| author | wenzelm |
| Wed, 05 Dec 2001 03:13:57 +0100 | |
| changeset 12378 | 86c58273f8c0 |
| parent 9517 | f58863b1406a |
| child 17309 | c43ed29bd197 |
| permissions | -rw-r--r-- |
| 3807 | 1 |
(* |
2 |
File: MIsafe.ML |
|
3 |
Author: Stephan Merz |
|
4 |
Copyright: 1997 University of Munich |
|
5 |
||
6 |
RPC-Memory example: Lower-level lemmas about memory implementation (safety) |
|
7 |
*) |
|
8 |
||
9 |
(* ========================= Lemmas about values ========================= *) |
|
10 |
||
11 |
(* RPCFailure notin MemVals U {OK,BadArg} *)
|
|
12 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
13 |
Goalw [MVOKBA_def] "MVOKBA x ==> x ~= RPCFailure"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
14 |
by Auto_tac; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
15 |
qed "MVOKBAnotRF"; |
| 3807 | 16 |
|
17 |
(* NotAResult notin MemVals U {OK,BadArg,RPCFailure} *)
|
|
18 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
19 |
Goalw [MVOKBARF_def] "MVOKBARF x ==> x ~= NotAResult"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
20 |
by Auto_tac; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
21 |
qed "MVOKBARFnotNR"; |
| 3807 | 22 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
23 |
(* ================ Si's are mutually exclusive ================================ *) |
| 3807 | 24 |
(* Si and Sj are mutually exclusive for i # j. This helps to simplify the big |
25 |
conditional in the definition of resbar when doing the step-simulation proof. |
|
26 |
We prove a weaker result, which suffices for our purposes: |
|
27 |
Si implies (not Sj), for j<i. |
|
28 |
*) |
|
29 |
||
30 |
(* --- not used --- |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
31 |
Goal "|- S1 rmhist p --> S1 rmhist p & ~S2 rmhist p & ~S3 rmhist p & \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
32 |
\ ~S4 rmhist p & ~S5 rmhist p & ~S6 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
33 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
34 |
S3_def, S4_def, S5_def, S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
35 |
qed "S1_excl"; |
| 3807 | 36 |
*) |
37 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
38 |
Goal "|- S2 rmhist p --> S2 rmhist p & ~S1 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
39 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
40 |
qed "S2_excl"; |
| 3807 | 41 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
42 |
Goal "|- S3 rmhist p --> S3 rmhist p & ~S1 rmhist p & ~S2 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
43 |
by (auto_tac (MI_css addsimps2 [S_def, S1_def, S2_def, S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
44 |
qed "S3_excl"; |
| 3807 | 45 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
46 |
Goal "|- S4 rmhist p --> S4 rmhist p & ~S1 rmhist p & ~S2 rmhist p & ~S3 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
47 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
48 |
qed "S4_excl"; |
| 3807 | 49 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
50 |
Goal "|- S5 rmhist p --> S5 rmhist p & ~S1 rmhist p & ~S2 rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
51 |
\ & ~S3 rmhist p & ~S4 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
52 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
53 |
qed "S5_excl"; |
| 3807 | 54 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
55 |
Goal "|- S6 rmhist p --> S6 rmhist p & ~S1 rmhist p & ~S2 rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
56 |
\ & ~S3 rmhist p & ~S4 rmhist p & ~S5 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
57 |
by (auto_tac (MI_css addsimps2 [S_def,S1_def,S2_def,S3_def,S4_def,S5_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
58 |
qed "S6_excl"; |
| 3807 | 59 |
|
60 |
||
61 |
(* ==================== Lemmas about the environment ============================== *) |
|
62 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
63 |
Goal "|- $(Calling memCh p) --> ~ENext p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
64 |
by (auto_tac (MI_css addsimps2 [ENext_def,Call_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
65 |
qed "Envbusy"; |
| 3807 | 66 |
|
67 |
(* ==================== Lemmas about the implementation's states ==================== *) |
|
68 |
||
69 |
(* The following series of lemmas are used in establishing the implementation's |
|
70 |
next-state relation (Step 1.2 of the proof in the paper). For each state Si, we |
|
| 6255 | 71 |
determine which component actions are possible and what state they result in. |
| 3807 | 72 |
*) |
73 |
||
74 |
(* ------------------------------ State S1 ---------------------------------------- *) |
|
75 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
76 |
Goal "|- ENext p & $(S1 rmhist p) & unchanged (c p, r p, m p, rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
77 |
\ --> (S2 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
78 |
by (force_tac (MI_css addsimps2 [ENext_def,Call_def,c_def,r_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
79 |
caller_def,rtrner_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
80 |
