isabelle: comparison src/HOL/TLA/Memory/Memory.thy

equal deleted inserted replaced

-:bdab93ccfaf8
+:5b946c81dfbf
 type_synonym memChType = "(memOp, Vals) channel"
 type_synonym memType = "(Locs \<Rightarrow> Vals) stfun"  (* intention: MemLocs \<Rightarrow> MemVals *)
 type_synonym resType = "(PrIds \<Rightarrow> Vals) stfun"
-consts
 (* state predicates *)
-MInit      :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
-PInit      :: "resType \<Rightarrow> PrIds \<Rightarrow> stpred"
+definition MInit :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
-(* auxiliary predicates: is there a pending read/write request for
+where "MInit mm l == PRED mm!l = #InitVal"
-some process id and location/value? *)
-RdRequest  :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> stpred"
+definition PInit :: "resType \<Rightarrow> PrIds \<Rightarrow> stpred"
-WrRequest  :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> stpred"
+where "PInit rs p == PRED rs!p = #NotAResult"
-(* actions *)
-GoodRead   :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
+(* auxiliary predicates: is there a pending read/write request for
-BadRead    :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
+some process id and location/value? *)
-ReadInner  :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
-Read       :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
+definition RdRequest :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> stpred"
-GoodWrite  :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
+where "RdRequest ch p l == PRED Calling ch p \<and> (arg<ch!p> = #(read l))"
-BadWrite   :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
-WriteInner :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
+definition WrRequest :: "memChType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> stpred"
-Write      :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
+where "WrRequest ch p l v == PRED Calling ch p \<and> (arg<ch!p> = #(write l v))"
-MemReturn  :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-MemFail    :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-RNext      :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
+(* actions *)
-UNext      :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
+(* a read that doesn't raise BadArg *)
-(* temporal formulas *)
+definition GoodRead :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
-RPSpec     :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
+where "GoodRead mm rs p l == ACT #l \<in> #MemLoc \<and> ((rs!p)$ = $(mm!l))"
-UPSpec     :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
-MSpec      :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> Locs \<Rightarrow> temporal"
+(* a read that raises BadArg *)
-IRSpec     :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
+definition BadRead :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
-IUSpec     :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
+where "BadRead mm rs p l == ACT #l \<notin> #MemLoc \<and> ((rs!p)$ = #BadArg)"
-RSpec      :: "memChType \<Rightarrow> resType \<Rightarrow> temporal"
+(* the read action with l visible *)
-USpec      :: "memChType \<Rightarrow> temporal"
+definition ReadInner :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
+where "ReadInner ch mm rs p l == ACT
-(* memory invariant: in the paper, the invariant is hidden in the definition of
+$(RdRequest ch p l)
-the predicate S used in the implementation proof, but it is easier to verify
+\<and> (GoodRead mm rs p l  \<or>  BadRead mm rs p l)
-at this level. *)
+\<and> unchanged (rtrner ch ! p)"
-MemInv    :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
+(* the read action with l quantified *)
-defs
+definition Read :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-MInit_def:         "MInit mm l == PRED mm!l = #InitVal"
+where "Read ch mm rs p == ACT (\<exists>l. ReadInner ch mm rs p l)"
-PInit_def:         "PInit rs p == PRED rs!p = #NotAResult"
+(* similar definitions for the write action *)
-RdRequest_def:     "RdRequest ch p l == PRED
+definition GoodWrite :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
-Calling ch p \<and> (arg<ch!p> = #(read l))"
+where "GoodWrite mm rs p l v ==
-WrRequest_def:     "WrRequest ch p l v == PRED
+ACT #l \<in> #MemLoc \<and> #v \<in> #MemVal
-Calling ch p \<and> (arg<ch!p> = #(write l v))"
+\<and> ((mm!l)$ = #v) \<and> ((rs!p)$ = #OK)"
-(* a read that doesn't raise BadArg *)
-GoodRead_def:      "GoodRead mm rs p l == ACT
+definition BadWrite :: "memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
-#l \<in> #MemLoc \<and> ((rs!p)$ = $(mm!l))"
+where "BadWrite mm rs p l v == ACT
-(* a read that raises BadArg *)
+\<not> (#l \<in> #MemLoc \<and> #v \<in> #MemVal)
-BadRead_def:       "BadRead mm rs p l == ACT
+\<and> ((rs!p)$ = #BadArg) \<and> unchanged (mm!l)"
-#l \<notin> #MemLoc \<and> ((rs!p)$ = #BadArg)"
-(* the read action with l visible *)
+definition WriteInner :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> Vals \<Rightarrow> action"
-ReadInner_def:     "ReadInner ch mm rs p l == ACT
+where "WriteInner ch mm rs p l v == ACT
-$(RdRequest ch p l)
+$(WrRequest ch p l v)
-\<and> (GoodRead mm rs p l  \<or>  BadRead mm rs p l)
+\<and> (GoodWrite mm rs p l v  \<or>  BadWrite mm rs p l v)
 \<and> unchanged (rtrner ch ! p)"
-(* the read action with l quantified *)
-Read_def:          "Read ch mm rs p == ACT (\<exists>l. ReadInner ch mm rs p l)"
