isabelle: src/HOL/TLA/Memory/Memory.thy@7ded55dd2a55 (annotated)

41589 bbd861837ebc tuned headers; wenzelm parents: 39159 diff changeset	1	(* Title: HOL/TLA/Memory/Memory.thy
bbd861837ebc tuned headers; wenzelm parents: 39159 diff changeset	2	Author: Stephan Merz, University of Munich
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	3	*)
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	4
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	5	section \<open>RPC-Memory example: Memory specification\<close>
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	6
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 11703 diff changeset	7	theory Memory
c43ed29bd197 converted to Isar theory format; wenzelm parents: 11703 diff changeset	8	imports MemoryParameters ProcedureInterface
c43ed29bd197 converted to Isar theory format; wenzelm parents: 11703 diff changeset	9	begin
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	10
42018 878f33040280 modernized specifications; wenzelm parents: 41589 diff changeset	11	type_synonym memChType = "(memOp, Vals) channel"
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	12	type_synonym memType = "(Locs \<Rightarrow> Vals) stfun" (* intention: MemLocs \<Rightarrow> MemVals *)
750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	13	type_synonym resType = "(PrIds \<Rightarrow> Vals) stfun"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	14
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	15
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	16	(* state predicates *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	17
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	18	definition MInit :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	19	where "MInit mm l == PRED mm!l = #InitVal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	20
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	21	definition PInit :: "resType \<Rightarrow> PrIds \<Rightarrow> stpred"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	22	where "PInit rs p == PRED rs!p = #NotAResult"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	23
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	24
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	25	(* auxiliary predicates: is there a pending read/write request for
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	26	some process id and location/value? *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	27
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	28	definition RdRequest :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> stpred"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	29	where "RdRequest ch p l == PRED Calling ch p \<and> (arg<ch!p> = #(read l))"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	30
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	31	definition WrRequest :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> stpred"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	32	where "WrRequest ch p l v == PRED Calling ch p \<and> (arg<ch!p> = #(write l v))"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	33
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	34
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	35	(* actions *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	36
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	37	(* a read that doesn't raise BadArg *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	38	definition GoodRead :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	39	where "GoodRead mm rs p l == ACT #l \<in> #MemLoc \<and> ((rs!p)$ = $(mm!l))"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	40
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	41	(* a read that raises BadArg *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	42	definition BadRead :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	43	where "BadRead mm rs p l == ACT #l \<notin> #MemLoc \<and> ((rs!p)$ = #BadArg)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	44
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	45	(* the read action with l visible *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	46	definition ReadInner :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	47	where "ReadInner ch mm rs p l == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	48	$(RdRequest ch p l)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	49	\<and> (GoodRead mm rs p l \<or> BadRead mm rs p l)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	50	\<and> unchanged (rtrner ch ! p)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	51
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	52	(* the read action with l quantified *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	53	definition Read :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	54	where "Read ch mm rs p == ACT (\<exists>l. ReadInner ch mm rs p l)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	55
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	56	(* similar definitions for the write action *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	57	definition GoodWrite :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	58	where "GoodWrite mm rs p l v ==
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	59	ACT #l \<in> #MemLoc \<and> #v \<in> #MemVal
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	60	\<and> ((mm!l)$ = #v) \<and> ((rs!p)$ = #OK)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	61
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	62	definition BadWrite :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	63	where "BadWrite mm rs p l v == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	64	\<not> (#l \<in> #MemLoc \<and> #v \<in> #MemVal)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	65	\<and> ((rs!p)$ = #BadArg) \<and> unchanged (mm!l)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	66
