| author | zhangx |
| Thu, 28 Jan 2016 21:14:17 +0800 | |
| changeset 90 | ed938e2246b9 |
| parent 64 | b4bcd1edbb6d |
| permissions | -rw-r--r-- |
|
64
b4bcd1edbb6d
renamed files
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
57
diff
changeset
|
1 |
chapter {* Definitions *}
|
|
57
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
2 |
(*<*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
3 |
theory PrioGDef |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
4 |
imports Precedence_ord Moment |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
5 |
begin |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
6 |
(*>*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
7 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
8 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
9 |
In this section, the formal model of Priority Inheritance Protocol (PIP) is presented. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
10 |
The model is based on Paulson's inductive protocol verification method, where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
11 |
the state of the system is modelled as a list of events happened so far with the latest |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
12 |
event put at the head. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
13 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
14 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
15 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
16 |
To define events, the identifiers of {\em threads},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
17 |
{\em priority} and {\em critical resources } (abbreviated as @{text "cs"})
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
18 |
need to be represented. All three are represetned using standard |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
19 |
Isabelle/HOL type @{typ "nat"}:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
20 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
21 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
22 |
type_synonym thread = nat -- {* Type for thread identifiers. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
23 |
type_synonym priority = nat -- {* Type for priorities. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
24 |
type_synonym cs = nat -- {* Type for critical sections (or critical resources). *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
25 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
26 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
27 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
28 |
The abstraction of Priority Inheritance Protocol (PIP) is set at the system call level. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
29 |
Every system call is represented as an event. The format of events is defined |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
30 |
defined as follows: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
31 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
32 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
33 |
datatype event = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
34 |
Create thread priority | -- {* Thread @{text "thread"} is created with priority @{text "priority"}. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
35 |
Exit thread | -- {* Thread @{text "thread"} finishing its execution. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
36 |
P thread cs | -- {* Thread @{text "thread"} requesting critical resource @{text "cs"}. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
37 |
V thread cs | -- {* Thread @{text "thread"} releasing critical resource @{text "cs"}. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
38 |
Set thread priority -- {* Thread @{text "thread"} resets its priority to @{text "priority"}. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
39 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
40 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
41 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
42 |
As mentioned earlier, in Paulson's inductive method, the states of system are represented as lists of events, |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
43 |
which is defined by the following type @{text "state"}:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
44 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
45 |
type_synonym state = "event list" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
46 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
47 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
48 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
49 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
50 |
Resource Allocation Graph (RAG for short) is used extensively in our formal analysis. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
51 |
The following type @{text "node"} is used to represent nodes in RAG.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
52 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
53 |
datatype node = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
54 |
Th "thread" | -- {* Node for thread. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
55 |
Cs "cs" -- {* Node for critical resource. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
56 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
57 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
58 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
59 |
The following function |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
60 |
@{text "threads"} is used to calculate the set of live threads (@{text "threads s"})
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
61 |
in state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
62 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
63 |
fun threads :: "state \<Rightarrow> thread set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
64 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
65 |
-- {* At the start of the system, the set of threads is empty: *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
66 |
"threads [] = {}" |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
67 |
-- {* New thread is added to the @{text "threads"}: *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
68 |
"threads (Create thread prio#s) = {thread} \<union> threads s" |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
69 |
-- {* Finished thread is removed: *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
70 |
"threads (Exit thread # s) = (threads s) - {thread}" |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
71 |
-- {* Other kind of events does not affect the value of @{text "threads"}: *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
72 |
"threads (e#s) = threads s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
73 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
74 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
75 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
76 |
The function @{text "threads"} defined above is one of
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
77 |
the so called {\em observation function}s which forms
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
78 |
the very basis of Paulson's inductive protocol verification method. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
79 |
Each observation function {\em observes} one particular aspect (or attribute)
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
80 |
of the system. For example, the attribute observed by @{text "threads s"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
81 |
is the set of threads living in state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
82 |
The protocol being modelled |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
83 |
The decision made the protocol being modelled is based on the {\em observation}s
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
84 |
returned by {\em observation function}s. Since {\observation function}s forms
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
85 |
the very basis on which Paulson's inductive method is based, there will be |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
86 |
a lot of such observation functions introduced in the following. In fact, any function |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
87 |
which takes event list as argument is a {\em observation function}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
88 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
89 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
90 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
91 |
Observation @{text "priority th s"} is
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
92 |
the {\em original priority} of thread @{text "th"} in state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
93 |
The {\em original priority} is the priority
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
94 |
assigned to a thread when it is created or when it is reset by system call |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
95 |
(represented by event @{text "Set thread priority"}).
