elem(attr_conf conf attrx) attr\<Longrightarrow>find_elem conf attr\<or> |
| attr_elem attrx=attr_elem attr" |
| proof - |
| assume "find_elem(attr_conf conf attrx) attr" |
| from this show "find_elem conf attr\<or> |
| attr_elem attrx=attr_elem attr" |
| proof (rule contrapos_pp) |
| assume "\<not> (find_elem conf attr \<or> attr_elem attrx = attr_elem attr)" |
| from this have "(\<not>find_elem conf attr)\<and>attr_elem attrx\<noteq>attr_elem attr" |
| by (auto simp:find_dual) |
| from this show "\<not> find_elem (attr_conf conf attrx) attr" |
| by (auto simp:ATTRCONFHLR9) |
| qed |
| qed |
| |
| lemma not_find_inverse: |
| "\<not>find_elem(attr_conf conf attrx) attr\<Longrightarrow>(\<not>find_elem conf attr)\<and> |
| attr_elem attrx\<noteq>attr_elem attr" |
| proof - |
| assume "\<not>find_elem(attr_conf conf attrx) attr" |
| from this show "(\<not>find_elem conf attr)\<and> |
| attr_elem attrx\<noteq>attr_elem attr" |
| proof (rule contrapos_pp) |
| assume "\<not> (\<not> find_elem conf attr \<and> attr_elem attrx \<noteq> attr_elem attr)" |
| from this have "find_elem conf attr\<or> |
| attr_elem attrx=attr_elem attr" by auto |
| from this show "\<not> \<not> find_elem (attr_conf conf attrx) attr" |
| by (auto simp:find_total) |
| qed |
| qed |
| |
| lemma valid_total:"(attr_elem attr\<noteq>noelem\<and> |
| conf=noattrconf)\<or> |
| (valid_attrconf conf\<and> |
| (\<not>find_elem conf attr)\<and> |
| attr_elem attr\<noteq>noelem)\<Longrightarrow>valid_attrconf(attr_conf conf attr)" |
| proof (erule disjE) |
| assume "attr_elem attr \<noteq> noelem \<and> conf = noattrconf" |
| from this show "valid_attrconf (attr_conf conf attr)" by (rule ATTRCONFHLR18) |
| next |
| assume "valid_attrconf conf \<and> |
| \<not> find_elem conf attr \<and> attr_elem attr \<noteq> noelem" |
| from this show "valid_attrconf (attr_conf conf attr)" by (rule ATTRCONFHLR19) |
| qed |
| |
| lemma not_valid_total:"attr_elem attr=noelem\<or> |
| ((\<not>valid_attrconf conf)\<and> |
| conf\<noteq>noattrconf)\<or> |
| (conf\<noteq>noattrconf\<and> |
| find_elem conf attr)\<Longrightarrow>\<not>valid_attrconf(attr_conf conf attr)" |
| proof (erule disjE) |
| assume "attr_elem attr = noelem" |
| from this show "\<not>valid_attrconf(attr_conf conf attr)" by (rule ATTRCONFHLR20) |
| next |
| show "\<not> valid_attrconf conf \<and> |
| conf \<noteq> noattrconf \<or> |
| conf \<noteq> noattrconf \<and> |
| find_elem conf attr \<Longrightarrow> |
| \<not> valid_attrconf (attr_conf conf attr)" |
| proof (erule disjE) |
| assume "\<not> valid_attrconf conf \<and> conf \<noteq> noattrconf" |
| from this show "\<not> valid_attrconf (attr_conf conf attr)" by (auto simp: ATTRCONFHLR21) |
| next |
| assume "conf \<noteq> noattrconf \<and> find_elem conf attr" |
| from this show "\<not> valid_attrconf (attr_conf conf attr)" by (auto simp: ATTRCONFHLR22) |
| qed |
| qed |
| |
| lemma valid_dual: |
| "(attr_elem attr\<noteq>noelem\<and>conf=noattrconf)\<or> |
| (valid_attrconf conf\<and>(\<not>find_elem conf attr)\<and>attr_elem attr\<noteq>noelem)= |
| (\<not>(attr_elem attr=noelem\<or> |
