pip: comparison Implementation.thy

equal deleted inserted replaced

-:4805c6333fef
+:c7ba70dc49bd
 recalculation are based on.
 *}
 section {* The @{term Set} operation *}
-text {* (* ddd *)
+context valid_trace_set
-The following locale @{text "step_set_cps"} investigates the recalculation
-after the @{text "Set"} operation.
-*}
-locale step_set_cps =
-fixes s' th prio s
--- {* @{text "s'"} is the system state before the operation *}
--- {* @{text "s"} is the system state after the operation *}
-defines s_def : "s \<equiv> (Set th prio#s')"
--- {* @{text "s"} is assumed to be a legitimate state, from which
-the legitimacy of @{text "s"} can be derived. *}
-assumes vt_s: "vt s"
-sublocale step_set_cps < vat_s : valid_trace "s"
-proof
-from vt_s show "vt s" .
-qed
-sublocale step_set_cps < vat_s' : valid_trace "s'"
-proof
-from step_back_vt[OF vt_s[unfolded s_def]] show "vt s'" .
-qed
-context step_set_cps
 begin
 text {* (* ddd *)
 The following two lemmas confirm that @{text "Set"}-operation
 only changes the precedence of the initiating thread (or actor)
 of the operation (or event).
 *}
 lemma eq_preced:
 assumes "th' \<noteq> th"
-shows "preced th' s = preced th' s'"
+shows "preced th' (e#s) = preced th' s"
 proof -
 from assms show ?thesis
-by (unfold s_def, auto simp:preced_def)
+by (unfold is_set, auto simp:preced_def)
 qed
 lemma eq_the_preced:
 assumes "th' \<noteq> th"
-shows "the_preced s th' = the_preced s' th'"
+shows "the_preced (e#s) th' = the_preced s th'"
 using assms
 by (unfold the_preced_def, intro eq_preced, simp)
-text {*
-The following lemma assures that the resetting of priority does not change the RAG.
-*}
-lemma eq_dep: "RAG s = RAG s'"
-by (unfold s_def RAG_set_unchanged, auto)
 text {* (* ddd *)
 Th following lemma @{text "eq_cp_pre"} says that the priority change of @{text "th"}
 only affects those threads, which as @{text "Th th"} in their sub-trees.
 The proof of this lemma is simplified by using the alternative definition
 of @{text "cp"}.
 *}
 lemma eq_cp_pre:
-assumes nd: "Th th \<notin> subtree (RAG s') (Th th')"
+assumes nd: "Th th \<notin> subtree (RAG s) (Th th')"
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 proof -
 -- {* After unfolding using the alternative definition, elements
 affecting the @{term "cp"}-value of threads become explicit.
 We only need to prove the following: *}
-have "Max (the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')}) =
+have "Max (the_preced (e#s) ` {th'a. Th th'a \<in> subtree (RAG (e#s)) (Th th')}) =
-Max (the_preced s' ` {th'a. Th th'a \<in> subtree (RAG s') (Th th')})"
+Max (the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')})"
 (is "Max (?f ` ?S1) = Max (?g ` ?S2)")
 proof -
 -- {* The base sets are equal. *}
-have "?S1 = ?S2" using eq_dep by simp
+have "?S1 = ?S2" using RAG_unchanged by simp
 -- {* The function values on the base set are equal as well. *}
 moreover have "\<forall> e \<in> ?S2. ?f e = ?g e"
 proof
 fix th1
 assume "th1 \<in> ?S2"
 with nd have "th1 \<noteq> th" by (auto)
 from eq_the_preced[OF this]
-show "the_preced s th1 = the_preced s' th1" .
+show "the_preced (e#s) th1 = the_preced s th1" .
 qed
 -- {* Therefore, the image of the functions are equal. *}
 ultimately have "(?f ` ?S1) = (?g ` ?S2)" by (auto intro!:f_image_eq)
 thus ?thesis by simp
 qed
 The following lemma shows that @{term "th"} is not in the
 sub-tree of any other thread.
 *}
 lemma th_in_no_subtree:
 assumes "th' \<noteq> th"
-shows "Th th \<notin> subtree (RAG s') (Th th')"
+shows "Th th \<notin> subtree (RAG s) (Th th')"
 proof -
-have "th \<in> readys s'"
+from readys_in_no_subtree[OF th_ready_s assms(1)]
-proof -
-from step_back_step [OF vt_s[unfolded s_def]]
-have "step s' (Set th prio)" .
-hence "th \<in> runing s'" by (cases, simp)
-thus ?thesis by (simp add:readys_def runing_def)
-qed
-from vat_s'.readys_in_no_subtree[OF this assms(1)]
 show ?thesis by blast
 qed
 text {*
 By combining @{thm "eq_cp_pre"} and @{thm "th_in_no_subtree"},
 it is obvious that the change of priority only affects the @{text "cp"}-value
 of the initiating thread @{text "th"}.
 *}
 lemma eq_cp:
 assumes "th' \<noteq> th"
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 by (rule eq_cp_pre[OF th_in_no_subtree[OF assms]])
 end
 section {* The @{term V} operation *}
 text {*
 The following @{text "step_v_cps"} is the locale for @{text "V"}-operation.
 *}
-locale step_v_cps =
--- {* @{text "th"} is the initiating thread *}
+context valid_trace_v
--- {* @{text "cs"} is the critical resource release by the @{text "V"}-operation *}
+begin
-fixes s' th cs s    -- {* @{text "s'"} is the state before operation*}
-defines s_def : "s \<equiv> (V th cs#s')" -- {* @{text "s"} is the state after operation*}
+lemma ancestors_th: "ancestors (RAG s) (Th th) = {}"
--- {* @{text "s"} is assumed to be valid, which implies the validity of @{text "s'"} *}
+proof -
-assumes vt_s: "vt s"
+from readys_root[OF th_ready_s]
-sublocale step_v_cps < vat_s : valid_trace "s"
-proof
-from vt_s show "vt s" .
-qed
-sublocale step_v_cps < vat_s' : valid_trace "s'"
-proof
-from step_back_vt[OF vt_s[unfolded s_def]] show "vt s'" .
