(*---------------------------------------------------------------------------*)
(*
   File:         mk_comp_unity.ml

   Description:  This file proves the unity compositionality theorems and
                 corrollaries valid.

   Author:       (c) Copyright 1989-2008 by Flemming Andersen
   Date:         December 1, 1989
   Last Update:  December 30, 2007
*)
(*---------------------------------------------------------------------------*)

(*---------------------------------------------------------------------------*)
(*
  Theorems
*)
(*---------------------------------------------------------------------------*)

(*
   Prove:
   !p q FPr GPr.
      (p UNLESS q) (APPEND FPr GPr) ==> (p UNLESS q) FPr /\ (p UNLESS q) GPr
*)
let COMP_UNLESS_thm1_lemma_1 = TAC_PROOF
  (([],
   (`!(p:'a->bool) q FPr GPr.
      (p UNLESS q) (APPEND FPr GPr) ==> (p UNLESS q) FPr /\ (p UNLESS q) GPr`)),
   REPEAT GEN_TAC THEN
   SPEC_TAC ((`GPr:('a->'a)list`),(`GPr:('a->'a)list`)) THEN
   SPEC_TAC ((`FPr:('a->'a)list`),(`FPr:('a->'a)list`)) THEN
   LIST_INDUCT_TAC THENL
     [
      REWRITE_TAC [UNLESS;APPEND]
     ;
      REWRITE_TAC [APPEND] THEN
      REWRITE_TAC [UNLESS] THEN
      REPEAT STRIP_TAC THENL
        [
         ASM_REWRITE_TAC []
        ;
         RES_TAC
        ;
         RES_TAC]]);;

(*
   Prove:
     !p q FPr GPr.
     (p UNLESS q) FPr /\ (p UNLESS q) GPr ==> (p UNLESS q) (APPEND FPr GPr)
*)
let COMP_UNLESS_thm1_lemma_2 = TAC_PROOF
  (([],
   (`!(p:'a->bool) q FPr GPr.
     (p UNLESS q) FPr /\ (p UNLESS q) GPr ==> (p UNLESS q) (APPEND FPr GPr)`)),
   REPEAT GEN_TAC THEN
   SPEC_TAC ((`GPr:('a->'a)list`),(`GPr:('a->'a)list`)) THEN
   SPEC_TAC ((`FPr:('a->'a)list`),(`FPr:('a->'a)list`)) THEN
   LIST_INDUCT_TAC THENL
     [
      REWRITE_TAC [UNLESS;APPEND]
     ;
      REWRITE_TAC [APPEND] THEN
      REWRITE_TAC [UNLESS] THEN
      REPEAT STRIP_TAC THENL
        [
         ASM_REWRITE_TAC []
        ;
         RES_TAC
        ]]);;


(*
   Prove:
     !p q FPr GPr.
      (p UNLESS q) (APPEND FPr GPr) = (p UNLESS q) FPr /\ (p UNLESS q) GPr
*)

let COMP_UNLESS_thm1 = prove_thm
  ("COMP_UNLESS_thm1",
   (`!(p:'a->bool) q FPr GPr.
      (p UNLESS q) (APPEND FPr GPr) <=> (p UNLESS q) FPr /\ (p UNLESS q) GPr`),
   REPEAT GEN_TAC THEN
   STRIP_ASSUME_TAC (IMP_ANTISYM_RULE
                       (SPEC_ALL COMP_UNLESS_thm1_lemma_1)
                       (SPEC_ALL COMP_UNLESS_thm1_lemma_2)));;


