Theory NormalisationGenericProofs
subsection‹Normalisation Proofs (Generic)›
theory
NormalisationGenericProofs
imports
FWNormalisationCore
begin
text ‹
This theory contains the generic proofs of the normalisation procedure, i.e. those which
are independent from the concrete semantical interpretation function.
›
lemma domNMT: "dom X ≠ {} ⟹ X ≠ ∅"
by auto
lemma denyNMT: "deny_all ≠ ∅"
apply (rule domNMT)
by (simp add: deny_all_def dom_def)
lemma wellformed_policy1_charn[rule_format]:
"wellformed_policy1 p ⟶ DenyAll ∈ set p ⟶ (∃ p'. p = DenyAll # p' ∧ DenyAll ∉ set p')"
by(induct "p",simp_all)
lemma singleCombinatorsConc: "singleCombinators (x#xs) ⟹ singleCombinators xs"
by (case_tac x,simp_all)
lemma aux0_0: "singleCombinators x ⟹ ¬ (∃ a b. (a⊕b) ∈ set x)"
apply (induct "x", simp_all)
subgoal for a b
by (case_tac "a",simp_all)
done
lemma aux0_4: "(a ∈ set x ∨ a ∈ set y) = (a ∈ set (x@y))"
by auto
lemma aux0_1: "⟦singleCombinators xs; singleCombinators [x]⟧ ⟹
singleCombinators (x#xs)"
by (case_tac "x",simp_all)
lemma aux0_6: "⟦singleCombinators xs; ¬ (∃ a b. x = a ⊕ b)⟧ ⟹
singleCombinators(x#xs)"
apply (rule aux0_1,simp_all)
apply (case_tac "x",simp_all)
done
lemma aux0_5: " ¬ (∃ a b. (a⊕b) ∈ set x) ⟹ singleCombinators x"
apply (induct "x")
apply simp_all
by (metis aux0_6)
lemma ANDConc[rule_format]: "allNetsDistinct (a#p) ⟶ allNetsDistinct (p)"
apply (simp add: allNetsDistinct_def)
apply (case_tac "a")
by simp_all
lemma aux6: "twoNetsDistinct a1 a2 a b ⟹
dom (deny_all_from_to a1 a2) ∩ dom (deny_all_from_to a b) = {}"
by (auto simp: twoNetsDistinct_def netsDistinct_def src_def dest_def
in_subnet_def PolicyCombinators.PolicyCombinators dom_def)
lemma aux5[rule_format]: "(DenyAllFromTo a b) ∈ set p ⟶ a ∈ set (net_list p)"
by (rule net_list_aux.induct,simp_all)
lemma aux5a[rule_format]: "(DenyAllFromTo b a) ∈ set p ⟶ a ∈ set (net_list p)"
by (rule net_list_aux.induct,simp_all)
lemma aux5c[rule_format]:
"(AllowPortFromTo a b po) ∈ set p ⟶ a ∈ set (net_list p)"
by (rule net_list_aux.induct,simp_all)
lemma aux5d[rule_format]:
"(AllowPortFromTo b a po) ∈ set p ⟶ a ∈ set (net_list p)"
by (rule net_list_aux.induct,simp_all)
lemma aux10[rule_format]: "a ∈ set (net_list p) ⟶ a ∈ set (net_list_aux p)"
by simp
lemma srcInNetListaux[simp]:
"⟦x ∈ set p; singleCombinators[x]; x ≠ DenyAll⟧ ⟹ srcNet x ∈ set (net_list_aux p)"
apply (induct "p")
apply simp_all
subgoal for a p
apply (case_tac "x = a", simp_all)
apply (case_tac a, simp_all)
apply (case_tac a, simp_all)
done
done
lemma destInNetListaux[simp]:
"⟦x ∈ set p; singleCombinators[x]; x ≠ DenyAll⟧ ⟹ destNet x ∈ set (net_list_aux p)"
apply (induct p)
apply simp_all
subgoal for a p
apply (case_tac "x = a", simp_all)
apply (case_tac "a", simp_all)
apply (case_tac "a", simp_all)
done
done
lemma tND1: "⟦allNetsDistinct p; x ∈ set p; y ∈ set p; a = srcNet x;
b = destNet x; c = srcNet y; d = destNet y; a ≠ c;
singleCombinators[x]; x ≠ DenyAll; singleCombinators[y];
y ≠ DenyAll⟧ ⟹ twoNetsDistinct a b c d"
by (simp add: allNetsDistinct_def twoNetsDistinct_def)
lemma tND2: "⟦allNetsDistinct p; x ∈ set p; y ∈ set p; a = srcNet x;
b = destNet x; c = srcNet y; d = destNet y; b ≠ d;
singleCombinators[x]; x ≠ DenyAll; singleCombinators[y];
y ≠ DenyAll⟧ ⟹ twoNetsDistinct a b c d"
by (simp add: allNetsDistinct_def twoNetsDistinct_def)
lemma tND: "⟦allNetsDistinct p; x ∈ set p; y ∈ set p; a = srcNet x;
b = destNet x; c = srcNet y; d = destNet y; a ≠ c ∨ b ≠ d;
singleCombinators[x]; x ≠ DenyAll; singleCombinators[y]; y ≠ DenyAll⟧
⟹ twoNetsDistinct a b c d"
apply (case_tac "a ≠ c", simp_all)
apply (erule_tac x = x and y =y in tND1, simp_all)
apply (erule_tac x = x and y =y in tND2, simp_all)
done
lemma aux7: "⟦DenyAllFromTo a b ∈ set p; allNetsDistinct ((DenyAllFromTo c d)#p);
a≠ c∨ b≠ d⟧ ⟹ twoNetsDistinct a b c d"
apply (erule_tac x = "DenyAllFromTo a b" and y = "DenyAllFromTo c d" in tND)
by simp_all
lemma aux7a: "⟦DenyAllFromTo a b ∈ set p;
allNetsDistinct ((AllowPortFromTo c d po)#p); a ≠ c∨ b ≠ d⟧ ⟹
twoNetsDistinct a b c d"
apply (erule_tac x = "DenyAllFromTo a b" and
y = "AllowPortFromTo c d po" in tND)
by simp_all
lemma nDComm: assumes ab: "netsDistinct a b" shows ba: "netsDistinct b a"
apply (insert ab)
by (auto simp: netsDistinct_def in_subnet_def)
lemma tNDComm:
assumes abcd: "twoNetsDistinct a b c d" shows "twoNetsDistinct c d a b"
apply (insert abcd)
by (metis twoNetsDistinct_def nDComm)
lemma aux[rule_format]: "a ∈ set (removeShadowRules2 p) ⟶ a ∈ set p"
apply (case_tac a)
by (rule removeShadowRules2.induct, simp_all)+
lemma aux12: "⟦a ∈ x; b ∉ x⟧ ⟹ a ≠ b"
by auto
lemma ND0aux1[rule_format]: "DenyAllFromTo x y ∈ set b ⟹
x ∈ set (net_list_aux b)"
by (metis aux5 net_list.simps set_remdups)
lemma ND0aux2[rule_format]: "DenyAllFromTo x y ∈ set b ⟹
y ∈ set (net_list_aux b)"
by (metis aux5a net_list.simps set_remdups)
lemma ND0aux3[rule_format]: "AllowPortFromTo x y p ∈ set b ⟹
x ∈ set (net_list_aux b)"
by (metis aux5c net_list.simps set_remdups)
lemma ND0aux4[rule_format]: "AllowPortFromTo x y p ∈ set b ⟹
y ∈ set (net_list_aux b)"
by (metis aux5d net_list.simps set_remdups)
lemma aNDSubsetaux[rule_format]: "singleCombinators a ⟶ set a ⊆ set b ⟶
set (net_list_aux a) ⊆ set (net_list_aux b)"
apply (induct a)
apply simp_all
apply clarify
apply (drule mp, erule singleCombinatorsConc)
subgoal for a a' x
apply (case_tac "a")
apply (simp_all add: contra_subsetD)
apply (metis contra_subsetD)
apply (metis ND0aux1 ND0aux2 contra_subsetD)
apply (metis ND0aux3 ND0aux4 contra_subsetD)
done
done
lemma aNDSetsEqaux[rule_format]: "singleCombinators a ⟶ singleCombinators b ⟶
set a = set b ⟶ set (net_list_aux a) = set (net_list_aux b)"
apply (rule impI)+
apply (rule equalityI)
apply (rule aNDSubsetaux, simp_all)+
done
lemma aNDSubset: "⟦singleCombinators a;set a ⊆ set b; allNetsDistinct b⟧ ⟹
allNetsDistinct a"
apply (simp add: allNetsDistinct_def)
apply (rule allI)+
apply (rule impI)+
subgoal for x y
apply (drule_tac x = "x" in spec, drule_tac x = "y" in spec)
using aNDSubsetaux by blast
done
lemma aNDSetsEq: "⟦singleCombinators a; singleCombinators b; set a = set b;
allNetsDistinct b⟧ ⟹ allNetsDistinct a"
apply (simp add: allNetsDistinct_def)
apply (rule allI)+
apply (rule impI)+
subgoal for x y
apply (drule_tac x = "x" in spec, drule_tac x = "y" in spec)
using aNDSetsEqaux by auto
done
lemma SCConca: "⟦singleCombinators p; singleCombinators [a]⟧ ⟹
singleCombinators (a#p)"
by(metis aux0_1)
lemma aux3[simp]: "⟦singleCombinators p; singleCombinators [a];
allNetsDistinct (a#p)⟧ ⟹ allNetsDistinct (a#a#p)"
by (metis aNDSetsEq aux0_1 insert_absorb2 list.set(2))
lemma wp1_aux1a[rule_format]: "xs ≠ [] ⟶ wellformed_policy1_strong (xs @ [x]) ⟶
wellformed_policy1_strong xs"
by (induct xs,simp_all)
lemma wp1alternative_RS1[rule_format]: "DenyAll ∈ set p ⟶
wellformed_policy1_strong (removeShadowRules1 p)"
by (induct p,simp_all)
lemma wellformed_eq: "DenyAll ∈ set p ⟶
((wellformed_policy1 p) = (wellformed_policy1_strong p))"
by (induct p,simp_all)
lemma set_insort: "set(insort x xs l) = insert x (set xs)"
by (induct xs) auto
lemma set_sort[simp]: "set(sort xs l) = set xs"
by (induct xs) (simp_all add:set_insort)
lemma set_sortQ: "set(qsort xs l) = set xs"
by simp
lemma aux79[rule_format]: "y ∈ set (insort x a l) ⟶ y ≠ x ⟶ y ∈ set a"
apply (induct a)
by auto
lemma aux80: "⟦y ∉ set p; y ≠ x⟧ ⟹ y ∉ set (insort x (sort p l) l)"
apply (metis aux79 set_sort)
done
lemma WP1Conca: "DenyAll ∉ set p ⟹ wellformed_policy1 (a#p)"
by (case_tac a,simp_all)
lemma saux[simp]: "(insort DenyAll p l) = DenyAll#p"
by (induct_tac p,simp_all)
lemma saux3[rule_format]: "DenyAllFromTo a b ∈ set list ⟶
DenyAllFromTo c d ∉ set list ⟶ (a ≠ c) ∨ (b ≠ d)"
by blast
lemma waux2[rule_format]: " (DenyAll ∉ set xs) ⟶ wellformed_policy1 xs"
by (induct_tac xs,simp_all)
lemma waux3[rule_format]: "⟦x ≠ a; x ∉ set p⟧ ⟹ x ∉ set (insort a p l)"
by (metis aux79)
lemma wellformed1_sorted_aux[rule_format]: "wellformed_policy1 (x#p) ⟹
wellformed_policy1 (insort x p l)"
by (metis NormalisationGenericProofs.set_insort list.set(2) saux waux2 wellformed_eq
wellformed_policy1_strong.simps(2))
lemma wellformed1_sorted_auxQ[rule_format]: "wellformed_policy1 (p) ⟹
wellformed_policy1 (qsort p l)"
proof (induct p)
case Nil show ?case by simp
next
case (Cons a S) then show ?case
apply simp_all
apply (cases a,simp_all)
by (metis Combinators.simps append_Cons append_Nil qsort.simps(2) set_ConsD set_qsort waux2)+
qed
lemma SR1Subset: "set (removeShadowRules1 p) ⊆ set p"
apply (induct_tac p, simp_all)
subgoal for x xs
apply (case_tac "x", simp_all)
apply(auto)
done
done
lemma SCSubset[rule_format]: " singleCombinators b ⟶ set a ⊆ set b ⟶
singleCombinators a"
proof (induct a)
case Nil thus ?case by simp
next
case (Cons x xs) thus ?case
by (meson aux0_0 aux0_5 subsetCE)
qed
lemma setInsert[simp]: "set list ⊆ insert a (set list)"
by auto
lemma SC_RS1[rule_format,simp]: "singleCombinators p ⟶ allNetsDistinct p ⟶
singleCombinators (removeShadowRules1 p)"
apply (induct_tac p)
apply simp_all
using ANDConc singleCombinatorsConc by blast
lemma RS2Set[rule_format]: "set (removeShadowRules2 p) ⊆ set p"
apply(induct p, simp_all)
subgoal for a as
