Implementation.thy
author Christian Urban <urbanc@in.tum.de>
Wed, 02 Jan 2019 21:09:05 +0000
changeset 208 a5afc26b1d62
parent 197 ca4ddf26a7c7
permissions -rw-r--r--
final version
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
107
30ed212f268a updated Correctness, Implementation and PIPBasics so that they work with Isabelle 2014 and 2015
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 106
diff changeset
     1
theory Implementation
30ed212f268a updated Correctness, Implementation and PIPBasics so that they work with Isabelle 2014 and 2015
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 106
diff changeset
     2
imports PIPBasics
30ed212f268a updated Correctness, Implementation and PIPBasics so that they work with Isabelle 2014 and 2015
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 106
diff changeset
     3
begin
30ed212f268a updated Correctness, Implementation and PIPBasics so that they work with Isabelle 2014 and 2015
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 106
diff changeset
     4
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
     5
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
     6
(*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
     7
  The use of dependants has been abandoned. Through a series of lemma 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
     8
  named xxx_alt_def, lemma originally expressed using dependants 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
     9
  is now expressed in terms of RAG, tRAG and tG.
179
f9e6c4166476 updated
Christian Urban <urbanc@in.tum.de>
parents: 178
diff changeset
    10
*)                                            
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    11
127
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    12
text {*
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    13
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    14
  This file contains lemmas used to guide the recalculation of current
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    15
  precedence after every step of execution (or system operation, or event),
117
8a6125caead2 Slight changes in commenting.
zhangx
parents: 116
diff changeset
    16
  which is the most tricky part in the implementation of PIP.
8a6125caead2 Slight changes in commenting.
zhangx
parents: 116
diff changeset
    17
127
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    18
  Following convention, lemmas are grouped into locales corresponding to
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    19
  system operations, each explained in a separate section. To understand the relevant 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    20
  materials, one needs some acquaintance with locales, which are 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    21
  used to as contexts for lemmas to situate, where lemmas with the same assumptions
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    22
  are grouped under the same locale.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    23
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    24
  Locale @{text "valid_trace s"} assumes that @{text "s"} is a valid trace (or state)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    25
  of PIP. Lemmas talking about general properties of valid states can be put under this 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    26
  locale. The locale @{text "valid_trace_e s e"} is an extension of @{text valid_trace}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    27
  by introducing an event @{text e} and assuming @{text "e#s"} is also valid state. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    28
  The purpose of @{text valid_trace_e} is to set a context to investigate 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    29
  one step execution of PIP, where @{text e} is a fixed but arbitrary
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    30
  action legitimate to happen under state @{text "s"}. General Properties about 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    31
  one step action of PIP are grouped under this locale.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    32
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    33
  @{text "valid_trace_e"} is further extended to accommodate specific actions. For example,
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    34
  @{text "valid_trace_create s e th prio"} further assumes that the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    35
  @{text "e"} action is @{text "Create th prio"}, and 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    36
  @{text "valid_trace_p s e th cs"} assumes that @{text "e"} is @{text "P th cs"}, etc.
117
8a6125caead2 Slight changes in commenting.
zhangx
parents: 116
diff changeset
    37
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    38
  Since the recalculation of current precedence happens only when certain actions 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    39
  are taken, it is natural to put the lemmas about recalculation under the respective 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    40
  locales. In the following, each section corresponds one particular action of PIP, which,
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    41
  in turn, is developed under the locale corresponding to the specific action.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    42
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    43
  By @{text cp_alt_def3}, the @{text cp}-value of one thread @{text th} is determined 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    44
  uniquely by static precedences of threads in its @{text "RAG"}-subtree 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    45
  (or @{text tRAG}-subtree, @{text "tG"}-subtree). Because of this, the decision where 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    46
  recalculation is needed is based on the change of @{text RAG} (@{text tRAG} or @{text tG})
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    47
  as well the precedence of threads. Since most of PIP actions (except the @{text Set}-operation) 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    48
  only changes the formation of @{text RAG}, therefore, for non-@{text Set} operations,
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    49
  if the change of @{text RAG} does not affect the subtree
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    50
  of one thread, its @{text cp}-value may not change. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    51
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    52
  In the following, the section corresponding to non-@{text Set} operations 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    53
  usually contain lemmas showing the subtrees of certain kind of threads are 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    54
  not changed. The proof of such lemmas is obvious based on the lemmas about the
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    55
  change of @{text RAG}, which have already been derived in theory @{text PIPBasics}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    56
  all under the name @{text "RAG_es"} in the locale corresponding to different PIP 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    57
  operations.
117
8a6125caead2 Slight changes in commenting.
zhangx
parents: 116
diff changeset
    58
*}
116
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
    59
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    60
section {* The local recalculation principle for @{text cp}-value *}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    61
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    62
definition "cprecs Ths s = cp s ` Ths"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    63
116
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
    64
context valid_trace
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
    65
begin
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
    66
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    67
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    68
  To minimize the cost of the recalculation, we derived the following localized alternative 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    69
  definition of @{term cp}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    70
*}
116
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
    71
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    72
lemma cp_rec_tG:
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
    73
  "cp s th = Max (preceds {th} s \<union> cprecs (children (tG s) th) s)"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    74
proof -
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    75
  have [simp]: "(cp s \<circ> the_thread \<circ> Th) = cp s" by (rule ext, simp)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    76
  have [simp]: "(cp s \<circ> the_thread) ` children (tRAG s) (Th th) = 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    77
                cp s ` children (tG s) th"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    78
                  apply (unfold tRAG_def_tG) 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    79
                  apply (subst fmap_children)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    80
                  apply (rule injI, simp)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    81
                  by (unfold image_comp, simp)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    82
  have [simp]: "preceds {th} s = {the_preced s th}"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    83
    by (unfold the_preced_def, simp)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    84
  show ?thesis 
197
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
    85
    unfolding cprecs_def
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
    86
    apply(subst cp_rec)
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
    87
    apply(simp add: the_preced_def)  
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
    88
    done
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
    89
      
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    90
qed    
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    91
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    92
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    93
  According to this lemma, @{text cp}-value of one thread can be calculated by calling recursively 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    94
  the @{text cp} function on its @{text tG}-children. However, one thing to be noted is that
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    95
  the lemma also means the recursive call needs not to descend into lower levels if the
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    96
  @{text "cp"}-value of one child is not changed. In this way, the recalculation can be {\em localized}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    97
  to those thread with changed @{text cp}-value. This is the reason why this lemma
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    98
  is called a {\em localized lemma}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
    99
*}
116
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
   100
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
   101
end
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
   102
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   103
section {* The @{term Set} operation *}
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   104
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   105
context valid_trace_set
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   106
begin
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   107
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   108
find_theorems RAG "(e#s)" "_ = _"
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   109
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   110
text {* (* ddd *)
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   111
  The following two lemmas confirm that @{text "Set"}-operation
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   112
  only changes the precedence of the initiating thread (or actor)
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   113
  of the operation (or event).