(*
   Prove:
   !p q FPr GPr.
    (p ENSURES q) (APPEND FPr GPr) ==> (p ENSURES q) FPr /\ (p UNLESS q) GPr \/
                                       (p ENSURES q) GPr /\ (p UNLESS q) FPr
*)
let COMP_ENSURES_thm1_lemma_1 = TAC_PROOF
  (([],
   (`!(p:'a->bool) q FPr GPr.
    (p ENSURES q) (APPEND FPr GPr) ==> (p ENSURES q) FPr /\ (p UNLESS q) GPr \/
                                       (p ENSURES q) GPr /\ (p UNLESS q) FPr`)),
   REPEAT GEN_TAC THEN
   SPEC_TAC ((`GPr:('a->'a)list`),(`GPr:('a->'a)list`)) THEN
   SPEC_TAC ((`FPr:('a->'a)list`),(`FPr:('a->'a)list`)) THEN
   LIST_INDUCT_TAC THENL
     [
      REWRITE_TAC [ENSURES;EXIST_TRANSITION;UNLESS;APPEND]
     ;
      GEN_TAC THEN
      REWRITE_TAC [ENSURES;EXIST_TRANSITION;UNLESS;APPEND] THEN
      REPEAT STRIP_TAC THEN
      ASM_REWRITE_TAC [] THENL
        [
         DISJ1_TAC THEN
         ASM_REWRITE_TAC [] THEN
         ASM_REWRITE_TAC [GEN_ALL (SYM (SPEC_ALL COMP_UNLESS_thm1))]
        ;
         ASSUME_TAC (UNDISCH_ALL (SPECL
           [(`((p:'a->bool) UNLESS q)(APPEND t GPr)`);
            (`((p:'a->bool) EXIST_TRANSITION q)(APPEND t GPr)`)]
            AND_INTRO_THM)) THEN
         UNDISCH_TAC (`((p:'a->bool) UNLESS  q)(APPEND t GPr) /\
                       (p EXIST_TRANSITION q)(APPEND t GPr)`) THEN
         REWRITE_TAC [SPECL [(`q:'a->bool`); (`p:'a->bool`); 
			     (`APPEND (t:('a->'a)list) GPr`)]
                             (GEN_ALL (SYM (SPEC_ALL ENSURES)))] THEN
         DISCH_TAC THEN
         RES_TAC THENL
           [
            UNDISCH_TAC (`((p:'a->bool) ENSURES q) t`) THEN
            REWRITE_TAC [ENSURES] THEN
            STRIP_TAC THEN
            ASM_REWRITE_TAC []
           ;
            UNDISCH_TAC (`((p:'a->bool) ENSURES q) GPr`) THEN
            REWRITE_TAC [ENSURES] THEN
            STRIP_TAC THEN
            ASM_REWRITE_TAC []
           ]]]);;

(*
   Prove:
    !p q FPr GPr.
    (p ENSURES q) FPr /\ (p UNLESS q) GPr \/
    (p ENSURES q) GPr /\ (p UNLESS q) FPr ==> (p ENSURES q) (APPEND FPr GPr)
*)
let COMP_ENSURES_thm1_lemma_2 = TAC_PROOF
  (([],
    `!(p:'a->bool) q FPr GPr.
    ((p ENSURES q) FPr /\ (p UNLESS q) GPr \/
     (p ENSURES q) GPr /\ (p UNLESS q) FPr)
           ==> (p ENSURES q) (APPEND FPr GPr)`),
   GEN_TAC THEN GEN_TAC THEN
   LIST_INDUCT_TAC THEN
   REWRITE_TAC [ENSURES;EXIST_TRANSITION;UNLESS;APPEND] THEN
   REPEAT STRIP_TAC THEN
   RES_TAC THEN
   ASM_REWRITE_TAC [COMP_UNLESS_thm1;ENSURES;EXIST_TRANSITION;
                    UNLESS;APPEND] THEN
   REWRITE_TAC [UNDISCH_ALL (ONCE_REWRITE_RULE [EXIST_TRANSITION_thm12]
        (SPEC_ALL EXIST_TRANSITION_thm8))] THENL
   [
     REWRITE_TAC
       [ONCE_REWRITE_RULE [EXIST_TRANSITION_thm12] (UNDISCH_ALL (SPECL
          [`p:'a->bool`;`q:'a->bool`;`t:('a->'a)list`;`GPr:('a->'a)list`]
             EXIST_TRANSITION_thm8))]
   ;
     REWRITE_TAC
       [UNDISCH_ALL
          (SPECL [`p:'a->bool`;`q:'a->bool`;`GPr:('a->'a)list`;`t:('a->'a)list`]
             EXIST_TRANSITION_thm8)]
   ]);;

