src/HOLCF/IOA/meta_theory/Automata.thy
author kleing
Mon Jun 21 10:25:57 2004 +0200 (2004-06-21)
changeset 14981 e73f8140af78
parent 12919 d6a0d168291e
child 17233 41eee2e7b465
permissions -rw-r--r--
Merged in license change from Isabelle2004
mueller@3071
     1
(*  Title:      HOLCF/IOA/meta_theory/Automata.thy
mueller@3275
     2
    ID:         $Id$
wenzelm@12218
     3
    Author:     Olaf Müller, Konrad Slind, Tobias Nipkow
mueller@3071
     4
mueller@3071
     5
The I/O automata of Lynch and Tuttle in HOLCF.
mueller@3071
     6
*)   
mueller@3071
     7
mueller@3071
     8
		       
wenzelm@12919
     9
Automata = Asig +
mueller@3071
    10
wenzelm@12338
    11
default type
mueller@3071
    12
 
mueller@3071
    13
types
mueller@3071
    14
   ('a,'s)transition       =    "'s * 'a * 's"
mueller@3521
    15
   ('a,'s)ioa              =    "'a signature * 's set * ('a,'s)transition set * 
mueller@3521
    16
                                 (('a set) set) * (('a set) set)"
mueller@3071
    17
mueller@3071
    18
consts
mueller@3071
    19
 
mueller@3071
    20
  (* IO automata *)
mueller@3521
    21
mueller@3521
    22
  asig_of        ::"('a,'s)ioa => 'a signature"
mueller@3521
    23
  starts_of      ::"('a,'s)ioa => 's set"
mueller@3521
    24
  trans_of       ::"('a,'s)ioa => ('a,'s)transition set"
mueller@3521
    25
  wfair_of       ::"('a,'s)ioa => ('a set) set"
mueller@3521
    26
  sfair_of       ::"('a,'s)ioa => ('a set) set"
mueller@3521
    27
mueller@3521
    28
  is_asig_of     ::"('a,'s)ioa => bool"
mueller@3521
    29
  is_starts_of	 ::"('a,'s)ioa => bool"
mueller@3521
    30
  is_trans_of	 ::"('a,'s)ioa => bool"
mueller@3521
    31
  input_enabled	 ::"('a,'s)ioa => bool"
mueller@3521
    32
  IOA	         ::"('a,'s)ioa => bool"
mueller@3071
    33
mueller@4559
    34
  (* constraints for fair IOA *)
mueller@4559
    35
mueller@4559
    36
  fairIOA        ::"('a,'s)ioa => bool"
mueller@4559
    37
  input_resistant::"('a,'s)ioa => bool"
mueller@4559
    38
mueller@4559
    39
  (* enabledness of actions and action sets *)
mueller@4559
    40
mueller@4559
    41
  enabled        ::"('a,'s)ioa => 'a => 's => bool"
mueller@4559
    42
  Enabled    ::"('a,'s)ioa => 'a set => 's => bool"
mueller@4559
    43
mueller@4559
    44
  (* action set keeps enabled until probably disabled by itself *) 
mueller@4559
    45
mueller@4559
    46
  en_persistent  :: "('a,'s)ioa => 'a set => bool"
mueller@4559
    47
mueller@4559
    48
 (* post_conditions for actions and action sets *)
mueller@4559
    49
mueller@4559
    50
  was_enabled        ::"('a,'s)ioa => 'a => 's => bool"
mueller@4559
    51
  set_was_enabled    ::"('a,'s)ioa => 'a set => 's => bool"
mueller@4559
    52
mueller@3071
    53
  (* reachability and invariants *)
mueller@3071
    54
  reachable     :: "('a,'s)ioa => 's set"
mueller@3071
    55
  invariant     :: "[('a,'s)ioa, 's=>bool] => bool"
mueller@3071
    56
mueller@3071
    57
  (* binary composition of action signatures and automata *)
mueller@3071
    58
  asig_comp    ::"['a signature, 'a signature] => 'a signature"
mueller@3521
    59
  compatible   ::"[('a,'s)ioa, ('a,'t)ioa] => bool"
mueller@3071
    60
  "||"         ::"[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa"  (infixr 10)
mueller@3071
    61
mueller@3521
    62
  (* hiding and restricting *)
mueller@3521
    63
  hide_asig     :: "['a signature, 'a set] => 'a signature"
