pip: comparison PIPBasics.thy

equal deleted inserted replaced

-:b3795b1f030b
+:ce85c3c4e5bf
 case (V th' pty)
 show ?thesis
 by (cases "(\<lambda>e. \<exists>cs. e = V th cs) (V th' pty)",
 insert assms V, auto simp:cntV_def)
 qed (insert assms, auto simp:cntV_def)
+lemma eq_RAG:
+"RAG (wq s) = RAG s"
+by (unfold cs_RAG_def s_RAG_def, auto)
+text {*
+The following three lemmas shows the shape
+of nodes in @{term tRAG}.
+*}
+lemma tRAG_nodeE:
+assumes "(n1, n2) \<in> tRAG s"
+obtains th1 th2 where "n1 = Th th1" "n2 = Th th2"
+using assms
+by (auto simp: tRAG_def wRAG_def hRAG_def)
+lemma tRAG_ancestorsE:
+assumes "x \<in> ancestors (tRAG s) u"
+obtains th where "x = Th th"
+proof -
+from assms have "(u, x) \<in> (tRAG s)^+"
+by (unfold ancestors_def, auto)
+from tranclE[OF this] obtain c where "(c, x) \<in> tRAG s" by auto
+then obtain th where "x = Th th"
+by (unfold tRAG_alt_def, auto)
+from that[OF this] show ?thesis .
+qed
+lemma subtree_nodeE:
+assumes "n \<in> subtree (tRAG s) (Th th)"
+obtains th1 where "n = Th th1"
+proof -
+show ?thesis
+proof(rule subtreeE[OF assms])
+assume "n = Th th"
+from that[OF this] show ?thesis .
+next
+assume "Th th \<in> ancestors (tRAG s) n"
+hence "(n, Th th) \<in> (tRAG s)^+" by (auto simp:ancestors_def)
+hence "\<exists> th1. n = Th th1"
+proof(induct)
+case (base y)
+from tRAG_nodeE[OF this] show ?case by metis
+next
+case (step y z)
+thus ?case by auto
+qed
+with that show ?thesis by auto
+qed
+qed
+text {*
+The following lemmas relate @{term tRAG} with
+@{term RAG} from different perspectives.
+*}
+lemma tRAG_star_RAG: "(tRAG s)^* \<subseteq> (RAG s)^*"
+proof -
+have "(wRAG s O hRAG s)^* \<subseteq> (RAG s O RAG s)^*"
+by (rule rtrancl_mono, auto simp:RAG_split)
+also have "... \<subseteq> ((RAG s)^*)^*"
+by (rule rtrancl_mono, auto)
+also have "... = (RAG s)^*" by simp
+finally show ?thesis by (unfold tRAG_def, simp)
+qed
+lemma tRAG_subtree_RAG: "subtree (tRAG s) x \<subseteq> subtree (RAG s) x"
+proof -
+{ fix a
+assume "a \<in> subtree (tRAG s) x"
+hence "(a, x) \<in> (tRAG s)^*" by (auto simp:subtree_def)
+with tRAG_star_RAG
+have "(a, x) \<in> (RAG s)^*" by auto
+hence "a \<in> subtree (RAG s) x" by (auto simp:subtree_def)
+} thus ?thesis by auto
+qed
+lemma tRAG_trancl_eq:
+"{th'. (Th th', Th th)  \<in> (tRAG s)^+} =
+{th'. (Th th', Th th)  \<in> (RAG s)^+}"
+(is "?L = ?R")
+proof -
+{ fix th'
+assume "th' \<in> ?L"
+hence "(Th th', Th th) \<in> (tRAG s)^+" by auto
+from tranclD[OF this]
+obtain z where h: "(Th th', z) \<in> tRAG s" "(z, Th th) \<in> (tRAG s)\<^sup>*" by auto
+from tRAG_subtree_RAG and this(2)
+have "(z, Th th) \<in> (RAG s)^*" by (meson subsetCE tRAG_star_RAG)
+moreover from h(1) have "(Th th', z) \<in> (RAG s)^+" using tRAG_alt_def by auto
+ultimately have "th' \<in> ?R"  by auto
+} moreover
+{ fix th'
+assume "th' \<in> ?R"
+hence "(Th th', Th th) \<in> (RAG s)^+" by (auto)
+from plus_rpath[OF this]
+obtain xs where rp: "rpath (RAG s) (Th th') xs (Th th)" "xs \<noteq> []" by auto
+hence "(Th th', Th th) \<in> (tRAG s)^+"
+proof(induct xs arbitrary:th' th rule:length_induct)
+case (1 xs th' th)
+then obtain x1 xs1 where Cons1: "xs = x1#xs1" by (cases xs, auto)
+show ?case
+proof(cases "xs1")
+case Nil
+from 1(2)[unfolded Cons1 Nil]
+have rp: "rpath (RAG s) (Th th') [x1] (Th th)" .
