Mercurial Mercurial > repos > isabelle / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc-src/TutorialI/CTL/Base.thy
changeset 10133 e187dacd248f
parent 10123 9469c039ff57
child 10178 aecb5bf6f76f 
--- a/doc-src/TutorialI/CTL/Base.thy	Tue Oct 03 01:15:11 2000 +0200
+++ b/doc-src/TutorialI/CTL/Base.thy	Tue Oct 03 11:26:54 2000 +0200
@@ -16,35 +16,70 @@
 very efficient one. The main proof obligation is to show that the semantics
 and the model checker agree.
 
-Our models are transition systems.
+\underscoreon
 
-START with simple example: mutex or something.
+Our models are \emph{transition systems}, i.e.\ sets of \emph{states} with
+transitions between them, as shown in this simple example:
+\begin{center}
+\unitlength.5mm
+\thicklines
+\begin{picture}(100,60)
+\put(50,50){\circle{20}}
+\put(50,50){\makebox(0,0){$p,q$}}
+\put(61,55){\makebox(0,0)[l]{$s_0$}}
+\put(44,42){\vector(-1,-1){26}}
+\put(16,18){\vector(1,1){26}}
+\put(57,43){\vector(1,-1){26}}
+\put(10,10){\circle{20}}
+\put(10,10){\makebox(0,0){$q,r$}}
+\put(-1,15){\makebox(0,0)[r]{$s_1$}}
+\put(20,10){\vector(1,0){60}}
+\put(90,10){\circle{20}}
+\put(90,10){\makebox(0,0){$r$}}
+\put(98, 5){\line(1,0){10}}
+\put(108, 5){\line(0,1){10}}
+\put(108,15){\vector(-1,0){10}}
+\put(91,21){\makebox(0,0)[bl]{$s_2$}}
+\end{picture}
+\end{center}
+Each state has a unique name or number ($s_0,s_1,s_2$), and in each
+state certain \emph{atomic propositions} ($p,q,r$) are true.
+The aim of temporal logic is to formalize statements such as ``there is no
+transition sequence starting from $s_2$ leading to a state where $p$ or $q$
+are true''.
 
 Abstracting from this concrete example, we assume there is some type of
-atomic propositions
+states
 *}
 
-typedecl atom
+typedecl state
 
 text{*\noindent
-which we merely declare rather than define because it is an implicit parameter of our model.
-Of course it would have been more generic to make @{typ atom} a type parameter of everything
-but fixing @{typ atom} as above reduces clutter.
-
-Instead of introducing both a separate type of states and a function
-telling us which atoms are true in each state we simply identify each
-state with that set of atoms:
-*}
-
-types state = "atom set";
-
-text{*\noindent
-Finally we declare an arbitrary but fixed transition system, i.e.\ relation between states:
+which we merely declare rather than define because it is an implicit
+parameter of our model.  Of course it would have been more generic to make
+@{typ state} a type parameter of everything but fixing @{typ state} as above
+reduces clutter.
+Similarly we declare an arbitrary but fixed transition system, i.e.\
+relation between states:
 *}
 
 consts M :: "(state \<times> state)set";
 
 text{*\noindent
 Again, we could have made @{term M} a parameter of everything.
+Finally we introduce a type of atomic propositions
 *}
+
+typedecl atom
+
+text{*\noindent
+and a \emph{labelling function}
+*}
+
+consts L :: "state \<Rightarrow> atom set"
+
+text{*\noindent
+telling us which atomic propositions are true in each state.
+*}
+
 (*<*)end(*>*)
isabelle