pip: comparison PIPDefs.thy

equal deleted inserted replaced

-:8a6125caead2
+:a4bb5525b7b6
 The thread at the head of this list is designated as the thread which is current
 holding the resrouce, which is slightly different from tradition where
 all threads in the waiting queue are considered as waiting for the resource.
 *}
+(*
 consts
 holding :: "'b \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> bool"
 waiting :: "'b \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> bool"
 RAG :: "'b \<Rightarrow> (node \<times> node) set"
 dependants :: "'b \<Rightarrow> thread \<Rightarrow> thread set"
+*)
-defs (overloaded)
+definition
 -- {*
 \begin{minipage}{0.9\textwidth}
-This meaning of @{text "wq"} is reflected in the following definition of @{text "holding wq th cs"},
+This meaning of @{text "wq"} is reflected in the following definition of
-where @{text "holding wq th cs"} means thread @{text "th"} is holding the critical
+@{text "holding wq th cs"}, where @{text "holding wq th cs"} means thread
-resource @{text "cs"}. This decision is based on @{text "wq"}.
+@{text "th"} is holding the critical resource @{text "cs"}. This decision
-\end{minipage}
+is based on @{text "wq"}.
-*}
+\end{minipage}
+*}
-cs_holding_def:
-"holding wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread = hd (wq cs))"
+cs_holding_raw:
+"holding_raw wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread = hd (wq cs))"
+definition
 -- {*
 \begin{minipage}{0.9\textwidth}
-In accordance with the definition of @{text "holding wq th cs"},
+In accordance with the definition of @{text "holding wq th cs"}, a thread
-a thread @{text "th"} is considered waiting for @{text "cs"} if
+@{text "th"} is considered waiting for @{text "cs"} if it is in the {\em
-it is in the {\em waiting queue} of critical resource @{text "cs"}, but not at the head.
+waiting queue} of critical resource @{text "cs"}, but not at the head.
-This is reflected in the definition of @{text "waiting wq th cs"} as follows:
+This is reflected in the definition of @{text "waiting wq th cs"} as
-\end{minipage}
+follows:
-*}
+\end{minipage}
-cs_waiting_def:
+*}
-"waiting wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread \<noteq> hd (wq cs))"
+cs_waiting_raw:
+"waiting_raw wq thread cs \<equiv> (thread \<in> set (wq cs) \<and> thread \<noteq> hd (wq cs))"
+definition
 -- {*
 \begin{minipage}{0.9\textwidth}
-@{text "RAG wq"} generates RAG (a binary relations on @{text "node"})
+@{text "RAG wq"} generates RAG (a binary relations on @{text "node"}) out
-out of waiting queues of the system (represented by the @{text "wq"} argument):
+of waiting queues of the system (represented by the @{text "wq"}
-\end{minipage}
+argument): \end{minipage}
 *}
-cs_RAG_def:
-"RAG (wq::cs \<Rightarrow> thread list) \<equiv>
+cs_RAG_raw:
-{(Th th, Cs cs) | th cs. waiting wq th cs} \<union> {(Cs cs, Th th) | cs th. holding wq th cs}"
+"RAG_raw (wq::cs \<Rightarrow> thread list) \<equiv>
+{(Th th, Cs cs) | th cs. waiting_raw wq th cs} \<union> {(Cs cs, Th th) | cs th. holding_raw wq th cs}"
+definition
 -- {*
 \begin{minipage}{0.9\textwidth}
-The following @{text "dependants wq th"} represents the set of threads which are RAGing on
+The following @{text "dependants wq th"} represents the set of threads
-thread @{text "th"} in Resource Allocation Graph @{text "RAG wq"}.
+which are RAGing on thread @{text "th"} in Resource Allocation Graph
-Here, "RAGing" means waiting directly or indirectly on the critical resource.
+@{text "RAG wq"}. Here, "RAGing" means waiting directly or indirectly on
-\end{minipage}
+the critical resource.