| ((\<not>valid_attrconf conf)\<and>conf\<noteq>noattrconf)\<or> |
| (conf\<noteq>noattrconf\<and>find_elem conf attr)))" |
| by blast |
| |
| lemma valid_inverse: |
| "valid_attrconf(attr_conf conf attr)\<Longrightarrow>(attr_elem attr\<noteq>noelem\<and> |
| conf=noattrconf)\<or> |
| (valid_attrconf conf\<and> |
| (\<not>find_elem conf attr)\<and> |
| attr_elem attr\<noteq>noelem)" |
| proof - |
| assume "valid_attrconf(attr_conf conf attr)" |
| from this show "(attr_elem attr\<noteq>noelem\<and> |
| conf=noattrconf)\<or> |
| (valid_attrconf conf\<and> |
| (\<not>find_elem conf attr)\<and> |
| attr_elem attr\<noteq>noelem)" |
| proof (rule contrapos_pp) |
| assume "\<not> (attr_elem attr \<noteq> noelem \<and> conf = noattrconf \<or> |
| valid_attrconf conf \<and> |
| \<not> find_elem conf attr \<and> attr_elem attr \<noteq> noelem)" |
| from this have "attr_elem attr=noelem\<or> |
| ((\<not>valid_attrconf conf)\<and>conf\<noteq>noattrconf)\<or> |
| (conf\<noteq>noattrconf\<and>find_elem conf attr)" |
| by (auto simp:valid_dual) |
| from this show "\<not> valid_attrconf (attr_conf conf attr)" |
| by (auto simp:not_valid_total) |
| qed |
| qed |
| |
| lemma not_valid_inverse: |
| "\<not>valid_attrconf(attr_conf conf attr)\<Longrightarrow>attr_elem attr=noelem\<or> |
| ((\<not>valid_attrconf conf)\<and> |
| conf\<noteq>noattrconf)\<or> |
| (conf\<noteq>noattrconf\<and> |
| find_elem conf attr)" |
| proof - |
| assume "\<not>valid_attrconf(attr_conf conf attr)" |
| from this show "attr_elem attr=noelem\<or> |
| ((\<not>valid_attrconf conf)\<and> |
| conf\<noteq>noattrconf)\<or> |
| (conf\<noteq>noattrconf\<and> |
| find_elem conf attr)" |
| proof (rule contrapos_pp) |
| assume "\<not> (attr_elem attr = noelem \<or> |
| \<not> valid_attrconf conf \<and> conf \<noteq> noattrconf \<or> |
| conf \<noteq> noattrconf \<and> find_elem conf attr)" |
| from this have "(attr_elem attr\<noteq>noelem\<and>conf=noattrconf)\<or> |
| (valid_attrconf conf\<and>(\<not>find_elem conf attr)\<and>attr_elem attr\<noteq>noelem)" |
| by auto |
| from this show "\<not> \<not> valid_attrconf (attr_conf conf attr)" |
| by (auto simp:valid_total) |
| qed |
| qed |
| |
| lemma ATTRCONFHLR23:"noattrconf\<noteq>attr_conf conf attr" |
| proof |
| fix conf attr |
| assume 0:"noattrconf=attr_conf conf attr" |
| from ATTRCONFHLR1 have "\<not>is_attrconf(attr_conf conf attr)" by(auto simp: 0) |
| from this show "False" by (auto simp: ATTRCONFHLR2) |
| qed |
| |
| lemma ATTRCONFHLR24:"x\<noteq>noattrconf\<Longrightarrow>\<exists>conf attr. x=attr_conf conf attr" |
| proof - |
| fix x |
| assume 0:"x\<noteq>noattrconf" |
| from ATTRCONFHLR3 0 show "\<exists>sconf oconf. x = attr_conf sconf oconf" by blast |
| qed |
| |
| lemma ATTRCONFHLR25:"valid_attrconf conf\<and> |
| find_elem conf attr\<Longrightarrow>attr_elem attr\<noteq>noelem" |
| proof (induction rule:ATTRCONFINDUCT) |
| show "valid_attrconf noattrconf \<and> find_elem noattrconf attr \<Longrightarrow> |
| attr_elem attr \<noteq> noelem" by (auto simp:ATTRCONFHLR17) |
| next |
| fix conf1 attr1 |
| show "(valid_attrconf conf1 \<and> find_elem conf1 attr \<Longrightarrow> |