S_def,S1_def,S2_def,Calling_def]) 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
81 |
qed "S1Env"; |
| 3807 | 82 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
83 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S1 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
84 |
by (auto_tac (MI_fast_css addSDs2 [MClkidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
85 |
qed "S1ClerkUnch"; |
| 3807 | 86 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
87 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S1 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
88 |
by (auto_tac (MI_fast_css addSDs2 [RPCidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
89 |
qed "S1RPCUnch"; |
| 3807 | 90 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
91 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S1 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
92 |
by (auto_tac (MI_fast_css addSDs2 [Memoryidle] addsimps2 [S_def,S1_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
93 |
qed "S1MemUnch"; |
| 3807 | 94 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
95 |
Goal "|- [HNext rmhist p]_(c p,r p,m p,rmhist!p) & $(S1 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
96 |
\ --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
97 |
by (action_simp_tac (simpset() addsimps [HNext_def, S_def, S1_def, MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
98 |
RPCFail_def,MClkReply_def,Return_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
99 |
[] [squareE] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
100 |
qed "S1Hist"; |
| 3807 | 101 |
|
102 |
(* ------------------------------ State S2 ---------------------------------------- *) |
|
103 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
104 |
Goal "|- [ENext p]_(e p) & $(S2 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
105 |
by (auto_tac (MI_css addSDs2 [Envbusy] addsimps2 [S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
106 |
qed "S2EnvUnch"; |
| 3807 | 107 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
108 |
Goal "|- MClkNext memCh crCh cst p & $(S2 rmhist p) --> MClkFwd memCh crCh cst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
109 |
by (auto_tac (MI_css addsimps2 [MClkNext_def,MClkRetry_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
110 |
S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
111 |
qed "S2Clerk"; |
| 3807 | 112 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
113 |
Goal "|- $(S2 rmhist p) & MClkFwd memCh crCh cst p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
114 |
\ & unchanged (e p, r p, m p, rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
115 |
\ --> (S3 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
116 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
117 |
(simpset() addsimps |
| 3807 | 118 |
[MClkFwd_def,Call_def,e_def,r_def,m_def,caller_def,rtrner_def, |
119 |
S_def,S2_def,S3_def,Calling_def]) |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
120 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
121 |
qed "S2Forward"; |
| 3807 | 122 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
123 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S2 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
124 |
by (auto_tac (MI_css addsimps2 [S_def,S2_def] addSDs2 [RPCidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
125 |
qed "S2RPCUnch"; |
| 3807 | 126 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
127 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S2 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
128 |
by (auto_tac (MI_css addsimps2 [S_def,S2_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
129 |
qed "S2MemUnch"; |
| 3807 | 130 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
131 |
Goal "|- [HNext rmhist p]_(c p,r p,m p,rmhist!p) & $(S2 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
132 |
\ --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
133 |
by (auto_tac (MI_fast_css |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
134 |
addsimps2 [HNext_def,MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
135 |
RPCFail_def,MClkReply_def,Return_def,S_def,S2_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
136 |
qed "S2Hist"; |
| 3807 | 137 |
|
138 |
(* ------------------------------ State S3 ---------------------------------------- *) |
|
139 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
140 |
Goal "|- [ENext p]_(e p) & $(S3 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
141 |
by (auto_tac (MI_css addSDs2 [Envbusy] addsimps2 [S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
142 |
qed "S3EnvUnch"; |
| 3807 | 143 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
144 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S3 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
145 |
by (auto_tac (MI_css addSDs2 [MClkbusy] addsimps2 [square_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
146 |
qed "S3ClerkUnch"; |
| 3807 | 147 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
148 |
Goal "|- S3 rmhist p --> IsLegalRcvArg<arg<crCh!p>>"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