+hence "(Th th', x1) \<in> (RAG s)"
+by (cases, auto)
+then obtain cs where "x1 = Cs cs"
+by (unfold s_RAG_def, auto)
+from rpath_nnl_lastE[OF rp[unfolded this]]
+show ?thesis by auto
+next
+case (Cons x2 xs2)
+from 1(2)[unfolded Cons1[unfolded this]]
+have rp: "rpath (RAG s) (Th th') (x1 # x2 # xs2) (Th th)" .
+from rpath_edges_on[OF this]
+have eds: "edges_on (Th th' # x1 # x2 # xs2) \<subseteq> RAG s" .
+have "(Th th', x1) \<in> edges_on (Th th' # x1 # x2 # xs2)"
+by (simp add: edges_on_unfold)
+with eds have rg1: "(Th th', x1) \<in> RAG s" by auto
+then obtain cs1 where eq_x1: "x1 = Cs cs1" by (unfold s_RAG_def, auto)
+have "(x1, x2) \<in> edges_on (Th th' # x1 # x2 # xs2)"
+by (simp add: edges_on_unfold)
+from this eds
+have rg2: "(x1, x2) \<in> RAG s" by auto
+from this[unfolded eq_x1]
+obtain th1 where eq_x2: "x2 = Th th1" by (unfold s_RAG_def, auto)
+from rg1[unfolded eq_x1] rg2[unfolded eq_x1 eq_x2]
+have rt1: "(Th th', Th th1) \<in> tRAG s" by (unfold tRAG_alt_def, auto)
+from rp have "rpath (RAG s) x2 xs2 (Th th)"
+by  (elim rpath_ConsE, simp)
+from this[unfolded eq_x2] have rp': "rpath (RAG s) (Th th1) xs2 (Th th)" .
+show ?thesis
+proof(cases "xs2 = []")
+case True
+from rpath_nilE[OF rp'[unfolded this]]
+have "th1 = th" by auto
+from rt1[unfolded this] show ?thesis by auto
+next
+case False
+from 1(1)[rule_format, OF _ rp' this, unfolded Cons1 Cons]
+have "(Th th1, Th th) \<in> (tRAG s)\<^sup>+" by simp
+with rt1 show ?thesis by auto
+qed
+qed
+qed
+hence "th' \<in> ?L" by auto
+} ultimately show ?thesis by blast
+qed
+lemma tRAG_trancl_eq_Th:
+"{Th th' | th'. (Th th', Th th)  \<in> (tRAG s)^+} =
+{Th th' | th'. (Th th', Th th)  \<in> (RAG s)^+}"
+using tRAG_trancl_eq by auto
+lemma tRAG_Field:
+"Field (tRAG s) \<subseteq> Field (RAG s)"
+by (unfold tRAG_alt_def Field_def, auto)
+lemma tRAG_mono:
+assumes "RAG s' \<subseteq> RAG s"
+shows "tRAG s' \<subseteq> tRAG s"
+using assms
+by (unfold tRAG_alt_def, auto)
+lemma tRAG_subtree_eq:
+"(subtree (tRAG s) (Th th)) = {Th th' | th'. Th th'  \<in> (subtree (RAG s) (Th th))}"
+(is "?L = ?R")
+proof -
+{ fix n
+assume h: "n \<in> ?L"
+hence "n \<in> ?R"
+by (smt mem_Collect_eq subsetCE subtree_def subtree_nodeE tRAG_subtree_RAG)
+} moreover {
+fix n
+assume "n \<in> ?R"
+then obtain th' where h: "n = Th th'" "(Th th', Th th) \<in> (RAG s)^*"
+by (auto simp:subtree_def)
+from rtranclD[OF this(2)]
+have "n \<in> ?L"
+proof
+assume "Th th' \<noteq> Th th \<and> (Th th', Th th) \<in> (RAG s)\<^sup>+"
+with h have "n \<in> {Th th' | th'. (Th th', Th th)  \<in> (RAG s)^+}" by auto