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
96 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
97 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
98 |
fun priority :: "thread \<Rightarrow> state \<Rightarrow> priority" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
99 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
100 |
-- {* @{text "0"} is assigned to threads which have never been created: *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
101 |
"priority thread [] = 0" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
102 |
"priority thread (Create thread' prio#s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
103 |
(if thread' = thread then prio else priority thread s)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
104 |
"priority thread (Set thread' prio#s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
105 |
(if thread' = thread then prio else priority thread s)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
106 |
"priority thread (e#s) = priority thread s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
107 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
108 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
109 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
110 |
Observation @{text "last_set th s"} is the last time when the priority of thread @{text "th"} is set,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
111 |
observed from state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
112 |
The time in the system is measured by the number of events happened so far since the very beginning. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
113 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
114 |
fun last_set :: "thread \<Rightarrow> state \<Rightarrow> nat" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
115 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
116 |
"last_set thread [] = 0" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
117 |
"last_set thread ((Create thread' prio)#s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
118 |
(if (thread = thread') then length s else last_set thread s)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
119 |
"last_set thread ((Set thread' prio)#s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
120 |
(if (thread = thread') then length s else last_set thread s)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
121 |
"last_set thread (_#s) = last_set thread s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
122 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
123 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
124 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
125 |
The {\em precedence} is a notion derived from {\em priority}, where the {\em precedence} of
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
126 |
a thread is the combination of its {\em original priority} and {\em time} the priority is set.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
127 |
The intention is to discriminate threads with the same priority by giving threads whose priority |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
128 |
is assigned earlier higher precedences, becasue such threads are more urgent to finish. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
129 |
This explains the following definition: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
130 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
131 |
definition preced :: "thread \<Rightarrow> state \<Rightarrow> precedence" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
132 |
where "preced thread s \<equiv> Prc (priority thread s) (last_set thread s)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
133 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
134 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
135 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
136 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
137 |
A number of important notions in PIP are represented as the following functions, |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
138 |
defined in terms of the waiting queues of the system, where the waiting queues |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
139 |
, as a whole, is represented by the @{text "wq"} argument of every notion function.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
140 |
The @{text "wq"} argument is itself a functions which maps every critical resource
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
141 |
@{text "cs"} to the list of threads which are holding or waiting for it.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
142 |
The thread at the head of this list is designated as the thread which is current |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
143 |
holding the resrouce, which is slightly different from tradition where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
144 |
all threads in the waiting queue are considered as waiting for the resource. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
145 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
146 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
147 |
consts |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
148 |
holding :: "'b \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> bool" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
149 |
waiting :: "'b \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> bool" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
150 |
RAG :: "'b \<Rightarrow> (node \<times> node) set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
151 |
dependants :: "'b \<Rightarrow> thread \<Rightarrow> thread set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
152 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
153 |
defs (overloaded) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
154 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
155 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
156 |
This meaning of @{text "wq"} is reflected in the following definition of @{text "holding wq th cs"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
157 |
where @{text "holding wq th cs"} means thread @{text "th"} is holding the critical
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
158 |
resource @{text "cs"}. This decision is based on @{text "wq"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
159 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
160 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
161 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
162 |
cs_holding_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
163 |
"holding wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread = hd (wq cs))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
164 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
165 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
166 |
In accordance with the definition of @{text "holding wq th cs"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
167 |
a thread @{text "th"} is considered waiting for @{text "cs"} if
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
168 |
it is in the {\em waiting queue} of critical resource @{text "cs"}, but not at the head.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
169 |
This is reflected in the definition of @{text "waiting wq th cs"} as follows:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
170 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
171 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
172 |
cs_waiting_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
173 |
"waiting wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread \<noteq> hd (wq cs))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
