| author | berghofe |
| Fri, 28 Apr 2006 15:59:31 +0200 | |
| changeset 19497 | 630073ef9212 |
| parent 17309 | c43ed29bd197 |
| permissions | -rw-r--r-- |
| 3807 | 1 |
(* |
2 |
File: MIsafe.ML |
|
| 17309 | 3 |
ID: $Id$ |
| 3807 | 4 |
Author: Stephan Merz |
5 |
Copyright: 1997 University of Munich |
|
6 |
||
7 |
RPC-Memory example: Lower-level lemmas about memory implementation (safety) |
|
8 |
*) |
|
9 |
||
10 |
(* ========================= Lemmas about values ========================= *) |
|
11 |
||
12 |
(* RPCFailure notin MemVals U {OK,BadArg} *)
|
|
13 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
14 |
Goalw [MVOKBA_def] "MVOKBA x ==> x ~= RPCFailure"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
15 |
by Auto_tac; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
16 |
qed "MVOKBAnotRF"; |
| 3807 | 17 |
|
18 |
(* NotAResult notin MemVals U {OK,BadArg,RPCFailure} *)
|
|
19 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
20 |
Goalw [MVOKBARF_def] "MVOKBARF x ==> x ~= NotAResult"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
21 |
by Auto_tac; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
22 |
qed "MVOKBARFnotNR"; |
| 3807 | 23 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
24 |
(* ================ Si's are mutually exclusive ================================ *) |
| 3807 | 25 |
(* Si and Sj are mutually exclusive for i # j. This helps to simplify the big |
26 |
conditional in the definition of resbar when doing the step-simulation proof. |
|
27 |
We prove a weaker result, which suffices for our purposes: |
|
28 |
Si implies (not Sj), for j<i. |
|
29 |
*) |
|
30 |
||
31 |
(* --- not used --- |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
32 |
Goal "|- S1 rmhist p --> S1 rmhist p & ~S2 rmhist p & ~S3 rmhist p & \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
33 |
\ ~S4 rmhist p & ~S5 rmhist p & ~S6 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
34 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
35 |
S3_def, S4_def, S5_def, S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
36 |
qed "S1_excl"; |
| 3807 | 37 |
*) |
38 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
39 |
Goal "|- S2 rmhist p --> S2 rmhist p & ~S1 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
40 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
41 |
qed "S2_excl"; |
| 3807 | 42 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
43 |
Goal "|- S3 rmhist p --> S3 rmhist p & ~S1 rmhist p & ~S2 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
44 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def, S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
45 |
qed "S3_excl"; |
| 3807 | 46 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
47 |
Goal "|- S4 rmhist p --> S4 rmhist p & ~S1 rmhist p & ~S2 rmhist p & ~S3 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
48 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
49 |
qed "S4_excl"; |
| 3807 | 50 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
51 |
Goal "|- S5 rmhist p --> S5 rmhist p & ~S1 rmhist p & ~S2 rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
52 |
\ & ~S3 rmhist p & ~S4 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
53 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
54 |
qed "S5_excl"; |
| 3807 | 55 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
56 |
Goal "|- S6 rmhist p --> S6 rmhist p & ~S1 rmhist p & ~S2 rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
57 |
\ & ~S3 rmhist p & ~S4 rmhist p & ~S5 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
58 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def,S5_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
59 |
qed "S6_excl"; |
| 3807 | 60 |
|
61 |
||
62 |
(* ==================== Lemmas about the environment ============================== *) |
|
63 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
64 |
Goal "|- $(Calling memCh p) --> ~ENext p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
65 |
by (auto_tac (MI_css addsimps2 [ENext_def,Call_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
66 |
qed "Envbusy"; |
| 3807 | 67 |
|
68 |
(* ==================== Lemmas about the implementation's states ==================== *) |
|
69 |
||
70 |
(* The following series of lemmas are used in establishing the implementation's |
|
71 |
next-state relation (Step 1.2 of the proof in the paper). For each state Si, we |
|
| 6255 | 72 |
determine which component actions are possible and what state they result in. |
| 3807 | 73 |
*) |
74 |
||
75 |
(* ------------------------------ State S1 ---------------------------------------- *) |
|
76 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
77 |
Goal "|- ENext p & $(S1 rmhist p) & unchanged (c p, r p, m p, rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
78 |
\ --> (S2 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
79 |
by (force_tac (MI_css addsimps2 [ENext_def,Call_def,c_def,r_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
80 |
caller_def,rtrner_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
81 |
S_def,S1_def,S2_def,Calling_def]) 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
82 |
qed "S1Env"; |
| 3807 | 83 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
84 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S1 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
85 |
by (auto_tac (MI_fast_css addSDs2 [MClkidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
86 |
qed "S1ClerkUnch"; |
| 3807 | 87 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
88 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S1 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
89 |
by (auto_tac (MI_fast_css addSDs2 [RPCidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
90 |
qed "S1RPCUnch"; |
| 3807 | 91 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
92 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S1 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
93 |
by (auto_tac (MI_fast_css addSDs2 [Memoryidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
94 |
qed "S1MemUnch"; |
| 3807 | 95 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
96 |