(*
   Prove:
    !p q FPr GPr.
      (p ENSURES q) (APPEND FPr GPr) = (p ENSURES q) FPr /\ (p UNLESS q) GPr \/
                                       (p ENSURES q) GPr /\ (p UNLESS q) FPr
*)

let COMP_ENSURES_thm1 = prove_thm
  ("COMP_ENSURES_thm1",
   (`!(p:'a->bool) q FPr GPr.
      (p ENSURES q) (APPEND FPr GPr) <=>
         ((p ENSURES q) FPr /\ (p UNLESS q) GPr \/
          (p ENSURES q) GPr /\ (p UNLESS q) FPr)`),
   REPEAT GEN_TAC THEN
   STRIP_ASSUME_TAC (IMP_ANTISYM_RULE
                       (SPEC_ALL COMP_ENSURES_thm1_lemma_1)
                       (SPEC_ALL COMP_ENSURES_thm1_lemma_2)));;

(*
   Prove:
    |- !p q FPr GPr.
         (p ENSURES q)FPr /\ (p UNLESS q)GPr ==> (p ENSURES q)(APPEND FPr GPr)
*)

let COMP_ENSURES_cor0 = prove_thm
  ("COMP_ENSURES_cor0",
   (`!(p:'a->bool) q FPr GPr.
      (p ENSURES q) FPr /\ (p UNLESS q) GPr
         ==> (p ENSURES q) (APPEND FPr GPr)`),
   REPEAT STRIP_TAC THEN
   ACCEPT_TAC (REWRITE_RULE
    [ASSUME (`((p:'a->bool) ENSURES q)FPr`);ASSUME (`((p:'a->bool) UNLESS q)GPr`)]
    (SPEC_ALL COMP_ENSURES_thm1)));;


(*
   Prove:
    |- !p q FPr GPr.
         (p ENSURES q)GPr /\ (p UNLESS q)FPr ==> (p ENSURES q)(APPEND FPr GPr)
*)

let COMP_ENSURES_cor1 = prove_thm
  ("COMP_ENSURES_cor1",
   (`!(p:'a->bool) q FPr GPr.
      (p ENSURES q) GPr /\ (p UNLESS q) FPr
         ==> (p ENSURES q) (APPEND FPr GPr)`),
   REPEAT STRIP_TAC THEN
   ACCEPT_TAC (REWRITE_RULE
    [ASSUME (`((p:'a->bool) ENSURES q)GPr`);ASSUME (`((p:'a->bool) UNLESS q)FPr`)]
    (SPEC_ALL COMP_ENSURES_thm1)));;


(*
   Prove:
     !p q FPr GPr.
      (p INVARIANT q) (APPEND FPr GPr) =
          (p INVARIANT q) FPr /\ (p INVARIANT q) GPr
*)

let COMP_UNITY_cor0 = prove_thm
  ("COMP_UNITY_cor0",
   (`!(p0:'a->bool) p FPr GPr.
       (p INVARIANT (p0, APPEND FPr GPr)) =
          (p INVARIANT (p0,FPr) /\ p INVARIANT (p0,GPr))`),
   REWRITE_TAC [INVARIANT;STABLE;COMP_UNLESS_thm1] THEN
   REPEAT GEN_TAC THEN EQ_TAC THEN REPEAT STRIP_TAC THEN
   RES_TAC THEN ASM_REWRITE_TAC []);;


(*
   Prove:
        !p FPr GPr.
           p STABLE (APPEND FPr GPr) = p STABLE FPr /\ p STABLE GPr
*)

let COMP_UNITY_cor1 = prove_thm
  ("COMP_UNITY_cor1",
   (`!(p:'a->bool) FPr GPr.
           (p STABLE (APPEND FPr GPr)) = (p STABLE FPr /\ p STABLE GPr)`),
   REWRITE_TAC [STABLE;COMP_UNLESS_thm1]);;