174 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
175 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
176 |
@{text "RAG wq"} generates RAG (a binary relations on @{text "node"})
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
177 |
out of waiting queues of the system (represented by the @{text "wq"} argument):
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
178 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
179 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
180 |
cs_RAG_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
181 |
"RAG (wq::cs \<Rightarrow> thread list) \<equiv> |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
182 |
{(Th th, Cs cs) | th cs. waiting wq th cs} \<union> {(Cs cs, Th th) | cs th. holding wq th cs}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
183 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
184 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
185 |
The following @{text "dependants wq th"} represents the set of threads which are RAGing on
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
186 |
thread @{text "th"} in Resource Allocation Graph @{text "RAG wq"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
187 |
Here, "RAGing" means waiting directly or indirectly on the critical resource. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
188 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
189 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
190 |
cs_dependants_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
191 |
"dependants (wq::cs \<Rightarrow> thread list) th \<equiv> {th' . (Th th', Th th) \<in> (RAG wq)^+}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
192 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
193 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
194 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
195 |
The following |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
196 |
@{text "cpreced s th"} gives the {\em current precedence} of thread @{text "th"} under
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
197 |
state @{text "s"}. The definition of @{text "cpreced"} reflects the basic idea of
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
198 |
Priority Inheritance that the {\em current precedence} of a thread is the precedence
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
199 |
inherited from the maximum of all its dependants, i.e. the threads which are waiting |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
200 |
directly or indirectly waiting for some resources from it. If no such thread exits, |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
201 |
@{text "th"}'s {\em current precedence} equals its original precedence, i.e.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
202 |
@{text "preced th s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
203 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
204 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
205 |
definition cpreced :: "(cs \<Rightarrow> thread list) \<Rightarrow> state \<Rightarrow> thread \<Rightarrow> precedence" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
206 |
where "cpreced wq s = (\<lambda>th. Max ((\<lambda>th'. preced th' s) ` ({th} \<union> dependants wq th)))"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
207 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
208 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
209 |
Notice that the current precedence (@{text "cpreced"}) of one thread @{text "th"} can be boosted
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
210 |
(becoming larger than its own precedence) by those threads in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
211 |
the @{text "dependants wq th"}-set. If one thread get boosted, we say
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
212 |
it inherits the priority (or, more precisely, the precedence) of |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
213 |
its dependants. This is how the word "Inheritance" in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
214 |
Priority Inheritance Protocol comes. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
215 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
216 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
217 |
(*<*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
218 |
lemma |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
219 |
cpreced_def2: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
220 |
"cpreced wq s th \<equiv> Max ({preced th s} \<union> {preced th' s | th'. th' \<in> dependants wq th})"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
221 |
unfolding cpreced_def image_def |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
222 |
apply(rule eq_reflection) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
223 |
apply(rule_tac f="Max" in arg_cong) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
224 |
by (auto) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
225 |
(*>*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
226 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
227 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
228 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
229 |
Assuming @{text "qs"} be the waiting queue of a critical resource,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
230 |
the following abbreviation "release qs" is the waiting queue after the thread |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
231 |
holding the resource (which is thread at the head of @{text "qs"}) released
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
232 |
the resource: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
233 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
234 |
abbreviation |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
235 |
"release qs \<equiv> case qs of |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
236 |
[] => [] |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
237 |
| (_#qs') => (SOME q. distinct q \<and> set q = set qs')" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
238 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
239 |
It can be seen from the definition that the thread at the head of @{text "qs"} is removed
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
240 |
from the return value, and the value @{term "q"} is an reordering of @{text "qs'"}, the
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
241 |
tail of @{text "qs"}. Through this reordering, one of the waiting threads (those in @{text "qs'"} }
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
242 |
is chosen nondeterministically to be the head of the new queue @{text "q"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
243 |
Therefore, this thread is the one who takes over the resource. This is a little better different |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
244 |
from common sense that the thread who comes the earliest should take over. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
245 |
The intention of this definition is to show that the choice of which thread to take over the |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
246 |
release resource does not affect the correctness of the PIP protocol. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
247 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
248 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
249 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
250 |
The data structure used by the operating system for scheduling is referred to as |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