| attr_elem attr \<noteq> noelem) \<Longrightarrow> |
| valid_attrconf (attr_conf conf1 attr1) \<and> |
| find_elem (attr_conf conf1 attr1) attr \<Longrightarrow> |
| attr_elem attr \<noteq> noelem" |
| proof (auto) |
| assume 1:"valid_attrconf conf1 \<and> find_elem conf1 attr \<Longrightarrow> False" |
| assume 2:"find_elem (attr_conf conf1 attr1) attr" |
| assume 3:"noelem = attr_elem attr" |
| assume "valid_attrconf (attr_conf conf1 attr1)" |
| from this have 4:"(attr_elem attr1\<noteq>noelem\<and> |
| conf1=noattrconf)\<or> |
| (valid_attrconf conf1\<and> |
| (\<not>find_elem conf1 attr1)\<and> |
| attr_elem attr1\<noteq>noelem)" by (auto simp:valid_inverse) |
| from 2 have 2:"find_elem conf1 attr\<or> |
| attr_elem attr1=attr_elem attr" by (auto simp:find_inverse) |
| from 2 3 4 have "(find_elem conf1 attr \<or> |
| attr_elem attr1 = attr_elem attr)\<and> |
| (noelem = attr_elem attr)\<and> |
| (attr_elem attr1 \<noteq> noelem \<and> |
| conf1 = noattrconf \<or> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> |
| attr_elem attr1 \<noteq> noelem)" by auto |
| from this show False |
| proof (auto simp:ATTRCONFHLR6) |
| from 1 show "noelem = attr_elem attr \<Longrightarrow> |
| find_elem conf1 attr \<Longrightarrow> |
| valid_attrconf conf1 \<Longrightarrow> |
| \<not> find_elem conf1 attr1 \<Longrightarrow> |
| attr_elem attr1 \<noteq> attr_elem attr \<Longrightarrow> False" by (auto simp:1) |
| qed |
| qed |
| qed |
| |
| lemma ATTRCONFHLR26:"find_elem conf attr\<and> |
| attr_elem attr=attr_elem attrx\<Longrightarrow>find_elem conf attrx" |
| proof (induction conf rule:ATTRCONFINDUCT) |
| assume "find_elem noattrconf attr \<and> attr_elem attr = attr_elem attrx" |
| from this show "find_elem noattrconf attrx" by (auto simp:ATTRCONFHLR6) |
| next |
| fix conf1 attr1 |
| assume 0:"find_elem conf1 attr \<and> |
| attr_elem attr = attr_elem attrx \<Longrightarrow> |
| find_elem conf1 attrx" |
| assume "find_elem (attr_conf conf1 attr1) attr \<and> |
| attr_elem attr = attr_elem attrx" |
| from this have 1:"attr_elem attr = attr_elem attrx" |
| and 2:"find_elem (attr_conf conf1 attr1) attr" by auto |
| from 2 have 2:"find_elem conf1 attr\<or> |
| attr_elem attr1=attr_elem attr" by (auto simp:find_inverse) |
| from 1 2 show "find_elem (attr_conf conf1 attr1) attrx" |
| by (auto simp add:0 ATTRCONFHLR8 ATTRCONFHLR7) |
| qed |
| |
| lemma ATTRCONFHLR27:"find_elem conf attr\<and> |
| \<not>find_elem conf attrx\<Longrightarrow>attr_elem attr\<noteq>attr_elem attrx" |
| proof |
| show "find_elem conf attr \<and> \<not> find_elem conf attrx \<Longrightarrow> |
| attr_elem attr = attr_elem attrx \<Longrightarrow> False" |
| by (auto simp:ATTRCONFHLR26) |
| qed |
| |
| lemma ATTRCONFHLR28:"valid_attrconf conf\<and> |
| find_elem conf attr\<and> |
| attr_elem attr=elem\<Longrightarrow>attr_elem(get_attr conf elem)=elem" |
| proof (induction conf rule:ATTRCONFINDUCT) |
| show "valid_attrconf noattrconf \<and> |
| find_elem noattrconf attr \<and> attr_elem attr = elem \<Longrightarrow> |
| attr_elem (get_attr noattrconf elem) = elem" by (auto simp:ATTRCONFHLR17) |
| next |
| fix conf1 attr1 |
