pip: comparison CpsG.thy

equal deleted inserted replaced

-:0a069a667301
+:f98a95f3deae
 lemma tRAG_alt_def:
 "tRAG s = {(Th th1, Th th2) | th1 th2.
 \<exists> cs. (Th th1, Cs cs) \<in> RAG s \<and> (Cs cs, Th th2) \<in> RAG s}"
 by (auto simp:tRAG_def RAG_split wRAG_def hRAG_def)
+lemma tRAG_Field:
+"Field (tRAG s) \<subseteq> Field (RAG s)"
+by (unfold tRAG_alt_def Field_def, auto)
+lemma tRAG_ancestorsE:
+assumes "x \<in> ancestors (tRAG s) u"
+obtains th where "x = Th th"
+proof -
+from assms have "(u, x) \<in> (tRAG s)^+"
+by (unfold ancestors_def, auto)
+from tranclE[OF this] obtain c where "(c, x) \<in> tRAG s" by auto
+then obtain th where "x = Th th"
+by (unfold tRAG_alt_def, auto)
+from that[OF this] show ?thesis .
+qed
 lemma tRAG_mono:
 assumes "RAG s' \<subseteq> RAG s"
 shows "tRAG s' \<subseteq> tRAG s"
 using assms
 qed
 with that show ?thesis by auto
 qed
 qed
-lemma threads_set_eq:
+lemma tRAG_star_RAG: "(tRAG s)^* \<subseteq> (RAG s)^*"
-"the_thread ` (subtree (tRAG s) (Th th)) =
+proof -
-{th'. Th th' \<in> (subtree (RAG s) (Th th))}" (is "?L = ?R")
+have "(wRAG s O hRAG s)^* \<subseteq> (RAG s O RAG s)^*"
-proof -
+by (rule rtrancl_mono, auto simp:RAG_split)
-{ fix th'
+also have "... \<subseteq> ((RAG s)^*)^*"
-assume "th' \<in> ?L"
+by (rule rtrancl_mono, auto)
-then obtain n where h: "th' = the_thread n" "n \<in>  subtree (tRAG s) (Th th)" by auto
+also have "... = (RAG s)^*" by simp
-from subtree_nodeE[OF this(2)]
+finally show ?thesis by (unfold tRAG_def, simp)
-obtain th1 where "n = Th th1" by auto
+qed
-with h have "Th th' \<in>  subtree (tRAG s) (Th th)" by auto
-hence "Th th' \<in>  subtree (RAG s) (Th th)"
+lemma tRAG_subtree_RAG: "subtree (tRAG s) x \<subseteq> subtree (RAG s) x"
-proof(cases rule:subtreeE[consumes 1])
+proof -
-case 1
+{ fix a
-thus ?thesis by (auto simp:subtree_def)
+assume "a \<in> subtree (tRAG s) x"
-next
+hence "(a, x) \<in> (tRAG s)^*" by (auto simp:subtree_def)
-case 2
+with tRAG_star_RAG[of s]
-hence "(Th th', Th th) \<in> (tRAG s)^+" by (auto simp:ancestors_def)
+have "(a, x) \<in> (RAG s)^*" by auto
-thus ?thesis
+hence "a \<in> subtree (RAG s) x" by (auto simp:subtree_def)
-proof(induct)
+} thus ?thesis by auto
-case (step y z)
+qed
-from this(2)[unfolded tRAG_alt_def]
-obtain u where
+lemma tRAG_subtree_eq:
-h: "(y, u) \<in> RAG s" "(u, z) \<in> RAG s"
+"(subtree (tRAG s) (Th th)) = {Th th' | th'. Th th'  \<in> (subtree (RAG s) (Th th))}"
-by auto
+(is "?L = ?R")
-hence "y \<in> subtree (RAG s) z" by (auto simp:subtree_def)
+proof -
-with step(3)
+{ fix n
-show ?case by (auto simp:subtree_def)
+assume "n \<in> ?L"
-next
+with subtree_nodeE[OF this]
-case (base y)
+obtain th' where "n = Th th'" "Th th' \<in>  subtree (tRAG s) (Th th)" by auto
-from this[unfolded tRAG_alt_def]
+with tRAG_subtree_RAG[of s "Th th"]
-show ?case by (auto simp:subtree_def)
+have "n \<in> ?R" by auto
-qed
-qed
-hence "th' \<in> ?R" by auto
 } moreover {
-fix th'
+fix n
-assume "th' \<in> ?R"
+assume "n \<in> ?R"
-hence "(Th th', Th th) \<in> (RAG s)^*" by (auto simp:subtree_def)
+then obtain th' where h: "n = Th th'" "(Th th', Th th) \<in> (RAG s)^*"
-from star_rpath[OF this]
+by (auto simp:subtree_def)
+from star_rpath[OF this(2)]
 obtain xs where "rpath (RAG s) (Th th') xs (Th th)" by auto
 hence "Th th' \<in> subtree (tRAG s) (Th th)"
 proof(induct xs arbitrary:th' th rule:length_induct)
 case (1 xs th' th)
 show ?case
 from 1(2)[unfolded Cons[unfolded this]]
 have rp: "rpath (RAG s) (Th th') [x1] (Th th)" .
 hence "(Th th', x1) \<in> (RAG s)" by (cases, simp)
 then obtain cs where "x1 = Cs cs"
 by (unfold s_RAG_def, auto)
-find_theorems rpath "_ = _@[_]"
 from rpath_nnl_lastE[OF rp[unfolded this]]
 show ?thesis by auto
 next
 case (Cons x2 xs2)
 from 1(2)[unfolded Cons1[unfolded this]]
 qed
 ultimately show ?thesis by (auto simp:subtree_def)
 qed
 qed
 qed
-from imageI[OF this, of the_thread]
+from this[folded h(1)]
-have "th' \<in> ?L" by simp
+have "n \<in> ?L" .
