pip: comparison Test.thy

equal deleted inserted replaced

-:af38526275f8
+:c820ac0f3088
 "initial_cprec \<equiv> \<lambda>_::thread. Prc 0 0"
 abbreviation
 "release qs \<equiv> case qs of
 [] => []
-|  (_#qs) => (SOME q. distinct q \<and> set q = set qs)"
+|  (_ # qs) => SOME q. distinct q \<and> set q = set qs"
 fun schs :: "state \<Rightarrow> schedule_state"
 where
 "schs [] = (| wq_fun = \<lambda> cs. [],  cprec_fun = (\<lambda>_. Prc 0 0) |)"
 | "schs (Create th prio # s) =
 definition runing :: "state \<Rightarrow> thread set"
 where "runing s \<equiv> {th . th \<in> readys s \<and> cp s th = Max ((cp s) ` (readys s))}"
 definition holding :: "state \<Rightarrow> thread \<Rightarrow> cs set"
 where "holding s th \<equiv> {cs . holds2 s th cs}"
+abbreviation
+"next_to_run ths \<equiv> hd (SOME q::thread list. distinct q \<and> set q = set ths)"
 lemma holding_RAG:
 "holding s th = {cs . (Cs cs, Th th) \<in> RAG2 s}"
 unfolding holding_def
 unfolding holds2_def
 unfolding RAG2_def
 by (simp add: Let_def)
 lemma RAG_p1:
 assumes "wq s cs = []"
-shows "RAG2 (P th cs # s) = RAG2 s \<union> {(Cs cs, Th th)}"
+shows "RAG2 (P th cs # s) \<subseteq> RAG2 s \<union> {(Cs cs, Th th)}"
 using assms
-apply(auto simp add: RAG2_def RAG_def wq_def Let_def waits_def holds_def)
+unfolding  RAG2_def RAG_def wq_def Let_def waits_def holds_def
-apply (metis in_set_insert insert_Nil list.distinct(1))
+by (auto simp add: Let_def)
-done
 lemma RAG_p2:
-assumes "vt (P th cs#s)" "wq s cs \<noteq> []"
+assumes "(Cs cs, Th th) \<notin> (RAG2 s)\<^sup>+" "wq s cs \<noteq> []"
-shows "RAG2 (P th cs # s) = RAG2 s \<union> {(Th th, Cs cs)}"
+shows "RAG2 (P th cs # s) \<subseteq> RAG2 s \<union> {(Th th, Cs cs)}"
 using assms
-apply(simp add: RAG2_def Let_def)
+unfolding RAG2_def RAG_def wq_def Let_def waits_def holds_def
-apply(erule_tac vt.cases)
+by (auto simp add: Let_def)
-apply(simp)
-apply(clarify)
+lemma [simp]: "(SOME q. distinct q \<and> q = []) = []"
-apply(simp)
+by auto
-apply(erule_tac step.cases)
-apply(simp_all)
+lemma [simp]: "(x \<in> set (SOME q. distinct q \<and> set q = set p)) = (x \<in> set p)"
-apply(simp add: wq_def RAG_def RAG2_def)
+apply auto
-apply(simp add: waits_def holds_def)
+apply (metis (mono_tags, lifting) List.finite_set finite_distinct_list some_eq_ex)
-apply(auto)
+by (metis (mono_tags, lifting) List.finite_set finite_distinct_list some_eq_ex)
-done
+lemma RAG_v1:
-definition next_th:: "state \<Rightarrow> thread \<Rightarrow> cs \<Rightarrow> thread \<Rightarrow> bool"
+assumes vt: "wq s cs = [th]"
-where "next_th s th cs t =
+shows "RAG2 (V th cs # s) \<subseteq> RAG2 s - {(Cs cs, Th th)}"
-(\<exists> rest. wq s cs = th#rest \<and> rest \<noteq> [] \<and> t = hd (SOME q. distinct q \<and> set q = set rest))"
+using assms
+unfolding RAG2_def RAG_def waits_def holds_def wq_def
-lemma RAG_v:
+by (auto simp add: Let_def)
-assumes vt:"vt (V th cs#s)"
-shows "
+lemma RAG_v2:
-RAG2 (V th cs # s) =
+assumes vt:"vt s" "wq s cs = th # wts \<and> wts \<noteq> []"
-RAG2 s - {(Cs cs, Th th)} -
+shows "RAG2 (V th cs # s) \<subseteq>
-{(Th th', Cs cs) |th'. next_th s th cs th'} \<union>
+RAG2 s - {(Cs cs, Th th)} - {(Th (next_to_run wts), Cs cs)} \<union> {(Cs cs, Th (next_to_run wts))}"
-{(Cs cs, Th th') |th'.  next_th s th cs th'}"
+unfolding RAG2_def RAG_def waits_def holds_def
-apply (insert vt, unfold RAG2_def RAG_def)
+using assms wq_distinct[OF vt(1), of"cs"]
-sorry
+by (auto simp add: Let_def wq_def)
 lemma waiting_unique:
 assumes "vt s"
 and "waits2 s th cs1"