251 |
{\em schedule state}. It is represented as a record consisting of
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
252 |
a function assigning waiting queue to resources |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
253 |
(to be used as the @{text "wq"} argument in @{text "holding"}, @{text "waiting"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
254 |
and @{text "RAG"}, etc) and a function assigning precedence to threads:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
255 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
256 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
257 |
record schedule_state = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
258 |
wq_fun :: "cs \<Rightarrow> thread list" -- {* The function assigning waiting queue. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
259 |
cprec_fun :: "thread \<Rightarrow> precedence" -- {* The function assigning precedence. *}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
260 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
261 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
262 |
The following two abbreviations (@{text "all_unlocked"} and @{text "initial_cprec"})
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
263 |
are used to set the initial values of the @{text "wq_fun"} @{text "cprec_fun"} fields
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
264 |
respectively of the @{text "schedule_state"} record by the following function @{text "sch"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
265 |
which is used to calculate the system's {\em schedule state}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
266 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
267 |
Since there is no thread at the very beginning to make request, all critical resources |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
268 |
are free (or unlocked). This status is represented by the abbreviation |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
269 |
@{text "all_unlocked"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
270 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
271 |
abbreviation |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
272 |
"all_unlocked \<equiv> \<lambda>_::cs. ([]::thread list)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
273 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
274 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
275 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
276 |
The initial current precedence for a thread can be anything, because there is no thread then. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
277 |
We simply assume every thread has precedence @{text "Prc 0 0"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
278 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
279 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
280 |
abbreviation |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
281 |
"initial_cprec \<equiv> \<lambda>_::thread. Prc 0 0" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
282 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
283 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
284 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
285 |
The following function @{text "schs"} is used to calculate the system's schedule state @{text "schs s"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
286 |
out of the current system state @{text "s"}. It is the central function to model Priority Inheritance:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
287 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
288 |
fun schs :: "state \<Rightarrow> schedule_state" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
289 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
290 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
291 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
292 |
Setting the initial value of the @{text "schedule_state"} record (see the explanations above).
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
293 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
294 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
295 |
"schs [] = (| wq_fun = all_unlocked, cprec_fun = initial_cprec |)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
296 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
297 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
298 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
299 |
\begin{enumerate}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
300 |
\item @{text "ps"} is the schedule state of last moment.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
301 |
\item @{text "pwq"} is the waiting queue function of last moment.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
302 |
\item @{text "pcp"} is the precedence function of last moment (NOT USED).
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
303 |
\item @{text "nwq"} is the new waiting queue function. It is calculated using a @{text "case"} statement:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
304 |
\begin{enumerate}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
305 |
\item If the happening event is @{text "P thread cs"}, @{text "thread"} is added to
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
306 |
the end of @{text "cs"}'s waiting queue.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
307 |
\item If the happening event is @{text "V thread cs"} and @{text "s"} is a legal state,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
308 |
@{text "th'"} must equal to @{text "thread"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
309 |
because @{text "thread"} is the one currently holding @{text "cs"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
310 |
The case @{text "[] \<Longrightarrow> []"} may never be executed in a legal state.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
311 |
the @{text "(SOME q. distinct q \<and> set q = set qs)"} is used to choose arbitrarily one
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
312 |
thread in waiting to take over the released resource @{text "cs"}. In our representation,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
313 |
this amounts to rearrange elements in waiting queue, so that one of them is put at the head. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
314 |
\item For other happening event, the schedule state just does not change. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
315 |
\end{enumerate}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
316 |
\item @{text "ncp"} is new precedence function, it is calculated from the newly updated waiting queue
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
317 |
function. The RAGency of precedence function on waiting queue function is the reason to |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
318 |
put them in the same record so that they can evolve together. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
319 |
\end{enumerate}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
320 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
321 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
322 |
The calculation of @{text "cprec_fun"} depends on the value of @{text "wq_fun"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
323 |
Therefore, in the following cases, @{text "wq_fun"} is always calculated first, in
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
324 |
the name of @{text "wq"} (if @{text "wq_fun"} is not changed
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
325 |
by the happening event) or @{text "new_wq"} (if the value of @{text "wq_fun"} is changed).
