13020
|
1 |
|
|
2 |
header {* \section{The Single Mutator Case} *}
|
|
3 |
|
|
4 |
theory Gar_Coll = Graph + OG_Syntax:
|
|
5 |
|
|
6 |
text {* Declaration of variables: *}
|
|
7 |
|
|
8 |
record gar_coll_state =
|
|
9 |
M :: nodes
|
|
10 |
E :: edges
|
|
11 |
bc :: "nat set"
|
|
12 |
obc :: "nat set"
|
|
13 |
Ma :: nodes
|
|
14 |
ind :: nat
|
|
15 |
k :: nat
|
|
16 |
z :: bool
|
|
17 |
|
|
18 |
subsection {* The Mutator *}
|
|
19 |
|
|
20 |
text {* The mutator first redirects an arbitrary edge @{text "R"} from
|
|
21 |
an arbitrary accessible node towards an arbitrary accessible node
|
|
22 |
@{text "T"}. It then colors the new target @{text "T"} black.
|
|
23 |
|
|
24 |
We declare the arbitrarily selected node and edge as constants:*}
|
|
25 |
|
|
26 |
consts R :: nat T :: nat
|
|
27 |
|
|
28 |
text {* \noindent The following predicate states, given a list of
|
|
29 |
nodes @{text "m"} and a list of edges @{text "e"}, the conditions
|
|
30 |
under which the selected edge @{text "R"} and node @{text "T"} are
|
|
31 |
valid: *}
|
|
32 |
|
|
33 |
constdefs
|
|
34 |
Mut_init :: "gar_coll_state \<Rightarrow> bool"
|
|
35 |
"Mut_init \<equiv> \<guillemotleft> T \<in> Reach \<acute>E \<and> R < length \<acute>E \<and> T < length \<acute>M \<guillemotright>"
|
|
36 |
|
|
37 |
text {* \noindent For the mutator we
|
|
38 |
consider two modules, one for each action. An auxiliary variable
|
|
39 |
@{text "\<acute>z"} is set to false if the mutator has already redirected an
|
|
40 |
edge but has not yet colored the new target. *}
|
|
41 |
|
|
42 |
constdefs
|
|
43 |
Redirect_Edge :: "gar_coll_state ann_com"
|
|
44 |
"Redirect_Edge \<equiv> .{\<acute>Mut_init \<and> \<acute>z}. \<langle>\<acute>E:=\<acute>E[R:=(fst(\<acute>E!R), T)],, \<acute>z:= (\<not>\<acute>z)\<rangle>"
|
|
45 |
|
|
46 |
Color_Target :: "gar_coll_state ann_com"
|
|
47 |
"Color_Target \<equiv> .{\<acute>Mut_init \<and> \<not>\<acute>z}. \<langle>\<acute>M:=\<acute>M[T:=Black],, \<acute>z:= (\<not>\<acute>z)\<rangle>"
|
|
48 |
|
|
49 |
Mutator :: "gar_coll_state ann_com"
|
|
50 |
"Mutator \<equiv>
|
|
51 |
.{\<acute>Mut_init \<and> \<acute>z}.
|
|
52 |
WHILE True INV .{\<acute>Mut_init \<and> \<acute>z}.
|
|
53 |
DO Redirect_Edge ;; Color_Target OD"
|
|
54 |
|
|
55 |
subsubsection {* Correctness of the mutator *}
|
|
56 |
|
|
57 |
lemmas mutator_defs = Mut_init_def Redirect_Edge_def Color_Target_def
|
|
58 |
|
|
59 |
lemma Redirect_Edge:
|
|
60 |
"\<turnstile> Redirect_Edge pre(Color_Target)"
|
|
61 |
apply (unfold mutator_defs)
|
|
62 |
apply annhoare
|
|
63 |
apply(simp_all)
|
|
64 |
apply(force elim:Graph2)
|
|
65 |
done
|
|
66 |
|
|
67 |
lemma Color_Target:
|
|
68 |
"\<turnstile> Color_Target .{\<acute>Mut_init \<and> \<acute>z}."
|
|
69 |
apply (unfold mutator_defs)
|
|
70 |
apply annhoare
|
|
71 |
apply(simp_all)
|
|
72 |
done
|
|
73 |
|
|
74 |
lemma Mutator:
|
|
75 |
"\<turnstile> Mutator .{False}."
|
|
76 |
apply(unfold Mutator_def)
|
|
77 |
apply annhoare
|
|
78 |
apply(simp_all add:Redirect_Edge Color_Target)
|
|
79 |
apply(simp add:mutator_defs Redirect_Edge_def)
|
|
80 |
done
|
|
81 |
|
|
82 |
subsection {* The Collector *}
|
|
83 |
|
|
84 |
text {* \noindent A constant @{text "M_init"} is used to give @{text "\<acute>Ma"} a
|
|
85 |
suitable first value, defined as a list of nodes where only the @{text
|
|
86 |
"Roots"} are black. *}
|
|
87 |
|
|
88 |
consts M_init :: nodes
|
|
89 |
|
|
90 |
constdefs
|
|
91 |
Proper_M_init :: "gar_coll_state \<Rightarrow> bool"
|
|
92 |
"Proper_M_init \<equiv> \<guillemotleft> Blacks M_init=Roots \<and> length M_init=length \<acute>M \<guillemotright>"
|
|
93 |
|
|
94 |
Proper :: "gar_coll_state \<Rightarrow> bool"
|
|
95 |
"Proper \<equiv> \<guillemotleft> Proper_Roots \<acute>M \<and> Proper_Edges(\<acute>M, \<acute>E) \<and> \<acute>Proper_M_init \<guillemotright>"
|
|
96 |
|
|
97 |
Safe :: "gar_coll_state \<Rightarrow> bool"
|
|
98 |
"Safe \<equiv> \<guillemotleft> Reach \<acute>E \<subseteq> Blacks \<acute>M \<guillemotright>"
|
|
99 |
|
|
100 |
lemmas collector_defs = Proper_M_init_def Proper_def Safe_def
|
|
101 |
|
|
102 |
subsubsection {* Blackening the roots *}
|
|
103 |
|
|
104 |
constdefs
|
|
105 |
Blacken_Roots :: " gar_coll_state ann_com"
|
|
106 |
"Blacken_Roots \<equiv>
|
|
107 |
.{\<acute>Proper}.