mueller@3521
    64
  hide          :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa"
mueller@3071
    65
  restrict_asig :: "['a signature, 'a set] => 'a signature"
mueller@3071
    66
  restrict      :: "[('a,'s)ioa, 'a set] => ('a,'s)ioa"
mueller@3071
    67
mueller@3071
    68
  (* renaming *)
mueller@3521
    69
  rename_set    :: "'a set => ('c => 'a option) => 'c set"
mueller@3521
    70
  rename        :: "('a, 'b)ioa => ('c => 'a option) => ('c,'b)ioa"
mueller@3071
    71
mueller@3071
    72
mueller@3071
    73
syntax 
mueller@3071
    74
mueller@3071
    75
  "_trans_of"  :: "'s => 'a => ('a,'s)ioa => 's => bool"  ("_ -_--_-> _" [81,81,81,81] 100)
mueller@3071
    76
  "reachable"  :: "[('a,'s)ioa, 's] => bool"
mueller@3071
    77
  "act"        :: "('a,'s)ioa => 'a set"
mueller@3071
    78
  "ext"        :: "('a,'s)ioa => 'a set"
mueller@3071
    79
  "int"        :: "('a,'s)ioa => 'a set"
mueller@3071
    80
  "inp"        :: "('a,'s)ioa => 'a set"
mueller@3071
    81
  "out"        :: "('a,'s)ioa => 'a set"
mueller@3433
    82
  "local"      :: "('a,'s)ioa => 'a set"
mueller@3071
    83
mueller@3071
    84
wenzelm@12114
    85
syntax (xsymbols)
mueller@3071
    86
mueller@3071
    87
  "_trans_of"  :: "'s => 'a => ('a,'s)ioa => 's => bool"  
wenzelm@12114
    88
                  ("_ \\<midarrow>_\\<midarrow>_\\<longrightarrow> _" [81,81,81,81] 100)
mueller@3071
    89
  "op ||"         ::"[('a,'s)ioa, ('a,'t)ioa] => ('a,'s*'t)ioa"  (infixr "\\<parallel>" 10)
mueller@3071
    90
mueller@3071
    91
mueller@3071
    92
inductive "reachable C" 
mueller@3071
    93
   intrs  
mueller@3071
    94
    reachable_0  "s:(starts_of C) ==> s : reachable C"
mueller@3071
    95
    reachable_n  "[|s:reachable C; (s,a,t):trans_of C|] ==> t:reachable C"
mueller@3071
    96
mueller@3071
    97
mueller@3071
    98
translations
mueller@3071
    99
  "s -a--A-> t"   == "(s,a,t):trans_of A"
mueller@3071
   100
  "reachable A s" == "s:reachable A"
mueller@3071
   101
  "act A"         == "actions (asig_of A)"
mueller@3071
   102
  "ext A"         == "externals (asig_of A)"
mueller@3071
   103
  "int A"         == "internals (asig_of A)"
mueller@3071
   104
  "inp A"         == "inputs (asig_of A)"
mueller@3071
   105
  "out A"         == "outputs (asig_of A)"
mueller@3433
   106
  "local A"       == "locals (asig_of A)"
mueller@3433
   107
mueller@3071
   108
mueller@3071
   109
mueller@3071
   110
defs
mueller@3071
   111
mueller@3071
   112
(* --------------------------------- IOA ---------------------------------*)
mueller@3071
   113
mueller@3071
   114
mueller@3071
   115
mueller@3071
   116
asig_of_def   "asig_of == fst"
mueller@3071
   117
starts_of_def "starts_of == (fst o snd)"
mueller@3521
   118
trans_of_def  "trans_of == (fst o snd o snd)"
mueller@3521
   119
wfair_of_def  "wfair_of == (fst o snd o snd o snd)"
mueller@3521
   120
sfair_of_def  "sfair_of == (snd o snd o snd o snd)"
mueller@3521
   121
mueller@3521
   122
is_asig_of_def
mueller@3521
   123
  "is_asig_of A == is_asig (asig_of A)" 
mueller@3521
   124
mueller@3521
   125
is_starts_of_def 
mueller@3521
   126
  "is_starts_of A ==  (~ starts_of A = {})"
mueller@3521
   127
mueller@3521
   128
is_trans_of_def
mueller@3521
   129
  "is_trans_of A == 
mueller@3521
   130
    (!triple. triple:(trans_of A) --> fst(snd(triple)):actions(asig_of A))"
mueller@3521
   131
mueller@3521
   132
input_enabled_def
