496 \end{isabelle} |
496 \end{isabelle} |
497 |
497 |
498 \noindent |
498 \noindent |
499 Using @{term "holding_raw"} and @{term waiting_raw}, we can introduce \emph{Resource Allocation Graphs} |
499 Using @{term "holding_raw"} and @{term waiting_raw}, we can introduce \emph{Resource Allocation Graphs} |
500 (RAG), which represent the dependencies between threads and resources. |
500 (RAG), which represent the dependencies between threads and resources. |
501 We choose to represent RAGs as relations using pairs of the form |
501 We choose to represent @{text "RAG"}s as relations using pairs of the form |
502 |
502 |
503 \begin{isabelle}\ \ \ \ \ %%% |
503 \begin{isabelle}\ \ \ \ \ %%% |
504 @{term "(Th th, Cs cs)"} \hspace{5mm}{\rm and}\hspace{5mm} |
504 @{term "(Th th, Cs cs)"} \hspace{5mm}{\rm and}\hspace{5mm} |
505 @{term "(Cs cs, Th th)"}\hfill\numbered{pairs} |
505 @{term "(Cs cs, Th th)"}\hfill\numbered{pairs} |
506 \end{isabelle} |
506 \end{isabelle} |
507 |
507 |
508 \noindent |
508 \noindent |
509 where the first stands for a \emph{waiting edge} and the second for a |
509 where the first stands for a \emph{waiting edge} and the second for a |
510 \emph{holding edge} (@{term Cs} and @{term Th} are constructors of a |
510 \emph{holding edge} (@{term Cs} and @{term Th} are constructors of a |
511 datatype for vertices). Given a waiting queue function, a RAG is defined |
511 datatype for vertices). Given a waiting queue function, a @{text RAG} is defined |
512 as the union of the sets of waiting and holding edges, namely |
512 as the union of the sets of waiting and holding edges, namely |
513 |
513 |
514 \begin{isabelle}\ \ \ \ \ %%% |
514 \begin{isabelle}\ \ \ \ \ %%% |
515 @{thm RAG_raw_def} |
515 @{thm RAG_raw_def} |
516 \end{isabelle} |
516 \end{isabelle} |
553 \end{center} |
553 \end{center} |
554 \caption{An instance of a Resource Allocation Graph (RAG).\label{RAGgraph}} |
554 \caption{An instance of a Resource Allocation Graph (RAG).\label{RAGgraph}} |
555 \end{figure} |
555 \end{figure} |
556 |
556 |
557 \noindent |
557 \noindent |
558 If there is no cycle, then every RAG can be pictured as a forrest of trees, as |
558 If there is no cycle, then every @{text RAG} can be pictured as a forrest of trees, as |
559 for example in Figure~\ref{RAGgraph}. |
559 for example in Figure~\ref{RAGgraph}. |
560 |
560 |
561 Because of the RAGs, we will need to formalise some results about |
561 Because of the @{text RAG}s, we will need to formalise some results about |
562 graphs. While there are few formalisations for graphs already |
562 graphs. While there are few formalisations for graphs already |
563 implemented in Isabelle, we choose to introduce our own library of |
563 implemented in Isabelle, we choose to introduce our own library of |
564 graphs for PIP. The justification for this is that we wanted to be able to |
564 graphs for PIP. The justification for this is that we wanted |
565 reason about potentially infinite graphs (in the sense of infinitely |
565 to have a more general theory of graphs which is capable of |
566 branching and infinite size): the property that our RAGs are |
566 representing potentially infinite graphs (in the sense of infinitely |
|
567 branching and infinite size): the property that our @{text RAG}s are |
567 actually forrests of finitely branching trees having only an finite |
568 actually forrests of finitely branching trees having only an finite |
568 depth should be something we can \emph{prove} for our model of |
569 depth should be something we can \emph{prove} for our model of |
569 PIP---it should not be an assumption we build already into our |
570 PIP---it should not be an assumption we build already into our |
570 model. It seemed for our purposes the most convenient |
571 model. It seemed for our purposes the most convenient |
571 represeantation of graphs are binary relations given by sets of |
572 represeantation of graphs are binary relations given by sets of |
