Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/TLA/Memory/Memory.thy
changeset 17309 c43ed29bd197
parent 11703 6e5de8d4290a
child 21624 6f79647cf536
equal deleted inserted replaced
17308:5d9bbc0d9bd3 17309:c43ed29bd197 
     1 (*
 
     1 (*
 
     2     File:        Memory.thy
 
     2     File:        Memory.thy
 
       
     3     ID:          $Id$
 
     3     Author:      Stephan Merz
 
     4     Author:      Stephan Merz
 
     4     Copyright:   1997 University of Munich
 
     5     Copyright:   1997 University of Munich
 
     5 
     6 
     6     Theory Name: Memory
 
     7     Theory Name: Memory
 
     7     Logic Image: TLA
 
     8     Logic Image: TLA
 
     8 
     9 
     9     RPC-Memory example: Memory specification
 
    10     RPC-Memory example: Memory specification
 
    10 *)
 
    11 *)
 
    11 
    12 
    12 Memory = MemoryParameters + ProcedureInterface +
 
    13 theory Memory
 
       
    14 imports MemoryParameters ProcedureInterface
 
       
    15 begin
 
    13 
    16 
    14 types
 
    17 types
 
    15   memChType  = "(memOp, Vals) channel"
 
    18   memChType  = "(memOp, Vals) channel"
 
    16   memType = "(Locs => Vals) stfun"      (* intention: MemLocs => MemVals *)
 
    19   memType = "(Locs => Vals) stfun"      (* intention: MemLocs => MemVals *)
 
    17   resType = "(PrIds => Vals) stfun"
 
    20   resType = "(PrIds => Vals) stfun"
 
    48 
    51 
    49   RSpec      :: "memChType => resType => temporal"
 
    52   RSpec      :: "memChType => resType => temporal"
 
    50   USpec      :: "memChType => temporal"
 
    53   USpec      :: "memChType => temporal"
 
    51 
    54 
    52   (* memory invariant: in the paper, the invariant is hidden in the definition of
 
    55   (* memory invariant: in the paper, the invariant is hidden in the definition of
 
    53      the predicate S used in the implementation proof, but it is easier to verify 
    56      the predicate S used in the implementation proof, but it is easier to verify
 
    54      at this level. *)
 
    57      at this level. *)
 
    55   MemInv    :: "memType => Locs => stpred"
 
    58   MemInv    :: "memType => Locs => stpred"
 
    56 
    59 
    57 rules
 
    60 defs
 
    58   MInit_def         "MInit mm l == PRED mm!l = #InitVal"
 
    61   MInit_def:         "MInit mm l == PRED mm!l = #InitVal"
 
    59   PInit_def         "PInit rs p == PRED rs!p = #NotAResult"
 
    62   PInit_def:         "PInit rs p == PRED rs!p = #NotAResult"
 
    60 
    63 
    61   RdRequest_def     "RdRequest ch p l == PRED
 
    64   RdRequest_def:     "RdRequest ch p l == PRED
 
    62                          Calling ch p & (arg<ch!p> = #(read l))"
 
    65                          Calling ch p & (arg<ch!p> = #(read l))"
 
    63   WrRequest_def     "WrRequest ch p l v == PRED
 
    66   WrRequest_def:     "WrRequest ch p l v == PRED
 
    64                          Calling ch p & (arg<ch!p> = #(write l v))"
 
    67                          Calling ch p & (arg<ch!p> = #(write l v))"
 
    65   (* a read that doesn't raise BadArg *)
 
    68   (* a read that doesn't raise BadArg *)
 
    66   GoodRead_def      "GoodRead mm rs p l == ACT
 
    69   GoodRead_def:      "GoodRead mm rs p l == ACT
 
    67                         #l : #MemLoc & ((rs!p)$ = $(mm!l))"
 
    70                         #l : #MemLoc & ((rs!p)$ = $(mm!l))"
 
    68   (* a read that raises BadArg *)
 
    71   (* a read that raises BadArg *)
 
    69   BadRead_def       "BadRead mm rs p l == ACT
 
    72   BadRead_def:       "BadRead mm rs p l == ACT
 
    70                         #l ~: #MemLoc & ((rs!p)$ = #BadArg)"
 