|
|
108 |
\<acute>ind:=0;;
|
|
109 |
.{\<acute>Proper \<and> \<acute>ind=0}.
|
|
110 |
WHILE \<acute>ind<length \<acute>M
|
|
111 |
INV .{\<acute>Proper \<and> (\<forall>i<\<acute>ind. i \<in> Roots \<longrightarrow> \<acute>M!i=Black) \<and> \<acute>ind\<le>length \<acute>M}.
|
|
112 |
DO .{\<acute>Proper \<and> (\<forall>i<\<acute>ind. i \<in> Roots \<longrightarrow> \<acute>M!i=Black) \<and> \<acute>ind<length \<acute>M}.
|
|
113 |
IF \<acute>ind\<in>Roots THEN
|
|
114 |
.{\<acute>Proper \<and> (\<forall>i<\<acute>ind. i \<in> Roots \<longrightarrow> \<acute>M!i=Black) \<and> \<acute>ind<length \<acute>M \<and> \<acute>ind\<in>Roots}.
|
|
115 |
\<acute>M:=\<acute>M[\<acute>ind:=Black] FI;;
|
|
116 |
.{\<acute>Proper \<and> (\<forall>i<\<acute>ind+1. i \<in> Roots \<longrightarrow> \<acute>M!i=Black) \<and> \<acute>ind<length \<acute>M}.
|
|
117 |
\<acute>ind:=\<acute>ind+1
|
|
118 |
OD"
|
|
119 |
|
|
120 |
lemma Blacken_Roots:
|
|
121 |
"\<turnstile> Blacken_Roots .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M}."
|
|
122 |
apply (unfold Blacken_Roots_def)
|
|
123 |
apply annhoare
|
|
124 |
apply(simp_all add:collector_defs Graph_defs)
|
|
125 |
apply safe
|
|
126 |
apply(simp_all add:nth_list_update)
|
|
127 |
apply (erule less_SucE)
|
|
128 |
apply simp+
|
|
129 |
apply (erule less_SucE)
|
|
130 |
apply simp+
|
|
131 |
apply(drule le_imp_less_or_eq)
|
|
132 |
apply force
|
|
133 |
apply force
|
|
134 |
done
|
|
135 |
|
|
136 |
subsubsection {* Propagating black *}
|
|
137 |
|
|
138 |
constdefs
|
|
139 |
PBInv :: "gar_coll_state \<Rightarrow> nat \<Rightarrow> bool"
|
|
140 |
"PBInv \<equiv> \<guillemotleft> \<lambda>ind. \<acute>obc < Blacks \<acute>M \<or> (\<forall>i <ind. \<not>BtoW (\<acute>E!i, \<acute>M) \<or>
|
|
141 |
(\<not>\<acute>z \<and> i=R \<and> (snd(\<acute>E!R)) = T \<and> (\<exists>r. ind \<le> r \<and> r < length \<acute>E \<and> BtoW(\<acute>E!r,\<acute>M))))\<guillemotright>"
|
|
142 |
|
|
143 |
constdefs
|
|
144 |
Propagate_Black_aux :: "gar_coll_state ann_com"
|
|
145 |
"Propagate_Black_aux \<equiv>
|
|
146 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M}.
|
|
147 |
\<acute>ind:=0;;
|
|
148 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M \<and> \<acute>ind=0}.
|
|
149 |
WHILE \<acute>ind<length \<acute>E
|
|
150 |
INV .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
151 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind\<le>length \<acute>E}.
|
|
152 |
DO .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
153 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E}.
|
|
154 |
IF \<acute>M!(fst (\<acute>E!\<acute>ind)) = Black THEN
|
|
155 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
156 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E \<and> \<acute>M!fst(\<acute>E!\<acute>ind)=Black}.
|
|
157 |
\<acute>M:=\<acute>M[snd(\<acute>E!\<acute>ind):=Black];;
|
|
158 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
159 |
\<and> \<acute>PBInv (\<acute>ind + 1) \<and> \<acute>ind<length \<acute>E}.
|
|
160 |
\<acute>ind:=\<acute>ind+1
|
|
161 |
FI
|
|
162 |
OD"
|
|
163 |
|
|
164 |
lemma Propagate_Black_aux:
|
|
165 |
"\<turnstile> Propagate_Black_aux
|
|
166 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
167 |
\<and> ( \<acute>obc < Blacks \<acute>M \<or> \<acute>Safe)}."