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   114
*}
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   115
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   116
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   117
lemma eq_preced:
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   118
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   119
  shows "preced th' (e#s) = preced th' s"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   120
proof -
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   121
  from assms show ?thesis 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   122
    by (unfold is_set, auto simp:preced_def)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   123
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   124
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   125
lemma eq_the_preced: 
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   126
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   127
  shows "the_preced (e#s) th' = the_preced s th'"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   128
  using assms
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   129
  by (unfold the_preced_def, intro eq_preced, simp)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   130
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   131
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   132
text {* (* ddd *)
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   133
  According to @{thm RAG_es}, the @{text RAG} is not changed by @{text Set}-operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   134
  Moreover, because @{text th} is the only thread with precedence changed by @{text Set}, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   135
  for any subtree, if it does not contain @{text th}, there will be no precedence change inside
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   136
  the subtree, which means the @{text cp}-value of the root thread is not changed. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   137
  This means that the @{text "cp"}-value of one thread needs to be recalculated only
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   138
  when the subtree rooted by the threads contains @{text "th"}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   139
 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   140
  This argument is encapsulated in the following lemma:
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   141
*}
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   142
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   143
lemma eq_cp_pre:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   144
  assumes nd: "Th th \<notin> subtree (RAG s) (Th th')"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   145
  shows "cp (e#s) th' = cp s th'"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   146
proof -
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   147
  -- {* After unfolding using the alternative definition, elements 
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   148
        affecting the @{term "cp"}-value of threads become explicit. 
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   149
        We only need to prove the following: *}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   150
  have "Max (the_preced (e#s) ` {th'a. Th th'a \<in> subtree (RAG (e#s)) (Th th')}) =
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   151
        Max (the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')})"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   152
        (is "Max (?f ` ?S1) = Max (?g ` ?S2)")
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   153
  proof -
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   154
    -- {* The base sets are equal. *}
113
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   155
    have "?S1 = ?S2" using RAG_es by simp
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   156
    -- {* The function values on the base set are equal as well. *}
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   157
    moreover have "\<forall> e \<in> ?S2. ?f e = ?g e"
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   158
    proof
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   159
      fix th1
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   160
      assume "th1 \<in> ?S2"
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   161
      with nd have "th1 \<noteq> th" by (auto)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   162
      from eq_the_preced[OF this]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   163
      show "the_preced (e#s) th1 = the_preced s th1" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   164
    qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   165
    -- {* Therefore, the image of the functions are equal. *}
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   166
    ultimately have "(?f ` ?S1) = (?g ` ?S2)" by (auto intro!:f_image_eq)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   167
    thus ?thesis by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   168
  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   169
  thus ?thesis by (simp add:cp_alt_def)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   170
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   171
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   172
text {*
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   173
  However, the following lemma shows that @{term "th"} is not in the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   174
  subtree of any thread except itself. 
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   175
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   176
lemma th_in_no_subtree:
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   177
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   178
  shows "Th th \<notin> subtree (RAG s) (Th th')"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   179
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   180
  from readys_in_no_subtree[OF th_ready_s assms(1)]
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   181
  show ?thesis by blast
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   182
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   183
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   184
text {* 
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   185
  Combining the above two lemmas, it is concluded that the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   186
  recalculation of @{text "cp"}-value is needed only on @{text th}.
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   187
*}
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   188
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   189
lemma eq_cp:
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   190
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   191
  shows "cp (e#s) th' = cp s th'"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   192
  by (rule eq_cp_pre[OF th_in_no_subtree[OF assms]])
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   193
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   194
text {* 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   195
  Under the local recalculation principle @{thm cp_rec_tG}, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   196
  @{thm eq_cp} also means the recalculation of @{text cp} for @{text th}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   197
  can be done locally by inspecting only @{text th} and its children.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   198
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   199
56
0fd478e14e87 Before switching to generic theory of relational trees.
xingyuan zhang <xingyuanzhang@126.com>
parents: 55
diff changeset
   200
end
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   201
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   202
section {* The @{term V} operation *}
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   203
56
0fd478e14e87 Before switching to generic theory of relational trees.
xingyuan zhang <xingyuanzhang@126.com>
parents: 55
diff changeset
   204
text {*
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   205
  The following locale @{text "valid_trace_v"} is the locale for @{text "V"}-operation in 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   206
  general. The recalculation of @{text cp}-value needs to consider two more sub-case, each
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   207
  encapsulated into a sub-locale of @{text "valid_trace_v"}. But first, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   208
  some general properties about the @{text V}-operation are derived:
55
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   209
*}
b85cfbd58f59 Comments for Set-operation finished
xingyuan zhang <xingyuanzhang@126.com>
parents: 53
diff changeset
   210
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   211
context valid_trace_v
61
f8194fd6214f CpsG.thy has been cleaned up.
zhangx
parents: 60
diff changeset
   212
begin
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   213
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   214
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   215
  Because @{text th} is running in state @{text s}, it does not in waiting of 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   216
  any resource, therefore, it has no ancestor in @{text "RAG s"}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   217
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   218
lemma ancestors_th: "ancestors (RAG s) (Th th) = {}"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   219
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   220
  from readys_root[OF th_ready_s]
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   221
  show ?thesis
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   222
  by (unfold root_def, simp)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   223
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   224
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   225
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   226
  Since @{text th} is holding @{text cs} (the resource to be released by this @{text V}-operation),
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   227
  the edge @{text "(Cs cs, Th th)"} represents this fact.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   228
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   229
lemma edge_of_th:
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   230
    "(Cs cs, Th th) \<in> RAG s" 
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   231
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   232
 from holding_th_cs_s
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   233
 show ?thesis 
130
0f124691c191 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 127
diff changeset
   234
    by (unfold s_RAG_def s_holding_abv, auto)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   235
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   236
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   237
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   238
  Since @{text cs} is held by @{text th} which has no ancestors, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   239
  @{text th} is the only ancestor of @{text cs}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   240
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   241
lemma ancestors_cs: 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   242
  "ancestors (RAG s) (Cs cs) = {Th th}"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   243
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   244
  have "ancestors (RAG s) (Cs cs) = ancestors (RAG s) (Th th)  \<union>  {Th th}"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   245
   by (rule forest_RAG.ancestors_accum[OF edge_of_th])
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   246
  from this[unfolded ancestors_th] show ?thesis by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   247
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   248
56
0fd478e14e87 Before switching to generic theory of relational trees.
xingyuan zhang <xingyuanzhang@126.com>
parents: 55
diff changeset
   249
text {*
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   250
  As already said, all operations except @{text Set} may change precedence. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   251
  The following lemma confirms this fact of the @{text V}-operation:
56
0fd478e14e87 Before switching to generic theory of relational trees.
