src/HOL/UNITY/Lift.thy
author paulson
Thu Oct 01 18:28:18 1998 +0200 (1998-10-01)
changeset 5596 b29d18d8c4d2
parent 5584 aad639e56d4e
child 5931 325300576da7
permissions -rw-r--r--
abstype of programs
     1 (*  Title:      HOL/UNITY/Lift.thy
     2     ID:         $Id$
     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     4     Copyright   1998  University of Cambridge
     5 
     6 The Lift-Control Example
     7 *)
     8 
     9 Lift = SubstAx +
    10 
    11 record state =
    12   floor :: int		(*current position of the lift*)
    13   open  :: bool		(*whether the door is open at floor*)
    14   stop  :: bool		(*whether the lift is stopped at floor*)
    15   req   :: int set	(*for each floor, whether the lift is requested*)
    16   up    :: bool		(*current direction of movement*)
    17   move  :: bool		(*whether moving takes precedence over opening*)
    18 
    19 consts
    20   Min, Max :: int       (*least and greatest floors*)
    21 
    22 rules
    23   Min_le_Max  "Min <= Max"
    24   
    25 constdefs
    26   
    27   (** Abbreviations: the "always" part **)
    28   
    29   above :: state set
    30     "above == {s. EX i. floor s < i & i <= Max & i : req s}"
    31 
    32   below :: state set
    33     "below == {s. EX i. Min <= i & i < floor s & i : req s}"
    34 
    35   queueing :: state set
    36     "queueing == above Un below"
    37 
    38   goingup :: state set
    39     "goingup   == above Int  ({s. up s}  Un Compl below)"
    40 
    41   goingdown :: state set
    42     "goingdown == below Int ({s. ~ up s} Un Compl above)"
    43 
    44   ready :: state set
    45     "ready == {s. stop s & ~ open s & move s}"
    46 
    47  
    48   (** Further abbreviations **)
    49 
    50   moving :: state set
    51     "moving ==  {s. ~ stop s & ~ open s}"
    52 
    53   stopped :: state set
    54     "stopped == {s. stop s  & ~ open s & ~ move s}"
    55 
    56   opened :: state set
    57     "opened ==  {s. stop s  &  open s  &  move s}"
    58 
    59   closed :: state set  (*but this is the same as ready!!*)
    60     "closed ==  {s. stop s  & ~ open s &  move s}"
    61 
    62   atFloor :: int => state set
    63     "atFloor n ==  {s. floor s = n}"
    64 
    65   Req :: int => state set
    66     "Req n ==  {s. n : req s}"
    67 
    68 
    69   
    70   (** The program **)
    71   
    72   request_act :: "(state*state) set"
    73     "request_act == {(s,s'). s' = s (|stop:=True, move:=False|)
    74 		                  & ~ stop s & floor s : req s}"
    75 
    76   open_act :: "(state*state) set"
    77     "open_act ==
    78          {(s,s'). s' = s (|open :=True,
    79 			   req  := req s - {floor s},
    80 			   move := True|)
    81 		       & stop s & ~ open s & floor s : req s
    82 	               & ~(move s & s: queueing)}"
    83 
    84   close_act :: "(state*state) set"
    85     "close_act == {(s,s'). s' = s (|open := False|) & open s}"
    86 
    87   req_up :: "(state*state) set"
    88     "req_up ==
    89          {(s,s'). s' = s (|stop  :=False,
    90 			   floor := floor s + #1,
    91 			   up    := True|)
    92 		       & s : (ready Int goingup)}"
    93 
    94   req_down :: "(state*state) set"
    95     "req_down ==
    96          {(s,s'). s' = s (|stop  :=False,
    97 			   floor := floor s - #1,
    98 			   up    := False|)
    99 		       & s : (ready Int goingdown)}"
   100 
   101   move_up :: "(state*state) set"
   102     "move_up ==
   103          {(s,s'). s' = s (|floor := floor s + #1|)
   104 		       & ~ stop s & up s & floor s ~: req s}"
   105 
   106   move_down :: "(state*state) set"
   107     "move_down ==
   108          {(s,s'). s' = s (|floor := floor s - #1|)
   109 		       & ~ stop s & ~ up s & floor s ~: req s}"
   110 
   111   button_press  :: "(state*state) set"
   112     "button_press ==
   113          {(s,s'). EX n. s' = s (|req := insert n (req s)|)
   114 		        & Min <= n & n <= Max}"
   115 
   116 
   117   Lprg :: state program
   118     (*for the moment, we OMIT button_press*)
   119     "Lprg == mk_program ({s. floor s = Min & ~ up s & move s & stop s &
   120 		          ~ open s & req s = {}},
   121 			 {request_act, open_act, close_act,
   122 			  req_up, req_down, move_up, move_down})"
   123 
   124 
   125   (** Invariants **)
   126 
   127   bounded :: state set
   128     "bounded == {s. Min <= floor s & floor s <= Max}"
   129 
   130   open_stop :: state set
   131     "open_stop == {s. open s --> stop s}"
   132   
   133   open_move :: state set
   134     "open_move == {s. open s --> move s}"
   135   
   136   stop_floor :: state set
   137     "stop_floor == {s. stop s & ~ move s --> floor s : req s}"
   138   
   139   moving_up :: state set
   140     "moving_up == {s. ~ stop s & up s -->
   141                    (EX f. floor s <= f & f <= Max & f : req s)}"
   142   
   143   moving_down :: state set
   144     "moving_down == {s. ~ stop s & ~ up s -->
   145                      (EX f. Min <= f & f <= floor s & f : req s)}"
   146   
   147   metric :: [int,state] => int
   148     "metric ==
   149        %n s. if floor s < n then (if up s then n - floor s
   150 			          else (floor s - Min) + (n-Min))
   151              else
   152              if n < floor s then (if up s then (Max - floor s) + (Max-n)
   153 		                  else floor s - n)
   154              else #0"
   155 
   156 locale floor =
   157   fixes 
   158     n	:: int
   159   assumes
   160     Min_le_n    "Min <= n"
   161     n_le_Max    "n <= Max"
   162   defines
   163 
   164 end