| assume 0:"valid_attrconf conf1 \<and> |
| find_elem conf1 attr \<and> attr_elem attr = elem \<Longrightarrow> |
| attr_elem (get_attr conf1 elem) = elem" |
| assume "valid_attrconf (attr_conf conf1 attr1) \<and> |
| find_elem (attr_conf conf1 attr1) attr \<and> attr_elem attr = elem" |
| from this have 1:"valid_attrconf (attr_conf conf1 attr1)" |
| and 2:"find_elem (attr_conf conf1 attr1) attr" |
| and 3:"attr_elem attr = elem" by auto |
| from 1 have 1:"(attr_elem attr1\<noteq>noelem\<and> |
| conf1=noattrconf)\<or> |
| (valid_attrconf conf1\<and> |
| (\<not>find_elem conf1 attr1)\<and> |
| attr_elem attr1\<noteq>noelem)" by (auto simp:valid_inverse) |
| from 2 have 2:"find_elem conf1 attr\<or> |
| attr_elem attr1=attr_elem attr" by (auto simp:find_inverse) |
| from 1 2 3 show "attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| proof - |
| show "attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf \<or> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem \<Longrightarrow> |
| find_elem conf1 attr \<or> attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| attr_elem attr = elem \<Longrightarrow> |
| attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| proof (erule disjE)+ |
| show "attr_elem attr = elem \<Longrightarrow> |
| attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf \<Longrightarrow> |
| find_elem conf1 attr \<Longrightarrow> |
| attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| by (auto simp:ATTRCONFHLR6) |
| next |
| show "attr_elem attr = elem \<Longrightarrow> |
| attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf \<Longrightarrow> |
| attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| by (auto simp:ATTRCONFHLR14) |
| next |
| show "find_elem conf1 attr \<or> attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| attr_elem attr = elem \<Longrightarrow> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem \<Longrightarrow> |
| attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| proof (erule disjE) |
| show "attr_elem attr = elem \<Longrightarrow> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem \<Longrightarrow> |
| attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| attr_elem (get_attr (attr_conf conf1 attr1) elem) = elem" |
| by (auto simp:ATTRCONFHLR14) |
| next |
| assume 1:"attr_elem attr = elem" |
| assume "valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem" |
| from this have 2:"valid_attrconf conf1" |
| and 3:"\<not> find_elem conf1 attr1" |
| and 4:"attr_elem attr1 \<noteq> noelem" by auto |
| assume 5:"find_elem conf1 attr" |
| from 5 3 1 have 6:"elem\<noteq>attr_elem attr1" |
| by (auto simp:ATTRCONFHLR27) |
| from this have 6:"get_attr(attr_conf conf1 attr1) elem=get_attr conf1 elem" |
| by (auto simp:ATTRCONFHLR16) |
| show ?thesis |
| proof (simp add:6) |
| from 2 5 1 show "attr_elem (get_attr conf1 elem) = elem" by (auto simp:0) |
| qed |
| qed |
| qed |
| qed |
| qed |
| |
| lemma ATTRCONFHLR29:"\<not>find_elem conf attr\<Longrightarrow>\<not>find_elem (delete_attr conf attr) attr" |
| proof (induction conf rule:ATTRCONFINDUCT) |
| show "\<not> find_elem noattrconf attr \<Longrightarrow> |