Goal "|- [HNext rmhist p]_(c p,r p,m p,rmhist!p) & $(S1 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
97 |
\ --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
98 |
by (action_simp_tac (simpset() addsimps [HNext_def, S_def, S1_def, MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
99 |
RPCFail_def,MClkReply_def,Return_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
100 |
[] [squareE] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
101 |
qed "S1Hist"; |
| 3807 | 102 |
|
103 |
(* ------------------------------ State S2 ---------------------------------------- *) |
|
104 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
105 |
Goal "|- [ENext p]_(e p) & $(S2 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
106 |
by (auto_tac (MI_css addSDs2 [Envbusy] addsimps2 [S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
107 |
qed "S2EnvUnch"; |
| 3807 | 108 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
109 |
Goal "|- MClkNext memCh crCh cst p & $(S2 rmhist p) --> MClkFwd memCh crCh cst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
110 |
by (auto_tac (MI_css addsimps2 [MClkNext_def,MClkRetry_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
111 |
S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
112 |
qed "S2Clerk"; |
| 3807 | 113 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
114 |
Goal "|- $(S2 rmhist p) & MClkFwd memCh crCh cst p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
115 |
\ & unchanged (e p, r p, m p, rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
116 |
\ --> (S3 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
117 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
118 |
(simpset() addsimps |
| 3807 | 119 |
[MClkFwd_def,Call_def,e_def,r_def,m_def,caller_def,rtrner_def, |
120 |
S_def,S2_def,S3_def,Calling_def]) |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
121 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
122 |
qed "S2Forward"; |
| 3807 | 123 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
124 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S2 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
125 |
by (auto_tac (MI_css addsimps2 [S_def,S2_def] addSDs2 [RPCidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
126 |
qed "S2RPCUnch"; |
| 3807 | 127 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
128 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S2 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
129 |
by (auto_tac (MI_css addsimps2 [S_def,S2_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
130 |
qed "S2MemUnch"; |
| 3807 | 131 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
132 |
Goal "|- [HNext rmhist p]_(c p,r p,m p,rmhist!p) & $(S2 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
133 |
\ --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
134 |
by (auto_tac (MI_fast_css |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
135 |
addsimps2 [HNext_def,MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
136 |
RPCFail_def,MClkReply_def,Return_def,S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
137 |
qed "S2Hist"; |
| 3807 | 138 |
|
139 |
(* ------------------------------ State S3 ---------------------------------------- *) |
|
140 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
141 |
Goal "|- [ENext p]_(e p) & $(S3 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
142 |
by (auto_tac (MI_css addSDs2 [Envbusy] addsimps2 [S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
143 |
qed "S3EnvUnch"; |
| 3807 | 144 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
145 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S3 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
146 |
by (auto_tac (MI_css addSDs2 [MClkbusy] addsimps2 [square_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
147 |
qed "S3ClerkUnch"; |
| 3807 | 148 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
149 |
Goal "|- S3 rmhist p --> IsLegalRcvArg<arg<crCh!p>>"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
150 |
by (auto_tac (MI_css addsimps2 [IsLegalRcvArg_def,MClkRelayArg_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
151 |
qed "S3LegalRcvArg"; |
| 3807 | 152 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
153 |
Goal "|- RPCNext crCh rmCh rst p & $(S3 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
154 |
\ --> RPCFwd crCh rmCh rst p | RPCFail crCh rmCh rst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
155 |
by (Clarsimp_tac 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
156 |
by (forward_tac [action_use S3LegalRcvArg] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
157 |
by (auto_tac (MI_css addsimps2 [RPCNext_def,RPCReject_def,RPCReply_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
158 |
qed "S3RPC"; |
| 3807 | 159 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
160 |
Goal "|- RPCFwd crCh rmCh rst p & HNext rmhist p & $(S3 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
161 |
\ & unchanged (e p, c p, m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
162 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
163 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
164 |
(simpset() addsimps [RPCFwd_def,HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
165 |
Return_def,Call_def,e_def,c_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
166 |
S_def,S3_def,S4_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
167 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
168 |
qed "S3Forward"; |
| 3807 | 169 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
170 |
Goal "|- RPCFail crCh rmCh rst p & $(S3 rmhist p) & HNext rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
171 |
\ & unchanged (e p, c p, m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
172 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
173 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
174 |
(simpset() addsimps [HNext_def,RPCFail_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
175 |
caller_def,rtrner_def,MVOKBARF_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
176 |
S_def,S3_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
177 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
