Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/TLA/Buffer/DBuffer.thy
changeset 60587 0318b43ee95c
parent 58889 5b7a9633cfa8
child 60588 750c533459b1
equal deleted inserted replaced
60586:1d31e3a50373 60587:0318b43ee95c 
    35   DBPass_def:     "DBPass   == ACT  Deq inp q1 mid
 
    35   DBPass_def:     "DBPass   == ACT  Deq inp q1 mid
 
    36                                  & (q2$ = $q2 @ [ mid$ ])
 
    36                                  & (q2$ = $q2 @ [ mid$ ])
 
    37                                  & (out$ = $out)" and
 
    37                                  & (out$ = $out)" and
 
    38   DBNext_def:     "DBNext   == ACT  (DBEnq | DBDeq | DBPass)" and
 
    38   DBNext_def:     "DBNext   == ACT  (DBEnq | DBDeq | DBPass)" and
 
    39   DBuffer_def:    "DBuffer  == TEMP Init DBInit
 
    39   DBuffer_def:    "DBuffer  == TEMP Init DBInit
 
    40                                  & [][DBNext]_(inp,mid,out,q1,q2)
 
    40                                  & \<box>[DBNext]_(inp,mid,out,q1,q2)
 
    41                                  & WF(DBDeq)_(inp,mid,out,q1,q2)
 
    41                                  & WF(DBDeq)_(inp,mid,out,q1,q2)
 
    42                                  & WF(DBPass)_(inp,mid,out,q1,q2)"
 
    42                                  & WF(DBPass)_(inp,mid,out,q1,q2)"
 
    43 
    43 
    44 
    44 
    45 declare qc_def [simp]
 
    45 declare qc_def [simp]
 
    70   apply (unfold angle_def DBDeq_def Deq_def)
 
    70   apply (unfold angle_def DBDeq_def Deq_def)
 
    71   apply (safe, simp (asm_lr))+
 
    71   apply (safe, simp (asm_lr))+
 
    72   done
 
    72   done
 
    73 
    73 
    74 lemma DBDeq_enabled: 
    74 lemma DBDeq_enabled: 
    75     "|- Enabled (<DBDeq>_(inp,mid,out,q1,q2)) = (q2 ~= #[])"
 
    75     "|- Enabled (<DBDeq>_(inp,mid,out,q1,q2)) = (q2 \<noteq> #[])"
 
    76   apply (unfold DBDeq_visible [action_rewrite])
 
    76   apply (unfold DBDeq_visible [action_rewrite])
 
    77   apply (force intro!: DB_base [THEN base_enabled, temp_use]
 
    77   apply (force intro!: DB_base [THEN base_enabled, temp_use]
 
    78     elim!: enabledE simp: angle_def DBDeq_def Deq_def)
 
    78     elim!: enabledE simp: angle_def DBDeq_def Deq_def)
 
    79   done
 
    79   done
 
    80 
    80 
    81 lemma DBPass_visible: "|- <DBPass>_(inp,mid,out,q1,q2) = DBPass"
 
    81 lemma DBPass_visible: "|- <DBPass>_(inp,mid,out,q1,q2) = DBPass"
 
    82   by (auto simp: angle_def DBPass_def Deq_def)
 
    82   by (auto simp: angle_def DBPass_def Deq_def)
 
    83 
    83 
    84 lemma DBPass_enabled: 
    84 lemma DBPass_enabled: 
    85     "|- Enabled (<DBPass>_(inp,mid,out,q1,q2)) = (q1 ~= #[])"
 
    85     "|- Enabled (<DBPass>_(inp,mid,out,q1,q2)) = (q1 \<noteq> #[])"
 
    86   apply (unfold DBPass_visible [action_rewrite])
 
    86   apply (unfold DBPass_visible [action_rewrite])
 
    87   apply (force intro!: DB_base [THEN base_enabled, temp_use]
 
    87   apply (force intro!: DB_base [THEN base_enabled, temp_use]
 
    88     elim!: enabledE simp: angle_def DBPass_def Deq_def)
 
    88     elim!: enabledE simp: angle_def DBPass_def Deq_def)
 
    89   done
 
    89   done
 
    90 
    90 
    91 
    91 
    92 (* The plan for proving weak fairness at the higher level is to prove
 
    92 (* The plan for proving weak fairness at the higher level is to prove
 
    93    (0)  DBuffer => (Enabled (Deq inp qc out) ~> (Deq inp qc out))
 
    93    (0)  DBuffer => (Enabled (Deq inp qc out) \<leadsto> (Deq inp qc out))
 
    94    which is in turn reduced to the two leadsto conditions
 
    94    which is in turn reduced to the two leadsto conditions
 
    95    (1)  DBuffer => (Enabled (Deq inp qc out) ~> q2 ~= [])
 
    95    (1)  DBuffer => (Enabled (Deq inp qc out) \<leadsto> q2 \<noteq> [])
 
    96    (2)  DBuffer => (q2 ~= [] ~> DBDeq)
 
    96    (2)  DBuffer => (q2 \<noteq> [] \<leadsto> DBDeq)
 
    97    and the fact that DBDeq implies <Deq inp qc out>_(inp,qc,out)
 
    97    and the fact that DBDeq implies <Deq inp qc out>_(inp,qc,out)
 
    98    (and therefore DBDeq ~> <Deq inp qc out>_(inp,qc,out) trivially holds).
 
    98    (and therefore DBDeq \<leadsto> <Deq inp qc out>_(inp,qc,out) trivially holds).
 