|
|
168 |
apply (unfold Propagate_Black_aux_def PBInv_def collector_defs)
|
|
169 |
apply annhoare
|
|
170 |
apply(simp_all add:Graph6 Graph7 Graph8 Graph12)
|
|
171 |
apply force
|
|
172 |
apply force
|
|
173 |
apply force
|
|
174 |
--{* 4 subgoals left *}
|
|
175 |
apply clarify
|
|
176 |
apply(simp add:Proper_Edges_def Proper_Roots_def Graph6 Graph7 Graph8 Graph12)
|
|
177 |
apply (erule disjE)
|
|
178 |
apply(rule disjI1)
|
|
179 |
apply(erule Graph13)
|
|
180 |
apply force
|
|
181 |
apply (case_tac "M x ! snd (E x ! ind x)=Black")
|
|
182 |
apply (simp add: Graph10 BtoW_def)
|
|
183 |
apply (rule disjI2)
|
|
184 |
apply clarify
|
|
185 |
apply (erule less_SucE)
|
|
186 |
apply (erule_tac x=i in allE , erule (1) notE impE)
|
|
187 |
apply simp
|
|
188 |
apply clarify
|
|
189 |
apply (drule le_imp_less_or_eq)
|
|
190 |
apply (erule disjE)
|
|
191 |
apply (subgoal_tac "Suc (ind x)\<le>r")
|
|
192 |
apply fast
|
|
193 |
apply arith
|
|
194 |
apply fast
|
|
195 |
apply fast
|
|
196 |
apply(rule disjI1)
|
|
197 |
apply(erule subset_psubset_trans)
|
|
198 |
apply(erule Graph11)
|
|
199 |
apply fast
|
|
200 |
--{* 3 subgoals left *}
|
|
201 |
apply force
|
|
202 |
apply force
|
|
203 |
--{* last *}
|
|
204 |
apply clarify
|
|
205 |
apply simp
|
|
206 |
apply(subgoal_tac "ind x = length (E x)")
|
|
207 |
apply (rotate_tac -1)
|
|
208 |
apply simp
|
|
209 |
apply(drule Graph1)
|
|
210 |
apply simp
|
|
211 |
apply clarify
|
|
212 |
apply(erule allE, erule impE, assumption)
|
|
213 |
apply force
|
|
214 |
apply force
|
|
215 |
apply arith
|
|
216 |
done
|
|
217 |
|
|
218 |
subsubsection {* Refining propagating black *}
|
|
219 |
|
|
220 |
constdefs
|
|
221 |
Auxk :: "gar_coll_state \<Rightarrow> bool"
|
|
222 |
"Auxk \<equiv> \<guillemotleft>\<acute>k<length \<acute>M \<and> (\<acute>M!\<acute>k\<noteq>Black \<or> \<not>BtoW(\<acute>E!\<acute>ind, \<acute>M) \<or>
|
|
223 |
\<acute>obc<Blacks \<acute>M \<or> (\<not>\<acute>z \<and> \<acute>ind=R \<and> snd(\<acute>E!R)=T
|
|
224 |
\<and> (\<exists>r. \<acute>ind<r \<and> r<length \<acute>E \<and> BtoW(\<acute>E!r, \<acute>M))))\<guillemotright>"
|
|
225 |
|
|
226 |
constdefs
|
|
227 |
Propagate_Black :: " gar_coll_state ann_com"
|
|
228 |
"Propagate_Black \<equiv>
|
|
229 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M}.
|
|
230 |
\<acute>ind:=0;;
|
|
231 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M \<and> \<acute>ind=0}.
|
|
232 |
WHILE \<acute>ind<length \<acute>E
|
|
233 |
INV .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
234 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind\<le>length \<acute>E}.
|
|
235 |
DO .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
236 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E}.
|
|
237 |
IF (\<acute>M!(fst (\<acute>E!\<acute>ind)))=Black THEN
|
|
238 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
239 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E \<and> (\<acute>M!fst(\<acute>E!\<acute>ind))=Black}.
|
|
240 |
\<acute>k:=(snd(\<acute>E!\<acute>ind));;
|
|
241 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
242 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E \<and> (\<acute>M!fst(\<acute>E!\<acute>ind))=Black
|
|
243 |
\<and> \<acute>Auxk}.
|
|
244 |
\<langle>\<acute>M:=\<acute>M[\<acute>k:=Black],, \<acute>ind:=\<acute>ind+1\<rangle>
|
|
245 |
ELSE .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
246 |
\<and> \<acute>PBInv \<acute>ind \<and> \<acute>ind<length \<acute>E}.
|
|
247 |
\<langle>IF (\<acute>M!(fst (\<acute>E!\<acute>ind)))\<noteq>Black THEN \<acute>ind:=\<acute>ind+1 FI\<rangle>
|
|
248 |
FI
|
|
249 |
OD"
|
|
250 |
|
|
251 |
lemma Propagate_Black:
|
|
252 |
"\<turnstile> Propagate_Black
|
|
253 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
254 |
\<and> ( \<acute>obc < Blacks \<acute>M \<or> \<acute>Safe)}."
|
|
255 |
apply (unfold Propagate_Black_def PBInv_def Auxk_def collector_defs)
|
|
256 |
apply annhoare
|
|
257 |
apply(simp_all add:Graph6 Graph7 Graph8 Graph12)
|
|
258 |
apply force
|
|
259 |
apply force
|
|
260 |
apply force
|
|
261 |
--{* 5 subgoals left *}
|
|
262 |
apply clarify
|
|
263 |
apply(simp add:BtoW_def Proper_Edges_def)
|
|
264 |
--{* 4 subgoals left *}
|
|
265 |
apply clarify
|
|
266 |
apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
|
|
267 |
apply (erule disjE)
|
|
268 |
apply (rule disjI1)
|
|
269 |
apply (erule psubset_subset_trans)
|
|
270 |
apply (erule Graph9)
|
|
271 |
apply (case_tac "M x!k x=Black")
|
|
272 |
apply (case_tac "M x ! snd (E x ! ind x)=Black")
|
|
273 |
apply (simp add: Graph10 BtoW_def)
|
|
274 |
apply (rule disjI2)
|
|
275 |
apply clarify
|
|
276 |
apply (erule less_SucE)
|
|
277 |
apply (erule_tac x=i in allE , erule (1) notE impE)
|
|
278 |
apply simp
|
|
279 |
apply clarify
|
|
280 |
apply (drule le_imp_less_or_eq)
|
|
281 |
apply (erule disjE)
|
|
282 |
apply (subgoal_tac "Suc (ind x)\<le>r")
|
|
283 |
apply fast
|
|
284 |
apply arith
|
|
285 |
apply fast
|
|
286 |
apply fast
|
|
287 |
apply (simp add: Graph10 BtoW_def)
|
|
288 |
apply (erule disjE)
|
|
289 |
apply (erule disjI1)
|
|
290 |
apply clarify
|
|
291 |
apply (erule less_SucE)
|
|
292 |
apply force
|
|
293 |
apply simp
|
|
294 |
apply (subgoal_tac "Suc R\<le>r")
|
|
295 |
apply fast
|
|
296 |
apply arith
|
|
297 |
apply(rule disjI1)
|
|
298 |
apply(erule subset_psubset_trans)
|
|
299 |
apply(erule Graph11)
|
|
300 |
apply fast
|
|
301 |
--{* 3 subgoals left *}
|
|
302 |
apply force
|
|
303 |
--{* 2 subgoals left *}
|
|
304 |
apply clarify
|
|
305 |
apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
|
|
306 |
apply (erule disjE)
|
|
307 |
apply fast
|
|
308 |
apply clarify
|
|
309 |
apply (erule less_SucE)
|
|
310 |
apply (erule_tac x=i in allE , erule (1) notE impE)
|
|
311 |
apply simp
|
|
312 |
apply clarify
|
|
313 |
apply (drule le_imp_less_or_eq)
|
|
314 |
apply (erule disjE)
|
|
315 |
apply (subgoal_tac "Suc (ind x)\<le>r")
|
|
316 |
apply fast
|
|
317 |
apply arith
|
|
318 |
apply (simp add: BtoW_def)
|
|
319 |
apply (simp add: BtoW_def)
|
|
320 |
--{* last *}
|
|
321 |
apply clarify
|
|
322 |
apply simp
|
|
323 |
apply(subgoal_tac "ind x = length (E x)")
|
|
324 |
apply (rotate_tac -1)
|
|
325 |
apply simp
|
|
326 |
apply(drule Graph1)
|
|
327 |
apply simp
|
|
328 |
apply clarify
|
|
329 |
apply(erule allE, erule impE, assumption)
|
|
330 |
apply force
|
|
331 |
apply force
|
|
332 |
apply arith
|
|
333 |
done
|
|
334 |
|
|
335 |
subsubsection {* Counting black nodes *}
|
|
336 |
|
|
337 |
constdefs
|
|
338 |
CountInv :: "gar_coll_state \<Rightarrow> nat \<Rightarrow> bool"
|
|
339 |
"CountInv \<equiv> \<guillemotleft> \<lambda>ind. {i. i<ind \<and> \<acute>Ma!i=Black}\<subseteq>\<acute>bc \<guillemotright>"
|
|
340 |
|
|
341 |
constdefs
|
|
342 |
Count :: " gar_coll_state ann_com"
|
|
343 |
"Count \<equiv>
|
|
344 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
345 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
346 |
\<and> length \<acute>Ma=length \<acute>M \<and> (\<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>bc={}}.