| \<not> find_elem (delete_attr noattrconf attr) attr" |
| by (auto simp add:ATTRCONFHLR10) |
| next |
| fix conf1 attr1 |
| assume 0:"\<not> find_elem conf1 attr \<Longrightarrow> |
| \<not> find_elem (delete_attr conf1 attr) attr" |
| assume 1:"\<not> find_elem (attr_conf conf1 attr1) attr" |
| from this have 1:"(\<not>find_elem conf1 attr)\<and> |
| attr_elem attr1\<noteq>attr_elem attr" by (auto simp:not_find_inverse) |
| from this have 1:"\<not>find_elem conf1 attr" |
| and 2:"attr_elem attr1\<noteq>attr_elem attr" by auto |
| from 2 have 3:"delete_attr(attr_conf conf1 attr1) attr= |
| attr_conf (delete_attr conf1 attr) attr1" by (auto simp:ATTRCONFHLR12) |
| show "\<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (simp add:3;rule ATTRCONFHLR9) |
| from 1 2 show "\<not> find_elem (delete_attr conf1 attr) attr \<and> |
| attr_elem attr1 \<noteq> attr_elem attr" by (auto simp:0) |
| qed |
| qed |
| |
| lemma ATTRCONFHLR30:"\<not>find_elem conf attr\<and> |
| attr_elem attr=attr_elem attrx\<Longrightarrow>\<not>find_elem conf attrx" |
| proof |
| assume "\<not> find_elem conf attr \<and> attr_elem attr = attr_elem attrx" |
| from this have 0:"\<not> find_elem conf attr" |
| and 1:"attr_elem attr = attr_elem attrx" by auto |
| assume "find_elem conf attrx" |
| from this 1 have "find_elem conf attr" by (auto simp:ATTRCONFHLR26) |
| from this 0 show False by auto |
| qed |
| |
| lemma ATTRCONFHLR31:"valid_attrconf conf\<and> |
| find_elem conf attr\<Longrightarrow>\<not>find_elem(delete_attr conf attr) attr" |
| proof (induction conf rule:ATTRCONFINDUCT) |
| show "valid_attrconf noattrconf \<and> find_elem noattrconf attr \<Longrightarrow> |
| \<not> find_elem (delete_attr noattrconf attr) attr" |
| by (auto simp:ATTRCONFHLR17) |
| next |
| fix conf1 |
| fix attr1 |
| assume 0:"valid_attrconf conf1 \<and> find_elem conf1 attr \<Longrightarrow> |
| \<not> find_elem (delete_attr conf1 attr) attr" |
| assume "valid_attrconf (attr_conf conf1 attr1) \<and> |
| find_elem (attr_conf conf1 attr1) attr" |
| from this have 1:"valid_attrconf (attr_conf conf1 attr1)" |
| and 2:"find_elem (attr_conf conf1 attr1) attr" by auto |
| from 1 have 1:"(attr_elem attr1\<noteq>noelem\<and> |
| conf1=noattrconf)\<or> |
| (valid_attrconf conf1\<and> |
| (\<not>find_elem conf1 attr1)\<and> |
| attr_elem attr1\<noteq>noelem)" by (auto simp:valid_inverse) |
| from 2 have 2:"find_elem conf1 attr\<or> |
| attr_elem attr1=attr_elem attr" by (auto simp:find_inverse) |
| from 1 2 show "\<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof - |
| show "attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf \<or> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem \<Longrightarrow> |
| find_elem conf1 attr \<or> attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| \<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (erule disjE)+ |
| show "attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf \<Longrightarrow> |
| find_elem conf1 attr \<Longrightarrow> |
| \<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| by (auto simp:ATTRCONFHLR6) |
| next |