-qed
-context step_v_cps
-begin
-lemma ready_th_s': "th \<in> readys s'"
-using step_back_step[OF vt_s[unfolded s_def]]
-by (cases, simp add:runing_def)
-lemma ancestors_th: "ancestors (RAG s') (Th th) = {}"
-proof -
-from vat_s'.readys_root[OF ready_th_s']
 show ?thesis
 by (unfold root_def, simp)
 qed
-lemma holding_th: "holding s' th cs"
-proof -
-from vt_s[unfolded s_def]
-have " PIP s' (V th cs)" by (cases, simp)
-thus ?thesis by (cases, auto)
-qed
 lemma edge_of_th:
-"(Cs cs, Th th) \<in> RAG s'"
+"(Cs cs, Th th) \<in> RAG s"
 proof -
-from holding_th
+from holding_th_cs_s
 show ?thesis
 by (unfold s_RAG_def holding_eq, auto)
 qed
 lemma ancestors_cs:
-"ancestors (RAG s') (Cs cs) = {Th th}"
+"ancestors (RAG s) (Cs cs) = {Th th}"
 proof -
-have "ancestors (RAG s') (Cs cs) = ancestors (RAG s') (Th th)  \<union>  {Th th}"
+have "ancestors (RAG s) (Cs cs) = ancestors (RAG s) (Th th)  \<union>  {Th th}"
-proof(rule vat_s'.rtree_RAG.ancestors_accum)
+by (rule rtree_RAG.ancestors_accum[OF edge_of_th])
-from vt_s[unfolded s_def]
-have " PIP s' (V th cs)" by (cases, simp)
-thus "(Cs cs, Th th) \<in> RAG s'"
-proof(cases)
-assume "holding s' th cs"
-from this[unfolded holding_eq]
-show ?thesis by (unfold s_RAG_def, auto)
-qed
-qed
 from this[unfolded ancestors_th] show ?thesis by simp
 qed
-lemma preced_kept: "the_preced s = the_preced s'"
-by (auto simp: s_def the_preced_def preced_def)
 end
 text {*
 The following @{text "step_v_cps_nt"} is the sub-locale for @{text "V"}-operation,
 which represents the case when there is another thread @{text "th'"}
 to take over the critical resource released by the initiating thread @{text "th"}.
 *}
-locale step_v_cps_nt = step_v_cps +
-fixes th'
+context valid_trace_v_n
--- {* @{text "th'"} is assumed to take over @{text "cs"} *}
+begin
-assumes nt: "next_th s' th cs th'"
+lemma sub_RAGs':
-context step_v_cps_nt
+"{(Cs cs, Th th), (Th taker, Cs cs)} \<subseteq> RAG s"
-begin
+using next_th_RAG[OF next_th_taker]  .
-text {*
-Lemma @{text "RAG_s"} confirms the change of RAG:
-two edges removed and one added, as shown by the following diagram.
-*}
-(*
-RAG before the V-operation
-th1 ----|
-|
-th' ----|
-|----> cs -----|
-th2 ----|              |
-|              |
-th3 ----|              |
-|------> th
-th4 ----|              |
-|              |
-th5 ----|              |
-|----> cs'-----|
-th6 ----|
-|
-th7 ----|
-RAG after the V-operation
-th1 ----|
-|
-|----> cs ----> th'
-th2 ----|
-|
-th3 ----|
-th4 ----|
-|
-th5 ----|
-|----> cs'----> th
-th6 ----|
-|
-th7 ----|
-*)
-lemma sub_RAGs': "{(Cs cs, Th th), (Th th', Cs cs)} \<subseteq> RAG s'"
-using next_th_RAG[OF nt]  .
 lemma ancestors_th':
-"ancestors (RAG s') (Th th') = {Th th, Cs cs}"
+"ancestors (RAG s) (Th taker) = {Th th, Cs cs}"
 proof -
-have "ancestors (RAG s') (Th th') = ancestors (RAG s') (Cs cs) \<union> {Cs cs}"
+have "ancestors (RAG s) (Th taker) = ancestors (RAG s) (Cs cs) \<union> {Cs cs}"
-proof(rule  vat_s'.rtree_RAG.ancestors_accum)
+proof(rule  rtree_RAG.ancestors_accum)
-from sub_RAGs' show "(Th th', Cs cs) \<in> RAG s'" by auto
+from sub_RAGs' show "(Th taker, Cs cs) \<in> RAG s" by auto
 qed
 thus ?thesis using ancestors_th ancestors_cs by auto
 qed
 lemma RAG_s:
-"RAG s = (RAG s' - {(Cs cs, Th th), (Th th', Cs cs)}) \<union>
+"RAG (e#s) = (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) \<union>
-{(Cs cs, Th th')}"
+{(Cs cs, Th taker)}"
-proof -
+by (unfold RAG_es waiting_set_eq holding_set_eq, auto)
-from step_RAG_v[OF vt_s[unfolded s_def], folded s_def]
-and nt show ?thesis  by (auto intro:next_th_unique)
-qed
 lemma subtree_kept: (* ddd *)
-assumes "th1 \<notin> {th, th'}"
+assumes "th1 \<notin> {th, taker}"
-shows "subtree (RAG s) (Th th1) = subtree (RAG s') (Th th1)" (is "_ = ?R")
+shows "subtree (RAG (e#s)) (Th th1) =
-proof -
+subtree (RAG s) (Th th1)" (is "_ = ?R")
-let ?RAG' = "(RAG s' - {(Cs cs, Th th), (Th th', Cs cs)})"
+proof -
-let ?RAG'' = "?RAG' \<union> {(Cs cs, Th th')}"
+let ?RAG' = "(RAG s - {(Cs cs, Th th), (Th taker, Cs cs)})"
+let ?RAG'' = "?RAG' \<union> {(Cs cs, Th taker)}"
 have "subtree ?RAG' (Th th1) = ?R"
 proof(rule subset_del_subtree_outside)
-show "Range {(Cs cs, Th th), (Th th', Cs cs)} \<inter> subtree (RAG s') (Th th1) = {}"
