201 @{term "threads (DUMMY#s)"} & @{text "\<equiv>"} & @{term "threads s"}\\ |
202 @{term "threads (DUMMY#s)"} & @{text "\<equiv>"} & @{term "threads s"}\\ |
202 \end{tabular}} |
203 \end{tabular}} |
203 \end{isabelle} |
204 \end{isabelle} |
204 |
205 |
205 \noindent |
206 \noindent |
|
207 In this definition @{term "DUMMY # DUMMY"} stands for list-cons. |
206 Another function calculates the priority for a thread @{text "th"}, which is |
208 Another function calculates the priority for a thread @{text "th"}, which is |
207 defined as |
209 defined as |
208 |
210 |
209 \begin{isabelle}\ \ \ \ \ %%% |
211 \begin{isabelle}\ \ \ \ \ %%% |
210 \mbox{\begin{tabular}{lcl} |
212 \mbox{\begin{tabular}{lcl} |
348 |
350 |
349 Next we introduce the notion of the \emph{current precedence} of a thread @{text th} in a |
351 Next we introduce the notion of the \emph{current precedence} of a thread @{text th} in a |
350 state @{text s}. It is defined as |
352 state @{text s}. It is defined as |
351 |
353 |
352 \begin{isabelle}\ \ \ \ \ %%% |
354 \begin{isabelle}\ \ \ \ \ %%% |
353 @{thm cpreced_def2}\numbered{permprops} |
355 @{thm cpreced_def2}\hfill\numbered{cpreced} |
354 \end{isabelle} |
356 \end{isabelle} |
355 |
357 |
356 \noindent |
358 \noindent |
357 While the precedence @{term prec} of a thread is determined by the programmer |
359 While the precedence @{term prec} of a thread is determined by the programmer |
358 (for example when the thread is |
360 (for example when the thread is |
372 \begin{isabelle}\ \ \ \ \ %%% |
374 \begin{isabelle}\ \ \ \ \ %%% |
373 @{text "\<lparr>wq_fun, cprec_fun\<rparr>"} |
375 @{text "\<lparr>wq_fun, cprec_fun\<rparr>"} |
374 \end{isabelle} |
376 \end{isabelle} |
375 |
377 |
376 \noindent |
378 \noindent |
377 The first function is a waiting queue function (that is takes a @{text "cs"} and returns the |
379 The first function is a waiting queue function (that is it takes a resource @{text "cs"} and returns the |
378 corresponding list of threads that wait for it), the second is a function that takes |
380 corresponding list of threads that wait for it), the second is a function that takes |
379 a thread and returns its current precedence (see ???). We assume the usual getter and |
381 a thread and returns its current precedence (see \eqref{cpreced}). We assume the usual getter and |
380 setter methods for such records. |
382 setter methods for such records. |
381 |
383 |
382 In the initial state, the scheduler starts with all resources unlocked and the |
384 In the initial state, the scheduler starts with all resources unlocked and the |
383 current precedence of every thread is initialised with @{term "Prc 0 0"}; that means |
385 current precedence of every thread is initialised with @{term "Prc 0 0"}; that means |
384 @{abbrev initial_cprec}. Therefore |
386 \mbox{@{abbrev initial_cprec}}. Therefore |
385 we have |
387 we have |
386 |
388 |
387 \begin{isabelle}\ \ \ \ \ %%% |
389 \begin{isabelle}\ \ \ \ \ %%% |
388 \begin{tabular}{@ {}l} |
390 \begin{tabular}{@ {}l} |
389 @{thm (lhs) schs.simps(1)} @{text "\<equiv>"}\\ |
391 @{thm (lhs) schs.simps(1)} @{text "\<equiv>"}\\ |
468 \hspace{8mm}@{term "(|wq_fun = new_wq, cprec_fun = cpreced new_wq (V th cs # s)|)"} |
470 \hspace{8mm}@{term "(|wq_fun = new_wq, cprec_fun = cpreced new_wq (V th cs # s)|)"} |
469 \end{tabular} |
471 \end{tabular} |
470 \end{isabelle} |
472 \end{isabelle} |
471 |
473 |
472 Having the scheduler function @{term schs} at our disposal, we can ``lift'' the notions |
474 Having the scheduler function @{term schs} at our disposal, we can ``lift'' the notions |
473 @{term waiting}, @{term holding} @{term depend} and @{term cp} such that they only depend |