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	67	definition WriteInner :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	68	where "WriteInner ch mm rs p l v == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	69	$(WrRequest ch p l v)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	70	\<and> (GoodWrite mm rs p l v \<or> BadWrite mm rs p l v)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	71	\<and> unchanged (rtrner ch ! p)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	72
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	73	definition Write :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	74	where "Write ch mm rs p l == ACT (\<exists>v. WriteInner ch mm rs p l v)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	75
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	76
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	77	(* the return action *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	78	definition MemReturn :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	79	where "MemReturn ch rs p == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	80	( ($(rs!p) \<noteq> #NotAResult)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	81	\<and> ((rs!p)$ = #NotAResult)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	82	\<and> Return ch p (rs!p))"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	83
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	84	(* the failure action of the unreliable memory *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	85	definition MemFail :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	86	where "MemFail ch rs p == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	87	$(Calling ch p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	88	\<and> ((rs!p)$ = #MemFailure)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	89	\<and> unchanged (rtrner ch ! p)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	90
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	91	(* next-state relations for reliable / unreliable memory *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	92	definition RNext :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	93	where "RNext ch mm rs p == ACT
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	94	( Read ch mm rs p
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	95	\<or> (\<exists>l. Write ch mm rs p l)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	96	\<or> MemReturn ch rs p)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	97
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	98	definition UNext :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	99	where "UNext ch mm rs p == ACT (RNext ch mm rs p \<or> MemFail ch rs p)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	100
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	101
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	102	(* temporal formulas *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	103
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	104	definition RPSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	105	where "RPSpec ch mm rs p == TEMP
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	106	Init(PInit rs p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	107	\<and> \<box>[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	108	\<and> WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	109	\<and> WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
6255 db63752140c7 updated (Stephan Merz); wenzelm parents: 3807 diff changeset	110
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	111	definition UPSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	112	where "UPSpec ch mm rs p == TEMP
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	113	Init(PInit rs p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	114	\<and> \<box>[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	115	\<and> WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	116	\<and> WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	117
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	118	definition MSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> Locs \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	119	where "MSpec ch mm rs l == TEMP
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	120	Init(MInit mm l)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	121	\<and> \<box>[ \<exists>p. Write ch mm rs p l ]_(mm!l)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	122
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	123	definition IRSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	124	where "IRSpec ch mm rs == TEMP
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	125	(\<forall>p. RPSpec ch mm rs p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	126	\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	127
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	128	definition IUSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	129	where "IUSpec ch mm rs == TEMP
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	130	(\<forall>p. UPSpec ch mm rs p)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	131	\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	132
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	133	definition RSpec :: "memChType \<Rightarrow> resType \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	134	where "RSpec ch rs == TEMP (\<exists>\<exists>mm. IRSpec ch mm rs)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	135
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	136	definition USpec :: "memChType \<Rightarrow> temporal"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	137	where "USpec ch == TEMP (\<exists>\<exists>mm rs. IUSpec ch mm rs)"
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	138
62145 5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	139	(* memory invariant: in the paper, the invariant is hidden in the definition of