149 |
by (auto_tac (MI_css addsimps2 [IsLegalRcvArg_def,MClkRelayArg_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
150 |
qed "S3LegalRcvArg"; |
| 3807 | 151 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
152 |
Goal "|- RPCNext crCh rmCh rst p & $(S3 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
153 |
\ --> RPCFwd crCh rmCh rst p | RPCFail crCh rmCh rst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
154 |
by (Clarsimp_tac 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
155 |
by (forward_tac [action_use S3LegalRcvArg] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
156 |
by (auto_tac (MI_css addsimps2 [RPCNext_def,RPCReject_def,RPCReply_def,S_def,S3_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
157 |
qed "S3RPC"; |
| 3807 | 158 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
159 |
Goal "|- RPCFwd crCh rmCh rst p & HNext rmhist p & $(S3 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
160 |
\ & unchanged (e p, c p, m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
161 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
162 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
163 |
(simpset() addsimps [RPCFwd_def,HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
164 |
Return_def,Call_def,e_def,c_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
165 |
S_def,S3_def,S4_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
166 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
167 |
qed "S3Forward"; |
| 3807 | 168 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
169 |
Goal "|- RPCFail crCh rmCh rst p & $(S3 rmhist p) & HNext rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
170 |
\ & unchanged (e p, c p, m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
171 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
172 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
173 |
(simpset() addsimps [HNext_def,RPCFail_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
174 |
caller_def,rtrner_def,MVOKBARF_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
175 |
S_def,S3_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
176 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
177 |
qed "S3Fail"; |
| 3807 | 178 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
179 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S3 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
180 |
by (auto_tac (MI_css addsimps2 [S_def,S3_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
181 |
qed "S3MemUnch"; |
| 3807 | 182 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
183 |
Goal "|- HNext rmhist p & $(S3 rmhist p) & unchanged (r p) --> unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
184 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
185 |
Return_def,r_def,rtrner_def,S_def,S3_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
186 |
qed "S3Hist"; |
| 3807 | 187 |
|
188 |
(* ------------------------------ State S4 ---------------------------------------- *) |
|
189 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
190 |
Goal "|- [ENext p]_(e p) & $(S4 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
191 |
by (auto_tac (MI_css addsimps2 [S_def,S4_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
192 |
qed "S4EnvUnch"; |
| 3807 | 193 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
194 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S4 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
195 |
by (auto_tac (MI_css addsimps2 [S_def,S4_def] addSDs2 [MClkbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
196 |
qed "S4ClerkUnch"; |
| 3807 | 197 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
198 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $(S4 rmhist p) --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
199 |
by (auto_tac (MI_fast_css addsimps2 [S_def,S4_def] addSDs2 [RPCbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
200 |
qed "S4RPCUnch"; |
| 3807 | 201 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
202 |
Goal "|- ReadInner rmCh mm ires p l & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
203 |
\ & HNext rmhist p & $(MemInv mm l) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
204 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
205 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
206 |
(simpset() addsimps [ReadInner_def,GoodRead_def, BadRead_def,HNext_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
207 |
MemReturn_def, RPCFail_def,MClkReply_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
208 |
e_def,c_def,r_def,rtrner_def,caller_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
209 |
S_def,S4_def,RdRequest_def,Calling_def,MemInv_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
210 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
211 |
qed "S4ReadInner"; |
| 3807 | 212 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
213 |
Goal "|- Read rmCh mm ires p & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
214 |
\ & HNext rmhist p & (!l. $MemInv mm l) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