xingyuan zhang <xingyuanzhang@126.com>
parents: 55
diff changeset
   252
*}
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   253
lemma 
113
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   254
  the_preced_es: "the_preced (e#s) = the_preced s"
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   255
proof
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   256
  fix th'
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   257
  show "the_preced (e # s) th' = the_preced s th'"
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   258
    by (unfold the_preced_def preced_def is_v, simp)
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   259
qed
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   260
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   261
end
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   262
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   263
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   264
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   265
  The following sub-locale @{text "valid_trace_v_n"} 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   266
  deals with one of the sub-cases of @{text V}, which corresponds to the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   267
  situation where there is another thread @{text "taker"}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   268
  to take over the release resource @{text cs}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   269
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   270
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   271
context valid_trace_v_n
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   272
begin
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   273
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   274
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   275
  The following lemma shows the two edges in @{text "RAG s"} which 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   276
  links @{text cs} with @{text taker} and @{text th} to form a chain. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   277
  The existence of this chain set the stage for the @{text V}-operation 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   278
  in question to happen.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   279
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   280
lemma sub_RAGs': 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   281
  "{(Cs cs, Th th), (Th taker, Cs cs)} \<subseteq> RAG s"
116
a7441db6f4e1 PIPBasics.thy is tidied up now.
zhangx
parents: 115
diff changeset
   282
  using waiting_taker holding_th_cs_s
130
0f124691c191 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 127
diff changeset
   283
  by (unfold s_RAG_def, fold s_waiting_abv s_holding_abv, auto)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   284
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   285
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   286
  The following lemma shows that @{text taker} has only two the ancestors.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   287
  The reason for this is very simple: The chain starting from @{text taker}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   288
  stops at @{text th}, which, as shown by @{thm ancestors_th}, has no ancestor. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   289
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   290
lemma ancestors_th': 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   291
  "ancestors (RAG s) (Th taker) = {Th th, Cs cs}" 
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   292
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   293
  have "ancestors (RAG s) (Th taker) = ancestors (RAG s) (Cs cs) \<union> {Cs cs}"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   294
  proof(rule  forest_RAG.ancestors_accum)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   295
    from sub_RAGs' show "(Th taker, Cs cs) \<in> RAG s" by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   296
  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   297
  thus ?thesis using ancestors_th ancestors_cs by auto
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   298
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   299
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   300
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   301
  By composing several existing results, the following lemma
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   302
  make clear the change of @{text RAG} where there is a 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   303
  @{text taker} to take over the resource @{text cs}. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   304
  More specifically, the lemma says the change of @{text RAG}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   305
  is by first removing the chain linking @{text taker}, @{text cs} and 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   306
  @{text th} and then adding in one edge from @{text cs} to @{text taker}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   307
  The added edge represents acquisition of @{text cs} by @{text taker}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   308
*}
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   309
35
92f61f6a0fe7 added a bit more text to the paper and separated a theory about Max
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 33
diff changeset
   310
lemma RAG_s:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   311
  "RAG (e#s) = (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) \<union>
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   312
                                         {(Cs cs, Th taker)}"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   313
 by (unfold RAG_es waiting_set_eq holding_set_eq, auto)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   314
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   315
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   316
  The above lemma @{thm RAG_s} shows the effect of the @{text V}-operation
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   317
  on @{text RAG} is the removal of two edges followed by the addition of 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   318
  one edge. Based on this, the following lemma will show that 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   319
  the sub-trees of threads other than @{text th} and @{text taker} are unchanged.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   320
  The intuition behind this is rather simple: the edges added and removed are not
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   321
  in these sub-trees. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   322
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   323
  Formally, an edge is said to be outside of a sub-tree if its
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   324
  end point is. Note that when a set of edges are represented as a binary relation, the
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   325
  set of their end points is essentially range of the relation (formally defined 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   326
  as @{term Range}). Therefore, a set of edges (represented as a relation) 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   327
  are outside of a sub-tree if its @{text Range}-set does not intersect 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   328
  with the sub-tree.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   329
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   330
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   331
lemma subtree_kept: (* ddd *)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   332
  assumes "th1 \<notin> {th, taker}"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   333
  shows "subtree (RAG (e#s)) (Th th1) = 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   334
                     subtree (RAG s) (Th th1)" (is "_ = ?R")
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   335
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   336
  let ?RAG' = "(RAG s - {(Cs cs, Th th), (Th taker, Cs cs)})"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   337
  let ?RAG'' = "?RAG' \<union> {(Cs cs, Th taker)}"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   338
  -- {* The first step is to show the deletion of edges does not change the sub-tree *}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   339
  have "subtree ?RAG' (Th th1) = ?R" 
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   340
  proof(rule subset_del_subtree_outside)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   341
    show "Range {(Cs cs, Th th), (Th taker, Cs cs)} \<inter> subtree (RAG s) (Th th1) = {}"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   342
    proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   343
      have "(Th th) \<notin> subtree (RAG s) (Th th1)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   344
      proof(rule subtree_refute)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   345
        show "Th th1 \<notin> ancestors (RAG s) (Th th)"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   346
            by (unfold ancestors_th, simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   347
      next
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   348
        from assms show "Th th1 \<noteq> Th th" by simp
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   349
      qed
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   350
      moreover have "(Cs cs) \<notin>  subtree (RAG s) (Th th1)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   351
      proof(rule subtree_refute)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   352
        show "Th th1 \<notin> ancestors (RAG s) (Cs cs)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   353
          by (unfold ancestors_cs, insert assms, auto)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   354
      qed simp
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   355
      ultimately have "{Th th, Cs cs} \<inter> subtree (RAG s) (Th th1) = {}" by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   356
      thus ?thesis by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   357
     qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   358
  qed
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   359
  -- {* The second step is to show the addition of edges does not change the sub-tree *}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   360
  moreover have "subtree ?RAG'' (Th th1) =  subtree ?RAG' (Th th1)"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   361
  proof(rule subset_insert_subtree_outside)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   362
    show "Range {(Cs cs, Th taker)} \<inter> 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   363
          subtree (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) (Th th1) = {}"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   364
    proof -
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   365
     have "Th taker \<notin> subtree (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) (Th th1)"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   366
     proof(rule subtree_refute)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   367
        show "Th th1 \<notin> ancestors (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) (Th taker)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   368
            (is "_ \<notin> ?R")
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   369
        proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   370
          have "?R \<subseteq> ancestors (RAG s) (Th taker)" by (rule ancestors_mono, auto)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   371
          moreover have "Th th1 \<notin> ..." using ancestors_th' assms by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   372