|
|
347 |
\<acute>ind:=0;;
|
|
348 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
349 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
350 |
\<and> length \<acute>Ma=length \<acute>M \<and> (\<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>bc={}
|
|
351 |
\<and> \<acute>ind=0}.
|
|
352 |
WHILE \<acute>ind<length \<acute>M
|
|
353 |
INV .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
354 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
355 |
\<and> length \<acute>Ma=length \<acute>M \<and> \<acute>CountInv \<acute>ind
|
|
356 |
\<and> ( \<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>ind\<le>length \<acute>M}.
|
|
357 |
DO .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
358 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
359 |
\<and> length \<acute>Ma=length \<acute>M \<and> \<acute>CountInv \<acute>ind
|
|
360 |
\<and> ( \<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>ind<length \<acute>M}.
|
|
361 |
IF \<acute>M!\<acute>ind=Black
|
|
362 |
THEN .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
363 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
364 |
\<and> length \<acute>Ma=length \<acute>M \<and> \<acute>CountInv \<acute>ind
|
|
365 |
\<and> ( \<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>ind<length \<acute>M \<and> \<acute>M!\<acute>ind=Black}.
|
|
366 |
\<acute>bc:=insert \<acute>ind \<acute>bc
|
|
367 |
FI;;
|
|
368 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
369 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
370 |
\<and> length \<acute>Ma=length \<acute>M \<and> \<acute>CountInv (\<acute>ind+1)
|
|
371 |
\<and> ( \<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe) \<and> \<acute>ind<length \<acute>M}.
|
|
372 |
\<acute>ind:=\<acute>ind+1
|
|
373 |
OD"
|
|
374 |
|
|
375 |
lemma Count:
|
|
376 |
"\<turnstile> Count
|
|
377 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
378 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>\<acute>bc \<and> \<acute>bc\<subseteq>Blacks \<acute>M \<and> length \<acute>Ma=length \<acute>M
|
|
379 |
\<and> (\<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe)}."
|
|
380 |
apply(unfold Count_def)
|
|
381 |
apply annhoare
|
|
382 |
apply(simp_all add:CountInv_def Graph6 Graph7 Graph8 Graph12 Blacks_def collector_defs)
|
|
383 |
apply force
|
|
384 |
apply force
|
|
385 |
apply force
|
|
386 |
apply clarify
|
|
387 |
apply simp
|
|
388 |
apply(fast elim:less_SucE)
|
|
389 |
apply clarify
|
|
390 |
apply simp
|
|
391 |
apply(fast elim:less_SucE)
|
|
392 |
apply force
|
|
393 |
apply force
|
|
394 |
done
|
|
395 |
|
|
396 |
subsubsection {* Appending garbage nodes to the free list *}
|
|
397 |
|
|
398 |
consts Append_to_free :: "nat \<times> edges \<Rightarrow> edges"
|
|
399 |
|
|
400 |
axioms
|
|
401 |
Append_to_free0: "length (Append_to_free (i, e)) = length e"
|
|
402 |
Append_to_free1: "Proper_Edges (m, e)
|
|
403 |
\<Longrightarrow> Proper_Edges (m, Append_to_free(i, e))"
|
|
404 |
Append_to_free2: "i \<notin> Reach e
|
|
405 |
\<Longrightarrow> n \<in> Reach (Append_to_free(i, e)) = ( n = i \<or> n \<in> Reach e)"
|
|
406 |
|
|
407 |
constdefs
|
|
408 |
AppendInv :: "gar_coll_state \<Rightarrow> nat \<Rightarrow> bool"
|
|
409 |
"AppendInv \<equiv> \<guillemotleft>\<lambda>ind. \<forall>i<length \<acute>M. ind\<le>i \<longrightarrow> i\<in>Reach \<acute>E \<longrightarrow> \<acute>M!i=Black\<guillemotright>"
|
|
410 |
|
|
411 |
constdefs
|
|
412 |
Append :: " gar_coll_state ann_com"
|
|
413 |
"Append \<equiv>
|
|
414 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>Safe}.
|
|
415 |
\<acute>ind:=0;;
|
|
416 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>Safe \<and> \<acute>ind=0}.
|
|
417 |
WHILE \<acute>ind<length \<acute>M
|
|
418 |
INV .{\<acute>Proper \<and> \<acute>AppendInv \<acute>ind \<and> \<acute>ind\<le>length \<acute>M}.
|
|
419 |
DO .{\<acute>Proper \<and> \<acute>AppendInv \<acute>ind \<and> \<acute>ind<length \<acute>M}.