-*}
+\end{minipage}
+*}
 cs_dependants_def:
-"dependants (wq::cs \<Rightarrow> thread list) th \<equiv> {th' . (Th th', Th th) \<in> (RAG wq)^+}"
+"dependants_raw (wq::cs \<Rightarrow> thread list) th \<equiv> {th' . (Th th', Th th) \<in> (RAG_raw wq)^+}"
+text {*
-text {* \noindent
+\noindent The following @{text "cpreced s th"} gives the {\em current
-The following
+precedence} of thread @{text "th"} under state @{text "s"}. The definition
-@{text "cpreced s th"} gives the {\em current precedence} of thread @{text "th"} under
+of @{text "cpreced"} reflects the basic idea of Priority Inheritance that
-state @{text "s"}. The definition of @{text "cpreced"} reflects the basic idea of
+the {\em current precedence} of a thread is the precedence inherited from
-Priority Inheritance that the {\em current precedence} of a thread is the precedence
+the maximum of all its dependants, i.e. the threads which are waiting
-inherited from the maximum of all its dependants, i.e. the threads which are waiting
+directly or indirectly waiting for some resources from it. If no such
-directly or indirectly waiting for some resources from it. If no such thread exits,
+thread exits, @{text "th"}'s {\em current precedence} equals its original
-@{text "th"}'s {\em current precedence} equals its original precedence, i.e.
+precedence, i.e. @{text "preced th s"}.
-@{text "preced th s"}.
+*}
-*}
 definition cpreced :: "(cs \<Rightarrow> thread list) \<Rightarrow> state \<Rightarrow> thread \<Rightarrow> precedence"
-where "cpreced wq s = (\<lambda>th. Max ((\<lambda>th'. preced th' s) ` ({th} \<union> dependants wq th)))"
+where "cpreced wq s = (\<lambda>th. Max ((\<lambda>th'. preced th' s) ` ({th} \<union> dependants_raw wq th)))"
 text {*
-Notice that the current precedence (@{text "cpreced"}) of one thread @{text "th"} can be boosted
+Notice that the current precedence (@{text "cpreced"}) of one thread
-(becoming larger than its own precedence) by those threads in
+@{text "th"} can be boosted (becoming larger than its own precedence) by
-the @{text "dependants wq th"}-set. If one thread get boosted, we say
+those threads in the @{text "dependants wq th"}-set. If one thread get
-it inherits the priority (or, more precisely, the precedence) of
+boosted, we say it inherits the priority (or, more precisely, the
-its dependants. This is how the word "Inheritance" in
+precedence) of its dependants. This is how the word "Inheritance" in
 Priority Inheritance Protocol comes.
 *}
 (*<*)
 lemma
 cpreced_def2:
-"cpreced wq s th \<equiv> Max ({preced th s} \<union> {preced th' s | th'. th' \<in> dependants wq th})"
+"cpreced wq s th \<equiv> Max ({preced th s} \<union> {preced th' s | th'. th' \<in> dependants_raw wq th})"
 unfolding cpreced_def image_def
 apply(rule eq_reflection)
 apply(rule_tac f="Max" in arg_cong)
 by (auto)
 (*>*)
-text {* \noindent
+text {*
-Assuming @{text "qs"} be the waiting queue of a critical resource,
-the following abbreviation "release qs" is the waiting queue after the thread
+\noindent Assuming @{text "qs"} be the waiting queue of a critical
-holding the resource (which is thread at the head of @{text "qs"}) released
+resource, the following abbreviation "release qs" is the waiting queue
-the resource:
+after the thread holding the resource (which is thread at the head of
-*}
+@{text "qs"}) released the resource:
+*}
 abbreviation
 "release qs \<equiv> case qs of
 [] => []
 |  (_#qs') => (SOME q. distinct q \<and> set q = set qs')"
-text {* \noindent
-It can be seen from the definition that the thread at the head of @{text "qs"} is removed
+text {*
-from the return value, and the value @{term "q"} is an reordering of @{text "qs'"}, the
+\noindent It can be seen from the definition that the thread at the head
-tail of @{text "qs"}. Through this reordering, one of the waiting threads (those in @{text "qs'"} }
+of @{text "qs"} is removed from the return value, and the value @{term
-is chosen nondeterministically to be the head of the new queue @{text "q"}.
+"q"} is an reordering of @{text "qs'"}, the tail of @{text "qs"}. Through
-Therefore, this thread is the one who takes over the resource. This is a little better different
+this reordering, one of the waiting threads (those in @{text "qs'"} } is
-from common sense that the thread who comes the earliest should take over.
+chosen nondeterministically to be the head of the new queue @{text "q"}.
-The intention of this definition is to show that the choice of which thread to take over the
+Therefore, this thread is the one who takes over the resource. This is a
-release resource does not affect the correctness of the PIP protocol.