          ultimately show ?thesis by auto
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   373
        qed
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   374
     next
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   375
        from assms show "Th th1 \<noteq> Th taker" by simp
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   376
     qed
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   377
     thus ?thesis by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   378
    qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   379
  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   380
  ultimately show ?thesis by (unfold RAG_s, simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   381
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   382
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   383
text {* 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   384
  The following lemma shows threads not involved in the @{text V}-operation (i.e.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   385
  threads other than @{text th} and @{text taker}) do not need to do any @{text cp}-recalculation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   386
  The reason is simple: according to @{thm subtree_kept}, the sub-trees of such threads 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   387
  are not changed , additionally, since the @{text V}-operation does not change any precedence, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   388
  the @{text "cp"}-value of such threads are not changed.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   389
*}
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   390
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   391
lemma cp_kept:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   392
  assumes "th1 \<notin> {th, taker}"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   393
  shows "cp (e#s) th1 = cp s th1"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   394
    by (unfold cp_alt_def the_preced_es subtree_kept[OF assms], simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   395
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   396
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   397
  Lemma @{thm cp_kept} also means @{text cp}-recalculation is needed only for
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   398
  @{text th} and @{text taker}. The following lemmas are to ensure that
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   399
  the recalculation can done locally using {\em local recalculation principle}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   400
  Since @{text taker} and @{text th} are the only threads with changed @{text cp}-values
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   401
  and neither one can not be a child of the other, it can be concluded that 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   402
  neither of these two threads has children with changed @{text cp}-value.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   403
  It means the recursive calls in @{thm cp_rec_tG} will not descend when recalculating 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   404
  the @{text cp}-values for @{text th} and @{text taker}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   405
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   406
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   407
lemma "taker \<notin> children (tG (e#s)) th"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   408
  by (metis children_subtree empty_iff in_mono neq_taker_th root_def set_mp
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   409
          subtree_ancestorsI taker_ready_es vat_es.root_readys_tG)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   410
  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   411
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   412
lemma "th \<notin> children (tG (e#s)) taker"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   413
  by (metis children_subtree empty_iff  neq_taker_th root_def 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   414
         subsetD subtree_ancestorsI th_ready_es vat_es.root_readys_tG)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   415
  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   416
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   417
end
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   418
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   419
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   420
  The following locale @{text valid_trace_v_e} deals with the second sub-case 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   421
  of @{text V}-operation, where there is no thread to take over the release 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   422
  resource @{text cs}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   423
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   424
context valid_trace_v_e
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   425
begin
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   426
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   427
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   428
  Since no thread to take over @{text cs}, only the edge representing 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   429
  the holding of @{text cs} by @{text th} needs to be removed:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   430
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   431
lemma RAG_s: "RAG (e#s) = RAG s - {(Cs cs, Th th)}"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   432
  by (unfold RAG_es waiting_set_eq holding_set_eq, simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   433
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   434
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   435
  Since @{text th} has no ancestors, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   436
  the removal of the holding edge only affects the sub-tree of @{text th}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   437
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   438
lemma subtree_kept:
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   439
  assumes "th1 \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   440
  shows "subtree (RAG (e#s)) (Th th1) = subtree (RAG s) (Th th1)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   441
proof(unfold RAG_s, rule subset_del_subtree_outside)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   442
  show "Range {(Cs cs, Th th)} \<inter> subtree (RAG s) (Th th1) = {}"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   443
  proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   444
    have "(Th th) \<notin> subtree (RAG s) (Th th1)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   445
    proof(rule subtree_refute)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   446
      show "Th th1 \<notin> ancestors (RAG s) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   447
          by (unfold ancestors_th, simp)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   448
    next
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   449
      from assms show "Th th1 \<noteq> Th th" by simp
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   450
    qed
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   451
    thus ?thesis by auto
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   452
  qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   453
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   454
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   455
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   456
  From lemma @{thm subtree_kept} and the fact that no precedence are changed, it 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   457
  can be derived the @{text cp}-values of all threads (except @{text th})
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   458
  are not changed and therefore need no recalculation:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   459
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   460
lemma cp_kept_1:
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   461
  assumes "th1 \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   462
  shows "cp (e#s) th1 = cp s th1"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   463
    by (unfold cp_alt_def the_preced_es subtree_kept[OF assms], simp)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   464
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   465
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   466
  The next several lemmas try to show that even the @{text cp}-value of 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   467
  @{text th} needs not be recalculated.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   468
 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   469
  Although the @{text V}-operation detaches the sub-tree of @{text cs}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   470
  from the sub-tree of @{text th}, the @{text cp}-value of @{text th} 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   471
  is not affected. The reason is given by the following lemma @{text subtree_cs}, which
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   472
  says that the sub-tree of @{text cs} contains only itself. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   473
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   474
  According to @{text subtree_cs}, the detached sub-tree contains no thread node and
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   475
  therefore makes no contribution to the @{text cp}-value of @{text th}, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   476
  so its removal does not affect the @{text cp}-value neither, as confirmed 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   477
  by the lemma @{text cp_kept_2}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   478
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   479
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   480
lemma subtree_cs: "subtree (RAG s) (Cs cs) = {Cs cs}"
108
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   481
  (is "?L = ?R")
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   482
proof -
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   483
  { fix n
108
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   484
    assume "n \<in> ?L"
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   485
    hence "n \<in> ?R"
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   486
    proof(cases rule:subtreeE)
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   487
      case 2
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   488
      from this(2) have "(n, Cs cs) \<in> (RAG s)^+"
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   489
        by (auto simp:ancestors_def)
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   490
      from tranclD2[OF this]
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   491
      obtain th' where "waiting s th' cs"
130
0f124691c191 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 127
diff changeset
   492
        by (auto simp:s_RAG_def s_waiting_abv)
108
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   493
      with no_waiter_before 
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   494
      show ?thesis by simp
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   495
    qed simp
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   496
  } moreover {
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   497
    fix n
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   498
    assume "n \<in> ?R"
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   499
    hence "n \<in> ?L" by (auto simp:subtree_def)
b769f43deb30 Several redundant lemmas removed.