|
|
420 |
IF \<acute>M!\<acute>ind=Black THEN
|
|
421 |
.{\<acute>Proper \<and> \<acute>AppendInv \<acute>ind \<and> \<acute>ind<length \<acute>M \<and> \<acute>M!\<acute>ind=Black}.
|
|
422 |
\<acute>M:=\<acute>M[\<acute>ind:=White]
|
|
423 |
ELSE .{\<acute>Proper \<and> \<acute>AppendInv \<acute>ind \<and> \<acute>ind<length \<acute>M \<and> \<acute>ind\<notin>Reach \<acute>E}.
|
|
424 |
\<acute>E:=Append_to_free(\<acute>ind,\<acute>E)
|
|
425 |
FI;;
|
|
426 |
.{\<acute>Proper \<and> \<acute>AppendInv (\<acute>ind+1) \<and> \<acute>ind<length \<acute>M}.
|
|
427 |
\<acute>ind:=\<acute>ind+1
|
|
428 |
OD"
|
|
429 |
|
|
430 |
lemma Append:
|
|
431 |
"\<turnstile> Append .{\<acute>Proper}."
|
|
432 |
apply(unfold Append_def AppendInv_def)
|
|
433 |
apply annhoare
|
|
434 |
apply(simp_all add:collector_defs Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
|
|
435 |
apply(force simp:Blacks_def nth_list_update)
|
|
436 |
apply force
|
|
437 |
apply force
|
|
438 |
apply(force simp add:Graph_defs)
|
|
439 |
apply force
|
|
440 |
apply clarify
|
|
441 |
apply simp
|
|
442 |
apply(rule conjI)
|
|
443 |
apply (erule Append_to_free1)
|
|
444 |
apply clarify
|
|
445 |
apply (drule_tac n = "i" in Append_to_free2)
|
|
446 |
apply force
|
|
447 |
apply force
|
|
448 |
apply force
|
|
449 |
done
|
|
450 |
|
|
451 |
subsubsection {* Correctness of the Collector *}
|
|
452 |
|
|
453 |
constdefs
|
|
454 |
Collector :: " gar_coll_state ann_com"
|
|
455 |
"Collector \<equiv>
|
|
456 |
.{\<acute>Proper}.
|
|
457 |
WHILE True INV .{\<acute>Proper}.
|
|
458 |
DO
|
|
459 |
Blacken_Roots;;
|
|
460 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M}.
|
|
461 |
\<acute>obc:={};;
|
|
462 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc={}}.
|
|
463 |
\<acute>bc:=Roots;;
|
|
464 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc={} \<and> \<acute>bc=Roots}.
|
|
465 |
\<acute>Ma:=M_init;;
|
|
466 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc={} \<and> \<acute>bc=Roots \<and> \<acute>Ma=M_init}.
|
|
467 |
WHILE \<acute>obc\<noteq>\<acute>bc
|
|
468 |
INV .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M
|
|
469 |
\<and> \<acute>obc\<subseteq>Blacks \<acute>Ma \<and> Blacks \<acute>Ma\<subseteq>\<acute>bc \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
470 |
\<and> length \<acute>Ma=length \<acute>M \<and> (\<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe)}.
|
|
471 |
DO .{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M}.
|
|
472 |
\<acute>obc:=\<acute>bc;;
|
|
473 |
Propagate_Black;;
|
|
474 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M
|
|
475 |
\<and> (\<acute>obc < Blacks \<acute>M \<or> \<acute>Safe)}.
|
|
476 |
\<acute>Ma:=\<acute>M;;
|
|
477 |
.{\<acute>Proper \<and> Roots\<subseteq>Blacks \<acute>M \<and> \<acute>obc\<subseteq>Blacks \<acute>Ma
|
|
478 |
\<and> Blacks \<acute>Ma\<subseteq>Blacks \<acute>M \<and> \<acute>bc\<subseteq>Blacks \<acute>M \<and> length \<acute>Ma=length \<acute>M
|
|
479 |
\<and> ( \<acute>obc < Blacks \<acute>Ma \<or> \<acute>Safe)}.
|
|
480 |
\<acute>bc:={};;
|
|
481 |
Count
|
|
482 |
OD;;
|
|
483 |
Append
|
|
484 |
OD"
|
|
485 |
|
|
486 |
lemma Collector:
|
|
487 |
"\<turnstile> Collector .{False}."
|
|
488 |
apply(unfold Collector_def)
|
|
489 |
apply annhoare
|
|
490 |
apply(simp_all add: Blacken_Roots Propagate_Black Count Append)
|
|
491 |
apply(simp_all add:Blacken_Roots_def Propagate_Black_def Count_def Append_def collector_defs)
|
|
492 |
apply (force simp add: Proper_Roots_def)
|
|
493 |
apply force
|
|
494 |
apply force
|
|
495 |
apply clarify
|
|
496 |
apply (erule disjE)
|
|
497 |
apply(simp add:psubsetI)
|
|
498 |
apply(force dest:subset_antisym)
|
|
499 |
apply force
|
|
500 |
done
|
|
501 |
|
|
502 |
subsection {* Interference Freedom *}
|
|
503 |
|
|
504 |
lemmas modules = Redirect_Edge_def Color_Target_def Blacken_Roots_def
|
|
505 |
Propagate_Black_def Count_def Append_def
|
|
506 |
lemmas Invariants = PBInv_def Auxk_def CountInv_def AppendInv_def
|
|
507 |
lemmas abbrev = collector_defs mutator_defs Invariants
|
|
508 |
|
|
509 |
lemma interfree_Blacken_Roots_Redirect_Edge:
|
|
510 |
"interfree_aux (Some Blacken_Roots, {}, Some Redirect_Edge)"
|
|
511 |
apply (unfold modules)
|
|
512 |
apply interfree_aux
|
|
513 |
apply safe
|
|
514 |
apply (simp_all add:Graph6 Graph12 abbrev)
|
|
515 |
done
|
|
516 |
|
|
517 |
lemma interfree_Redirect_Edge_Blacken_Roots:
|
|
518 |
"interfree_aux (Some Redirect_Edge, {}, Some Blacken_Roots)"
|
|
519 |
apply (unfold modules)
|
|
520 |
apply interfree_aux
|
|
521 |
apply safe
|
|
522 |
apply(simp add:abbrev)+
|
|
523 |
done
|
|
524 |
|
|
525 |
lemma interfree_Blacken_Roots_Color_Target:
|
|
526 |
"interfree_aux (Some Blacken_Roots, {}, Some Color_Target)"
|
|
527 |
apply (unfold modules)
|
|
528 |
apply interfree_aux
|
|
529 |
apply safe
|
|
530 |