+thus ?thesis using subtree_def tRAG_trancl_eq by fastforce
+qed (insert h, auto simp:subtree_def)
+} ultimately show ?thesis by auto
+qed
+lemma threads_set_eq:
+"the_thread ` (subtree (tRAG s) (Th th)) =
+{th'. Th th' \<in> (subtree (RAG s) (Th th))}" (is "?L = ?R")
+by (auto intro:rev_image_eqI simp:tRAG_subtree_eq)
+lemma RAG_tRAG_transfer:
+assumes  "RAG s' = RAG s \<union> {(Th th, Cs cs)}"
+and "(Cs cs, Th th'') \<in> RAG s"
+shows "tRAG s' = tRAG s \<union> {(Th th, Th th'')}" (is "?L = ?R")
+proof -
+{ fix n1 n2
+assume "(n1, n2) \<in> ?L"
+from this[unfolded tRAG_alt_def]
+obtain th1 th2 cs' where
+h: "n1 = Th th1" "n2 = Th th2"
+"(Th th1, Cs cs') \<in> RAG s'"
+"(Cs cs', Th th2) \<in> RAG s'" by auto
+from h(4) and assms(1) have cs_in: "(Cs cs', Th th2) \<in> RAG s" by auto
+from h(3) and assms(1)
+have "(Th th1, Cs cs') = (Th th, Cs cs) \<or>
+(Th th1, Cs cs') \<in> RAG s" by auto
+hence "(n1, n2) \<in> ?R"
+proof
+assume h1: "(Th th1, Cs cs') = (Th th, Cs cs)"
+with assms(1) have "(Th th1, Cs cs) \<in> RAG s'" by auto
+moreover have "th2 = th''"
+proof -
+from h1 have "cs' = cs" by simp
+from assms(2) cs_in[unfolded this]
+have "holding s th'' cs" "holding s th2 cs"
+by (unfold s_RAG_def, fold holding_eq, auto)
+from held_unique[OF this]
+show ?thesis by simp
+qed
+ultimately show ?thesis using h(1,2) h1 by auto
+next
+assume "(Th th1, Cs cs') \<in> RAG s"
+with cs_in have "(Th th1, Th th2) \<in> tRAG s"
+by (unfold tRAG_alt_def, auto)
+from this[folded h(1, 2)] show ?thesis by auto
+qed
+} moreover {
+fix n1 n2
+assume "(n1, n2) \<in> ?R"
+hence "(n1, n2) \<in>tRAG s \<or> (n1, n2) = (Th th, Th th'')" by auto
+hence "(n1, n2) \<in> ?L"
+proof
+assume "(n1, n2) \<in> tRAG s"
+moreover have "... \<subseteq> ?L"
+proof(rule tRAG_mono)
+show "RAG s \<subseteq> RAG s'" by (unfold assms(1), auto)
+qed
+ultimately show ?thesis by auto
+next
+assume eq_n: "(n1, n2) = (Th th, Th th'')"
+from assms(1, 2) have "(Cs cs, Th th'') \<in> RAG s'" by auto
+moreover have "(Th th, Cs cs) \<in> RAG s'" using assms(1) by auto
+ultimately show ?thesis
+by (unfold eq_n tRAG_alt_def, auto)
+qed
+} ultimately show ?thesis by auto
+qed
+text {*
+The following lemmas gives an alternative definition @{term dependants}
+in terms of @{term tRAG}.
+*}
+lemma dependants_alt_def:
+"dependants s th = {th'. (Th th', Th th) \<in> (tRAG s)^+}"
+by (metis eq_RAG s_dependants_def tRAG_trancl_eq)
+text {*
+The following lemmas gives another alternative definition @{term dependants}
+in terms of @{term RAG}.