zhangx
parents: 107
diff changeset
   500
  } ultimately show ?thesis by auto
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   501
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   502
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   503
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   504
  The following @{text "subtree_th"} is just a technical lemma.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   505
*}
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   506
lemma subtree_th: 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   507
  "subtree (RAG (e#s)) (Th th) = subtree (RAG s) (Th th) - {Cs cs}"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   508
proof(unfold RAG_s, fold subtree_cs, rule forest_RAG.subtree_del_inside)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   509
  from edge_of_th
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   510
  show "(Cs cs, Th th) \<in> edges_in (RAG s) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   511
    by (unfold edges_in_def, auto simp:subtree_def)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   512
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   513
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   514
lemma cp_kept_2: 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   515
  shows "cp (e#s) th = cp s th" 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   516
 by (unfold cp_alt_def subtree_th the_preced_es, auto)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   517
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   518
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   519
  By combining @{thm cp_kept_1} and @{thm cp_kept_2}, it is shown that no @{text cp}-recalculation 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   520
  is needed at all for this sub-case of @{text V}-operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   521
*}
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   522
lemma eq_cp_pre:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   523
  shows "cp (e#s) th' = cp s th'"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   524
  using cp_kept_1 cp_kept_2
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   525
  by (cases "th' = th", auto)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   526
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   527
lemma eq_cp: 
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   528
  shows "cp (e#s) = cp s"
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   529
  by (rule ext, unfold eq_cp_pre, simp)
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   530
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   531
end
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   532
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   533
section {* The @{term P} operation *} 
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   534
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   535
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   536
  Like @{text V}-operation, the treatment of @{text P}-operation is also divided into
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   537
  tow sub-cases. If the requested resource is available, it is dealt with in
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   538
  sub-locale @{text valid_trace_p_h}, otherwise, it is dealt with 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   539
  in sub-locale @{text valid_trace_p_w}. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   540
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   541
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   542
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   543
  But first, the following base locale @{text valid_trace_p} contains
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   544
  some general properties of the @{text P}-operation:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   545
*}
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   546
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   547
context valid_trace_p
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   548
begin
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   549
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   550
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   551
  The following lemma shows that @{text th} is a root in the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   552
  @{text RAG} graph, which means @{text th} has no ancestors in the graph.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   553
  The reason is that: since @{text th} is in running state, it is 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   554
  in ready state, which means it is not waiting for any resource, therefore, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   555
  it has no outbound edge.  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   556
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   557
lemma root_th: "root (RAG s) (Th th)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   558
  by (simp add: ready_th_s readys_root)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   559
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   560
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   561
  For the same reason as @{thm root_th}, @{text th} is not in 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   562
  the sub-tree of any thread other than @{text th}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   563
*}
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   564
lemma in_no_others_subtree:
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   565
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   566
  shows "Th th \<notin> subtree (RAG s) (Th th')"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   567
proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   568
  assume "Th th \<in> subtree (RAG s) (Th th')"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   569
  thus False
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   570
  proof(cases rule:subtreeE)
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   571
    case 1
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   572
    with assms show ?thesis by auto
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   573
  next
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   574
    case 2
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   575
    with root_th show ?thesis by (auto simp:root_def)
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   576
  qed
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   577
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   578
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   579
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   580
  The following lemma confirms that the @{text P}-operation does not 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   581
  affect the precedence of any thread. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   582
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   583
lemma preced_kept: "the_preced (e#s) = the_preced s"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   584
proof
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   585
  fix th'
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   586
  show "the_preced (e # s) th' = the_preced s th'"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   587
    by (unfold the_preced_def is_p preced_def, simp)
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   588
qed
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   589
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   590
end
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   591
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   592
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   593
  The following locale @{text valid_trace_p_h} deals with the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   594
  sub-case of @{text P}-operation when the requested @{text cs}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   595
  is available and @{text th} gets hold of it instantaneously with 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   596
  the @{text P}-operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   597
*}
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   598
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   599
context valid_trace_p_h
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   600
begin
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   601
       
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   602
text {*
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   603
  It can be shown that the @{text tG} is not changed by 
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   604
  the @{text P}-action. The reason is that the edge added to @{text RAG}
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   605
  by the @{text P}-action, namely @{text "(Cs cs, Th th)"},
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   606
  does not bring any new thread into graph @{text tG}, because 
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   607
  the node of @{text cs} is isolated from the original @{text RAG}.
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   608
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   609
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   610
thm RAG_es
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   611
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   612
lemma tG_es: "tG (e # s) = tG s"
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   613
proof -
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   614
  have [simp]: "\<And> th1. (Th th1, Cs cs) \<notin> RAG s"
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   615
    by (metis in_RAG_E no_holder node.simps(4) the_cs.simps waiting_holding)
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   616
  show ?thesis
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   617
    apply (unfold tG_def_tRAG tRAG_alt_def RAG_es)
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   618
    by (auto)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   619
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   620
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   621
text {*
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   622
  Since both @{text tG} and precedences are not changed, it is easy
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   623
  to show that all @{text cp}-value are not changed, therefore, 
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   624
  no @{text cp}-recalculation is needed:
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   625
*}
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   626
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   627
lemma cp_kept: "cp (e#s) = cp s"
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
   628
  by (rule ext, simp add: cp_alt_def2 preced_kept tG_es)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   629
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   630
end
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   631
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   632
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   633
  The following locale @{text valid_trace_p_w} corresponds to 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   634
  the case when the requested resource @{text cs} is not available and
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   635
  thread @{text th} is blocked.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   636
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   637
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   638
context valid_trace_p_w
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   639
begin
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   640
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   641
lemma cs_held: "(Cs cs, Th holder) \<in> RAG s"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   642
  using holding_s_holder
130
0f124691c191 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 127
diff changeset
   643
  by (unfold s_RAG_def, fold s_holding_abv, auto)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   644
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   645
lemma tRAG_s: 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   646
  "tRAG (e#s) = tRAG s \<union> {(Th th, Th holder)}"
113
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   647
  using RAG_tRAG_transfer[OF RAG_es cs_held] .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   648
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   649
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   650
lemma tG_ancestors_tRAG_refute:
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   651
  assumes "th'' \<notin> ancestors (tG (e#s)) th"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   652
  shows "Th th'' \<notin> ancestors (tRAG (e#s)) (Th th)"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   653
  using assms using node.inject(1) tRAG_ancestorsE_tG by force 
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   654
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   655
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   656
  The following lemma shows only the ancestors of @{text th} (the initiating 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   657
  thread of the @{text P}-operation) may possibly 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   658
  need a @{text cp}-recalculation. All other threads (including @{text th} itself)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   659
  do not need @{text cp}-recalculation. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   660
*}
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   661
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   662
lemma cp_kept:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   663
  assumes "Th th'' \<notin> ancestors (tRAG (e#s)) (Th th)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   664
  shows "cp (e#s) th'' = cp s th''"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   665
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   666
  have h: "subtree (tRAG (e#s)) (Th th'') = subtree (tRAG s) (Th th'')"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   667
  proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   668
    have "Th holder \<notin> subtree (tRAG s) (Th th'')"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   669
    proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   670
      assume "Th holder \<in> subtree (tRAG s) (Th th'')"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   671
      thus False
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   672
      proof(rule subtreeE)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   673
         assume "Th holder = Th th''"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   674
         from assms[unfolded tRAG_s ancestors_def, folded this]
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   675
         show ?thesis by auto
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   676
      next
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   677
         assume "Th th'' \<in> ancestors (tRAG s) (Th holder)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   678
         moreover have "... \<subseteq> ancestors (tRAG (e#s)) (Th holder)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   679
         proof(rule ancestors_mono)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   680
            show "tRAG s \<subseteq> tRAG (e#s)" by (unfold tRAG_s, auto)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   681
         qed 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   682
         ultimately have "Th th'' \<in> ancestors (tRAG (e#s)) (Th holder)" by auto
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   683
         moreover have "Th holder \<in> ancestors (tRAG (e#s)) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   684
           by (unfold tRAG_s, auto simp:ancestors_def)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   685
         ultimately have "Th th'' \<in> ancestors (tRAG (e#s)) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   686
                       by (auto simp:ancestors_def)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   687
         with assms show ?thesis by auto
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   688
      qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   689
    qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   690
    from subtree_insert_next[OF this]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   691
    have "subtree (tRAG s \<union> {(Th th, Th holder)}) (Th th'') = subtree (tRAG s) (Th th'')" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   692
    from this[folded tRAG_s] show ?thesis .