| assume "attr_elem attr1 \<noteq> noelem \<and> conf1 = noattrconf" |
| from this have 1:"conf1 = noattrconf" by auto |
| assume "attr_elem attr1 = attr_elem attr" |
| from this have 2:"delete_attr(attr_conf conf1 attr1) attr=delete_attr conf1 attr" |
| by (auto simp:ATTRCONFHLR11) |
| show "\<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (auto simp:2) |
| show "find_elem (delete_attr conf1 attr) attr \<Longrightarrow> False" |
| by (auto simp add:1 ATTRCONFHLR10 ATTRCONFHLR6) |
| qed |
| next |
| show "find_elem conf1 attr \<or> attr_elem attr1 = attr_elem attr \<Longrightarrow> |
| valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem \<Longrightarrow> |
| \<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (erule disjE)+ |
| assume "valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> attr_elem attr1 \<noteq> noelem" |
| from this have 1:"valid_attrconf conf1" |
| and 2:"\<not> find_elem conf1 attr1" |
| and 3:"attr_elem attr1 \<noteq> noelem" by auto |
| assume 4:"find_elem conf1 attr" |
| from 4 2 have 6:"attr_elem attr\<noteq>attr_elem attr1" by (auto simp:ATTRCONFHLR27) |
| from this have 5:"delete_attr(attr_conf conf1 attr1) attr= |
| attr_conf (delete_attr conf1 attr) attr1" |
| by (auto simp:ATTRCONFHLR12) |
| show "\<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (simp add:5;rule ATTRCONFHLR9) |
| from 1 4 6 show "\<not> find_elem (delete_attr conf1 attr) attr \<and> |
| attr_elem attr1 \<noteq> attr_elem attr" |
| by (auto simp:0) |
| qed |
| next |
| assume "valid_attrconf conf1 \<and> |
| \<not> find_elem conf1 attr1 \<and> |
| attr_elem attr1 \<noteq> noelem" |
| from this have 1:"valid_attrconf conf1" |
| and 2:"\<not> find_elem conf1 attr1" |
| and 3:"attr_elem attr1 \<noteq> noelem" by auto |
| assume 4:"attr_elem attr1 = attr_elem attr" |
| from this have 5:"delete_attr(attr_conf conf1 attr1) attr=delete_attr conf1 attr" |
| by (auto simp:ATTRCONFHLR11) |
| show "\<not> find_elem (delete_attr (attr_conf conf1 attr1) attr) attr" |
| proof (simp add:5;rule ATTRCONFHLR29) |
| from 2 4 show "\<not> find_elem conf1 attr" by (auto simp:ATTRCONFHLR30) |
| qed |
| qed |
| qed |
| qed |
| qed |
| |
| end |
| |
| print_locale! AttrConf |
| |
| locale AttrConfRel=AttrConf noelem noattr noattrconf attr_conf is_attrconf attr_elem |
| find_elem delete_attr get_attr valid_attrconf |
| for noelem::'element |
| and noattr::'attr |
| and noattrconf::"'attrconf" |
| and attr_conf::"'attrconf\<Rightarrow>'attr\<Rightarrow>'attrconf" |
| and is_attrconf::"'attrconf\<Rightarrow>bool" |
| and attr_elem::"'attr\<Rightarrow>'element" |
| and find_elem::"'attrconf\<Rightarrow>'attr\<Rightarrow>bool" |
| and delete_attr::"'attrconf\<Rightarrow>'attr\<Rightarrow>'attrconf" |
| and get_attr::"'attrconf\<Rightarrow>'element\<Rightarrow>'attr" |
| and valid_attrconf::"'attrconf\<Rightarrow>bool" + |
| fixes rel_subset::"'attrconf\<Rightarrow>'attrconf\<Rightarrow>bool" |
| assumes ATTRCONFRELHLR1:"rel_subset confx noattrconf" |
| assumes ATTRCONFRELHLR2:"conf=noattrconf\<and> |
| find_elem confx attr\<Longrightarrow> |
| rel_subset confx (attr_conf conf attr)" |