572 pairs shown in \eqref{pairs}. The pairs stand for the edges in |
573 pairs shown in \eqref{pairs}. The pairs stand for the edges in |
573 graphs. This relation-based representation is convenient since we |
574 graphs. This relation-based representation is convenient since we |
574 can use the notions of transitive closure operations @{term "trancl |
575 can use the notions of transitive closure operations @{term "trancl |
575 DUMMY"} and @{term "rtrancl DUMMY"}, as well as relation |
576 DUMMY"} and @{term "rtrancl DUMMY"}, as well as relation |
576 composition. A \emph{forrest} is defined as the relation @{text |
577 composition. A \emph{forrest} is defined in our representation as the relation @{text |
577 rel} that is \emph{single valued} and \emph{acyclic}: |
578 rel} that is \emph{single valued} and \emph{acyclic}: |
578 |
579 |
579 \begin{isabelle}\ \ \ \ \ %%% |
580 \begin{isabelle}\ \ \ \ \ %%% |
580 \begin{tabular}{@ {}l} |
581 \begin{tabular}{@ {}l} |
581 @{thm single_valued_def[where ?r="rel", THEN eq_reflection]}\\ |
582 @{thm single_valued_def[where ?r="rel", THEN eq_reflection]}\\ |
612 |
613 |
613 |
614 |
614 %\endnote{{\bf Lemma about overlapping paths}} |
615 %\endnote{{\bf Lemma about overlapping paths}} |
615 |
616 |
616 The locking mechanism of PIP ensures that for each thread node, |
617 The locking mechanism of PIP ensures that for each thread node, |
617 there can be many incoming holding edges in the RAG, but at most one |
618 there can be many incoming holding edges in the @{text RAG}, but at most one |
618 out going waiting edge. The reason is that when a thread asks for |
619 out going waiting edge. The reason is that when a thread asks for |
619 resource that is locked already, then the thread is blocked and |
620 resource that is locked already, then the thread is blocked and |
620 cannot ask for another resource. Clearly, also every resource can |
621 cannot ask for another resource. Clearly, also every resource can |
621 only have at most one outgoing holding edge---indicating that the |
622 only have at most one outgoing holding edge---indicating that the |
622 resource is locked. So if the @{text "RAG"} is well-founded and |
623 resource is locked. So if the @{text "RAG"} is well-founded and |
623 finite, we can always start at a thread waiting for a resource and |
624 finite, we can always start at a thread waiting for a resource and |
624 ``chase'' outgoing arrows leading to a single root of a tree. |
625 ``chase'' outgoing arrows leading to a single root of a tree. |
625 |
626 |
626 The use of relations for representing @{text RAG}s allows us to conveniently define |
627 The use of relations for representing @{text RAG}s allows us to |
627 the \emph{thread dependants graph} |
628 conveniently define the \emph{Thread Dependants Graph} (TDG): |
628 |
629 |
629 \begin{isabelle}\ \ \ \ \ %%% |
630 \begin{isabelle}\ \ \ \ \ %%% |
630 @{thm tG_raw_def}\\ |
631 @{thm tG_raw_def}\\ |
631 \mbox{}\hfill\numbered{dependants} |
632 \mbox{}\hfill\numbered{dependants} |
632 \end{isabelle} |
633 \end{isabelle} |
633 |
634 |
634 \noindent This definition represents all threads in a @{text RAG} that wait |
635 \noindent This definition represents all threads in a @{text RAG} that wait |
635 for a thread to release a resource, but the resource is ``hidden''. |
636 for a thread to release a resource, but the corresponding |
636 In the |
637 resource is ``hidden''. |
637 picture above this means the @{text TDG} connects @{text "th\<^sub>0"} with |
638 In Figure~\ref{RAGgraph} this means the @{text TDG} connects @{text "th\<^sub>0"} with |
638 @{text "th\<^sub>1"} and @{text "th\<^sub>2"}, which both wait for |
639 @{text "th\<^sub>1"} and @{text "th\<^sub>2"}, which both wait for |
639 resource @{text "cs\<^sub>1"}; and @{text "th\<^sub>2"} with @{text "th\<^sub>3"}, which |
640 resource @{text "cs\<^sub>1"}; and @{text "th\<^sub>2"} with @{text "th\<^sub>3"}, which |
640 cannot make any progress unless @{text "th\<^sub>2"} makes progress. |
