isabelle: src/HOL/UNITY/Simple/Deadlock.thy@e2fcd88be55d (annotated)

13785 e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	1	(* Title: HOL/UNITY/Deadlock
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	2	ID: $Id$
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	4	Copyright 1998 University of Cambridge
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	5
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	6	Deadlock examples from section 5.6 of
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	7	Misra, "A Logic for Concurrent Programming", 1994
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	8	*)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	9
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	10	theory Deadlock = UNITY:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	11
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	12	(Trivial, two-process case)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	13	lemma "[\| F : (A Int B) co A; F : (B Int A) co B \|] ==> F : stable (A Int B)"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	14	by (unfold constrains_def stable_def, blast)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	15
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	16
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	17	(a simplification step)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	18	lemma Collect_le_Int_equals:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	19	"(INT i: atMost n. A(Suc i) Int A i) = (INT i: atMost (Suc n). A i)"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	20	apply (induct_tac "n")
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	21	apply (simp_all (no_asm_simp) add: atMost_Suc)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	22	apply auto
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	23	done
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	24
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	25	(Dual of the required property. Converse inclusion fails.)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	26	lemma UN_Int_Compl_subset:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	27	"(UN i: lessThan n. A i) Int (- A n) <=
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	28	(UN i: lessThan n. (A i) Int (- A (Suc i)))"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	29	apply (induct_tac "n")
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	30	apply (simp (no_asm_simp))
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	31	apply (simp (no_asm) add: lessThan_Suc)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	32	apply blast
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	33	done
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	34
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	35
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	36	(Converse inclusion fails.)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	37	lemma INT_Un_Compl_subset:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	38	"(INT i: lessThan n. -A i Un A (Suc i)) <=
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	39	(INT i: lessThan n. -A i) Un A n"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	40	apply (induct_tac "n")
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	41	apply (simp (no_asm_simp))
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	42	apply (simp (no_asm_simp) add: lessThan_Suc)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	43	apply blast
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	44	done
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	45
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	46
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	47	(Specialized rewriting)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	48	lemma INT_le_equals_Int_lemma:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	49	"A 0 Int (-(A n) Int (INT i: lessThan n. -A i Un A (Suc i))) = {}"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	50	by (blast intro: gr0I dest: INT_Un_Compl_subset [THEN subsetD])
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	51
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	52	(Reverse direction makes it harder to invoke the ind hyp)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	53	lemma INT_le_equals_Int:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	54	"(INT i: atMost n. A i) =
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	55	A 0 Int (INT i: lessThan n. -A i Un A(Suc i))"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	56	apply (induct_tac "n", simp)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	57	apply (simp add: Int_ac Int_Un_distrib Int_Un_distrib2
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	58	INT_le_equals_Int_lemma lessThan_Suc atMost_Suc)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	59	done
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	60
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	61	lemma INT_le_Suc_equals_Int:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	62	"(INT i: atMost (Suc n). A i) =
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	63	A 0 Int (INT i: atMost n. -A i Un A(Suc i))"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	64	by (simp add: lessThan_Suc_atMost INT_le_equals_Int)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	65
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	66
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	67	(The final deadlock example)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	68	lemma
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	69	assumes zeroprem: "F : (A 0 Int A (Suc n)) co (A 0)"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	70	and allprem:
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	71	"!!i. i: atMost n ==> F : (A(Suc i) Int A i) co (-A i Un A(Suc i))"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	72	shows "F : stable (INT i: atMost (Suc n). A i)"
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	73	apply (unfold stable_def)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	74	apply (rule constrains_Int [THEN constrains_weaken])
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	75	apply (rule zeroprem)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	76	apply (rule constrains_INT)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	77	apply (erule allprem)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	78	apply (simp add: Collect_le_Int_equals Int_assoc INT_absorb)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	79	apply (simp add: INT_le_Suc_equals_Int)
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	80	done
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	81
e2fcd88be55d Partial conversion of UNITY to Isar new-style theories paulson parents: 11195 diff changeset	82	end

author	paulson
	Fri, 24 Jan 2003 14:06:49 +0100
changeset 13785	e2fcd88be55d
parent 11195	65ede8dfe304
child 13806	fd40c9d9076b
permissions	-rw-r--r--