pip: comparison PrioG.thy

equal deleted inserted replaced

-:313acffe63b6
+:92f61f6a0fe7
 assume h1: "step s e"
 and h2: "distinct (wq s cs)"
 thus "distinct (wq (e # s) cs)"
 proof(induct rule:step.induct, auto simp: wq_def Let_def split:list.splits)
 fix thread s
-assume h1: "(Cs cs, Th thread) \<notin> (depend s)\<^sup>+"
+assume h1: "(Cs cs, Th thread) \<notin> (RAG s)\<^sup>+"
 and h2: "thread \<in> set (wq_fun (schs s) cs)"
 and h3: "thread \<in> runing s"
 show "False"
 proof -
 from h3 have "\<And> cs. thread \<in>  set (wq_fun (schs s) cs) \<Longrightarrow>
 thread = hd ((wq_fun (schs s) cs))"
 by (simp add:runing_def readys_def s_waiting_def wq_def)
 from this [OF h2] have "thread = hd (wq_fun (schs s) cs)" .
 with h2
-have "(Cs cs, Th thread) \<in> (depend s)"
+have "(Cs cs, Th thread) \<in> (RAG s)"
-by (simp add:s_depend_def s_holding_def wq_def cs_holding_def)
+by (simp add:s_RAG_def s_holding_def wq_def cs_holding_def)
 with h1 show False by auto
 qed
 next
 fix thread s a list
 assume dst: "distinct list"
 qed
 qed
 qed
 lemma p_pre: "\<lbrakk>vt ((P thread cs)#s)\<rbrakk> \<Longrightarrow>
-thread \<in> runing s \<and> (Cs cs, Th thread)  \<notin> (depend s)^+"
+thread \<in> runing s \<and> (Cs cs, Th thread)  \<notin> (RAG s)^+"
 apply (ind_cases "vt ((P thread cs)#s)")
 apply (ind_cases "step s (P thread cs)")
 by auto
 lemma abs1:
 qed
 qed
 qed
 qed
-lemma depend_set_unchanged: "(depend (Set th prio # s)) = depend s"
+lemma RAG_set_unchanged: "(RAG (Set th prio # s)) = RAG s"
-apply (unfold s_depend_def s_waiting_def wq_def)
+apply (unfold s_RAG_def s_waiting_def wq_def)
 by (simp add:Let_def)
-lemma depend_create_unchanged: "(depend (Create th prio # s)) = depend s"
+lemma RAG_create_unchanged: "(RAG (Create th prio # s)) = RAG s"
-apply (unfold s_depend_def s_waiting_def wq_def)
+apply (unfold s_RAG_def s_waiting_def wq_def)
 by (simp add:Let_def)
-lemma depend_exit_unchanged: "(depend (Exit th # s)) = depend s"
+lemma RAG_exit_unchanged: "(RAG (Exit th # s)) = RAG s"
-apply (unfold s_depend_def s_waiting_def wq_def)
+apply (unfold s_RAG_def s_waiting_def wq_def)
 by (simp add:Let_def)
 lemma step_v_hold_inv[elim_format]:
 show False by auto
 qed
 qed
 qed
-lemma step_depend_v:
+lemma step_RAG_v:
 fixes th::thread
 assumes vt:
 "vt (V th cs#s)"
 shows "
-depend (V th cs # s) =
+RAG (V th cs # s) =
-depend s - {(Cs cs, Th th)} -
+RAG s - {(Cs cs, Th th)} -
 {(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
 {(Cs cs, Th th') |th'.  next_th s th cs th'}"
-apply (insert vt, unfold s_depend_def)
+apply (insert vt, unfold s_RAG_def)
 apply (auto split:if_splits list.splits simp:Let_def)
 apply (auto elim: step_v_waiting_mono step_v_hold_inv
 step_v_release step_v_wait_inv
 step_v_get_hold step_v_release_inv)
 apply (erule_tac step_v_not_wait, auto)
 done
-lemma step_depend_p:
+lemma step_RAG_p:
 "vt (P th cs#s) \<Longrightarrow>
-depend (P th cs # s) =  (if (wq s cs = []) then depend s \<union> {(Cs cs, Th th)}
+RAG (P th cs # s) =  (if (wq s cs = []) then RAG s \<union> {(Cs cs, Th th)}
-else depend s \<union> {(Th th, Cs cs)})"
+else RAG s \<union> {(Th th, Cs cs)})"
-apply(simp only: s_depend_def wq_def)
+apply(simp only: s_RAG_def wq_def)
 apply (auto split:list.splits prod.splits simp:Let_def wq_def cs_waiting_def cs_holding_def)
 apply(case_tac "csa = cs", auto)
 apply(fold wq_def)
 apply(drule_tac step_back_step)
 apply(ind_cases " step s (P (hd (wq s cs)) cs)")
-apply(auto simp:s_depend_def wq_def cs_holding_def)
+apply(auto simp:s_RAG_def wq_def cs_holding_def)
 done
 lemma simple_A:
 fixes A
 assumes h: "\<And> x y. \<lbrakk>x \<in> A; y \<in> A\<rbrakk> \<Longrightarrow> x = y"
 case False then obtain a where "a \<in> A" by auto
 with h have "A = {a}" by auto
 thus ?thesis by simp
 qed
-lemma depend_target_th: "(Th th, x) \<in> depend (s::state) \<Longrightarrow> \<exists> cs. x = Cs cs"
+lemma RAG_target_th: "(Th th, x) \<in> RAG (s::state) \<Longrightarrow> \<exists> cs. x = Cs cs"
-by (unfold s_depend_def, auto)
+by (unfold s_RAG_def, auto)
-lemma acyclic_depend:
+lemma acyclic_RAG:
 fixes s
 assumes vt: "vt s"
-shows "acyclic (depend s)"
+shows "acyclic (RAG s)"
 proof -
 from vt show ?thesis
 proof(induct)
 case (vt_cons s e)
-assume ih: "acyclic (depend s)"
+assume ih: "acyclic (RAG s)"
 and stp: "step s e"
 and vt: "vt s"
 show ?case
 proof(cases e)
 case (Create th prio)
 with ih
-show ?thesis by (simp add:depend_create_unchanged)
+show ?thesis by (simp add:RAG_create_unchanged)
 next
 case (Exit th)
-with ih show ?thesis by (simp add:depend_exit_unchanged)
+with ih show ?thesis by (simp add:RAG_exit_unchanged)
 next
 case (V th cs)
 from V vt stp have vtt: "vt (V th cs#s)" by auto
-from step_depend_v [OF this]
+from step_RAG_v [OF this]
 have eq_de:
-"depend (e # s) =
+"RAG (e # s) =
-depend s - {(Cs cs, Th th)} - {(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
+RAG s - {(Cs cs, Th th)} - {(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
 {(Cs cs, Th th') |th'. next_th s th cs th'}"
 (is "?L = (?A - ?B - ?C) \<union> ?D") by (simp add:V)
 from ih have ac: "acyclic (?A - ?B - ?C)" by (auto elim:acyclic_subset)
 from step_back_step [OF vtt]
 have "step s (V th cs)" .