    73                         #l ~: #MemLoc & ((rs!p)$ = #BadArg)"
 
    71   (* the read action with l visible *)
 
    74   (* the read action with l visible *)
 
    72   ReadInner_def     "ReadInner ch mm rs p l == ACT
 
    75   ReadInner_def:     "ReadInner ch mm rs p l == ACT
 
    73                          $(RdRequest ch p l)
 
    76                          $(RdRequest ch p l)
 
    74                          & (GoodRead mm rs p l  |  BadRead mm rs p l)
 
    77                          & (GoodRead mm rs p l  |  BadRead mm rs p l)
 
    75                          & unchanged (rtrner ch ! p)"
 
    78                          & unchanged (rtrner ch ! p)"
 
    76   (* the read action with l quantified *)
 
    79   (* the read action with l quantified *)
 
    77   Read_def          "Read ch mm rs p == ACT (EX l. ReadInner ch mm rs p l)"
 
    80   Read_def:          "Read ch mm rs p == ACT (EX l. ReadInner ch mm rs p l)"
 
    78 
    81 
    79   (* similar definitions for the write action *)
 
    82   (* similar definitions for the write action *)
 
    80   GoodWrite_def     "GoodWrite mm rs p l v == ACT
 
    83   GoodWrite_def:     "GoodWrite mm rs p l v == ACT
 
    81                         #l : #MemLoc & #v : #MemVal
 
    84                         #l : #MemLoc & #v : #MemVal
 
    82                         & ((mm!l)$ = #v) & ((rs!p)$ = #OK)"
 
    85                         & ((mm!l)$ = #v) & ((rs!p)$ = #OK)"
 
    83   BadWrite_def      "BadWrite mm rs p l v == ACT
 
    86   BadWrite_def:      "BadWrite mm rs p l v == ACT
 
    84                         ~ (#l : #MemLoc & #v : #MemVal)
 
    87                         ~ (#l : #MemLoc & #v : #MemVal)
 
    85                         & ((rs!p)$ = #BadArg) & unchanged (mm!l)"
 
    88                         & ((rs!p)$ = #BadArg) & unchanged (mm!l)"
 
    86   WriteInner_def    "WriteInner ch mm rs p l v == ACT
 
    89   WriteInner_def:    "WriteInner ch mm rs p l v == ACT
 
    87                         $(WrRequest ch p l v)
 
    90                         $(WrRequest ch p l v)
 
    88                         & (GoodWrite mm rs p l v  |  BadWrite mm rs p l v)
 
    91                         & (GoodWrite mm rs p l v  |  BadWrite mm rs p l v)
 
    89                         & unchanged (rtrner ch ! p)"
 
    92                         & unchanged (rtrner ch ! p)"
 
    90   Write_def         "Write ch mm rs p l == ACT (EX v. WriteInner ch mm rs p l v)"
 
    93   Write_def:         "Write ch mm rs p l == ACT (EX v. WriteInner ch mm rs p l v)"
 
    91 
    94 
    92   (* the return action *)
 
    95   (* the return action *)
 
    93   MemReturn_def     "MemReturn ch rs p == ACT
 
    96   MemReturn_def:     "MemReturn ch rs p == ACT
 
    94                        (   ($(rs!p) ~= #NotAResult)
 
    97                        (   ($(rs!p) ~= #NotAResult)
 
    95                         & ((rs!p)$ = #NotAResult)
 
    98                         & ((rs!p)$ = #NotAResult)
 
    96                         & Return ch p (rs!p))"
 
    99                         & Return ch p (rs!p))"
 
    97 
   100 
    98   (* the failure action of the unreliable memory *)
 
   101   (* the failure action of the unreliable memory *)
 
    99   MemFail_def       "MemFail ch rs p == ACT
 
   102   MemFail_def:       "MemFail ch rs p == ACT
 
   100                         $(Calling ch p)
 
   103                         $(Calling ch p)
 
   101                         & ((rs!p)$ = #MemFailure)
 
   104                         & ((rs!p)$ = #MemFailure)
 
   102                         & unchanged (rtrner ch ! p)"
 