+show "Range {(Cs cs, Th th), (Th taker, Cs cs)} \<inter> subtree (RAG s) (Th th1) = {}"
 proof -
-have "(Th th) \<notin> subtree (RAG s') (Th th1)"
+have "(Th th) \<notin> subtree (RAG s) (Th th1)"
 proof(rule subtree_refute)
-show "Th th1 \<notin> ancestors (RAG s') (Th th)"
+show "Th th1 \<notin> ancestors (RAG s) (Th th)"
 by (unfold ancestors_th, simp)
 next
 from assms show "Th th1 \<noteq> Th th" by simp
 qed
-moreover have "(Cs cs) \<notin>  subtree (RAG s') (Th th1)"
+moreover have "(Cs cs) \<notin>  subtree (RAG s) (Th th1)"
 proof(rule subtree_refute)
-show "Th th1 \<notin> ancestors (RAG s') (Cs cs)"
+show "Th th1 \<notin> ancestors (RAG s) (Cs cs)"
 by (unfold ancestors_cs, insert assms, auto)
 qed simp
-ultimately have "{Th th, Cs cs} \<inter> subtree (RAG s') (Th th1) = {}" by auto
+ultimately have "{Th th, Cs cs} \<inter> subtree (RAG s) (Th th1) = {}" by auto
 thus ?thesis by simp
 qed
 qed
 moreover have "subtree ?RAG'' (Th th1) =  subtree ?RAG' (Th th1)"
 proof(rule subtree_insert_next)
-show "Th th' \<notin> subtree (RAG s' - {(Cs cs, Th th), (Th th', Cs cs)}) (Th th1)"
+show "Th taker \<notin> subtree (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) (Th th1)"
 proof(rule subtree_refute)
-show "Th th1 \<notin> ancestors (RAG s' - {(Cs cs, Th th), (Th th', Cs cs)}) (Th th')"
+show "Th th1 \<notin> ancestors (RAG s - {(Cs cs, Th th), (Th taker, Cs cs)}) (Th taker)"
 (is "_ \<notin> ?R")
 proof -
-have "?R \<subseteq> ancestors (RAG s') (Th th')" by (rule ancestors_mono, auto)
+have "?R \<subseteq> ancestors (RAG s) (Th taker)" by (rule ancestors_mono, auto)
 moreover have "Th th1 \<notin> ..." using ancestors_th' assms by simp
 ultimately show ?thesis by auto
 qed
 next
-from assms show "Th th1 \<noteq> Th th'" by simp
+from assms show "Th th1 \<noteq> Th taker" by simp
 qed
 qed
 ultimately show ?thesis by (unfold RAG_s, simp)
 qed
 lemma cp_kept:
-assumes "th1 \<notin> {th, th'}"
+assumes "th1 \<notin> {th, taker}"
-shows "cp s th1 = cp s' th1"
+shows "cp (e#s) th1 = cp s th1"
-by (unfold cp_alt_def preced_kept subtree_kept[OF assms], simp)
+by (unfold cp_alt_def the_preced_es subtree_kept[OF assms], simp)
 end
-locale step_v_cps_nnt = step_v_cps +
-assumes nnt: "\<And> th'. (\<not> next_th s' th cs th')"
+context valid_trace_v_e
+begin
-context step_v_cps_nnt
-begin
+find_theorems RAG s e
-lemma RAG_s: "RAG s = RAG s' - {(Cs cs, Th th)}"
+lemma RAG_s: "RAG (e#s) = RAG s - {(Cs cs, Th th)}"
-proof -
+by (unfold RAG_es waiting_set_eq holding_set_eq, simp)
-from nnt and  step_RAG_v[OF vt_s[unfolded s_def], folded s_def]
-show ?thesis by auto
-qed
 lemma subtree_kept:
 assumes "th1 \<noteq> th"
-shows "subtree (RAG s) (Th th1) = subtree (RAG s') (Th th1)"
+shows "subtree (RAG (e#s)) (Th th1) = subtree (RAG s) (Th th1)"
 proof(unfold RAG_s, rule subset_del_subtree_outside)
-show "Range {(Cs cs, Th th)} \<inter> subtree (RAG s') (Th th1) = {}"
+show "Range {(Cs cs, Th th)} \<inter> subtree (RAG s) (Th th1) = {}"
 proof -
-have "(Th th) \<notin> subtree (RAG s') (Th th1)"
+have "(Th th) \<notin> subtree (RAG s) (Th th1)"
 proof(rule subtree_refute)
-show "Th th1 \<notin> ancestors (RAG s') (Th th)"
+show "Th th1 \<notin> ancestors (RAG s) (Th th)"
 by (unfold ancestors_th, simp)
 next
 from assms show "Th th1 \<noteq> Th th" by simp
 qed
 thus ?thesis by auto
 qed
 qed
 lemma cp_kept_1:
 assumes "th1 \<noteq> th"
-shows "cp s th1 = cp s' th1"
+shows "cp (e#s) th1 = cp s th1"
-by (unfold cp_alt_def preced_kept subtree_kept[OF assms], simp)
+by (unfold cp_alt_def the_preced_es subtree_kept[OF assms], simp)
-lemma subtree_cs: "subtree (RAG s') (Cs cs) = {Cs cs}"
+lemma subtree_cs: "subtree (RAG s) (Cs cs) = {Cs cs}"
 proof -
 { fix n
-have "(Cs cs) \<notin> ancestors (RAG s') n"
+have "(Cs cs) \<notin> ancestors (RAG s) n"
 proof
-assume "Cs cs \<in> ancestors (RAG s') n"
+assume "Cs cs \<in> ancestors (RAG s) n"
-hence "(n, Cs cs) \<in> (RAG s')^+" by (auto simp:ancestors_def)
+hence "(n, Cs cs) \<in> (RAG s)^+" by (auto simp:ancestors_def)
-from tranclE[OF this] obtain nn where h: "(nn, Cs cs) \<in> RAG s'" by auto
+from tranclE[OF this] obtain nn where h: "(nn, Cs cs) \<in> RAG s" by auto
 then obtain th' where "nn = Th th'"
 by (unfold s_RAG_def, auto)
-from h[unfolded this] have "(Th th', Cs cs) \<in> RAG s'" .