| assumes ATTRCONFRELHLR3:"conf\<noteq>noattrconf\<and> |
| find_elem confx attr\<and> |
| rel_subset confx conf\<Longrightarrow> |
| rel_subset confx (attr_conf conf attr)" |
| assumes ATTRCONFRELHLR4:"\<not>rel_subset confx conf\<Longrightarrow> |
| \<not>rel_subset confx (attr_conf conf attr)" |
| assumes ATTRCONFRELHLR5:"rel_subset confx conf\<and> |
| \<not>find_elem confx attr\<Longrightarrow> |
| \<not>rel_subset confx (attr_conf conf attr)" |
| begin |
| |
| lemma rel_subset_total:"(conf=noattrconf\<and> |
| find_elem confx attr)\<or> |
| (conf\<noteq>noattrconf\<and> |
| find_elem confx attr\<and> |
| rel_subset confx conf)\<Longrightarrow>rel_subset confx (attr_conf conf attr)" |
| proof (erule disjE) |
| assume "conf = noattrconf \<and> find_elem confx attr" |
| from this show "rel_subset confx (attr_conf conf attr)" by (rule ATTRCONFRELHLR2) |
| next |
| assume "conf \<noteq> noattrconf \<and> find_elem confx attr \<and> rel_subset confx conf" |
| from this show "rel_subset confx (attr_conf conf attr)" by (rule ATTRCONFRELHLR3) |
| qed |
| |
| lemma not_rel_subset_total:"(\<not>rel_subset confx conf)\<or> |
| (rel_subset confx conf\<and>\<not>find_elem confx attr)\<Longrightarrow> |
| \<not>rel_subset confx (attr_conf conf attr)" |
| proof (erule disjE) |
| assume "\<not> rel_subset confx conf" |
| from this show "\<not> rel_subset confx (attr_conf conf attr)" by (rule ATTRCONFRELHLR4) |
| next |
| assume "rel_subset confx conf \<and> \<not> find_elem confx attr" |
| from this show "\<not> rel_subset confx (attr_conf conf attr)" by (rule ATTRCONFRELHLR5) |
| qed |
| |
| lemma rel_subset_dual: |
| "(conf=noattrconf\<and>find_elem confx attr)\<or> |
| (conf\<noteq>noattrconf\<and>find_elem confx attr\<and>rel_subset confx conf)= |
| (\<not>((\<not>rel_subset confx conf)\<or>(rel_subset confx conf\<and>\<not>find_elem confx attr)))" |
| by blast |
| |
| lemma ATTRCONFRELHLR6:"rel_subset confx conf\<and>find_elem conf attr\<Longrightarrow>find_elem confx attr" |
| proof (induction conf rule:ATTRCONFINDUCT) |
| assume "rel_subset confx noattrconf \<and> find_elem noattrconf attr" |
| from this show "find_elem confx attr" by (auto simp:ATTRCONFHLR6) |
| next |
| fix conf1 attr1 |
| assume 0:"rel_subset confx conf1 \<and> find_elem conf1 attr \<Longrightarrow> |
| find_elem confx attr" |
| assume "rel_subset confx (attr_conf conf1 attr1) \<and> |
| find_elem (attr_conf conf1 attr1) attr" |
| from this have 1:"rel_subset confx (attr_conf conf1 attr1)" |
| and 2:"find_elem (attr_conf conf1 attr1) attr" by auto |
| from 1 have 1:"(conf1=noattrconf\<and> |
| find_elem confx attr1)\<or> |
| (conf1\<noteq>noattrconf\<and> |
| find_elem confx attr1\<and> |
| rel_subset confx conf1)" |
| proof (rule contrapos_pp) |
| assume "\<not> (conf1 = noattrconf \<and> find_elem confx attr1 \<or> |
| conf1 \<noteq> noattrconf \<and> |
| find_elem confx attr1 \<and> rel_subset confx conf1)" |
| from this have "((\<not>rel_subset confx conf1)\<or> |
| (rel_subset confx conf1\<and>\<not>find_elem confx attr1))" |
| by (auto simp:rel_subset_dual) |
| from this show "\<not> rel_subset confx (attr_conf conf1 attr1)" |