apply(case_tac a)
by(auto)
done
lemma WP1: "a ∉ set list ⟹ a ∉ set (removeShadowRules2 list)"
using RS2Set [of list] by blast
lemma denyAllDom[simp]: "x ∈ dom (deny_all)"
by (simp add: UPFDefs(24) domI)
lemma lCdom2: "(list2FWpolicy (a @ (b @ c))) = (list2FWpolicy ((a@b)@c))"
by auto
lemma SCConcEnd: "singleCombinators (xs @ [xa]) ⟹ singleCombinators xs"
apply (induct "xs", simp_all)
subgoal for a as
by (case_tac "a" , simp_all)
done
lemma list2FWpolicyconc[rule_format]: "a ≠ [] ⟶
(list2FWpolicy (xa # a)) = (xa) ⊕ (list2FWpolicy a)"
by (induct a,simp_all)
lemma wp1n_tl [rule_format]: "wellformed_policy1_strong p ⟶
p = (DenyAll#(tl p))"
by (induct p, simp_all)
lemma foo2: "a ∉ set ps ⟹
a ∉ set ss ⟹
set p = set s ⟹
p = (a#(ps)) ⟹
s = (a#ss) ⟹
set (ps) = set (ss)"
by auto
lemma SCnotConc[rule_format,simp]: "a⊕b ∈ set p ⟶ singleCombinators p ⟶False"
apply (induct p, simp_all)
subgoal for p ps
by(case_tac p, simp_all)
done
lemma auxx8: "removeShadowRules1_alternative_rev [x] = [x]"
by (case_tac "x", simp_all)
lemma RS1End[rule_format]: "x ≠ DenyAll ⟶ removeShadowRules1 (xs @ [x]) =
(removeShadowRules1 xs)@[x]"
by (induct_tac xs, simp_all)
lemma aux114: "x ≠ DenyAll ⟹ removeShadowRules1_alternative_rev (x#xs) =
x#(removeShadowRules1_alternative_rev xs)"
apply (induct_tac xs)
apply (auto simp: auxx8)
by (case_tac "x", simp_all)
lemma aux115[rule_format]: "x ≠ DenyAll⟹removeShadowRules1_alternative (xs@[x])
= (removeShadowRules1_alternative xs)@[x]"
apply (simp add: removeShadowRules1_alternative_def aux114)
done
lemma RS1_DA[simp]: "removeShadowRules1 (xs @ [DenyAll]) = [DenyAll]"
by (induct_tac xs, simp_all)
lemma rSR1_eq: "removeShadowRules1_alternative = removeShadowRules1"
apply (rule ext)
apply (simp add: removeShadowRules1_alternative_def)
subgoal for x
apply (rule_tac xs = x in rev_induct)
apply simp_all
subgoal for x xs
apply (case_tac "x = DenyAll", simp_all)
apply (metis RS1End aux114 rev.simps(2))
done
done
done
lemma domInterMT[rule_format]: "⟦dom a ∩ dom b = {}; x ∈ dom a⟧ ⟹ x ∉ dom b"
by auto
lemma domComm: "dom a ∩ dom b = dom b ∩ dom a"
by auto
lemma r_not_DA_in_tl[rule_format]:
"wellformed_policy1_strong p ⟶ a ∈ set p⟶ a ≠ DenyAll ⟶ a ∈ set (tl p)"
by (induct p,simp_all)
lemma wp1_aux1aa[rule_format]: "wellformed_policy1_strong p ⟶ DenyAll ∈ set p"
by (induct p,simp_all)
lemma mauxa: "(∃ r. a b = ⌊r⌋) = (a b ≠ ⊥)"
by auto
lemma l2p_aux[rule_format]: "list ≠ [] ⟶
list2FWpolicy (a # list) = a ⊕(list2FWpolicy list)"
by (induct "list", simp_all)
lemma l2p_aux2[rule_format]: "list = [] ⟹ list2FWpolicy (a # list) = a"
by simp
lemma aux7aa:
assumes 1 : "AllowPortFromTo a b poo ∈ set p"
and 2 : "allNetsDistinct ((AllowPortFromTo c d po) # p)"
and 3 : "a ≠ c ∨ b ≠ d"
shows "twoNetsDistinct a b c d" (is "?H")
proof(cases "a ≠ c") print_cases
case True assume *:"a ≠ c" show ?H
by (meson "1" "2" True allNetsDistinct_def aux5c list.set_intros(1)
list.set_intros(2) twoNetsDistinct_def)
next
case False assume *:"¬(a ≠ c)" show "twoNetsDistinct a b c d"
by (meson "1" "2" "3" False allNetsDistinct_def aux5d list.set_intros(1)
list.set_intros(2) twoNetsDistinct_def)
qed
lemma ANDConcEnd: "⟦ allNetsDistinct (xs @ [xa]); singleCombinators xs⟧ ⟹
allNetsDistinct xs"
by (rule aNDSubset, auto)
lemma WP1ConcEnd[rule_format]:
"wellformed_policy1 (xs@[xa]) ⟶ wellformed_policy1 xs"
by (induct xs, simp_all)
lemma NDComm: "netsDistinct a b = netsDistinct b a"
by (auto simp: netsDistinct_def in_subnet_def)
lemma wellformed1_sorted[simp]:
assumes wp1: "wellformed_policy1 p"
shows "wellformed_policy1 (sort p l)"
proof (cases p)
case Nil thus ?thesis by simp
next
case (Cons x xs) thus ?thesis
proof (cases "x = DenyAll")
case True thus ?thesis using assms Cons by simp
next
case False thus ?thesis using assms
by (metis Cons set_sort False waux2 wellformed_eq
wellformed_policy1_strong.simps(2))
qed
qed
lemma wellformed1_sortedQ[simp]:
assumes wp1: "wellformed_policy1 p"
shows "wellformed_policy1 (qsort p l)"
proof (cases p)
case Nil thus ?thesis by simp
next
case (Cons x xs) thus ?thesis
proof (cases "x = DenyAll")
case True thus ?thesis using assms Cons by simp
next
case False thus ?thesis using assms
by (metis Cons set_qsort False waux2 wellformed_eq
wellformed_policy1_strong.simps(2))
qed
qed
lemma SC1[simp]: "singleCombinators p ⟹singleCombinators (removeShadowRules1 p)"
by (erule SCSubset) (rule SR1Subset)
lemma SC2[simp]: "singleCombinators p ⟹singleCombinators (removeShadowRules2 p)"
by (erule SCSubset) (rule RS2Set)
lemma SC3[simp]: "singleCombinators p ⟹ singleCombinators (sort p l)"
by (erule SCSubset) simp
lemma SC3Q[simp]: "singleCombinators p ⟹ singleCombinators (qsort p l)"
by (erule SCSubset) simp
lemma aND_RS1[simp]: "⟦singleCombinators p; allNetsDistinct p⟧ ⟹
allNetsDistinct (removeShadowRules1 p)"
apply (rule aNDSubset)
apply (erule SC_RS1, simp_all)
apply (rule SR1Subset)
done
lemma aND_RS2[simp]: "⟦singleCombinators p; allNetsDistinct p⟧ ⟹
allNetsDistinct (removeShadowRules2 p)"
apply (rule aNDSubset)
apply (erule SC2, simp_all)
apply (rule RS2Set)
done
lemma aND_sort[simp]: "⟦singleCombinators p; allNetsDistinct p⟧ ⟹
allNetsDistinct (sort p l)"
apply (rule aNDSubset)
by (erule SC3, simp_all)
lemma aND_sortQ[simp]: "⟦singleCombinators p; allNetsDistinct p⟧ ⟹
allNetsDistinct (qsort p l)"
apply (rule aNDSubset)
by (erule SC3Q, simp_all)
lemma inRS2[rule_format,simp]: "x ∉ set p ⟶ x ∉ set (removeShadowRules2 p)"
apply (insert RS2Set [of p])
by blast
lemma distinct_RS2[rule_format,simp]: "distinct p ⟶
distinct (removeShadowRules2 p)"
apply (induct p)
apply simp_all
apply clarify
subgoal for a p
apply (case_tac "a")
by auto
done
lemma setPaireq: " {x, y} = {a, b} ⟹ x = a ∧ y = b ∨ x = b ∧ y = a"
by (metis doubleton_eq_iff)
lemma position_positive[rule_format]: "a ∈ set l ⟶ position a l > 0"
by (induct l, simp_all)
lemma pos_noteq[rule_format]:
"a ∈ set l ⟶ b ∈ set l ⟶ c ∈ set l ⟶
a ≠ b ⟶ position a l ≤ position b l ⟶ position b l ≤ position c l ⟶
a ≠ c"
proof(induct l)
case Nil show ?case by simp
next
case (Cons a R) show ?case
by (metis (no_types, lifting) Cons.hyps One_nat_def Suc_le_mono le_antisym
length_greater_0_conv list.size(3) nat.inject position.simps(2)
position_positive set_ConsD)
qed
lemma setPair_noteq: "{a,b} ≠ {c,d} ⟹ ¬ ((a = c) ∧ (b = d))"
by auto
lemma setPair_noteq_allow: "{a,b} ≠ {c,d} ⟹ ¬ ((a = c) ∧ (b = d) ∧ P)"
by auto
lemma order_trans:
"⟦in_list x l; in_list y l; in_list z l; singleCombinators [x];
singleCombinators [y]; singleCombinators [z]; smaller x y l; smaller y z l⟧ ⟹
smaller x z l"
apply (case_tac x, simp_all)
apply (case_tac z, simp_all)
apply (case_tac y, simp_all)
apply (case_tac y, simp_all)
apply (rule conjI|rule impI)+
apply (simp add: setPaireq)
apply (rule conjI|rule impI)+
apply (simp_all split: if_splits)
apply metis+
apply auto[1]
apply (simp add: setPaireq)
apply (rule impI,case_tac y, simp_all)
apply (simp_all split: if_splits, metis,simp_all add: setPair_noteq setPair_noteq_allow)
apply (case_tac z, simp_all)
apply (case_tac y, simp_all)
apply (case_tac y, simp_all)
apply (intro impI|rule conjI)+
apply (simp_all split: if_splits)
apply (simp add: setPair_noteq)
apply (erule pos_noteq, simp_all)
apply auto[1]
apply (rule conjI,simp add: setPair_noteq_allow)
apply (erule pos_noteq, simp_all)
apply auto[1]
apply (rule impI,rule disjI2)
apply (case_tac y, simp_all split: if_splits )
apply metis
apply (simp_all add: setPair_noteq_allow)
done
lemma sortedConcStart[rule_format]:
"sorted (a # aa # p) l ⟶ in_list a l ⟶ in_list aa l ⟶ all_in_list p l⟶
singleCombinators [a] ⟶ singleCombinators [aa] ⟶ singleCombinators p ⟶
sorted (a#p) l"
apply (induct p)
apply simp_all
apply (rule impI)+
apply simp
apply (rule_tac y = "aa" in order_trans)
apply simp_all
subgoal for p ps
apply (case_tac "p", simp_all)
done
done
lemma [simp]: "singleCombinators (x#xs) ⟹
singleCombinators [x]"
by (case_tac x, simp_all)
lemma sorted_is_smaller[rule_format]:
"sorted (a # p) l ⟶ in_list a l ⟶ in_list b l ⟶ all_in_list p l ⟶
singleCombinators [a] ⟶ singleCombinators p ⟶ b ∈ set p ⟶ smaller a b l"
apply (induct p)
apply (auto intro: singleCombinatorsConc sortedConcStart)
done
lemma sortedConcEnd[rule_format]: "sorted (a # p) l ⟶ in_list a l ⟶
all_in_list p l ⟶ singleCombinators [a] ⟶
singleCombinators p ⟶ sorted p l"
apply (induct p)
apply (auto intro: singleCombinatorsConc sortedConcStart)
done
lemma in_set_in_list[rule_format]: "a ∈ set p ⟶ all_in_list p l⟶ in_list a l"
by (induct p) auto
lemma sorted_Consb[rule_format]:
"all_in_list (x#xs) l ⟶ singleCombinators (x#xs) ⟶
(sorted xs l & (∀y∈set xs. smaller x y l)) ⟶ (sorted (x#xs) l) "
apply(induct xs arbitrary: x)
apply (auto simp: order_trans)
done
lemma sorted_Cons: "⟦all_in_list (x#xs) l; singleCombinators (x#xs)⟧ ⟹
(sorted xs l & (∀y∈set xs. smaller x y l)) = (sorted (x#xs) l)"
apply auto
apply (rule sorted_Consb, simp_all)
apply (metis singleCombinatorsConc singleCombinatorsStart sortedConcEnd)
apply (erule sorted_is_smaller)
apply (auto intro: singleCombinatorsConc singleCombinatorsStart in_set_in_list)
done
lemma smaller_antisym: "⟦¬ smaller a b l; in_list a l; in_list b l;
singleCombinators[a]; singleCombinators [b]⟧ ⟹