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   693
  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   694
  show ?thesis by (unfold cp_alt_def1 h preced_kept, simp)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   695
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   696
190
312497c6d6b9 updated
Christian Urban <urbanc@in.tum.de>
parents: 189
diff changeset
   697
lemma cp_kept_tG: (* aaa *)
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   698
  assumes "th'' \<notin> ancestors (tG (e#s)) th"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   699
  shows "cp (e#s) th'' = cp s th''"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   700
  using cp_kept tG_ancestors_tRAG_refute assms
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   701
  by blast
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   702
  
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   703
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   704
  Lemma @{thm cp_kept} means that the @{text cp}-recalculation starts from the parent of @{text th},
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   705
  going upwards along the chain of ancestors until one root (which is a thread 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   706
  in ready queue) is reached. Actually, recalculation can terminate earlier, as 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   707
  confirmed by the following two lemmas. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   708
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   709
  The first lemma @{text cp_gen_update_stop} is a technical lemma used to
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   710
  prove the lemma that follows.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   711
*}
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   712
lemma cp_gen_update_stop: (* ddd *)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   713
  assumes "u \<in> ancestors (tRAG (e#s)) (Th th)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   714
  and "cp_gen (e#s) u = cp_gen s u"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   715
  and "y \<in> ancestors (tRAG (e#s)) u"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   716
  shows "cp_gen (e#s) y = cp_gen s y"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   717
  using assms(3)
102
3a801bbd2687 Reorganizing PIPBasics.thy and making small changes to Implementation.thy and Correctness.thy.
zhangx
parents: 93
diff changeset
   718
proof(induct rule:wf_induct[OF vat_es.fsbttRAGs.wf])
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   719
  case (1 x)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   720
  show ?case (is "?L = ?R")
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   721
  proof -
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   722
    from tRAG_ancestorsE[OF 1(2)]
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   723
    obtain th2 where eq_x: "x = Th th2" by blast
102
3a801bbd2687 Reorganizing PIPBasics.thy and making small changes to Implementation.thy and Correctness.thy.
zhangx
parents: 93
diff changeset
   724
    from vat_es.cp_gen_rec[OF this]
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   725
    have "?L = 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   726
          Max ({the_preced (e#s) th2} \<union> cp_gen (e#s) ` RTree.children (tRAG (e#s)) x)" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   727
    also have "... = 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   728
          Max ({the_preced s th2} \<union> cp_gen s ` RTree.children (tRAG s) x)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   729
    proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   730
      from preced_kept have "the_preced (e#s) th2 = the_preced s th2" by simp
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   731
      moreover have "cp_gen (e#s) ` RTree.children (tRAG (e#s)) x =
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   732
                     cp_gen s ` RTree.children (tRAG s) x"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   733
      proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   734
        have "RTree.children (tRAG (e#s)) x =  RTree.children (tRAG s) x"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   735
        proof(unfold tRAG_s, rule children_union_kept)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   736
          have start: "(Th th, Th holder) \<in> tRAG (e#s)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   737
            by (unfold tRAG_s, auto)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   738
          note x_u = 1(2)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   739
          show "x \<notin> Range {(Th th, Th holder)}"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   740
          proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   741
            assume "x \<in> Range {(Th th, Th holder)}"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   742
            hence eq_x: "x = Th holder" using RangeE by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   743
            show False
136
fb3f52fe99d1 updated tG definition
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 134
diff changeset
   744
            find_theorems ancestors tRAG
fb3f52fe99d1 updated tG definition
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 134
diff changeset
   745
            proof(cases rule:vat_es.forest_s.ancestors_headE[OF assms(1) start])
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   746
              case 1
102
3a801bbd2687 Reorganizing PIPBasics.thy and making small changes to Implementation.thy and Correctness.thy.
zhangx
parents: 93
diff changeset
   747
              from x_u[folded this, unfolded eq_x] vat_es.acyclic_tRAG
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   748
              show ?thesis by (auto simp:ancestors_def acyclic_def)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   749
            next
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   750
              case 2
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   751
              with x_u[unfolded eq_x]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   752
              have "(Th holder, Th holder) \<in> (tRAG (e#s))^+" by (auto simp:ancestors_def)
102
3a801bbd2687 Reorganizing PIPBasics.thy and making small changes to Implementation.thy and Correctness.thy.
zhangx
parents: 93
diff changeset
   753
              with vat_es.acyclic_tRAG show ?thesis by (auto simp:acyclic_def)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   754
            qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   755
          qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   756
        qed
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   757
        moreover have "cp_gen (e#s) ` RTree.children (tRAG (e#s)) x =
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   758
                       cp_gen s ` RTree.children (tRAG (e#s)) x" (is "?f ` ?A = ?g ` ?A")
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   759
        proof(rule f_image_eq)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   760
          fix a
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   761
          assume a_in: "a \<in> ?A"
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   762
          from 1(2)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   763
          show "?f a = ?g a"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   764
          proof(cases rule:vat_es.forest_s.ancestors_childrenE[case_names in_ch out_ch])
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   765
             case in_ch
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   766
             show ?thesis
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   767
             proof(cases "a = u")
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   768
                case True
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   769
                from assms(2)[folded this] show ?thesis .
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   770
             next
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   771
                case False
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   772
                have a_not_in: "a \<notin> ancestors (tRAG (e#s)) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   773
                proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   774
                  assume a_in': "a \<in> ancestors (tRAG (e#s)) (Th th)"
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   775
                  have "a = u"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   776
                  proof(rule vat_es.forest_s.ancestors_children_unique)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   777
                    from a_in' a_in show "a \<in> ancestors (tRAG (e#s)) (Th th) \<inter> 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   778
                                          RTree.children (tRAG (e#s)) x" by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   779
                  next 
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   780
                    from assms(1) in_ch show "u \<in> ancestors (tRAG (e#s)) (Th th) \<inter> 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   781
                                      RTree.children (tRAG (e#s)) x" by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   782
                  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   783
                  with False show False by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   784
                qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   785
                from a_in obtain th_a where eq_a: "a = Th th_a" 
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   786
                    by (unfold RTree.children_def tRAG_alt_def, auto)
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   787
                from cp_kept[OF a_not_in[unfolded eq_a]]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   788
                have "cp (e#s) th_a = cp s th_a" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   789
                from this [unfolded cp_gen_def_cond[OF eq_a], folded eq_a]
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   790
                show ?thesis .
