pip: comparison PIPBasics.thy

equal deleted inserted replaced

-:ce85c3c4e5bf
+:81c6ede5cd11
 from this[folded tRAG_def] show "fsubtree (tRAG s)" .
 qed
 section {* Chain to readys *}
+text {*
+In this section, a more complete view of @{term RAG} and @{term threads}
+are given.
+*}
 context valid_trace
 begin
+text {*
+The first lemma is technical, which says out of any node in the domain
+of @{term RAG}, there is a path leading to a ready thread.
+*}
 lemma chain_building:
 assumes "node \<in> Domain (RAG s)"
 obtains th' where "th' \<in> readys s" "(node, Th th') \<in> (RAG s)^+"
 proof -
 using h_b(1)[unfolded trancl_converse] eq_b by auto
 ultimately show ?thesis using that by metis
 qed
 text {* \noindent
-The following lemma is proved easily by instantiating @{thm "chain_building"}.
+The following lemma says for any living thread,
+either it is ready or there is a path in @{term RAG}
+leading from it to a ready thread. The lemma is proved easily
+by instantiating @{thm "chain_building"}.
 *}
 lemma th_chain_to_ready:
 assumes th_in: "th \<in> threads s"
 shows "th \<in> readys s \<or> (\<exists> th'. th' \<in> readys s \<and> (Th th, Th th') \<in> (RAG s)^+)"
 proof(cases "th \<in> readys s")
 by (auto simp:readys_def s_waiting_def s_RAG_def wq_def cs_waiting_def Domain_def)
 from chain_building [rule_format, OF this]
 show ?thesis by auto
 qed
+text {*
+The following lemma is a technical one to show
+that the set of threads in the subtree of any thread
+is finite.
+*}
 lemma finite_subtree_threads:
 "finite {th'. Th th' \<in> subtree (RAG s) (Th th)}" (is "finite ?A")
 proof -
 have "?A = the_thread ` {Th th' | th' . Th th' \<in> subtree (RAG s) (Th th)}"
 by (auto, insert image_iff, fastforce)
 ultimately show ?thesis by auto
 qed
 ultimately show ?thesis by auto
 qed
+text {*
+The following two lemmas shows there is at most one running thread
+in the system.
+*}
 lemma runing_unique:
 assumes runing_1: "th1 \<in> runing s"
 and runing_2: "th2 \<in> runing s"
 shows "th1 = th2"
 proof -
 from runing_unique[OF this]
 have "runing s = {th}" by auto
 thus ?thesis by auto
 qed
-end
+text {*
+The following two lemmas show that the set of living threads
+in the system can be partitioned into subtrees of those
-section {* Relating @{term cp} and @{term the_preced} and @{term preced} *}
+threads in the @{term readys} set. The first lemma
+@{text threads_alt_def} shows the union of
-context valid_trace
+these subtrees equals to the set of living threads
-begin
+and the second lemma @{text "readys_subtree_disjoint"} shows
+subtrees of different threads in @{term readys}-set
-lemma le_cp:
+are disjoint.
-shows "preced th s \<le> cp s th"
+*}
-proof(unfold cp_alt_def, rule Max_ge)
-show "finite (the_preced s ` {th'. Th th' \<in> subtree (RAG s) (Th th)})"
-by (simp add: finite_subtree_threads)
-next
-show "preced th s \<in> the_preced s ` {th'. Th th' \<in> subtree (RAG s) (Th th)}"
-by (simp add: subtree_def the_preced_def)
-qed
-lemma finite_threads:
-shows "finite (threads s)"
-using vt by (induct) (auto elim: step.cases)
-lemma cp_le:
-assumes th_in: "th \<in> threads s"
-shows "cp s th \<le> Max (the_preced s ` threads s)"
-proof(unfold cp_alt_def, rule Max_f_mono)
-show "finite (threads s)" by (simp add: finite_threads)
-next
-show " {th'. Th th' \<in> subtree (RAG s) (Th th)} \<noteq> {}"
-using subtree_def by fastforce
-next
-show "{th'. Th th' \<in> subtree (RAG s) (Th th)} \<subseteq> threads s"
-using assms
-by (smt Domain.DomainI dm_RAG_threads mem_Collect_eq
-node.inject(1) rtranclD subsetI subtree_def trancl_domain)
-qed
-lemma max_cp_eq:
-shows "Max ((cp s) ` threads s) = Max (the_preced s ` threads s)"
-(is "?L = ?R")
-proof -
-have "?L \<le> ?R"
-proof(cases "threads s = {}")
-case False
-show ?thesis
-by (rule Max.boundedI,
-insert cp_le,
-auto simp:finite_threads False)
-qed auto
-moreover have "?R \<le> ?L"
-by (rule Max_fg_mono,
-simp add: finite_threads,
