Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/UNITY/Alloc.thy
changeset 6827 b69a2585ec0f
parent 6815 de4d358bf01e
child 6837 1bd850260747
equal deleted inserted replaced
6826:02c4dd469ec0 6827:b69a2585ec0f 
     4     Copyright   1998  University of Cambridge
 
     4     Copyright   1998  University of Cambridge
 
     5 
     5 
     6 Specification of Chandy and Charpentier's Allocator
 
     6 Specification of Chandy and Charpentier's Allocator
 
     7 *)
 
     7 *)
 
     8 
     8 
     9 Alloc = Follows + Comp +
 
     9 Alloc = Follows + Extend + PPROD +
 
    10 
    10 
    11 (*simplifies the expression of some specifications*)
 
    11 (*simplifies the expression of some specifications*)
 
    12 constdefs
 
    12 constdefs
 
    13   sub :: ['a, 'a=>'b] => 'b
 
    13   sub :: ['a, 'a=>'b] => 'b
 
    14     "sub i f == f i"
 
    14     "sub i f == f i"
 
    60   (*spec (2)*)
 
    60   (*spec (2)*)
 
    61   system_progress :: systemState program set
 
    61   system_progress :: systemState program set
 
    62     "system_progress == INT i : lessThan Nclients.
 
    62     "system_progress == INT i : lessThan Nclients.
 
    63 			INT h. 
    63 			INT h. 
    64 			  {s. h <= (ask o sub i o client)s} LeadsTo
 
    64 			  {s. h <= (ask o sub i o client)s} LeadsTo
 
    65 			  {s. h pfix_le (giv o sub i o client) s}"
 
    65 			  {s. h pfixLe (giv o sub i o client) s}"
 
       
    66 
       
    67   system_spec :: systemState program set
 
       
    68     "system_spec == system_safety Int system_progress"
 
    66 
    69 
    67 (** Client specification (required) ***)
 
    70 (** Client specification (required) ***)
 
    68 
    71 
    69   (*spec (3)*)
 
    72   (*spec (3)*)
 
    70   client_increasing :: clientState program set
 
    73   client_increasing :: clientState program set
 
    71     "client_increasing ==
 
    74     "client_increasing ==
 
    72          UNIV guarantees Increasing ask Int Increasing rel"
 
    75          UNIV guar Increasing ask Int Increasing rel"
 
    73 
    76 
    74   (*spec (4)*)
 
    77   (*spec (4)*)
 
    75   client_bounded :: clientState program set
 
    78   client_bounded :: clientState program set
 
    76     "client_bounded ==
 
    79     "client_bounded ==
 
    77          UNIV guarantees Always {s. ALL elt : set (ask s). elt <= NbT}"
 
    80          UNIV guar Always {s. ALL elt : set (ask s). elt <= NbT}"
 
    78 
    81 
    79   (*spec (5)*)
 
    82   (*spec (5)*)
 
    80   client_progress :: clientState program set
 
    83   client_progress :: clientState program set
 
    81     "client_progress ==
 
    84     "client_progress ==
 
    82 	 Increasing giv
 
    85 	 Increasing giv
 
    83 	 guarantees
 
    86 	 guar
 
    84 	 (INT h. {s. h <= giv s & h pfix_ge ask s}
 
    87 	 (INT h. {s. h <= giv s & h pfixGe ask s}
 
    85 		 LeadsTo
 
    88 		 LeadsTo
 
    86 		 {s. tokens h <= (tokens o rel) s})"
 
    89 		 {s. tokens h <= (tokens o rel) s})"
 
       
    90 
       
    91   client_spec :: clientState program set
 
       
    92     "client_spec == client_increasing Int client_bounded Int client_progress"
 
    87 
    93 
    88 (** Allocator specification (required) ***)
 
    94 (** Allocator specification (required) ***)
 
    89 
    95 
    90   (*spec (6)*)
 
    96   (*spec (6)*)
 
    91   alloc_increasing :: allocState program set
 
    97   alloc_increasing :: allocState program set
 
    92     "alloc_increasing ==
 
    98     "alloc_increasing ==
 
    93 	 UNIV
 
    99 	 UNIV
 
    94          guarantees
 
   100          guar
 
    95 	 (INT i : lessThan Nclients. Increasing (sub i o allocAsk))"
 
   101 	 (INT i : lessThan Nclients. Increasing (sub i o allocAsk))"
 
    96 
   102 
    97   (*spec (7)*)
 
   103   (*spec (7)*)
 
    98   alloc_safety :: allocState program set
 
   104   alloc_safety :: allocState program set
 
    99     "alloc_safety ==
 
   105     "alloc_safety ==
 
   100 	 (INT i : lessThan Nclients. Increasing (sub i o allocRel))
 
   106 	 (INT i : lessThan Nclients. Increasing (sub i o allocRel))
 
   101          guarantees
 
   107          guar
 
   102 	 Always {s. sum (%i. (tokens o sub i o allocGiv) s) Nclients
 
   108 	 Always {s. sum (%i. (tokens o sub i o allocGiv) s) Nclients
 
   103 	         <= NbT + sum (%i. (tokens o sub i o allocRel) s) Nclients}"
 
   109 	         <= NbT + sum (%i. (tokens o sub i o allocRel) s) Nclients}"
 
   104 
   110 
   105   (*spec (8)*)
 