(*
   Prove:
        !p q FPr GPr.
         (p UNLESS q) FPr /\ p STABLE GPr ==>(p UNLESS q) (APPEND FPr GPr)
*)

let COMP_UNITY_cor2 = prove_thm
  ("COMP_UNITY_cor2",
   (`!(p:'a->bool) q FPr GPr.
         (p UNLESS q) FPr /\ p STABLE GPr ==>(p UNLESS q) (APPEND FPr GPr)`),
   REWRITE_TAC [STABLE;COMP_UNLESS_thm1] THEN
   REPEAT STRIP_TAC THENL
     [
      ASM_REWRITE_TAC []
     ;
      UNDISCH_TAC (`((p:'a->bool) UNLESS False)GPr`) THEN
      SPEC_TAC ((`GPr:('a->'a)list`),(`GPr:('a->'a)list`)) THEN
      LIST_INDUCT_TAC THENL
        [
         REWRITE_TAC [UNLESS]
        ;
         REWRITE_TAC [UNLESS;UNLESS_STMT] THEN
         CONV_TAC (DEPTH_CONV BETA_CONV) THEN
         REPEAT STRIP_TAC THENL
           [
            RES_TAC THEN
            UNDISCH_TAC
               (`~(False:'a->bool) s ==> (p:'a->bool)(h s) \/ False(h s)`) THEN
            REWRITE_TAC [FALSE_def;NOT_CLAUSES;OR_INTRO_THM1]
           ;
            RES_TAC]]]);;


(*
   Prove:
     !p0 p FPr GPr.
       p INVARIANT (p0; FPr) /\ p STABLE GPr
            ==> p INVARIANT (p0; (APPEND FPr GPr))
*)

let COMP_UNITY_cor3 = prove_thm
  ("COMP_UNITY_cor3",
   (`!(p0:'a->bool) p FPr GPr.
       p INVARIANT (p0, FPr) /\ p STABLE GPr ==>
                    p INVARIANT (p0, (APPEND FPr GPr))`),
   REWRITE_TAC [INVARIANT;STABLE;COMP_UNLESS_thm1] THEN
   REPEAT STRIP_TAC THENL
     [
      RES_TAC
     ;
      ASM_REWRITE_TAC []
     ;
      ASM_REWRITE_TAC []]);;


(*
   Prove:
       !p q FPr GPr.
        (p ENSURES q) FPr /\ p STABLE GPr ==> (p ENSURES q) (APPEND FPr GPr)
*)

let COMP_UNITY_cor4 = prove_thm
  ("COMP_UNITY_cor4",
   (`!(p:'a->bool) q FPr GPr.
        (p ENSURES q) FPr /\ p STABLE GPr ==> (p ENSURES q) (APPEND FPr GPr)`),
   REPEAT STRIP_TAC THEN
   ASSUME_TAC (UNDISCH_ALL (SPECL
        [(`p:'a->bool`);(`q:'a->bool`);(`FPr:('a->'a)list`)] ENSURES_cor2)) THEN
   ASSUME_TAC (UNDISCH_ALL (SPECL
        [(`((p:'a->bool) UNLESS q)FPr`);(`(p:'a->bool) STABLE GPr`)]
         AND_INTRO_THM)) THEN
   ASSUME_TAC (UNDISCH_ALL (SPECL
        [(`p:'a->bool`);(`q:'a->bool`);(`FPr:('a->'a)list`);(`GPr:('a->'a)list`)]
         COMP_UNITY_cor2)) THEN
   REWRITE_TAC [ENSURES] THEN
   ASM_REWRITE_TAC [] THEN
   UNDISCH_TAC (`((p:'a->bool) ENSURES q)FPr`) THEN
   REWRITE_TAC [ENSURES] THEN
   STRIP_TAC THEN
   UNDISCH_TAC (`((p:'a->bool) EXIST_TRANSITION q)FPr`) THEN
   SPEC_TAC ((`FPr:('a->'a)list`),(`FPr:('a->'a)list`)) THEN
   LIST_INDUCT_TAC THENL
     [
      REWRITE_TAC [EXIST_TRANSITION]
     ;
      REWRITE_TAC [APPEND;EXIST_TRANSITION] THEN
      REPEAT STRIP_TAC THENL
        [
         ASM_REWRITE_TAC []
        ;
         RES_TAC THEN
         ASM_REWRITE_TAC []]]);;