mueller@3521
   133
  "input_enabled A ==
mueller@3521
   134
    (!a. (a:inputs(asig_of A)) --> (!s1. ? s2. (s1,a,s2):(trans_of A)))" 
mueller@3521
   135
mueller@3071
   136
mueller@3071
   137
ioa_def
mueller@3521
   138
  "IOA A == (is_asig_of A    &                            
mueller@3521
   139
             is_starts_of A  &                            
mueller@3521
   140
             is_trans_of A   &
mueller@3521
   141
             input_enabled A)"
mueller@3071
   142
mueller@3071
   143
mueller@3071
   144
invariant_def "invariant A P == (!s. reachable A s --> P(s))"
mueller@3071
   145
mueller@3071
   146
mueller@3071
   147
(* ------------------------- parallel composition --------------------------*)
mueller@3071
   148
mueller@3071
   149
mueller@3433
   150
compatible_def
mueller@3433
   151
  "compatible A B ==  
mueller@3433
   152
  (((out A Int out B) = {}) &                              
mueller@3433
   153
   ((int A Int act B) = {}) &                            
mueller@3433
   154
   ((int B Int act A) = {}))"
mueller@3071
   155
mueller@3071
   156
asig_comp_def
mueller@3071
   157
  "asig_comp a1 a2 ==                                                   
mueller@3071
   158
     (((inputs(a1) Un inputs(a2)) - (outputs(a1) Un outputs(a2)),      
mueller@3071
   159
       (outputs(a1) Un outputs(a2)),                                   
mueller@3071
   160
       (internals(a1) Un internals(a2))))"
mueller@3071
   161
mueller@3071
   162
par_def
mueller@3521
   163
  "(A || B) ==                                                    
mueller@3521
   164
      (asig_comp (asig_of A) (asig_of B),                        
mueller@3521
   165
       {pr. fst(pr):starts_of(A) & snd(pr):starts_of(B)},        
mueller@3071
   166
       {tr. let s = fst(tr); a = fst(snd(tr)); t = snd(snd(tr))        
mueller@3521
   167
            in (a:act A | a:act B) & 
mueller@3521
   168
               (if a:act A then                       
mueller@3521
   169
                  (fst(s),a,fst(t)):trans_of(A)                     
mueller@3071
   170
                else fst(t) = fst(s))                                  
mueller@3071
   171
               &                                                       
mueller@3521
   172
               (if a:act B then                       
mueller@3521
   173
                  (snd(s),a,snd(t)):trans_of(B)                     
mueller@3521
   174
                else snd(t) = snd(s))},
mueller@3521
   175
        wfair_of A Un wfair_of B,
mueller@3521
   176
        sfair_of A Un sfair_of B)"
mueller@3521
   177
mueller@3071
   178
mueller@3071
   179
(* ------------------------ hiding -------------------------------------------- *)
mueller@3071
   180
mueller@3071
   181
restrict_asig_def
mueller@3071
   182
  "restrict_asig asig actns ==                                          
mueller@3521
   183
    (inputs(asig) Int actns, 
mueller@3521
   184
     outputs(asig) Int actns,                  
mueller@3071
   185
     internals(asig) Un (externals(asig) - actns))"
mueller@3071
   186
mueller@3521
   187
(* Notice that for wfair_of and sfair_of nothing has to be changed, as 
mueller@3521
   188
   changes from the outputs to the internals does not touch the locals as 
mueller@3521
   189
   a whole, which is of importance for fairness only *)
mueller@3071
   190
mueller@3071
   191
restrict_def
mueller@3521
   192