 assume "(Th ?th', Cs cs) \<in> ?E\<^sup>*"
 hence " (Th ?th', Cs cs) \<in> ?E\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
 from tranclD [OF this]
 obtain x where th'_e: "(Th ?th', x) \<in> ?E" by blast
 hence th_d: "(Th ?th', x) \<in> ?A" by simp
-from depend_target_th [OF this]
+from RAG_target_th [OF this]
 obtain cs' where eq_x: "x = Cs cs'" by auto
 with th_d have "(Th ?th', Cs cs') \<in> ?A" by simp
 hence wt_th': "waiting s ?th' cs'"
-unfolding s_depend_def s_waiting_def cs_waiting_def wq_def by simp
+unfolding s_RAG_def s_waiting_def cs_waiting_def wq_def by simp
 hence "cs' = cs"
 proof(rule waiting_unique [OF vt])
 from eq_wq wq_distinct[OF vt, of cs]
 show "waiting s ?th' cs"
 apply (unfold s_waiting_def wq_def, auto)
 qed
 qed
 next
 case (P th cs)
 from P vt stp have vtt: "vt (P th cs#s)" by auto
-from step_depend_p [OF this] P
+from step_RAG_p [OF this] P
-have "depend (e # s) =
+have "RAG (e # s) =
-(if wq s cs = [] then depend s \<union> {(Cs cs, Th th)} else
+(if wq s cs = [] then RAG s \<union> {(Cs cs, Th th)} else
-depend s \<union> {(Th th, Cs cs)})" (is "?L = ?R")
+RAG s \<union> {(Th th, Cs cs)})" (is "?L = ?R")
 by simp
 moreover have "acyclic ?R"
 proof(cases "wq s cs = []")
 case True
-hence eq_r: "?R =  depend s \<union> {(Cs cs, Th th)}" by simp
+hence eq_r: "?R =  RAG s \<union> {(Cs cs, Th th)}" by simp
-have "(Th th, Cs cs) \<notin> (depend s)\<^sup>*"
+have "(Th th, Cs cs) \<notin> (RAG s)\<^sup>*"
 proof
-assume "(Th th, Cs cs) \<in> (depend s)\<^sup>*"
+assume "(Th th, Cs cs) \<in> (RAG s)\<^sup>*"
-hence "(Th th, Cs cs) \<in> (depend s)\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
+hence "(Th th, Cs cs) \<in> (RAG s)\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
 from tranclD2 [OF this]
-obtain x where "(x, Cs cs) \<in> depend s" by auto
+obtain x where "(x, Cs cs) \<in> RAG s" by auto
-with True show False by (auto simp:s_depend_def cs_waiting_def)
+with True show False by (auto simp:s_RAG_def cs_waiting_def)
 qed
 with acyclic_insert ih eq_r show ?thesis by auto
 next
 case False
-hence eq_r: "?R =  depend s \<union> {(Th th, Cs cs)}" by simp
+hence eq_r: "?R =  RAG s \<union> {(Th th, Cs cs)}" by simp
-have "(Cs cs, Th th) \<notin> (depend s)\<^sup>*"
+have "(Cs cs, Th th) \<notin> (RAG s)\<^sup>*"
 proof
-assume "(Cs cs, Th th) \<in> (depend s)\<^sup>*"
+assume "(Cs cs, Th th) \<in> (RAG s)\<^sup>*"
-hence "(Cs cs, Th th) \<in> (depend s)\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
+hence "(Cs cs, Th th) \<in> (RAG s)\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
 moreover from step_back_step [OF vtt] have "step s (P th cs)" .
 ultimately show False
 proof -
-show " \<lbrakk>(Cs cs, Th th) \<in> (depend s)\<^sup>+; step s (P th cs)\<rbrakk> \<Longrightarrow> False"
+show " \<lbrakk>(Cs cs, Th th) \<in> (RAG s)\<^sup>+; step s (P th cs)\<rbrakk> \<Longrightarrow> False"
 by (ind_cases "step s (P th cs)", simp)
 qed
 qed
 with acyclic_insert ih eq_r show ?thesis by auto
 qed
 ultimately show ?thesis by simp
 next
 case (Set thread prio)
 with ih
-thm depend_set_unchanged
+thm RAG_set_unchanged
-show ?thesis by (simp add:depend_set_unchanged)
+show ?thesis by (simp add:RAG_set_unchanged)
 qed
 next
 case vt_nil
-show "acyclic (depend ([]::state))"
+show "acyclic (RAG ([]::state))"
-by (auto simp: s_depend_def cs_waiting_def
+by (auto simp: s_RAG_def cs_waiting_def
 cs_holding_def wq_def acyclic_def)
 qed
 qed
-lemma finite_depend:
+lemma finite_RAG:
 fixes s
 assumes vt: "vt s"
-shows "finite (depend s)"
+shows "finite (RAG s)"
 proof -
 from vt show ?thesis
 proof(induct)
 case (vt_cons s e)
-assume ih: "finite (depend s)"
+assume ih: "finite (RAG s)"
 and stp: "step s e"
 and vt: "vt s"
 show ?case
 proof(cases e)
 case (Create th prio)
 with ih
-show ?thesis by (simp add:depend_create_unchanged)
+show ?thesis by (simp add:RAG_create_unchanged)
 next
 case (Exit th)
-with ih show ?thesis by (simp add:depend_exit_unchanged)
+with ih show ?thesis by (simp add:RAG_exit_unchanged)
 next
 case (V th cs)
 from V vt stp have vtt: "vt (V th cs#s)" by auto
-from step_depend_v [OF this]
+from step_RAG_v [OF this]
-have eq_de: "depend (e # s) =
+have eq_de: "RAG (e # s) =
-depend s - {(Cs cs, Th th)} - {(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
+RAG s - {(Cs cs, Th th)} - {(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
 {(Cs cs, Th th') |th'. next_th s th cs th'}
 "
 (is "?L = (?A - ?B - ?C) \<union> ?D") by (simp add:V)
 moreover from ih have ac: "finite (?A - ?B - ?C)" by simp
 moreover have "finite ?D"
 qed
 ultimately show ?thesis by simp
 next
 case (P th cs)
 from P vt stp have vtt: "vt (P th cs#s)" by auto
-from step_depend_p [OF this] P
+from step_RAG_p [OF this] P
-have "depend (e # s) =
+have "RAG (e # s) =
-(if wq s cs = [] then depend s \<union> {(Cs cs, Th th)} else
+(if wq s cs = [] then RAG s \<union> {(Cs cs, Th th)} else
-depend s \<union> {(Th th, Cs cs)})" (is "?L = ?R")
+RAG s \<union> {(Th th, Cs cs)})" (is "?L = ?R")
 by simp
 moreover have "finite ?R"
 proof(cases "wq s cs = []")
 case True
-hence eq_r: "?R =  depend s \<union> {(Cs cs, Th th)}" by simp
+hence eq_r: "?R =  RAG s \<union> {(Cs cs, Th th)}" by simp
 with True and ih show ?thesis by auto
 next
 case False
-hence "?R = depend s \<union> {(Th th, Cs cs)}" by simp
+hence "?R = RAG s \<union> {(Th th, Cs cs)}" by simp
 with False and ih show ?thesis by auto
 qed
 ultimately show ?thesis by auto
 next
 case (Set thread prio)
 with ih
-show ?thesis by (simp add:depend_set_unchanged)
+show ?thesis by (simp add:RAG_set_unchanged)
 qed
 next
 case vt_nil
-show "finite (depend ([]::state))"
+show "finite (RAG ([]::state))"
-by (auto simp: s_depend_def cs_waiting_def
+by (auto simp: s_RAG_def cs_waiting_def
 cs_holding_def wq_def acyclic_def)
 qed
 qed
 text {* Several useful lemmas *}
 lemma wf_dep_converse:
 fixes s
 assumes vt: "vt s"
-shows "wf ((depend s)^-1)"
+shows "wf ((RAG s)^-1)"
 proof(rule finite_acyclic_wf_converse)
-from finite_depend [OF vt]
+from finite_RAG [OF vt]
-show "finite (depend s)" .
+show "finite (RAG s)" .
 next
-from acyclic_depend[OF vt]
+from acyclic_RAG[OF vt]
-show "acyclic (depend s)" .
+show "acyclic (RAG s)" .
 qed
 lemma hd_np_in: "x \<in> set l \<Longrightarrow> hd l \<in> set l"
 by (induct l, auto)
-lemma th_chasing: "(Th th, Cs cs) \<in> depend (s::state) \<Longrightarrow> \<exists> th'. (Cs cs, Th th') \<in> depend s"
+lemma th_chasing: "(Th th, Cs cs) \<in> RAG (s::state) \<Longrightarrow> \<exists> th'. (Cs cs, Th th') \<in> RAG s"
-by (auto simp:s_depend_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
+by (auto simp:s_RAG_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
 lemma wq_threads:
 fixes s cs
 assumes vt: "vt s"
 and h: "th \<in> set (wq s cs)"
 case (Exit th')
 with stp ih h show ?thesis
 apply (auto simp:wq_def Let_def)
 apply (ind_cases "step s (Exit th')")
 apply (auto simp:runing_def readys_def s_holding_def s_waiting_def holdents_def
-s_depend_def s_holding_def cs_holding_def)
+s_RAG_def s_holding_def cs_holding_def)
 done
 next
 case (V th' cs')
 show ?thesis
 proof(cases "cs' = cs")
 case vt_nil
 thus ?case by (auto simp:wq_def)
 qed
 qed
-lemma range_in: "\<lbrakk>vt s; (Th th) \<in> Range (depend (s::state))\<rbrakk> \<Longrightarrow> th \<in> threads s"
+lemma range_in: "\<lbrakk>vt s; (Th th) \<in> Range (RAG (s::state))\<rbrakk> \<Longrightarrow> th \<in> threads s"
-apply(unfold s_depend_def cs_waiting_def cs_holding_def)
+apply(unfold s_RAG_def cs_waiting_def cs_holding_def)
 by (auto intro:wq_threads)
 lemma readys_v_eq:
 fixes th thread cs rest
 assumes vt: "vt s"
 qed
 qed
 lemma chain_building:
 assumes vt: "vt s"
-shows "node \<in> Domain (depend s) \<longrightarrow> (\<exists> th'. th' \<in> readys s \<and> (node, Th th') \<in> (depend s)^+)"
+shows "node \<in> Domain (RAG s) \<longrightarrow> (\<exists> th'. th' \<in> readys s \<and> (node, Th th') \<in> (RAG s)^+)"
 proof -
 from wf_dep_converse [OF vt]
-have h: "wf ((depend s)\<inverse>)" .