   105                         & unchanged (rtrner ch ! p)"
 
   103   (* next-state relations for reliable / unreliable memory *)
 
   106   (* next-state relations for reliable / unreliable memory *)
 
   104   RNext_def         "RNext ch mm rs p == ACT 
   107   RNext_def:         "RNext ch mm rs p == ACT
 
   105                        (  Read ch mm rs p
 
   108                        (  Read ch mm rs p
 
   106                         | (EX l. Write ch mm rs p l)
 
   109                         | (EX l. Write ch mm rs p l)
 
   107                         | MemReturn ch rs p)"
 
   110                         | MemReturn ch rs p)"
 
   108   UNext_def         "UNext ch mm rs p == ACT
 
   111   UNext_def:         "UNext ch mm rs p == ACT
 
   109                         (RNext ch mm rs p | MemFail ch rs p)"
 
   112                         (RNext ch mm rs p | MemFail ch rs p)"
 
   110 
   113 
   111   RPSpec_def        "RPSpec ch mm rs p == TEMP
 
   114   RPSpec_def:        "RPSpec ch mm rs p == TEMP
 
   112                         Init(PInit rs p)
 
   115                         Init(PInit rs p)
 
   113                         & [][ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
 
   116                         & [][ RNext ch mm rs p ]_(rtrner ch ! p, rs!p)
 
   114                         & WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
 
   117                         & WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
 
   115                         & WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
 
   118                         & WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
 
   116   UPSpec_def        "UPSpec ch mm rs p == TEMP
 
   119   UPSpec_def:        "UPSpec ch mm rs p == TEMP
 
   117                         Init(PInit rs p)
 
   120                         Init(PInit rs p)
 
   118                         & [][ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
 
   121                         & [][ UNext ch mm rs p ]_(rtrner ch ! p, rs!p)
 
   119                         & WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
 
   122                         & WF(RNext ch mm rs p)_(rtrner ch ! p, rs!p)
 
   120                         & WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
 
   123                         & WF(MemReturn ch rs p)_(rtrner ch ! p, rs!p)"
 
   121   MSpec_def         "MSpec ch mm rs l == TEMP
 
   124   MSpec_def:         "MSpec ch mm rs l == TEMP
 
   122                         Init(MInit mm l)
 
   125                         Init(MInit mm l)
 
   123                         & [][ EX p. Write ch mm rs p l ]_(mm!l)"
 
   126                         & [][ EX p. Write ch mm rs p l ]_(mm!l)"
 
   124   IRSpec_def        "IRSpec ch mm rs == TEMP
 
   127   IRSpec_def:        "IRSpec ch mm rs == TEMP
 
   125                         (ALL p. RPSpec ch mm rs p)
 
   128                         (ALL p. RPSpec ch mm rs p)
 
   126                         & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
 
   129                         & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
 
   127   IUSpec_def        "IUSpec ch mm rs == TEMP
 
   130   IUSpec_def:        "IUSpec ch mm rs == TEMP
 
   128                         (ALL p. UPSpec ch mm rs p)
 
   131                         (ALL p. UPSpec ch mm rs p)
 
   129                         & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
 
   132                         & (ALL l. #l : #MemLoc --> MSpec ch mm rs l)"
 
   130 
   133 
   131   RSpec_def         "RSpec ch rs == TEMP (EEX mm. IRSpec ch mm rs)"
 
   134   RSpec_def:         "RSpec ch rs == TEMP (EEX mm. IRSpec ch mm rs)"
 
   132   USpec_def         "USpec ch == TEMP (EEX mm rs. IUSpec ch mm rs)"
 
   135   USpec_def:         "USpec ch == TEMP (EEX mm rs. IUSpec ch mm rs)"
 
   133 
   136 
   134   MemInv_def        "MemInv mm l == PRED  #l : #MemLoc --> mm!l : #MemVal"
 
   137   MemInv_def:        "MemInv mm l == PRED  #l : #MemLoc --> mm!l : #MemVal"
 
       
   138 
       
   139 ML {* use_legacy_bindings (the_context ()) *}
 
       
   140 
   135 end
 
   141 end
isabelle