215 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
216 |
by (auto_tac (MI_css addsimps2 [Read_def] addSDs2 [S4ReadInner])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
217 |
qed "S4Read"; |
| 3807 | 218 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
219 |
Goal "|- WriteInner rmCh mm ires p l v & $(S4 rmhist p) & unchanged (e p, c p, r p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
220 |
\ & HNext rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
221 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
222 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
223 |
(simpset() addsimps [WriteInner_def,GoodWrite_def, BadWrite_def,HNext_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
224 |
MemReturn_def,RPCFail_def,MClkReply_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
225 |
e_def,c_def,r_def,rtrner_def,caller_def,MVNROKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
226 |
S_def,S4_def,WrRequest_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
227 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
228 |
qed "S4WriteInner"; |
| 3807 | 229 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
230 |
Goal "|- Write rmCh mm ires p l & $(S4 rmhist p) & unchanged (e p, c p, r p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
231 |
\ & (HNext rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
232 |
\ --> (S4 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
233 |
by (auto_tac (MI_css addsimps2 [Write_def] addSDs2 [S4WriteInner])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
234 |
qed "S4Write"; |
| 3807 | 235 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
236 |
Goal "|- $ImpInv rmhist p & Write rmCh mm ires p l --> $S4 rmhist p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
237 |
by (auto_tac (MI_css addsimps2 [Write_def,WriteInner_def,ImpInv_def,WrRequest_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
238 |
S_def,S1_def,S2_def,S3_def,S4_def,S5_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
239 |
qed "WriteS4"; |
| 3807 | 240 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
241 |
Goal "|- MemReturn rmCh ires p & $S4 rmhist p & unchanged (e p, c p, r p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
242 |
\ & HNext rmhist p \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
243 |
\ --> (S5 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
244 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,Return_def,e_def,c_def,r_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
245 |
rtrner_def,caller_def,MVNROKBA_def,MVOKBA_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
246 |
S_def,S4_def,S5_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
247 |
qed "S4Return"; |
| 3807 | 248 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
249 |
Goal "|- HNext rmhist p & $S4 rmhist p & (m p)$ = $(m p) --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
250 |
by (auto_tac (MI_css addsimps2 [HNext_def,MemReturn_def,RPCFail_def,MClkReply_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
251 |
Return_def,m_def,rtrner_def,S_def,S4_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
252 |
qed "S4Hist"; |
| 3807 | 253 |
|
254 |
(* ------------------------------ State S5 ---------------------------------------- *) |
|
255 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
256 |
Goal "|- [ENext p]_(e p) & $(S5 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
257 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
258 |
qed "S5EnvUnch"; |
| 3807 | 259 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
260 |
Goal "|- [MClkNext memCh crCh cst p]_(c p) & $(S5 rmhist p) --> unchanged (c p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
261 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [MClkbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
262 |
qed "S5ClerkUnch"; |
| 3807 | 263 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
264 |
Goal "|- RPCNext crCh rmCh rst p & $(S5 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
265 |
\ --> RPCReply crCh rmCh rst p | RPCFail crCh rmCh rst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
266 |
by (auto_tac (MI_css addsimps2 [RPCNext_def,RPCReject_def,RPCFwd_def,S_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
267 |
qed "S5RPC"; |
| 3807 | 268 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
269 |
Goal "|- RPCReply crCh rmCh rst p & $(S5 rmhist p) & unchanged (e p, c p, m p,rmhist!p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
270 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
271 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
272 |
(simpset() addsimps [RPCReply_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
273 |
MVOKBA_def,MVOKBARF_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
274 |
S_def,S5_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
275 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
276 |
qed "S5Reply"; |
| 3807 | 277 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
278 |
Goal "|- RPCFail crCh rmCh rst p & $(S5 rmhist p) & unchanged (e p, c p, m p,rmhist!p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