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   791
             qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   792
          next
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   793
            case (out_ch z)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   794
            hence h: "z \<in> ancestors (tRAG (e#s)) u" "z \<in> RTree.children (tRAG (e#s)) x" by auto
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   795
            show ?thesis
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   796
            proof(cases "a = z")
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   797
              case True
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   798
              from h(2) have zx_in: "(z, x) \<in> (tRAG (e#s))" by (auto simp:RTree.children_def)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   799
              from 1(1)[rule_format, OF this h(1)]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   800
              have eq_cp_gen: "cp_gen (e#s) z = cp_gen s z" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   801
              with True show ?thesis by metis
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   802
            next
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   803
              case False
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   804
              from a_in obtain th_a where eq_a: "a = Th th_a"
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   805
                by (auto simp:RTree.children_def tRAG_alt_def)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   806
              have "a \<notin> ancestors (tRAG (e#s)) (Th th)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   807
              proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   808
                assume a_in': "a \<in> ancestors (tRAG (e#s)) (Th th)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   809
                have "a = z"
134
8a13b37b4d95 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 130
diff changeset
   810
                proof(rule vat_es.forest_s.ancestors_children_unique)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   811
                  from assms(1) h(1) have "z \<in> ancestors (tRAG (e#s)) (Th th)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   812
                      by (auto simp:ancestors_def)
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   813
                  with h(2) show " z \<in> ancestors (tRAG (e#s)) (Th th) \<inter> 
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   814
                                       RTree.children (tRAG (e#s)) x" by auto
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   815
                next
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   816
                  from a_in a_in'
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   817
                  show "a \<in> ancestors (tRAG (e#s)) (Th th) \<inter> RTree.children (tRAG (e#s)) x"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   818
                    by auto
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   819
                qed
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   820
                with False show False by auto
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   821
              qed
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   822
              from cp_kept[OF this[unfolded eq_a]]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   823
              have "cp (e#s) th_a = cp s th_a" .
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   824
              from this[unfolded cp_gen_def_cond[OF eq_a], folded eq_a]
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   825
              show ?thesis .
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   826
            qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   827
          qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   828
        qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   829
        ultimately show ?thesis by metis
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   830
      qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   831
      ultimately show ?thesis by simp
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   832
    qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   833
    also have "... = ?R"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   834
      by (fold cp_gen_rec[OF eq_x], simp)
58
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   835
    finally show ?thesis .
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   836
  qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   837
qed
ad57323fd4d6 Extended RTree.thy
zhangx
parents: 56
diff changeset
   838
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   839
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   840
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   841
  The following lemma is about the possible early termination of 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   842
  @{text cp}-recalculation. The lemma says that @{text cp}-recalculation 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   843
  can terminate as soon as the recalculation yields an unchanged @{text cp}-value. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   844
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   845
  The @{text th'} in the lemma is assumed to be the first ancestor of @{text th}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   846
  encountered by the recalculation procedure which has an unchanged @{text cp}-value 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   847
  and the @{text th''} represents any thread upstream of @{text th'}. The lemma shows 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   848
  that the @{text "cp"}-value @{text "th''"} is not changed, therefore, needs no 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   849
  recalculation. It means the recalculation can be stop at @{text "th'"}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   850
*}
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   851
lemma cp_up:
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   852
  assumes "(Th th') \<in> ancestors (tRAG (e#s)) (Th th)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   853
  and "cp (e#s) th' = cp s th'"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   854
  and "(Th th'') \<in> ancestors (tRAG (e#s)) (Th th')"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   855
  shows "cp (e#s) th'' = cp s th''"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   856
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   857
  have "cp_gen (e#s) (Th th'') = cp_gen s (Th th'')"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   858
  proof(rule cp_gen_update_stop[OF assms(1) _ assms(3)])
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   859
    from assms(2) cp_gen_def_cond[OF refl[of "Th th'"]]
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   860
    show "cp_gen (e#s) (Th th') = cp_gen s (Th th')" by metis
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   861
  qed
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   862
  with cp_gen_def_cond[OF refl[of "Th th''"]]
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   863
  show ?thesis by metis
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   864
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   865
190
312497c6d6b9 updated
Christian Urban <urbanc@in.tum.de>
parents: 189
diff changeset
   866
lemma cp_up_tG: (* aaa *)
189
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   867
  assumes "th' \<in> ancestors (tG (e#s)) th"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   868
  and "cp (e#s) th' = cp s th'"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   869
  and "th'' \<in> ancestors (tG (e#s)) th'"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   870
  shows "cp (e#s) th'' = cp s th''"
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   871
  using assms cp_up ancestors_tG_tRAG by blast   
914288aec495 updated
Christian Urban <urbanc@in.tum.de>
parents: 188
diff changeset
   872
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   873
end
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   874
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   875
text {* 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   876
  The following locale deals with the @{text Create}-operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   877
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   878
68
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   879
section {* The @{term Create} operation *}
db196b066b97 Before retrofiting PIPBasics.thy
zhangx
parents: 65
diff changeset
   880
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   881
context valid_trace_create
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   882
begin 
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   883
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   884
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   885
  Since @{text Create}-operation does not change @{text RAG} (according to 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   886
  @{thm RAG_es}) and @{text tRAG} is determined uniquely by @{text RAG}, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   887
  therefore, @{text tRAG} is not not changed by @{text Create} neither.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   888
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   889
lemma tRAG_kept: "tRAG (e#s) = tRAG s"
113
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   890
  by (unfold tRAG_alt_def RAG_es, auto)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   891
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   892
lemma tG_kept: "tG (e#s) = tG s"
179
f9e6c4166476 updated
Christian Urban <urbanc@in.tum.de>
parents: 178
diff changeset
   893
  by (unfold tG_def_tRAG tRAG_kept, simp)
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   894
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   895
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   896
  The following lemma shows that @{text th} is completely isolated 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   897
  from @{text RAG}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   898
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   899
lemma th_not_in: "Th th \<notin> Field (tRAG s)"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   900
  by (meson not_in_thread_isolated subsetCE tRAG_Field th_not_live_s)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   901
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   902
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   903
  Based on @{thm th_not_in}, it can be derived that @{text th} is also 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   904
  isolated from @{text RAG}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   905
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   906
lemma th_not_in_tG: "th \<notin> Field (tG s)"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   907
  using tG_threads th_not_live_s by blast
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   908
  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   909
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   910
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   911
  The @{text Create}-operation does not change the precedences
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   912
  of other threads excepting sets a the initial precedence for the 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   913
  thread being created (i.e. @{text th}).
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   914
*}
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   915
lemma preced_kept:
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   916
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   917
  shows "the_preced (e#s) th' = the_preced s th'"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   918
  by (unfold the_preced_def preced_def is_create, insert assms, auto)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   919
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   920
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   921
  The following lemma shows that the @{text cp}-values of
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   922
  all other threads need not be recalculated. The reason is twofold, first, 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   923
  since @{text tG} is not changed, sub-trees of these threads are not changed;
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   924
  second, the precedences of the threads in these sub-trees are not changed (because 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   925
  the only thread with a changed precedence is @{text th} and @{text th} is isolated
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   926
  from @{text tG}). 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   927
*}
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   928
lemma eq_cp:
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   929
  assumes neq_th: "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   930
  shows "cp (e#s) th' = cp s th'"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   931
proof -
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   932
  have "(the_preced (e # s) ` subtree (tG (e # s)) th') =
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   933
        (the_preced s ` subtree (tG s) th')"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   934
  proof -
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   935
    { fix a
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   936
      assume "a \<in> subtree (tG s) th'"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   937
      with th_not_in_tG have "a \<noteq> th"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   938
        by (metis ancestors_Field dm_tG_threads neq_th subtree_ancestorsI th_not_live_s) 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   939
      from preced_kept[OF this]  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   940
      have "the_preced (e # s) a = the_preced s a" .