smaller b a l"
apply (case_tac a)
apply simp_all
apply (case_tac b)
apply simp_all
apply (simp_all split: if_splits)
apply (rule setPaireq)
apply simp
apply (case_tac b)
apply simp_all
apply (simp_all split: if_splits)
done
lemma set_insort_insert: "set (insort x xs l) ⊆ insert x (set xs)"
by (induct xs) auto
lemma all_in_listSubset[rule_format]: "all_in_list b l ⟶singleCombinators a ⟶
set a ⊆ set b ⟶ all_in_list a l"
by (induct_tac a) (auto intro: in_set_in_list singleCombinatorsConc)
lemma singleCombinators_insort: "⟦singleCombinators [x]; singleCombinators xs⟧ ⟹
singleCombinators (insort x xs l)"
by (metis NormalisationGenericProofs.set_insort aux0_0 aux0_1 aux0_5 list.simps(15))
lemma all_in_list_insort: "⟦all_in_list xs l; singleCombinators (x#xs);
in_list x l⟧ ⟹ all_in_list (insort x xs l) l"
apply (rule_tac b = "x#xs" in all_in_listSubset)
apply simp_all
apply (metis singleCombinatorsConc singleCombinatorsStart
singleCombinators_insort)
apply (rule set_insort_insert)
done
lemma sorted_ConsA:"⟦all_in_list (x#xs) l; singleCombinators (x#xs)⟧ ⟹
(sorted (x#xs) l) = (sorted xs l & (∀y∈set xs. smaller x y l))"
by (metis sorted_Cons)
lemma is_in_insort: "y ∈ set xs ⟹ y ∈ set (insort x xs l)"
by (simp add: NormalisationGenericProofs.set_insort)
lemma sorted_insorta[rule_format]:
assumes 1 : "sorted (insort x xs l) l"
and 2 : "all_in_list (x#xs) l"
and 3 : "all_in_list (x#xs) l"
and 4 : "distinct (x#xs)"
and 5 : "singleCombinators [x]"
and 6 : "singleCombinators xs"
shows "sorted xs l"
proof (insert 1 2 3 4 5 6, induct xs)
case Nil show ?case by simp
next
case (Cons a xs)
then show ?case
apply simp
apply (auto intro: is_in_insort sorted_ConsA set_insort singleCombinators_insort
singleCombinatorsConc sortedConcEnd all_in_list_insort) [1]
apply(cases "smaller x a l", simp_all)
by (metis NormalisationGenericProofs.set_insort NormalisationGenericProofs.sorted_Cons
all_in_list.simps(2) all_in_list_insort aux0_1 insert_iff singleCombinatorsConc
singleCombinatorsStart singleCombinators_insort)
qed
lemma sorted_insortb[rule_format]:
"sorted xs l ⟶ all_in_list (x#xs) l ⟶ distinct (x#xs) ⟶
singleCombinators [x] ⟶ singleCombinators xs ⟶ sorted (insort x xs l) l"
proof (induct xs)
case Nil show ?case by simp_all
next
case (Cons a xs)
have * : "sorted (a # xs) l ⟹ all_in_list (x # a # xs) l ⟹
distinct (x # a # xs) ⟹ singleCombinators [x] ⟹
singleCombinators (a # xs) ⟹ sorted (insort x xs l) l"
apply(insert Cons.hyps, simp_all)
apply(metis sorted_Cons all_in_list.simps(2) singleCombinatorsConc)
done
show ?case
apply (insert Cons.hyps)
apply (rule impI)+
apply (insert *, auto intro!: sorted_Consb)
proof (rule_tac b = "x#xs" in all_in_listSubset)
show "in_list x l ⟹ all_in_list xs l ⟹ all_in_list (x # xs) l"
by simp_all
next
show "singleCombinators [x] ⟹
singleCombinators (a # xs) ⟹
FWNormalisationCore.sorted (FWNormalisationCore.insort x xs l) l ⟹
singleCombinators (FWNormalisationCore.insort x xs l)"
apply (rule singleCombinators_insort, simp_all)
by (erule singleCombinatorsConc)
next
show "set (FWNormalisationCore.insort x xs l) ⊆ set (x # xs)"
using NormalisationGenericProofs.set_insort_insert by auto
next
show "singleCombinators [x] ⟹
singleCombinators (a # xs) ⟹
singleCombinators (a # FWNormalisationCore.insort x xs l)"
by (metis SCConca singleCombinatorsConc singleCombinatorsStart
singleCombinators_insort)
next
fix y
show "FWNormalisationCore.sorted (a # xs) l ⟹
singleCombinators [x] ⟹ singleCombinators (a # xs) ⟹
in_list x l ⟹ in_list a l ⟹ all_in_list xs l ⟹
¬ smaller x a l ⟹ y ∈ set (FWNormalisationCore.insort x xs l) ⟹
smaller a y l"
by (metis NormalisationGenericProofs.set_insort in_set_in_list insert_iff
singleCombinatorsConc singleCombinatorsStart smaller_antisym
sorted_is_smaller)
qed
qed
lemma sorted_insort:
"⟦all_in_list (x#xs) l; distinct(x#xs); singleCombinators [x];
singleCombinators xs⟧ ⟹
sorted (insort x xs l) l = sorted xs l"
by (auto intro: sorted_insorta sorted_insortb)
lemma distinct_insort: "distinct (insort x xs l) = (x ∉ set xs ∧ distinct xs)"
by(induct xs)(auto simp:set_insort)
lemma distinct_sort[simp]: "distinct (sort xs l) = distinct xs"
by(induct xs)(simp_all add:distinct_insort)
lemma sort_is_sorted[rule_format]:
"all_in_list p l ⟶ distinct p ⟶ singleCombinators p ⟶ sorted (sort p l) l"
apply (induct p)
apply simp
by (metis (no_types, lifting) NormalisationGenericProofs.distinct_sort
NormalisationGenericProofs.set_sort SC3 all_in_list.simps(2) all_in_listSubset
distinct.simps(2) set_subset_Cons singleCombinatorsConc singleCombinatorsStart
sort.simps(2) sorted_insortb)
lemma smaller_sym[rule_format]: "all_in_list [a] l ⟶ smaller a a l"
by (case_tac a,simp_all)
lemma SC_sublist[rule_format]:
"singleCombinators xs ⟹ singleCombinators (qsort [y←xs. P y] l)"
by (auto intro: SCSubset)
lemma all_in_list_sublist[rule_format]:
"singleCombinators xs ⟶ all_in_list xs l ⟶ all_in_list (qsort [y←xs. P y] l) l"
by (auto intro: all_in_listSubset SC_sublist)
lemma SC_sublist2[rule_format]:
"singleCombinators xs ⟶ singleCombinators ([y←xs. P y])"
by (auto intro: SCSubset)
lemma all_in_list_sublist2[rule_format]:
"singleCombinators xs ⟶ all_in_list xs l ⟶ all_in_list ( [y←xs. P y]) l"
by (auto intro: all_in_listSubset SC_sublist2)
lemma all_in_listAppend[rule_format]:
"all_in_list (xs) l ⟶ all_in_list (ys) l ⟶ all_in_list (xs @ ys) l"
by (induct xs) simp_all
lemma distinct_sortQ[rule_format]:
"singleCombinators xs ⟶ all_in_list xs l ⟶ distinct xs ⟶ distinct (qsort xs l)"
apply (induct xs l rule: qsort.induct)
apply simp
apply (auto simp: SC_sublist2 singleCombinatorsConc all_in_list_sublist2)
done
lemma singleCombinatorsAppend[rule_format]:
"singleCombinators (xs) ⟶ singleCombinators (ys) ⟶ singleCombinators (xs @ ys)"
apply (induct xs, auto)
subgoal for a as
apply (case_tac a,simp_all)
done
subgoal for a as
apply (case_tac a,simp_all)
done
done
lemma sorted_append1[rule_format]:
"all_in_list xs l ⟶ singleCombinators xs ⟶
all_in_list ys l ⟶ singleCombinators ys ⟶
(sorted (xs@ys) l ⟶
(sorted xs l & sorted ys l & (∀x ∈ set xs. ∀y ∈ set ys. smaller x y l)))"
apply(induct xs)
apply(simp_all)
by (metis NormalisationGenericProofs.sorted_Cons all_in_list.simps(2) all_in_listAppend aux0_1
aux0_4 singleCombinatorsAppend singleCombinatorsConc singleCombinatorsStart)
lemma sorted_append2[rule_format]:
"all_in_list xs l⟶ singleCombinators xs ⟶
all_in_list ys l ⟶ singleCombinators ys ⟶
(sorted xs l & sorted ys l & (∀x ∈ set xs. ∀y ∈ set ys. smaller x y l)) ⟶
(sorted (xs@ys) l)"
apply (induct xs)
apply simp_all
by (metis NormalisationGenericProofs.sorted_Cons all_in_list.simps(2) all_in_listAppend aux0_1
aux0_4 singleCombinatorsAppend singleCombinatorsConc singleCombinatorsStart)
lemma sorted_append[rule_format]:
"all_in_list xs l ⟶ singleCombinators xs ⟶
all_in_list ys l ⟶ singleCombinators ys ⟶
(sorted (xs@ys) l) =
(sorted xs l & sorted ys l & (∀x ∈ set xs. ∀y ∈ set ys. smaller x y l))"
apply (rule impI)+
apply (rule iffI)
apply (rule sorted_append1,simp_all)
apply (rule sorted_append2,simp_all)
done
lemma sort_is_sortedQ[rule_format]:
"all_in_list p l ⟶ singleCombinators p ⟶ sorted (qsort p l) l"
proof (induct p l rule: qsort.induct) print_cases
case 1 show ?case by simp
next
case 2 fix x::"('a,'b) Combinators" fix xs::"('a,'b) Combinators list" fix l
show "all_in_list [y←xs . ¬ smaller x y l] l ⟶
singleCombinators [y←xs . ¬ smaller x y l] ⟶
sorted (qsort [y←xs . ¬ smaller x y l] l) l ⟹
all_in_list [y←xs . smaller x y l] l ⟶
singleCombinators [y←xs . smaller x y l] ⟶
sorted (qsort [y←xs . smaller x y l] l) l ⟹
all_in_list(x#xs) l ⟶ singleCombinators(x#xs) ⟶ sorted (qsort(x#xs) l) l"
apply (intro impI)
apply (simp_all add: SC_sublist all_in_list_sublist all_in_list_sublist2
singleCombinatorsConc SC_sublist2)
proof (subst sorted_append)
show "in_list x l ∧ all_in_list xs l ⟹
singleCombinators (x # xs) ⟹
all_in_list (qsort [y←xs . ¬ smaller x y l] l) l"
by (metis all_in_list_sublist singleCombinatorsConc)
next
show "in_list x l ∧ all_in_list xs l ⟹
singleCombinators (x # xs) ⟹
singleCombinators (qsort [y←xs . ¬ smaller x y l] l)"
apply (auto simp: SC_sublist all_in_list_sublist SC_sublist2
all_in_list_sublist2 sorted_Cons sorted_append not_le)
apply (metis SC3Q SC_sublist2 singleCombinatorsConc)
done
next
show "sorted (qsort [y←xs . ¬ smaller x y l] l) l ⟹
sorted (qsort [y←xs . smaller x y l] l) l ⟹
in_list x l ∧ all_in_list xs l ⟹ singleCombinators (x # xs) ⟹
all_in_list (x # qsort [y←xs . smaller x y l] l) l"
using all_in_list.simps(2) all_in_list_sublist singleCombinatorsConc by blast
next
show "sorted (qsort [y←xs . smaller x y l] l) l ⟹
in_list x l ∧ all_in_list xs l ⟹ singleCombinators (x # xs) ⟹
singleCombinators (x # qsort [y←xs . smaller x y l] l)"
using SC_sublist aux0_1 singleCombinatorsConc singleCombinatorsStart by blast
next
show "sorted (qsort [y←xs . ¬ smaller x y l] l) l ⟹
sorted (qsort [y←xs . smaller x y l] l) l ⟹
in_list x l ∧ all_in_list xs l ⟹
singleCombinators (x # xs) ⟹
FWNormalisationCore.sorted (qsort [y←xs . ¬ smaller x y l] l) l ∧
FWNormalisationCore.sorted (x # qsort [y←xs . smaller x y l] l) l ∧
(∀x'∈set (qsort [y←xs . ¬ smaller x y l] l).