+have h: "wf ((RAG s)\<inverse>)" .
 show ?thesis
 proof(induct rule:wf_induct [OF h])
 fix x
 assume ih [rule_format]:
-"\<forall>y. (y, x) \<in> (depend s)\<inverse> \<longrightarrow>
+"\<forall>y. (y, x) \<in> (RAG s)\<inverse> \<longrightarrow>
-y \<in> Domain (depend s) \<longrightarrow> (\<exists>th'. th' \<in> readys s \<and> (y, Th th') \<in> (depend s)\<^sup>+)"
+y \<in> Domain (RAG s) \<longrightarrow> (\<exists>th'. th' \<in> readys s \<and> (y, Th th') \<in> (RAG s)\<^sup>+)"
-show "x \<in> Domain (depend s) \<longrightarrow> (\<exists>th'. th' \<in> readys s \<and> (x, Th th') \<in> (depend s)\<^sup>+)"
+show "x \<in> Domain (RAG s) \<longrightarrow> (\<exists>th'. th' \<in> readys s \<and> (x, Th th') \<in> (RAG s)\<^sup>+)"
 proof
-assume x_d: "x \<in> Domain (depend s)"
+assume x_d: "x \<in> Domain (RAG s)"
-show "\<exists>th'. th' \<in> readys s \<and> (x, Th th') \<in> (depend s)\<^sup>+"
+show "\<exists>th'. th' \<in> readys s \<and> (x, Th th') \<in> (RAG s)\<^sup>+"
 proof(cases x)
 case (Th th)
-from x_d Th obtain cs where x_in: "(Th th, Cs cs) \<in> depend s" by (auto simp:s_depend_def)
+from x_d Th obtain cs where x_in: "(Th th, Cs cs) \<in> RAG s" by (auto simp:s_RAG_def)
-with Th have x_in_r: "(Cs cs, x) \<in> (depend s)^-1" by simp
+with Th have x_in_r: "(Cs cs, x) \<in> (RAG s)^-1" by simp
-from th_chasing [OF x_in] obtain th' where "(Cs cs, Th th') \<in> depend s" by blast
+from th_chasing [OF x_in] obtain th' where "(Cs cs, Th th') \<in> RAG s" by blast
-hence "Cs cs \<in> Domain (depend s)" by auto
+hence "Cs cs \<in> Domain (RAG s)" by auto
 from ih [OF x_in_r this] obtain th'
-where th'_ready: " th' \<in> readys s" and cs_in: "(Cs cs, Th th') \<in> (depend s)\<^sup>+" by auto
+where th'_ready: " th' \<in> readys s" and cs_in: "(Cs cs, Th th') \<in> (RAG s)\<^sup>+" by auto
-have "(x, Th th') \<in> (depend s)\<^sup>+" using Th x_in cs_in by auto
+have "(x, Th th') \<in> (RAG s)\<^sup>+" using Th x_in cs_in by auto
 with th'_ready show ?thesis by auto
 next
 case (Cs cs)
-from x_d Cs obtain th' where th'_d: "(Th th', x) \<in> (depend s)^-1" by (auto simp:s_depend_def)
+from x_d Cs obtain th' where th'_d: "(Th th', x) \<in> (RAG s)^-1" by (auto simp:s_RAG_def)
 show ?thesis
 proof(cases "th' \<in> readys s")
 case True
 from True and th'_d show ?thesis by auto
 next
 case False
 from th'_d and range_in [OF vt] have "th' \<in> threads s" by auto
-with False have "Th th' \<in> Domain (depend s)"
+with False have "Th th' \<in> Domain (RAG s)"
-by (auto simp:readys_def wq_def s_waiting_def s_depend_def cs_waiting_def Domain_def)
+by (auto simp:readys_def wq_def s_waiting_def s_RAG_def cs_waiting_def Domain_def)
 from ih [OF th'_d this]
 obtain th'' where
 th''_r: "th'' \<in> readys s" and
-th''_in: "(Th th', Th th'') \<in> (depend s)\<^sup>+" by auto
+th''_in: "(Th th', Th th'') \<in> (RAG s)\<^sup>+" by auto
 from th'_d and th''_in
-have "(x, Th th'') \<in> (depend s)\<^sup>+" by auto
+have "(x, Th th'') \<in> (RAG s)\<^sup>+" by auto
 with th''_r show ?thesis by auto
 qed
 qed
 qed
 qed
 lemma th_chain_to_ready:
 fixes s th
 assumes vt: "vt s"
 and th_in: "th \<in> threads s"
-shows "th \<in> readys s \<or> (\<exists> th'. th' \<in> readys s \<and> (Th th, Th th') \<in> (depend s)^+)"
+shows "th \<in> readys s \<or> (\<exists> th'. th' \<in> readys s \<and> (Th th, Th th') \<in> (RAG s)^+)"
 proof(cases "th \<in> readys s")
 case True
 thus ?thesis by auto
 next
 case False
-from False and th_in have "Th th \<in> Domain (depend s)"
+from False and th_in have "Th th \<in> Domain (RAG s)"
-by (auto simp:readys_def s_waiting_def s_depend_def wq_def cs_waiting_def Domain_def)
+by (auto simp:readys_def s_waiting_def s_RAG_def wq_def cs_waiting_def Domain_def)
 from chain_building [rule_format, OF vt this]
 show ?thesis by auto
 qed
 lemma waiting_eq: "waiting s th cs = waiting (wq s) th cs"
 by (unfold s_holding_def wq_def cs_holding_def, simp)
 lemma holding_unique: "\<lbrakk>holding (s::state) th1 cs; holding s th2 cs\<rbrakk> \<Longrightarrow> th1 = th2"
 by (unfold s_holding_def cs_holding_def, auto)
-lemma unique_depend: "\<lbrakk>vt s; (n, n1) \<in> depend s; (n, n2) \<in> depend s\<rbrakk> \<Longrightarrow> n1 = n2"
+lemma unique_RAG: "\<lbrakk>vt s; (n, n1) \<in> RAG s; (n, n2) \<in> RAG s\<rbrakk> \<Longrightarrow> n1 = n2"
-apply(unfold s_depend_def, auto, fold waiting_eq holding_eq)
+apply(unfold s_RAG_def, auto, fold waiting_eq holding_eq)
 by(auto elim:waiting_unique holding_unique)
 lemma trancl_split: "(a, b) \<in> r^+ \<Longrightarrow> \<exists> c. (a, c) \<in> r"
 by (induct rule:trancl_induct, auto)
 lemma dchain_unique:
 assumes vt: "vt s"
-and th1_d: "(n, Th th1) \<in> (depend s)^+"
+and th1_d: "(n, Th th1) \<in> (RAG s)^+"
 and th1_r: "th1 \<in> readys s"
-and th2_d: "(n, Th th2) \<in> (depend s)^+"
+and th2_d: "(n, Th th2) \<in> (RAG s)^+"
 and th2_r: "th2 \<in> readys s"
 shows "th1 = th2"
 proof -
 { assume neq: "th1 \<noteq> th2"
 hence "Th th1 \<noteq> Th th2" by simp
-from unique_chain [OF _ th1_d th2_d this] and unique_depend [OF vt]
+from unique_chain [OF _ th1_d th2_d this] and unique_RAG [OF vt]
-have "(Th th1, Th th2) \<in> (depend s)\<^sup>+ \<or> (Th th2, Th th1) \<in> (depend s)\<^sup>+" by auto
+have "(Th th1, Th th2) \<in> (RAG s)\<^sup>+ \<or> (Th th2, Th th1) \<in> (RAG s)\<^sup>+" by auto
 hence "False"
 proof
-assume "(Th th1, Th th2) \<in> (depend s)\<^sup>+"
+assume "(Th th1, Th th2) \<in> (RAG s)\<^sup>+"
 from trancl_split [OF this]
-obtain n where dd: "(Th th1, n) \<in> depend s" by auto
+obtain n where dd: "(Th th1, n) \<in> RAG s" by auto
 then obtain cs where eq_n: "n = Cs cs"
-by (auto simp:s_depend_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
+by (auto simp:s_RAG_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
 from dd eq_n have "th1 \<notin> readys s"
-by (auto simp:readys_def s_depend_def wq_def s_waiting_def cs_waiting_def)
+by (auto simp:readys_def s_RAG_def wq_def s_waiting_def cs_waiting_def)
 with th1_r show ?thesis by auto
 next
-assume "(Th th2, Th th1) \<in> (depend s)\<^sup>+"
+assume "(Th th2, Th th1) \<in> (RAG s)\<^sup>+"
 from trancl_split [OF this]
-obtain n where dd: "(Th th2, n) \<in> depend s" by auto
+obtain n where dd: "(Th th2, n) \<in> RAG s" by auto
 then obtain cs where eq_n: "n = Cs cs"
-by (auto simp:s_depend_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
+by (auto simp:s_RAG_def s_holding_def cs_holding_def cs_waiting_def wq_def dest:hd_np_in)
 from dd eq_n have "th2 \<notin> readys s"
-by (auto simp:readys_def wq_def s_depend_def s_waiting_def cs_waiting_def)
+by (auto simp:readys_def wq_def s_RAG_def s_waiting_def cs_waiting_def)
 with th2_r show ?thesis by auto
 qed
 } thus ?thesis by auto
 qed
 assumes vt: "vt (P th cs#s)"
 and "wq s cs = []"
 shows "holdents (P th cs#s) th = holdents s th \<union> {cs}"
 proof -
 from assms show ?thesis
-unfolding  holdents_test step_depend_p[OF vt] by (auto)
+unfolding  holdents_test step_RAG_p[OF vt] by (auto)
 qed
 lemma step_holdents_p_eq:
 fixes th cs s
 assumes vt: "vt (P th cs#s)"
 and "wq s cs \<noteq> []"
 shows "holdents (P th cs#s) th = holdents s th"
 proof -
 from assms show ?thesis
-unfolding  holdents_test step_depend_p[OF vt] by auto
+unfolding  holdents_test step_RAG_p[OF vt] by auto
 qed
 lemma finite_holding:
 fixes s th cs
 assumes vt: "vt s"
 shows "finite (holdents s th)"
 proof -
 let ?F = "\<lambda> (x, y). the_cs x"
-from finite_depend [OF vt]
+from finite_RAG [OF vt]
-have "finite (depend s)" .