 } ultimately show ?thesis by auto
 qed
+lemma threads_set_eq:
+"the_thread ` (subtree (tRAG s) (Th th)) =
+{th'. Th th' \<in> (subtree (RAG s) (Th th))}" (is "?L = ?R")
+by (auto intro:rev_image_eqI simp:tRAG_subtree_eq)
 lemma cp_alt_def1:
 "cp s th = Max ((the_preced s o the_thread) ` (subtree (tRAG s) (Th th)))"
 proof -
 have "(the_preced s ` the_thread ` subtree (tRAG s) (Th th)) =
 ((the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th))"
 fixes s
 assumes vt : "vt s"
 context valid_trace
 begin
+lemma not_in_thread_isolated:
+assumes "th \<notin> threads s"
+shows "(Th th) \<notin> Field (RAG s)"
+proof
+assume "(Th th) \<in> Field (RAG s)"
+with dm_RAG_threads[OF vt] and range_in[OF vt] assms
+show False by (unfold Field_def, blast)
+qed
 lemma wf_RAG: "wf (RAG s)"
 proof(rule finite_acyclic_wf)
 from finite_RAG[OF vt] show "finite (RAG s)" .
 next
 context step_P_cps
 begin
-lemma rtree_RAGs: "rtree (RAG s)"
+lemma readys_th: "th \<in> readys s'"
+proof -
+from step_back_step [OF vt_s[unfolded s_def]]
+have "PIP s' (P th cs)" .
+hence "th \<in> runing s'" by (cases, simp)
+thus ?thesis by (simp add:readys_def runing_def)
+qed
+lemma root_th: "root (RAG s') (Th th)"
+using readys_root[OF vat_s'.vt readys_th] .
+lemma in_no_others_subtree:
+assumes "th' \<noteq> th"
+shows "Th th \<notin> subtree (RAG s') (Th th')"
 proof
-show "single_valued (RAG s)"
+assume "Th th \<in> subtree (RAG s') (Th th')"
-apply (intro_locales)
+thus False
-by (unfold single_valued_def, auto intro: unique_RAG[OF vt_s])
+proof(cases rule:subtreeE)
+case 1
-show "acyclic (RAG s)"
+with assms show ?thesis by auto
-by (rule acyclic_RAG[OF vt_s])
+next
-qed
+case 2
+with root_th show ?thesis by (auto simp:root_def)
-lemma rtree_RAGs': "rtree (RAG s')"
+qed
-proof
-show "single_valued (RAG s')"
-apply (intro_locales)
-by (unfold single_valued_def,
-auto intro:unique_RAG[OF step_back_vt[OF vt_s[unfolded s_def]]])
-show "acyclic (RAG s')"
-by (rule acyclic_RAG[OF step_back_vt[OF vt_s[unfolded s_def]]])
 qed
 lemma preced_kept: "the_preced s = the_preced s'"
 by (auto simp: s_def the_preced_def preced_def)
 proof -
 from ee and  step_RAG_p[OF vt_s[unfolded s_def], folded s_def]
 show ?thesis by auto
 qed
-lemma child_kept_left:
+lemma subtree_kept:
-assumes
+assumes "th' \<noteq> th"
-"(n1, n2) \<in> (child s')^+"
+shows "subtree (RAG s) (Th th') = subtree (RAG s') (Th th')"
-shows "(n1, n2) \<in> (child s)^+"
+proof(unfold RAG_s, rule subtree_insert_next)
-proof -
+from in_no_others_subtree[OF assms]
-from assms show ?thesis
+show "Th th \<notin> subtree (RAG s') (Th th')" .
-proof(induct rule: converse_trancl_induct)
+qed
-case (base y)
-from base obtain th1 cs1 th2
+lemma cp_kept:
-where h1: "(Th th1, Cs cs1) \<in> RAG s'"
+assumes "th' \<noteq> th"
-and h2: "(Cs cs1, Th th2) \<in> RAG s'"
-and eq_y: "y = Th th1" and eq_n2: "n2 = Th th2"  by (auto simp:child_def)
-have "cs1 \<noteq> cs"
-proof
-assume eq_cs: "cs1 = cs"
-with h1 have "(Th th1, Cs cs) \<in> RAG s'" by simp
-with ee show False
-by (auto simp:s_RAG_def cs_waiting_def)
-qed
-with h1 h2 RAG_s have
-h1': "(Th th1, Cs cs1) \<in> RAG s" and
-h2': "(Cs cs1, Th th2) \<in> RAG s" by auto
-hence "(Th th1, Th th2) \<in> child s" by (auto simp:child_def)
-with eq_y eq_n2 have "(y, n2) \<in> child s" by simp
-thus ?case by auto
-next
-case (step y z)
-have "(y, z) \<in> child s'" by fact
-then obtain th1 cs1 th2
-where h1: "(Th th1, Cs cs1) \<in> RAG s'"
-and h2: "(Cs cs1, Th th2) \<in> RAG s'"
-and eq_y: "y = Th th1" and eq_z: "z = Th th2"  by (auto simp:child_def)
-have "cs1 \<noteq> cs"
-proof
-assume eq_cs: "cs1 = cs"
-with h1 have "(Th th1, Cs cs) \<in> RAG s'" by simp
-with ee show False
-by (auto simp:s_RAG_def cs_waiting_def)
-qed
-with h1 h2 RAG_s have
-h1': "(Th th1, Cs cs1) \<in> RAG s" and
-h2': "(Cs cs1, Th th2) \<in> RAG s" by auto
-hence "(Th th1, Th th2) \<in> child s" by (auto simp:child_def)
-with eq_y eq_z have "(y, z) \<in> child s" by simp
-moreover have "(z, n2) \<in> (child s)^+" by fact
-ultimately show ?case by auto
-qed
-qed
-lemma  child_kept_right:
-assumes
-"(n1, n2) \<in> (child s)^+"
-shows "(n1, n2) \<in> (child s')^+"
-proof -
-from assms show ?thesis
