isabelle: src/ZF/UNITY/Mutex.thy@a5cf3ea0685d (annotated)

11479 697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	1	(* Title: ZF/UNITY/Mutex.thy
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	2	ID: $Id$
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	3	Author: Sidi O Ehmety, Computer Laboratory
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	4	Copyright 2001 University of Cambridge
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	5
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	6	Based on "A Family of 2-Process Mutual Exclusion Algorithms" by J Misra
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	7
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	8	Variables' types are introduced globally so that type verification of
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	9	UNITY programs/specifications reduce to the usual ZF typechecking.
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	10	An ill-tyed expression will reduce to the empty set.
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	11	*)
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	12
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	13	Mutex = SubstAx +
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	14	consts
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	15	p, m, n, u, v :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	16
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	17	translations
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	18	"p" == "Var([])"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	19	"m" == "Var([0])"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	20	"n" == "Var([1])"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	21	"u" == "Var([1,0])"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	22	"v" == "Var([1,1])"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	23
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	24	rules ( Type declarations )
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	25	p_type "type_of(p)=bool"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	26	m_type "type_of(m)=int"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	27	n_type "type_of(n)=int"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	28	u_type "type_of(u)=bool"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	29	v_type "type_of(v)=bool"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	30
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	31	constdefs
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	32	( The program for process U )
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	33	U0 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	34	"U0 == {<s,t>:state*state. t = s(u:=1, m:=#1) & s`m = #0}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	35
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	36	U1 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	37	"U1 == {<s,t>:state*state. t = s(p:= s`v, m:=#2) & s`m = #1}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	38
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	39	U2 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	40	"U2 == {<s,t>:state*state. t = s(m:=#3) & s`p=0 & s`m = #2}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	41
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	42	U3 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	43	"U3 == {<s,t>:state*state. t=s(u:=0, m:=#4) & s`m = #3}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	44
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	45	U4 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	46	"U4 == {<s,t>:state*state. t = s(p:=1, m:=#0) & s`m = #4}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	47
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	48
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	49	( The program for process V )
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	50
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	51	V0 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	52	"V0 == {<s,t>:state*state. t = s (v:=1, n:=#1) & s`n = #0}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	53
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	54	V1 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	55	"V1 == {<s,t>:state*state. t = s(p:=not(s`u), n:=#2) & s`n = #1}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	56
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	57	V2 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	58	"V2 == {<s,t>:state*state. t = s(n:=#3) & s`p=1 & s`n = #2}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	59
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	60	V3 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	61	"V3 == {<s,t>:state*state. t = s (v:=0, n:=#4) & s`n = #3}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	62
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	63	V4 :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	64	"V4 == {<s,t>:state*state. t = s (p:=0, n:=#0) & s`n = #4}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	65
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	66	Mutex :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	67	"Mutex == mk_program({s:state. s`u=0 & s`v=0 & s`m = #0 & s`n = #0},
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	68	{U0, U1, U2, U3, U4, V0, V1, V2, V3, V4}, action)"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	69
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	70	( The correct invariants )
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	71
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	72	IU :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	73	"IU == {s:state. (s`u = 1<->(#1 $<= s`m & s`m $<= #3))
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	74	& (s`m = #3 --> s`p=0)}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	75
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	76	IV :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	77	"IV == {s:state. (s`v = 1 <-> (#1 $<= s`n & s`n $<= #3))
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	78	& (s`n = #3 --> s`p=1)}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	79
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	80	( The faulty invariant (for U alone) )
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	81
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	82	bad_IU :: i
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	83	"bad_IU == {s:state. (s`u = 1 <-> (#1 $<= s`m & s`m $<= #3))&
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	84	(#3 $<= s`m & s`m $<= #4 --> s`p=0)}"
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	85
697dcaaf478f new ZF/UNITY theory paulson parents: diff changeset	86	end

author	wenzelm
	Mon, 12 Nov 2001 20:22:23 +0100
changeset 12160	a5cf3ea0685d
parent 11479	697dcaaf478f
child 12195	ed2893765a08
permissions	-rw-r--r--