| by (auto simp:not_rel_subset_total) |
| qed |
| from 2 have 2:"find_elem conf1 attr\<or> |
| attr_elem attr1=attr_elem attr" |
| proof (rule contrapos_pp) |
| assume "\<not> (find_elem conf1 attr \<or> |
| attr_elem attr1 = attr_elem attr)" |
| from this have "((\<not>find_elem conf1 attr)\<and> |
| attr_elem attr1\<noteq>attr_elem attr)" by (auto simp:find_dual) |
| from this show "\<not> find_elem (attr_conf conf1 attr1) attr" by (rule ATTRCONFHLR9) |
| qed |
| from 1 2 have "(conf1 = noattrconf \<and> |
| find_elem confx attr1 \<or> |
| conf1 \<noteq> noattrconf \<and> |
| find_elem confx attr1 \<and> |
| rel_subset confx conf1)\<and> |
| (find_elem conf1 attr \<or> |
| attr_elem attr1 = attr_elem attr)" by auto |
| from this show ?thesis by (auto simp add:0 ATTRCONFHLR26 ATTRCONFHLR6) |
| qed |
| |
| end |
| |
| print_locale! AttrConfRel |
| |
| locale AttrConfDisj = arg1:AttrConf noelem noattr_arg1 noattrconf_arg1 attr_conf_arg1 is_attrconf_arg1 |
| attr_elem_arg1 find_elem_arg1 delete_attr_arg1 get_attr_arg1 |
| valid_attrconf_arg1 + |
| arg2:AttrConf noelem noattr_arg2 noattrconf_arg2 attr_conf_arg2 is_attrconf_arg2 |
| attr_elem_arg2 find_elem_arg2 delete_attr_arg2 get_attr_arg2 |
| valid_attrconf_arg2 |
| for noelem::'element |
| and noattr_arg1::'attr1 |
| and noattrconf_arg1::"'attrconf1" |
| and attr_conf_arg1::"'attrconf1\<Rightarrow>'attr1\<Rightarrow>'attrconf1" |
| and is_attrconf_arg1::"'attrconf1\<Rightarrow>bool" |
| and attr_elem_arg1::"'attr1\<Rightarrow>'element" |
| and find_elem_arg1::"'attrconf1\<Rightarrow>'attr1\<Rightarrow>bool" |
| and delete_attr_arg1::"'attrconf1\<Rightarrow>'attr1\<Rightarrow>'attrconf1" |
| and get_attr_arg1::"'attrconf1\<Rightarrow>'element\<Rightarrow>'attr1" |
| and valid_attrconf_arg1::"'attrconf1\<Rightarrow>bool" |
| and noattr_arg2::'attr2 |
| and noattrconf_arg2::"'attrconf2" |
| and attr_conf_arg2::"'attrconf2\<Rightarrow>'attr2\<Rightarrow>'attrconf2" |
| and is_attrconf_arg2::"'attrconf2\<Rightarrow>bool" |
| and attr_elem_arg2::"'attr2\<Rightarrow>'element" |
| and find_elem_arg2::"'attrconf2\<Rightarrow>'attr2\<Rightarrow>bool" |
| and delete_attr_arg2::"'attrconf2\<Rightarrow>'attr2\<Rightarrow>'attrconf2" |
| and get_attr_arg2::"'attrconf2\<Rightarrow>'element\<Rightarrow>'attr2" |
| and valid_attrconf_arg2::"'attrconf2\<Rightarrow>bool"+ |
| fixes rel_disjoint::"'attrconf1\<Rightarrow>'attrconf2\<Rightarrow>bool" |
| assumes ATTRCONFDISJHLR1:"rel_disjoint conf1 noattrconf_arg2" |
| assumes ATTRCONFDISJHLR2:"get_attr_arg1 conf1 (attr_elem_arg2 attr2)=noattr_arg1\<and> |
| rel_disjoint conf1 conf2\<Longrightarrow> |
| rel_disjoint conf1 (attr_conf_arg2 conf2 attr2)" |
| assumes ATTRCONFDISJHLR3:"get_attr_arg1 conf1 (attr_elem_arg2 attr2)\<noteq>noattr_arg1\<and> |
| rel_disjoint conf1 conf2\<Longrightarrow> |
| \<not>rel_disjoint conf1 (attr_conf_arg2 conf2 attr2)" |
| assumes ATTRCONFDISJHLR4:"get_attr_arg1 conf1 (attr_elem_arg2 attr2)=noattr_arg1\<and> |
| \<not>rel_disjoint conf1 conf2\<Longrightarrow> |
| \<not>rel_disjoint conf1 (attr_conf_arg2 conf2 attr2)" |
| |
| print_locale! AttrConfDisj |
| |
| end |