-proof(induct)
-case (base y)
-from base and RAG_s
-have "(n1, y) \<in> child s'"
-apply (auto simp:child_def)
-proof -
-fix th'
-assume "(Th th', Cs cs) \<in> RAG s'"
-with ee have "False"
-by (auto simp:s_RAG_def cs_waiting_def)
-thus "\<exists>cs. (Th th', Cs cs) \<in> RAG s' \<and> (Cs cs, Th th) \<in> RAG s'" by auto
-qed
-thus ?case by auto
-next
-case (step y z)
-have "(y, z) \<in> child s" by fact
-with RAG_s have "(y, z) \<in> child s'"
-apply (auto simp:child_def)
-proof -
-fix th'
-assume "(Th th', Cs cs) \<in> RAG s'"
-with ee have "False"
-by (auto simp:s_RAG_def cs_waiting_def)
-thus "\<exists>cs. (Th th', Cs cs) \<in> RAG s' \<and> (Cs cs, Th th) \<in> RAG s'" by auto
-qed
-moreover have "(n1, y) \<in> (child s')\<^sup>+" by fact
-ultimately show ?case by auto
-qed
-qed
-lemma eq_child: "(child s)^+ = (child s')^+"
-by (insert child_kept_left child_kept_right, auto)
-lemma eq_cp:
-fixes th'
 shows "cp s th' = cp s' th'"
-apply (unfold cp_eq_cpreced cpreced_def)
+proof -
-proof -
+have "(the_preced s ` {th'a. Th th'a \<in> subtree (RAG s) (Th th')}) =
-have eq_dp: "\<And> th. dependants (wq s) th = dependants (wq s') th"
+(the_preced s' ` {th'a. Th th'a \<in> subtree (RAG s') (Th th')})"
-apply (unfold cs_dependants_def, unfold eq_RAG)
+by (unfold preced_kept subtree_kept[OF assms], simp)
-proof -
+thus ?thesis by (unfold cp_alt_def, simp)
-from eq_child
-have "\<And>th. {th'. (Th th', Th th) \<in> (child s)\<^sup>+} = {th'. (Th th', Th th) \<in> (child s')\<^sup>+}"
-by auto
-with child_RAG_eq[OF vt_s] child_RAG_eq[OF step_back_vt[OF vt_s[unfolded s_def]]]
-show "\<And>th. {th'. (Th th', Th th) \<in> (RAG s)\<^sup>+} = {th'. (Th th', Th th) \<in> (RAG s')\<^sup>+}"
-by simp
-qed
-moreover {
-fix th1
-assume "th1 \<in> {th'} \<union> dependants (wq s') th'"
-hence "th1 = th' \<or> th1 \<in> dependants (wq s') th'" by auto
-hence "preced th1 s = preced th1 s'"
-proof
-assume "th1 = th'"
-show "preced th1 s = preced th1 s'" by (simp add:s_def preced_def)
-next
-assume "th1 \<in> dependants (wq s') th'"
-show "preced th1 s = preced th1 s'" by (simp add:s_def preced_def)
-qed
-} ultimately have "((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))"
-by (auto simp:image_def)
-thus "Max ((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-Max ((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))" by simp
 qed
 end
-lemma tRAG_ancestorsE:
-assumes "x \<in> ancestors (tRAG s) u"
-obtains th where "x = Th th"
-proof -
-from assms have "(u, x) \<in> (tRAG s)^+"
-by (unfold ancestors_def, auto)
-from tranclE[OF this] obtain c where "(c, x) \<in> tRAG s" by auto
-then obtain th where "x = Th th"
-by (unfold tRAG_alt_def, auto)
-from that[OF this] show ?thesis .
-qed
 context step_P_cps_ne
 begin
 lemma RAG_s: "RAG s = RAG s' \<union> {(Th th, Cs cs)}"
 from this[folded tRAG_s] show ?thesis .
 qed
 show ?thesis by (unfold cp_alt_def1 h preced_kept, simp)
 qed
-lemma set_prop_split:
+lemma cp_gen_update_stop: (* ddd *)
-"A = {x. x \<in> A \<and> PP x} \<union> {x. x \<in> A \<and> \<not> PP x}"
-by auto
-lemma f_image_union_eq:
-assumes "f ` A = g ` A"
-and "f ` B = g ` B"
-shows "f ` (A \<union> B) = g ` (A \<union> B)"
-using assms by auto
-(* ccc *)
-lemma cp_gen_update_stop:
 assumes "u \<in> ancestors (tRAG s) (Th th)"
 and "cp_gen s u = cp_gen s' u"
 and "y \<in> ancestors (tRAG s) u"
 shows "cp_gen s y = cp_gen s' y"
 using assms(3)
 with True show ?thesis by metis
 next
 case False
 from a_in obtain th_a where eq_a: "a = Th th_a"
 by (auto simp:RTree.children_def tRAG_alt_def)
-have "a \<notin> ancestors (tRAG s) (Th th)" sorry
+have "a \<notin> ancestors (tRAG s) (Th th)"
+proof
+assume a_in': "a \<in> ancestors (tRAG s) (Th th)"
+have "a = z"
+proof(rule vat_s.rtree_s.ancestors_children_unique)
+from assms(1) h(1) have "z \<in> ancestors (tRAG s) (Th th)"
+by (auto simp:ancestors_def)
+with h(2) show " z \<in> ancestors (tRAG s) (Th th) \<inter>
+RTree.children (tRAG s) x" by auto
+next
+from a_in a_in'
+show "a \<in> ancestors (tRAG s) (Th th) \<inter> RTree.children (tRAG s) x"
+by auto
+qed
+with False show False by auto
+qed
 from cp_kept[OF this[unfolded eq_a]]
 have "cp s th_a = cp s' th_a" .