∀y∈set (x # qsort [y←xs . smaller x y l] l). smaller x' y l)"
apply(auto)[1]
apply (metis (mono_tags, lifting) SC_sublist all_in_list.simps(2)
all_in_list_sublist aux0_1 mem_Collect_eq set_filter set_qsort
singleCombinatorsConc singleCombinatorsStart sorted_Consb)
apply (metis aux0_0 aux0_6 in_set_in_list singleCombinatorsConc
singleCombinatorsStart smaller_antisym)
by (metis (no_types, lifting) NormalisationGenericProofs.order_trans aux0_0
aux0_6 in_set_in_list
singleCombinatorsConc singleCombinatorsStart smaller_antisym)
qed
qed
lemma inSet_not_MT: "a ∈ set p ⟹ p ≠ []"
by auto
lemma RS1n_assoc:
"x ≠ DenyAll ⟹ removeShadowRules1_alternative xs @ [x] =
removeShadowRules1_alternative (xs @ [x])"
by (simp add: removeShadowRules1_alternative_def aux114)
lemma RS1n_nMT[rule_format,simp]: "p ≠ []⟶ removeShadowRules1_alternative p ≠ []"
apply (simp add: removeShadowRules1_alternative_def)
apply (rule_tac xs = p in rev_induct, simp_all)
subgoal for x xs
apply (case_tac "xs = []", simp_all)
apply (case_tac x, simp_all)
apply (rule_tac xs = "xs" in rev_induct, simp_all)
apply (case_tac x, simp_all)+
done
done
lemma RS1N_DA[simp]: "removeShadowRules1_alternative (a@[DenyAll]) = [DenyAll]"
by (simp add: removeShadowRules1_alternative_def)
lemma WP1n_DA_notinSet[rule_format]: "wellformed_policy1_strong p ⟶
DenyAll ∉ set (tl p)"
by (induct p) (simp_all)
lemma mt_sym: "dom a ∩ dom b = {} ⟹ dom b ∩ dom a = {}"
by auto
lemma DAnotTL[rule_format]:
"xs ≠ [] ⟶ wellformed_policy1 (xs @ [DenyAll]) ⟶ False"
by (induct xs, simp_all)
lemma AND_tl[rule_format]: "allNetsDistinct ( p) ⟶ allNetsDistinct (tl p)"
apply (induct p, simp_all)
by (auto intro: ANDConc)
lemma distinct_tl[rule_format]: "distinct p ⟶ distinct (tl p)"
by (induct p, simp_all)
lemma SC_tl[rule_format]: "singleCombinators ( p) ⟶ singleCombinators (tl p)"
by (induct p, simp_all) (auto intro: singleCombinatorsConc)
lemma Conc_not_MT: "p = x#xs ⟹ p ≠ []"
by auto
lemma wp1_tl[rule_format]:
"p ≠ [] ∧ wellformed_policy1 p ⟶ wellformed_policy1 (tl p)"
by (induct p) (auto intro: waux2)
lemma wp1_eq[rule_format]:
"wellformed_policy1_strong p ⟹ wellformed_policy1 p"
apply (case_tac "DenyAll ∈ set p")
apply (subst wellformed_eq)
apply (auto elim: waux2)
done
lemma wellformed1_alternative_sorted:
"wellformed_policy1_strong p ⟹ wellformed_policy1_strong (sort p l)"
by (case_tac "p", simp_all)
lemma wp1n_RS2[rule_format]:
"wellformed_policy1_strong p ⟶ wellformed_policy1_strong (removeShadowRules2 p)"
by (induct p, simp_all)
lemma RS2_NMT[rule_format]: "p ≠ [] ⟶ removeShadowRules2 p ≠ []"
apply (induct p, simp_all)
subgoal for a p
apply (case_tac "p ≠ []", simp_all)
apply (case_tac "a", simp_all)+
done
done
lemma wp1_alternative_not_mt[simp]: "wellformed_policy1_strong p ⟹ p ≠ []"
by auto
lemma AIL1[rule_format,simp]: "all_in_list p l ⟶
all_in_list (removeShadowRules1 p) l"
by (induct_tac p, simp_all)
lemma wp1ID: "wellformed_policy1_strong (insertDeny (removeShadowRules1 p))"
apply (induct p, simp_all)
subgoal for a p
apply (case_tac a, simp_all)
done
done
lemma dRD[simp]: "distinct (remdups p)"
by simp
lemma AILrd[rule_format,simp]: "all_in_list p l ⟶ all_in_list (remdups p) l"
by (induct p, simp_all)
lemma AILiD[rule_format,simp]: "all_in_list p l ⟶ all_in_list (insertDeny p) l"
apply (induct p, simp_all)
apply (rule impI, simp)
subgoal for a p
apply (case_tac a, simp_all)
done
done
lemma SCrd[rule_format,simp]:"singleCombinators p⟶ singleCombinators(remdups p)"
apply (induct p, simp_all)
subgoal for a p
apply (case_tac a, simp_all)
done
done
lemma SCRiD[rule_format,simp]: "singleCombinators p ⟶
singleCombinators(insertDeny p)"
apply (induct p, simp_all)
subgoal for a p
apply (case_tac a, simp_all)
done
done
lemma WP1rd[rule_format,simp]:
"wellformed_policy1_strong p ⟶ wellformed_policy1_strong (remdups p)"
by (induct p, simp_all)
lemma ANDrd[rule_format,simp]:
"singleCombinators p ⟶ allNetsDistinct p ⟶ allNetsDistinct (remdups p)"
apply (rule impI)+
apply (rule_tac b = p in aNDSubset)
apply simp_all
done
lemma ANDiD[rule_format,simp]:
"allNetsDistinct p ⟶ allNetsDistinct (insertDeny p)"
apply (induct p, simp_all)
apply (simp add: allNetsDistinct_def)
apply (auto intro: ANDConc)
subgoal for a p
apply (case_tac "a",simp_all add: allNetsDistinct_def)
done
done
lemma mr_iD[rule_format]:
"wellformed_policy1_strong p ⟶ matching_rule x p = matching_rule x (insertDeny p)"
by (induct p, simp_all)
lemma WP1iD[rule_format,simp]: "wellformed_policy1_strong p ⟶
wellformed_policy1_strong (insertDeny p)"
by (induct p, simp_all)
lemma DAiniD: "DenyAll ∈ set (insertDeny p)"
apply (induct p, simp_all)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma p2lNmt: "policy2list p ≠ []"
by (rule policy2list.induct, simp_all)
lemma AIL2[rule_format,simp]:
"all_in_list p l ⟶ all_in_list (removeShadowRules2 p) l"
apply (induct_tac p, simp_all)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma SCConc: "singleCombinators x ⟹ singleCombinators y ⟹ singleCombinators (x@y)"
apply (rule aux0_5)
apply (metis aux0_0 aux0_4)
done
lemma SCp2l: "singleCombinators (policy2list p)"
by (induct_tac p) (auto intro: SCConc)
lemma subnetAux: "Dd ∩ A ≠ {} ⟹ A ⊆ B ⟹ Dd ∩ B ≠ {}"
by auto
lemma soadisj: "x ∈ subnetsOfAdr a ⟹ y ∈ subnetsOfAdr a ⟹ ¬ netsDistinct x y"
by(simp add: subnetsOfAdr_def netsDistinct_def,auto)
lemma not_member: "¬ member a (x⊕y) ⟹ ¬ member a x"
by auto
lemma soadisj2: "(∀ a x y. x ∈ subnetsOfAdr a ∧ y ∈ subnetsOfAdr a ⟶ ¬ netsDistinct x y)"
by (simp add: subnetsOfAdr_def netsDistinct_def, auto)
lemma ndFalse1:
"(∀a b c d. (a,b)∈A ∧ (c,d)∈B ⟶ netsDistinct a c) ⟹
∃(a, b)∈A. a ∈ subnetsOfAdr D ⟹
∃(a, b)∈B. a ∈ subnetsOfAdr D ⟹ False"
apply (auto simp: soadisj)
using soadisj2 by blast
lemma ndFalse2: "(∀a b c d. (a,b)∈A ∧ (c,d)∈B ⟶ netsDistinct b d) ⟹
∃(a, b)∈A. b ∈ subnetsOfAdr D ⟹
∃(a, b)∈B. b ∈ subnetsOfAdr D ⟹ False"
apply (auto simp: soadisj)
using soadisj2 by blast
lemma tndFalse: "(∀a b c d. (a,b)∈A ∧ (c,d)∈B ⟶ twoNetsDistinct a b c d) ⟹
∃(a, b)∈A. a ∈ subnetsOfAdr (D::('a::adr)) ∧ b ∈ subnetsOfAdr (F::'a) ⟹
∃(a, b)∈B. a ∈ subnetsOfAdr D∧ b∈ subnetsOfAdr F
⟹ False"
apply (simp add: twoNetsDistinct_def)
apply (auto simp: ndFalse1 ndFalse2)
apply (metis soadisj)
done
lemma sepnMT[rule_format]: "p ≠ [] ⟶ (separate p) ≠ []"
by (induct p rule: separate.induct) simp_all
lemma sepDA[rule_format]: "DenyAll ∉ set p ⟶ DenyAll ∉ set (separate p)"
by (induct p rule: separate.induct) simp_all
lemma setnMT: "set a = set b ⟹ a ≠ [] ⟹ b ≠ []"
by auto
lemma sortnMT: "p ≠ [] ⟹ sort p l ≠ []"
by (metis set_sort setnMT)
lemma idNMT[rule_format]: "p ≠ [] ⟶ insertDenies p ≠ []"
apply (induct p, simp_all)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma OTNoTN[rule_format]: " OnlyTwoNets p ⟶ x ≠ DenyAll ⟶ x ∈ set p ⟶ onlyTwoNets x"
apply (induct p, simp_all, rename_tac a p)
apply (intro impI conjI, simp)
subgoal for a p
apply(case_tac a, simp_all)
done
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma first_isIn[rule_format]: "¬ member DenyAll x ⟶ (first_srcNet x,first_destNet x) ∈ sdnets x"
by (induct x,case_tac x, simp_all)
lemma sdnets2:
"∃a b. sdnets x = {(a, b), (b, a)} ⟹ ¬ member DenyAll x ⟹
sdnets x = {(first_srcNet x, first_destNet x), (first_destNet x, first_srcNet x)}"
proof -
have * : "∃a b. sdnets x = {(a, b), (b, a)} ⟹ ¬ member DenyAll x
⟹ (first_srcNet x, first_destNet x) ∈ sdnets x"
by (erule first_isIn)
show "∃a b. sdnets x = {(a, b), (b, a)} ⟹ ¬ member DenyAll x ⟹
sdnets x = {(first_srcNet x, first_destNet x), (first_destNet x, first_srcNet x)}"
using * by auto
qed
lemma alternativelistconc1[rule_format]:
"a ∈ set (net_list_aux [x]) ⟶ a ∈ set (net_list_aux [x,y])"
by (induct x,simp_all)
lemma alternativelistconc2[rule_format]:
"a ∈ set (net_list_aux [x]) ⟶ a ∈ set (net_list_aux [y,x])"
by (induct y, simp_all)
lemma noDA[rule_format]:
"noDenyAll xs ⟶ s ∈ set xs ⟶ ¬ member DenyAll s"
by (induct xs, simp_all)
lemma isInAlternativeList:
"(aa ∈ set (net_list_aux [a]) ∨ aa ∈ set (net_list_aux p)) ⟹ aa ∈ set (net_list_aux (a # p))"
by (case_tac a,simp_all)
lemma netlistaux:
"x ∈ set (net_list_aux (a # p))⟹ x ∈ set (net_list_aux ([a])) ∨ x ∈ set (net_list_aux (p))"
apply (case_tac " x ∈ set (net_list_aux [a])", simp_all)
apply (case_tac a, simp_all)
done
lemma firstInNet[rule_format]:
"¬ member DenyAll a ⟶ first_destNet a ∈ set (net_list_aux (a # p))"
apply (rule Combinators.induct, simp_all)
apply (metis netlistaux)
done
lemma firstInNeta[rule_format]:
"¬ member DenyAll a ⟶ first_srcNet a ∈ set (net_list_aux (a # p))"
apply (rule Combinators.induct, simp_all)
apply (metis netlistaux)
done
lemma disjComm: "disjSD_2 a b ⟹ disjSD_2 b a"
apply (simp add: disjSD_2_def)
apply (intro allI impI conjI)
using tNDComm apply blast
by (meson tNDComm twoNetsDistinct_def)
lemma disjSD2aux:
"disjSD_2 a b ⟹ ¬ member DenyAll a ⟹ ¬ member DenyAll b ⟹
disjSD_2 (DenyAllFromTo (first_srcNet a) (first_destNet a) ⊕
DenyAllFromTo (first_destNet a) (first_srcNet a) ⊕ a)
b"
apply (drule disjComm,rule disjComm)
apply (simp add: disjSD_2_def)
using first_isIn by blast
lemma noDA1eq[rule_format]: "noDenyAll p ⟶ noDenyAll1 p"
apply (induct p, simp,rename_tac a p)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma noDA1C[rule_format]: "noDenyAll1 (a#p) ⟶ noDenyAll1 p"
by (case_tac a, simp_all,rule impI, rule noDA1eq, simp)+
lemma disjSD_2IDa:
"disjSD_2 x y ⟹
¬ member DenyAll x ⟹
¬ member DenyAll y ⟹
a = first_srcNet x ⟹
b = first_destNet x ⟹
disjSD_2 (DenyAllFromTo a b ⊕ DenyAllFromTo b a ⊕ x) y"
by(simp add:disjSD2aux)
lemma noDAID[rule_format]: "noDenyAll p ⟶ noDenyAll (insertDenies p)"
apply (induct p, simp_all)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma isInIDo[rule_format]:
"noDenyAll p ⟶ s ∈ set (insertDenies p) ⟶
(∃! a. s = (DenyAllFromTo (first_srcNet a) (first_destNet a)) ⊕
(DenyAllFromTo (first_destNet a) (first_srcNet a)) ⊕ a ∧ a ∈ set p)"
apply (induct p, simp, rename_tac a p)
subgoal for a p
apply (case_tac "a = DenyAll", simp)
apply (case_tac a, auto)
done
done
lemma id_aux1[rule_format]: "DenyAllFromTo (first_srcNet s) (first_destNet s) ⊕
DenyAllFromTo (first_destNet s) (first_srcNet s) ⊕ s∈ set (insertDenies p)
⟶ s ∈ set p"
apply (induct p, simp_all, rename_tac a p)
subgoal for a p
