|
5636
|
1 |
(* Title: HOL/UNITY/Client.thy
|
|
|
2 |
ID: $Id$
|
|
|
3 |
Author: Lawrence C Paulson, Cambridge University Computer Laboratory
|
|
|
4 |
Copyright 1998 University of Cambridge
|
|
|
5 |
|
|
|
6 |
Distributed Resource Management System: the Client
|
|
|
7 |
*)
|
|
|
8 |
|
|
|
9 |
Client = Comp + Prefix +
|
|
|
10 |
|
|
|
11 |
constdefs (*MOVE higher-up: UNITY.thy or Traces.thy ???*)
|
|
|
12 |
always :: "'a set => 'a program set"
|
|
|
13 |
"always A == {F. reachable F <= A}"
|
|
|
14 |
|
|
|
15 |
(*The traditional word for inductive properties. Anyway, INDUCTIVE is
|
|
|
16 |
reserved!*)
|
|
|
17 |
invariant :: "'a set => 'a program set"
|
|
|
18 |
"invariant A == {F. Init F <= A & stable (Acts F) A}"
|
|
|
19 |
|
|
|
20 |
(*Polymorphic in both states and the meaning of <= *)
|
|
|
21 |
increasing :: "['a => 'b::{ord}] => 'a program set"
|
|
|
22 |
"increasing f == {F. ALL z. stable (Acts F) {s. z <= f s}}"
|
|
|
23 |
|
|
|
24 |
(*The set of systems that regard "f" as local to F*)
|
|
|
25 |
localTo :: ['a => 'b, 'a program] => 'a program set (infixl 80)
|
|
|
26 |
"f localTo F == {G. ALL z. stable (Acts G - Acts F) {s. f s = z}}"
|
|
|
27 |
|
|
|
28 |
|
|
|
29 |
consts
|
|
|
30 |
Max :: nat (*Maximum number of tokens*)
|
|
|
31 |
|
|
|
32 |
types
|
|
|
33 |
tokbag = nat (*tokbags could be multisets...or any ordered type?*)
|
|
|
34 |
|
|
|
35 |
record state =
|
|
|
36 |
giv :: tokbag list (*input history: tokens granted*)
|
|
|
37 |
ask :: tokbag list (*output history: tokens requested*)
|
|
|
38 |
rel :: tokbag list (*output history: tokens released*)
|
|
|
39 |
tok :: tokbag (*current token request*)
|
|
|
40 |
|
|
|
41 |
|
|
|
42 |
(*Array indexing is translated to list indexing as A[n] == A!(n-1). *)
|
|
|
43 |
|
|
|
44 |
constdefs
|
|
|
45 |
|
|
|
46 |
(** Release some tokens **)
|
|
|
47 |
|
|
|
48 |
rel_act :: "(state*state) set"
|
|
|
49 |
"rel_act == {(s,s').
|
|
|
50 |
EX nrel. nrel = length (rel s) &
|
|
|
51 |
s' = s (| rel := rel s @ [giv s!nrel] |) &
|
|
|
52 |
nrel < length (giv s) &
|
|
|
53 |
ask s!nrel <= giv s!nrel}"
|
|
|
54 |
|
|
|
55 |
(** Choose a new token requirement **)
|
|
|
56 |
|
|
|
57 |
(** Including s'=s suppresses fairness, allowing the non-trivial part
|
|
|
58 |
of the action to be ignored **)
|
|
|
59 |
|
|
|
60 |
tok_act :: "(state*state) set"
|
|
|
61 |
"tok_act == {(s,s'). s'=s | (EX t: atMost Max. s' = s (|tok := t|))}"
|
|
|
62 |
|
|
|
63 |
ask_act :: "(state*state) set"
|
|
|
64 |
"ask_act == {(s,s'). s'=s |
|
|
|
65 |
(s' = s (|ask := ask s @ [tok s]|) &
|
|
|
66 |
length (ask s) = length (rel s))}"
|
|
|
67 |
|
|
|
68 |
Cli_prg :: state program
|
|
|
69 |
"Cli_prg == mk_program ({s. tok s : atMost Max &
|
|
|
70 |
giv s = [] &
|
|
|
71 |
ask s = [] &
|
|
|
72 |
rel s = []},
|
|
|
73 |
{rel_act, tok_act, ask_act})"
|
|
|
74 |
|
|
|
75 |
giv_meets_ask :: state set
|
|
|
76 |
"giv_meets_ask ==
|
|
|
77 |
{s. length (giv s) <= length (ask s) &
|
|
|
78 |
(ALL n: lessThan (length (giv s)). ask s!n <= giv s!n)}"
|
|
|
79 |
|
|
|
80 |
end
|