 from this[unfolded cp_gen_def_cond[OF eq_a], folded eq_a]
 show ?thesis .
 qed
 by (fold vat_s'.cp_gen_rec[OF eq_x], simp)
 finally show ?thesis .
 qed
 qed
+lemma cp_up:
+assumes "(Th th') \<in> ancestors (tRAG s) (Th th)"
-(* ccc *)
+and "cp s th' = cp s' th'"
+and "(Th th'') \<in> ancestors (tRAG s) (Th th')"
-lemma eq_child_left:
-assumes nd: "(Th th, Th th') \<notin> (child s)^+"
-shows "(n1, Th th') \<in> (child s)^+ \<Longrightarrow> (n1, Th th') \<in> (child s')^+"
-proof(induct rule:converse_trancl_induct)
-case (base y)
-from base obtain th1 cs1
-where h1: "(Th th1, Cs cs1) \<in> RAG s"
-and h2: "(Cs cs1, Th th') \<in> RAG s"
-and eq_y: "y = Th th1"   by (auto simp:child_def)
-have "th1 \<noteq> th"
-proof
-assume "th1 = th"
-with base eq_y have "(Th th, Th th') \<in> child s" by simp
-with nd show False by auto
-qed
-with h1 h2 RAG_s
-have h1': "(Th th1, Cs cs1) \<in> RAG s'" and
-h2': "(Cs cs1, Th th') \<in> RAG s'" by auto
-with eq_y show ?case by (auto simp:child_def)
-next
-case (step y z)
-have yz: "(y, z) \<in> child s" by fact
-then obtain th1 cs1 th2
-where h1: "(Th th1, Cs cs1) \<in> RAG s"
-and h2: "(Cs cs1, Th th2) \<in> RAG s"
-and eq_y: "y = Th th1" and eq_z: "z = Th th2"  by (auto simp:child_def)
-have "th1 \<noteq> th"
-proof
-assume "th1 = th"
-with yz eq_y have "(Th th, z) \<in> child s" by simp
-moreover have "(z, Th th') \<in> (child s)^+" by fact
-ultimately have "(Th th, Th th') \<in> (child s)^+" by auto
-with nd show False by auto
-qed
-with h1 h2 RAG_s have h1': "(Th th1, Cs cs1) \<in> RAG s'"
-and h2': "(Cs cs1, Th th2) \<in> RAG s'" by auto
-with eq_y eq_z have "(y, z) \<in> child s'" by (auto simp:child_def)
-moreover have "(z, Th th') \<in> (child s')^+" by fact
-ultimately show ?case by auto
-qed
-lemma eq_child_right:
-shows "(n1, Th th') \<in> (child s')^+ \<Longrightarrow> (n1, Th th') \<in> (child s)^+"
-proof(induct rule:converse_trancl_induct)
-case (base y)
-with RAG_s show ?case by (auto simp:child_def)
-next
-case (step y z)
-have "(y, z) \<in> child s'" by fact
-with RAG_s have "(y, z) \<in> child s" by (auto simp:child_def)
-moreover have "(z, Th th') \<in> (child s)^+" by fact
-ultimately show ?case by auto
-qed
-lemma eq_child:
-assumes nd: "(Th th, Th th') \<notin> (child s)^+"
-shows "((n1, Th th') \<in> (child s)^+) = ((n1, Th th') \<in> (child s')^+)"
-by (insert eq_child_left[OF nd] eq_child_right, auto)
-lemma eq_cp:
-assumes nd: "th \<notin> dependants s th'"
-shows "cp s th' = cp s' th'"
-apply (unfold cp_eq_cpreced cpreced_def)
-proof -
-have nd': "(Th th, Th th') \<notin> (child s)^+"
-proof
-assume "(Th th, Th th') \<in> (child s)\<^sup>+"
-with child_RAG_eq[OF vt_s]
-have "(Th th, Th th') \<in> (RAG s)\<^sup>+" by simp
-with nd show False
-by (simp add:s_dependants_def eq_RAG)
-qed
-have eq_dp: "dependants (wq s) th' = dependants (wq s') th'"
-proof(auto)
-fix x assume " x \<in> dependants (wq s) th'"
-thus "x \<in> dependants (wq s') th'"
-apply (auto simp:cs_dependants_def eq_RAG)
-proof -
-assume "(Th x, Th th') \<in> (RAG s)\<^sup>+"
-with  child_RAG_eq[OF vt_s] have "(Th x, Th th') \<in> (child s)\<^sup>+" by simp
-with eq_child[OF nd'] have "(Th x, Th th') \<in> (child s')^+" by simp
-with child_RAG_eq[OF step_back_vt[OF vt_s[unfolded s_def]]]
-show "(Th x, Th th') \<in> (RAG s')\<^sup>+" by simp
-qed
-next
-fix x assume "x \<in> dependants (wq s') th'"
-thus "x \<in> dependants (wq s) th'"
-apply (auto simp:cs_dependants_def eq_RAG)
-proof -
-assume "(Th x, Th th') \<in> (RAG s')\<^sup>+"
-with child_RAG_eq[OF step_back_vt[OF vt_s[unfolded s_def]]]
-have "(Th x, Th th') \<in> (child s')\<^sup>+" by simp
-with eq_child[OF nd'] have "(Th x, Th th') \<in> (child s)^+" by simp
-with  child_RAG_eq[OF vt_s]
-show "(Th x, Th th') \<in> (RAG s)\<^sup>+" by simp
-qed
-qed
-moreover {
-fix th1 have "preced th1 s = preced th1 s'" by (simp add:s_def preced_def)
-} ultimately have "((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))"
-by (auto simp:image_def)
-thus "Max ((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-Max ((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))" by simp
-qed
-lemma eq_up:
-assumes dp1: "th \<in> dependants s th'"
-and dp2: "th' \<in> dependants s th''"
-and eq_cps: "cp s th' = cp s' th'"
 shows "cp s th'' = cp s' th''"
 proof -
-from dp2
+have "cp_gen s (Th th'') = cp_gen s' (Th th'')"
-have "(Th th', Th th'') \<in> (RAG (wq s))\<^sup>+" by (simp add:s_dependants_def)
+proof(rule cp_gen_update_stop[OF assms(1) _ assms(3)])
-from RAG_child[OF vt_s this[unfolded eq_RAG]]
+from assms(2) cp_gen_def_cond[OF refl[of "Th th'"]]
-have ch_th': "(Th th', Th th'') \<in> (child s)\<^sup>+" .