 and "waits2 s th cs2"
 shows "cs1 = cs2"
 sorry
-lemma singleton_Un:
-shows "A \<union> {x} = insert x A"
-by simp
 lemma acyclic_RAG_step:
 assumes vt: "vt s"
 and     stp: "step s e"
 and     ac: "acyclic (RAG2 s)"
 shows "acyclic (RAG2 (e # s))"
 using stp vt ac
 proof (induct)
 case (step_P th s cs)
-have vt: "vt s" by fact
 have ac: "acyclic (RAG2 s)" by fact
-have rn: "th \<in> runing s" by fact
 have ds: "(Cs cs, Th th) \<notin> (RAG2 s)\<^sup>+" by fact
-have vtt: "vt (P th cs#s)" using vt rn ds by (metis step.step_P vt_cons)
 { assume a: "wq s cs = []" -- "case waiting queue is empty"
 have "(Th th, Cs cs) \<notin> (RAG2 s)\<^sup>*"
 proof
 assume "(Th th, Cs cs) \<in> (RAG2 s)\<^sup>*"
 then have "(Th th, Cs cs) \<in> (RAG2 s)\<^sup>+" by (simp add: rtrancl_eq_or_trancl)
 then obtain x where "(x, Cs cs) \<in> RAG2 s" using tranclD2 by metis
 with a show False by (auto simp: RAG2_def RAG_def wq_def waits_def)
 qed
 with acyclic_insert ac
 have "acyclic (RAG2 s \<union> {(Cs cs, Th th)})" by simp
-then have "acyclic (RAG2 (P th cs # s))" using RAG_p1[OF a] by simp
+then have "acyclic (RAG2 (P th cs # s))" using RAG_p1[OF a]
+by (rule acyclic_subset)
 }
 moreover
 { assume a: "wq s cs \<noteq> []" -- "case waiting queue is not empty"
 from ds have "(Cs cs, Th th) \<notin> (RAG2 s)\<^sup>*" by (metis node.distinct(1) rtranclD)
 with acyclic_insert ac
 have "acyclic (RAG2 s \<union> {(Th th, Cs cs)})" by auto
-then have "acyclic (RAG2 (P th cs # s))" using RAG_p2[OF vtt a] by simp
+then have "acyclic (RAG2 (P th cs # s))" using RAG_p2[OF ds a]
+by (rule acyclic_subset)
 }
 ultimately show "acyclic (RAG2 (P th cs # s))" by metis
 next
 case (step_V th s cs)
 have vt: "vt s" by fact
 have ac: "acyclic (RAG2 s)" by fact
 have rn: "th \<in> runing s" by fact
 have hd: "holds2 s th cs" by fact
-from hd
+from hd have th_in: "th \<in> set (wq s cs)" and
-have th_in: "th \<in> set (wq s cs)" and
+eq_hd: "th = hd (wq s cs)" unfolding holds2_def holds_def wq_def by auto
-eq_hd: "th = hd (wq s cs)" unfolding holds2_def holds_def wq_def by auto
+then obtain wts where
-then obtain rest where
+eq_wq: "wq s cs = th # wts" by (cases "wq s cs") (auto)
-eq_wq: "wq s cs = th # rest" by (cases "wq s cs") (auto)
+{ assume "wts = []" -- "case no thread present to take over"
-show ?case
+with eq_wq have "wq s cs = [th]" by simp
-apply(subst RAG_v)
+then have "RAG2 (V th cs # s) \<subseteq> RAG2 s - {(Cs cs, Th th)}" by (rule RAG_v1)
-apply(rule vt_cons)
+moreover have "acyclic (RAG2 s - {(Cs cs, Th th)})" using ac by (auto intro: acyclic_subset)
-apply(rule vt)
+ultimately
-apply(rule step.step_V)
+have "acyclic (RAG2 (V th cs # s))" by (auto intro: acyclic_subset)
-apply(rule rn)
+}
-apply(rule hd)
+moreover
-using eq_wq
+{ def nth \<equiv> "next_to_run wts"
-apply(cases "rest = []")
+assume aa: "wts \<noteq> []" -- "at least one thread present to take over"
-apply(subgoal_tac "{(Cs cs, Th th') |th'. next_th s th cs th'} = {}")
+with vt eq_wq
-apply(simp)
+have "RAG2 (V th cs # s) \<subseteq> RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)} \<union> {(Cs cs, Th nth)}"
-apply(rule acyclic_subset)
+unfolding nth_def by (rule_tac RAG_v2) (auto)
-apply(rule ac)
+moreover
-apply(auto)[1]
+have "acyclic (insert (Cs cs, Th nth) (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)}))"
-apply(auto simp add: next_th_def)[1]
+proof -
--- "case wq more than a singleton"
+have "acyclic (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)})" using ac by (auto intro: acyclic_subset)