+from h[unfolded this] have "(Th th', Cs cs) \<in> RAG s" .
 from this[unfolded s_RAG_def]
-have "waiting (wq s') th' cs" by auto
+have "waiting (wq s) th' cs" by auto
 from this[unfolded cs_waiting_def]
-have "1 < length (wq s' cs)"
+have "1 < length (wq s cs)"
-by (cases "wq s' cs", auto)
+by (cases "wq s cs", auto)
-from holding_next_thI[OF holding_th this]
+from holding_next_thI[OF holding_th_cs_s this]
-obtain th' where "next_th s' th cs th'" by auto
+obtain th' where "next_th s th cs th'" by auto
-with nnt show False by auto
+thus False using no_taker by blast
 qed
 } note h = this
 {  fix n
-assume "n \<in> subtree (RAG s') (Cs cs)"
+assume "n \<in> subtree (RAG s) (Cs cs)"
 hence "n = (Cs cs)"
 by (elim subtreeE, insert h, auto)
-} moreover have "(Cs cs) \<in> subtree (RAG s') (Cs cs)"
+} moreover have "(Cs cs) \<in> subtree (RAG s) (Cs cs)"
 by (auto simp:subtree_def)
 ultimately show ?thesis by auto
 qed
 lemma subtree_th:
-"subtree (RAG s) (Th th) = subtree (RAG s') (Th th) - {Cs cs}"
+"subtree (RAG (e#s)) (Th th) = subtree (RAG s) (Th th) - {Cs cs}"
-proof(unfold RAG_s, fold subtree_cs, rule vat_s'.rtree_RAG.subtree_del_inside)
+proof(unfold RAG_s, fold subtree_cs, rule rtree_RAG.subtree_del_inside)
 from edge_of_th
-show "(Cs cs, Th th) \<in> edges_in (RAG s') (Th th)"
+show "(Cs cs, Th th) \<in> edges_in (RAG s) (Th th)"
 by (unfold edges_in_def, auto simp:subtree_def)
 qed
 lemma cp_kept_2:
-shows "cp s th = cp s' th"
+shows "cp (e#s) th = cp s th"
-by (unfold cp_alt_def subtree_th preced_kept, auto)
+by (unfold cp_alt_def subtree_th the_preced_es, auto)
 lemma eq_cp:
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 using cp_kept_1 cp_kept_2
 by (cases "th' = th", auto)
-end
+end
-locale step_P_cps =
-fixes s' th cs s
+section {* The @{term P} operation *}
-defines s_def : "s \<equiv> (P th cs#s')"
-assumes vt_s: "vt s"
+context valid_trace_p
+begin
-sublocale step_P_cps < vat_s : valid_trace "s"
+lemma root_th: "root (RAG s) (Th th)"
+by (simp add: ready_th_s readys_root)
+lemma in_no_others_subtree:
+assumes "th' \<noteq> th"
+shows "Th th \<notin> subtree (RAG s) (Th th')"
 proof
-from vt_s show "vt s" .
+assume "Th th \<in> subtree (RAG s) (Th th')"
-qed
-section {* The @{term P} operation *}
-sublocale step_P_cps < vat_s' : valid_trace "s'"
-proof
-from step_back_vt[OF vt_s[unfolded s_def]] show "vt s'" .
-qed
-context step_P_cps
-begin
-lemma readys_th: "th \<in> readys s'"
-proof -
-from step_back_step [OF vt_s[unfolded s_def]]
-have "PIP s' (P th cs)" .
-hence "th \<in> runing s'" by (cases, simp)
-thus ?thesis by (simp add:readys_def runing_def)
-qed
-lemma root_th: "root (RAG s') (Th th)"
-using readys_root[OF readys_th] .
-lemma in_no_others_subtree:
-assumes "th' \<noteq> th"
-shows "Th th \<notin> subtree (RAG s') (Th th')"
-proof
-assume "Th th \<in> subtree (RAG s') (Th th')"
 thus False
 proof(cases rule:subtreeE)
 case 1
 with assms show ?thesis by auto
 next
 case 2
 with root_th show ?thesis by (auto simp:root_def)
 qed
 qed
-lemma preced_kept: "the_preced s = the_preced s'"
+lemma preced_kept: "the_preced (e#s) = the_preced s"
-by (auto simp: s_def the_preced_def preced_def)
+proof
+fix th'
-end
+show "the_preced (e # s) th' = the_preced s th'"
+by (unfold the_preced_def is_p preced_def, simp)
-locale step_P_cps_ne =step_P_cps +
+qed
-fixes th'
-assumes ne: "wq s' cs \<noteq> []"
+end
-defines th'_def: "th' \<equiv> hd (wq s' cs)"
-locale step_P_cps_e =step_P_cps +
+context valid_trace_p_h
-assumes ee: "wq s' cs = []"
+begin
-context step_P_cps_e
-begin
-lemma RAG_s: "RAG s = RAG s' \<union> {(Cs cs, Th th)}"
-proof -
-from ee and  step_RAG_p[OF vt_s[unfolded s_def], folded s_def]
-show ?thesis by auto
-qed
 lemma subtree_kept:
 assumes "th' \<noteq> th"
-shows "subtree (RAG s) (Th th') = subtree (RAG s') (Th th')"
+shows "subtree (RAG (e#s)) (Th th') = subtree (RAG s) (Th th')"
-proof(unfold RAG_s, rule subtree_insert_next)
+proof(unfold RAG_es, rule subtree_insert_next)
 from in_no_others_subtree[OF assms]
-show "Th th \<notin> subtree (RAG s') (Th th')" .
+show "Th th \<notin> subtree (RAG s) (Th th')" .
 qed
 lemma cp_kept:
 assumes "th' \<noteq> th"
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 proof -
-have "(the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')}) =
+have "(the_preced (e#s) ` {th'a. Th th'a \<in> subtree (RAG (e#s)) (Th th')}) =
-(the_preced s' ` {th'a. Th th'a \<in> subtree (RAG s') (Th th')})"
+(the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')})"
 by (unfold preced_kept subtree_kept[OF assms], simp)
 thus ?thesis by (unfold cp_alt_def, simp)
 qed
 end
-context step_P_cps_ne
+context valid_trace_p_w
 begin
-lemma RAG_s: "RAG s = RAG s' \<union> {(Th th, Cs cs)}"
+interpretation vat_e: valid_trace "e#s"
-proof -
+by (unfold_locales, insert vt_e, simp)
-from step_RAG_p[OF vt_s[unfolded s_def]] and ne
-show ?thesis by (simp add:s_def)
+lemma cs_held: "(Cs cs, Th holder) \<in> RAG s"
-qed
+using holding_s_holder
+by (unfold s_RAG_def, fold holding_eq, auto)
-lemma cs_held: "(Cs cs, Th th') \<in> RAG s'"
-proof -
+lemma tRAG_s:
-have "(Cs cs, Th th') \<in> hRAG s'"
+"tRAG (e#s) = tRAG s \<union> {(Th th, Th holder)}"
+using local.RAG_tRAG_transfer[OF RAG_es cs_held] .