+show "cp_gen s (Th th') = cp_gen s' (Th th')" by metis
-moreover {
+qed
-fix n th''
+with cp_gen_def_cond[OF refl[of "Th th''"]]
-have "\<lbrakk>(Th th', n) \<in> (child s)^+\<rbrakk> \<Longrightarrow>
+show ?thesis by metis
-(\<forall> th'' . n = Th th'' \<longrightarrow> cp s th'' = cp s' th'')"
-proof(erule trancl_induct, auto)
-fix y th''
-assume y_ch: "(y, Th th'') \<in> child s"
-and ih: "\<forall>th''. y = Th th'' \<longrightarrow> cp s th'' = cp s' th''"
-and ch': "(Th th', y) \<in> (child s)\<^sup>+"
-from y_ch obtain thy where eq_y: "y = Th thy" by (auto simp:child_def)
-with ih have eq_cpy:"cp s thy = cp s' thy" by blast
-from dp1 have "(Th th, Th th') \<in> (RAG s)^+" by (auto simp:s_dependants_def eq_RAG)
-moreover from child_RAG_p[OF ch'] and eq_y
-have "(Th th', Th thy) \<in> (RAG s)^+" by simp
-ultimately have dp_thy: "(Th th, Th thy) \<in> (RAG s)^+" by auto
-show "cp s th'' = cp s' th''"
-apply (subst cp_rec[OF vt_s])
-proof -
-have "preced th'' s = preced th'' s'"
-by (simp add:s_def preced_def)
-moreover {
-fix th1
-assume th1_in: "th1 \<in> children s th''"
-have "cp s th1 = cp s' th1"
-proof(cases "th1 = thy")
-case True
-with eq_cpy show ?thesis by simp
-next
-case False
-have neq_th1: "th1 \<noteq> th"
-proof
-assume eq_th1: "th1 = th"
-with dp_thy have "(Th th1, Th thy) \<in> (RAG s)^+" by simp
-from children_no_dep[OF vt_s _ _ this] and
-th1_in y_ch eq_y show False by (auto simp:children_def)
-qed
-have "th \<notin> dependants s th1"
-proof
-assume h:"th \<in> dependants s th1"
-from eq_y dp_thy have "th \<in> dependants s thy" by (auto simp:s_dependants_def eq_RAG)
-from dependants_child_unique[OF vt_s _ _ h this]
-th1_in y_ch eq_y have "th1 = thy" by (auto simp:children_def child_def)
-with False show False by auto
-qed
-from eq_cp[OF this]
-show ?thesis .
-qed
-}
-ultimately have "{preced th'' s} \<union> (cp s ` children s th'') =
-{preced th'' s'} \<union> (cp s' ` children s th'')" by (auto simp:image_def)
-moreover have "children s th'' = children s' th''"
-apply (unfold children_def child_def s_def RAG_set_unchanged, simp)
-apply (fold s_def, auto simp:RAG_s)
-proof -
-assume "(Cs cs, Th th'') \<in> RAG s'"
-with RAG_s have cs_th': "(Cs cs, Th th'') \<in> RAG s" by auto
-from dp1 have "(Th th, Th th') \<in> (RAG s)^+"
-by (auto simp:s_dependants_def eq_RAG)
-from converse_tranclE[OF this]
-obtain cs1 where h1: "(Th th, Cs cs1) \<in> RAG s"
-and h2: "(Cs cs1 , Th th') \<in> (RAG s)\<^sup>+"
-by (auto simp:s_RAG_def)
-have eq_cs: "cs1 = cs"
-proof -
-from RAG_s have "(Th th, Cs cs) \<in> RAG s" by simp
-from unique_RAG[OF vt_s this h1]
-show ?thesis by simp
-qed
-have False
-proof(rule converse_tranclE[OF h2])
-assume "(Cs cs1, Th th') \<in> RAG s"
-with eq_cs have "(Cs cs, Th th') \<in> RAG s" by simp
-from unique_RAG[OF vt_s this cs_th']
-have "th' = th''" by simp
-with ch' y_ch have "(Th th'', Th th'') \<in> (child s)^+" by auto
-with wf_trancl[OF wf_child[OF vt_s]]
-show False by auto
-next
-fix y
-assume "(Cs cs1, y) \<in> RAG s"
-and ytd: " (y, Th th') \<in> (RAG s)\<^sup>+"
-with eq_cs have csy: "(Cs cs, y) \<in> RAG s" by simp
-from unique_RAG[OF vt_s this cs_th']
-have "y = Th th''" .
