Correctness.thy
changeset 156 550ab0f68960
parent 154 9756a51f2223
child 157 029e1506477a
equal deleted inserted replaced
155:eae86cba8b89 156:550ab0f68960
  1253     thus ?thesis by simp
  1253     thus ?thesis by simp
  1254   qed
  1254   qed
  1255   finally show ?thesis .
  1255   finally show ?thesis .
  1256 qed
  1256 qed
  1257 
  1257 
       
  1258 value "sublists [a,b,cThe]"
       
  1259 
       
  1260 theorem bound_priority_inversion:
       
  1261   "card { s' @ s | s'. s' \<in> set t \<and>  th \<notin> running (s'@s) } \<le> 
       
  1262           1 + (length (actions_of blockers t) + length (filter (isCreate) t))"
       
  1263    (is "?L \<le> ?R")
       
  1264 proof - 
       
  1265   let ?Q = "(\<lambda> t'. th \<in> running (t'@s))"
       
  1266   from occs_le[of ?Q t] 
       
  1267   have "?L \<le> (1 + length t) - occs ?Q t" by simp
       
  1268   also have "... \<le> ?R"
       
  1269   proof -
       
  1270     have "length t - (length (actions_of blockers t) + length (filter (isCreate) t))
       
  1271               \<le> occs (\<lambda> t'. th \<in> running (t'@s)) t" (is "?L1 \<le> ?R1")
       
  1272     proof -
       
  1273       have "?L1 = length (actions_of {th} t)" using actions_split by arith
       
  1274       also have "... \<le> ?R1" using actions_th_occs by simp
       
  1275       finally show ?thesis .
       
  1276     qed            
       
  1277     thus ?thesis by simp
       
  1278   qed
       
  1279   finally show ?thesis .
       
  1280 qed
       
  1281 
  1258 end
  1282 end
  1259 
  1283 
  1260 text {*
  1284 text {*
  1261   As explained before, lemma @{text bound_priority_inversion} alone does not
  1285   As explained before, lemma @{text bound_priority_inversion} alone does not
  1262   ensure the correctness of PIP. For PIP to be correct, the number of blocking operations 
  1286   ensure the correctness of PIP. For PIP to be correct, the number of blocking operations