apply(case_tac a, simp_all)
done
done
lemma id_aux2:
"noDenyAll p ⟹
∀s. s ∈ set p ⟶ disjSD_2 a s ⟹
¬ member DenyAll a ⟹
DenyAllFromTo (first_srcNet s) (first_destNet s) ⊕
DenyAllFromTo (first_destNet s) (first_srcNet s) ⊕ s ∈ set (insertDenies p) ⟹
disjSD_2 a (DenyAllFromTo (first_srcNet s) (first_destNet s) ⊕
DenyAllFromTo (first_destNet s) (first_srcNet s) ⊕ s)"
by (metis disjComm disjSD2aux isInIDo noDA)
lemma id_aux4[rule_format]:
"noDenyAll p ⟹ ∀s. s ∈ set p ⟶ disjSD_2 a s ⟹
s ∈ set (insertDenies p) ⟹ ¬ member DenyAll a ⟹
disjSD_2 a s"
apply (subgoal_tac "∃a. s =
DenyAllFromTo (first_srcNet a) (first_destNet a) ⊕
DenyAllFromTo (first_destNet a) (first_srcNet a) ⊕ a ∧
a ∈ set p")
apply (drule_tac Q = "disjSD_2 a s" in exE, simp_all, rule id_aux2, simp_all)
using isInIDo by blast
lemma sepNetsID[rule_format]:
"noDenyAll1 p ⟶ separated p ⟶ separated (insertDenies p)"
apply (induct p, simp)
apply (rename_tac a p, auto)
using noDA1C apply blast
subgoal for a p
apply (case_tac "a = DenyAll", auto)
apply (simp add: disjSD_2_def)
apply (case_tac a,auto)
apply (rule disjSD_2IDa, simp_all, rule id_aux4, simp_all, metis noDA noDAID)+
done
done
lemma aNDDA[rule_format]: "allNetsDistinct p ⟶ allNetsDistinct(DenyAll#p)"
by (case_tac p,auto simp: allNetsDistinct_def)
lemma OTNConc[rule_format]: "OnlyTwoNets (y # z) ⟶ OnlyTwoNets z"
by (case_tac y, simp_all)
lemma first_bothNetsd: "¬ member DenyAll x ⟹ first_bothNet x = {first_srcNet x, first_destNet x}"
by (induct x) simp_all
lemma bNaux:
"¬ member DenyAll x ⟹ ¬ member DenyAll y ⟹
first_bothNet x = first_bothNet y ⟹
{first_srcNet x, first_destNet x} = {first_srcNet y, first_destNet y}"
by (simp add: first_bothNetsd)
lemma setPair: "{a,b} = {a,d} ⟹ b = d"
by (metis setPaireq)
lemma setPair1: "{a,b} = {d,a} ⟹ b = d"
by (metis Un_empty_right Un_insert_right insert_absorb2 setPaireq)
lemma setPair4: "{a,b} = {c,d} ⟹ a ≠ c ⟹ a = d"
by auto
lemma otnaux1: " {x, y, x, y} = {x,y}"
by auto
lemma OTNIDaux4: "{x,y,x} = {y,x}"
by auto
lemma setPair5: "{a,b} = {c,d} ⟹ a ≠ c ⟹ a = d"
by auto
lemma otnaux: "
⟦first_bothNet x = first_bothNet y; ¬ member DenyAll x; ¬ member DenyAll y;
onlyTwoNets y; onlyTwoNets x⟧ ⟹
onlyTwoNets (x ⊕ y)"
apply (simp add: onlyTwoNets_def)
apply (subgoal_tac "{first_srcNet x, first_destNet x} =
{first_srcNet y, first_destNet y}")
apply (case_tac "(∃a b. sdnets y = {(a, b)})")
apply simp_all
apply (case_tac "(∃a b. sdnets x = {(a, b)})")
apply simp_all
apply (subgoal_tac "sdnets x = {(first_srcNet x, first_destNet x)}")
apply (subgoal_tac "sdnets y = {(first_srcNet y, first_destNet y)}")
apply simp
apply (case_tac "first_srcNet x = first_srcNet y")
apply simp_all
apply (rule disjI1)
apply (rule setPair)
apply simp
apply (subgoal_tac "first_srcNet x = first_destNet y")
apply simp
apply (subgoal_tac "first_destNet x = first_srcNet y")
apply simp
apply (rule_tac x ="first_srcNet y" in exI, rule_tac x = "first_destNet y" in exI,simp)
apply (rule setPair1)
apply simp
apply (rule setPair4)
apply simp_all
apply (metis first_isIn singletonE)
apply (metis first_isIn singletonE)
apply (subgoal_tac "sdnets x = {(first_srcNet x, first_destNet x),
(first_destNet x, first_srcNet x)}")
apply (subgoal_tac "sdnets y = {(first_srcNet y, first_destNet y)}")
apply simp
apply (case_tac "first_srcNet x = first_srcNet y")
apply simp_all
apply (subgoal_tac "first_destNet x = first_destNet y")
apply simp
apply (rule setPair)
apply simp
apply (subgoal_tac "first_srcNet x = first_destNet y")
apply simp
apply (subgoal_tac "first_destNet x = first_srcNet y")
apply simp
apply (rule_tac x ="first_srcNet y" in exI, rule_tac x = "first_destNet y" in exI)
apply (metis OTNIDaux4 insert_commute )
apply (rule setPair1)
apply simp
apply (rule setPair5)
apply assumption
apply simp
apply (metis first_isIn singletonE)
apply (rule sdnets2)
apply simp_all
apply (case_tac "(∃a b. sdnets x = {(a, b)})")
apply simp_all
apply (subgoal_tac "sdnets x = {(first_srcNet x, first_destNet x)}")
apply (subgoal_tac "sdnets y = {(first_srcNet y, first_destNet y),
(first_destNet y, first_srcNet y)}")
apply simp
apply (case_tac "first_srcNet x = first_srcNet y")
apply simp_all
apply (subgoal_tac "first_destNet x = first_destNet y")
apply simp
apply (rule_tac x ="first_srcNet y" in exI, rule_tac x = "first_destNet y" in exI)
apply (metis OTNIDaux4 insert_commute )
apply (rule setPair)
apply simp
apply (subgoal_tac "first_srcNet x = first_destNet y")
apply simp
apply (subgoal_tac "first_destNet x = first_srcNet y")
apply simp
apply (rule setPair1)
apply simp
apply (rule setPair4)
apply assumption
apply simp
apply (rule sdnets2)
apply simp
apply simp
apply (metis singletonE first_isIn)
apply (subgoal_tac "sdnets x = {(first_srcNet x, first_destNet x),
(first_destNet x, first_srcNet x)}")
apply (subgoal_tac "sdnets y = {(first_srcNet y, first_destNet y),
(first_destNet y, first_srcNet y)}")
apply simp
apply (case_tac "first_srcNet x = first_srcNet y")
apply simp_all
apply (subgoal_tac "first_destNet x = first_destNet y")
apply simp
apply (rule_tac x ="first_srcNet y" in exI, rule_tac x = "first_destNet y" in exI)
apply (rule otnaux1)
apply (rule setPair)
apply simp
apply (subgoal_tac "first_srcNet x = first_destNet y")
apply simp
apply (subgoal_tac "first_destNet x = first_srcNet y")
apply simp
apply (rule_tac x ="first_srcNet y" in exI, rule_tac x = "first_destNet y" in exI)
apply (metis OTNIDaux4 insert_commute)
apply (rule setPair1)
apply simp
apply (rule setPair4)
apply assumption
apply simp
apply (rule sdnets2,simp_all)+
apply (rule bNaux, simp_all)
done
lemma OTNSepaux:
"onlyTwoNets (a ⊕ y) ∧ OnlyTwoNets z ⟶ OnlyTwoNets (separate (a ⊕ y # z)) ⟹
¬ member DenyAll a ⟹ ¬ member DenyAll y ⟹
noDenyAll z ⟹ onlyTwoNets a ⟹ OnlyTwoNets (y # z) ⟹ first_bothNet a = first_bothNet y ⟹
OnlyTwoNets (separate (a ⊕ y # z))"
apply (drule mp)
apply simp_all
apply (rule conjI)
apply (rule otnaux)
apply simp_all
apply (rule_tac p = "(y # z)" in OTNoTN)
apply simp_all
apply (metis member.simps(2))
apply (simp add: onlyTwoNets_def)
apply (rule_tac y = y in OTNConc,simp)
done
lemma OTNSEp[rule_format]:
"noDenyAll1 p ⟶ OnlyTwoNets p ⟶ OnlyTwoNets (separate p)"
apply (induct p rule: separate.induct)
by (simp_all add: OTNSepaux noDA1eq)
lemma nda[rule_format]:
"singleCombinators (a#p) ⟶ noDenyAll p ⟶ noDenyAll1 (a # p)"
apply (induct p,simp_all)
apply (case_tac a, simp_all)+
done
lemma nDAcharn[rule_format]: "noDenyAll p = (∀ r ∈ set p. ¬ member DenyAll r)"
by (induct p, simp_all)
lemma nDAeqSet: "set p = set s ⟹ noDenyAll p = noDenyAll s"
by (simp add: nDAcharn)
lemma nDASCaux[rule_format]:
"DenyAll ∉ set p ⟶ singleCombinators p ⟶ r ∈ set p ⟶ ¬ member DenyAll r"
apply (case_tac r, simp_all)
using SCnotConc by blast
lemma nDASC[rule_format]:
"wellformed_policy1 p ⟶ singleCombinators p ⟶ noDenyAll1 p"
apply (induct p, simp_all)
using nDASCaux nDAcharn nda singleCombinatorsConc by blast
lemma noDAAll[rule_format]: "noDenyAll p = (¬ memberP DenyAll p)"
by (induct p) simp_all
lemma memberPsep[symmetric]: "memberP x p = memberP x (separate p)"
by (induct p rule: separate.induct) simp_all
lemma noDAsep[rule_format]: "noDenyAll p ⟹ noDenyAll (separate p)"
by (simp add:noDAAll,subst memberPsep, simp)
lemma noDA1sep[rule_format]: "noDenyAll1 p ⟶ noDenyAll1 (separate p)"
by (induct p rule:separate.induct, simp_all add: noDAsep)
lemma isInAlternativeLista:
"(aa ∈ set (net_list_aux [a]))⟹ aa ∈ set (net_list_aux (a # p))"
by (case_tac a,auto)
lemma isInAlternativeListb:
"(aa ∈ set (net_list_aux p))⟹ aa ∈ set (net_list_aux (a # p))"
by (case_tac a,simp_all)
lemma ANDSepaux: "allNetsDistinct (x # y # z) ⟹ allNetsDistinct (x ⊕ y # z)"
apply (simp add: allNetsDistinct_def)
apply (intro allI impI, rename_tac a b)
subgoal for a b
apply (drule_tac x = a in spec, drule_tac x = b in spec)
by (meson isInAlternativeList)
done
lemma netlistalternativeSeparateaux:
"net_list_aux [y] @ net_list_aux z = net_list_aux (y # z)"
by (case_tac y, simp_all)
lemma netlistalternativeSeparate: "net_list_aux p = net_list_aux (separate p)"
by (induct p rule:separate.induct, simp_all) (simp_all add: netlistalternativeSeparateaux)
lemma ANDSepaux2:
"allNetsDistinct(x#y#z) ⟹ allNetsDistinct(separate(y#z)) ⟹ allNetsDistinct(x#separate(y#z))"
apply (simp add: allNetsDistinct_def)
by (metis isInAlternativeList netlistalternativeSeparate netlistaux)
lemma ANDSep[rule_format]: "allNetsDistinct p ⟶ allNetsDistinct(separate p)"
apply (induct p rule: separate.induct, simp_all)
apply (metis ANDConc aNDDA)
apply (metis ANDConc ANDSepaux ANDSepaux2)
apply (metis ANDConc ANDSepaux ANDSepaux2)
apply (metis ANDConc ANDSepaux ANDSepaux2)
done
lemma wp1_alternativesep[rule_format]:
"wellformed_policy1_strong p ⟶ wellformed_policy1_strong (separate p)"
by (metis sepDA separate.simps(1) wellformed_policy1_strong.simps(2) wp1n_tl)
lemma noDAsort[rule_format]: "noDenyAll1 p ⟶ noDenyAll1 (sort p l)"
apply (case_tac "p",simp_all)
subgoal for a as
apply (case_tac "a = DenyAll", auto)
using NormalisationGenericProofs.set_sort nDAeqSet apply blast
proof -
fix a::"('a,'b)Combinators" fix list
have * : "a ≠ DenyAll ⟹ noDenyAll1 (a # list) ⟹ noDenyAll (a#list)" by (case_tac a, simp_all)
show "a ≠ DenyAll ⟹ noDenyAll1 (a # list) ⟹ noDenyAll1 (insort a (sort list l) l)"
apply(cases "insort a (sort list l) l", simp_all)
by (metis "*" NormalisationGenericProofs.set_insort NormalisationGenericProofs.set_sort
list.simps(15) nDAeqSet noDA1eq)
qed
done
lemma OTNSC[rule_format]: "singleCombinators p ⟶ OnlyTwoNets p"
apply (induct p,simp_all)
apply (rename_tac a p)
apply (rule impI,drule mp)
apply (erule singleCombinatorsConc)
subgoal for a b
apply (case_tac a, simp_all)
apply (simp add: onlyTwoNets_def)+
done
done
lemma fMTaux: "¬ member DenyAll x ⟹ first_bothNet x ≠ {}"
by (metis first_bothNetsd insert_commute insert_not_empty)
lemma fl2[rule_format]: "firstList (separate p) = firstList p"
by (rule separate.induct) simp_all
lemma fl3[rule_format]: "NetsCollected p ⟶ (first_bothNet x ≠ firstList p ⟶
(∀a∈set p. first_bothNet x ≠ first_bothNet a))⟶ NetsCollected (x#p)"
by (induct p) simp_all
lemma sortedConc[rule_format]: " sorted (a # p) l ⟶ sorted p l"
by (induct p) simp_all
lemma smalleraux2:
