diff -r 12e9aa68d5db -r 4190df6f4488 prio/CpsG.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/prio/CpsG.thy Tue Jan 24 00:20:09 2012 +0000 @@ -0,0 +1,1826 @@ +theory CpsG +imports PrioG +begin + +lemma not_thread_holdents: + fixes th s + assumes vt: "vt step s" + and not_in: "th \ threads s" + shows "holdents s th = {}" +proof - + from vt not_in show ?thesis + proof(induct arbitrary:th) + case (vt_cons s e th) + assume vt: "vt step s" + and ih: "\th. th \ threads s \ holdents s th = {}" + and stp: "step s e" + and not_in: "th \ threads (e # s)" + from stp show ?case + proof(cases) + case (thread_create thread prio) + assume eq_e: "e = Create thread prio" + and not_in': "thread \ threads s" + have "holdents (e # s) th = holdents s th" + apply (unfold eq_e holdents_def) + by (simp add:depend_create_unchanged) + moreover have "th \ threads s" + proof - + from not_in eq_e show ?thesis by simp + qed + moreover note ih ultimately show ?thesis by auto + next + case (thread_exit thread) + assume eq_e: "e = Exit thread" + and nh: "holdents s thread = {}" + show ?thesis + proof(cases "th = thread") + case True + with nh eq_e + show ?thesis + by (auto simp:holdents_def depend_exit_unchanged) + next + case False + with not_in and eq_e + have "th \ threads s" by simp + from ih[OF this] False eq_e show ?thesis + by (auto simp:holdents_def depend_exit_unchanged) + qed + next + case (thread_P thread cs) + assume eq_e: "e = P thread cs" + and is_runing: "thread \ runing s" + from prems have vtp: "vt step (P thread cs#s)" by auto + have neq_th: "th \ thread" + proof - + from not_in eq_e have "th \ threads s" by simp + moreover from is_runing have "thread \ threads s" + by (simp add:runing_def readys_def) + ultimately show ?thesis by auto + qed + hence "holdents (e # s) th = holdents s th " + apply (unfold cntCS_def holdents_def eq_e) + by (unfold step_depend_p[OF vtp], auto) + moreover have "holdents s th = {}" + proof(rule ih) + from not_in eq_e show "th \ threads s" by simp + qed + ultimately show ?thesis by simp + next + case (thread_V thread cs) + assume eq_e: "e = V thread cs" + and is_runing: "thread \ runing s" + and hold: "holding s thread cs" + have neq_th: "th \ thread" + proof - + from not_in eq_e have "th \ threads s" by simp + moreover from is_runing have "thread \ threads s" + by (simp add:runing_def readys_def) + ultimately show ?thesis by auto + qed + from prems have vtv: "vt step (V thread cs#s)" by auto + from hold obtain rest + where eq_wq: "wq s cs = thread # rest" + by (case_tac "wq s cs", auto simp:s_holding_def) + from not_in eq_e eq_wq + have "\ next_th s thread cs th" + apply (auto simp:next_th_def) + proof - + assume ne: "rest \ []" + and ni: "hd (SOME q. distinct q \ set q = set rest) \ threads s" (is "?t \ threads s") + have "?t \ set rest" + proof(rule someI2) + from wq_distinct[OF step_back_vt[OF vtv], of cs] and eq_wq + show "distinct rest \ set rest = set rest" by auto + next + fix x assume "distinct x \ set x = set rest" with ne + show "hd x \ set rest" by (cases x, auto) + qed + with eq_wq have "?t \ set (wq s cs)" by simp + from wq_threads[OF step_back_vt[OF vtv], OF this] and ni + show False by auto + qed + moreover note neq_th eq_wq + ultimately have "holdents (e # s) th = holdents s th" + by (unfold eq_e cntCS_def holdents_def step_depend_v[OF vtv], auto) + moreover have "holdents s th = {}" + proof(rule ih) + from not_in eq_e show "th \ threads s" by simp + qed + ultimately show ?thesis by simp + next + case (thread_set thread prio) + print_facts + assume eq_e: "e = Set thread prio" + and is_runing: "thread \ runing s" + from not_in and eq_e