diff -r e861aff29655 -r 9b9f2117561f CpsG.thy --- a/CpsG.thy Tue May 06 14:36:40 2014 +0100 +++ b/CpsG.thy Thu May 15 16:02:44 2014 +0100 @@ -1,3 +1,4 @@ + theory CpsG imports PrioG begin @@ -158,13 +159,7 @@ assumes nt1: "next_th s th cs th1" and nt2: "next_th s th cs th2" shows "th1 = th2" -proof - - from assms show ?thesis - by (unfold next_th_def, auto) -qed - -lemma pp_sub: "(r^+)^+ \ r^+" - by auto +using assms by (unfold next_th_def, auto) lemma wf_depend: assumes vt: "vt s" @@ -246,7 +241,7 @@ definition child :: "state \ (node \ node) set" where "child s \ - {(Th th', Th th) | th th'. \ cs. (Th th', Cs cs) \ depend s \ (Cs cs, Th th) \ depend s}" + {(Th th', Th th) | th th'. \cs. (Th th', Cs cs) \ depend s \ (Cs cs, Th th) \ depend s}" definition children :: "state \ thread \ thread set" where "children s th \ {th'. (Th th', Th th) \ child s}" @@ -263,31 +258,18 @@ and ch1: "(Th th, Th th1) \ child s" and ch2: "(Th th, Th th2) \ child s" shows "th1 = th2" -proof - - from ch1 ch2 show ?thesis - proof(unfold child_def, clarsimp) - fix cs csa - assume h1: "(Th th, Cs cs) \ depend s" - and h2: "(Cs cs, Th th1) \ depend s" - and h3: "(Th th, Cs csa) \ depend s" - and h4: "(Cs csa, Th th2) \ depend s" - from unique_depend[OF vt h1 h3] have "cs = csa" by simp - with h4 have "(Cs cs, Th th2) \ depend s" by simp - from unique_depend[OF vt h2 this] - show "th1 = th2" by simp - qed -qed - - -lemma cp_eq_cpreced_f: "cp s = cpreced (wq s) s" -proof - - from fun_eq_iff - have h:"\f g. (\ x. f x = g x) \ f = g" by auto - show ?thesis - proof(rule h) - from cp_eq_cpreced show "\x. cp s x = cpreced (wq s) s x" by auto - qed -qed +using ch1 ch2 +proof(unfold child_def, clarsimp) + fix cs csa + assume h1: "(Th th, Cs cs) \ depend s" + and h2: "(Cs cs, Th th1) \ depend s" + and h3: "(Th th, Cs csa) \ depend s" + and h4: "(Cs csa, Th th2) \ depend s" + from unique_depend[OF vt h1 h3] have "cs = csa" by simp + with h4 have "(Cs cs, Th th2) \ depend s" by simp + from unique_depend[OF vt h2 this] + show "th1 = th2" by simp +qed lemma depend_children: assumes h: "(Th th1, Th th2) \ (depend s)^+" @@ -334,12 +316,10 @@ lemma wf_child: assumes vt: "vt s" shows "wf (child s)" -proof(rule wf_subset) - from wf_trancl[OF wf_depend[OF vt]] - show "wf ((depend s)\<^sup>+)" . -next - from sub_child show "child s \ (depend s)\<^sup>+" . -qed +apply(rule wf_subset) +apply(rule wf_trancl[OF wf_depend[OF vt]]) +apply(rule sub_child) +done lemma depend_child_pre: assumes vt: "vt s" @@ -396,9 +376,7 @@ lemma child_depend_eq: assumes vt: "vt s" - shows - "((Th th1, Th th2) \ (child s)^+) = - ((Th th1, Th th2) \ (depend s)^+)" + shows "(Th th1, Th th2) \ (child s)^+ \ (Th th1, Th th2) \ (depend s)^+" by (auto intro: depend_child[OF vt] child_depend_p) lemma children_no_dep: @@ -413,7 +391,6 @@ have "(Th th1, Th th2) \ (child s)\<^sup>+" . thus ?thesis proof(rule converse_tranclE) - thm tranclD assume "(Th th1, Th th2) \ child s" from child_unique[OF vt ch1 this] have "th = th2" by simp with ch2 have "(Th th2, Th th2) \ child s" by simp @@ -473,152 +450,135 @@ } thus ?thesis by auto qed +lemma depend_plus_elim: + assumes "vt s" + fixes x + assumes "(Th x, Th th) \ (depend (wq s))\<^sup>+" + shows "\th'\children s th. x = th' \ (Th x, Th th') \ (depend (wq s))\<^sup>+" + using assms(2)[unfolded eq_depend, folded child_depend_eq[OF `vt s`]] + apply (unfold children_def) + by (metis assms(2) children_def depend_children eq_depend) + +lemma dependants_expand_pre: + assumes "vt s" + shows "dependants (wq s) th = (\ th' \ children s th. {th'} \ dependants (wq s) th')" + apply (unfold cs_dependants_def) + apply (auto elim!:depend_plus_elim[OF assms]) + apply (metis children_def eq_depend mem_Collect_eq set_mp sub_child) + apply (unfold children_def, auto) + apply (unfold eq_depend, fold child_depend_eq[OF `vt s`]) + by (metis trancl.simps) + +lemma dependants_expand: + assumes "vt s" + shows "dependants (wq s) th = (\ ((\ th. {th} \ dependants (wq s) th) ` (children s th)))" + apply (subst dependants_expand_pre[OF assms]) + by simp + +lemma finite_children: + assumes "vt s" + shows "finite (children s th)" + using children_dependants dependants_threads[OF assms] finite_threads[OF assms] + by (metis rev_finite_subset) + +lemma finite_dependants: + assumes "vt s" + shows "finite (dependants (wq s) th')" + using dependants_threads[OF assms] finite_threads[OF assms] + by (metis rev_finite_subset) + +lemma Max_insert: + assumes "finite B" + and "B \ {}" + shows "Max ({x} \ B) = max x (Max B)" + by (metis Max_insert assms insert_is_Un) + +lemma dependands_expand2: + assumes "vt s" + shows "dependants (wq s) th = (children s th) \ (\((dependants (wq s)) ` children s th))" + by (subst dependants_expand[OF assms]) (auto) + +abbreviation + "preceds s Ths \ {preced th s| th. th \ Ths}" + +lemma image_compr: + "f ` A = {f x | x. x \ A}" +by auto + +lemma Un_compr: + "{f th | th. R th \ Q th} = ({f th | th. R th} \ {f th' | th'. Q th'})" +by auto + +lemma in_disj: + shows "x \ A \ (\y \ A. x \ Q y) \ (\y \ A. x = y \ x \ Q y)" +by metis + +lemma UN_exists: + shows "(\x \ A. {f y | y. Q y x}) = ({f y | y. (\x \ A. Q y x)})" +by auto + lemma cp_rec: fixes s th assumes vt: "vt s" shows "cp s th = Max ({preced th s} \ (cp s ` children s th))" -proof(unfold cp_eq_cpreced_f cpreced_def) - let ?f = "(\th. preced th s)" - show "Max ((\th. preced th s) ` ({th} \ dependants (wq s) th)) = - Max ({preced th s} \ (\th. Max ((\th. preced th s) ` ({th} \ dependants (wq s) th))) ` children s th)" - proof(cases " children s th = {}") - case False - have "(\th. Max ((\th. preced th s) ` ({th} \ dependants (wq s) th))) ` children s th = - {Max ((\th. preced th s) ` ({th'} \ dependants (wq s) th')) | th' . th' \ children s th}" - (is "?L = ?R") - by auto - also have "\ = - Max ` {((\th. preced th s) ` ({th'} \ dependants (wq s) th')) | th' . th' \ children s th}" - (is "_ = Max ` ?C") - by auto - finally have "Max ?L = Max (Max ` ?C)" by auto - also have "\ = Max (\ ?C)" - proof(rule Max_Union[symmetric]) - from children_dependants[of s th] finite_threads[OF vt] and dependants_threads[OF vt, of th] - show "finite {(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - by (auto simp:finite_subset) - next - from False - show "{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th} \ {}" - by simp - next - show "\A. A \ {(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th} \ - finite A \ A \ {}" - apply (auto simp:finite_subset) - proof - - fix th' - from finite_threads[OF vt] and dependants_threads[OF vt, of th'] - show "finite ((\th. preced th s) ` dependants (wq s) th')" by (auto simp:finite_subset) - qed - qed - also have "\ = Max ((\th. preced th s) ` dependants (wq s) th)" - (is "Max ?A = Max ?B") - proof - - have "?A = ?B" - proof - show "\{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th} - \ (\th. preced th s) ` dependants (wq s) th" - proof - fix x - assume "x \ \{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - then obtain th' where - th'_in: "th' \ children s th" - and x_in: "x \ ?f ` ({th'} \ dependants (wq s) th')" by auto - hence "x = ?f th' \ x \ (?f ` dependants (wq s) th')" by auto - thus "x \ ?f ` dependants (wq s) th" - proof - assume "x = preced th' s" - with th'_in and children_dependants - show "x \ (\th. preced th s) ` dependants (wq s) th" by auto - next - assume "x \ (\th. preced th s) ` dependants (wq s) th'" - moreover note th'_in - ultimately show " x \ (\th. preced th s) ` dependants (wq s) th" - by (unfold cs_dependants_def children_def child_def, auto simp:eq_depend) - qed - qed - next - show "?f ` dependants (wq s) th - \ \{?f ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - proof - fix x - assume x_in: "x \ (\th. preced th s) ` dependants (wq s) th" - then obtain th' where - eq_x: "x = ?f th'" and dp: "(Th th', Th th) \ (depend s)^+" - by (auto simp:cs_dependants_def eq_depend) - from depend_children[OF dp] - have "th' \ children s th \ (\th3. th3 \ children s th \ (Th th', Th th3) \ (depend s)\<^sup>+)" . - thus "x \ \{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - proof - assume "th' \ children s th" - with eq_x - show "x \ \{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - by auto - next - assume "\th3. th3 \ children s th \ (Th th', Th th3) \ (depend s)\<^sup>+" - then obtain th3 where th3_in: "th3 \ children s th" - and dp3: "(Th th', Th th3) \ (depend s)\<^sup>+" by auto - show "x \ \{(\th. preced th s) ` ({th'} \ dependants (wq s) th') |th'. th' \ children s th}" - proof - - from dp3 - have "th' \ dependants (wq s) th3" - by (auto simp:cs_dependants_def eq_depend) - with eq_x th3_in show ?thesis by auto - qed - qed - qed - qed - thus ?thesis by simp - qed - finally have "Max ((\th. preced th s) ` dependants (wq s) th) = Max (?L)" - (is "?X = ?Y") by auto - moreover have "Max ((\th. preced th s) ` ({th} \ dependants (wq s) th)) = - max (?f th) ?X" - proof - - have "Max ((\th. preced th s) ` ({th} \ dependants (wq s) th)) = - Max ({?f th} \ ?f ` (dependants (wq s) th))" by simp - also have "\ = max (Max {?f th}) (Max (?f ` (dependants (wq s) th)))" - proof(rule Max_Un, auto) - from finite_threads[OF vt] and dependants_threads[OF vt, of th] - show "finite ((\th. preced th s) ` dependants (wq s) th)" by (auto simp:finite_subset) - next - assume "dependants (wq s) th = {}" - with False and children_dependants show False by auto - qed - also have "\ = max (?f th) ?X" by simp - finally show ?thesis . - qed - moreover have "Max ({preced th s} \ - (\th. Max ((\th. preced th s) ` ({th} \ dependants (wq s) th))) ` children s th) = - max (?f th) ?Y" - proof - - have "Max ({preced th s} \ - (\th. Max ((\th. preced th s) ` ({th} \ dependants (wq s) th))) ` children s th) = - max (Max {preced th s}) ?Y" - proof(rule Max_Un, auto) - from finite_threads[OF vt] dependants_threads[OF vt, of th] children_dependants [of s th] - show "finite ((\th. Max (insert (preced th s) ((\th. preced th s) ` dependants (wq s) th))) ` - children s th)" - by (auto simp:finite_subset) - next - assume "children s th = {}" - with False show False by auto - qed - thus ?thesis by simp - qed - ultimately show ?thesis by auto - next - case True - moreover have "dependants (wq s) th = {}" - proof - - { fix th' - assume "th' \ dependants (wq s) th" - hence " (Th th', Th th) \ (depend s)\<^sup>+" by (simp add:cs_dependants_def eq_depend) - from depend_children[OF this] and True - have "False" by auto - } thus ?thesis by auto - qed - ultimately show ?thesis by auto +proof(cases "children s th = {}") + case True + show ?thesis + unfolding cp_eq_cpreced cpreced_def + by (subst dependants_expand[OF `vt s`]) (simp add: True) +next + case False + show ?thesis (is "?LHS = ?RHS") + proof - + have eq_cp: "cp s = (\th. Max (preceds s ({th} \ dependants (wq s) th)))" + by (simp add: fun_eq_iff cp_eq_cpreced cpreced_def Un_compr image_compr[symmetric]) + + have not_emptyness_facts[simp]: + "dependants (wq s) th \ {}" "children s th \ {}" + using False dependands_expand2[OF assms] by(auto simp only: Un_empty) + + have finiteness_facts[simp]: + "\th. finite (dependants (wq s) th)" "\th. finite (children s th)" + by (simp_all add: finite_dependants[OF `vt s`] finite_children[OF `vt s`]) + + (* expanding definition *) + have "?LHS = Max ({preced th s} \ preceds s (dependants (wq s) th))" + unfolding eq_cp by (simp add: Un_compr) + + (* moving Max in *) + also have "\ = max (Max {preced th s}) (Max (preceds s (dependants (wq s) th)))" + by (simp add: Max_Un) + + (* expanding dependants *) + also have "\ = max (Max {preced th s}) + (Max (preceds s (children s th \ \(dependants (wq s) ` children s th))))" + by (subst dependands_expand2[OF `vt s`]) (simp) + + (* moving out big Union *) + also have "\ = max (Max {preced th s}) + (Max (preceds s (\ ({children s th} \ (dependants (wq s) ` children s th)))))" + by simp + + (* moving in small union *) + also have "\ = max (Max {preced th s}) + (Max (preceds s (\ ((\th. {th} \ (dependants (wq s) th)) ` children s th))))" + by (simp add: in_disj) + + (* moving in preceds *) + also have "\ = max (Max {preced th s}) + (Max (\ ((\th. preceds s ({th} \ (dependants (wq s) th))) ` children s th)))" + by (simp add: UN_exists) + + (* moving in Max *) + also have "\ = max (Max {preced th s}) + (Max ((\th. Max (preceds s ({th} \ (dependants (wq s) th)))) ` children s th))" + by (subst Max_Union) (auto simp add: image_image) + + (* folding cp + moving out Max *) + also have "\ = ?RHS" + unfolding eq_cp by (simp add: Max_insert) + + finally show "?LHS = ?RHS" . qed qed @@ -1936,7 +1896,7 @@ locale step_exit_cps = fixes s' th prio s - defines s_def : "s \ (Exit th#s')" + defines s_def : "s \ Exit th # s'" assumes vt_s: "vt s" context step_exit_cps