-with ytd have "(Th th'', Th th') \<in> (RAG s)^+" by simp
-from RAG_child[OF vt_s this]
-have "(Th th'', Th th') \<in> (child s)\<^sup>+" .
-moreover from ch' y_ch have ch'': "(Th th', Th th'') \<in> (child s)^+" by auto
-ultimately have "(Th th'', Th th'') \<in> (child s)^+" by auto
-with wf_trancl[OF wf_child[OF vt_s]]
-show False by auto
-qed
-thus "\<exists>cs. (Th th, Cs cs) \<in> RAG s' \<and> (Cs cs, Th th'') \<in> RAG s'" by auto
-qed
-ultimately show "Max ({preced th'' s} \<union> cp s ` children s th'') = cp s' th''"
-by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]])
-qed
-next
-fix th''
-assume dp': "(Th th', Th th'') \<in> child s"
-show "cp s th'' = cp s' th''"
-apply (subst cp_rec[OF vt_s])
-proof -
-have "preced th'' s = preced th'' s'"
-by (simp add:s_def preced_def)
-moreover {
-fix th1
-assume th1_in: "th1 \<in> children s th''"
-have "cp s th1 = cp s' th1"
-proof(cases "th1 = th'")
-case True
-with eq_cps show ?thesis by simp
-next
-case False
-have neq_th1: "th1 \<noteq> th"
-proof
-assume eq_th1: "th1 = th"
-with dp1 have "(Th th1, Th th') \<in> (RAG s)^+"
-by (auto simp:s_dependants_def eq_RAG)
-from children_no_dep[OF vt_s _ _ this]
-th1_in dp'
-show False by (auto simp:children_def)
-qed
-show ?thesis
-proof(rule eq_cp)
-show "th \<notin> dependants s th1"
-proof
-assume "th \<in> dependants s th1"
-from dependants_child_unique[OF vt_s _ _ this dp1]
-th1_in dp' have "th1 = th'"
-by (auto simp:children_def)
-with False show False by auto
-qed
-qed
-qed
-}
-ultimately have "{preced th'' s} \<union> (cp s ` children s th'') =
-{preced th'' s'} \<union> (cp s' ` children s th'')" by (auto simp:image_def)
-moreover have "children s th'' = children s' th''"
-apply (unfold children_def child_def s_def RAG_set_unchanged, simp)
-apply (fold s_def, auto simp:RAG_s)
-proof -
-assume "(Cs cs, Th th'') \<in> RAG s'"
-with RAG_s have cs_th': "(Cs cs, Th th'') \<in> RAG s" by auto
-from dp1 have "(Th th, Th th') \<in> (RAG s)^+"
-by (auto simp:s_dependants_def eq_RAG)
-from converse_tranclE[OF this]
-obtain cs1 where h1: "(Th th, Cs cs1) \<in> RAG s"
-and h2: "(Cs cs1 , Th th') \<in> (RAG s)\<^sup>+"
-by (auto simp:s_RAG_def)
-have eq_cs: "cs1 = cs"
-proof -
-from RAG_s have "(Th th, Cs cs) \<in> RAG s" by simp
-from unique_RAG[OF vt_s this h1]
-show ?thesis by simp
-qed
-have False
-proof(rule converse_tranclE[OF h2])
-assume "(Cs cs1, Th th') \<in> RAG s"
-with eq_cs have "(Cs cs, Th th') \<in> RAG s" by simp
-from unique_RAG[OF vt_s this cs_th']
-have "th' = th''" by simp
-with dp' have "(Th th'', Th th'') \<in> (child s)^+" by auto
-with wf_trancl[OF wf_child[OF vt_s]]
-show False by auto
-next
-fix y
-assume "(Cs cs1, y) \<in> RAG s"
-and ytd: " (y, Th th') \<in> (RAG s)\<^sup>+"
-with eq_cs have csy: "(Cs cs, y) \<in> RAG s" by simp
-from unique_RAG[OF vt_s this cs_th']
-have "y = Th th''" .
-with ytd have "(Th th'', Th th') \<in> (RAG s)^+" by simp
-from RAG_child[OF vt_s this]
-have "(Th th'', Th th') \<in> (child s)\<^sup>+" .
-moreover from dp' have ch'': "(Th th', Th th'') \<in> (child s)^+" by auto
-ultimately have "(Th th'', Th th'') \<in> (child s)^+" by auto
-with wf_trancl[OF wf_child[OF vt_s]]
-show False by auto
-qed
-thus "\<exists>cs. (Th th, Cs cs) \<in> RAG s' \<and> (Cs cs, Th th'') \<in> RAG s'" by auto
-qed
-ultimately show "Max ({preced th'' s} \<union> cp s ` children s th'') = cp s' th''"
-by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]])
-qed
-qed
-}
-ultimately show ?thesis by auto
 qed
 end
 locale step_create_cps =
 fixes s' th prio s
 defines s_def : "s \<equiv> (Create th prio#s')"
 assumes vt_s: "vt s"
+sublocale step_create_cps < vat_s: valid_trace "s"
+by (unfold_locales, insert vt_s, simp)
+sublocale step_create_cps < vat_s': valid_trace "s'"
+by (unfold_locales, insert step_back_vt[OF vt_s[unfolded s_def]], simp)
 context step_create_cps
 begin
-lemma eq_dep: "RAG s = RAG s'"
+lemma RAG_kept: "RAG s = RAG s'"
 by (unfold s_def RAG_create_unchanged, auto)
+lemma tRAG_kept: "tRAG s = tRAG s'"
+by (unfold tRAG_alt_def RAG_kept, auto)
+lemma preced_kept:
+assumes "th' \<noteq> th"
+shows "the_preced s th' = the_preced s' th'"
+by (unfold s_def the_preced_def preced_def, insert assms, auto)
+lemma th_not_in: "Th th \<notin> Field (tRAG s')"
+proof -
+from vt_s[unfolded s_def]
+have "PIP s' (Create th prio)" by (cases, simp)
+hence "th \<notin> threads s'" by(cases, simp)
+from vat_s'.not_in_thread_isolated[OF this]
+have "Th th \<notin> Field (RAG s')" .