178 |
qed "S3Fail"; |
| 3807 | 179 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
180 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S3 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
181 |
by (auto_tac (MI_css addsimps2 [S_def,S3_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
182 |
qed "S3MemUnch"; |
| 3807 | 183 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
184 |
Goal "|- HNext rmhist p & $(S3 rmhist p) & unchanged (r p) --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
185 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
186 |
Return_def,r_def,rtrner_def,S_def,S3_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
187 |
qed "S3Hist"; |
| 3807 | 188 |
|
189 |
(* ------------------------------ State S4 ---------------------------------------- *) |
|
190 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
191 |
Goal "|- [ENext p]_(e p) & $(S4 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
192 |
by (auto_tac (MI_css addsimps2 [S_def,S4_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
193 |
qed "S4EnvUnch"; |
| 3807 | 194 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
195 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S4 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
196 |
by (auto_tac (MI_css addsimps2 [S_def,S4_def] addSDs2 [MClkbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
197 |
qed "S4ClerkUnch"; |
| 3807 | 198 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
199 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S4 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
200 |
by (auto_tac (MI_fast_css addsimps2 [S_def,S4_def] addSDs2 [RPCbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
201 |
qed "S4RPCUnch"; |
| 3807 | 202 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
203 |
Goal "|- ReadInner rmCh mm ires p l & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
204 |
\ & HNext rmhist p & $(MemInv mm l) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
205 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
206 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
207 |
(simpset() addsimps [ReadInner_def,GoodRead_def, BadRead_def,HNext_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
208 |
MemReturn_def, RPCFail_def,MClkReply_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
209 |
e_def,c_def,r_def,rtrner_def,caller_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
210 |
S_def,S4_def,RdRequest_def,Calling_def,MemInv_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
211 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
212 |
qed "S4ReadInner"; |
| 3807 | 213 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
214 |
Goal "|- Read rmCh mm ires p & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
215 |
\ & HNext rmhist p & (!l. $MemInv mm l) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
216 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
217 |
by (auto_tac (MI_css addsimps2 [Read_def] addSDs2 [S4ReadInner])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
218 |
qed "S4Read"; |
| 3807 | 219 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
220 |
Goal "|- WriteInner rmCh mm ires p l v & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
221 |
\ & HNext rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
222 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
223 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
224 |
(simpset() addsimps [WriteInner_def,GoodWrite_def, BadWrite_def,HNext_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
225 |
MemReturn_def,RPCFail_def,MClkReply_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
226 |
e_def,c_def,r_def,rtrner_def,caller_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
227 |
S_def,S4_def,WrRequest_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
228 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
229 |
qed "S4WriteInner"; |
| 3807 | 230 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
231 |
Goal "|- Write rmCh mm ires p l & $(S4 rmhist p) & unchanged (e p, c p, r p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
232 |
\ & (HNext rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
233 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
234 |
by (auto_tac (MI_css addsimps2 [Write_def] addSDs2 [S4WriteInner])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
235 |
qed "S4Write"; |
| 3807 | 236 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
237 |
Goal "|- $ImpInv rmhist p & Write rmCh mm ires p l --> $S4 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
238 |
by (auto_tac (MI_css addsimps2 [Write_def,WriteInner_def,ImpInv_def,WrRequest_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
239 |
S_def,S1_def,S2_def,S3_def,S4_def,S5_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
240 |
qed "WriteS4"; |
| 3807 | 241 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
242 |
Goal "|- MemReturn rmCh ires p & $S4 rmhist p & unchanged (e p, c p, r p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
243 |
\ & HNext rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
244 |
\ --> (S5 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
245 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,Return_def,e_def,c_def,r_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
246 |
rtrner_def,caller_def,MVNROKBA_def,MVOKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
247 |
S_def,S4_def,S5_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
248 |
qed "S4Return"; |
| 3807 | 249 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
250 |
Goal "|- HNext rmhist p & $S4 rmhist p & (m p)$ = $(m p) --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
251 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
252 |
Return_def,m_def,rtrner_def,S_def,S4_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
253 |
qed "S4Hist"; |
| 3807 | 254 |
|
255 |
(* ------------------------------ State S5 ---------------------------------------- *) |
|
256 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
257 |
Goal "|- [ENext p]_(e p) & $(S5 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
