isabelle: src/HOL/UNITY/Alloc.thy@de4d358bf01e (annotated)

6815 de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	1	(* Title: HOL/UNITY/Alloc
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	2	ID: $Id$
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	5
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	6	Specification of Chandy and Charpentier's Allocator
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	7	*)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	8
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	9	Alloc = Follows + Comp +
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	10
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	11	(simplifies the expression of some specifications)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	12	constdefs
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	13	sub :: ['a, 'a=>'b] => 'b
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	14	"sub i f == f i"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	15
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	16	(*Duplicated from HOL/ex/NatSum.thy.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	17	Maybe type should be [nat=>int, nat] => int**)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	18	consts sum :: [nat=>nat, nat] => nat
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	19	primrec
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	20	"sum f 0 = 0"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	21	"sum f (Suc n) = f(n) + sum f n"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	22
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	23
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	24	(This function merely sums the elements of a list)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	25	consts tokens :: nat list => nat
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	26	primrec
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	27	"tokens [] = 0"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	28	"tokens (x#xs) = x + tokens xs"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	29
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	30
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	31	consts
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	32	NbT :: nat (Number of tokens in system)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	33	Nclients :: nat (Number of clients)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	34
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	35
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	36	record clientState =
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	37	giv :: nat list (client's INPUT history: tokens GRANTED)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	38	ask :: nat list (client's OUTPUT history: tokens REQUESTED)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	39	rel :: nat list (client's OUTPUT history: tokens RELEASED)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	40
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	41	record allocState =
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	42	allocGiv :: nat => nat list (allocator's local copy of "giv" for i)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	43	allocAsk :: nat => nat list (allocator's local copy of "ask" for i)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	44	allocRel :: nat => nat list (allocator's local copy of "rel" for i)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	45
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	46	record systemState = allocState +
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	47	client :: nat => clientState (states of all clients)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	48
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	49
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	50	constdefs
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	51
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	52	( Resource allocation system specification )
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	53
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	54	(spec (1))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	55	system_safety :: systemState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	56	"system_safety ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	57	Always {s. sum (%i. (tokens o giv o sub i o client) s) Nclients
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	58	<= NbT + sum (%i. (tokens o rel o sub i o client) s) Nclients}"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	59
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	60	(spec (2))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	61	system_progress :: systemState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	62	"system_progress == INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	63	INT h.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	64	{s. h <= (ask o sub i o client)s} LeadsTo
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	65	{s. h pfix_le (giv o sub i o client) s}"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	66
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	67	( Client specification (required) *)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	68
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	69	(spec (3))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	70	client_increasing :: clientState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	71	"client_increasing ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	72	UNIV guarantees Increasing ask Int Increasing rel"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	73
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	74	(spec (4))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	75	client_bounded :: clientState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	76	"client_bounded ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	77	UNIV guarantees Always {s. ALL elt : set (ask s). elt <= NbT}"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	78
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	79	(spec (5))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	80	client_progress :: clientState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	81	"client_progress ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	82	Increasing giv
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	83	guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	84	(INT h. {s. h <= giv s & h pfix_ge ask s}
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	85	LeadsTo
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	86	{s. tokens h <= (tokens o rel) s})"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	87
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	88	( Allocator specification (required) *)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	89
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	90	(spec (6))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	91	alloc_increasing :: allocState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	92	"alloc_increasing ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	93	UNIV
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	94	guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	95	(INT i : lessThan Nclients. Increasing (sub i o allocAsk))"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	96
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	97	(spec (7))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	98	alloc_safety :: allocState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	99	"alloc_safety ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	100	(INT i : lessThan Nclients. Increasing (sub i o allocRel))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	101	guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	102	Always {s. sum (%i. (tokens o sub i o allocGiv) s) Nclients
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	103	<= NbT + sum (%i. (tokens o sub i o allocRel) s) Nclients}"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	104
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	105	(spec (8))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	106	alloc_progress :: allocState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	107	"alloc_progress ==
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	108	(INT i : lessThan Nclients. Increasing (sub i o allocAsk) Int
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	109	Increasing (sub i o allocRel))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	110	Int
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	111	Always {s. ALL i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	112	ALL k : lessThan (length (allocAsk s i)).
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	113	allocAsk s i ! k <= NbT}
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	114	Int
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	115	(INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	116	INT h. {s. h <= (sub i o allocGiv)s & h pfix_ge (sub i o allocAsk)s}
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	117	LeadsTo {s. tokens h <= (tokens o sub i o allocRel)s})
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	118	guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	119	(INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	120	INT h. {s. h <= (sub i o allocAsk) s} LeadsTo
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	121	{s. h pfix_le (sub i o allocGiv) s})"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	122
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	123	( Network specification *)
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	124
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	125	(spec (9.1))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	126	network_ask :: systemState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	127	"network_ask == INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	128	Increasing (ask o sub i o client) guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	129	((sub i o allocAsk) Fols (ask o sub i o client))"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	130
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	131	(spec (9.2))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	132	network_giv :: systemState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	133	"network_giv == INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	134	Increasing (sub i o allocGiv) guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	135	((giv o sub i o client) Fols (sub i o allocGiv))"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	136
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	137	(spec (9.3))
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	138	network_rel :: systemState program set
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	139	"network_rel == INT i : lessThan Nclients.
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	140	Increasing (rel o sub i o client) guarantees
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	141	((sub i o allocRel) Fols (rel o sub i o client))"
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	142
de4d358bf01e The Allocator example: specifications paulson parents: diff changeset	143	end

author	paulson
	Thu, 10 Jun 1999 12:36:19 +0200
changeset 6815	de4d358bf01e
child 6827	b69a2585ec0f
permissions	-rw-r--r--