+have "finite (RAG s)" .
-hence "finite (?F `(depend s))" by simp
+hence "finite (?F `(RAG s))" by simp
-moreover have "{cs . (Cs cs, Th th) \<in> depend s} \<subseteq> \<dots>"
+moreover have "{cs . (Cs cs, Th th) \<in> RAG s} \<subseteq> \<dots>"
 proof -
 { have h: "\<And> a A f. a \<in> A \<Longrightarrow> f a \<in> f ` A" by auto
-fix x assume "(Cs x, Th th) \<in> depend s"
+fix x assume "(Cs x, Th th) \<in> RAG s"
-hence "?F (Cs x, Th th) \<in> ?F `(depend s)" by (rule h)
+hence "?F (Cs x, Th th) \<in> ?F `(RAG s)" by (rule h)
 moreover have "?F (Cs x, Th th) = x" by simp
-ultimately have "x \<in> (\<lambda>(x, y). the_cs x) ` depend s" by simp
+ultimately have "x \<in> (\<lambda>(x, y). the_cs x) ` RAG s" by simp
 } thus ?thesis by auto
 qed
 ultimately show ?thesis by (unfold holdents_test, auto intro:finite_subset)
 qed
 assumes vtv: "vt (V thread cs#s)"
 shows "(cntCS (V thread cs#s) thread + 1) = cntCS s thread"
 proof -
 from step_back_step[OF vtv]
 have cs_in: "cs \<in> holdents s thread"
-apply (cases, unfold holdents_test s_depend_def, simp)
+apply (cases, unfold holdents_test s_RAG_def, simp)
 by (unfold cs_holding_def s_holding_def wq_def, auto)
 moreover have cs_not_in:
 "(holdents (V thread cs#s) thread) = holdents s thread - {cs}"
 apply (insert wq_distinct[OF step_back_vt[OF vtv], of cs])
-apply (unfold holdents_test, unfold step_depend_v[OF vtv],
+apply (unfold holdents_test, unfold step_RAG_v[OF vtv],
 auto simp:next_th_def)
 proof -
 fix rest
 assume dst: "distinct (rest::thread list)"
 and ne: "rest \<noteq> []"
 next
 fix x assume " distinct x \<and> set x = set rest" with ne
 show "x \<noteq> []" by auto
 qed
 ultimately
-show "(Cs cs, Th (hd (SOME q. distinct q \<and> set q = set rest))) \<in> depend s"
+show "(Cs cs, Th (hd (SOME q. distinct q \<and> set q = set rest))) \<in> RAG s"
 by auto
 next
 fix rest
 assume dst: "distinct (rest::thread list)"
 and ne: "rest \<noteq> []"
 wq_def cs_waiting_def Let_def)
 from eq_e have eq_cnp: "cntP (e#s) th = cntP s th" by (simp add:cntP_def count_def)
 from eq_e have eq_cnv: "cntV (e#s) th = cntV s th" by (simp add:cntV_def count_def)
 have eq_cncs: "cntCS (e#s) th = cntCS s th"
 unfolding cntCS_def holdents_test
-by (simp add:depend_create_unchanged eq_e)
+by (simp add:RAG_create_unchanged eq_e)
 { assume "th \<noteq> thread"
 with eq_readys eq_e
 have "(th \<in> readys (e # s) \<or> th \<notin> threads (e # s)) =
 (th \<in> readys (s) \<or> th \<notin> threads (s))"
 by (simp add:threads.simps)
 and no_hold: "holdents s thread = {}"
 from eq_e have eq_cnp: "cntP (e#s) th = cntP s th" by (simp add:cntP_def count_def)
 from eq_e have eq_cnv: "cntV (e#s) th = cntV s th" by (simp add:cntV_def count_def)
 have eq_cncs: "cntCS (e#s) th = cntCS s th"
 unfolding cntCS_def holdents_test
-by (simp add:depend_exit_unchanged eq_e)
+by (simp add:RAG_exit_unchanged eq_e)
 { assume "th \<noteq> thread"
 with eq_e
 have "(th \<in> readys (e # s) \<or> th \<notin> threads (e # s)) =
 (th \<in> readys (s) \<or> th \<notin> threads (s))"
 apply (simp add:threads.simps readys_def)
 } ultimately show ?thesis by blast
 next
 case (thread_P thread cs)
 assume eq_e: "e = P thread cs"
 and is_runing: "thread \<in> runing s"
-and no_dep: "(Cs cs, Th thread) \<notin> (depend s)\<^sup>+"
+and no_dep: "(Cs cs, Th thread) \<notin> (RAG s)\<^sup>+"
 from thread_P vt stp ih  have vtp: "vt (P thread cs#s)" by auto
 show ?thesis
 proof -
 { have hh: "\<And> A B C. (B = C) \<Longrightarrow> (A \<and> B) = (A \<and> C)" by blast
 assume neq_th: "th \<noteq> thread"
 apply (subgoal_tac "wq_fun (schs s) cs \<noteq> []", auto)
 apply (erule_tac x = cs in allE, auto)
 by (case_tac "(wq_fun (schs s) cs)", auto)
 moreover from neq_th eq_e have "cntCS (e # s) th = cntCS s th"
 apply (simp add:cntCS_def holdents_test)
-by (unfold  step_depend_p [OF vtp], auto)
+by (unfold  step_RAG_p [OF vtp], auto)
 moreover from eq_e neq_th have "cntP (e # s) th = cntP s th"
 by (simp add:cntP_def count_def)
 moreover from eq_e neq_th have "cntV (e#s) th = cntV s th"
 by (simp add:cntV_def count_def)
 moreover from eq_e neq_th have "threads (e#s) = threads s" by simp
 show ?thesis
 proof (cases "wq s cs = []")
 case True
 with is_runing
 have "th \<in> readys (e#s)"
-apply (unfold eq_e wq_def, unfold readys_def s_depend_def)
+apply (unfold eq_e wq_def, unfold readys_def s_RAG_def)
 apply (simp add: wq_def[symmetric] runing_def eq_th s_waiting_def)
 by (auto simp:readys_def wq_def Let_def s_waiting_def wq_def)
 moreover have "cntCS (e # s) th = 1 + cntCS s th"
 proof -
-have "card {csa. csa = cs \<or> (Cs csa, Th thread) \<in> depend s} =
+have "card {csa. csa = cs \<or> (Cs csa, Th thread) \<in> RAG s} =
-Suc (card {cs. (Cs cs, Th thread) \<in> depend s})" (is "card ?L = Suc (card ?R)")
+Suc (card {cs. (Cs cs, Th thread) \<in> RAG s})" (is "card ?L = Suc (card ?R)")
 proof -
 have "?L = insert cs ?R" by auto
 moreover have "card \<dots> = Suc (card (?R - {cs}))"
 proof(rule card_insert)
 from finite_holding [OF vt, of thread]
-show " finite {cs. (Cs cs, Th thread) \<in> depend s}"
+show " finite {cs. (Cs cs, Th thread) \<in> RAG s}"