-apply(subgoal_tac "{(Cs cs, Th (hd (SOME q. distinct q \<and> set q = set rest)))} =
+moreover
-{(Cs cs, Th th') |th'. next_th s th cs th'}")
+have "(Th nth, Cs cs) \<notin> (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)})\<^sup>+"
-apply(rotate_tac 2)
+proof
-apply(drule sym)
+assume "(Th nth, Cs cs) \<in> (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)})\<^sup>+"
-apply(simp only: singleton_Un)
+then obtain z where a: "(Th nth, z) \<in> (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)})"
-apply(simp only: acyclic_insert)
+by (metis converse_tranclE)
-apply(rule conjI)
+then have "(Th nth, z) \<in> RAG2 s" by simp
-apply(rule acyclic_subset)
+then obtain cs' where b: "z = Cs cs'" "(Th nth, Cs cs') \<in> RAG2 s"
-apply(rule ac)
+unfolding RAG2_def RAG_def by auto
-apply(auto)[1]
+then have "cs = cs'"
-apply(rotate_tac 2)
+apply(rule_tac waiting_unique[OF vt])
-apply(thin_tac "?X")
+using eq_wq aa
-defer
+apply(auto simp add: nth_def RAG2_def RAG_def waits2_def waits_def wq_def)
-apply(simp add: next_th_def)
+apply (metis (mono_tags, lifting) `\<And>thesis. (\<And>wts. wq s cs = th # wts \<Longrightarrow> thesis) \<Longrightarrow> thesis` distinct.simps(2) hd_in_set list.inject set_empty2 tfl_some vt wq_def wq_distinct)
-apply(clarify)
+by (metis (mono_tags, lifting) `\<And>thesis. (\<And>wts. wq s cs = th # wts \<Longrightarrow> thesis) \<Longrightarrow> thesis` distinct.simps(2) hd_in_set list.sel(1) set_empty2 tfl_some vt wq_def wq_distinct)
-apply(simp add: rtrancl_eq_or_trancl)
+then show "False" using a b by simp
-apply(drule tranclD)
+qed
-apply(erule exE)
+then have "(Th nth, Cs cs) \<notin> (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)})\<^sup>*"
-apply(drule conjunct1)
+by (metis node.distinct(1) rtranclD)
-apply(subgoal_tac "(Th (hd (SOME q. distinct q \<and> set q = set rest)), z) \<in> RAG2 s")
+ultimately
-prefer 2
+show "acyclic (insert (Cs cs, Th nth) (RAG2 s - {(Cs cs, Th th)} - {(Th nth, Cs cs)}))"
-apply(simp)
+by (simp add: acyclic_insert)
-apply(case_tac z)
+qed
-apply(simp add: RAG2_def RAG_def)
+ultimately have "acyclic (RAG2 (V th cs # s))" by (auto intro: acyclic_subset)
-apply(clarify)
+}
-apply(simp)
+ultimately show "acyclic (RAG2 (V th cs # s))" by metis
-apply(simp add: next_th_def)
-apply(rule waiting_unique)
-apply(rule vt)
-apply(simp add: RAG2_def RAG_def waits2_def waits_def wq_def)
-apply(rotate_tac 2)
-apply(thin_tac "?X")
-apply(subgoal_tac "distinct (wq s cs)")
-prefer 2
-apply(rule wq_distinct)
-apply(rule vt)
-apply (unfold waits2_def waits_def wq_def, auto)
-apply(subgoal_tac "(SOME q. distinct q \<and> set q = set rest) \<noteq> []")
-prefer 2
-apply (metis (mono_tags) set_empty tfl_some)
-apply(subgoal_tac "hd (SOME q. distinct q \<and> set q = set rest) \<in>
-set (SOME q. distinct q \<and> set q = set rest)")
-prefer 2
-apply(auto)[1]
-apply(subgoal_tac "set (SOME q. distinct q \<and> set q = set rest) = set rest")
-prefer 2
-apply(rule someI2)
-apply(auto)[2]
-apply(auto)[1]
-apply(subgoal_tac "(SOME q. distinct q \<and> set q = set rest) \<noteq> []")
-prefer 2
-apply (metis (mono_tags) set_empty tfl_some)
-apply(subgoal_tac "hd (SOME q. distinct q \<and> set q = set rest) \<in>
-set (SOME q. distinct q \<and> set q = set rest)")
-prefer 2
-apply(auto)[1]
-apply(subgoal_tac "set (SOME q. distinct q \<and> set q = set rest) = set rest")
-prefer 2
-apply(rule someI2)
-apply(auto)[2]
-apply(auto)[1]
-done
 qed (simp_all)

changeset 37	c820ac0f3088
parent 36	af38526275f8
child 38	c89013dca1aa