+*}
+lemma dependants_alt_def1:
+"dependants (s::state) th = {th'. (Th th', Th th) \<in> (RAG s)^+}"
+using dependants_alt_def tRAG_trancl_eq by auto
 section {* Locales used to investigate the execution of PIP *}
 text {*
 The following locale @{text valid_trace} is used to constrain the
 lemma RAG_threads:
 assumes "(Th th) \<in> Field (RAG s)"
 shows "th \<in> threads s"
 using assms
 by (metis Field_def UnE dm_RAG_threads rg_RAG_threads)
+text {*
+As a corollary, this lemma shows that @{term tRAG}
+is also covered by the @{term threads}-set.
+*}
+lemma subtree_tRAG_thread:
+assumes "th \<in> threads s"
+shows "subtree (tRAG s) (Th th) \<subseteq> Th ` threads s" (is "?L \<subseteq> ?R")
+proof -
+have "?L = {Th th' |th'. Th th' \<in> subtree (RAG s) (Th th)}"
+by (unfold tRAG_subtree_eq, simp)
+also have "... \<subseteq> ?R"
+proof
+fix x
+assume "x \<in> {Th th' |th'. Th th' \<in> subtree (RAG s) (Th th)}"
+then obtain th' where h: "x = Th th'" "Th th' \<in> subtree (RAG s) (Th th)" by auto
+from this(2)
+show "x \<in> ?R"
+proof(cases rule:subtreeE)
+case 1
+thus ?thesis by (simp add: assms h(1))
+next
+case 2
+thus ?thesis by (metis ancestors_Field dm_RAG_threads h(1) image_eqI)
+qed
+qed
+finally show ?thesis .
+qed
 end
 section {* The change of @{term RAG} *}
 and "waiting (e#s) th' cs'"
 shows "e = P th' cs'"
 proof -
 from assms(2)
 show ?thesis
-by (cases rule:waiting_esE, insert assms, auto) (* ccc *)
+by (cases rule:waiting_esE, insert assms, auto)
 qed
 end
 context valid_trace_v_e
 end
 section {* RAG is well-founded *}
+text {*
+In this section, it is proved that both @{term RAG} and
+its converse @{term "(RAG s)^-1"} are well-founded.
+The proof is very simple with the help of
+already proved fact that @{term RAG} is finite.
+*}
 context valid_trace
 begin
 lemma wf_RAG: "wf (RAG s)"
 proof(rule finite_acyclic_wf)
 show "acyclic (RAG s)" .
 qed
 end
-section {* RAG forms a forest (or tree) *}
+section {* RAG forms a finite-branching forest (or tree) *}
+text {*
+With all the well-formedness proofs about @{term RAG} in place,
+it is easy to show.
+*}
 context valid_trace
 begin
 lemma rtree_RAG: "rtree (RAG s)"
 qed
 qed
 qed
-section {* Derived properties for parts of RAG *}
+section {* Derived properties for sub-graphs of RAG *}
 context valid_trace
 begin
 lemma acyclic_tRAG: "acyclic (tRAG s)"
 lemma sgv_tRAG: "single_valued (tRAG s)"
 by (unfold tRAG_def, rule single_valued_relcomp,
 insert sgv_wRAG sgv_hRAG, auto)
 end
+text {*
+It can be shown that @{term tRAG} is also a
+finite-branch relational tree (or forest):
+*}
 sublocale valid_trace < rtree_s: rtree "tRAG s"
 proof(unfold_locales)
 from sgv_tRAG show "single_valued (tRAG s)" .
 next
 ultimately show ?thesis
 by (unfold fsubtree_def fsubtree_axioms_def,auto)
 qed
 from this[folded tRAG_def] show "fsubtree (tRAG s)" .
 qed
-lemma tRAG_nodeE:
-assumes "(n1, n2) \<in> tRAG s"
-obtains th1 th2 where "n1 = Th th1" "n2 = Th th2"
-using assms
-by (auto simp: tRAG_def wRAG_def hRAG_def)
-lemma tRAG_ancestorsE:
-assumes "x \<in> ancestors (tRAG s) u"
-obtains th where "x = Th th"
-proof -
-from assms have "(u, x) \<in> (tRAG s)^+"
-by (unfold ancestors_def, auto)
-from tranclE[OF this] obtain c where "(c, x) \<in> tRAG s" by auto
-then obtain th where "x = Th th"
-by (unfold tRAG_alt_def, auto)
-from that[OF this] show ?thesis .