   111   (*spec (8)*)
 
   106   alloc_progress :: allocState program set
 
   112   alloc_progress :: allocState program set
 
   111          Always {s. ALL i : lessThan Nclients.
 
   117          Always {s. ALL i : lessThan Nclients.
 
   112 		    ALL k : lessThan (length (allocAsk s i)).
 
   118 		    ALL k : lessThan (length (allocAsk s i)).
 
   113 		    allocAsk s i ! k <= NbT}
 
   119 		    allocAsk s i ! k <= NbT}
 
   114          Int
 
   120          Int
 
   115          (INT i : lessThan Nclients. 
   121          (INT i : lessThan Nclients. 
   116 	  INT h. {s. h <= (sub i o allocGiv)s & h pfix_ge (sub i o allocAsk)s}
 
   122 	  INT h. {s. h <= (sub i o allocGiv)s & h pfixGe (sub i o allocAsk)s}
 
   117 		  LeadsTo {s. tokens h <= (tokens o sub i o allocRel)s})
 
   123 		  LeadsTo {s. tokens h <= (tokens o sub i o allocRel)s})
 
   118          guarantees
 
   124          guar
 
   119 	     (INT i : lessThan Nclients.
 
   125 	     (INT i : lessThan Nclients.
 
   120 	      INT h. {s. h <= (sub i o allocAsk) s} LeadsTo
 
   126 	      INT h. {s. h <= (sub i o allocAsk) s} LeadsTo
 
   121 	             {s. h pfix_le (sub i o allocGiv) s})"
 
   127 	             {s. h pfixLe (sub i o allocGiv) s})"
 
       
   128 
       
   129   alloc_spec :: allocState program set
 
       
   130     "alloc_spec == alloc_increasing Int alloc_safety Int alloc_progress"
 
   122 
   131 
   123 (** Network specification ***)
 
   132 (** Network specification ***)
 
   124 
   133 
   125   (*spec (9.1)*)
 
   134   (*spec (9.1)*)
 
   126   network_ask :: systemState program set
 
   135   network_ask :: systemState program set
 
   127     "network_ask == INT i : lessThan Nclients.
 
   136     "network_ask == INT i : lessThan Nclients.
 
   128                     Increasing (ask o sub i o client) guarantees
 
   137                     Increasing (ask o sub i o client)
 
       
   138                     guar
 
   129                     ((sub i o allocAsk) Fols (ask o sub i o client))"
 
   139                     ((sub i o allocAsk) Fols (ask o sub i o client))"
 
   130 
   140 
   131   (*spec (9.2)*)
 
   141   (*spec (9.2)*)
 
   132   network_giv :: systemState program set
 
   142   network_giv :: systemState program set
 
   133     "network_giv == INT i : lessThan Nclients.
 
   143     "network_giv == INT i : lessThan Nclients.
 
   134                     Increasing (sub i o allocGiv) guarantees
 
   144                     Increasing (sub i o allocGiv)
 
       
   145                     guar
 
   135                     ((giv o sub i o client) Fols (sub i o allocGiv))"
 
   146                     ((giv o sub i o client) Fols (sub i o allocGiv))"
 
   136 
   147 
   137   (*spec (9.3)*)
 
   148   (*spec (9.3)*)
 
   138   network_rel :: systemState program set
 
   149   network_rel :: systemState program set
 
   139     "network_rel == INT i : lessThan Nclients.
 
   150     "network_rel == INT i : lessThan Nclients.
 
   140                     Increasing (rel o sub i o client) guarantees
 
   151                     Increasing (rel o sub i o client)
 
       
   152                     guar
 
   141                     ((sub i o allocRel) Fols (rel o sub i o client))"
 
   153                     ((sub i o allocRel) Fols (rel o sub i o client))"
 
   142 
   154 
       
   155   network_spec :: systemState program set
 
       
   156     "network_spec == network_ask Int network_giv Int network_rel"
 
       
   157 
       
   158 
       
   159 (** State mappings **)
 
       
   160   sysOfAlloc :: "(allocState * (nat => clientState)) => systemState"
 
       
   161     "sysOfAlloc == %(s,y). (| allocGiv = allocGiv s,
 
       
   162 			      allocAsk = allocAsk s,
 
       
   163 			      allocRel = allocRel s,
 
       
   164 			      client   = y |)"
 
       
   165 
       
   166   sysOfClient :: "((nat => clientState) * allocState ) => systemState"
 
       
   167     "sysOfClient == %(x,y). sysOfAlloc(y,x)"
 
       
   168 
       
   169 
       
   170 locale System =
 
       
   171   fixes 
       
   172     Alloc   :: allocState program
 
       
   173     Client  :: clientState program
 
       
   174     Network :: systemState program
 
       
   175     System  :: systemState program
 
       
   176   
       
   177   assumes
 
       
   178     Alloc   "Alloc   : alloc_spec"
 
       
   179     Client  "Client  : client_spec"
 
       
   180     Network "Network : network_spec"
 
       
   181 
       
   182   defines
 
       
   183     System_def
 
       
   184       "System == (extend sysOfAlloc Alloc)
 
       
   185                  Join
 
       
   186                  (extend sysOfClient (PPI x: lessThan Nclients. Client))
 
       
   187                  Join
 
       
   188                  Network"
 
   143 end
 
   189 end
isabelle