(*
   Prove:
   !p q FPr GPr. (p UNLESS q)(APPEND FPr GPr) ==> (p UNLESS q) GPr
*)

let COMP_UNITY_cor5 = prove_thm
  ("COMP_UNITY_cor5",
   (`!(p:'a->bool) q FPr GPr. (p UNLESS q)(APPEND FPr GPr) ==> (p UNLESS q) GPr`),
   REWRITE_TAC [COMP_UNLESS_thm1] THEN
   REPEAT STRIP_TAC);;

(*
   Prove:
    !p q FPr GPr. (p UNLESS q)(APPEND FPr GPr) ==> (p UNLESS q) FPr
*)

let COMP_UNITY_cor6 = prove_thm
  ("COMP_UNITY_cor6",
   (`!(p:'a->bool) q FPr GPr. (p UNLESS q)(APPEND FPr GPr) ==> (p UNLESS q) FPr`),
   REWRITE_TAC [COMP_UNLESS_thm1] THEN
   REPEAT STRIP_TAC);;

(*
   Prove:
    !p q st FPr. (p UNLESS q)(CONS st FPr) ==> (p UNLESS q) FPr
*)

let COMP_UNITY_cor7 = prove_thm
  ("COMP_UNITY_cor7",
   (`!(p:'a->bool) q st FPr. (p UNLESS q)(CONS st FPr) ==> (p UNLESS q) FPr`),
   REWRITE_TAC [UNLESS] THEN
   REPEAT STRIP_TAC);;

(*
   Prove:
        !p FPr GPr.
           (p ENSURES (NotX  p)) FPr ==> (p ENSURES (NotX  p)) (APPEND FPr GPr)
*)

let COMP_UNITY_cor8 = prove_thm
  ("COMP_UNITY_cor8",
   (`!(p:'a->bool) FPr GPr.
        (p ENSURES (Not p)) FPr ==> (p ENSURES (Not p)) (APPEND FPr GPr)`),
   GEN_TAC THEN
   LIST_INDUCT_TAC THEN
   REWRITE_TAC [APPEND;ENSURES;UNLESS;EXIST_TRANSITION] THEN
   REPEAT STRIP_TAC THEN
   RES_TAC THEN
   ASM_REWRITE_TAC [UNLESS_thm2] THEN
   REWRITE_TAC [UNDISCH_ALL (ONCE_REWRITE_RULE [EXIST_TRANSITION_thm12] (SPECL
     [`p:'a->bool`;`Not (p:'a->bool)`;`t:('a->'a)list`;`GPr:('a->'a)list`]
       EXIST_TRANSITION_thm8))]);;

(*
   Prove:
        !p q FPr GPr.
           p STABLE FPr /\ (p UNLESS q) GPr ==> (p UNLESS q) (APPEND FPr GPr)
*)

let COMP_UNITY_cor9 = prove_thm
  ("COMP_UNITY_cor9",
   (`!(p:'a->bool) q FPr GPr.
         p STABLE FPr /\ (p UNLESS q) GPr ==> (p UNLESS q) (APPEND FPr GPr)`),
   REWRITE_TAC [STABLE;COMP_UNLESS_thm1] THEN
   REPEAT STRIP_TAC THENL
     [
      UNDISCH_TAC (`((p:'a->bool) UNLESS False)FPr`) THEN
      SPEC_TAC ((`FPr:('a->'a)list`),(`FPr:('a->'a)list`)) THEN
      LIST_INDUCT_TAC THENL
        [
         REWRITE_TAC [UNLESS]
        ;
         REWRITE_TAC [UNLESS;UNLESS_STMT] THEN
         BETA_TAC THEN
         REPEAT STRIP_TAC THENL
           [
            RES_TAC THEN
            UNDISCH_TAC
               (`~(False:'a->bool) s ==> (p:'a->bool)(h s) \/ False(h s)`) THEN
            REWRITE_TAC [FALSE_def;NOT_CLAUSES;OR_INTRO_THM1]
           ;
            RES_TAC
           ]
        ]
     ;
      ASM_REWRITE_TAC []
     ]);;