-qed
-lemma subtree_nodeE:
-assumes "n \<in> subtree (tRAG s) (Th th)"
-obtains th1 where "n = Th th1"
-proof -
-show ?thesis
-proof(rule subtreeE[OF assms])
-assume "n = Th th"
-from that[OF this] show ?thesis .
-next
-assume "Th th \<in> ancestors (tRAG s) n"
-hence "(n, Th th) \<in> (tRAG s)^+" by (auto simp:ancestors_def)
-hence "\<exists> th1. n = Th th1"
-proof(induct)
-case (base y)
-from tRAG_nodeE[OF this] show ?case by metis
-next
-case (step y z)
-thus ?case by auto
-qed
-with that show ?thesis by auto
-qed
-qed
-lemma tRAG_star_RAG: "(tRAG s)^* \<subseteq> (RAG s)^*"
-proof -
-have "(wRAG s O hRAG s)^* \<subseteq> (RAG s O RAG s)^*"
-by (rule rtrancl_mono, auto simp:RAG_split)
-also have "... \<subseteq> ((RAG s)^*)^*"
-by (rule rtrancl_mono, auto)
-also have "... = (RAG s)^*" by simp
-finally show ?thesis by (unfold tRAG_def, simp)
-qed
-lemma tRAG_subtree_RAG: "subtree (tRAG s) x \<subseteq> subtree (RAG s) x"
-proof -
-{ fix a
-assume "a \<in> subtree (tRAG s) x"
-hence "(a, x) \<in> (tRAG s)^*" by (auto simp:subtree_def)
-with tRAG_star_RAG
-have "(a, x) \<in> (RAG s)^*" by auto
-hence "a \<in> subtree (RAG s) x" by (auto simp:subtree_def)
-} thus ?thesis by auto
-qed
-lemma tRAG_trancl_eq:
-"{th'. (Th th', Th th)  \<in> (tRAG s)^+} =
-{th'. (Th th', Th th)  \<in> (RAG s)^+}"
-(is "?L = ?R")
-proof -
-{ fix th'
-assume "th' \<in> ?L"
-hence "(Th th', Th th) \<in> (tRAG s)^+" by auto
-from tranclD[OF this]
-obtain z where h: "(Th th', z) \<in> tRAG s" "(z, Th th) \<in> (tRAG s)\<^sup>*" by auto
-from tRAG_subtree_RAG and this(2)
-have "(z, Th th) \<in> (RAG s)^*" by (meson subsetCE tRAG_star_RAG)
-moreover from h(1) have "(Th th', z) \<in> (RAG s)^+" using tRAG_alt_def by auto
-ultimately have "th' \<in> ?R"  by auto
-} moreover
-{ fix th'
-assume "th' \<in> ?R"
-hence "(Th th', Th th) \<in> (RAG s)^+" by (auto)
-from plus_rpath[OF this]
-obtain xs where rp: "rpath (RAG s) (Th th') xs (Th th)" "xs \<noteq> []" by auto
-hence "(Th th', Th th) \<in> (tRAG s)^+"
-proof(induct xs arbitrary:th' th rule:length_induct)
-case (1 xs th' th)
-then obtain x1 xs1 where Cons1: "xs = x1#xs1" by (cases xs, auto)
-show ?case
-proof(cases "xs1")
-case Nil
-from 1(2)[unfolded Cons1 Nil]
-have rp: "rpath (RAG s) (Th th') [x1] (Th th)" .
-hence "(Th th', x1) \<in> (RAG s)"
-by (cases, auto)
-then obtain cs where "x1 = Cs cs"
-by (unfold s_RAG_def, auto)
-from rpath_nnl_lastE[OF rp[unfolded this]]
-show ?thesis by auto
-next
-case (Cons x2 xs2)
-from 1(2)[unfolded Cons1[unfolded this]]
-have rp: "rpath (RAG s) (Th th') (x1 # x2 # xs2) (Th th)" .
-from rpath_edges_on[OF this]
-have eds: "edges_on (Th th' # x1 # x2 # xs2) \<subseteq> RAG s" .