  "restrict A actns ==                                               
mueller@3521
   193
    (restrict_asig (asig_of A) actns, 
mueller@3521
   194
     starts_of A, 
mueller@3521
   195
     trans_of A,
mueller@3521
   196
     wfair_of A,
mueller@3521
   197
     sfair_of A)"
mueller@3521
   198
mueller@3521
   199
hide_asig_def
mueller@3521
   200
  "hide_asig asig actns ==                                          
mueller@3521
   201
    (inputs(asig) - actns, 
mueller@3521
   202
     outputs(asig) - actns,                  
mueller@3521
   203
     internals(asig) Un actns)"
mueller@3521
   204
mueller@3521
   205
hide_def
mueller@3521
   206
  "hide A actns ==                                               
mueller@3521
   207
    (hide_asig (asig_of A) actns, 
mueller@3521
   208
     starts_of A, 
mueller@3521
   209
     trans_of A,
mueller@3521
   210
     wfair_of A,
mueller@3521
   211
     sfair_of A)"
mueller@3071
   212
mueller@3071
   213
(* ------------------------- renaming ------------------------------------------- *)
mueller@3071
   214
  
mueller@3521
   215
rename_set_def
wenzelm@7661
   216
  "rename_set A ren == {b. ? x. Some x = ren b & x : A}" 
mueller@3521
   217
mueller@3071
   218
rename_def 
mueller@3071
   219
"rename ioa ren ==  
mueller@3521
   220
  ((rename_set (inp ioa) ren,         
mueller@3521
   221
    rename_set (out ioa) ren,        
mueller@3521
   222
    rename_set (int ioa) ren),     
mueller@3521
   223
   starts_of ioa,                                            
mueller@3071
   224
   {tr. let s = fst(tr); a = fst(snd(tr));  t = snd(snd(tr))    
mueller@3071
   225
        in                                                      
mueller@3521
   226
        ? x. Some(x) = ren(a) & (s,x,t):trans_of ioa},
mueller@3521
   227
   {rename_set s ren | s. s: wfair_of ioa},
mueller@3521
   228
   {rename_set s ren | s. s: sfair_of ioa})"
mueller@3071
   229
mueller@4559
   230
(* ------------------------- fairness ----------------------------- *)
mueller@4559
   231
mueller@4559
   232
fairIOA_def
mueller@4559
   233
  "fairIOA A == (! S : wfair_of A. S<= local A) & 
mueller@4559
   234
                (! S : sfair_of A. S<= local A)"
mueller@4559
   235
mueller@4559
   236
input_resistant_def
mueller@4559
   237
  "input_resistant A == ! W : sfair_of A. ! s a t. 
mueller@4559
   238
                        reachable A s & reachable A t & a:inp A &
mueller@4559
   239
                        Enabled A W s & s -a--A-> t
mueller@4559
   240
                        --> Enabled A W t"
mueller@4559
   241
mueller@4559
   242
enabled_def
mueller@4559
   243
  "enabled A a s == ? t. s-a--A-> t"
mueller@4559
   244
mueller@4559
   245
Enabled_def
mueller@4559
   246
  "Enabled A W s == ? w:W. enabled A w s"
mueller@4559
   247
mueller@4559
   248
en_persistent_def
mueller@4559
   249
  "en_persistent A W == ! s a t. Enabled A W s & 
mueller@4559
   250
                                 a ~:W & 
mueller@4559
   251
                                 s -a--A-> t 
mueller@4559
   252
                                 --> Enabled A W t"
mueller@4559
   253
was_enabled_def
mueller@4559
   254
  "was_enabled A a t == ? s. s-a--A-> t"
mueller@4559
   255
mueller@4559
   256
set_was_enabled_def
mueller@4559
   257
  "set_was_enabled A W t == ? w:W. was_enabled A w t"
mueller@4559
   258
mueller@3071
   259
mueller@3071
   260
end
mueller@3071
   261