 by (unfold holdents_test, simp)
 qed
 moreover have "?R - {cs} = ?R"
 proof -
 have "cs \<notin> ?R"
 proof
-assume "cs \<in> {cs. (Cs cs, Th thread) \<in> depend s}"
+assume "cs \<in> {cs. (Cs cs, Th thread) \<in> RAG s}"
 with no_dep show False by auto
 qed
 thus ?thesis by auto
 qed
 ultimately show ?thesis by auto
 qed
 thus ?thesis
 apply (unfold eq_e eq_th cntCS_def)
 apply (simp add: holdents_test)
-by (unfold step_depend_p [OF vtp], auto simp:True)
+by (unfold step_RAG_p [OF vtp], auto simp:True)
 qed
 moreover from is_runing have "th \<in> readys s"
 by (simp add:runing_def eq_th)
 moreover note eq_cnp eq_cnv ih [of th]
 ultimately show ?thesis by auto
 show False by (fold eq_e, auto)
 qed
 moreover from is_runing have "th \<in> threads (e#s)"
 by (unfold eq_e, auto simp:runing_def readys_def eq_th)
 moreover have "cntCS (e # s) th = cntCS s th"
-apply (unfold cntCS_def holdents_test eq_e step_depend_p[OF vtp])
+apply (unfold cntCS_def holdents_test eq_e step_RAG_p[OF vtp])
 by (auto simp:False)
 moreover note eq_cnp eq_cnv ih[of th]
 moreover from is_runing have "th \<in> readys s"
 by (simp add:runing_def eq_th)
 ultimately show ?thesis by auto
 case False
 have "(th \<in> readys (e # s)) = (th \<in> readys s)"
 apply (insert step_back_vt[OF vtv])
 by (unfold eq_e, rule readys_v_eq [OF _ neq_th eq_wq False], auto)
 moreover have "cntCS (e#s) th = cntCS s th"
-apply (insert neq_th, unfold eq_e cntCS_def holdents_test step_depend_v[OF vtv], auto)
+apply (insert neq_th, unfold eq_e cntCS_def holdents_test step_RAG_v[OF vtv], auto)
 proof -
-have "{csa. (Cs csa, Th th) \<in> depend s \<or> csa = cs \<and> next_th s thread cs th} =
+have "{csa. (Cs csa, Th th) \<in> RAG s \<or> csa = cs \<and> next_th s thread cs th} =
-{cs. (Cs cs, Th th) \<in> depend s}"
+{cs. (Cs cs, Th th) \<in> RAG s}"
 proof -
 from False eq_wq
-have " next_th s thread cs th \<Longrightarrow> (Cs cs, Th th) \<in> depend s"
+have " next_th s thread cs th \<Longrightarrow> (Cs cs, Th th) \<in> RAG s"
 apply (unfold next_th_def, auto)
 proof -
 assume ne: "rest \<noteq> []"
 and ni: "hd (SOME q. distinct q \<and> set q = set rest) \<notin> set rest"
 and eq_wq: "wq s cs = thread # rest"
 next
 fix x assume "distinct x \<and> set x = set rest"
 with ne show "x \<noteq> []" by auto
 qed
 ultimately show
-"(Cs cs, Th (hd (SOME q. distinct q \<and> set q = set rest))) \<in> depend s"
+"(Cs cs, Th (hd (SOME q. distinct q \<and> set q = set rest))) \<in> RAG s"
 by auto
 qed
 thus ?thesis by auto
 qed
-thus "card {csa. (Cs csa, Th th) \<in> depend s \<or> csa = cs \<and> next_th s thread cs th} =
+thus "card {csa. (Cs csa, Th th) \<in> RAG s \<or> csa = cs \<and> next_th s thread cs th} =
-card {cs. (Cs cs, Th th) \<in> depend s}" by simp
+card {cs. (Cs cs, Th th) \<in> RAG s}" by simp
 qed
 moreover note ih eq_cnp eq_cnv eq_threads
 ultimately show ?thesis by auto
 next
 case True
 qed
 moreover have "cntCS (e#s) th = cntCS s th"
 proof -
 from eq_wq and  th_in and neq_hd
 have "(holdents (e # s) th) = (holdents s th)"
-apply (unfold eq_e step_depend_v[OF vtv],
+apply (unfold eq_e step_RAG_v[OF vtv],
-auto simp:next_th_def eq_set s_depend_def holdents_test wq_def
+auto simp:next_th_def eq_set s_RAG_def holdents_test wq_def
 Let_def cs_holding_def)
 by (insert wq_distinct[OF step_back_vt[OF vtv], of cs], auto simp:wq_def)
 thus ?thesis by (simp add:cntCS_def)
 qed
 moreover note ih eq_cnp eq_cnv eq_threads
 show ?thesis .
 qed
 ultimately show ?thesis using ih by auto
 qed
 moreover from True neq_th have "cntCS (e # s) th = 1 + cntCS s th"
-apply (unfold cntCS_def holdents_test eq_e step_depend_v[OF vtv], auto)
+apply (unfold cntCS_def holdents_test eq_e step_RAG_v[OF vtv], auto)
 proof -
-show "card {csa. (Cs csa, Th th) \<in> depend s \<or> csa = cs} =
+show "card {csa. (Cs csa, Th th) \<in> RAG s \<or> csa = cs} =
-Suc (card {cs. (Cs cs, Th th) \<in> depend s})"
+Suc (card {cs. (Cs cs, Th th) \<in> RAG s})"
 (is "card ?A = Suc (card ?B)")
 proof -
 have "?A = insert cs ?B" by auto
 hence "card ?A = card (insert cs ?B)" by simp
 also have "\<dots> = Suc (card ?B)"
 proof(rule card_insert_disjoint)
-have "?B \<subseteq> ((\<lambda> (x, y). the_cs x) ` depend s)"
+have "?B \<subseteq> ((\<lambda> (x, y). the_cs x) ` RAG s)"
 apply (auto simp:image_def)
 by (rule_tac x = "(Cs x, Th th)" in bexI, auto)
-with finite_depend[OF step_back_vt[OF vtv]]
+with finite_RAG[OF step_back_vt[OF vtv]]
-show "finite {cs. (Cs cs, Th th) \<in> depend s}" by (auto intro:finite_subset)
+show "finite {cs. (Cs cs, Th th) \<in> RAG s}" by (auto intro:finite_subset)
 next
-show "cs \<notin> {cs. (Cs cs, Th th) \<in> depend s}"
+show "cs \<notin> {cs. (Cs cs, Th th) \<in> RAG s}"
 proof
-assume "cs \<in> {cs. (Cs cs, Th th) \<in> depend s}"
+assume "cs \<in> {cs. (Cs cs, Th th) \<in> RAG s}"
-hence "(Cs cs, Th th) \<in> depend s" by simp
+hence "(Cs cs, Th th) \<in> RAG s" by simp
 with True neq_th eq_wq show False
-by (auto simp:next_th_def s_depend_def cs_holding_def)
+by (auto simp:next_th_def s_RAG_def cs_holding_def)
 qed
 qed
 finally show ?thesis .