-have "(Th th', x1) \<in> edges_on (Th th' # x1 # x2 # xs2)"
-by (simp add: edges_on_unfold)
-with eds have rg1: "(Th th', x1) \<in> RAG s" by auto
-then obtain cs1 where eq_x1: "x1 = Cs cs1" by (unfold s_RAG_def, auto)
-have "(x1, x2) \<in> edges_on (Th th' # x1 # x2 # xs2)"
-by (simp add: edges_on_unfold)
-from this eds
-have rg2: "(x1, x2) \<in> RAG s" by auto
-from this[unfolded eq_x1]
-obtain th1 where eq_x2: "x2 = Th th1" by (unfold s_RAG_def, auto)
-from rg1[unfolded eq_x1] rg2[unfolded eq_x1 eq_x2]
-have rt1: "(Th th', Th th1) \<in> tRAG s" by (unfold tRAG_alt_def, auto)
-from rp have "rpath (RAG s) x2 xs2 (Th th)"
-by  (elim rpath_ConsE, simp)
-from this[unfolded eq_x2] have rp': "rpath (RAG s) (Th th1) xs2 (Th th)" .
-show ?thesis
-proof(cases "xs2 = []")
-case True
-from rpath_nilE[OF rp'[unfolded this]]
-have "th1 = th" by auto
-from rt1[unfolded this] show ?thesis by auto
-next
-case False
-from 1(1)[rule_format, OF _ rp' this, unfolded Cons1 Cons]
-have "(Th th1, Th th) \<in> (tRAG s)\<^sup>+" by simp
-with rt1 show ?thesis by auto
-qed
-qed
-qed
-hence "th' \<in> ?L" by auto
-} ultimately show ?thesis by blast
-qed
-lemma tRAG_trancl_eq_Th:
-"{Th th' | th'. (Th th', Th th)  \<in> (tRAG s)^+} =
-{Th th' | th'. (Th th', Th th)  \<in> (RAG s)^+}"
-using tRAG_trancl_eq by auto
-lemma tRAG_Field:
-"Field (tRAG s) \<subseteq> Field (RAG s)"
-by (unfold tRAG_alt_def Field_def, auto)
-lemma tRAG_mono:
-assumes "RAG s' \<subseteq> RAG s"
-shows "tRAG s' \<subseteq> tRAG s"
-using assms
-by (unfold tRAG_alt_def, auto)
-lemma tRAG_subtree_eq:
-"(subtree (tRAG s) (Th th)) = {Th th' | th'. Th th'  \<in> (subtree (RAG s) (Th th))}"
-(is "?L = ?R")
-proof -
-{ fix n
-assume h: "n \<in> ?L"
-hence "n \<in> ?R"
-by (smt mem_Collect_eq subsetCE subtree_def subtree_nodeE tRAG_subtree_RAG)
-} moreover {
-fix n
-assume "n \<in> ?R"
-then obtain th' where h: "n = Th th'" "(Th th', Th th) \<in> (RAG s)^*"
-by (auto simp:subtree_def)
-from rtranclD[OF this(2)]
-have "n \<in> ?L"
-proof
-assume "Th th' \<noteq> Th th \<and> (Th th', Th th) \<in> (RAG s)\<^sup>+"
-with h have "n \<in> {Th th' | th'. (Th th', Th th)  \<in> (RAG s)^+}" by auto
-thus ?thesis using subtree_def tRAG_trancl_eq by fastforce
-qed (insert h, auto simp:subtree_def)
-} ultimately show ?thesis by auto
-qed
-lemma threads_set_eq:
-"the_thread ` (subtree (tRAG s) (Th th)) =
-{th'. Th th' \<in> (subtree (RAG s) (Th th))}" (is "?L = ?R")
-by (auto intro:rev_image_eqI simp:tRAG_subtree_eq)
-context valid_trace
-begin
-lemma RAG_tRAG_transfer:
-assumes  "RAG s' = RAG s \<union> {(Th th, Cs cs)}"
-and "(Cs cs, Th th'') \<in> RAG s"
-shows "tRAG s' = tRAG s \<union> {(Th th, Th th'')}" (is "?L = ?R")
-proof -
-{ fix n1 n2
-assume "(n1, n2) \<in> ?L"
-from this[unfolded tRAG_alt_def]
-obtain th1 th2 cs' where
-h: "n1 = Th th1" "n2 = Th th2"
-"(Th th1, Cs cs') \<in> RAG s'"
-"(Cs cs', Th th2) \<in> RAG s'" by auto