258 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
259 |
qed "S5EnvUnch"; |
| 3807 | 260 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
261 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S5 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
262 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [MClkbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
263 |
qed "S5ClerkUnch"; |
| 3807 | 264 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
265 |
Goal "|- RPCNext crCh rmCh rst p & $(S5 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
266 |
\ --> RPCReply crCh rmCh rst p | RPCFail crCh rmCh rst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
267 |
by (auto_tac (MI_css addsimps2 [RPCNext_def,RPCReject_def,RPCFwd_def,S_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
268 |
qed "S5RPC"; |
| 3807 | 269 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
270 |
Goal "|- RPCReply crCh rmCh rst p & $(S5 rmhist p) & unchanged (e p, c p, m p,rmhist!p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
271 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
272 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
273 |
(simpset() addsimps [RPCReply_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
274 |
MVOKBA_def,MVOKBARF_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
275 |
S_def,S5_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
276 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
277 |
qed "S5Reply"; |
| 3807 | 278 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
279 |
Goal "|- RPCFail crCh rmCh rst p & $(S5 rmhist p) & unchanged (e p, c p, m p,rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
280 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
281 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
282 |
(simpset() addsimps [RPCFail_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
283 |
MVOKBARF_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
284 |
S_def,S5_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
285 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
286 |
qed "S5Fail"; |
| 3807 | 287 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
288 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S5 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
289 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
290 |
qed "S5MemUnch"; |
| 3807 | 291 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
292 |
Goal "|- [HNext rmhist p]_(c p, r p, m p, rmhist!p) & $(S5 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
293 |
\ --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
294 |
by (auto_tac (MI_fast_css |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
295 |
addsimps2 [HNext_def,MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
296 |
RPCFail_def,MClkReply_def,Return_def,S_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
297 |
qed "S5Hist"; |
| 3807 | 298 |
|
299 |
(* ------------------------------ State S6 ---------------------------------------- *) |
|
300 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
301 |
Goal "|- [ENext p]_(e p) & $(S6 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
302 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
303 |
qed "S6EnvUnch"; |
| 3807 | 304 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
305 |
Goal "|- MClkNext memCh crCh cst p & $(S6 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
306 |
\ --> MClkRetry memCh crCh cst p | MClkReply memCh crCh cst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
307 |
by (auto_tac (MI_css addsimps2 [MClkNext_def,MClkFwd_def,S_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
308 |
qed "S6Clerk"; |
| 3807 | 309 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
310 |
Goal "|- MClkRetry memCh crCh cst p & HNext rmhist p & $S6 rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
311 |
\ & unchanged (e p,r p,m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
312 |
\ --> (S3 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
313 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
314 |
(simpset() addsimps [HNext_def,MClkReply_def,MClkRetry_def,Call_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
315 |
Return_def,e_def,r_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
316 |
S_def,S6_def,S3_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
317 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
318 |
qed "S6Retry"; |
| 3807 | 319 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
320 |
Goal "|- MClkReply memCh crCh cst p & HNext rmhist p & $S6 rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
321 |
\ & unchanged (e p,r p,m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
322 |
\ --> (S1 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
323 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
324 |
(simpset() addsimps [HNext_def,MemReturn_def,RPCFail_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
325 |
MClkReply_def,e_def,r_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
326 |
S_def,S6_def,S1_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
327 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
328 |
qed "S6Reply"; |
| 3807 | 329 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
330 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $S6 rmhist p --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
331 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [RPCidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
332 |
qed "S6RPCUnch"; |
| 3807 | 333 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
334 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S6 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
335 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
336 |
qed "S6MemUnch"; |
| 6255 | 337 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
338 |
Goal "|- HNext rmhist p & $S6 rmhist p & (c p)$ = $(c p) --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
339 |
by (auto_tac (MI_css addsimps2 [HNext_def,MClkReply_def,Return_def,c_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
340 |
S_def,S6_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
341 |
qed "S6Hist"; |