"{a,b} ∈ set l ⟹ {c,d} ∈ set l ⟹ {a,b} ≠ {c,d} ⟹
smaller (DenyAllFromTo a b) (DenyAllFromTo c d) l ⟹
¬ smaller (DenyAllFromTo c d) (DenyAllFromTo a b) l"
by (metis bothNet.simps(2) pos_noteq smaller.simps(5))
lemma smalleraux2a:
"{a,b} ∈ set l ⟹ {c,d} ∈ set l ⟹ {a,b} ≠ {c,d} ⟹
smaller (DenyAllFromTo a b) (AllowPortFromTo c d p) l ⟹
¬ smaller (AllowPortFromTo c d p) (DenyAllFromTo a b) l"
by (simp) (metis eq_imp_le pos_noteq)
lemma smalleraux2b:
"{a,b} ∈ set l ⟹ {c,d} ∈ set l ⟹ {a,b} ≠ {c,d} ⟹ y = DenyAllFromTo a b ⟹
smaller (AllowPortFromTo c d p) y l ⟹
¬ smaller y (AllowPortFromTo c d p) l"
by (simp) (metis eq_imp_le pos_noteq)
lemma smalleraux2c:
"{a,b} ∈ set l⟹{c,d}∈set l⟹{a,b} ≠ {c,d} ⟹ y = AllowPortFromTo a b q ⟹
smaller (AllowPortFromTo c d p) y l ⟹ ¬ smaller y (AllowPortFromTo c d p) l"
by (simp) (metis pos_noteq)
lemma smalleraux3:
assumes "x ∈ set l" and " y ∈ set l" and "x ≠ y" and "x = bothNet a" and "y = bothNet b"
and "smaller a b l" and "singleCombinators [a]" and "singleCombinators [b]"
shows "¬ smaller b a l"
proof (cases a)
case DenyAll thus ?thesis using assms by (case_tac b,simp_all)
next
case (DenyAllFromTo c d) thus ?thesis
proof (cases b)
case DenyAll thus ?thesis using assms DenyAll DenyAllFromTo by simp
next
case (DenyAllFromTo e f) thus ?thesis using assms DenyAllFromTo
by (metis DenyAllFromTo ‹a = DenyAllFromTo c d› bothNet.simps(2) smalleraux2)
next
case (AllowPortFromTo e f g) thus ?thesis
using assms DenyAllFromTo AllowPortFromTo by simp (metis eq_imp_le pos_noteq)
next
case (Conc e f) thus ?thesis using assms by simp
qed
next
case (AllowPortFromTo c d p) thus ?thesis
proof (cases b)
case DenyAll thus ?thesis using assms AllowPortFromTo DenyAll by simp
next
case (DenyAllFromTo e f) thus ?thesis
using assms by simp (metis AllowPortFromTo DenyAllFromTo bothNet.simps(3) smalleraux2a)
next
case (AllowPortFromTo e f g) thus ?thesis
using assms by(simp)(metis AllowPortFromTo ‹a = AllowPortFromTo c d p›
bothNet.simps(3) smalleraux2c)
next
case (Conc e f) thus ?thesis using assms by simp
qed
next
case (Conc c d) thus ?thesis using assms by simp
qed
lemma smalleraux3a:
"a ≠ DenyAll ⟹ b ≠ DenyAll ⟹ in_list b l ⟹ in_list a l ⟹
bothNet a ≠ bothNet b ⟹ smaller a b l ⟹ singleCombinators [a] ⟹
singleCombinators [b] ⟹ ¬ smaller b a l"
apply (rule smalleraux3,simp_all)
apply (case_tac a, simp_all)
apply (case_tac b, simp_all)
done
lemma posaux[rule_format]: "position a l < position b l ⟶ a ≠ b"
by (induct l, simp_all)
lemma posaux6[rule_format]:
"a ∈ set l ⟶ b ∈ set l ⟶ a ≠ b ⟶ position a l ≠ position b l"
by (induct l) (simp_all add: position_positive)
lemma notSmallerTransaux[rule_format]:
"x ≠ DenyAll ⟹ r ≠ DenyAll ⟹
singleCombinators [x] ⟹ singleCombinators [y] ⟹ singleCombinators [r] ⟹
¬ smaller y x l ⟹ smaller x y l ⟹ smaller x r l ⟹ smaller y r l ⟹
in_list x l ⟹ in_list y l ⟹ in_list r l ⟹ ¬ smaller r x l"
by (metis order_trans)
lemma notSmallerTrans[rule_format]:
"x ≠ DenyAll ⟶ r ≠ DenyAll ⟶ singleCombinators (x#y#z) ⟶
¬ smaller y x l ⟶ sorted (x#y#z) l ⟶ r ∈ set z ⟶
all_in_list (x#y#z) l ⟶ ¬ smaller r x l"
apply (rule impI)+
apply (rule notSmallerTransaux, simp_all)
apply (metis singleCombinatorsConc singleCombinatorsStart)
apply (metis SCSubset equalityE remdups.simps(2) set_remdups
singleCombinatorsConc singleCombinatorsStart)
apply metis
apply (metis sorted.simps(3) in_set_in_list singleCombinatorsConc
singleCombinatorsStart sortedConcStart sorted_is_smaller)
apply (metis sorted_Cons all_in_list.simps(2)
singleCombinatorsConc)
apply (metis,metis in_set_in_list)
done
lemma NCSaux1[rule_format]:
"noDenyAll p ⟶ {x, y} ∈ set l ⟶ all_in_list p l⟶ singleCombinators p ⟶
sorted (DenyAllFromTo x y # p) l ⟶ {x, y} ≠ firstList p ⟶
DenyAllFromTo u v ∈ set p ⟶ {x, y} ≠ {u, v}"
proof (cases p)
case Nil thus ?thesis by simp
next
case (Cons a list)
then show ?thesis apply simp
apply (intro impI conjI)
apply (metis bothNet.simps(2) first_bothNet.simps(3))
proof -
assume 1: "{x, y} ∈ set l" and 2: "in_list a l ∧ all_in_list list l"
and 3 : "singleCombinators (a # list)"
and 4 : "smaller (DenyAllFromTo x y) a l ∧ sorted (a # list) l"
and 5 : "DenyAllFromTo u v ∈ set list"
and 6 : "¬ member DenyAll a ∧ noDenyAll list"
have * : "smaller ((DenyAllFromTo x y)::(('a,'b)Combinators)) (DenyAllFromTo u v) l"
apply (insert 1 2 3 4 5, rule_tac y = a in order_trans, simp_all)
using in_set_in_list apply fastforce
by (simp add: sorted_ConsA)
have ** :"{x, y} ≠ first_bothNet a ⟹
¬ smaller ((DenyAllFromTo u v)::('a, 'b) Combinators) (DenyAllFromTo x y) l"
apply (insert 1 2 3 4 5 6,
rule_tac y = "a" and z = "list" in notSmallerTrans,
simp_all del: smaller.simps)
apply (rule smalleraux3a,simp_all del: smaller.simps)
apply (case_tac a, simp_all del: smaller.simps)
by (metis aux0_0 first_bothNet.elims list.set_intros(1))
show " {x, y} ≠ first_bothNet a ⟹ {x, y} ≠ {u, v}"
using 3 "*" "**" by force
qed
qed
lemma posaux3[rule_format]:"a ∈ set l ⟶ b ∈ set l ⟶ a ≠ b ⟶ position a l ≠ position b l"
apply (induct l, auto)
by(metis position_positive)+
lemma posaux4[rule_format]:
"singleCombinators [a] ⟶ a≠ DenyAll ⟶ b ≠ DenyAll ⟶ in_list a l ⟶in_list b l ⟶
smaller a b l⟶ x = (bothNet a) ⟶ y = (bothNet b) ⟶
position x l <= position y l"
proof (cases a)
case DenyAll then show ?thesis by simp
next
case (DenyAllFromTo c d) thus ?thesis
proof (cases b)
case DenyAll thus ?thesis by simp
next
case (DenyAllFromTo e f) thus ?thesis using DenyAllFromTo
by (auto simp: eq_imp_le ‹a = DenyAllFromTo c d›)
next
case (AllowPortFromTo e f p) thus ?thesis using ‹a = DenyAllFromTo c d› by simp
next
case (Conc e f) thus ?thesis using Conc ‹a = DenyAllFromTo c d› by simp
qed
next
case (AllowPortFromTo c d p) thus ?thesis
proof (cases b)
case DenyAll thus ?thesis by simp
next
case (DenyAllFromTo e f) thus ?thesis using AllowPortFromTo by simp
next
case (AllowPortFromTo e f p2) thus ?thesis using ‹a = AllowPortFromTo c d p› by simp
next
case (Conc e f) thus ?thesis using AllowPortFromTo by simp
qed
next
case (Conc c d) thus ?thesis by simp
qed
lemma NCSaux2[rule_format]:
"noDenyAll p ⟶ {a, b} ∈ set l ⟶ all_in_list p l ⟶singleCombinators p ⟶
sorted (DenyAllFromTo a b # p) l ⟶ {a, b} ≠ firstList p ⟶
AllowPortFromTo u v w ∈ set p ⟶ {a, b} ≠ {u, v}"
proof (cases p)
case Nil then show ?thesis by simp
next
case (Cons aa list)
have * : "{a, b} ∈ set l ⟹ in_list aa l ∧ all_in_list list l ⟹
singleCombinators (aa # list) ⟹ AllowPortFromTo u v w ∈ set list ⟹
smaller (DenyAllFromTo a b) aa l ∧ sorted (aa # list) l ⟹
smaller (DenyAllFromTo a b) (AllowPortFromTo u v w) l"
apply (rule_tac y = aa in order_trans,simp_all del: smaller.simps)
using in_set_in_list apply fastforce
using NormalisationGenericProofs.sorted_Cons all_in_list.simps(2) by blast
have **: "AllowPortFromTo u v w ∈ set list ⟹
in_list aa l ⟹ all_in_list list l ⟹
in_list (AllowPortFromTo u v w) l"
apply (rule_tac p = list in in_set_in_list)
apply simp_all
done
assume "p = aa # list"
then show ?thesis
apply simp
apply (intro impI conjI,hypsubst, simp)
apply (subgoal_tac "smaller (DenyAllFromTo a b) (AllowPortFromTo u v w) l")
apply (subgoal_tac "¬ smaller (AllowPortFromTo u v w) (DenyAllFromTo a b) l")
apply (rule_tac l = l in posaux)
apply (rule_tac y = "position (first_bothNet aa) l" in basic_trans_rules(22))
apply (simp_all split: if_splits)
apply (case_tac aa, simp_all)
subgoal for x x'
apply (case_tac "a = x ∧ b = x'", simp_all)
apply (case_tac "a = x", simp_all)
apply (simp add: order.not_eq_order_implies_strict posaux6)
apply (simp add: order.not_eq_order_implies_strict posaux6)
done
apply (simp add: order.not_eq_order_implies_strict posaux6)
apply (rule basic_trans_rules(18))
apply (rule_tac a = "DenyAllFromTo a b" and b = aa in posaux4, simp_all)
apply (case_tac aa,simp_all)
apply (case_tac aa, simp_all)
apply (rule posaux3, simp_all)
apply (case_tac aa, simp_all)
apply (rule_tac a = aa and b = "AllowPortFromTo u v w" in posaux4, simp_all)
apply (case_tac aa,simp_all)
apply (rule_tac p = list in sorted_is_smaller, simp_all)
apply (case_tac aa, simp_all)
apply (case_tac aa, simp_all)
apply (rule_tac a = aa and b = "AllowPortFromTo u v w" in posaux4, simp_all)
apply (case_tac aa,simp_all)
using ** apply auto[1]
apply (metis all_in_list.simps(2) sorted_Cons)
apply (case_tac aa, simp_all)
apply (metis ** bothNet.simps(3) in_list.simps(3) posaux6)
using * by force
qed
lemma NCSaux3[rule_format]:
"noDenyAll p ⟶ {a, b} ∈ set l ⟶ all_in_list p l ⟶singleCombinators p ⟶
sorted (AllowPortFromTo a b w # p) l ⟶ {a, b} ≠ firstList p ⟶
DenyAllFromTo u v ∈ set p ⟶ {a, b} ≠ {u, v}"
apply (case_tac p, simp_all,intro impI conjI,hypsubst,simp)
proof -
fix aa::"('a, 'b) Combinators" fix list::"('a, 'b) Combinators list"
assume 1 : "¬ member DenyAll aa ∧ noDenyAll list" and 2: "{a, b} ∈ set l "
and 3 : "in_list aa l ∧ all_in_list list l" and 4: "singleCombinators (aa # list)"
and 5 : "smaller (AllowPortFromTo a b w) aa l ∧ sorted (aa # list) l"
and 6 : "{a, b} ≠ first_bothNet aa" and 7: "DenyAllFromTo u v ∈ set list"
have *: "¬ smaller (DenyAllFromTo u v) (AllowPortFromTo a b w) l"
apply (insert 1 2 3 4 5 6 7, rule_tac y = aa and z = list in notSmallerTrans)
apply (simp_all del: smaller.simps)
apply (rule smalleraux3a,simp_all del: smaller.simps)
apply (case_tac aa, simp_all del: smaller.simps)
apply (case_tac aa, simp_all del: smaller.simps)
done
have **: "smaller (AllowPortFromTo a b w) (DenyAllFromTo u v) l"
apply (insert 1 2 3 4 5 6 7,rule_tac y = aa in order_trans,simp_all del: smaller.simps)
apply (subgoal_tac "in_list (DenyAllFromTo u v) l", simp)
apply (rule_tac p = list in in_set_in_list, simp_all)
apply (rule_tac p = list in sorted_is_smaller,simp_all del: smaller.simps)
apply (subgoal_tac "in_list (DenyAllFromTo u v) l", simp)
apply (rule_tac p = list in in_set_in_list, simp_all)
apply (erule singleCombinatorsConc)
done
show "{a, b} ≠ {u, v}" by (insert * **, simp split: if_splits)
qed
lemma NCSaux4[rule_format]:
"noDenyAll p ⟶ {a, b} ∈ set l ⟶ all_in_list p l ⟶ singleCombinators p ⟶
sorted (AllowPortFromTo a b c # p) l ⟶ {a, b} ≠ firstList p ⟶
AllowPortFromTo u v w ∈ set p ⟶ {a, b} ≠ {u, v}"
apply (cases p, simp_all)
apply (intro impI conjI)
apply (hypsubst,simp_all)
proof -
fix aa::"('a, 'b) Combinators" fix list::"('a, 'b) Combinators list"