-from h(4) and assms(1) have cs_in: "(Cs cs', Th th2) \<in> RAG s" by auto
-from h(3) and assms(1)
-have "(Th th1, Cs cs') = (Th th, Cs cs) \<or>
-(Th th1, Cs cs') \<in> RAG s" by auto
-hence "(n1, n2) \<in> ?R"
-proof
-assume h1: "(Th th1, Cs cs') = (Th th, Cs cs)"
-hence eq_th1: "th1 = th" by simp
-moreover have "th2 = th''"
-proof -
-from h1 have "cs' = cs" by simp
-from assms(2) cs_in[unfolded this]
-show ?thesis using unique_RAG by auto
-qed
-ultimately show ?thesis using h(1,2) by auto
-next
-assume "(Th th1, Cs cs') \<in> RAG s"
-with cs_in have "(Th th1, Th th2) \<in> tRAG s"
-by (unfold tRAG_alt_def, auto)
-from this[folded h(1, 2)] show ?thesis by auto
-qed
-} moreover {
-fix n1 n2
-assume "(n1, n2) \<in> ?R"
-hence "(n1, n2) \<in>tRAG s \<or> (n1, n2) = (Th th, Th th'')" by auto
-hence "(n1, n2) \<in> ?L"
-proof
-assume "(n1, n2) \<in> tRAG s"
-moreover have "... \<subseteq> ?L"
-proof(rule tRAG_mono)
-show "RAG s \<subseteq> RAG s'" by (unfold assms(1), auto)
-qed
-ultimately show ?thesis by auto
-next
-assume eq_n: "(n1, n2) = (Th th, Th th'')"
-from assms(1, 2) have "(Cs cs, Th th'') \<in> RAG s'" by auto
-moreover have "(Th th, Cs cs) \<in> RAG s'" using assms(1) by auto
-ultimately show ?thesis
-by (unfold eq_n tRAG_alt_def, auto)
-qed
-} ultimately show ?thesis by auto
-qed
-lemma subtree_tRAG_thread:
-assumes "th \<in> threads s"
-shows "subtree (tRAG s) (Th th) \<subseteq> Th ` threads s" (is "?L \<subseteq> ?R")
-proof -
-have "?L = {Th th' |th'. Th th' \<in> subtree (RAG s) (Th th)}"
-by (unfold tRAG_subtree_eq, simp)
-also have "... \<subseteq> ?R"
-proof
-fix x
-assume "x \<in> {Th th' |th'. Th th' \<in> subtree (RAG s) (Th th)}"
-then obtain th' where h: "x = Th th'" "Th th' \<in> subtree (RAG s) (Th th)" by auto
-from this(2)
-show "x \<in> ?R"
-proof(cases rule:subtreeE)
-case 1
-thus ?thesis by (simp add: assms h(1))
-next
-case 2
-thus ?thesis by (metis ancestors_Field dm_RAG_threads h(1) image_eqI)
-qed
-qed
-finally show ?thesis .
-qed
-lemma eq_RAG:
-"RAG (wq s) = RAG s"
-by (unfold cs_RAG_def s_RAG_def, auto)
-lemma dependants_alt_def:
-"dependants s th = {th'. (Th th', Th th) \<in> (tRAG s)^+}"
-by (metis eq_RAG s_dependants_def tRAG_trancl_eq)
-lemma dependants_alt_def1:
-"dependants (s::state) th = {th'. (Th th', Th th) \<in> (RAG s)^+}"
-using dependants_alt_def tRAG_trancl_eq by auto
-end
 section {* Chain to readys *}
 context valid_trace
 begin
 using h_b(1)[unfolded trancl_converse] eq_b by auto
 ultimately show ?thesis using that by metis
 qed
 text {* \noindent
-The following is just an instance of @{text "chain_building"}.
+The following lemma is proved easily by instantiating @{thm "chain_building"}.
 *}
 lemma th_chain_to_ready:
 assumes th_in: "th \<in> threads s"
 shows "th \<in> readys s \<or> (\<exists> th'. th' \<in> readys s \<and> (Th th, Th th') \<in> (RAG s)^+)"
 proof(cases "th \<in> readys s")

changeset 113	ce85c3c4e5bf
parent 112	b3795b1f030b
child 114	81c6ede5cd11