|
3807
|
1 |
(*
|
|
|
2 |
File: RPC.thy
|
|
17309
|
3 |
ID: $Id$
|
|
3807
|
4 |
Author: Stephan Merz
|
|
|
5 |
Copyright: 1997 University of Munich
|
|
|
6 |
|
|
|
7 |
Theory Name: RPC
|
|
|
8 |
Logic Image: TLA
|
|
|
9 |
|
|
|
10 |
RPC-Memory example: RPC specification
|
|
|
11 |
*)
|
|
|
12 |
|
|
17309
|
13 |
theory RPC
|
|
|
14 |
imports RPCParameters ProcedureInterface Memory
|
|
|
15 |
begin
|
|
3807
|
16 |
|
|
|
17 |
types
|
|
6255
|
18 |
rpcSndChType = "(rpcOp,Vals) channel"
|
|
|
19 |
rpcRcvChType = "memChType"
|
|
3807
|
20 |
rpcStType = "(PrIds => rpcState) stfun"
|
|
|
21 |
|
|
|
22 |
consts
|
|
|
23 |
(* state predicates *)
|
|
|
24 |
RPCInit :: "rpcRcvChType => rpcStType => PrIds => stpred"
|
|
|
25 |
|
|
|
26 |
(* actions *)
|
|
|
27 |
RPCFwd :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => action"
|
|
|
28 |
RPCReject :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => action"
|
|
|
29 |
RPCFail :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => action"
|
|
|
30 |
RPCReply :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => action"
|
|
|
31 |
RPCNext :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => action"
|
|
|
32 |
|
|
|
33 |
(* temporal *)
|
|
|
34 |
RPCIPSpec :: "rpcSndChType => rpcRcvChType => rpcStType => PrIds => temporal"
|
|
|
35 |
RPCISpec :: "rpcSndChType => rpcRcvChType => rpcStType => temporal"
|
|
|
36 |
|
|
17309
|
37 |
defs
|
|
|
38 |
RPCInit_def: "RPCInit rcv rst p == PRED ((rst!p = #rpcA) & ~Calling rcv p)"
|
|
3807
|
39 |
|
|
17309
|
40 |
RPCFwd_def: "RPCFwd send rcv rst p == ACT
|
|
3807
|
41 |
$(Calling send p)
|
|
6255
|
42 |
& $(rst!p) = # rpcA
|
|
|
43 |
& IsLegalRcvArg<arg<$(send!p)>>
|
|
|
44 |
& Call rcv p RPCRelayArg<arg<send!p>>
|
|
|
45 |
& (rst!p)$ = # rpcB
|
|
|
46 |
& unchanged (rtrner send!p)"
|
|
3807
|
47 |
|
|
17309
|
48 |
RPCReject_def: "RPCReject send rcv rst p == ACT
|
|
6255
|
49 |
$(rst!p) = # rpcA
|
|
|
50 |
& ~IsLegalRcvArg<arg<$(send!p)>>
|
|
|
51 |
& Return send p #BadCall
|
|
|
52 |
& unchanged ((rst!p), (caller rcv!p))"
|
|
3807
|
53 |
|
|
17309
|
54 |
RPCFail_def: "RPCFail send rcv rst p == ACT
|
|
6255
|
55 |
~$(Calling rcv p)
|
|
|
56 |
& Return send p #RPCFailure
|
|
|
57 |
& (rst!p)$ = #rpcA
|
|
|
58 |
& unchanged (caller rcv!p)"
|
|
3807
|
59 |
|
|
17309
|
60 |
RPCReply_def: "RPCReply send rcv rst p == ACT
|
|
6255
|
61 |
~$(Calling rcv p)
|
|
|
62 |
& $(rst!p) = #rpcB
|
|
17309
|
63 |
& Return send p res<rcv!p>
|
|
6255
|
64 |
& (rst!p)$ = #rpcA
|
|
|
65 |
& unchanged (caller rcv!p)"
|
|
3807
|
66 |
|
|
17309
|
67 |
RPCNext_def: "RPCNext send rcv rst p == ACT
|
|
6255
|
68 |
( RPCFwd send rcv rst p
|
|
|
69 |
| RPCReject send rcv rst p
|
|
|
70 |
| RPCFail send rcv rst p
|
|
|
71 |
| RPCReply send rcv rst p)"
|
|
3807
|
72 |
|
|
17309
|
73 |
RPCIPSpec_def: "RPCIPSpec send rcv rst p == TEMP
|
|
6255
|
74 |
Init RPCInit rcv rst p
|
|
|
75 |
& [][ RPCNext send rcv rst p ]_(rst!p, rtrner send!p, caller rcv!p)
|
|
|
76 |
& WF(RPCNext send rcv rst p)_(rst!p, rtrner send!p, caller rcv!p)"
|
|
3807
|
77 |
|
|
17309
|
78 |
RPCISpec_def: "RPCISpec send rcv rst == TEMP (ALL p. RPCIPSpec send rcv rst p)"
|
|
|
79 |
|
|
|
80 |
ML {* use_legacy_bindings (the_context ()) *}
|
|
3807
|
81 |
|
|
|
82 |
end
|