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	140	the predicate S used in the implementation proof, but it is easier to verify
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	141	at this level. *)
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	142	definition MemInv :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
5b946c81dfbf eliminated old defs; wenzelm parents: 60592 diff changeset	143	where "MemInv mm l == PRED #l \<in> #MemLoc \<longrightarrow> mm!l \<in> #MemVal"
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 11703 diff changeset	144
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	145	lemmas RM_action_defs =
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	146	MInit_def PInit_def RdRequest_def WrRequest_def MemInv_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	147	GoodRead_def BadRead_def ReadInner_def Read_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	148	GoodWrite_def BadWrite_def WriteInner_def Write_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	149	MemReturn_def RNext_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	150
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	151	lemmas UM_action_defs = RM_action_defs MemFail_def UNext_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	152
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	153	lemmas RM_temp_defs = RPSpec_def MSpec_def IRSpec_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	154	lemmas UM_temp_defs = UPSpec_def MSpec_def IUSpec_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	155
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	156
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	157	(* The reliable memory is an implementation of the unreliable one *)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	158	lemma ReliableImplementsUnReliable: "\<turnstile> IRSpec ch mm rs \<longrightarrow> IUSpec ch mm rs"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	159	by (force simp: UNext_def UPSpec_def IUSpec_def RM_temp_defs elim!: STL4E [temp_use] squareE)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	160
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	161	(* The memory spec implies the memory invariant *)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	162	lemma MemoryInvariant: "\<turnstile> MSpec ch mm rs l \<longrightarrow> \<box>(MemInv mm l)"
42769 053b4b487085 proper method_setup; wenzelm parents: 42018 diff changeset	163	by (auto_invariant simp: RM_temp_defs RM_action_defs)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	164
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	165	(* The invariant is trivial for non-locations *)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	166	lemma NonMemLocInvariant: "\<turnstile> #l \<notin> #MemLoc \<longrightarrow> \<box>(MemInv mm l)"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	167	by (auto simp: MemInv_def intro!: necT [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	168
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	169	lemma MemoryInvariantAll:
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	170	"\<turnstile> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l) \<longrightarrow> (\<forall>l. \<box>(MemInv mm l))"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	171	apply clarify
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	172	apply (auto elim!: MemoryInvariant [temp_use] NonMemLocInvariant [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	173	done
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	174
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	175	(* The memory engages in an action for process p only if there is an
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	176	unanswered call from p.
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	177	We need this only for the reliable memory.
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	178	*)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	179
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	180	lemma Memoryidle: "\<turnstile> \<not>$(Calling ch p) \<longrightarrow> \<not> RNext ch mm rs p"
62146 324bc1ffba12 eliminated old defs; wenzelm parents: 62145 diff changeset	181	by (auto simp: AReturn_def RM_action_defs)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	182
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	183	(* Enabledness conditions *)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	184
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	185	lemma MemReturn_change: "\<turnstile> MemReturn ch rs p \<longrightarrow> <MemReturn ch rs p>_(rtrner ch ! p, rs!p)"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	186	by (force simp: MemReturn_def angle_def)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	187
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	188	lemma MemReturn_enabled: "\<And>p. basevars (rtrner ch ! p, rs!p) \<Longrightarrow>
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	189	\<turnstile> Calling ch p \<and> (rs!p \<noteq> #NotAResult)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	190	\<longrightarrow> Enabled (<MemReturn ch rs p>_(rtrner ch ! p, rs!p))"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	191	apply (tactic
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	192	\<open>action_simp_tac @{context} [@{thm MemReturn_change} RSN (2, @{thm enabled_mono}) ] [] 1\<close>)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	193	apply (tactic
62146 324bc1ffba12 eliminated old defs; wenzelm parents: 62145 diff changeset	194	\<open>action_simp_tac (@{context} addsimps [@{thm MemReturn_def}, @{thm AReturn_def},
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	195	@{thm rtrner_def}]) [exI] [@{thm base_enabled}, @{thm Pair_inject}] 1\<close>)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	196	done
