(* ========================================================================= *)
(* Abstract version of symbolic trajectory evaluation. *)
(* *)
(* Based on the paper "Symbolic Trajectory Evaluation in a Nutshell" *)
(* by Tom Melham & Ashish Darbari, 2002 (still unpublished?) *)
(* ========================================================================= *)
parse_as_infix("&&",(16,"right"));;
parse_as_infix("<<=",(14,"right"));;
parse_as_infix(">->",(13,"right"));;
parse_as_infix(">~~>",(6,"right"));;
(* ------------------------------------------------------------------------- *)
(* Some type of nodes that we don't really care much about. *)
(* ------------------------------------------------------------------------- *)
;
(* ------------------------------------------------------------------------- *)
(* Also "abstract" propositional formulas (i.e. we never unfold "eval"). *)
(* ------------------------------------------------------------------------- *)
;
(* ------------------------------------------------------------------------- *)
(* Quaternary lattice. *)
(* ------------------------------------------------------------------------- *)
;
(* ------------------------------------------------------------------------- *)
(* Basic lattice operations. *)
(* ------------------------------------------------------------------------- *)
(* ------------------------------------------------------------------------- *)
(* Trivial lemmas about the quaternary lattice. *)
(* ------------------------------------------------------------------------- *)
let QLE_TRANS = prove
(`!x y z. x <<= y /\ y <<= z ==> x <<= z`,
REPEAT(MATCH_MP_TAC quat_INDUCT THEN REPEAT CONJ_TAC) THEN
REWRITE_TAC[qle;
quat_DISTINCT]);;
let QLE_LJOIN = prove
(`!x y z. x && y <<= z <=> x <<= z /\ y <<= z`,
REPEAT(MATCH_MP_TAC quat_INDUCT THEN REPEAT CONJ_TAC) THEN
REWRITE_TAC[qjoin; qle;
quat_DISTINCT]);;
let QLE_RJOIN = prove
(`!x y. x <<= x && y /\ y <<= x && y`,
REPEAT(MATCH_MP_TAC quat_INDUCT THEN REPEAT CONJ_TAC) THEN
REWRITE_TAC[qjoin; qle;
quat_DISTINCT]);;
let QLE_CHOICE = prove
(`(b >-> x) <<= y <=> b ==> x <<= y`,
REPEAT GEN_TAC THEN REWRITE_TAC[choice] THEN
COND_CASES_TAC THEN REWRITE_TAC[] THEN REWRITE_TAC[qle]);;
let tholds = new_recursive_definition trajform_RECURSION
`(tholds (Is_0 nd) seq v <=> ZERO <<= seq 0 nd v) /\
(tholds (Is_1 nd) seq v <=> ONE <<= seq 0 nd v) /\
(tholds (Andj tf1 tf2) seq v <=> tholds tf1 seq v /\ tholds tf2 seq v) /\
(tholds (When tf1 p) seq v <=> eval p v ==> tholds tf1 seq v) /\
(tholds (Next(tf1)) seq v <=> tholds tf1 (\t. seq(t + 1)) v)`;;
let defseq = new_recursive_definition trajform_RECURSION
`(defseq (Is_0 n) t nd v = ((n = nd) /\ (t = 0)) >-> ZERO) /\
(defseq (Is_1 n) t nd v = ((n = nd) /\ (t = 0)) >-> ONE) /\
(defseq (Andj tf1 tf2) t nd v = defseq tf1 t nd v && defseq tf2 t nd v) /\
(defseq (When tf1 p) t nd v = eval p v >-> defseq tf1 t nd v) /\
(defseq (Next(tf1)) t nd v = ~(t = 0) >-> defseq tf1 (t - 1) nd v)`;;
let deftraj = new_recursive_definition num_RECURSION
`(deftraj step tf 0 nd v = defseq tf 0 nd v) /\
(deftraj step tf (SUC t) nd v =
defseq tf (SUC t) nd v && step(deftraj step tf t) nd v)`;;let DEFTRAJ_MINIMAL = prove
(`!step v.
monotonic step v
==> !tf seq. trajectory step seq v
==> (tholds tf seq v <=>
!t nd. deftraj step tf t nd v <<= seq t nd v)`,
let STE_THM = prove
(`monotonic ckt v
==> ((A >~~> C) ckt v <=> !t nd. defseq C t nd v <<= deftraj ckt A t nd v)`,