+lemma cp_kept:
+assumes "Th th'' \<notin> ancestors (tRAG (e#s)) (Th th)"
+shows "cp (e#s) th'' = cp s th''"
+proof -
+have h: "subtree (tRAG (e#s)) (Th th'') = subtree (tRAG s) (Th th'')"
 proof -
-from ne
+have "Th holder \<notin> subtree (tRAG s) (Th th'')"
-have " holding s' th' cs"
-by (unfold th'_def holding_eq cs_holding_def, auto)
-thus ?thesis
-by (unfold hRAG_def, auto)
-qed
-thus ?thesis by (unfold RAG_split, auto)
-qed
-lemma tRAG_s:
-"tRAG s = tRAG s' \<union> {(Th th, Th th')}"
-using RAG_tRAG_transfer[OF RAG_s cs_held] .
-lemma cp_kept:
-assumes "Th th'' \<notin> ancestors (tRAG s) (Th th)"
-shows "cp s th'' = cp s' th''"
-proof -
-have h: "subtree (tRAG s) (Th th'') = subtree (tRAG s') (Th th'')"
-proof -
-have "Th th' \<notin> subtree (tRAG s') (Th th'')"
 proof
-assume "Th th' \<in> subtree (tRAG s') (Th th'')"
+assume "Th holder \<in> subtree (tRAG s) (Th th'')"
 thus False
 proof(rule subtreeE)
-assume "Th th' = Th th''"
+assume "Th holder = Th th''"
 from assms[unfolded tRAG_s ancestors_def, folded this]
 show ?thesis by auto
 next
-assume "Th th'' \<in> ancestors (tRAG s') (Th th')"
+assume "Th th'' \<in> ancestors (tRAG s) (Th holder)"
-moreover have "... \<subseteq> ancestors (tRAG s) (Th th')"
+moreover have "... \<subseteq> ancestors (tRAG (e#s)) (Th holder)"
 proof(rule ancestors_mono)
-show "tRAG s' \<subseteq> tRAG s" by (unfold tRAG_s, auto)
+show "tRAG s \<subseteq> tRAG (e#s)" by (unfold tRAG_s, auto)
 qed
-ultimately have "Th th'' \<in> ancestors (tRAG s) (Th th')" by auto
+ultimately have "Th th'' \<in> ancestors (tRAG (e#s)) (Th holder)" by auto
-moreover have "Th th' \<in> ancestors (tRAG s) (Th th)"
+moreover have "Th holder \<in> ancestors (tRAG (e#s)) (Th th)"
 by (unfold tRAG_s, auto simp:ancestors_def)
-ultimately have "Th th'' \<in> ancestors (tRAG s) (Th th)"
+ultimately have "Th th'' \<in> ancestors (tRAG (e#s)) (Th th)"
 by (auto simp:ancestors_def)
 with assms show ?thesis by auto
 qed
 qed
 from subtree_insert_next[OF this]
-have "subtree (tRAG s' \<union> {(Th th, Th th')}) (Th th'') = subtree (tRAG s') (Th th'')" .
+have "subtree (tRAG s \<union> {(Th th, Th holder)}) (Th th'') = subtree (tRAG s) (Th th'')" .
 from this[folded tRAG_s] show ?thesis .
 qed
 show ?thesis by (unfold cp_alt_def1 h preced_kept, simp)
 qed
 lemma cp_gen_update_stop: (* ddd *)
-assumes "u \<in> ancestors (tRAG s) (Th th)"
+assumes "u \<in> ancestors (tRAG (e#s)) (Th th)"
-and "cp_gen s u = cp_gen s' u"
+and "cp_gen (e#s) u = cp_gen s u"
-and "y \<in> ancestors (tRAG s) u"
+and "y \<in> ancestors (tRAG (e#s)) u"
-shows "cp_gen s y = cp_gen s' y"
+shows "cp_gen (e#s) y = cp_gen s y"
 using assms(3)
-proof(induct rule:wf_induct[OF vat_s.fsbttRAGs.wf])
+proof(induct rule:wf_induct[OF vat_e.fsbttRAGs.wf])
 case (1 x)
 show ?case (is "?L = ?R")
 proof -
 from tRAG_ancestorsE[OF 1(2)]
 obtain th2 where eq_x: "x = Th th2" by blast
-from vat_s.cp_gen_rec[OF this]
+from vat_e.cp_gen_rec[OF this]
 have "?L =
-Max ({the_preced s th2} \<union> cp_gen s ` RTree.children (tRAG s) x)" .
+Max ({the_preced (e#s) th2} \<union> cp_gen (e#s) ` RTree.children (tRAG (e#s)) x)" .