+little better different from common sense that the thread who comes the
-*}
+earliest should take over. The intention of this definition is to show
+that the choice of which thread to take over the release resource does not
-text {*
+affect the correctness of the PIP protocol.
-The data structure used by the operating system for scheduling is referred to as
+*}
-{\em schedule state}. It is represented as a record consisting of
-a function assigning waiting queue to resources
+text {*
-(to be used as the @{text "wq"} argument in @{text "holding"}, @{text "waiting"}
+The data structure used by the operating system for scheduling is referred
-and  @{text "RAG"}, etc) and a function assigning precedence to threads:
+to as {\em schedule state}. It is represented as a record consisting of a
+function assigning waiting queue to resources (to be used as the @{text
+"wq"} argument in @{text "holding"}, @{text "waiting"} and @{text "RAG"},
+etc) and a function assigning precedence to threads:
 *}
 record schedule_state =
 wq_fun :: "cs \<Rightarrow> thread list" -- {* The function assigning waiting queue. *}
 cprec_fun :: "thread \<Rightarrow> precedence" -- {* The function assigning precedence. *}
-text {* \noindent
+text {*
-The following two abbreviations (@{text "all_unlocked"} and @{text "initial_cprec"})
+\noindent The following two abbreviations (@{text "all_unlocked"} and
-are used to set the initial values of the @{text "wq_fun"} @{text "cprec_fun"} fields
+@{text "initial_cprec"}) are used to set the initial values of the @{text
-respectively of the @{text "schedule_state"} record by the following function @{text "sch"},
+"wq_fun"} @{text "cprec_fun"} fields respectively of the @{text
-which is used to calculate the system's {\em schedule state}.
+"schedule_state"} record by the following function @{text "sch"}, which is
+used to calculate the system's {\em schedule state}.
-Since there is no thread at the very beginning to make request, all critical resources
-are free (or unlocked). This status is represented by the abbreviation
+Since there is no thread at the very beginning to make request, all
-@{text "all_unlocked"}.
+critical resources are free (or unlocked). This status is represented by
-*}
+the abbreviation @{text "all_unlocked"}.
+*}
 abbreviation
 "all_unlocked \<equiv> \<lambda>_::cs. ([]::thread list)"
 text {* \noindent
 (|wq_fun = new_wq, cprec_fun = cpreced new_wq (V th cs # s)|))"
 lemma cpreced_initial:
 "cpreced (\<lambda> cs. []) [] = (\<lambda>_. (Prc 0 0))"
 apply(simp add: cpreced_def)
-apply(simp add: cs_dependants_def cs_RAG_def cs_waiting_def cs_holding_def)
+apply(simp add: cs_dependants_def cs_RAG_raw cs_waiting_raw cs_holding_raw)
 apply(simp add: preced_def)
 done
 lemma sch_old_def:
 "schs (e#s) = (let ps = schs s in
 @{text "dependants"} still have the
 same meaning, but redefined so that they no longer RAG on the
 fictitious {\em waiting queue function}
 @{text "wq"}, but on system state @{text "s"}.
 *}
-defs (overloaded)
+definition
 s_holding_abv:
-"holding (s::state) \<equiv> holding (wq_fun (schs s))"
+"holding (s::state) \<equiv> holding_raw (wq_fun (schs s))"
+definition
 s_waiting_abv:
-"waiting (s::state) \<equiv> waiting (wq_fun (schs s))"
+"waiting (s::state) \<equiv> waiting_raw (wq_fun (schs s))"
+definition
 s_RAG_abv:
-"RAG (s::state) \<equiv> RAG (wq_fun (schs s))"
+"RAG (s::state) \<equiv> RAG_raw (wq_fun (schs s))"
+definition
 s_dependants_abv:
-"dependants (s::state) \<equiv> dependants (wq_fun (schs s))"
+"dependants (s::state) \<equiv> dependants_raw (wq_fun (schs s))"
 text {*
 The following lemma can be proved easily, and the meaning is obvious.