apply(simp_all add:Graph7 Graph8 nth_list_update abbrev)
|
|
531 |
done
|
|
532 |
|
|
533 |
lemma interfree_Color_Target_Blacken_Roots:
|
|
534 |
"interfree_aux (Some Color_Target, {}, Some Blacken_Roots)"
|
|
535 |
apply (unfold modules )
|
|
536 |
apply interfree_aux
|
|
537 |
apply safe
|
|
538 |
apply(simp add:abbrev)+
|
|
539 |
done
|
|
540 |
|
|
541 |
lemma interfree_Propagate_Black_Redirect_Edge:
|
|
542 |
"interfree_aux (Some Propagate_Black, {}, Some Redirect_Edge)"
|
|
543 |
apply (unfold modules )
|
|
544 |
apply interfree_aux
|
|
545 |
--{* 11 subgoals left *}
|
|
546 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
547 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
548 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
549 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
550 |
apply(erule conjE)+
|
|
551 |
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
|
|
552 |
apply(erule Graph4)
|
|
553 |
apply(simp)+
|
|
554 |
apply (simp add:BtoW_def)
|
|
555 |
apply (simp add:BtoW_def)
|
|
556 |
apply(rule conjI)
|
|
557 |
apply (force simp add:BtoW_def)
|
|
558 |
apply(erule Graph4)
|
|
559 |
apply simp+
|
|
560 |
apply (simp add:BtoW_def)
|
|
561 |
apply force
|
|
562 |
apply (simp add:BtoW_def)
|
|
563 |
apply force
|
|
564 |
apply (simp add:BtoW_def)
|
|
565 |
apply force
|
|
566 |
--{* 7 subgoals left *}
|
|
567 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
568 |
apply(erule conjE)+
|
|
569 |
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
|
|
570 |
apply(erule Graph4)
|
|
571 |
apply(simp)+
|
|
572 |
apply (simp add:BtoW_def)
|
|
573 |
apply (simp add:BtoW_def)
|
|
574 |
apply(rule conjI)
|
|
575 |
apply (force simp add:BtoW_def)
|
|
576 |
apply(erule Graph4)
|
|
577 |
apply simp+
|
|
578 |
apply (simp add:BtoW_def)
|
|
579 |
apply force
|
|
580 |
apply (simp add:BtoW_def)
|
|
581 |
apply force
|
|
582 |
apply (simp add:BtoW_def)
|
|
583 |
apply force
|
|
584 |
--{* 6 subgoals left *}
|
|
585 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
586 |
apply(erule conjE)+
|
|
587 |
apply(rule conjI)
|
|
588 |
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
|
|
589 |
apply(erule Graph4)
|
|
590 |
apply(simp)+
|
|
591 |
apply (simp add:BtoW_def)
|
|
592 |
apply (simp add:BtoW_def)
|
|
593 |
apply(rule conjI)
|
|
594 |
apply (force simp add:BtoW_def)
|
|
595 |
apply(erule Graph4)
|
|
596 |
apply simp+
|
|
597 |
apply (simp add:BtoW_def)
|
|
598 |
apply force
|
|
599 |
apply (simp add:BtoW_def)
|
|
600 |
apply force
|
|
601 |
apply (simp add:BtoW_def)
|
|
602 |
apply force
|
|
603 |
apply(simp add:BtoW_def nth_list_update)
|
|
604 |
apply force
|
|
605 |
--{* 5 subgoals left *}
|
|
606 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
607 |
--{* 4 subgoals left *}
|
|
608 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
609 |
apply(rule conjI)
|
|
610 |
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
|
|
611 |
apply(erule Graph4)
|
|
612 |
apply(simp)+
|
|
613 |
apply (simp add:BtoW_def)
|
|
614 |
apply (simp add:BtoW_def)
|
|
615 |
apply(rule conjI)
|
|
616 |
apply (force simp add:BtoW_def)
|
|
617 |
apply(erule Graph4)
|
|
618 |
apply simp+
|
|
619 |
apply (simp add:BtoW_def)
|
|
620 |
apply force
|
|
621 |
apply (simp add:BtoW_def)
|
|
622 |
apply force
|
|
623 |
apply (simp add:BtoW_def)
|
|
624 |
apply force
|
|
625 |
apply(rule conjI)
|
|
626 |
apply(simp add:nth_list_update)
|
|
627 |
apply force
|
|
628 |
apply(rule impI, rule impI, erule disjE, erule disjI1, case_tac "R = (ind x)" ,case_tac "M x ! T = Black")
|
|
629 |
apply(force simp add:BtoW_def)
|
|
630 |
apply(case_tac "M x !snd (E x ! ind x)=Black")
|
|
631 |
apply(rule disjI2)
|
|
632 |
apply simp
|
|
633 |
apply (erule Graph5)
|
|
634 |
apply simp+
|
|
635 |
apply(force simp add:BtoW_def)
|
|
636 |
apply(force simp add:BtoW_def)
|
|
637 |
--{* 3 subgoals left *}
|
|
638 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
639 |
--{* 2 subgoals left *}
|
|
640 |
apply(clarify, simp add:abbrev Graph6 Graph12)
|
|
641 |
apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
|
|
642 |
apply clarify
|
|
643 |
apply(erule Graph4)
|
|
644 |
apply(simp)+
|
|
645 |
apply (simp add:BtoW_def)
|
|
646 |
apply (simp add:BtoW_def)
|
|
647 |
apply(rule conjI)
|
|
648 |
apply (force simp add:BtoW_def)
|
|
649 |
apply(erule Graph4)
|
|
650 |
apply simp+
|
|
651 |
apply (simp add:BtoW_def)
|
|
652 |
apply force
|
|
653 |
apply (simp add:BtoW_def)
|
|
654 |
apply force
|
|
655 |
apply (simp add:BtoW_def)
|
|
656 |
apply force
|
|
657 |
--{* 1 subgoals left *}
|
|
658 |
apply(simp add:abbrev)
|
|
659 |
done
|
|
660 |
|
|
661 |
lemma interfree_Redirect_Edge_Propagate_Black:
|
|
662 |
"interfree_aux (Some Redirect_Edge, {}, Some Propagate_Black)"
|
|
663 |
apply (unfold modules )
|
|
664 |
apply interfree_aux
|
|
665 |
apply(clarify, simp add:abbrev)+
|