+with tRAG_Field show ?thesis by auto
+qed
 lemma eq_cp:
-fixes th'
 assumes neq_th: "th' \<noteq> th"
 shows "cp s th' = cp s' th'"
-apply (unfold cp_eq_cpreced cpreced_def)
+proof -
-proof -
+have "(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th') =
-have nd: "th \<notin> dependants s th'"
+(the_preced s' \<circ> the_thread) ` subtree (tRAG s') (Th th')"
-proof
+proof(unfold tRAG_kept, rule f_image_eq)
-assume "th \<in> dependants s th'"
+fix a
-hence "(Th th, Th th') \<in> (RAG s)^+" by (simp add:s_dependants_def eq_RAG)
+assume a_in: "a \<in> subtree (tRAG s') (Th th')"
-with eq_dep have "(Th th, Th th') \<in> (RAG s')^+" by simp
+then obtain th_a where eq_a: "a = Th th_a"
-from converse_tranclE[OF this]
+proof(cases rule:subtreeE)
-obtain y where "(Th th, y) \<in> RAG s'" by auto
+case 2
-with dm_RAG_threads[OF step_back_vt[OF vt_s[unfolded s_def]]]
+from ancestors_Field[OF 2(2)]
-have in_th: "th \<in> threads s'" by auto
+and that show ?thesis by (unfold tRAG_alt_def, auto)
-from step_back_step[OF vt_s[unfolded s_def]]
+qed auto
-show False
+have neq_th_a: "th_a \<noteq> th"
-proof(cases)
-assume "th \<notin> threads s'"
-with in_th show ?thesis by simp
-qed
-qed
-have eq_dp: "\<And> th. dependants (wq s) th = dependants (wq s') th"
-by (unfold cs_dependants_def, auto simp:eq_dep eq_RAG)
-moreover {
-fix th1
-assume "th1 \<in> {th'} \<union> dependants (wq s') th'"
-hence "th1 = th' \<or> th1 \<in> dependants (wq s') th'" by auto
-hence "preced th1 s = preced th1 s'"
-proof
-assume "th1 = th'"
-with neq_th
-show "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def)
-next
-assume "th1 \<in> dependants (wq s') th'"
-with nd and eq_dp have "th1 \<noteq> th"
-by (auto simp:eq_RAG cs_dependants_def s_dependants_def eq_dep)
-thus "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def)
-qed
-} ultimately have "((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))"
-by (auto simp:image_def)
-thus "Max ((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-Max ((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))" by simp
-qed
-lemma nil_dependants: "dependants s th = {}"
-proof -
-from step_back_step[OF vt_s[unfolded s_def]]
-show ?thesis
-proof(cases)
-assume "th \<notin> threads s'"
-from not_thread_holdents[OF step_back_vt[OF vt_s[unfolded s_def]] this]
-have hdn: " holdents s' th = {}" .
-have "dependants s' th = {}"
 proof -
-{ assume "dependants s' th \<noteq> {}"
+have "(Th th) \<notin> subtree (tRAG s') (Th th')"
-then obtain th' where dp: "(Th th', Th th) \<in> (RAG s')^+"
+proof
-by (auto simp:s_dependants_def eq_RAG)
+assume "Th th \<in> subtree (tRAG s') (Th th')"
-from tranclE[OF this] obtain cs' where
+thus False
-"(Cs cs', Th th) \<in> RAG s'" by (auto simp:s_RAG_def)
+proof(cases rule:subtreeE)
-with hdn
+case 2
-have False by (auto simp:holdents_test)
+from ancestors_Field[OF this(2)]
-} thus ?thesis by auto
+and th_not_in[unfolded Field_def]
-qed
+show ?thesis by auto
-thus ?thesis
+qed (insert assms, auto)
-by (unfold s_def s_dependants_def eq_RAG RAG_create_unchanged, simp)
+qed
-qed
+with a_in[unfolded eq_a] show ?thesis by auto
+qed
+from preced_kept[OF this]
+show "(the_preced s \<circ> the_thread) a = (the_preced s' \<circ> the_thread) a"
+by (unfold eq_a, simp)
+qed
+thus ?thesis by (unfold cp_alt_def1, simp)
+qed
+lemma children_of_th: "RTree.children (tRAG s) (Th th) = {}"
+proof -
+{ fix a
+assume "a \<in> RTree.children (tRAG s) (Th th)"
+hence "(a, Th th) \<in> tRAG s" by (auto simp:RTree.children_def)
+with th_not_in have False
+by (unfold Field_def tRAG_kept, auto)
+} thus ?thesis by auto
 qed
 lemma eq_cp_th: "cp s th = preced th s"
-apply (unfold cp_eq_cpreced cpreced_def)
+by (unfold vat_s.cp_rec children_of_th, simp add:the_preced_def)
-by (insert nil_dependants, unfold s_dependants_def cs_dependants_def, auto)
 end
 locale step_exit_cps =
 fixes s' th prio s
 defines s_def : "s \<equiv> Exit th # s'"
 assumes vt_s: "vt s"
+sublocale step_exit_cps < vat_s: valid_trace "s"
+by (unfold_locales, insert vt_s, simp)
+sublocale step_exit_cps < vat_s': valid_trace "s'"
