pip: comparison Correctness.thy

equal deleted inserted replaced

-:8a9767ab6415
+:9756a51f2223
 theory Correctness
 imports PIPBasics
 begin
+lemma actions_of_len_cons [iff]:
+"length (actions_of ts (e#t)) \<le> length ((actions_of ts t)) + 1"
+by  (unfold actions_of_def, simp)
 text {*
 The following two auxiliary lemmas are used to reason about @{term Max}.
 *}
 the particular environment in which it operates. In this particular case,
 we regard the @{term t} as the environment of thread @{term th}.
 *}
 assumes finite_span:
 "th' \<in> blockers \<Longrightarrow>
 (\<exists> span. \<forall> t'. extend_highest_gen s th prio tm t' \<longrightarrow>
-length (actions_of {th'} t') = span \<longrightarrow> detached (t'@s) th')"
+\<not> detached (t'@s) th' \<longrightarrow> length (actions_of {th'} t') < span)"
--- {* The following @{text BC} is bound of @{term Create}-operations *}
+-- {*
+The difference between this @{text finite_span} and the former one is to allow the number
+of action steps to change with execution paths (i.e. different value of @{term "t'@s"}}).
+The @{term span} is a upper bound on these step numbers.
+*}
 fixes BC
 -- {*
 The following assumption requires the number of @{term Create}-operations is
 less or equal to @{term BC} regardless of any particular extension of @{term t}.
 text {*
 The following @{term span}-function gives the upper bound of
 operations take by each particular blocker.
 *}
 definition "span th' = (SOME span.
-\<forall>t'. extend_highest_gen s th prio tm t' \<longrightarrow>
+\<forall> t'. extend_highest_gen s th prio tm t' \<longrightarrow>
-length (actions_of {th'} t') = span \<longrightarrow> detached (t' @ s) th')"
+\<not> detached (t'@s) th' \<longrightarrow> length (actions_of {th'} t') < span)"
 text {*
 The following lemmas shows the correctness of @{term span}, i.e.
 the number of operations of taken by @{term th'} is given by
 @{term "span th"}.
 lemma le_span:
 assumes "th' \<in> blockers"
 shows "length (actions_of {th'} t) \<le> span th'"
 proof -
 from finite_span[OF assms(1)] obtain span'
-where span': "\<forall>t'. extend_highest_gen s th prio tm t' \<longrightarrow>
+where span': "\<forall> t'. extend_highest_gen s th prio tm t' \<longrightarrow>
-length (actions_of {th'} t') = span' \<longrightarrow> detached (t' @ s) th'" (is "?P span'")
+\<not> detached (t'@s) th' \<longrightarrow> length (actions_of {th'} t') < span'" (is "?P span'")
 by auto
 have "length (actions_of {th'} t) \<le> (SOME span. ?P span)"
 proof(rule someI2[where a = span'])
 fix span
 assume fs: "?P span"
 show "length (actions_of {th'} t) \<le> span"
 proof(induct rule:ind)
 case h: (Cons e t)
 interpret ve':  extend_highest_gen s th prio tm "e#t" using h by simp
 show ?case
-proof(cases "length (actions_of {th'} t) < span")
+proof(cases "detached (t@s) th'")
 case True
-thus ?thesis by (simp add:actions_of_def)
-next
-case False
 have "actor e \<noteq> th'"
 proof
 assume otherwise: "actor e = th'"
 from ve'.blockers_no_create [OF assms _ this]
 have "\<not> isCreate e" by auto
 from PIP_actorE[OF h(2) otherwise this]
 have "th' \<in> running (t @ s)" .
 moreover have "th' \<notin> running (t @ s)"
 proof -
-from False h(4) h(5) have "length (actions_of {th'} t) = span" by simp
+from extend_highest_gen.detached_not_running[OF h(3) True] assms
-from fs[rule_format, OF h(3) this] have "detached (t @ s) th'" .
-from extend_highest_gen.detached_not_running[OF h(3) this] assms
 show ?thesis by (auto simp:blockers_def)
 qed
 ultimately show False by simp
 qed
 with h show ?thesis by (auto simp:actions_of_def)
+next
+case False
+from fs[rule_format, OF h(3) this] and actions_of_len_cons
+show ?thesis by (meson discrete order.trans)
 qed
 qed (simp add: actions_of_def)
 next
 from span'
 show "?P span'" .
 using actions_split create_bc len_action_blockers by linarith
 end
-unused_thms
 end

changeset 154	9756a51f2223
parent 145	188fe0c81ac7
child 156	550ab0f68960