-simp add: le_cp the_preced_def)
-ultimately show ?thesis by auto
-qed
 lemma threads_alt_def:
 "(threads s) = (\<Union> th \<in> readys s. {th'. Th th' \<in> subtree (RAG s) (Th th)})"
 (is "?L = ?R")
 proof -
 show ?thesis .
 qed
 } ultimately show ?thesis by auto
 qed
+lemma readys_subtree_disjoint:
+assumes "th1 \<in> readys s"
+and "th2 \<in> readys s"
+and "th1 \<noteq> th2"
+shows "subtree (RAG s) (Th th1) \<inter> subtree (RAG s) (Th th2) = {}"
+proof -
+{ fix n
+assume "n \<in> subtree (RAG s) (Th th1) \<inter> subtree (RAG s) (Th th2)"
+hence "(n, Th th1) \<in> (RAG s)^*" "(n, Th th2) \<in> (RAG s)^*"
+by (auto simp:subtree_def)
+from star_rpath[OF this(1)] star_rpath[OF this(2)]
+obtain xs1 xs2 where "rpath (RAG s) n xs1 (Th th1)"
+"rpath (RAG s) n xs2 (Th th2)" by metis
+hence False
+proof(cases rule:rtree_RAG.rpath_overlap')
+case (less_1 xs3)
+from rpath_star[OF this(3)]
+have "Th th1 \<in> subtree (RAG s) (Th th2)"
+by (auto simp:subtree_def)
+thus ?thesis
+proof(cases rule:subtreeE)
+case 1
+with assms(3) show ?thesis by auto
+next
+case 2
+hence "(Th th1, Th th2) \<in> (RAG s)^+" by (auto simp:ancestors_def)
+from tranclD[OF this]
+obtain z where "(Th th1, z) \<in> RAG s" by auto
+from this[unfolded s_RAG_def, folded wq_def]
+obtain cs' where "waiting s th1 cs'"
+by (auto simp:waiting_eq)
+with assms(1) show False by (auto simp:readys_def)
+qed
+next
+case (less_2 xs3)
+from rpath_star[OF this(3)]
+have "Th th2 \<in> subtree (RAG s) (Th th1)"
+by (auto simp:subtree_def)
+thus ?thesis
+proof(cases rule:subtreeE)
+case 1
+with assms(3) show ?thesis by auto
+next
+case 2
+hence "(Th th2, Th th1) \<in> (RAG s)^+" by (auto simp:ancestors_def)
+from tranclD[OF this]
+obtain z where "(Th th2, z) \<in> RAG s" by auto
+from this[unfolded s_RAG_def, folded wq_def]
+obtain cs' where "waiting s th2 cs'"
+by (auto simp:waiting_eq)
+with assms(2) show False by (auto simp:readys_def)
+qed
+qed
+} thus ?thesis by auto
+qed
+end
+(* ccc *)
+section {* Relating @{term cp} and @{term the_preced} and @{term preced} *}
+context valid_trace
+begin
+lemma finite_threads:
+shows "finite (threads s)"
+using vt by (induct) (auto elim: step.cases)
 lemma  finite_readys: "finite (readys s)"
 using finite_threads readys_threads rev_finite_subset by blast
-text {* (* ccc *) \noindent
+lemma le_cp:
+shows "preced th s \<le> cp s th"
+proof(unfold cp_alt_def, rule Max_ge)
+show "finite (the_preced s ` {th'. Th th' \<in> subtree (RAG s) (Th th)})"
+by (simp add: finite_subtree_threads)
+next
+show "preced th s \<in> the_preced s ` {th'. Th th' \<in> subtree (RAG s) (Th th)}"
+by (simp add: subtree_def the_preced_def)
+qed
+lemma cp_le:
+assumes th_in: "th \<in> threads s"
+shows "cp s th \<le> Max (the_preced s ` threads s)"
+proof(unfold cp_alt_def, rule Max_f_mono)
+show "finite (threads s)" by (simp add: finite_threads)
+next
+show " {th'. Th th' \<in> subtree (RAG s) (Th th)} \<noteq> {}"
+using subtree_def by fastforce
+next
+show "{th'. Th th' \<in> subtree (RAG s) (Th th)} \<subseteq> threads s"
+using assms
+by (smt Domain.DomainI dm_RAG_threads mem_Collect_eq
+node.inject(1) rtranclD subsetI subtree_def trancl_domain)
+qed
+lemma max_cp_eq:
+shows "Max ((cp s) ` threads s) = Max (the_preced s ` threads s)"
+(is "?L = ?R")
+proof -
+have "?L \<le> ?R"
+proof(cases "threads s = {}")
+case False
+show ?thesis
+by (rule Max.boundedI,
+insert cp_le,
+auto simp:finite_threads False)
+qed auto
+moreover have "?R \<le> ?L"
+by (rule Max_fg_mono,
+simp add: finite_threads,
+simp add: le_cp the_preced_def)
+ultimately show ?thesis by auto
+qed
+text {* (* ddd *) \noindent
 Since the current precedence of the threads in ready queue will always be boosted,
 there must be one inside it has the maximum precedence of the whole system.
 *}
 lemma max_cp_readys_threads:
 shows "Max (cp s ` readys s) = Max (cp s ` threads s)" (is "?L = ?R")

changeset 114	81c6ede5cd11
parent 113	ce85c3c4e5bf
child 115	74fc1eae4605