641 cannot make any progress unless @{text "th\<^sub>2"} makes progress. |
641 Similarly for the other threads. |
642 Similarly for the other threads. |
642 If |
643 If |
658 While the precedence @{term prec} of any |
659 While the precedence @{term prec} of any |
659 thread is determined statically (for example when the thread is |
660 thread is determined statically (for example when the thread is |
660 created), the point of the current precedence is to dynamically |
661 created), the point of the current precedence is to dynamically |
661 increase this precedence, if needed according to PIP. Therefore the |
662 increase this precedence, if needed according to PIP. Therefore the |
662 current precedence of @{text th} is given as the maximum of the |
663 current precedence of @{text th} is given as the maximum of the |
663 precedence of @{text th} \emph{and} all threads that are dependants |
664 precedence of @{text th} \emph{and} all threads in its subtree. Since the notion of current precedence is defined as the |
664 of @{text th} in the state @{text s}. Since the notion of current precedence is defined as the |
|
665 transitive closure of the dependent |
665 transitive closure of the dependent |
666 threads in the @{text TDG}, we deal correctly with the problem in the informal |
666 threads in the @{text TDG}, we deal correctly with the problem in the informal |
667 algorithm by Sha et al.~\cite{Sha90} where a priority of a thread is |
667 algorithm by Sha et al.~\cite{Sha90} where a priority of a thread is |
668 lowered prematurely (see Introduction). We again introduce an abbreviation for current |
668 lowered prematurely (see Introduction). We again introduce an abbreviation for current |
669 precedeces of a set of threads, written @{text "cprecs wq s ths"}. |
669 precedeces of a set of threads, written @{text "cprecs wq s ths"}. |
796 @{thm (lhs) cp_def} & @{text "\<equiv>"} & @{thm (rhs) cp_def}\\ |
796 @{thm (lhs) cp_def} & @{text "\<equiv>"} & @{thm (rhs) cp_def}\\ |
797 \end{tabular} |
797 \end{tabular} |
798 \end{isabelle} |
798 \end{isabelle} |
799 |
799 |
800 \noindent |
800 \noindent |
801 With these abbreviations in place we can derive for every valid trace @{text s} |
801 With these abbreviations in place we can derive the following two facts |
802 the following two facts about ??????? |
802 about @{text TDG}s and @{term cprec}, which are more convenient to use in |
803 %@ {term dependants} |
803 subsequent proofs. |
804 and @{term cprec} (see \eqref{dependants} |
|
805 and \eqref{cpreced}): Given ????? %@ {thm (prem 1) valid_trace.cp_alt_def}, |
|
806 then |
|
807 |
804 |
808 \begin{isabelle}\ \ \ \ \ %%% |
805 \begin{isabelle}\ \ \ \ \ %%% |
809 \begin{tabular}{@ {}rcl} |
806 \begin{tabular}{@ {}rcl} |
810 @{thm tG_alt_def}\\ |
807 @{thm (lhs) tG_alt_def} & @{text "\<equiv>"} & @{thm (rhs) tG_alt_def}\\ |
811 @{thm cp_s_def}\\ |
808 @{thm (lhs) cp_s_def} & @{text "\<equiv>"} & @{thm (rhs) cp_s_def}\\ |
812 \end{tabular}\hfill\numbered{overloaded} |
809 \end{tabular}\\ |
813 \end{isabelle} |
810 \mbox{}\hfill\numbered{overloaded} |
814 |
811 \end{isabelle} |
815 |
812 |
816 can introduce |
813 \noindent Next we can introduce |
817 the notion of a thread being @{term ready} in a state (i.e.~threads |
814 the notion of a thread being @{term ready} in a state (i.e.~threads |
818 that do not wait for any resource, which are the roots of the trees |
815 that do not wait for any resource, which are the roots of the trees |
819 in the RAG, see Figure~\ref{RAGgraph}). The @{term running} thread |
816 in the @{text RAG}, see Figure~\ref{RAGgraph}). The @{term running} thread |
820 is then the thread with the highest current precedence of all ready threads. |
817 is then the thread with the highest current precedence of all ready threads. |
821 |
818 |
822 \begin{isabelle}\ \ \ \ \ %%% |
819 \begin{isabelle}\ \ \ \ \ %%% |
823 \begin{tabular}{@ {}l} |
820 \begin{tabular}{@ {}l} |
824 @{thm readys_def}\\ |
821 @{thm readys_def}\\ |