(*
   Prove:
    !p q FPr GPr.
         (p UNLESS q) (APPEND FPr GPr) = (p UNLESS q) (APPEND GPr FPr)
*)

let COMP_UNITY_cor10 = prove_thm
  ("COMP_UNITY_cor10",
   (`!(p:'a->bool) q FPr GPr.
         (p UNLESS q) (APPEND FPr GPr) = (p UNLESS q) (APPEND GPr FPr)`),
   REPEAT GEN_TAC THEN
   REWRITE_TAC [COMP_UNLESS_thm1] THEN
   EQ_TAC THEN
   REPEAT STRIP_TAC THEN
   ASM_REWRITE_TAC []);;

(*
   Prove:
    !p q FPr GPr.
         (p ENSURES q) (APPEND FPr GPr) = (p ENSURES q) (APPEND GPr FPr)
*)

let COMP_UNITY_cor11 = prove_thm
  ("COMP_UNITY_cor11",
   (`!(p:'a->bool) q FPr GPr.
         (p ENSURES q) (APPEND FPr GPr) = (p ENSURES q) (APPEND GPr FPr)`),
   REPEAT GEN_TAC THEN
   REWRITE_TAC [COMP_ENSURES_thm1] THEN
   EQ_TAC THEN REPEAT STRIP_TAC THEN ASM_REWRITE_TAC []);;

(*
   Prove:
    !p q FPr GPr.
      (p LEADSTO q) (APPEND FPr GPr) = (p LEADSTO q) (APPEND GPr FPr)
*)

(*
  |- (!p' q'.
     ((p' ENSURES q')(APPEND Pr1 Pr2) ==> (p' LEADSTO q')(APPEND Pr2 Pr1)) /\
     (!r.
       (p' LEADSTO r)(APPEND Pr1 Pr2) /\ (p' LEADSTO r)(APPEND Pr2 Pr1) /\
       (r LEADSTO q')(APPEND Pr1 Pr2) /\ (r LEADSTO q')(APPEND Pr2 Pr1) ==>
       (p' LEADSTO q')(APPEND Pr1 Pr2) ==> (p' LEADSTO q')(APPEND Pr2 Pr1)) /\
     (!P.
       (!i. ((P i) LEADSTO q')(APPEND Pr1 Pr2)) /\
       (!i. ((P i) LEADSTO q')(APPEND Pr2 Pr1)) ==>
          (($ExistsX  P) LEADSTO q')(APPEND Pr1 Pr2) ==>
          (($ExistsX  P) LEADSTO q')(APPEND Pr2 Pr1)))
     ==>
       (p LEADSTO q)(APPEND Pr1 Pr2) ==> (p LEADSTO q)(APPEND Pr2 Pr1)
*)
let COMP_UNITY_cor12_lemma00 = (BETA_RULE (SPECL
  [(`\(p:'a->bool) q. (p LEADSTO q)(APPEND Pr2 Pr1)`);
   (`p:'a->bool`);(`q:'a->bool`);(`APPEND (Pr1:('a->'a)list) Pr2`)] LEADSTO_thm37));;

let COMP_UNITY_cor12_lemma01 = TAC_PROOF
  (([],
   (`!(p':'a->bool) q' Pr1 Pr2.
      (p' ENSURES q')(APPEND Pr1 Pr2) ==> (p' LEADSTO q')(APPEND Pr2 Pr1)`)),
   REPEAT STRIP_TAC THEN
   ASSUME_TAC (ONCE_REWRITE_RULE [COMP_UNITY_cor11] (ASSUME
    (`((p':'a->bool) ENSURES q')(APPEND Pr1 Pr2)`))) THEN
   IMP_RES_TAC LEADSTO_thm0);;

