isabelle: src/HOL/UNITY/Client.thy@351b3c2b0d83 (annotated)

5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	1	(* Title: HOL/UNITY/Client.thy
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	2	ID: $Id$
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	5
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	6	Distributed Resource Management System: the Client
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	7	*)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	8
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	9	Client = Comp + Prefix +
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	10
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	11	consts
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	12	Max :: nat (Maximum number of tokens)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	13
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	14	types
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	15	tokbag = nat (tokbags could be multisets...or any ordered type?)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	16
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	17	record state =
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	18	giv :: tokbag list (input history: tokens granted)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	19	ask :: tokbag list (output history: tokens requested)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	20	rel :: tokbag list (output history: tokens released)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	21	tok :: tokbag (current token request)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	22
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	23
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	24	(Array indexing is translated to list indexing as A[n] == A!(n-1). )
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	25
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	26	constdefs
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	27
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	28	( Release some tokens )
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	29
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	30	rel_act :: "(state*state) set"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	31	"rel_act == {(s,s').
5804 8e0a4c4fd67b Revising the Client proof as suggested by Michel Charpentier. New lemmas paulson parents: 5648 diff changeset	32	EX nrel. nrel = size (rel s) &
5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	33	s' = s (\| rel := rel s @ [giv s!nrel] \|) &
5804 8e0a4c4fd67b Revising the Client proof as suggested by Michel Charpentier. New lemmas paulson parents: 5648 diff changeset	34	nrel < size (giv s) &
5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	35	ask s!nrel <= giv s!nrel}"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	36
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	37	( Choose a new token requirement )
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	38
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	39	(** Including s'=s suppresses fairness, allowing the non-trivial part
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	40	of the action to be ignored **)
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	41
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	42	tok_act :: "(state*state) set"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	43	"tok_act == {(s,s'). s'=s \| (EX t: atMost Max. s' = s (\|tok := t\|))}"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	44
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	45	ask_act :: "(state*state) set"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	46	"ask_act == {(s,s'). s'=s \|
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	47	(s' = s (\|ask := ask s @ [tok s]\|) &
5804 8e0a4c4fd67b Revising the Client proof as suggested by Michel Charpentier. New lemmas paulson parents: 5648 diff changeset	48	size (ask s) = size (rel s))}"
5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	49
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	50	Cli_prg :: state program
6295 351b3c2b0d83 removed the infernal States, eqStates, compatible, etc. paulson parents: 6012 diff changeset	51	"Cli_prg == mk_program ({s. tok s : atMost Max &
5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	52	giv s = [] &
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	53	ask s = [] &
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	54	rel s = []},
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	55	{rel_act, tok_act, ask_act})"
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	56
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	57	giv_meets_ask :: state set
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	58	"giv_meets_ask ==
5804 8e0a4c4fd67b Revising the Client proof as suggested by Michel Charpentier. New lemmas paulson parents: 5648 diff changeset	59	{s. size (giv s) <= size (ask s) &
8e0a4c4fd67b Revising the Client proof as suggested by Michel Charpentier. New lemmas paulson parents: 5648 diff changeset	60	(ALL n: lessThan (size (giv s)). ask s!n <= giv s!n)}"
5636 dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	61
dd8f30780fa9 Addition of HOL/UNITY/Client paulson parents: diff changeset	62	end

author	paulson
	Mon, 01 Mar 1999 18:38:43 +0100
changeset 6295	351b3c2b0d83
parent 6012	1894bfc4aee9
child 6800	9ee166138311
permissions	-rw-r--r--