475 @{term waiting}, @{term holding}, @{term depend} and @{term cp} such that they only depend |
474 on states. |
476 on states. |
475 |
477 |
476 \begin{isabelle}\ \ \ \ \ %%% |
478 \begin{isabelle}\ \ \ \ \ %%% |
477 \begin{tabular}{@ {}rcl} |
479 \begin{tabular}{@ {}rcl} |
478 @{thm (lhs) s_holding_abv} & @{text "\<equiv>"} & @{thm (rhs) s_holding_abv}\\ |
480 @{thm (lhs) s_holding_abv} & @{text "\<equiv>"} & @{thm (rhs) s_holding_abv}\\ |
481 @{thm (lhs) cp_def} & @{text "\<equiv>"} & @{thm (rhs) cp_def} |
483 @{thm (lhs) cp_def} & @{text "\<equiv>"} & @{thm (rhs) cp_def} |
482 \end{tabular} |
484 \end{tabular} |
483 \end{isabelle} |
485 \end{isabelle} |
484 |
486 |
485 \noindent |
487 \noindent |
486 With them we can introduce the notion of threads being @{term readys} (i.e.~threads |
488 With these abbreviations we can introduce for states |
|
489 the notion of threads being @{term readys} (i.e.~threads |
487 that do not wait for any resource) and the running thread. |
490 that do not wait for any resource) and the running thread. |
488 |
491 |
489 \begin{isabelle}\ \ \ \ \ %%% |
492 \begin{isabelle}\ \ \ \ \ %%% |
490 \begin{tabular}{@ {}l} |
493 \begin{tabular}{@ {}l} |
491 @{thm readys_def}\\ |
494 @{thm readys_def}\\ |
492 @{thm runing_def}\\ |
495 @{thm runing_def}\\ |
493 \end{tabular} |
496 \end{tabular} |
494 \end{isabelle} |
497 \end{isabelle} |
495 |
498 |
496 \noindent |
499 \noindent |
|
500 In this definition @{term "f ` S"} stands for the set @{text S} under the image of the |
|
501 function @{text f}. |
497 Note that in the initial case, that is where the list of events is empty, the set |
502 Note that in the initial case, that is where the list of events is empty, the set |
498 @{term threads} is empty and therefore there is no thread ready nor a running. |
503 @{term threads} is empty and therefore there is no thread ready nor a running. |
499 If there is one or more threads ready, then there can only be \emph{one} thread |
504 If there is one or more threads ready, then there can only be \emph{one} thread |
500 running, namely the one whose current precedence is equal to the maximum of all ready |
505 running, namely the one whose current precedence is equal to the maximum of all ready |
501 threads. We can also define the set of resources that are locked by a thread in a |
506 threads. We can also define the set of resources that are locked by a thread in any |
502 given state. |
507 given state. |
503 |
508 |
504 \begin{isabelle}\ \ \ \ \ %%% |
509 \begin{isabelle}\ \ \ \ \ %%% |
505 @{thm holdents_def} |
510 @{thm holdents_def} |
506 \end{isabelle} |
511 \end{isabelle} |
507 |
512 |
508 \noindent |
513 \noindent |
509 These resources are given by the holding edges in the RAG. |
514 These resources are given by the holding edges in the RAG. |
510 |
515 |
511 Finally we can define what a \emph{valid state} is. For example we cannot exptect to |
516 Finally we can define what a \emph{valid state} is in our PIP. For example we cannot exptect to |
512 be able to exit a thread, if it was not created yet. These validity constraints |
517 be able to exit a thread, if it was not created yet. These validity constraints |
513 are characterised by the inductive predicate @{term "step"} by the following five |
518 are characterised by the inductive predicate @{term "step"}. We give five |
514 inference rules relating a state and an event that can happen next. |
519 inference rules relating a state and an event that can happen next. |
515 |
520 |
516 \begin{center} |
521 \begin{center} |
517 \begin{tabular}{c} |
522 \begin{tabular}{c} |
518 @{thm[mode=Rule] thread_create[where thread=th]}\hspace{1cm} |
523 @{thm[mode=Rule] thread_create[where thread=th]}\hspace{1cm} |