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
326 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
327 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
328 |
"schs (Create th prio # s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
329 |
(let wq = wq_fun (schs s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
330 |
(|wq_fun = wq, cprec_fun = cpreced wq (Create th prio # s)|))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
331 |
| "schs (Exit th # s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
332 |
(let wq = wq_fun (schs s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
333 |
(|wq_fun = wq, cprec_fun = cpreced wq (Exit th # s)|))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
334 |
| "schs (Set th prio # s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
335 |
(let wq = wq_fun (schs s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
336 |
(|wq_fun = wq, cprec_fun = cpreced wq (Set th prio # s)|))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
337 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
338 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
339 |
Different from the forth coming cases, the @{text "wq_fun"} field of the schedule state
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
340 |
is changed. So, the new value is calculated first, in the name of @{text "new_wq"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
341 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
342 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
343 |
| "schs (P th cs # s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
344 |
(let wq = wq_fun (schs s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
345 |
let new_wq = wq(cs := (wq cs @ [th])) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
346 |
(|wq_fun = new_wq, cprec_fun = cpreced new_wq (P th cs # s)|))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
347 |
| "schs (V th cs # s) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
348 |
(let wq = wq_fun (schs s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
349 |
let new_wq = wq(cs := release (wq cs)) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
350 |
(|wq_fun = new_wq, cprec_fun = cpreced new_wq (V th cs # s)|))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
351 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
352 |
lemma cpreced_initial: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
353 |
"cpreced (\<lambda> cs. []) [] = (\<lambda>_. (Prc 0 0))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
354 |
apply(simp add: cpreced_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
355 |
apply(simp add: cs_dependants_def cs_RAG_def cs_waiting_def cs_holding_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
356 |
apply(simp add: preced_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
357 |
done |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
358 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
359 |
lemma sch_old_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
360 |
"schs (e#s) = (let ps = schs s in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
361 |
let pwq = wq_fun ps in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
362 |
let nwq = case e of |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
363 |
P th cs \<Rightarrow> pwq(cs:=(pwq cs @ [th])) | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
364 |
V th cs \<Rightarrow> let nq = case (pwq cs) of |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
365 |
[] \<Rightarrow> [] | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
366 |
(_#qs) \<Rightarrow> (SOME q. distinct q \<and> set q = set qs) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
367 |
in pwq(cs:=nq) | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
368 |
_ \<Rightarrow> pwq |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
369 |
in let ncp = cpreced nwq (e#s) in |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
370 |
\<lparr>wq_fun = nwq, cprec_fun = ncp\<rparr> |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
371 |
)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
372 |
apply(cases e) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
373 |
apply(simp_all) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
374 |
done |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
375 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
376 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
377 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
378 |
\noindent |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
379 |
The following @{text "wq"} is a shorthand for @{text "wq_fun"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
380 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
381 |
definition wq :: "state \<Rightarrow> cs \<Rightarrow> thread list" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
382 |
where "wq s = wq_fun (schs s)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
383 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
384 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
385 |
The following @{text "cp"} is a shorthand for @{text "cprec_fun"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
386 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
387 |
definition cp :: "state \<Rightarrow> thread \<Rightarrow> precedence" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
388 |
where "cp s \<equiv> cprec_fun (schs s)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
389 |
|
|
64
b4bcd1edbb6d
renamed files
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
57
diff
changeset
|
390 |
definition "cp_gen s x = Max ((the_preced s \<circ> the_thread) ` subtree (tRAG s) x)" |
|
b4bcd1edbb6d
renamed files
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
57
diff
changeset
|
391 |
|
|
57
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
392 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
393 |
Functions @{text "holding"}, @{text "waiting"}, @{text "RAG"} and
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
394 |
@{text "dependants"} still have the
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
395 |
same meaning, but redefined so that they no longer RAG on the |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
396 |
fictitious {\em waiting queue function}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
397 |
@{text "wq"}, but on system state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
398 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
399 |
defs (overloaded) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
400 |
s_holding_abv: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
401 |
"holding (s::state) \<equiv> holding (wq_fun (schs s))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
402 |