 also have "... =
-Max ({the_preced s' th2} \<union> cp_gen s' ` RTree.children (tRAG s') x)"
+Max ({the_preced s th2} \<union> cp_gen s ` RTree.children (tRAG s) x)"
 proof -
-from preced_kept have "the_preced s th2 = the_preced s' th2" by simp
+from preced_kept have "the_preced (e#s) th2 = the_preced s th2" by simp
-moreover have "cp_gen s ` RTree.children (tRAG s) x =
+moreover have "cp_gen (e#s) ` RTree.children (tRAG (e#s)) x =
-cp_gen s' ` RTree.children (tRAG s') x"
+cp_gen s ` RTree.children (tRAG s) x"
 proof -
-have "RTree.children (tRAG s) x =  RTree.children (tRAG s') x"
+have "RTree.children (tRAG (e#s)) x =  RTree.children (tRAG s) x"
 proof(unfold tRAG_s, rule children_union_kept)
-have start: "(Th th, Th th') \<in> tRAG s"
+have start: "(Th th, Th holder) \<in> tRAG (e#s)"
 by (unfold tRAG_s, auto)
 note x_u = 1(2)
-show "x \<notin> Range {(Th th, Th th')}"
+show "x \<notin> Range {(Th th, Th holder)}"
 proof
-assume "x \<in> Range {(Th th, Th th')}"
+assume "x \<in> Range {(Th th, Th holder)}"
-hence eq_x: "x = Th th'" using RangeE by auto
+hence eq_x: "x = Th holder" using RangeE by auto
 show False
-proof(cases rule:vat_s.rtree_s.ancestors_headE[OF assms(1) start])
+proof(cases rule:vat_e.ancestors_headE[OF assms(1) start])
 case 1
-from x_u[folded this, unfolded eq_x] vat_s.acyclic_tRAG
+from x_u[folded this, unfolded eq_x] vat_e.acyclic_tRAG
 show ?thesis by (auto simp:ancestors_def acyclic_def)
 next
 case 2
 with x_u[unfolded eq_x]
-have "(Th th', Th th') \<in> (tRAG s)^+" by (auto simp:ancestors_def)
+have "(Th holder, Th holder) \<in> (tRAG (e#s))^+" by (auto simp:ancestors_def)
-with vat_s.acyclic_tRAG show ?thesis by (auto simp:acyclic_def)
+with vat_e.acyclic_tRAG show ?thesis by (auto simp:acyclic_def)
 qed
 qed
 qed
-moreover have "cp_gen s ` RTree.children (tRAG s) x =
+moreover have "cp_gen (e#s) ` RTree.children (tRAG (e#s)) x =
-cp_gen s' ` RTree.children (tRAG s) x" (is "?f ` ?A = ?g ` ?A")
+cp_gen s ` RTree.children (tRAG (e#s)) x" (is "?f ` ?A = ?g ` ?A")
 proof(rule f_image_eq)
 fix a
 assume a_in: "a \<in> ?A"
 from 1(2)
 show "?f a = ?g a"
-proof(cases rule:vat_s.rtree_s.ancestors_childrenE[case_names in_ch out_ch])
+proof(cases rule:vat_e.rtree_s.ancestors_childrenE[case_names in_ch out_ch])
 case in_ch
 show ?thesis
 proof(cases "a = u")
 case True
 from assms(2)[folded this] show ?thesis .
 next
 case False
-have a_not_in: "a \<notin> ancestors (tRAG s) (Th th)"
+have a_not_in: "a \<notin> ancestors (tRAG (e#s)) (Th th)"
 proof
-assume a_in': "a \<in> ancestors (tRAG s) (Th th)"
+assume a_in': "a \<in> ancestors (tRAG (e#s)) (Th th)"
 have "a = u"
-proof(rule vat_s.rtree_s.ancestors_children_unique)
+proof(rule vat_e.rtree_s.ancestors_children_unique)
-from a_in' a_in show "a \<in> ancestors (tRAG s) (Th th) \<inter>
+from a_in' a_in show "a \<in> ancestors (tRAG (e#s)) (Th th) \<inter>
-RTree.children (tRAG s) x" by auto
+RTree.children (tRAG (e#s)) x" by auto
 next
-from assms(1) in_ch show "u \<in> ancestors (tRAG s) (Th th) \<inter>
+from assms(1) in_ch show "u \<in> ancestors (tRAG (e#s)) (Th th) \<inter>
-RTree.children (tRAG s) x" by auto
+RTree.children (tRAG (e#s)) x" by auto
 qed
 with False show False by simp
 qed
 from a_in obtain th_a where eq_a: "a = Th th_a"
 by (unfold RTree.children_def tRAG_alt_def, auto)
 from cp_kept[OF a_not_in[unfolded eq_a]]
-have "cp s th_a = cp s' th_a" .
+have "cp (e#s) th_a = cp s th_a" .
 from this [unfolded cp_gen_def_cond[OF eq_a], folded eq_a]
 show ?thesis .
 qed
 next
 case (out_ch z)
-hence h: "z \<in> ancestors (tRAG s) u" "z \<in> RTree.children (tRAG s) x" by auto
+hence h: "z \<in> ancestors (tRAG (e#s)) u" "z \<in> RTree.children (tRAG (e#s)) x" by auto
 show ?thesis
 proof(cases "a = z")
 case True
-from h(2) have zx_in: "(z, x) \<in> (tRAG s)" by (auto simp:RTree.children_def)
+from h(2) have zx_in: "(z, x) \<in> (tRAG (e#s))" by (auto simp:RTree.children_def)
 from 1(1)[rule_format, OF this h(1)]
-have eq_cp_gen: "cp_gen s z = cp_gen s' z" .
+have eq_cp_gen: "cp_gen (e#s) z = cp_gen s z" .
 with True show ?thesis by metis
 next
 case False
 from a_in obtain th_a where eq_a: "a = Th th_a"
 by (auto simp:RTree.children_def tRAG_alt_def)
-have "a \<notin> ancestors (tRAG s) (Th th)"
+have "a \<notin> ancestors (tRAG (e#s)) (Th th)"
 proof
-assume a_in': "a \<in> ancestors (tRAG s) (Th th)"
+assume a_in': "a \<in> ancestors (tRAG (e#s)) (Th th)"
 have "a = z"
-proof(rule vat_s.rtree_s.ancestors_children_unique)
+proof(rule vat_e.rtree_s.ancestors_children_unique)
-from assms(1) h(1) have "z \<in> ancestors (tRAG s) (Th th)"
+from assms(1) h(1) have "z \<in> ancestors (tRAG (e#s)) (Th th)"
 by (auto simp:ancestors_def)
-with h(2) show " z \<in> ancestors (tRAG s) (Th th) \<inter>
+with h(2) show " z \<in> ancestors (tRAG (e#s)) (Th th) \<inter>
-RTree.children (tRAG s) x" by auto
+RTree.children (tRAG (e#s)) x" by auto
 next
 from a_in a_in'
-show "a \<in> ancestors (tRAG s) (Th th) \<inter> RTree.children (tRAG s) x"
+show "a \<in> ancestors (tRAG (e#s)) (Th th) \<inter> RTree.children (tRAG (e#s)) x"
 by auto
 qed
 with False show False by auto
 qed
 from cp_kept[OF this[unfolded eq_a]]
-have "cp s th_a = cp s' th_a" .