|
666 |
done
|
|
667 |
|
|
668 |
lemma interfree_Propagate_Black_Color_Target:
|
|
669 |
"interfree_aux (Some Propagate_Black, {}, Some Color_Target)"
|
|
670 |
apply (unfold modules )
|
|
671 |
apply interfree_aux
|
|
672 |
--{* 11 subgoals left *}
|
|
673 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)+
|
|
674 |
apply(erule conjE)+
|
|
675 |
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
|
|
676 |
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
|
|
677 |
erule allE, erule impE, assumption, erule impE, assumption,
|
|
678 |
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
|
|
679 |
--{* 7 subgoals left *}
|
|
680 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
681 |
apply(erule conjE)+
|
|
682 |
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
|
|
683 |
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
|
|
684 |
erule allE, erule impE, assumption, erule impE, assumption,
|
|
685 |
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
|
|
686 |
--{* 6 subgoals left *}
|
|
687 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
688 |
apply clarify
|
|
689 |
apply (rule conjI)
|
|
690 |
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
|
|
691 |
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
|
|
692 |
erule allE, erule impE, assumption, erule impE, assumption,
|
|
693 |
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
|
|
694 |
apply(simp add:nth_list_update)
|
|
695 |
--{* 5 subgoals left *}
|
|
696 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
697 |
--{* 4 subgoals left *}
|
|
698 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
699 |
apply (rule conjI)
|
|
700 |
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
|
|
701 |
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
|
|
702 |
erule allE, erule impE, assumption, erule impE, assumption,
|
|
703 |
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
|
|
704 |
apply(rule conjI)
|
|
705 |
apply(simp add:nth_list_update)
|
|
706 |
apply(rule impI,rule impI, case_tac "M x!T=Black",rotate_tac -1, force simp add: BtoW_def Graph10,
|
|
707 |
erule subset_psubset_trans, erule Graph11, force)
|
|
708 |
--{* 3 subgoals left *}
|
|
709 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
710 |
--{* 2 subgoals left *}
|
|
711 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
712 |
apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
|
|
713 |
case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
|
|
714 |
erule allE, erule impE, assumption, erule impE, assumption,
|
|
715 |
simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
|
|
716 |
--{* 3 subgoals left *}
|
|
717 |
apply(simp add:abbrev)
|
|
718 |
done
|
|
719 |
|
|
720 |
lemma interfree_Color_Target_Propagate_Black:
|
|
721 |
"interfree_aux (Some Color_Target, {}, Some Propagate_Black)"
|
|
722 |
apply (unfold modules )
|
|
723 |
apply interfree_aux
|
|
724 |
apply(clarify, simp add:abbrev)+
|
|
725 |
done
|
|
726 |
|
|
727 |
lemma interfree_Count_Redirect_Edge:
|
|
728 |
"interfree_aux (Some Count, {}, Some Redirect_Edge)"
|
|
729 |
apply (unfold modules)
|
|
730 |
apply interfree_aux
|
|
731 |
--{* 9 subgoals left *}
|
|
732 |
apply(simp_all add:abbrev Graph6 Graph12)
|
|
733 |
--{* 6 subgoals left *}
|
|
734 |
apply(clarify, simp add:abbrev Graph6 Graph12,
|
|
735 |
erule disjE,erule disjI1,rule disjI2,rule subset_trans, erule Graph3,force,force)+
|
|
736 |
done
|
|
737 |
|
|
738 |
lemma interfree_Redirect_Edge_Count:
|
|
739 |
"interfree_aux (Some Redirect_Edge, {}, Some Count)"
|
|
740 |
apply (unfold modules )
|
|
741 |
apply interfree_aux
|
|
742 |
apply(clarify,simp add:abbrev)+
|
|
743 |
apply(simp add:abbrev)
|
|
744 |
done
|
|
745 |
|
|
746 |
lemma interfree_Count_Color_Target:
|
|
747 |
"interfree_aux (Some Count, {}, Some Color_Target)"
|
|
748 |
apply (unfold modules )
|
|
749 |
apply interfree_aux
|
|
750 |
--{* 9 subgoals left *}
|
|
751 |
apply(simp_all add:abbrev Graph7 Graph8 Graph12)
|
|
752 |
--{* 6 subgoals left *}
|
|
753 |
apply(clarify,simp add:abbrev Graph7 Graph8 Graph12,
|
|
754 |
erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)+
|
|
755 |
--{* 2 subgoals left *}
|
|
756 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
|
|
757 |
apply(rule conjI)
|
|
758 |
apply(erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
|
|
759 |
apply(simp add:nth_list_update)
|
|
760 |
--{* 1 subgoals left *}
|
|
761 |
apply(clarify, simp add:abbrev Graph7 Graph8 Graph12,
|
|
762 |
erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
|
|
763 |
done
|
|
764 |
|
|
765 |
lemma interfree_Color_Target_Count:
|
|
766 |
"interfree_aux (Some Color_Target, {}, Some Count)"
|
|
767 |
apply (unfold modules )
|
|
768 |
apply interfree_aux
|
|
769 |
apply(clarify, simp add:abbrev)+
|
|
770 |
apply(simp add:abbrev)
|
|
771 |
done
|
|
772 |
|
|
773 |