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	197
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	198	lemma ReadInner_enabled: "\<And>p. basevars (rtrner ch ! p, rs!p) \<Longrightarrow>
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	199	\<turnstile> Calling ch p \<and> (arg<ch!p> = #(read l)) \<longrightarrow> Enabled (ReadInner ch mm rs p l)"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	200	apply (case_tac "l : MemLoc")
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	201	apply (force simp: ReadInner_def GoodRead_def BadRead_def RdRequest_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	202	intro!: exI elim!: base_enabled [temp_use])+
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	203	done
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	204
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	205	lemma WriteInner_enabled: "\<And>p. basevars (mm!l, rtrner ch ! p, rs!p) \<Longrightarrow>
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	206	\<turnstile> Calling ch p \<and> (arg<ch!p> = #(write l v))
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	207	\<longrightarrow> Enabled (WriteInner ch mm rs p l v)"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	208	apply (case_tac "l:MemLoc & v:MemVal")
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	209	apply (force simp: WriteInner_def GoodWrite_def BadWrite_def WrRequest_def
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	210	intro!: exI elim!: base_enabled [temp_use])+
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	211	done
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	212
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	213	lemma ReadResult: "\<turnstile> Read ch mm rs p \<and> (\<forall>l. $(MemInv mm l)) \<longrightarrow> (rs!p)` \<noteq> #NotAResult"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	214	by (force simp: Read_def ReadInner_def GoodRead_def BadRead_def MemInv_def)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	215
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	216	lemma WriteResult: "\<turnstile> Write ch mm rs p l \<longrightarrow> (rs!p)` \<noteq> #NotAResult"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	217	by (auto simp: Write_def WriteInner_def GoodWrite_def BadWrite_def)
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	218
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	219	lemma ReturnNotReadWrite: "\<turnstile> (\<forall>l. $MemInv mm l) \<and> MemReturn ch rs p
e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	220	\<longrightarrow> \<not> Read ch mm rs p \<and> (\<forall>l. \<not> Write ch mm rs p l)"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	221	by (auto simp: MemReturn_def dest!: WriteResult [temp_use] ReadResult [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	222
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	223	lemma RWRNext_enabled: "\<turnstile> (rs!p = #NotAResult) \<and> (\<forall>l. MemInv mm l)
e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	224	\<and> Enabled (Read ch mm rs p \<or> (\<exists>l. Write ch mm rs p l))
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	225	\<longrightarrow> Enabled (<RNext ch mm rs p>_(rtrner ch ! p, rs!p))"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	226	by (force simp: RNext_def angle_def elim!: enabled_mono2
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	227	dest: ReadResult [temp_use] WriteResult [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	228
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	229
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	230	(* Combine previous lemmas: the memory can make a visible step if there is an
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	231	outstanding call for which no result has been produced.
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	232	*)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	233	lemma RNext_enabled: "\<And>p. \<forall>l. basevars (mm!l, rtrner ch!p, rs!p) \<Longrightarrow>
60591 e0b77517f9a9 more symbols; wenzelm parents: 60588 diff changeset	234	\<turnstile> (rs!p = #NotAResult) \<and> Calling ch p \<and> (\<forall>l. MemInv mm l)
60588 750c533459b1 more symbols; wenzelm parents: 60587 diff changeset	235	\<longrightarrow> Enabled (<RNext ch mm rs p>_(rtrner ch ! p, rs!p))"
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	236	apply (auto simp: enabled_disj [try_rewrite] intro!: RWRNext_enabled [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	237	apply (case_tac "arg (ch w p)")
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	238	apply (tactic \<open>action_simp_tac (@{context} addsimps [@{thm Read_def},
c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	239	temp_rewrite @{context} @{thm enabled_ex}]) [@{thm ReadInner_enabled}, exI] [] 1\<close>)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	240	apply (force dest: base_pair [temp_use])
6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	241	apply (erule contrapos_np)
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	242	apply (tactic \<open>action_simp_tac (@{context} addsimps [@{thm Write_def},
54742 7a86358a3c0b proper context for basic Simplifier operations: rewrite_rule, rewrite_goals_rule, rewrite_goals_tac etc.; wenzelm parents: 51717 diff changeset	243	temp_rewrite @{context} @{thm enabled_ex}])
60592 c9bd1d902f04 isabelle update_cartouches; wenzelm parents: 60591 diff changeset	244	[@{thm WriteInner_enabled}, exI] [] 1\<close>)
21624 6f79647cf536 TLA: converted legacy ML scripts; wenzelm parents: 17309 diff changeset	245	done
17309 c43ed29bd197 converted to Isar theory format; wenzelm parents: 11703 diff changeset	246
3807 82a99b090d9d A formalization of TLA in HOL -- by Stephan Merz; wenzelm parents: diff changeset	247	end

author	wenzelm
	Wed, 11 Oct 2017 20:46:38 +0200
changeset 66842	7ded55dd2a55
parent 62146	324bc1ffba12
child 67613	ce654b0e6d69
permissions	-rw-r--r--