| author | paulson |
| Wed, 05 Aug 1998 10:57:25 +0200 | |
| changeset 5253 | 82a5ca6290aa |
| parent 5240 | bbcd79ef7cf2 |
| child 5584 | aad639e56d4e |
| permissions | -rw-r--r-- |
| 4776 | 1 |
(* Title: HOL/UNITY/Mutex.thy |
2 |
ID: $Id$ |
|
3 |
Author: Lawrence C Paulson, Cambridge University Computer Laboratory |
|
4 |
Copyright 1998 University of Cambridge |
|
5 |
||
6 |
Based on "A Family of 2-Process Mutual Exclusion Algorithms" by J Misra |
|
7 |
*) |
|
8 |
||
|
5240
bbcd79ef7cf2
Constant "invariant" and new constrains_tac, ensures_tac
paulson
parents:
5232
diff
changeset
|
9 |
Mutex = SubstAx + |
| 4776 | 10 |
|
11 |
(*WE NEED A GENERAL TREATMENT OF NUMBERS!!*) |
|
12 |
syntax |
|
13 |
"3" :: nat ("3")
|
|
14 |
"4" :: nat ("4")
|
|
15 |
||
16 |
translations |
|
17 |
"3" == "Suc 2" |
|
18 |
"4" == "Suc 3" |
|
19 |
||
20 |
||
| 5232 | 21 |
record state = |
22 |
PP :: bool |
|
23 |
MM :: nat |
|
24 |
NN :: nat |
|
25 |
UU :: bool |
|
26 |
VV :: bool |
|
| 4776 | 27 |
|
28 |
constdefs |
|
| 5253 | 29 |
|
30 |
(** The program for process U **) |
|
31 |
||
| 5232 | 32 |
cmd0U :: "(state*state) set" |
33 |
"cmd0U == {(s,s'). s' = s (|UU:=True, MM:=1|) & MM s = 0}"
|
|
34 |
||
35 |
cmd1U :: "(state*state) set" |
|
36 |
"cmd1U == {(s,s'). s' = s (|PP:= VV s, MM:=2|) & MM s = 1}"
|
|
| 4776 | 37 |
|
| 5232 | 38 |
cmd2U :: "(state*state) set" |
39 |
"cmd2U == {(s,s'). s' = s (|MM:=3|) & ~ PP s & MM s = 2}"
|
|
| 4776 | 40 |
|
| 5232 | 41 |
cmd3U :: "(state*state) set" |
42 |
"cmd3U == {(s,s'). s' = s (|UU:=False, MM:=4|) & MM s = 3}"
|
|
43 |
||
44 |
cmd4U :: "(state*state) set" |
|
45 |
"cmd4U == {(s,s'). s' = s (|PP:=True, MM:=0|) & MM s = 4}"
|
|
| 4776 | 46 |
|
| 5253 | 47 |
(** The program for process V **) |
48 |
||
| 5232 | 49 |
cmd0V :: "(state*state) set" |
50 |
"cmd0V == {(s,s'). s' = s (|VV:=True, NN:=1|) & NN s = 0}"
|
|
51 |
||
52 |
cmd1V :: "(state*state) set" |
|
53 |
"cmd1V == {(s,s'). s' = s (|PP:= ~ UU s, NN:=2|) & NN s = 1}"
|
|
| 4776 | 54 |
|
| 5232 | 55 |
cmd2V :: "(state*state) set" |
56 |
"cmd2V == {(s,s'). s' = s (|NN:=3|) & PP s & NN s = 2}"
|
|
| 4776 | 57 |
|
| 5232 | 58 |
cmd3V :: "(state*state) set" |
59 |
"cmd3V == {(s,s'). s' = s (|VV:=False, NN:=4|) & NN s = 3}"
|
|
60 |
||
61 |
cmd4V :: "(state*state) set" |
|
62 |
"cmd4V == {(s,s'). s' = s (|PP:=False, NN:=0|) & NN s = 4}"
|
|
| 4776 | 63 |
|
| 5253 | 64 |
Mprg :: state program |
65 |
"Mprg == (|Init = {s. ~ UU s & ~ VV s & MM s = 0 & NN s = 0},
|
|
66 |
Acts = {id,
|
|
67 |
cmd0U, cmd1U, cmd2U, cmd3U, cmd4U, |
|
68 |
cmd0V, cmd1V, cmd2V, cmd3V, cmd4V}|)" |
|
69 |
||
| 5232 | 70 |
|
71 |
(** The correct invariants **) |
|
72 |
||
73 |
invariantU :: "state set" |
|
74 |
"invariantU == {s. (UU s = (1 <= MM s & MM s <= 3)) &
|
|
75 |
(MM s = 3 --> ~ PP s)}" |
|
76 |
||
77 |
invariantV :: "state set" |
|
78 |
"invariantV == {s. (VV s = (1 <= NN s & NN s <= 3)) &
|
|
79 |
(NN s = 3 --> PP s)}" |
|
80 |
||
81 |
(** The faulty invariant (for U alone) **) |
|
82 |
||
83 |
bad_invariantU :: "state set" |
|
84 |
"bad_invariantU == {s. (UU s = (1 <= MM s & MM s <= 3)) &
|
|
85 |
(3 <= MM s & MM s <= 4 --> ~ PP s)}" |
|
| 4776 | 86 |
|
87 |
end |