s_waiting_abv: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
403 |
"waiting (s::state) \<equiv> waiting (wq_fun (schs s))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
404 |
s_RAG_abv: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
405 |
"RAG (s::state) \<equiv> RAG (wq_fun (schs s))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
406 |
s_dependants_abv: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
407 |
"dependants (s::state) \<equiv> dependants (wq_fun (schs s))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
408 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
409 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
410 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
411 |
The following lemma can be proved easily, and the meaning is obvious. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
412 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
413 |
lemma |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
414 |
s_holding_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
415 |
"holding (s::state) th cs \<equiv> (th \<in> set (wq_fun (schs s) cs) \<and> th = hd (wq_fun (schs s) cs))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
416 |
by (auto simp:s_holding_abv wq_def cs_holding_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
417 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
418 |
lemma s_waiting_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
419 |
"waiting (s::state) th cs \<equiv> (th \<in> set (wq_fun (schs s) cs) \<and> th \<noteq> hd (wq_fun (schs s) cs))" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
420 |
by (auto simp:s_waiting_abv wq_def cs_waiting_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
421 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
422 |
lemma s_RAG_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
423 |
"RAG (s::state) = |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
424 |
{(Th th, Cs cs) | th cs. waiting (wq s) th cs} \<union> {(Cs cs, Th th) | cs th. holding (wq s) th cs}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
425 |
by (auto simp:s_RAG_abv wq_def cs_RAG_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
426 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
427 |
lemma |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
428 |
s_dependants_def: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
429 |
"dependants (s::state) th \<equiv> {th' . (Th th', Th th) \<in> (RAG (wq s))^+}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
430 |
by (auto simp:s_dependants_abv wq_def cs_dependants_def) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
431 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
432 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
433 |
The following function @{text "readys"} calculates the set of ready threads. A thread is {\em ready}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
434 |
for running if it is a live thread and it is not waiting for any critical resource. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
435 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
436 |
definition readys :: "state \<Rightarrow> thread set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
437 |
where "readys s \<equiv> {th . th \<in> threads s \<and> (\<forall> cs. \<not> waiting s th cs)}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
438 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
439 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
440 |
The following function @{text "runing"} calculates the set of running thread, which is the ready
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
441 |
thread with the highest precedence. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
442 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
443 |
definition runing :: "state \<Rightarrow> thread set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
444 |
where "runing s \<equiv> {th . th \<in> readys s \<and> cp s th = Max ((cp s) ` (readys s))}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
445 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
446 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
447 |
Notice that the definition of @{text "running"} reflects the preemptive scheduling strategy,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
448 |
because, if the @{text "running"}-thread (the one in @{text "runing"} set)
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
449 |
lowered its precedence by resetting its own priority to a lower |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
450 |
one, it will lose its status of being the max in @{text "ready"}-set and be superseded.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
451 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
452 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
453 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
454 |
The following function @{text "holdents s th"} returns the set of resources held by thread
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
455 |
@{text "th"} in state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
456 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
457 |
definition holdents :: "state \<Rightarrow> thread \<Rightarrow> cs set" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
458 |
where "holdents s th \<equiv> {cs . holding s th cs}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
459 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
460 |
lemma holdents_test: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
461 |
"holdents s th = {cs . (Cs cs, Th th) \<in> RAG s}"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
462 |
unfolding holdents_def |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
463 |
unfolding s_RAG_def |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
464 |
unfolding s_holding_abv |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
465 |
unfolding wq_def |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
466 |
by (simp) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
467 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
468 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
469 |
Observation @{text "cntCS s th"} returns the number of resources held by thread @{text "th"} in
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
470 |
state @{text "s"}:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
471 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
472 |
definition cntCS :: "state \<Rightarrow> thread \<Rightarrow> nat" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
473 |
where "cntCS s th = card (holdents s th)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
474 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
475 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
476 |