+have "cp (e#s) th_a = cp s th_a" .
 from this[unfolded cp_gen_def_cond[OF eq_a], folded eq_a]
 show ?thesis .
 qed
 qed
 qed
 ultimately show ?thesis by metis
 qed
 ultimately show ?thesis by simp
 qed
 also have "... = ?R"
-by (fold vat_s'.cp_gen_rec[OF eq_x], simp)
+by (fold cp_gen_rec[OF eq_x], simp)
 finally show ?thesis .
 qed
 qed
 lemma cp_up:
-assumes "(Th th') \<in> ancestors (tRAG s) (Th th)"
+assumes "(Th th') \<in> ancestors (tRAG (e#s)) (Th th)"
-and "cp s th' = cp s' th'"
+and "cp (e#s) th' = cp s th'"
-and "(Th th'') \<in> ancestors (tRAG s) (Th th')"
+and "(Th th'') \<in> ancestors (tRAG (e#s)) (Th th')"
-shows "cp s th'' = cp s' th''"
+shows "cp (e#s) th'' = cp s th''"
 proof -
-have "cp_gen s (Th th'') = cp_gen s' (Th th'')"
+have "cp_gen (e#s) (Th th'') = cp_gen s (Th th'')"
 proof(rule cp_gen_update_stop[OF assms(1) _ assms(3)])
 from assms(2) cp_gen_def_cond[OF refl[of "Th th'"]]
-show "cp_gen s (Th th') = cp_gen s' (Th th')" by metis
+show "cp_gen (e#s) (Th th') = cp_gen s (Th th')" by metis
 qed
 with cp_gen_def_cond[OF refl[of "Th th''"]]
 show ?thesis by metis
 qed
 end
 section {* The @{term Create} operation *}
-locale step_create_cps =
+context valid_trace_create
-fixes s' th prio s
+begin
-defines s_def : "s \<equiv> (Create th prio#s')"
-assumes vt_s: "vt s"
+interpretation vat_e: valid_trace "e#s"
+by (unfold_locales, insert vt_e, simp)
-sublocale step_create_cps < vat_s: valid_trace "s"
-by (unfold_locales, insert vt_s, simp)
+lemma tRAG_kept: "tRAG (e#s) = tRAG s"
+by (unfold tRAG_alt_def RAG_unchanged, auto)
-sublocale step_create_cps < vat_s': valid_trace "s'"
-by (unfold_locales, insert step_back_vt[OF vt_s[unfolded s_def]], simp)
-context step_create_cps
-begin
-lemma RAG_kept: "RAG s = RAG s'"
-by (unfold s_def RAG_create_unchanged, auto)
-lemma tRAG_kept: "tRAG s = tRAG s'"
-by (unfold tRAG_alt_def RAG_kept, auto)
 lemma preced_kept:
 assumes "th' \<noteq> th"
-shows "the_preced s th' = the_preced s' th'"
+shows "the_preced (e#s) th' = the_preced s th'"
-by (unfold s_def the_preced_def preced_def, insert assms, auto)
+by (unfold the_preced_def preced_def is_create, insert assms, auto)
-lemma th_not_in: "Th th \<notin> Field (tRAG s')"
+lemma th_not_in: "Th th \<notin> Field (tRAG s)"
-proof -
+by (meson not_in_thread_isolated subsetCE tRAG_Field th_not_live_s)
-from vt_s[unfolded s_def]
-have "PIP s' (Create th prio)" by (cases, simp)
-hence "th \<notin> threads s'" by(cases, simp)
-from vat_s'.not_in_thread_isolated[OF this]
-have "Th th \<notin> Field (RAG s')" .
-with tRAG_Field show ?thesis by auto
-qed
 lemma eq_cp:
 assumes neq_th: "th' \<noteq> th"
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 proof -
-have "(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th') =
+have "(the_preced (e#s) \<circ> the_thread) ` subtree (tRAG (e#s)) (Th th') =
-(the_preced s' \<circ> the_thread) ` subtree (tRAG s') (Th th')"
+(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th')"
 proof(unfold tRAG_kept, rule f_image_eq)
 fix a
-assume a_in: "a \<in> subtree (tRAG s') (Th th')"
+assume a_in: "a \<in> subtree (tRAG s) (Th th')"
 then obtain th_a where eq_a: "a = Th th_a"
 proof(cases rule:subtreeE)
 case 2
 from ancestors_Field[OF 2(2)]
 and that show ?thesis by (unfold tRAG_alt_def, auto)
 qed auto
 have neq_th_a: "th_a \<noteq> th"
 proof -
-have "(Th th) \<notin> subtree (tRAG s') (Th th')"
+have "(Th th) \<notin> subtree (tRAG s) (Th th')"
 proof
-assume "Th th \<in> subtree (tRAG s') (Th th')"
+assume "Th th \<in> subtree (tRAG s) (Th th')"
 thus False
 proof(cases rule:subtreeE)
 case 2
 from ancestors_Field[OF this(2)]
 and th_not_in[unfolded Field_def]
 qed (insert assms, auto)
 qed
 with a_in[unfolded eq_a] show ?thesis by auto
 qed
 from preced_kept[OF this]
-show "(the_preced s \<circ> the_thread) a = (the_preced s' \<circ> the_thread) a"
+show "(the_preced (e#s) \<circ> the_thread) a = (the_preced s \<circ> the_thread) a"
 by (unfold eq_a, simp)
 qed
 thus ?thesis by (unfold cp_alt_def1, simp)
 qed
-lemma children_of_th: "RTree.children (tRAG s) (Th th) = {}"
+lemma children_of_th: "RTree.children (tRAG (e#s)) (Th th) = {}"
 proof -
 { fix a
-assume "a \<in> RTree.children (tRAG s) (Th th)"
+assume "a \<in> RTree.children (tRAG (e#s)) (Th th)"
-hence "(a, Th th) \<in> tRAG s" by (auto simp:RTree.children_def)
+hence "(a, Th th) \<in> tRAG (e#s)" by (auto simp:RTree.children_def)
 with th_not_in have False