 qed
 qed
 proof -
 from eq_e have eq_cnp: "cntP (e#s) th = cntP s th" by (simp add:cntP_def count_def)
 from eq_e have eq_cnv: "cntV (e#s) th = cntV s th" by (simp add:cntV_def count_def)
 have eq_cncs: "cntCS (e#s) th = cntCS s th"
 unfolding cntCS_def holdents_test
-by (simp add:depend_set_unchanged eq_e)
+by (simp add:RAG_set_unchanged eq_e)
 from eq_e have eq_readys: "readys (e#s) = readys s"
 by (simp add:readys_def cs_waiting_def s_waiting_def wq_def,
 auto simp:Let_def)
 { assume "th \<noteq> thread"
 with eq_readys eq_e
 qed
 next
 case vt_nil
 show ?case
 by (unfold cntP_def cntV_def cntCS_def,
-auto simp:count_def holdents_test s_depend_def wq_def cs_holding_def)
+auto simp:count_def holdents_test s_RAG_def wq_def cs_holding_def)
 qed
 qed
 lemma not_thread_cncs:
 fixes th s
 case (thread_create thread prio)
 assume eq_e: "e = Create thread prio"
 and not_in': "thread \<notin> threads s"
 have "cntCS (e # s) th = cntCS s th"
 apply (unfold eq_e cntCS_def holdents_test)
-by (simp add:depend_create_unchanged)
+by (simp add:RAG_create_unchanged)
 moreover have "th \<notin> threads s"
 proof -
 from not_in eq_e show ?thesis by simp
 qed
 moreover note ih ultimately show ?thesis by auto
 case (thread_exit thread)
 assume eq_e: "e = Exit thread"
 and nh: "holdents s thread = {}"
 have eq_cns: "cntCS (e # s) th = cntCS s th"
 apply (unfold eq_e cntCS_def holdents_test)
-by (simp add:depend_exit_unchanged)
+by (simp add:RAG_exit_unchanged)
 show ?thesis
 proof(cases "th = thread")
 case True
 have "cntCS s th = 0" by (unfold cntCS_def, auto simp:nh True)
 with eq_cns show ?thesis by simp
 by (simp add:runing_def readys_def)
 ultimately show ?thesis by auto
 qed
 hence "cntCS (e # s) th  = cntCS s th "
 apply (unfold cntCS_def holdents_test eq_e)
-by (unfold step_depend_p[OF vtp], auto)
+by (unfold step_RAG_p[OF vtp], auto)
 moreover have "cntCS s th = 0"
 proof(rule ih)
 from not_in eq_e show "th \<notin> threads s" by simp
 qed
 ultimately show ?thesis by simp
 from wq_threads[OF step_back_vt[OF vtv], OF this] and ni
 show False by auto
 qed
 moreover note neq_th eq_wq
 ultimately have "cntCS (e # s) th  = cntCS s th"
-by (unfold eq_e cntCS_def holdents_test step_depend_v[OF vtv], auto)
+by (unfold eq_e cntCS_def holdents_test step_RAG_v[OF vtv], auto)
 moreover have "cntCS s th = 0"
 proof(rule ih)
 from not_in eq_e show "th \<notin> threads s" by simp
 qed
 ultimately show ?thesis by simp
 and is_runing: "thread \<in> runing s"
 from not_in and eq_e have "th \<notin> threads s" by auto
 from ih [OF this] and eq_e
 show ?thesis
 apply (unfold eq_e cntCS_def holdents_test)
-by (simp add:depend_set_unchanged)
+by (simp add:RAG_set_unchanged)
 qed
 next
 case vt_nil
 show ?case
 by (unfold cntCS_def,
-auto simp:count_def holdents_test s_depend_def wq_def cs_holding_def)
+auto simp:count_def holdents_test s_RAG_def wq_def cs_holding_def)
 qed
 qed
 lemma eq_waiting: "waiting (wq (s::state)) th cs = waiting s th cs"
 by (auto simp:s_waiting_def cs_waiting_def wq_def)
-lemma dm_depend_threads:
+lemma dm_RAG_threads:
 fixes th s
 assumes vt: "vt s"
-and in_dom: "(Th th) \<in> Domain (depend s)"
+and in_dom: "(Th th) \<in> Domain (RAG s)"
 shows "th \<in> threads s"
 proof -
-from in_dom obtain n where "(Th th, n) \<in> depend s" by auto
+from in_dom obtain n where "(Th th, n) \<in> RAG s" by auto
-moreover from depend_target_th[OF this] obtain cs where "n = Cs cs" by auto
+moreover from RAG_target_th[OF this] obtain cs where "n = Cs cs" by auto
-ultimately have "(Th th, Cs cs) \<in> depend s" by simp
+ultimately have "(Th th, Cs cs) \<in> RAG s" by simp
 hence "th \<in> set (wq s cs)"
-by (unfold s_depend_def, auto simp:cs_waiting_def)
+by (unfold s_RAG_def, auto simp:cs_waiting_def)
 from wq_threads [OF vt this] show ?thesis .
 qed
 lemma cp_eq_cpreced: "cp s th = cpreced (wq s) s th"
 unfolding cp_def wq_def
 proof -
 have "finite ?A"
 proof -
 have "finite (dependants (wq s) th1)"
 proof-
-have "finite {th'. (Th th', Th th1) \<in> (depend (wq s))\<^sup>+}"
+have "finite {th'. (Th th', Th th1) \<in> (RAG (wq s))\<^sup>+}"
 proof -
 let ?F = "\<lambda> (x, y). the_th x"
-have "{th'. (Th th', Th th1) \<in> (depend (wq s))\<^sup>+} \<subseteq> ?F ` ((depend (wq s))\<^sup>+)"
+have "{th'. (Th th', Th th1) \<in> (RAG (wq s))\<^sup>+} \<subseteq> ?F ` ((RAG (wq s))\<^sup>+)"
 apply (auto simp:image_def)
 by (rule_tac x = "(Th x, Th th1)" in bexI, auto)
 moreover have "finite \<dots>"
 proof -
-from finite_depend[OF vt] have "finite (depend s)" .
+from finite_RAG[OF vt] have "finite (RAG s)" .
-hence "finite ((depend (wq s))\<^sup>+)"
+hence "finite ((RAG (wq s))\<^sup>+)"
 apply (unfold finite_trancl)
-by (auto simp: s_depend_def cs_depend_def wq_def)
+by (auto simp: s_RAG_def cs_RAG_def wq_def)
 thus ?thesis by auto
 qed
 ultimately show ?thesis by (auto intro:finite_subset)
 qed
 thus ?thesis by (simp add:cs_dependants_def)
 proof -
 have "finite ?B"
 proof -
 have "finite (dependants (wq s) th2)"
 proof-
-have "finite {th'. (Th th', Th th2) \<in> (depend (wq s))\<^sup>+}"
+have "finite {th'. (Th th', Th th2) \<in> (RAG (wq s))\<^sup>+}"
 proof -
 let ?F = "\<lambda> (x, y). the_th x"
-have "{th'. (Th th', Th th2) \<in> (depend (wq s))\<^sup>+} \<subseteq> ?F ` ((depend (wq s))\<^sup>+)"
+have "{th'. (Th th', Th th2) \<in> (RAG (wq s))\<^sup>+} \<subseteq> ?F ` ((RAG (wq s))\<^sup>+)"
 apply (auto simp:image_def)
 by (rule_tac x = "(Th x, Th th2)" in bexI, auto)
 moreover have "finite \<dots>"
 proof -
-from finite_depend[OF vt] have "finite (depend s)" .
+from finite_RAG[OF vt] have "finite (RAG s)" .
-hence "finite ((depend (wq s))\<^sup>+)"
+hence "finite ((RAG (wq s))\<^sup>+)"
 apply (unfold finite_trancl)
-by (auto simp: s_depend_def cs_depend_def wq_def)
+by (auto simp: s_RAG_def cs_RAG_def wq_def)
 thus ?thesis by auto
 qed
 ultimately show ?thesis by (auto intro:finite_subset)
 qed
 thus ?thesis by (simp add:cs_dependants_def)
 proof (rule preced_unique)
 from th1_in have "th1' = th1 \<or> (th1' \<in> dependants (wq s) th1)" by simp
 thus "th1' \<in> threads s"
 proof
 assume "th1' \<in> dependants (wq s) th1"
-hence "(Th th1') \<in> Domain ((depend s)^+)"
+hence "(Th th1') \<in> Domain ((RAG s)^+)"
-apply (unfold cs_dependants_def cs_depend_def s_depend_def)
+apply (unfold cs_dependants_def cs_RAG_def s_RAG_def)
 by (auto simp:Domain_def)
-hence "(Th th1') \<in> Domain (depend s)" by (simp add:trancl_domain)
+hence "(Th th1') \<in> Domain (RAG s)" by (simp add:trancl_domain)
-from dm_depend_threads[OF vt this] show ?thesis .
+from dm_RAG_threads[OF vt this] show ?thesis .
 next
 assume "th1' = th1"
 with runing_1 show ?thesis
 by (unfold runing_def readys_def, auto)
 qed
 next
 from th2_in have "th2' = th2 \<or> (th2' \<in> dependants (wq s) th2)" by simp
 thus "th2' \<in> threads s"
 proof
 assume "th2' \<in> dependants (wq s) th2"
-hence "(Th th2') \<in> Domain ((depend s)^+)"
+hence "(Th th2') \<in> Domain ((RAG s)^+)"
-apply (unfold cs_dependants_def cs_depend_def s_depend_def)
+apply (unfold cs_dependants_def cs_RAG_def s_RAG_def)
 by (auto simp:Domain_def)
-hence "(Th th2') \<in> Domain (depend s)" by (simp add:trancl_domain)
+hence "(Th th2') \<in> Domain (RAG s)" by (simp add:trancl_domain)
-from dm_depend_threads[OF vt this] show ?thesis .