 *}
 lemma
 s_holding_def:
 "holding (s::state) th cs \<equiv> (th \<in> set (wq_fun (schs s) cs) \<and> th = hd (wq_fun (schs s) cs))"
-by (auto simp:s_holding_abv wq_def cs_holding_def)
+by (auto simp:s_holding_abv wq_def cs_holding_raw)
 lemma s_waiting_def:
 "waiting (s::state) th cs \<equiv> (th \<in> set (wq_fun (schs s) cs) \<and> th \<noteq> hd (wq_fun (schs s) cs))"
-by (auto simp:s_waiting_abv wq_def cs_waiting_def)
+by (auto simp:s_waiting_abv wq_def cs_waiting_raw)
 lemma s_RAG_def:
 "RAG (s::state) =
-{(Th th, Cs cs) | th cs. waiting (wq s) th cs} \<union> {(Cs cs, Th th) | cs th. holding (wq s) th cs}"
+{(Th th, Cs cs) | th cs. waiting_raw (wq s) th cs} \<union> {(Cs cs, Th th) | cs th. holding_raw (wq s) th cs}"
-by (auto simp:s_RAG_abv wq_def cs_RAG_def)
+by (auto simp:s_RAG_abv wq_def cs_RAG_raw)
 lemma
 s_dependants_def:
-"dependants (s::state) th \<equiv> {th' . (Th th', Th th) \<in> (RAG (wq s))^+}"
+"dependants (s::state) th \<equiv> {th' . (Th th', Th th) \<in> (RAG_raw (wq s))^+}"
 by (auto simp:s_dependants_abv wq_def cs_dependants_def)
 text {*
-The following function @{text "readys"} calculates the set of ready threads. A thread is {\em ready}
+The following function @{text "readys"} calculates the set of ready
-for running if it is a live thread and it is not waiting for any critical resource.
+threads. A thread is {\em ready} for running if it is a live thread and it
-*}
+is not waiting for any critical resource.
+*}
 definition readys :: "state \<Rightarrow> thread set"
 where "readys s \<equiv> {th . th \<in> threads s \<and> (\<forall> cs. \<not> waiting s th cs)}"
-text {* \noindent
+text {*
-The following function @{text "runing"} calculates the set of running thread, which is the ready
+\noindent The following function @{text "runing"} calculates the set of
-thread with the highest precedence.
+running thread, which is the ready thread with the highest precedence.
 *}
 definition runing :: "state \<Rightarrow> thread set"
 where "runing s \<equiv> {th . th \<in> readys s \<and> cp s th = Max ((cp s) ` (readys s))}"
-text {* \noindent
+text {*
-Notice that the definition of @{text "running"} reflects the preemptive scheduling strategy,
+\noindent Notice that the definition of @{text "running"} reflects the
-because, if the @{text "running"}-thread (the one in @{text "runing"} set)
+preemptive scheduling strategy, because, if the @{text "running"}-thread
-lowered its precedence by resetting its own priority to a lower
+(the one in @{text "runing"} set) lowered its precedence by resetting its
-one, it will lose its status of being the max in @{text "ready"}-set and be superseded.
+own priority to a lower one, it will lose its status of being the max in
-*}
+@{text "ready"}-set and be superseded.
+*}
-text {* \noindent
-The following function @{text "holdents s th"} returns the set of resources held by thread
+text {*
-@{text "th"} in state @{text "s"}.
+\noindent The following function @{text "holdents s th"} returns the set
-*}
+of resources held by thread @{text "th"} in state @{text "s"}. *}
-definition holdents :: "state \<Rightarrow> thread \<Rightarrow> cs set"
+definition holdents :: "state \<Rightarrow> thread \<Rightarrow> cs set"
 where "holdents s th \<equiv> {cs . holding s th cs}"
 lemma holdents_test:
 "holdents s th = {cs . (Cs cs, Th th) \<in> RAG s}"
 unfolding holdents_def
 names @{term "wRAG"} and @{term "hRAG"}.
 *}
 definition "tRAG s = wRAG s O hRAG s"
 text {* The following lemma splits @{term "RAG"} graph into the above two sub-graphs. *}
 lemma RAG_split: "RAG s = (wRAG s \<union> hRAG s)"
 by (unfold s_RAG_abv wRAG_def hRAG_def s_waiting_abv
-s_holding_abv cs_RAG_def, auto)
+s_holding_abv cs_RAG_raw, auto)
 lemma tRAG_alt_def:
 "tRAG s = {(Th th1, Th th2) | th1 th2.
 \<exists> cs. (Th th1, Cs cs) \<in> RAG s \<and> (Cs cs, Th th2) \<in> RAG s}"
 by (auto simp:tRAG_def RAG_split wRAG_def hRAG_def)

changeset 118	a4bb5525b7b6
parent 115	74fc1eae4605
child 125	95e7933968f8