 by (unfold Field_def tRAG_kept, auto)
 } thus ?thesis by auto
 qed
-lemma eq_cp_th: "cp s th = preced th s"
+lemma eq_cp_th: "cp (e#s) th = preced th (e#s)"
-by (unfold vat_s.cp_rec children_of_th, simp add:the_preced_def)
+by (unfold vat_e.cp_rec children_of_th, simp add:the_preced_def)
 end
-locale step_exit_cps =
-fixes s' th prio s
+context valid_trace_exit
-defines s_def : "s \<equiv> Exit th # s'"
-assumes vt_s: "vt s"
-sublocale step_exit_cps < vat_s: valid_trace "s"
-by (unfold_locales, insert vt_s, simp)
-sublocale step_exit_cps < vat_s': valid_trace "s'"
-by (unfold_locales, insert step_back_vt[OF vt_s[unfolded s_def]], simp)
-context step_exit_cps
 begin
 lemma preced_kept:
 assumes "th' \<noteq> th"
-shows "the_preced s th' = the_preced s' th'"
+shows "the_preced (e#s) th' = the_preced s th'"
-by (unfold s_def the_preced_def preced_def, insert assms, auto)
+using assms
+by (unfold the_preced_def is_exit preced_def, simp)
-lemma RAG_kept: "RAG s = RAG s'"
-by (unfold s_def RAG_exit_unchanged, auto)
+lemma tRAG_kept: "tRAG (e#s) = tRAG s"
+by (unfold tRAG_alt_def RAG_unchanged, auto)
-lemma tRAG_kept: "tRAG s = tRAG s'"
-by (unfold tRAG_alt_def RAG_kept, auto)
+lemma th_RAG: "Th th \<notin> Field (RAG s)"
+proof -
-lemma th_ready: "th \<in> readys s'"
+have "Th th \<notin> Range (RAG s)"
-proof -
-from vt_s[unfolded s_def]
-have "PIP s' (Exit th)" by (cases, simp)
-hence h: "th \<in> runing s' \<and> holdents s' th = {}" by (cases, metis)
-thus ?thesis by (unfold runing_def, auto)
-qed
-lemma th_holdents: "holdents s' th = {}"
-proof -
-from vt_s[unfolded s_def]
-have "PIP s' (Exit th)" by (cases, simp)
-thus ?thesis by (cases, metis)
-qed
-lemma th_RAG: "Th th \<notin> Field (RAG s')"
-proof -
-have "Th th \<notin> Range (RAG s')"
 proof
-assume "Th th \<in> Range (RAG s')"
+assume "Th th \<in> Range (RAG s)"
-then obtain cs where "holding (wq s') th cs"
+then obtain cs where "holding (wq s) th cs"
 by (unfold Range_iff s_RAG_def, auto)
-with th_holdents[unfolded holdents_def]
+with holdents_th_s[unfolded holdents_def]
-show False by (unfold eq_holding, auto)
+show False by (unfold holding_eq, auto)
 qed
-moreover have "Th th \<notin> Domain (RAG s')"
+moreover have "Th th \<notin> Domain (RAG s)"
 proof
-assume "Th th \<in> Domain (RAG s')"
+assume "Th th \<in> Domain (RAG s)"
-then obtain cs where "waiting (wq s') th cs"
+then obtain cs where "waiting (wq s) th cs"
 by (unfold Domain_iff s_RAG_def, auto)
-with th_ready show False by (unfold readys_def eq_waiting, auto)
+with th_ready_s show False by (unfold readys_def waiting_eq, auto)
 qed
 ultimately show ?thesis by (auto simp:Field_def)
 qed
-lemma th_tRAG: "(Th th) \<notin> Field (tRAG s')"
+lemma th_tRAG: "(Th th) \<notin> Field (tRAG s)"
-using th_RAG tRAG_Field[of s'] by auto
+using th_RAG tRAG_Field by auto
 lemma eq_cp:
 assumes neq_th: "th' \<noteq> th"
-shows "cp s th' = cp s' th'"
+shows "cp (e#s) th' = cp s th'"
 proof -
-have "(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th') =
+have "(the_preced (e#s) \<circ> the_thread) ` subtree (tRAG (e#s)) (Th th') =
-(the_preced s' \<circ> the_thread) ` subtree (tRAG s') (Th th')"
+(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th')"
 proof(unfold tRAG_kept, rule f_image_eq)
 fix a
-assume a_in: "a \<in> subtree (tRAG s') (Th th')"
+assume a_in: "a \<in> subtree (tRAG s) (Th th')"
 then obtain th_a where eq_a: "a = Th th_a"
 proof(cases rule:subtreeE)
 case 2
 from ancestors_Field[OF 2(2)]
 and that show ?thesis by (unfold tRAG_alt_def, auto)
 qed auto
 have neq_th_a: "th_a \<noteq> th"
 proof -
-from vat_s'.readys_in_no_subtree[OF th_ready assms]
+from readys_in_no_subtree[OF th_ready_s assms]
-have "(Th th) \<notin> subtree (RAG s') (Th th')" .
+have "(Th th) \<notin> subtree (RAG s) (Th th')" .
-with tRAG_subtree_RAG[of s' "Th th'"]
+with tRAG_subtree_RAG[of s "Th th'"]
-have "(Th th) \<notin> subtree (tRAG s') (Th th')" by auto
+have "(Th th) \<notin> subtree (tRAG s) (Th th')" by auto
 with a_in[unfolded eq_a] show ?thesis by auto
 qed
 from preced_kept[OF this]
-show "(the_preced s \<circ> the_thread) a = (the_preced s' \<circ> the_thread) a"
+show "(the_preced (e#s) \<circ> the_thread) a = (the_preced s \<circ> the_thread) a"
 by (unfold eq_a, simp)
 qed
 thus ?thesis by (unfold cp_alt_def1, simp)
 qed
 end
 end

changeset 97	c7ba70dc49bd
parent 95	8d2cc27f45f3
parent 93	524bd3caa6b6
child 104	43482ab31341