+definition Write :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> Locs \<Rightarrow> action"
+where "Write ch mm rs p l == ACT (\<exists>v. WriteInner ch mm rs p l v)"
-(* similar definitions for the write action *)
-GoodWrite_def:     "GoodWrite mm rs p l v == ACT
-#l \<in> #MemLoc \<and> #v \<in> #MemVal
+(* the return action *)
-\<and> ((mm!l)$ = #v) \<and> ((rs!p)$ = #OK)"
+definition MemReturn :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-BadWrite_def:      "BadWrite mm rs p l v == ACT
+where "MemReturn ch rs p == ACT
-\<not> (#l \<in> #MemLoc \<and> #v \<in> #MemVal)
+(   ($(rs!p) \<noteq> #NotAResult)
-\<and> ((rs!p)$ = #BadArg) \<and> unchanged (mm!l)"
+\<and> ((rs!p)$ = #NotAResult)
-WriteInner_def:    "WriteInner ch mm rs p l v == ACT
+\<and> Return ch p (rs!p))"
-$(WrRequest ch p l v)
-\<and> (GoodWrite mm rs p l v  \<or>  BadWrite mm rs p l v)
+(* the failure action of the unreliable memory *)
-\<and> unchanged (rtrner ch ! p)"
+definition MemFail :: "memChType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-Write_def:         "Write ch mm rs p l == ACT (\<exists>v. WriteInner ch mm rs p l v)"
+where "MemFail ch rs p == ACT
+$(Calling ch p)
-(* the return action *)
+\<and> ((rs!p)$ = #MemFailure)
-MemReturn_def:     "MemReturn ch rs p == ACT
+\<and> unchanged (rtrner ch ! p)"
-(   ($(rs!p) \<noteq> #NotAResult)
-\<and> ((rs!p)$ = #NotAResult)
+(* next-state relations for reliable / unreliable memory *)
-\<and> Return ch p (rs!p))"
+definition RNext :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
+where "RNext ch mm rs p == ACT
-(* the failure action of the unreliable memory *)
+(  Read ch mm rs p
-MemFail_def:       "MemFail ch rs p == ACT
+\<or> (\<exists>l. Write ch mm rs p l)
-$(Calling ch p)
+\<or> MemReturn ch rs p)"
-\<and> ((rs!p)$ = #MemFailure)
-\<and> unchanged (rtrner ch ! p)"
+definition UNext :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> action"
-(* next-state relations for reliable / unreliable memory *)
+where "UNext ch mm rs p == ACT (RNext ch mm rs p \<or> MemFail ch rs p)"
-RNext_def:         "RNext ch mm rs p == ACT
-(  Read ch mm rs p
-\<or> (\<exists>l. Write ch mm rs p l)
+(* temporal formulas *)
-\<or> MemReturn ch rs p)"
-UNext_def:         "UNext ch mm rs p == ACT
+definition RPSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
-(RNext ch mm rs p \<or> MemFail ch rs p)"
+where "RPSpec ch mm rs p == TEMP
+Init(PInit rs p)
-RPSpec_def:        "RPSpec ch mm rs p == TEMP
+\<and> \<box>[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
-Init(PInit rs p)
+\<and> WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
-\<and> \<box>[ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
+\<and> WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
-\<and> WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
-\<and> WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
+definition UPSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> PrIds \<Rightarrow> temporal"
-UPSpec_def:        "UPSpec ch mm rs p == TEMP
+where "UPSpec ch mm rs p == TEMP
 Init(PInit rs p)
 \<and> \<box>[ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
 \<and> WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
 \<and> WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
-MSpec_def:         "MSpec ch mm rs l == TEMP
-Init(MInit mm l)
+definition MSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> Locs \<Rightarrow> temporal"
-\<and> \<box>[ \<exists>p. Write ch mm rs p l ]_(mm!l)"
+where "MSpec ch mm rs l == TEMP
-IRSpec_def:        "IRSpec ch mm rs == TEMP
+Init(MInit mm l)
-(\<forall>p. RPSpec ch mm rs p)
+\<and> \<box>[ \<exists>p. Write ch mm rs p l ]_(mm!l)"
-\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
-IUSpec_def:        "IUSpec ch mm rs == TEMP
+definition IRSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
-(\<forall>p. UPSpec ch mm rs p)
+where "IRSpec ch mm rs == TEMP
-\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
+(\<forall>p. RPSpec ch mm rs p)
+\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
-RSpec_def:         "RSpec ch rs == TEMP (\<exists>\<exists>mm. IRSpec ch mm rs)"
-USpec_def:         "USpec ch == TEMP (\<exists>\<exists>mm rs. IUSpec ch mm rs)"
+definition IUSpec :: "memChType \<Rightarrow> memType \<Rightarrow> resType \<Rightarrow> temporal"
+where "IUSpec ch mm rs == TEMP
-MemInv_def:        "MemInv mm l == PRED  #l \<in> #MemLoc \<longrightarrow> mm!l \<in> #MemVal"
+(\<forall>p. UPSpec ch mm rs p)
+\<and> (\<forall>l. #l \<in> #MemLoc \<longrightarrow> MSpec ch mm rs l)"
+definition RSpec :: "memChType \<Rightarrow> resType \<Rightarrow> temporal"
+where "RSpec ch rs == TEMP (\<exists>\<exists>mm. IRSpec ch mm rs)"
+definition USpec :: "memChType \<Rightarrow> temporal"
+where "USpec ch == TEMP (\<exists>\<exists>mm rs. IUSpec ch mm rs)"
+(* memory invariant: in the paper, the invariant is hidden in the definition of
+the predicate S used in the implementation proof, but it is easier to verify
+at this level. *)
+definition MemInv :: "memType \<Rightarrow> Locs \<Rightarrow> stpred"
+where "MemInv mm l == PRED  #l \<in> #MemLoc \<longrightarrow> mm!l \<in> #MemVal"
 lemmas RM_action_defs =
 MInit_def PInit_def RdRequest_def WrRequest_def MemInv_def
 GoodRead_def BadRead_def ReadInner_def Read_def
 GoodWrite_def BadWrite_def WriteInner_def Write_def

changeset 62145	5b946c81dfbf
parent 60592	c9bd1d902f04
child 62146	324bc1ffba12