Mercurial Mercurial > hg > regexp / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
prio/Paper/Paper.thy
changeset 335 7fe2a20017c0
parent 333 813e7257c7c3
child 336 f9e0d3274c14
equal deleted inserted replaced
334:d47c2143ab8a 335:7fe2a20017c0 
     1 (*<*)
 
     1 (*<*)
 
     2 theory Paper
 
     2 theory Paper
 
     3 imports "../CpsG" "../ExtGG" "~~/src/HOL/Library/LaTeXsugar"
 
     3 imports "../CpsG" "../ExtGG" "~~/src/HOL/Library/LaTeXsugar"
 
     4 begin
 
     4 begin
 
       
     5 
       
     6 (*
 
       
     7 find_unused_assms CpsG 
       
     8 find_unused_assms ExtGG 
       
     9 find_unused_assms Moment 
       
    10 find_unused_assms Precedence_ord 
       
    11 find_unused_assms PrioG 
       
    12 find_unused_assms PrioGDef
 
       
    13 *)
 
     5 ML {*
 
    14 ML {*
 
     6   open Printer;
 
    15   open Printer;
 
     7   show_question_marks_default := false;
 
    16   show_question_marks_default := false;
 
     8   *}
 
    17   *}
 
     9 
    18 
   311   \begin{isabelle}\ \ \ \ \ %%%
 
   320   \begin{isabelle}\ \ \ \ \ %%%
 
   312   @{thm cs_depend_def}
 
   321   @{thm cs_depend_def}
 
   313   \end{isabelle}
 
   322   \end{isabelle}
 
   314 
   323 
   315   \noindent
 
   324   \noindent
 
   316   Given three threads and three resources, an instance of a RAG can be pictured 
   325   Given four threads and three resources, an instance of a RAG can be pictured 
   317   as follows:
 
   326   as follows:
 
   318 
   327 
   319   \begin{center}
 
   328   \begin{center}
 
   320   \newcommand{\fnt}{\fontsize{7}{8}\selectfont}
 
   329   \newcommand{\fnt}{\fontsize{7}{8}\selectfont}
 
   321   \begin{tikzpicture}[scale=1]
 
   330   \begin{tikzpicture}[scale=1]
 
   499   @{thm (lhs) cp_def}        & @{text "\<equiv>"} & @{thm (rhs) cp_def}
 
   508   @{thm (lhs) cp_def}        & @{text "\<equiv>"} & @{thm (rhs) cp_def}
 
   500   \end{tabular}
 
   509   \end{tabular}
 
   501   \end{isabelle}
 
   510   \end{isabelle}
 
   502 
   511 
   503   \noindent
 
   512   \noindent
 
   504   With these abbreviations we can introduce 
   513   With these abbreviations in place we can introduce 
   505   the notion of threads being @{term readys} in a state (i.e.~threads
 
   514   the notion of threads being @{term readys} in a state (i.e.~threads
 
   506   that do not wait for any resource) and the running thread.
 
   515   that do not wait for any resource) and the running thread.
 
   507 
   516 
   508   \begin{isabelle}\ \ \ \ \ %%%
 
   517   \begin{isabelle}\ \ \ \ \ %%%
 
   509   \begin{tabular}{@ {}l}
 
   518   \begin{tabular}{@ {}l}
 
   624   only one lock, can cause indefinite Priority Inversion for one of the
 
   633   only one lock, can cause indefinite Priority Inversion for one of the
 
   625   high-priority threads, invalidating their two bounds.
 
   634   high-priority threads, invalidating their two bounds.
 
   626 
   635 
   627   Even when fixed, their proof idea does not seem to go through for
 
   636   Even when fixed, their proof idea does not seem to go through for
 
   628   us, because of the way we have set up our formal model of PIP.  One
 
   637   us, because of the way we have set up our formal model of PIP.  One
 
   629   reason is that we allow that critical sections can intersect
 
   638   reason is that we allow critical sections to intersect
 
   630   (something Sha et al.~explicitly exclude).  Therefore we have
 
   639   (something Sha et al.~explicitly exclude).  Therefore we have
 
   631   designed a different correctness criterion for PIP. The idea behind
 
   640   designed a different correctness criterion for PIP. The idea behind
 
   632   our criterion is as follows: for all states @{text s}, we know the
 
   641   our criterion is as follows: for all states @{text s}, we know the
 
   633   corresponding thread @{text th} with the highest precedence; we show
 
   642   corresponding thread @{text th} with the highest precedence; we show
 
   634   that in every future state (denoted by @{text "s' @ s"}) in which
 
   643   that in every future state (denoted by @{text "s' @ s"}) in which
 
   635   @{text th} is still alive, either @{text th} is running or it is
 
   644   @{text th} is still alive, either @{text th} is running or it is
 
   636   blocked by a thread that was alive in the state @{text s} and was in
 
   645   blocked by a thread that was alive in the state @{text s} and was waiting 
   637   the possession of a lock in @{text s}. Since in @{text s}, as in
 
   646   or in the possession of a lock in @{text s}. Since in @{text s}, as in
 
   638   every state, the set of alive threads is finite, @{text th} can only
 
   647   every state, the set of alive threads is finite, @{text th} can only
 
   639   be blocked a finite number of times. This is independent of how many
 
   648   be blocked a finite number of times. This is independent of how many
 
   640   threads of lower priority are created in @{text "s'"}. We will actually prove a
 
   649   threads of lower priority are created in @{text "s'"}. We will actually prove a
 
   641   stronger statement where we also provide the current precedence of
 
   650   stronger statement where we also provide the current precedence of
 
   642   the blocking thread. However, this correctness criterion hinges upon
 
   651   the blocking thread. However, this correctness criterion hinges upon
 
  1066   current precedence unchanged. For the others we have to recalculate the current
 
  1075   current precedence unchanged. For the others we have to recalculate the current
 
  1067   precedence. To do this we can start from @{term "th"} 
  1076   precedence. To do this we can start from @{term "th"} 
  1068   and follow the @{term "depend"}-edges to recompute  using Lemma~\ref{childrenlem} 
  1077   and follow the @{term "depend"}-edges to recompute  using Lemma~\ref{childrenlem} 
  1069   the @{term "cp"} of every 
  1078   the @{term "cp"} of every 
  1070   thread encountered on the way. Since the @{term "depend"}
 
  1079   thread encountered on the way. Since the @{term "depend"}
 
  1071   is loop free, this procedure will always stop. The following two lemmas show, however, 
  1080   is assumed to be loop free, this procedure will always stop. The following two lemmas show, however, 
  1072   that this procedure can actually stop often earlier without having to consider all
 
  1081   that this procedure can actually stop often earlier without having to consider all
 
  1073   dependants.
 
  1082   dependants.
 
  1074 
  1083 
  1075   \begin{isabelle}\ \ \ \ \ %%%
 
  1084   \begin{isabelle}\ \ \ \ \ %%%
 
  1076   \begin{tabular}{@ {}l}
 
  1085   \begin{tabular}{@ {}l}
regexp