assume 1 : "¬ member DenyAll aa ∧ noDenyAll list" and 2: "{a, b} ∈ set l "
and 3 : "in_list aa l ∧ all_in_list list l" and 4: "singleCombinators (aa # list)"
and 5 : "smaller (AllowPortFromTo a b c) aa l ∧ sorted (aa # list) l"
and 6 : "{a, b} ≠ first_bothNet aa" and 7: "AllowPortFromTo u v w ∈ set list"
have *: "¬ smaller (AllowPortFromTo u v w) (AllowPortFromTo a b c) l"
apply (insert 1 2 3 4 5 6 7, rule_tac y = aa and z = list in notSmallerTrans)
apply (simp_all del: smaller.simps)
apply (rule smalleraux3a,simp_all del: smaller.simps)
apply (case_tac aa, simp_all del: smaller.simps)
apply (case_tac aa, simp_all del: smaller.simps)
done
have **: "smaller (AllowPortFromTo a b c) (AllowPortFromTo u v w) l"
apply(insert 1 2 3 4 5 6 7)
apply (case_tac aa, simp_all del: smaller.simps)
apply (rule_tac y = aa in order_trans,simp_all del: smaller.simps)
apply (subgoal_tac "in_list (AllowPortFromTo u v w) l", simp)
apply (rule_tac p = list in in_set_in_list, simp)
apply (case_tac aa, simp_all del: smaller.simps)
apply (rule_tac p = list in sorted_is_smaller,simp_all del: smaller.simps)
apply (subgoal_tac "in_list (AllowPortFromTo u v w) l", simp)
apply (rule_tac p = list in in_set_in_list, simp, simp)
apply (rule_tac y = aa in order_trans,simp_all del: smaller.simps)
apply (subgoal_tac "in_list (AllowPortFromTo u v w) l", simp)
using in_set_in_list apply blast
by (metis all_in_list.simps(2) bothNet.simps(3) in_list.simps(3)
singleCombinators.simps(5) sorted_ConsA)
show "{a, b} ≠ {u, v}" by (insert * **, simp_all split: if_splits)
qed
lemma NetsCollectedSorted[rule_format]:
"noDenyAll1 p ⟶ all_in_list p l ⟶ singleCombinators p ⟶ sorted p l ⟶ NetsCollected p"
apply (induct p)
apply simp
apply (intro impI,drule mp,erule noDA1C,drule mp,simp)
apply (drule mp,erule singleCombinatorsConc)
apply (drule mp,erule sortedConc)
proof -
fix a::" ('a, 'b) Combinators" fix p:: " ('a, 'b) Combinators list"
assume 1: "noDenyAll1 (a # p)" and 2:"all_in_list (a # p) l"
and 3: "singleCombinators (a # p)" and 4: "sorted (a # p) l" and 5: "NetsCollected p"
show "NetsCollected (a # p)"
apply(insert 1 2 3 4 5, rule fl3)
apply(simp, rename_tac "aa")
proof (cases a)
case DenyAll
fix aa::"('a, 'b) Combinators"
assume 6: "aa ∈ set p"
show "first_bothNet a ≠ first_bothNet aa"
apply(insert 1 2 3 4 5 6 ‹a = DenyAll›, simp_all)
using fMTaux noDA by blast
next
case (DenyAllFromTo x21 x22)
fix aa::"('a, 'b) Combinators"
assume 6: "first_bothNet a ≠ firstList p" and 7 :"aa ∈ set p"
show "first_bothNet a ≠ first_bothNet aa"
apply(insert 1 2 3 4 5 6 7 ‹a = DenyAllFromTo x21 x22›)
apply(case_tac aa, simp_all)
apply (meson NCSaux1)
apply (meson NCSaux2)
using SCnotConc by auto[1]
next
case (AllowPortFromTo x31 x32 x33)
fix aa::"('a, 'b) Combinators"
assume 6: "first_bothNet a ≠ firstList p" and 7 :"aa ∈ set p"
show "first_bothNet a ≠ first_bothNet aa"
apply(insert 1 2 3 4 6 7 ‹a = AllowPortFromTo x31 x32 x33›)
apply(case_tac aa, simp_all)
apply (meson NCSaux3)
apply (meson NCSaux4)
using SCnotConc by auto
next
case (Conc x41 x42)
fix aa::"('a, 'b) Combinators"
show "first_bothNet a ≠ first_bothNet aa"
by(insert 3 4 ‹a = x41 ⊕ x42›,simp)
qed
qed
lemma NetsCollectedSort: "distinct p ⟹noDenyAll1 p ⟹ all_in_list p l ⟹
singleCombinators p ⟹ NetsCollected (sort p l)"
apply (rule_tac l = l in NetsCollectedSorted,rule noDAsort, simp_all)
apply (rule_tac b=p in all_in_listSubset)
by (auto intro: sort_is_sorted)
lemma fBNsep[rule_format]: "(∀a∈set z. {b,c} ≠ first_bothNet a) ⟶
(∀a∈set (separate z). {b,c} ≠ first_bothNet a)"
apply (induct z rule: separate.induct, simp)
by (rule impI, simp)+
lemma fBNsep1[rule_format]: " (∀a∈set z. first_bothNet x ≠ first_bothNet a) ⟶
(∀a∈set (separate z). first_bothNet x ≠ first_bothNet a)"
apply (induct z rule: separate.induct, simp)
by (rule impI, simp)+
lemma NetsCollectedSepauxa:
"{b,c}≠firstList z ⟹ noDenyAll1 z ⟹ ∀a∈set z. {b,c}≠first_bothNet a ⟹ NetsCollected z ⟹
NetsCollected (separate z) ⟹ {b, c} ≠ firstList (separate z) ⟹ a ∈ set (separate z) ⟹
{b, c} ≠ first_bothNet a"
by (rule fBNsep) simp_all
lemma NetsCollectedSepaux:
"first_bothNet (x::('a,'b)Combinators) ≠ first_bothNet y ⟹ ¬ member DenyAll y ∧ noDenyAll z ⟹
(∀a∈set z. first_bothNet x ≠ first_bothNet a) ∧ NetsCollected (y # z) ⟹
NetsCollected (separate (y # z)) ⟹ first_bothNet x ≠ firstList (separate (y # z)) ⟹
a ∈ set (separate (y # z)) ⟹
first_bothNet (x::('a,'b)Combinators) ≠ first_bothNet (a::('a,'b)Combinators)"
by (rule fBNsep1) auto
lemma NetsCollectedSep[rule_format]:
"noDenyAll1 p ⟶ NetsCollected p ⟶ NetsCollected (separate p)"
proof (induct p rule: separate.induct, simp_all, goal_cases)
fix x::"('a, 'b) Combinators list"
case 1 then show ?case
by (metis fMTaux noDA noDA1eq noDAsep)
next
fix v va y fix z::"('a, 'b) Combinators list"
case 2 then show ?case
apply (intro conjI impI, simp)
apply (metis NetsCollectedSepaux fl3 noDA1eq noDenyAll.simps(1))
by (metis noDA1eq noDenyAll.simps(1))
next
fix v va vb y fix z::"('a, 'b) Combinators list"
case 3 then show ?case
apply (intro conjI impI)
apply (metis NetsCollectedSepaux fl3 noDA1eq noDenyAll.simps(1))
by (metis noDA1eq noDenyAll.simps(1))
next
fix v va y fix z::"('a, 'b) Combinators list"
case 4 then show ?case
by (metis NetsCollectedSepaux fl3 noDA1eq noDenyAll.simps(1))
qed
lemma OTNaux:
"onlyTwoNets a ⟹ ¬ member DenyAll a ⟹ (x,y) ∈ sdnets a ⟹
(x = first_srcNet a ∧ y = first_destNet a) ∨ (x = first_destNet a ∧ y = first_srcNet a)"
apply (case_tac "(x = first_srcNet a ∧ y = first_destNet a)",simp_all add: onlyTwoNets_def)
apply (case_tac "(∃aa b. sdnets a = {(aa, b)})", simp_all)
apply (subgoal_tac "sdnets a = {(first_srcNet a,first_destNet a)}", simp_all)
apply (metis singletonE first_isIn)
apply (subgoal_tac"sdnets a = {(first_srcNet a,first_destNet a),(first_destNet a, first_srcNet a)}")
by(auto intro!: sdnets2)
lemma sdnets_charn: "onlyTwoNets a ⟹ ¬ member DenyAll a ⟹
sdnets a = {(first_srcNet a,first_destNet a)} ∨
sdnets a = {(first_srcNet a, first_destNet a),(first_destNet a, first_srcNet a)}"
apply (case_tac "sdnets a = {(first_srcNet a, first_destNet a)}", simp_all add: onlyTwoNets_def)
apply (case_tac "(∃aa b. sdnets a = {(aa, b)})", simp_all)
apply (metis singletonE first_isIn)
apply (subgoal_tac "sdnets a = {(first_srcNet a,first_destNet a),(first_destNet a,first_srcNet a)}")
by( auto intro!: sdnets2)
lemma first_bothNet_charn[rule_format]:
"¬ member DenyAll a ⟶ first_bothNet a = {first_srcNet a, first_destNet a}"
by (induct a) simp_all
lemma sdnets_noteq:
"onlyTwoNets a ⟹ onlyTwoNets aa ⟹ first_bothNet a ≠ first_bothNet aa ⟹
¬ member DenyAll a ⟹ ¬ member DenyAll aa ⟹ sdnets a ≠ sdnets aa"
apply (insert sdnets_charn [of a])
apply (insert sdnets_charn [of aa])
apply (insert first_bothNet_charn [of a])
apply (insert first_bothNet_charn [of aa])
by(metis OTNaux first_isIn insert_absorb2 insert_commute)
lemma fbn_noteq:
"onlyTwoNets a ⟹ onlyTwoNets aa ⟹ first_bothNet a ≠ first_bothNet aa ⟹
¬ member DenyAll a ⟹ ¬ member DenyAll aa ⟹ allNetsDistinct [a, aa] ⟹
first_srcNet a ≠ first_srcNet aa ∨ first_srcNet a ≠ first_destNet aa ∨
first_destNet a ≠ first_srcNet aa ∨ first_destNet a ≠ first_destNet aa"
apply (insert sdnets_charn [of a])
apply (insert sdnets_charn [of aa])
by (metis first_bothNet_charn)
lemma NCisSD2aux:
assumes 1: "onlyTwoNets a" and 2 : "onlyTwoNets aa" and 3 : "first_bothNet a ≠ first_bothNet aa"
and 4: "¬ member DenyAll a" and 5: "¬ member DenyAll aa" and 6:" allNetsDistinct [a, aa]"
shows "disjSD_2 a aa"
apply (insert 1 2 3 4 5 6)
apply (simp add: disjSD_2_def)
apply (intro allI impI)
apply (insert sdnets_charn [of a] sdnets_charn [of aa], simp)
apply (insert sdnets_noteq [of a aa] fbn_noteq [of a aa], simp)
apply (simp add: allNetsDistinct_def twoNetsDistinct_def)
proof -
fix ab b c d
assume 7: "∀ab b. ab≠b ∧ ab∈set(net_list_aux[a,aa]) ∧ b∈set(net_list_aux [a,aa]) ⟶ netsDistinct ab b"
and 8: "(ab, b) ∈ sdnets a ∧ (c, d) ∈ sdnets aa "
and 9: "sdnets a = {(first_srcNet a, first_destNet a)} ∨
sdnets a = {(first_srcNet a, first_destNet a), (first_destNet a, first_srcNet a)} "
and 10: "sdnets aa = {(first_srcNet aa, first_destNet aa)} ∨
sdnets aa = {(first_srcNet aa, first_destNet aa), (first_destNet aa, first_srcNet aa)}"
and 11: "sdnets a ≠ sdnets aa "
and 12: "first_destNet a = first_srcNet aa ⟶ first_srcNet a = first_destNet aa ⟶
first_destNet aa ≠ first_srcNet aa"
show "(netsDistinct ab c ∨ netsDistinct b d) ∧ (netsDistinct ab d ∨ netsDistinct b c)"
proof (rule conjI)
show "netsDistinct ab c ∨ netsDistinct b d"
apply(insert 7 8 9 10 11 12)
apply (cases "sdnets a = {(first_srcNet a, first_destNet a)}")
apply (cases "sdnets aa = {(first_srcNet aa, first_destNet aa)}", simp_all)
apply (metis 4 5 firstInNeta firstInNet alternativelistconc2)
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(first_srcNet a) ≠ (first_srcNet aa)",simp_all)
apply (metis 4 5 firstInNeta alternativelistconc2)
apply (subgoal_tac "first_destNet a ≠ first_destNet aa")
apply (metis 4 5 firstInNet alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd)
apply (case_tac "(first_destNet aa) ≠ (first_srcNet a)",simp_all)
apply (metis 4 5 firstInNeta firstInNet alternativelistconc2)
apply (case_tac "first_destNet aa ≠ first_destNet a",simp_all)
apply (subgoal_tac "first_srcNet aa ≠ first_destNet a")
apply (metis 4 5 firstInNeta firstInNet alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd insert_commute)
apply (metis 5 firstInNeta firstInNet alternativelistconc2)
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)", simp_all)
apply (case_tac "(first_srcNet a) ≠ (first_srcNet aa)",simp_all)
apply (metis 4 5 firstInNeta alternativelistconc2)
apply (subgoal_tac "first_destNet a ≠ first_destNet aa")
apply (metis 4 5 firstInNet alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd )
apply (case_tac "(first_destNet aa) ≠ (first_srcNet a)",simp_all)
apply (metis 4 5 firstInNeta firstInNet alternativelistconc2)
apply (case_tac "first_destNet aa ≠ first_destNet a", simp)
apply (subgoal_tac "first_srcNet aa ≠ first_destNet a")
apply (metis 4 5 firstInNeta firstInNet alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd insert_commute)
apply (metis)
proof -