+from dm_RAG_threads[OF vt this] show ?thesis .
 next
 assume "th2' = th2"
 with runing_2 show ?thesis
 by (unfold runing_def readys_def, auto)
 qed
 proof
 assume "th2' = th2" thus ?thesis using eq_th' eq_th12 by simp
 next
 assume "th2' \<in> dependants (wq s) th2"
 with eq_th12 eq_th' have "th1 \<in> dependants (wq s) th2" by simp
-hence "(Th th1, Th th2) \<in> (depend s)^+"
+hence "(Th th1, Th th2) \<in> (RAG s)^+"
-by (unfold cs_dependants_def s_depend_def cs_depend_def, simp)
+by (unfold cs_dependants_def s_RAG_def cs_RAG_def, simp)
-hence "Th th1 \<in> Domain ((depend s)^+)"
+hence "Th th1 \<in> Domain ((RAG s)^+)"
-apply (unfold cs_dependants_def cs_depend_def s_depend_def)
+apply (unfold cs_dependants_def cs_RAG_def s_RAG_def)
 by (auto simp:Domain_def)
-hence "Th th1 \<in> Domain (depend s)" by (simp add:trancl_domain)
+hence "Th th1 \<in> Domain (RAG s)" by (simp add:trancl_domain)
-then obtain n where d: "(Th th1, n) \<in> depend s" by (auto simp:Domain_def)
+then obtain n where d: "(Th th1, n) \<in> RAG s" by (auto simp:Domain_def)
-from depend_target_th [OF this]
+from RAG_target_th [OF this]
 obtain cs' where "n = Cs cs'" by auto
-with d have "(Th th1, Cs cs') \<in> depend s" by simp
+with d have "(Th th1, Cs cs') \<in> RAG s" by simp
 with runing_1 have "False"
-apply (unfold runing_def readys_def s_depend_def)
+apply (unfold runing_def readys_def s_RAG_def)
 by (auto simp:eq_waiting)
 thus ?thesis by simp
 qed
 next
 assume th1'_in: "th1' \<in> dependants (wq s) th1"
 from th2_in have "th2' = th2 \<or> th2' \<in> dependants (wq s) th2" by simp
 thus ?thesis
 proof
 assume "th2' = th2"
 with th1'_in eq_th12 have "th2 \<in> dependants (wq s) th1" by simp
-hence "(Th th2, Th th1) \<in> (depend s)^+"
+hence "(Th th2, Th th1) \<in> (RAG s)^+"
-by (unfold cs_dependants_def s_depend_def cs_depend_def, simp)
+by (unfold cs_dependants_def s_RAG_def cs_RAG_def, simp)
-hence "Th th2 \<in> Domain ((depend s)^+)"
+hence "Th th2 \<in> Domain ((RAG s)^+)"
-apply (unfold cs_dependants_def cs_depend_def s_depend_def)
+apply (unfold cs_dependants_def cs_RAG_def s_RAG_def)
 by (auto simp:Domain_def)
-hence "Th th2 \<in> Domain (depend s)" by (simp add:trancl_domain)
+hence "Th th2 \<in> Domain (RAG s)" by (simp add:trancl_domain)
-then obtain n where d: "(Th th2, n) \<in> depend s" by (auto simp:Domain_def)
+then obtain n where d: "(Th th2, n) \<in> RAG s" by (auto simp:Domain_def)
-from depend_target_th [OF this]
+from RAG_target_th [OF this]
 obtain cs' where "n = Cs cs'" by auto
-with d have "(Th th2, Cs cs') \<in> depend s" by simp
+with d have "(Th th2, Cs cs') \<in> RAG s" by simp
 with runing_2 have "False"
-apply (unfold runing_def readys_def s_depend_def)
+apply (unfold runing_def readys_def s_RAG_def)
 by (auto simp:eq_waiting)
 thus ?thesis by simp
 next
 assume "th2' \<in> dependants (wq s) th2"
 with eq_th12 have "th1' \<in> dependants (wq s) th2" by simp
-hence h1: "(Th th1', Th th2) \<in> (depend s)^+"
+hence h1: "(Th th1', Th th2) \<in> (RAG s)^+"
-by (unfold cs_dependants_def s_depend_def cs_depend_def, simp)
+by (unfold cs_dependants_def s_RAG_def cs_RAG_def, simp)
-from th1'_in have h2: "(Th th1', Th th1) \<in> (depend s)^+"
+from th1'_in have h2: "(Th th1', Th th1) \<in> (RAG s)^+"
-by (unfold cs_dependants_def s_depend_def cs_depend_def, simp)
+by (unfold cs_dependants_def s_RAG_def cs_RAG_def, simp)
 show ?thesis
 proof(rule dchain_unique[OF vt h1 _ h2, symmetric])
 from runing_1 show "th1 \<in> readys s" by (simp add:runing_def)
 from runing_2 show "th2 \<in> readys s" by (simp add:runing_def)
 qed
 case vt_nil
 show ?case by (auto simp:cntP_def cntV_def count_def)
 qed
 qed
-lemma eq_depend:
+lemma eq_RAG:
-"depend (wq s) = depend s"
+"RAG (wq s) = RAG s"
-by (unfold cs_depend_def s_depend_def, auto)
+by (unfold cs_RAG_def s_RAG_def, auto)
 lemma count_eq_dependants:
 assumes vt: "vt s"
 and eq_pv: "cntP s th = cntV s th"
 shows "dependants (wq s) th = {}"
 proof -
 from cnp_cnv_cncs[OF vt] and eq_pv
 have "cntCS s th = 0"
 by (auto split:if_splits)
-moreover have "finite {cs. (Cs cs, Th th) \<in> depend s}"
+moreover have "finite {cs. (Cs cs, Th th) \<in> RAG s}"
 proof -
 from finite_holding[OF vt, of th] show ?thesis
 by (simp add:holdents_test)
 qed
-ultimately have h: "{cs. (Cs cs, Th th) \<in> depend s} = {}"
+ultimately have h: "{cs. (Cs cs, Th th) \<in> RAG s} = {}"
 by (unfold cntCS_def holdents_test cs_dependants_def, auto)
 show ?thesis
 proof(unfold cs_dependants_def)
-{ assume "{th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+} \<noteq> {}"
+{ assume "{th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+} \<noteq> {}"
-then obtain th' where "(Th th', Th th) \<in> (depend (wq s))\<^sup>+" by auto
+then obtain th' where "(Th th', Th th) \<in> (RAG (wq s))\<^sup>+" by auto
 hence "False"
 proof(cases)
-assume "(Th th', Th th) \<in> depend (wq s)"
+assume "(Th th', Th th) \<in> RAG (wq s)"
-thus "False" by (auto simp:cs_depend_def)
+thus "False" by (auto simp:cs_RAG_def)
 next
 fix c
-assume "(c, Th th) \<in> depend (wq s)"
+assume "(c, Th th) \<in> RAG (wq s)"
-with h and eq_depend show "False"
+with h and eq_RAG show "False"
-by (cases c, auto simp:cs_depend_def)
+by (cases c, auto simp:cs_RAG_def)
 qed
-} thus "{th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+} = {}" by auto
+} thus "{th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+} = {}" by auto
 qed
 qed
 lemma dependants_threads:
 fixes s th
 assumes vt: "vt s"
 shows "dependants (wq s) th \<subseteq> threads s"
 proof
 { fix th th'
-assume h: "th \<in> {th'a. (Th th'a, Th th') \<in> (depend (wq s))\<^sup>+}"
+assume h: "th \<in> {th'a. (Th th'a, Th th') \<in> (RAG (wq s))\<^sup>+}"
-have "Th th \<in> Domain (depend s)"
+have "Th th \<in> Domain (RAG s)"
 proof -
-from h obtain th' where "(Th th, Th th') \<in> (depend (wq s))\<^sup>+" by auto
+from h obtain th' where "(Th th, Th th') \<in> (RAG (wq s))\<^sup>+" by auto
-hence "(Th th) \<in> Domain ( (depend (wq s))\<^sup>+)" by (auto simp:Domain_def)
+hence "(Th th) \<in> Domain ( (RAG (wq s))\<^sup>+)" by (auto simp:Domain_def)
-with trancl_domain have "(Th th) \<in> Domain (depend (wq s))" by simp
+with trancl_domain have "(Th th) \<in> Domain (RAG (wq s))" by simp
-thus ?thesis using eq_depend by simp
+thus ?thesis using eq_RAG by simp
 qed
-from dm_depend_threads[OF vt this]
+from dm_RAG_threads[OF vt this]
 have "th \<in> threads s" .