let COMP_UNITY_cor12_lemma02 = TAC_PROOF
  (([],
   (`!(p':'a->bool) q' Pr1 Pr2.
     (!r.
       (p' LEADSTO r)(APPEND Pr1 Pr2) /\ (p' LEADSTO r)(APPEND Pr2 Pr1) /\
       (r LEADSTO q')(APPEND Pr1 Pr2) /\ (r LEADSTO q')(APPEND Pr2 Pr1)
          ==> (p' LEADSTO q')(APPEND Pr2 Pr1))`)),
   REPEAT STRIP_TAC THEN
   IMP_RES_TAC LEADSTO_thm1);;

let COMP_UNITY_cor12_lemma03 = TAC_PROOF
  (([],
   (`!(p':'a->bool) q' Pr1 Pr2.
     (!P:('a->bool)->bool.
       (!p''. p'' In P ==> (p'' LEADSTO q')(APPEND Pr1 Pr2)) /\
       (!p''. p'' In P ==> (p'' LEADSTO q')(APPEND Pr2 Pr1))
            ==> ((LUB P) LEADSTO q')(APPEND Pr2 Pr1))`)),
   REPEAT STRIP_TAC THEN
   IMP_RES_TAC LEADSTO_thm3a);;

(*
  |- !p q Pr1 Pr2.
       (p LEADSTO q)(APPEND Pr1 Pr2) ==> (p LEADSTO q)(APPEND Pr2 Pr1)
*)
let COMP_UNITY_cor12_lemma04 = (GEN_ALL (REWRITE_RULE
   [COMP_UNITY_cor12_lemma01;COMP_UNITY_cor12_lemma02;COMP_UNITY_cor12_lemma03]
    (SPEC_ALL COMP_UNITY_cor12_lemma00)));;

(*
 |- !p q Pr1 Pr2. (p LEADSTO q)(APPEND Pr1 Pr2) = (p LEADSTO q)(APPEND Pr2 Pr1)
*)

let COMP_UNITY_cor12 = prove_thm
  ("COMP_UNITY_cor12",
   (`!(p:'a->bool) q Pr1 Pr2.
       (p LEADSTO q)(APPEND Pr1 Pr2) = (p LEADSTO q)(APPEND Pr2 Pr1)`),
   REPEAT GEN_TAC THEN
   EQ_TAC THEN REWRITE_TAC [COMP_UNITY_cor12_lemma04]);;

(*
  |- !p FPr GPr. p STABLE (APPEND FPr GPr) = p STABLE (APPEND GPr FPr)
*)

let COMP_UNITY_cor13 = prove_thm
  ("COMP_UNITY_cor13",
   (`!(p:'a->bool) FPr GPr.
      (p STABLE (APPEND FPr GPr)) = (p STABLE (APPEND GPr FPr))`),
   REPEAT GEN_TAC THEN
   REWRITE_TAC [STABLE] THEN
   EQ_TAC THEN
   STRIP_TAC THEN
   ONCE_REWRITE_TAC [COMP_UNITY_cor10] THEN
   ASM_REWRITE_TAC []);;


(*
  |- !p0 p FPr GPr.
      p INVARIANT (p0, APPEND FPr GPr) = p INVARIANT (p0, APPEND GPr FPr)
*)

let COMP_UNITY_cor14 = prove_thm
  ("COMP_UNITY_cor14",
   (`!(p0:'a->bool) p FPr GPr.
      (p INVARIANT (p0, (APPEND FPr GPr)))
    =
      (p INVARIANT (p0, (APPEND GPr FPr)))`),
   REPEAT GEN_TAC THEN
   REWRITE_TAC [INVARIANT] THEN
   EQ_TAC THEN
   STRIP_TAC THEN
   ONCE_REWRITE_TAC [COMP_UNITY_cor13] THEN
   ASM_REWRITE_TAC []);;