assume 14 : "(ab = first_srcNet a ∧ b = first_destNet a ∨ ab = first_destNet a ∧ b = first_srcNet a) ∧ (c, d) ∈ sdnets aa "
and 15 : "sdnets a = {(first_srcNet a, first_destNet a), (first_destNet a, first_srcNet a)} "
and 16 : "sdnets aa = {(first_srcNet aa, first_destNet aa)} ∨ sdnets aa = {(first_srcNet aa, first_destNet aa), (first_destNet aa, first_srcNet aa)} "
and 17 : "{(first_srcNet a, first_destNet a), (first_destNet a, first_srcNet a)} ≠ sdnets aa "
and 18 : "first_destNet a = first_srcNet aa ⟶ first_srcNet a = first_destNet aa ⟶ first_destNet aa ≠ first_srcNet aa "
and 19 : "first_destNet a ≠ first_srcNet a"
and 20 : "c = first_srcNet aa ⟶ d ≠ first_destNet aa"
show " netsDistinct ab c ∨ netsDistinct b d"
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)",simp_all)
apply (case_tac "c = first_srcNet aa", simp_all)
apply (metis 2 5 14 20 OTNaux)
apply (subgoal_tac "c = first_destNet aa", simp)
apply (subgoal_tac "d = first_srcNet aa", simp)
apply (case_tac "(first_srcNet a) ≠ (first_destNet aa)",simp_all)
apply (metis 4 5 7 firstInNeta firstInNet alternativelistconc2)
apply (subgoal_tac "first_destNet a ≠ first_srcNet aa")
apply (metis 4 5 7 firstInNeta firstInNet alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd insert_commute)
apply (metis 2 5 14 OTNaux)
apply (metis 2 5 14 OTNaux)
apply (case_tac "c = first_srcNet aa", simp_all)
apply (metis 2 5 14 20 OTNaux)
apply (subgoal_tac "c = first_destNet aa", simp)
apply (subgoal_tac "d = first_srcNet aa", simp)
apply (case_tac "(first_destNet a) ≠ (first_destNet aa)",simp_all)
apply (metis 4 5 7 14 firstInNet alternativelistconc2)
apply (subgoal_tac "first_srcNet a ≠ first_srcNet aa")
apply (metis 4 5 7 14 firstInNeta alternativelistconc2)
apply (metis 3 4 5 first_bothNetsd insert_commute)
apply (metis 2 5 14 OTNaux)
apply (metis 2 5 14 OTNaux)
done
qed
next
show "netsDistinct ab d ∨ netsDistinct b c"
apply (insert 1 2 3 4 5 6 7 8 9 10 11 12)
apply (cases "sdnets a = {(first_srcNet a, first_destNet a)}")
apply (cases "sdnets aa = {(first_srcNet aa, first_destNet aa)}", simp_all)
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(first_srcNet a) ≠ (first_destNet aa)", simp_all)
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (subgoal_tac "first_destNet a ≠ first_srcNet aa")
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (metis first_bothNetsd insert_commute)
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)", simp_all)
apply (case_tac "(first_destNet a) ≠ (first_srcNet aa)",simp_all)
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (subgoal_tac "first_srcNet a ≠ first_destNet aa")
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (metis first_bothNetsd insert_commute)
apply (case_tac "(first_srcNet aa) ≠ (first_srcNet a)",simp_all)
apply (metis firstInNeta alternativelistconc2)
apply (case_tac "first_destNet aa ≠ first_destNet a",simp_all)
apply (metis firstInNet alternativelistconc2)
apply (metis first_bothNetsd)
proof -
assume 13:" ∀ab b. ab ≠ b ∧ ab∈set(net_list_aux[a,aa]) ∧ b ∈ set(net_list_aux[a,aa])
⟶ netsDistinct ab b "
and 14 : "(ab = first_srcNet a ∧ b = first_destNet a ∨
ab = first_destNet a ∧ b = first_srcNet a) ∧ (c, d) ∈ sdnets aa "
and 15 : " sdnets a = {(first_srcNet a, first_destNet a),
(first_destNet a, first_srcNet a)} "
and 16 : " sdnets aa = {(first_srcNet aa, first_destNet aa)} ∨
sdnets aa = {(first_srcNet aa, first_destNet aa),
(first_destNet aa, first_srcNet aa)} "
and 17 : " {(first_srcNet a, first_destNet a),
(first_destNet a, first_srcNet a)} ≠ sdnets aa "
show "first_destNet a ≠ first_srcNet a ⟹ netsDistinct ab d ∨ netsDistinct b c"
apply (insert 1 2 3 4 5 6 13 14 15 16 17)
apply (cases "sdnets aa = {(first_srcNet aa, first_destNet aa)}", simp_all)
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)", simp_all)
apply (case_tac "(first_destNet a) ≠ (first_srcNet aa)",simp_all)
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (subgoal_tac "first_srcNet a ≠ first_destNet aa")
apply (metis firstInNeta firstInNet alternativelistconc2)
apply (metis first_bothNetsd insert_commute)
apply (case_tac "(first_srcNet aa) ≠ (first_srcNet a)",simp_all)
apply (metis firstInNeta alternativelistconc2)
apply (case_tac "first_destNet aa ≠ first_destNet a",simp_all)
apply (metis firstInNet alternativelistconc2)
apply (metis first_bothNetsd)
proof -
assume 20: "{(first_srcNet a, first_destNet a), (first_destNet a, first_srcNet a)} ≠
{(first_srcNet aa, first_destNet aa), (first_destNet aa, first_srcNet aa)}"
and 21: "first_destNet a ≠ first_srcNet a"
show "netsDistinct ab d ∨ netsDistinct b c"
apply (case_tac "(c = first_srcNet aa ∧ d = first_destNet aa)", simp_all)
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)", simp_all)
apply (case_tac "(first_destNet a) ≠ (first_srcNet aa)", simp_all)
apply (metis 4 5 7 firstInNeta firstInNet alternativelistconc2)
apply (subgoal_tac "first_srcNet a ≠ first_destNet aa")
apply (metis 4 5 7 firstInNeta firstInNet alternativelistconc2)
apply (metis 20 insert_commute)
apply (case_tac "(first_srcNet aa) ≠ (first_srcNet a)", simp_all)
apply (metis 4 5 13 14 firstInNeta alternativelistconc2)
apply (case_tac "first_destNet aa ≠ first_destNet a", simp_all)
apply (metis 4 5 13 14 firstInNet alternativelistconc2)
apply (case_tac "(ab = first_srcNet a ∧ b = first_destNet a)", simp_all)
apply (case_tac "(first_destNet a) ≠ (first_srcNet aa)", simp_all)
apply (metis 20)
apply (subgoal_tac "first_srcNet a ≠ first_srcNet aa")
apply (metis 20)
apply (metis 21)
apply (case_tac "(first_srcNet aa) ≠ (first_destNet a)")
apply (metis (no_types, lifting) 2 3 4 5 7 14 OTNaux
firstInNet firstInNeta first_bothNetsd isInAlternativeList)
by (metis 2 4 5 7 20 14 OTNaux doubleton_eq_iff firstInNet
firstInNeta isInAlternativeList)
qed
qed
qed
qed
lemma ANDaux3[rule_format]:
"y ∈ set xs ⟶ a ∈ set (net_list_aux [y]) ⟶ a ∈ set (net_list_aux xs)"
by (induct xs) (simp_all add: isInAlternativeList)
lemma ANDaux2:
"allNetsDistinct (x # xs) ⟹ y ∈ set xs ⟹ allNetsDistinct [x,y]"
apply (simp add: allNetsDistinct_def)
by (meson ANDaux3 isInAlternativeList netlistaux)
lemma NCisSD2[rule_format]:
"¬ member DenyAll a ⟹ OnlyTwoNets (a#p) ⟹
NetsCollected2 (a # p) ⟹ NetsCollected (a#p) ⟹
noDenyAll ( p) ⟹ allNetsDistinct (a # p) ⟹ s ∈ set p ⟹
disjSD_2 a s"
by (metis ANDaux2 FWNormalisationCore.member.simps(2) NCisSD2aux NetsCollected.simps(1)
NetsCollected2.simps(1) OTNConc OTNoTN empty_iff empty_set list.set_intros(1) noDA)
lemma separatedNC[rule_format]:
"OnlyTwoNets p ⟶ NetsCollected2 p ⟶ NetsCollected p ⟶ noDenyAll1 p ⟶
allNetsDistinct p ⟶ separated p"
proof (induct p, simp_all, rename_tac a b, case_tac "a = DenyAll", simp_all, goal_cases)
fix a fix p::"('a set set, 'b) Combinators list"
show "OnlyTwoNets p ⟶ NetsCollected2 p ⟶ NetsCollected p ⟶ noDenyAll1 p ⟶
allNetsDistinct p ⟶ separated p ⟹ a ≠ DenyAll ⟹ OnlyTwoNets (a # p) ⟶
first_bothNet a ≠ firstList p ∧ NetsCollected2 p ⟶
(∀aa∈set p. first_bothNet a ≠ first_bothNet aa) ∧ NetsCollected p ⟶
noDenyAll1 (a # p) ⟶ allNetsDistinct (a # p) ⟶ (∀s. s ∈ set p ⟶
disjSD_2 a s) ∧ separated p"
apply (intro impI,drule mp, erule OTNConc,drule mp)
apply (case_tac p, simp_all)
apply (drule mp,erule noDA1C, intro conjI allI impI NCisSD2, simp_all)
apply (case_tac a, simp_all)
apply (case_tac a, simp_all)
using ANDConc by auto
next
fix a::"('a set set,'b) Combinators " fix p ::"('a set set,'b) Combinators list"
show "OnlyTwoNets p ⟶ NetsCollected2 p ⟶ NetsCollected p ⟶ noDenyAll1 p ⟶
allNetsDistinct p ⟶ separated p ⟹ a = DenyAll ⟹ OnlyTwoNets p ⟶
{}≠firstList p ∧ NetsCollected2 p ⟶ (∀a∈set p. {}≠first_bothNet a)∧NetsCollected p ⟶
noDenyAll p ⟶ allNetsDistinct (DenyAll # p) ⟶
(∀s. s ∈ set p ⟶ disjSD_2 DenyAll s) ∧ separated p"
by (simp add: ANDConc disjSD_2_def noDA1eq)
qed
lemma separatedNC'[rule_format]:
"OnlyTwoNets p ⟶ NetsCollected2 p ⟶ NetsCollected p ⟶ noDenyAll1 p ⟶
allNetsDistinct p ⟶ separated p"
proof (induct p)
case Nil show ?case by simp
next
case (Cons a p) then show ?case
apply simp
proof (cases "a = DenyAll") print_cases
case True
then show "OnlyTwoNets (a # p) ⟶ first_bothNet a ≠ firstList p ∧ NetsCollected2 p ⟶
(∀aa∈set p. first_bothNet a ≠ first_bothNet aa) ∧ NetsCollected p ⟶
noDenyAll1 (a # p) ⟶ allNetsDistinct (a # p) ⟶
(∀s. s ∈ set p ⟶ disjSD_2 a s) ∧ separated p"
apply(insert Cons.hyps ‹a = DenyAll›)
apply (intro impI,drule mp, erule OTNConc,drule mp)
apply (case_tac p, simp_all)
apply (case_tac a, simp_all)
apply (case_tac a, simp_all)
by (simp add: ANDConc disjSD_2_def noDA1eq)
next
case False
then show "OnlyTwoNets (a # p) ⟶ first_bothNet a ≠ firstList p ∧ NetsCollected2 p ⟶
(∀aa∈set p. first_bothNet a ≠ first_bothNet aa) ∧ NetsCollected p ⟶
noDenyAll1 (a # p) ⟶ allNetsDistinct (a # p) ⟶ (∀s. s ∈ set p ⟶
disjSD_2 a s) ∧ separated p"
apply(insert Cons.hyps ‹a ≠ DenyAll›)
by (metis NetsCollected.simps(1) NetsCollected2.simps(1) separated.simps(1) separatedNC)
qed
qed
lemma NC2Sep[rule_format]: "noDenyAll1 p ⟶ NetsCollected2 (separate p)"
proof (induct p rule: separate.induct, simp_all, goal_cases)
fix x :: "('a, 'b) Combinators list"
case 1 then show ?case
by (metis fMTaux firstList.simps(1) fl2 noDA1eq noDenyAll.elims(2) separate.simps(5))
next
fix v va fix y::" ('a, 'b) Combinators" fix z
case 2 then show ?case
by (simp add: fl2 noDA1eq)
next
fix v va vb fix y::" ('a, 'b) Combinators" fix z
case 3 then show ?case
by (simp add: fl2 noDA1eq)
next
fix v va fix y::" ('a, 'b) Combinators" fix z
case 4 then show ?case
by (simp add: fl2 noDA1eq)
qed
lemma separatedSep[rule_format]:
"OnlyTwoNets p ⟶ NetsCollected2 p ⟶ NetsCollected p ⟶
noDenyAll1 p ⟶ allNetsDistinct p ⟶ separated (separate p)"
by (simp add: ANDSep NC2Sep NetsCollectedSep OTNSEp noDA1sep separatedNC)
lemma rADnMT[rule_format]: "p ≠ [] ⟶ removeAllDuplicates p ≠ []"
by (induct p) simp_all
lemma remDupsNMT[rule_format]: "p ≠ [] ⟶ remdups p ≠ []"
by (metis remdups_eq_nil_iff)
lemma sets_distinct1: "(n::int) ≠ m ⟹ {(a,b). a = n} ≠ {(a,b). a = m}"
by auto
lemma sets_distinct2: "(m::int) ≠ n ⟹ {(a,b). a = n} ≠ {(a,b). a = m}"
by auto
lemma sets_distinct5: "(n::int) < m ⟹ {(a,b). a = n} ≠ {(a,b). a = m}"
by auto
lemma sets_distinct6: "(m::int) < n ⟹ {(a,b). a = n} ≠ {(a,b). a = m}"
by auto
end