 } note hh = this
 fix th1
 assume "th1 \<in> dependants (wq s) th"
-hence "th1 \<in> {th'a. (Th th'a, Th th) \<in> (depend (wq s))\<^sup>+}"
+hence "th1 \<in> {th'a. (Th th'a, Th th) \<in> (RAG (wq s))\<^sup>+}"
 by (unfold cs_dependants_def, simp)
 from hh [OF this] show "th1 \<in> threads s" .
 qed
 lemma finite_threads:
 lemma cp_le:
 assumes vt: "vt s"
 and th_in: "th \<in> threads s"
 shows "cp s th \<le> Max ((\<lambda> th. (preced th s)) ` threads s)"
 proof(unfold cp_eq_cpreced cpreced_def cs_dependants_def)
-show "Max ((\<lambda>th. preced th s) ` ({th} \<union> {th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+}))
+show "Max ((\<lambda>th. preced th s) ` ({th} \<union> {th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+}))
 \<le> Max ((\<lambda>th. preced th s) ` threads s)"
 (is "Max (?f ` ?A) \<le> Max (?f ` ?B)")
 proof(rule Max_f_mono)
-show "{th} \<union> {th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+} \<noteq> {}" by simp
+show "{th} \<union> {th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+} \<noteq> {}" by simp
 next
 from finite_threads [OF vt]
 show "finite (threads s)" .
 next
 from th_in
-show "{th} \<union> {th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+} \<subseteq> threads s"
+show "{th} \<union> {th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+} \<subseteq> threads s"
 apply (auto simp:Domain_def)
-apply (rule_tac dm_depend_threads[OF vt])
+apply (rule_tac dm_RAG_threads[OF vt])
-apply (unfold trancl_domain [of "depend s", symmetric])
+apply (unfold trancl_domain [of "RAG s", symmetric])
-by (unfold cs_depend_def s_depend_def, auto simp:Domain_def)
+by (unfold cs_RAG_def s_RAG_def, auto simp:Domain_def)
 qed
 qed
 lemma le_cp:
 assumes vt: "vt s"
 case False
 have "finite ?A" (is "finite (?f ` ?B)")
 proof -
 have "finite ?B"
 proof-
-have "finite {th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+}"
+have "finite {th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+}"
 proof -
 let ?F = "\<lambda> (x, y). the_th x"
-have "{th'. (Th th', Th th) \<in> (depend (wq s))\<^sup>+} \<subseteq> ?F ` ((depend (wq s))\<^sup>+)"
+have "{th'. (Th th', Th th) \<in> (RAG (wq s))\<^sup>+} \<subseteq> ?F ` ((RAG (wq s))\<^sup>+)"
 apply (auto simp:image_def)
 by (rule_tac x = "(Th x, Th th)" in bexI, auto)
 moreover have "finite \<dots>"
 proof -
-from finite_depend[OF vt] have "finite (depend s)" .
+from finite_RAG[OF vt] have "finite (RAG s)" .
-hence "finite ((depend (wq s))\<^sup>+)"
+hence "finite ((RAG (wq s))\<^sup>+)"
 apply (unfold finite_trancl)
-by (auto simp: s_depend_def cs_depend_def wq_def)
+by (auto simp: s_RAG_def cs_RAG_def wq_def)
 thus ?thesis by auto
 qed
 ultimately show ?thesis by (auto intro:finite_subset)
 qed
 thus ?thesis by (simp add:cs_dependants_def)
 from np show "?f ` threads s \<noteq> {}" by simp
 qed
 then obtain tm where tm_max: "?f tm = ?p" and tm_in: "tm \<in> threads s"
 by (auto simp:Image_def)
 from th_chain_to_ready [OF vt tm_in]
-have "tm \<in> readys s \<or> (\<exists>th'. th' \<in> readys s \<and> (Th tm, Th th') \<in> (depend s)\<^sup>+)" .
+have "tm \<in> readys s \<or> (\<exists>th'. th' \<in> readys s \<and> (Th tm, Th th') \<in> (RAG s)\<^sup>+)" .
 thus ?thesis
 proof
-assume "\<exists>th'. th' \<in> readys s \<and> (Th tm, Th th') \<in> (depend s)\<^sup>+ "
+assume "\<exists>th'. th' \<in> readys s \<and> (Th tm, Th th') \<in> (RAG s)\<^sup>+ "
 then obtain th' where th'_in: "th' \<in> readys s"
-and tm_chain:"(Th tm, Th th') \<in> (depend s)\<^sup>+" by auto
+and tm_chain:"(Th tm, Th th') \<in> (RAG s)\<^sup>+" by auto
 have "cp s th' = ?f tm"
 proof(subst cp_eq_cpreced, subst cpreced_def, rule Max_eqI)
 from dependants_threads[OF vt] finite_threads[OF vt]
 show "finite ((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th'))"
 by (auto intro:finite_subset)
 next
 show "preced tm s \<in> (\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')"
 proof -
 from tm_chain
 have "tm \<in> dependants (wq s) th'"
-by (unfold cs_dependants_def s_depend_def cs_depend_def, auto)
+by (unfold cs_dependants_def s_RAG_def cs_RAG_def, auto)
 thus ?thesis by auto
 qed
 qed
 with tm_max
 have h: "cp s th' = Max ((\<lambda>th. preced th s) ` threads s)" by simp
 definition detached :: "state \<Rightarrow> thread \<Rightarrow> bool"
 where "detached s th \<equiv> (\<not>(\<exists> cs. holding s th cs)) \<and> (\<not>(\<exists>cs. waiting s th cs))"
 lemma detached_test:
-shows "detached s th = (Th th \<notin> Field (depend s))"
+shows "detached s th = (Th th \<notin> Field (RAG s))"
 apply(simp add: detached_def Field_def)
-apply(simp add: s_depend_def)
+apply(simp add: s_RAG_def)
 apply(simp add: s_holding_abv s_waiting_abv)
 apply(simp add: Domain_iff Range_iff)
 apply(simp add: wq_def)
 apply(auto)
 done
 with eq_cnt
 have "th \<in> readys s \<or> th \<notin> threads s" by (auto simp:eq_pv)
 thus ?thesis
 proof
 assume "th \<notin> threads s"
-with range_in[OF vt] dm_depend_threads[OF vt]
+with range_in[OF vt] dm_RAG_threads[OF vt]
 show ?thesis
-by (auto simp add: detached_def s_depend_def s_waiting_abv s_holding_abv wq_def Domain_iff Range_iff)
+by (auto simp add: detached_def s_RAG_def s_waiting_abv s_holding_abv wq_def Domain_iff Range_iff)
 next
 assume "th \<in> readys s"
-moreover have "Th th \<notin> Range (depend s)"
+moreover have "Th th \<notin> Range (RAG s)"
 proof -
 from card_0_eq [OF finite_holding [OF vt]] and cncs_zero
 have "holdents s th = {}"
 by (simp add:cntCS_def)
 thus ?thesis
 apply(auto simp:holdents_test)
 apply(case_tac a)
-apply(auto simp:holdents_test s_depend_def)
+apply(auto simp:holdents_test s_RAG_def)
 done
 qed
 ultimately show ?thesis
-by (auto simp add: detached_def s_depend_def s_waiting_abv s_holding_abv wq_def readys_def)
+by (auto simp add: detached_def s_RAG_def s_waiting_abv s_holding_abv wq_def readys_def)
 qed
 qed
 lemma detached_elim:
 fixes s th
 have eq_pv: " cntP s th =
 cntV s th + (if th \<in> readys s \<or> th \<notin> threads s then cntCS s th else cntCS s th + 1)" .
 have cncs_z: "cntCS s th = 0"
 proof -
 from dtc have "holdents s th = {}"
-unfolding detached_def holdents_test s_depend_def
+unfolding detached_def holdents_test s_RAG_def
 by (simp add: s_waiting_abv wq_def s_holding_abv Domain_iff Range_iff)
 thus ?thesis by (auto simp:cntCS_def)
 qed
 show ?thesis
 proof(cases "th \<in> threads s")
 case True
 with dtc
 have "th \<in> readys s"
 by (unfold readys_def detached_def Field_def Domain_def Range_def,
-auto simp:eq_waiting s_depend_def)
+auto simp:eq_waiting s_RAG_def)
 with cncs_z and eq_pv show ?thesis by simp
 next
 case False
 with cncs_z and eq_pv show ?thesis by simp
 qed

changeset 35	92f61f6a0fe7
parent 32	e861aff29655
child 36	af38526275f8