According to the convention of Paulson's inductive method, |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
477 |
the decision made by a protocol that event @{text "e"} is eligible to happen next under state @{text "s"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
478 |
is expressed as @{text "step s e"}. The predicate @{text "step"} is inductively defined as
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
479 |
follows (notice how the decision is based on the {\em observation function}s
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
480 |
defined above, and also notice how a complicated protocol is modeled by a few simple |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
481 |
observations, and how such a kind of simplicity gives rise to improved trust on |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
482 |
faithfulness): |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
483 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
484 |
inductive step :: "state \<Rightarrow> event \<Rightarrow> bool" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
485 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
486 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
487 |
A thread can be created if it is not a live thread: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
488 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
489 |
thread_create: "\<lbrakk>thread \<notin> threads s\<rbrakk> \<Longrightarrow> step s (Create thread prio)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
490 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
491 |
A thread can exit if it no longer hold any resource: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
492 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
493 |
thread_exit: "\<lbrakk>thread \<in> runing s; holdents s thread = {}\<rbrakk> \<Longrightarrow> step s (Exit thread)" |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
494 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
495 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
496 |
A thread can request for an critical resource @{text "cs"}, if it is running and
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
497 |
the request does not form a loop in the current RAG. The latter condition |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
498 |
is set up to avoid deadlock. The condition also reflects our assumption all threads are |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
499 |
carefully programmed so that deadlock can not happen: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
500 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
501 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
502 |
thread_P: "\<lbrakk>thread \<in> runing s; (Cs cs, Th thread) \<notin> (RAG s)^+\<rbrakk> \<Longrightarrow> |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
503 |
step s (P thread cs)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
504 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
505 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
506 |
A thread can release a critical resource @{text "cs"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
507 |
if it is running and holding that resource: |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
508 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
509 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
510 |
thread_V: "\<lbrakk>thread \<in> runing s; holding s thread cs\<rbrakk> \<Longrightarrow> step s (V thread cs)" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
511 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
512 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
513 |
A thread can adjust its own priority as long as it is current running. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
514 |
With the resetting of one thread's priority, its precedence may change. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
515 |
If this change lowered the precedence, according to the definition of @{text "running"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
516 |
function, |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
517 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
518 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
519 |
thread_set: "\<lbrakk>thread \<in> runing s\<rbrakk> \<Longrightarrow> step s (Set thread prio)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
520 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
521 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
522 |
In Paulson's inductive method, every protocol is defined by such a @{text "step"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
523 |
predicate. For instance, the predicate @{text "step"} given above
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
524 |
defines the PIP protocol. So, it can also be called "PIP". |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
525 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
526 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
527 |
abbreviation |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
528 |
"PIP \<equiv> step" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
529 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
530 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
531 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
532 |
For any protocol defined by a @{text "step"} predicate,
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
533 |
the fact that @{text "s"} is a legal state in
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
534 |
the protocol is expressed as: @{text "vt step s"}, where
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
535 |
the predicate @{text "vt"} can be defined as the following:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
536 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
537 |
inductive vt :: "state \<Rightarrow> bool" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
538 |
where |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
539 |
-- {* Empty list @{text "[]"} is a legal state in any protocol:*}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
540 |
vt_nil[intro]: "vt []" | |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
541 |
-- {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
542 |
\begin{minipage}{0.9\textwidth}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
543 |
If @{text "s"} a legal state of the protocol defined by predicate @{text "step"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
544 |
and event @{text "e"} is allowed to happen under state @{text "s"} by the protocol
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
545 |
predicate @{text "step"}, then @{text "e#s"} is a new legal state rendered by the
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