279 |
\ --> (S6 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
280 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
281 |
(simpset() addsimps [RPCFail_def,Return_def,e_def,c_def,m_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
282 |
MVOKBARF_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
283 |
S_def,S5_def,S6_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
284 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
285 |
qed "S5Fail"; |
| 3807 | 286 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
287 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S5 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
288 |
by (auto_tac (MI_css addsimps2 [S_def,S5_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
289 |
qed "S5MemUnch"; |
| 3807 | 290 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
291 |
Goal "|- [HNext rmhist p]_(c p, r p, m p, rmhist!p) & $(S5 rmhist p)\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
292 |
\ --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
293 |
by (auto_tac (MI_fast_css |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
294 |
addsimps2 [HNext_def,MemReturn_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
295 |
RPCFail_def,MClkReply_def,Return_def,S_def,S5_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
296 |
qed "S5Hist"; |
| 3807 | 297 |
|
298 |
(* ------------------------------ State S6 ---------------------------------------- *) |
|
299 |
||
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
300 |
Goal "|- [ENext p]_(e p) & $(S6 rmhist p) --> unchanged (e p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
301 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [Envbusy])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
302 |
qed "S6EnvUnch"; |
| 3807 | 303 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
304 |
Goal "|- MClkNext memCh crCh cst p & $(S6 rmhist p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
305 |
\ --> MClkRetry memCh crCh cst p | MClkReply memCh crCh cst p"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
306 |
by (auto_tac (MI_css addsimps2 [MClkNext_def,MClkFwd_def,S_def,S6_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
307 |
qed "S6Clerk"; |
| 3807 | 308 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
309 |
Goal "|- MClkRetry memCh crCh cst p & HNext rmhist p & $S6 rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
310 |
\ & unchanged (e p,r p,m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
311 |
\ --> (S3 rmhist p)$ & unchanged (rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
312 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
313 |
(simpset() addsimps [HNext_def,MClkReply_def,MClkRetry_def,Call_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
314 |
Return_def,e_def,r_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
315 |
S_def,S6_def,S3_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
316 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
317 |
qed "S6Retry"; |
| 3807 | 318 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
319 |
Goal "|- MClkReply memCh crCh cst p & HNext rmhist p & $S6 rmhist p\ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
320 |
\ & unchanged (e p,r p,m p) \ |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
321 |
\ --> (S1 rmhist p)$"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
322 |
by (action_simp_tac |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
323 |
(simpset() addsimps [HNext_def,MemReturn_def,RPCFail_def,Return_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
324 |
MClkReply_def,e_def,r_def,m_def,caller_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
325 |
S_def,S6_def,S1_def,Calling_def]) |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
326 |
[] [] 1); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
327 |
qed "S6Reply"; |
| 3807 | 328 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
329 |
Goal "|- [RPCNext crCh rmCh rst p]_(r p) & $S6 rmhist p --> unchanged (r p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
330 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [RPCidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
331 |
qed "S6RPCUnch"; |
| 3807 | 332 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
333 |
Goal "|- [RNext rmCh mm ires p]_(m p) & $(S6 rmhist p) --> unchanged (m p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
334 |
by (auto_tac (MI_css addsimps2 [S_def,S6_def] addSDs2 [Memoryidle])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
335 |
qed "S6MemUnch"; |
| 6255 | 336 |
|
|
9517
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
337 |
Goal "|- HNext rmhist p & $S6 rmhist p & (c p)$ = $(c p) --> (rmhist!p)$ = $(rmhist!p)"; |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
338 |
by (auto_tac (MI_css addsimps2 [HNext_def,MClkReply_def,Return_def,c_def,rtrner_def, |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
339 |
S_def,S6_def,Calling_def])); |
|
f58863b1406a
tuned version by Stephan Merz (unbatchified etc.);
wenzelm
parents:
6255
diff
changeset
|
340 |
qed "S6Hist"; |