lemma interfree_Append_Redirect_Edge:
|
|
774 |
"interfree_aux (Some Append, {}, Some Redirect_Edge)"
|
|
775 |
apply (unfold modules )
|
|
776 |
apply interfree_aux
|
|
777 |
apply( simp_all add:abbrev Graph6 Append_to_free0 Append_to_free1 Graph12)
|
|
778 |
apply(clarify, simp add:abbrev Graph6 Append_to_free0 Append_to_free1 Graph12, force dest:Graph3)+
|
|
779 |
done
|
|
780 |
|
|
781 |
lemma interfree_Redirect_Edge_Append:
|
|
782 |
"interfree_aux (Some Redirect_Edge, {}, Some Append)"
|
|
783 |
apply (unfold modules )
|
|
784 |
apply interfree_aux
|
|
785 |
apply(clarify, simp add:abbrev Append_to_free0)+
|
|
786 |
apply (force simp add: Append_to_free2)
|
|
787 |
apply(clarify, simp add:abbrev Append_to_free0)+
|
|
788 |
done
|
|
789 |
|
|
790 |
lemma interfree_Append_Color_Target:
|
|
791 |
"interfree_aux (Some Append, {}, Some Color_Target)"
|
|
792 |
apply (unfold modules )
|
|
793 |
apply interfree_aux
|
|
794 |
apply(clarify, simp add:abbrev Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12 nth_list_update)+
|
|
795 |
apply(simp add:abbrev Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12 nth_list_update)
|
|
796 |
done
|
|
797 |
|
|
798 |
lemma interfree_Color_Target_Append:
|
|
799 |
"interfree_aux (Some Color_Target, {}, Some Append)"
|
|
800 |
apply (unfold modules )
|
|
801 |
apply interfree_aux
|
|
802 |
apply(clarify, simp add:abbrev Append_to_free0)+
|
|
803 |
apply (force simp add: Append_to_free2)
|
|
804 |
apply(clarify,simp add:abbrev Append_to_free0)+
|
|
805 |
done
|
|
806 |
|
|
807 |
lemmas collector_mutator_interfree =
|
|
808 |
interfree_Blacken_Roots_Redirect_Edge interfree_Blacken_Roots_Color_Target
|
|
809 |
interfree_Propagate_Black_Redirect_Edge interfree_Propagate_Black_Color_Target
|
|
810 |
interfree_Count_Redirect_Edge interfree_Count_Color_Target
|
|
811 |
interfree_Append_Redirect_Edge interfree_Append_Color_Target
|
|
812 |
interfree_Redirect_Edge_Blacken_Roots interfree_Color_Target_Blacken_Roots
|
|
813 |
interfree_Redirect_Edge_Propagate_Black interfree_Color_Target_Propagate_Black
|
|
814 |
interfree_Redirect_Edge_Count interfree_Color_Target_Count
|
|
815 |
interfree_Redirect_Edge_Append interfree_Color_Target_Append
|
|
816 |
|
|
817 |
subsubsection {* Interference freedom Collector-Mutator *}
|
|
818 |
|
|
819 |
lemma interfree_Collector_Mutator:
|
|
820 |
"interfree_aux (Some Collector, {}, Some Mutator)"
|
|
821 |
apply(unfold Collector_def Mutator_def)
|
|
822 |
apply interfree_aux
|
|
823 |
apply(simp_all add:collector_mutator_interfree)
|
|
824 |
apply(unfold modules collector_defs mutator_defs)
|
|
825 |
apply(tactic {* TRYALL (interfree_aux_tac) *})
|
|
826 |
--{* 32 subgoals left *}
|
|
827 |
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
|
|
828 |
--{* 20 subgoals left *}
|
|
829 |
apply(tactic{* TRYALL Clarify_tac *})
|
|
830 |
apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
|
|
831 |
apply(tactic {* TRYALL (etac disjE) *})
|
|
832 |
apply simp_all
|
|
833 |
apply(tactic {* TRYALL(EVERY'[rtac disjI2,rtac subset_trans,etac (thm "Graph3"),Force_tac, assume_tac]) *})
|
|
834 |
apply(tactic {* TRYALL(EVERY'[rtac disjI2,etac subset_trans,rtac (thm "Graph9"),Force_tac]) *})
|
|
835 |
apply(tactic {* TRYALL(EVERY'[rtac disjI1,etac psubset_subset_trans,rtac (thm "Graph9"),Force_tac]) *})
|
|
836 |
done
|
|
837 |
|
|
838 |
subsubsection {* Interference freedom Mutator-Collector *}
|
|
839 |
|
|
840 |
lemma interfree_Mutator_Collector:
|
|
841 |
"interfree_aux (Some Mutator, {}, Some Collector)"
|
|
842 |
apply(unfold Collector_def Mutator_def)
|
|
843 |
apply interfree_aux
|
|
844 |
apply(simp_all add:collector_mutator_interfree)
|
|
845 |
apply(unfold modules collector_defs mutator_defs)
|
|
846 |
apply(tactic {* TRYALL (interfree_aux_tac) *})
|
|
847 |
--{* 64 subgoals left *}
|
|
848 |
apply(simp_all add:nth_list_update Invariants Append_to_free0)+
|
|
849 |
apply(tactic{* TRYALL Clarify_tac *})
|
|
850 |
--{* 4 subgoals left *}
|
|
851 |
apply force
|
|
852 |
apply(simp add:Append_to_free2)
|
|
853 |
apply force
|
|
854 |
apply(simp add:Append_to_free2)
|
|
855 |
done
|
|
856 |
|
|
857 |
subsubsection {* The Garbage Collection algorithm *}
|
|
858 |
|
|
859 |
text {* In total there are 289 verification conditions. *}
|
|
860 |
|
|
861 |
lemma Gar_Coll:
|
|
862 |
"\<parallel>- .{\<acute>Proper \<and> \<acute>Mut_init \<and> \<acute>z}.
|
|
863 |
COBEGIN
|
|
864 |
Collector
|
|
865 |
.{False}.
|
|
866 |
\<parallel>
|
|
867 |
Mutator
|
|
868 |
.{False}.
|
|
869 |
COEND
|
|
870 |
.{False}."
|
|
871 |
apply oghoare
|
|
872 |
apply(force simp add: Mutator_def Collector_def modules)
|
|
873 |
apply(rule Collector)
|
|
874 |
apply(rule Mutator)
|
|
875 |
apply(simp add:interfree_Collector_Mutator)
|
|
876 |
apply(simp add:interfree_Mutator_Collector)
|
|
877 |
apply force
|
|
878 |
done
|
|
879 |
|
|
880 |
end
|