546 |
happening of @{text "e"}:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
547 |
\end{minipage}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
548 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
549 |
vt_cons[intro]: "\<lbrakk>vt s; step s e\<rbrakk> \<Longrightarrow> vt (e#s)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
550 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
551 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
552 |
It is easy to see that the definition of @{text "vt"} is generic. It can be applied to
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
553 |
any specific protocol specified by a @{text "step"}-predicate to get the set of
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
554 |
legal states of that particular protocol. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
555 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
556 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
557 |
text {*
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
558 |
The following are two very basic properties of @{text "vt"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
559 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
560 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
561 |
lemma step_back_vt: "vt (e#s) \<Longrightarrow> vt s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
562 |
by(ind_cases "vt (e#s)", simp) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
563 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
564 |
lemma step_back_step: "vt (e#s) \<Longrightarrow> step s e" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
565 |
by(ind_cases "vt (e#s)", simp) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
566 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
567 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
568 |
The following two auxiliary functions @{text "the_cs"} and @{text "the_th"} are used to extract
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
569 |
critical resource and thread respectively out of RAG nodes. |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
570 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
571 |
fun the_cs :: "node \<Rightarrow> cs" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
572 |
where "the_cs (Cs cs) = cs" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
573 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
574 |
fun the_th :: "node \<Rightarrow> thread" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
575 |
where "the_th (Th th) = th" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
576 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
577 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
578 |
The following predicate @{text "next_th"} describe the next thread to
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
579 |
take over when a critical resource is released. In @{text "next_th s th cs t"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
580 |
@{text "th"} is the thread to release, @{text "t"} is the one to take over.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
581 |
Notice how this definition is backed up by the @{text "release"} function and its use
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
582 |
in the @{text "V"}-branch of @{text "schs"} function. This @{text "next_th"} function
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
583 |
is not needed for the execution of PIP. It is introduced as an auxiliary function |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
584 |
to state lemmas. The correctness of this definition will be confirmed by |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
585 |
lemmas @{text "step_v_hold_inv"}, @{text " step_v_wait_inv"},
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
586 |
@{text "step_v_get_hold"} and @{text "step_v_not_wait"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
587 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
588 |
definition next_th:: "state \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> thread \<Rightarrow> bool" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
589 |
where "next_th s th cs t = (\<exists> rest. wq s cs = th#rest \<and> rest \<noteq> [] \<and> |
|
64
b4bcd1edbb6d
renamed files
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
57
diff
changeset
|
590 |
t = hd (SOME q. distinct q \<and> set q = set rest))" |
|
57
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
591 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
592 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
593 |
The aux function @{text "count Q l"} is used to count the occurrence of situation @{text "Q"}
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
594 |
in list @{text "l"}:
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
595 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
596 |
definition count :: "('a \<Rightarrow> bool) \<Rightarrow> 'a list \<Rightarrow> nat"
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
597 |
where "count Q l = length (filter Q l)" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
598 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
599 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
600 |
The following observation @{text "cntP s"} returns the number of operation @{text "P"} happened
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
601 |
before reaching state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
602 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
603 |
definition cntP :: "state \<Rightarrow> thread \<Rightarrow> nat" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
604 |
where "cntP s th = count (\<lambda> e. \<exists> cs. e = P th cs) s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
605 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
606 |
text {* \noindent
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
607 |
The following observation @{text "cntV s"} returns the number of operation @{text "V"} happened
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
608 |
before reaching state @{text "s"}.
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
609 |
*} |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
610 |
definition cntV :: "state \<Rightarrow> thread \<Rightarrow> nat" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
611 |
where "cntV s th = count (\<lambda> e. \<exists> cs. e = V th cs) s" |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
612 |
(*<*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
613 |
|
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
614 |
end |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
615 |
(*>*) |
|
f1b39d77db00
Added generic theory "RTree.thy"
xingyuan zhang <xingyuanzhang@126.com>
parents:
diff
changeset
|
616 |