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   941
    }
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   942
    thus ?thesis by (unfold tG_kept, auto intro!:f_image_eq)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   943
  qed   
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   944
  thus ?thesis by (unfold cp_alt_def2, simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   945
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   946
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   947
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   948
  The following two lemmas deal with the @{text cp}-calculation of @{text th}. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   949
  The first lemma @{text children_of_th} says @{text th} has no children. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   950
  The reason is simple, @{text th} is isolated from @{text "RAG"} before the
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   951
  @{term Create}-operation and @{text Create} does not change @{text RAG}, so 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   952
  @{text th} keeps isolated after the operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   953
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   954
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   955
lemma children_of_th: "RTree.children (tRAG (e#s)) (Th th) = {}"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   956
proof -
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   957
  { fix a
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   958
    assume "a \<in> RTree.children (tRAG (e#s)) (Th th)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   959
    hence "(a, Th th) \<in> tRAG (e#s)" by (auto simp:RTree.children_def)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   960
    with th_not_in have False 
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   961
     by (unfold Field_def tRAG_kept, auto)
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   962
  } thus ?thesis by auto
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   963
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   964
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   965
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   966
  Now, since @{term th} has no children, by definition its @{text cp} value 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   967
  equals its precedence:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   968
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   969
lemma eq_cp_th: "cp (e#s) th = preced th (e#s)"
197
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
   970
  unfolding  children_of_th
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
   971
  apply(subst vat_es.cp_rec)
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
   972
  apply(simp add:the_preced_def children_of_th)
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
   973
  done
ca4ddf26a7c7 updated to Isabelle 2016-1
Christian Urban <urbanc@in.tum.de>
parents: 190
diff changeset
   974
    
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   975
end
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   976
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   977
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   978
  The following locale @{text valid_trace_exit} deals with the @{term Exit}-operation.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   979
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   980
context valid_trace_exit
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   981
begin
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   982
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   983
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   984
  The treatment of @{text Exit} is very similar to @{text Create}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   985
  First, the precedences of threads other than @{text th} are not changed.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   986
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   987
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   988
lemma preced_kept:
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   989
  assumes "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   990
  shows "the_preced (e#s) th' = the_preced s th'"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   991
  using assms
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   992
  by (unfold the_preced_def is_exit preced_def, simp)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   993
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   994
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   995
  Second, @{term tRAG} is not changed by @{text Exit} either.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
   996
*}
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
   997
lemma tRAG_kept: "tRAG (e#s) = tRAG s"
113
ce85c3c4e5bf More improvements in PIPBasics.thy and Implemenation.thy.
zhangx
parents: 108
diff changeset
   998
  by (unfold tRAG_alt_def RAG_es, auto)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
   999
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1000
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1001
  Since @{term tG} is defined in terms of @{term tRAG}, @{term tG} is not changed neither.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1002
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1003
lemma tG_kept: "tG (e#s) = tG s"
179
f9e6c4166476 updated
Christian Urban <urbanc@in.tum.de>
parents: 178
diff changeset
  1004
  by (unfold tG_def_tRAG tRAG_kept, simp)
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1005
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1006
lemma th_RAG: "Th th \<notin> Field (RAG s)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1007
proof -
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1008
  have "Th th \<notin> Range (RAG s)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1009
  proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1010
    assume "Th th \<in> Range (RAG s)"
127
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1011
    then obtain cs where "holding s th cs"
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1012
    by (simp add: holdents_RAG holdents_th_s)
130
0f124691c191 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 127
diff changeset
  1013
    then show False by (unfold s_holding_abv, auto)
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1014
  qed
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1015
  moreover have "Th th \<notin> Domain (RAG s)"
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1016
  proof
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1017
    assume "Th th \<in> Domain (RAG s)"
127
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1018
    then obtain cs where "waiting s th cs"
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1019
    by (simp add: readys_RAG)
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1020
    then show False
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1021
    using RAG_es \<open>Th th \<in> Domain (RAG s)\<close> 
38c6acf03f68 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
  1022
    th_not_live_es valid_trace.dm_RAG_threads vat_es.valid_trace_axioms by blast
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1023
  qed
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1024
  ultimately show ?thesis by (auto simp:Field_def)
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1025
qed
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1026
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1027
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1028
lemma th_tRAG: "(Th th) \<notin> Field (tRAG s)"
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1029
  using th_RAG tRAG_Field by auto
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1030
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1031
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1032
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1033
  Based on @{thm th_RAG}, it can be derived that @{text th} is also 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1034
  isolated from @{text tG}.
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1035
*}
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1036
lemma th_not_in_tG: "th \<notin> Field (tG s)"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1037
  using tG_kept vat_es.tG_threads by auto
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1038
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1039
text {*
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1040
  Because of @{thm preced_kept}, @{thm tG_kept} and @{thm th_tRAG},
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1041
  the @{text cp}-values of all other threads are not changed. 
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1042
  The reasoning is almost the same as that of @{term Create}:
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1043
*}
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
  1044
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1045
lemma eq_cp:
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1046
  assumes neq_th: "th' \<noteq> th"
92
4763aa246dbd Original files overwrite by their parallels (Correctness.thy v.s. PrioG.thy, PIPBasics.thy v.s. CpsG.thy, Implementation v.s. ExtGG.thy).
zhangx
parents: 68
diff changeset
  1047
  shows "cp (e#s) th' = cp s th'"
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1048
proof -
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1049
  have "(the_preced (e # s) ` subtree (tG (e # s)) th') =
179
f9e6c4166476 updated
Christian Urban <urbanc@in.tum.de>
parents: 178
diff changeset
  1050
          (the_preced s ` subtree (tG s) th')"
178
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1051
  proof -
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1052
    { fix a
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1053
      assume "a \<in> subtree (tG s) th'"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1054
      with th_not_in_tG have "a \<noteq> th"
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1055
        by (metis ex_in_conv neq_th root_def root_readys_tG subtree_ancestorsI th_ready_s)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1056
      from preced_kept[OF this]  
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1057
      have "the_preced (e # s) a = the_preced s a" .
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1058
    }
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1059
    thus ?thesis by (unfold tG_kept, auto intro!:f_image_eq)
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1060
  qed   
da27bece9575 updated
Christian Urban <urbanc@in.tum.de>
parents: 136
diff changeset
  1061
  thus ?thesis by (unfold cp_alt_def2, simp)
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1062
qed
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1063
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1064
end
60
f98a95f3deae Main proofs in CpsG.thy completed.
zhangx
parents: 59
diff changeset
  1065
188
2dd47ea013ac updated
Christian Urban <urbanc@in.tum.de>
parents: 185
diff changeset
  1066
0
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1067
end
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
  1068