+by (unfold_locales, insert step_back_vt[OF vt_s[unfolded s_def]], simp)
 context step_exit_cps
 begin
-lemma eq_dep: "RAG s = RAG s'"
+lemma preced_kept:
+assumes "th' \<noteq> th"
+shows "the_preced s th' = the_preced s' th'"
+by (unfold s_def the_preced_def preced_def, insert assms, auto)
+lemma RAG_kept: "RAG s = RAG s'"
 by (unfold s_def RAG_exit_unchanged, auto)
+lemma tRAG_kept: "tRAG s = tRAG s'"
+by (unfold tRAG_alt_def RAG_kept, auto)
+lemma th_ready: "th \<in> readys s'"
+proof -
+from vt_s[unfolded s_def]
+have "PIP s' (Exit th)" by (cases, simp)
+hence h: "th \<in> runing s' \<and> holdents s' th = {}" by (cases, metis)
+thus ?thesis by (unfold runing_def, auto)
+qed
+lemma th_holdents: "holdents s' th = {}"
+proof -
+from vt_s[unfolded s_def]
+have "PIP s' (Exit th)" by (cases, simp)
+thus ?thesis by (cases, metis)
+qed
+lemma th_RAG: "Th th \<notin> Field (RAG s')"
+proof -
+have "Th th \<notin> Range (RAG s')"
+proof
+assume "Th th \<in> Range (RAG s')"
+then obtain cs where "holding (wq s') th cs"
+by (unfold Range_iff s_RAG_def, auto)
+with th_holdents[unfolded holdents_def]
+show False by (unfold eq_holding, auto)
+qed
+moreover have "Th th \<notin> Domain (RAG s')"
+proof
+assume "Th th \<in> Domain (RAG s')"
+then obtain cs where "waiting (wq s') th cs"
+by (unfold Domain_iff s_RAG_def, auto)
+with th_ready show False by (unfold readys_def eq_waiting, auto)
+qed
+ultimately show ?thesis by (auto simp:Field_def)
+qed
+lemma th_tRAG: "(Th th) \<notin> Field (tRAG s')"
+using th_RAG tRAG_Field[of s'] by auto
 lemma eq_cp:
-fixes th'
 assumes neq_th: "th' \<noteq> th"
 shows "cp s th' = cp s' th'"
-apply (unfold cp_eq_cpreced cpreced_def)
+proof -
-proof -
+have "(the_preced s \<circ> the_thread) ` subtree (tRAG s) (Th th') =
-have nd: "th \<notin> dependants s th'"
+(the_preced s' \<circ> the_thread) ` subtree (tRAG s') (Th th')"
-proof
+proof(unfold tRAG_kept, rule f_image_eq)
-assume "th \<in> dependants s th'"
+fix a
-hence "(Th th, Th th') \<in> (RAG s)^+" by (simp add:s_dependants_def eq_RAG)
+assume a_in: "a \<in> subtree (tRAG s') (Th th')"
-with eq_dep have "(Th th, Th th') \<in> (RAG s')^+" by simp
+then obtain th_a where eq_a: "a = Th th_a"
-from converse_tranclE[OF this]
+proof(cases rule:subtreeE)
-obtain cs' where bk: "(Th th, Cs cs') \<in> RAG s'"
+case 2
-by (auto simp:s_RAG_def)
+from ancestors_Field[OF 2(2)]
-from step_back_step[OF vt_s[unfolded s_def]]
+and that show ?thesis by (unfold tRAG_alt_def, auto)
-show False
+qed auto
-proof(cases)
+have neq_th_a: "th_a \<noteq> th"
-assume "th \<in> runing s'"
+proof -
-with bk show ?thesis
+from readys_in_no_subtree[OF vat_s'.vt th_ready assms]
-apply (unfold runing_def readys_def s_waiting_def s_RAG_def)
+have "(Th th) \<notin> subtree (RAG s') (Th th')" .
-by (auto simp:cs_waiting_def wq_def)
+with tRAG_subtree_RAG[of s' "Th th'"]
-qed
+have "(Th th) \<notin> subtree (tRAG s') (Th th')" by auto
-qed
+with a_in[unfolded eq_a] show ?thesis by auto
-have eq_dp: "\<And> th. dependants (wq s) th = dependants (wq s') th"
+qed
-by (unfold cs_dependants_def, auto simp:eq_dep eq_RAG)
+from preced_kept[OF this]
-moreover {
+show "(the_preced s \<circ> the_thread) a = (the_preced s' \<circ> the_thread) a"
-fix th1
+by (unfold eq_a, simp)
-assume "th1 \<in> {th'} \<union> dependants (wq s') th'"
+qed
-hence "th1 = th' \<or> th1 \<in> dependants (wq s') th'" by auto
+thus ?thesis by (unfold cp_alt_def1, simp)
-hence "preced th1 s = preced th1 s'"
-proof
-assume "th1 = th'"
-with neq_th
-show "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def)
-next
-assume "th1 \<in> dependants (wq s') th'"
-with nd and eq_dp have "th1 \<noteq> th"
-by (auto simp:eq_RAG cs_dependants_def s_dependants_def eq_dep)
-thus "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def)
-qed
-} ultimately have "((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))"
-by (auto simp:image_def)
-thus "Max ((\<lambda>th. preced th s) ` ({th'} \<union> dependants (wq s) th')) =
-Max ((\<lambda>th. preced th s') ` ({th'} \<union> dependants (wq s') th'))" by simp
 qed
 end
 end

changeset 60	f98a95f3deae
parent 59	0a069a667301
child 61	f8194fd6214f