reorganization of HOL/UNITY, moving examples to subdirectories Simple and Comp
paulson
1 
(* Title: HOL/UNITY/Mutex.thy 
2 
ID: $Id$ 
3 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
4 
Copyright 1998 University of Cambridge 
5 

6 
Based on "A Family of 2Process Mutual Exclusion Algorithms" by J Misra 
7 
*) 
8 

9 
Mutex = SubstAx + 
10 

11 
record state = 
12 
p :: bool 
13 
m :: int 
14 
n :: int 
15 
u :: bool 
16 
v :: bool 
17 

18 
types command = "(state*state) set" 
19 

20 
constdefs 
21 

22 
(** The program for process U **) 
23 

24 
U0 :: command 
11701
3d51fbf81c17
sane numerals (stage 1): added generic 1, removed 1' and 2 on nat,
wenzelm
25 
"U0 == {(s,s'). s' = s (u:=True, m:=Numeral1) & m s = Numeral0}" 
26 

27 
U1 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
28 
"U1 == {(s,s'). s' = s (p:= v s, m:=2) & m s = Numeral1}" 
29 

30 
U2 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
31 
"U2 == {(s,s'). s' = s (m:=3) & ~ p s & m s = 2}" 
32 

33 
U3 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
34 
"U3 == {(s,s'). s' = s (u:=False, m:=4) & m s = 3}" 
35 

36 
U4 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
37 
"U4 == {(s,s'). s' = s (p:=True, m:=Numeral0) & m s = 4}" 
38 

39 
(** The program for process V **) 
40 

41 
V0 :: command 
11701
3d51fbf81c17
sane numerals (stage 1): added generic 1, removed 1' and 2 on nat,
wenzelm
42 
"V0 == {(s,s'). s' = s (v:=True, n:=Numeral1) & n s = Numeral0}" 
43 

44 
V1 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
45 
"V1 == {(s,s'). s' = s (p:= ~ u s, n:=2) & n s = Numeral1}" 
46 

47 
V2 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
48 
"V2 == {(s,s'). s' = s (n:=3) & p s & n s = 2}" 
49 

50 
V3 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
51 
"V3 == {(s,s'). s' = s (v:=False, n:=4) & n s = 3}" 
52 

53 
V4 :: command 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
54 
"V4 == {(s,s'). s' = s (p:=False, n:=Numeral0) & n s = 4}" 
55 

56 
Mutex :: state program 
11701
3d51fbf81c17
sane numerals (stage 1): added generic 1, removed 1' and 2 on nat,
wenzelm
57 
"Mutex == mk_program ({s. ~ u s & ~ v s & m s = Numeral0 & n s = Numeral0}, 
58 
{U0, U1, U2, U3, U4, V0, V1, V2, V3, V4}, 
59 
UNIV)" 
60 

61 

62 
(** The correct invariants **) 
63 

64 
IU :: state set 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
65 
"IU == {s. (u s = (Numeral1 <= m s & m s <= 3)) & (m s = 3 > ~ p s)}" 
66 

67 
IV :: state set 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
68 
"IV == {s. (v s = (Numeral1 <= n s & n s <= 3)) & (n s = 3 > p s)}" 
69 

70 
(** The faulty invariant (for U alone) **) 
71 

72 
bad_IU :: state set 
11704
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
73 
"bad_IU == {s. (u s = (Numeral1 <= m s & m s <= 3)) & 
3c50a2cd6f00
* sane numerals (stage 2): plain "num" syntax (removed "#");
wenzelm
74 
(3 <= m s & m s <= 4 > ~ p s)}" 
75 

76 
end 