    99 
    99 
   100    Condition (1) is reduced to
 
   100    Condition (1) is reduced to
 
   101    (1a) DBuffer => (qc ~= [] /\ q2 = [] ~> q2 ~= [])
 
   101    (1a) DBuffer => (qc \<noteq> [] /\ q2 = [] \<leadsto> q2 \<noteq> [])
 
   102    by standard leadsto rules (leadsto_classical) and rule Deq_enabledE.
 
   102    by standard leadsto rules (leadsto_classical) and rule Deq_enabledE.
 
   103 
   103 
   104    Both (1a) and (2) are proved from DBuffer's WF conditions by standard
 
   104    Both (1a) and (2) are proved from DBuffer's WF conditions by standard
 
   105    WF reasoning (Lamport's WF1 and WF_leadsto).
 
   105    WF reasoning (Lamport's WF1 and WF_leadsto).
 
   106    The condition WF(Deq inp qc out) follows from (0) by rule leadsto_WF.
 
   106    The condition WF(Deq inp qc out) follows from (0) by rule leadsto_WF.
 
   107 
   107 
   108    One could use Lamport's WF2 instead.
 
   108    One could use Lamport's WF2 instead.
 
   109 *)
 
   109 *)
 
   110 
   110 
   111 (* Condition (1a) *)
 
   111 (* Condition (1a) *)
 
   112 lemma DBFair_1a: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   112 lemma DBFair_1a: "|- \<box>[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   113          --> (qc ~= #[] & q2 = #[] ~> q2 ~= #[])"
 
   113          --> (qc \<noteq> #[] & q2 = #[] \<leadsto> q2 \<noteq> #[])"
 
   114   apply (rule WF1)
 
   114   apply (rule WF1)
 
   115     apply (force simp: db_defs)
 
   115     apply (force simp: db_defs)
 
   116    apply (force simp: angle_def DBPass_def)
 
   116    apply (force simp: angle_def DBPass_def)
 
   117   apply (force simp: DBPass_enabled [temp_use])
 
   117   apply (force simp: DBPass_enabled [temp_use])
 
   118   done
 
   118   done
 
   119 
   119 
   120 (* Condition (1) *)
 
   120 (* Condition (1) *)
 
   121 lemma DBFair_1: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   121 lemma DBFair_1: "|- \<box>[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   122          --> (Enabled (<Deq inp qc out>_(inp,qc,out)) ~> q2 ~= #[])"
 
   122          --> (Enabled (<Deq inp qc out>_(inp,qc,out)) \<leadsto> q2 \<noteq> #[])"
 
   123   apply clarsimp
 
   123   apply clarsimp
 
   124   apply (rule leadsto_classical [temp_use])
 
   124   apply (rule leadsto_classical [temp_use])
 
   125   apply (rule DBFair_1a [temp_use, THEN LatticeTransitivity [temp_use]])
 
   125   apply (rule DBFair_1a [temp_use, THEN LatticeTransitivity [temp_use]])
 
   126   apply assumption+
 
   126   apply assumption+
 
   127   apply (rule ImplLeadsto_gen [temp_use])
 
   127   apply (rule ImplLeadsto_gen [temp_use])
 
   128   apply (force intro!: necT [temp_use] dest!: STL2_gen [temp_use] Deq_enabledE [temp_use]
 
   128   apply (force intro!: necT [temp_use] dest!: STL2_gen [temp_use] Deq_enabledE [temp_use]
 
   129     simp add: Init_defs)
 
   129     simp add: Init_defs)
 
   130   done
 
   130   done
 
   131 
   131 
   132 (* Condition (2) *)
 
   132 (* Condition (2) *)
 
   133 lemma DBFair_2: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBDeq)_(inp,mid,out,q1,q2)  
   133 lemma DBFair_2: "|- \<box>[DBNext]_(inp,mid,out,q1,q2) & WF(DBDeq)_(inp,mid,out,q1,q2)  
   134          --> (q2 ~= #[] ~> DBDeq)"
 
   134          --> (q2 \<noteq> #[] \<leadsto> DBDeq)"
 
   135   apply (rule WF_leadsto)
 
   135   apply (rule WF_leadsto)
 
   136     apply (force simp: DBDeq_enabled [temp_use])
 
   136     apply (force simp: DBDeq_enabled [temp_use])
 
   137    apply (force simp: angle_def)
 
   137    apply (force simp: angle_def)
 
   138   apply (force simp: db_defs elim!: Stable [temp_use])
 
   138   apply (force simp: db_defs elim!: Stable [temp_use])
 
   139   done
 
   139   done
 
   140 
   140 
   141 (* High-level fairness *)
 
   141 (* High-level fairness *)
 
   142 lemma DBFair: "|- [][DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   142 lemma DBFair: "|- \<box>[DBNext]_(inp,mid,out,q1,q2) & WF(DBPass)_(inp,mid,out,q1,q2)  
   143                                         & WF(DBDeq)_(inp,mid,out,q1,q2)   
   143                                         & WF(DBDeq)_(inp,mid,out,q1,q2)   
   144          --> WF(Deq inp qc out)_(inp,qc,out)"
 
   144          --> WF(Deq inp qc out)_(inp,qc,out)"
 
   145   apply (auto simp del: qc_def intro!: leadsto_WF [temp_use]
 
   145   apply (auto simp del: qc_def intro!: leadsto_WF [temp_use]
 
   146     DBFair_1 [temp_use, THEN [2] LatticeTransitivity [temp_use]]
 
   146     DBFair_1 [temp_use, THEN [2] LatticeTransitivity [temp_use]]
 
   147     DBFair_2 [temp_use, THEN [2] LatticeTransitivity [temp_use]])
 
   147     DBFair_2 [temp_use, THEN [2] LatticeTransitivity [temp_use]])
isabelle