have "th \ threads s" by auto + from ih [OF this] and eq_e + show ?thesis + apply (unfold eq_e cntCS_def holdents_def) + by (simp add:depend_set_unchanged) + qed + next + case vt_nil + show ?case + by (auto simp:count_def holdents_def s_depend_def wq_def cs_holding_def) + qed +qed + + + +lemma next_th_neq: + assumes vt: "vt step s" + and nt: "next_th s th cs th'" + shows "th' \ th" +proof - + from nt show ?thesis + apply (auto simp:next_th_def) + proof - + fix rest + assume eq_wq: "wq s cs = hd (SOME q. distinct q \ set q = set rest) # rest" + and ne: "rest \ []" + have "hd (SOME q. distinct q \ set q = set rest) \ set rest" + proof(rule someI2) + from wq_distinct[OF vt, of cs] eq_wq + show "distinct rest \ set rest = set rest" by auto + next + fix x + assume "distinct x \ set x = set rest" + hence eq_set: "set x = set rest" by auto + with ne have "x \ []" by auto + hence "hd x \ set x" by auto + with eq_set show "hd x \ set rest" by auto + qed + with wq_distinct[OF vt, of cs] eq_wq show False by auto + qed +qed + +lemma next_th_unique: + assumes nt1: "next_th s th cs th1" + and nt2: "next_th s th cs th2" + shows "th1 = th2" +proof - + from assms show ?thesis + by (unfold next_th_def, auto) +qed + +lemma pp_sub: "(r^+)^+ \ r^+" + by auto + +lemma wf_depend: + assumes vt: "vt step s" + shows "wf (depend s)" +proof(rule finite_acyclic_wf) + from finite_depend[OF vt] show "finite (depend s)" . +next + from acyclic_depend[OF vt] show "acyclic (depend s)" . +qed + +lemma Max_Union: + assumes fc: "finite C" + and ne: "C \ {}" + and fa: "\ A. A \ C \ finite A \ A \ {}" + shows "Max (\ C) = Max (Max ` C)" +proof - + from fc ne fa show ?thesis + proof(induct) + case (insert x F) + assume ih: "\F \ {}; \A. A \ F \ finite A \ A \ {}\ \ Max (\F) = Max (Max ` F)" + and h: "\ A. A \ insert x F \ finite A \ A \ {}" + show ?case (is "?L = ?R") + proof(cases "F = {}") + case False + from Union_insert have "?L = Max (x \ (\ F))" by simp + also have "\ = max (Max x) (Max(\ F))" + proof(rule Max_Un) + from h[of x] show "finite x" by auto + next + from h[of x] show "x \ {}" by auto + next + show "finite (\F)" + proof(rule finite_Union) + show "finite F" by fact + next + from h show "\M. M \ F \ finite M" by auto + qed + next + from False and h show "\F \ {}" by auto + qed + also have "\ = ?R" + proof - + have "?R = Max (Max ` ({x} \ F))" by simp + also have "\ = Max ({Max x} \ (Max ` F))" by simp + also have "\ = max (Max x) (Max (\F))" + proof - + have "Max ({Max x} \ Max ` F) = max (Max {Max x}) (Max (Max ` F))" + proof(rule Max_Un) + show "finite {Max x}" by simp + next + show "{Max x} \ {}" by simp + next + from insert show "finite (Max ` F)" by auto + next + from False show "Max ` F \ {}" by auto + qed + moreover have "Max {Max x} = Max x" by simp + moreover have "Max (\F) = Max (Max ` F)" + proof(rule ih) + show "F \ {}" by fact + next + from h show "\A. A \ F \ finite A \ A \ {}" + by auto + qed + ultimately show ?thesis by auto + qed + finally show ?thesis by simp + qed + finally show ?thesis by simp + next + case True + thus ?thesis by auto + qed + next + case empty + assume "{} \ {}" show ?case by auto + qed +qed + +definition child :: "state \ (node \ node) set" + where "child s = + {(Th th', Th th) | th th'. \ cs. (Th th', Cs cs) \ depend s \ (Cs cs, Th th) \ depend s}" + +definition children :: "state \ thread \ thread set" + where "children s th = {th'. (Th th', Th th) \ child s}" + + +lemma children_dependents: "children s th \ dependents (wq s) th" + by (unfold children_def child_def cs_dependents_def, auto simp:eq_depend) + +lemma child_unique: + assumes vt: "vt step s" + and ch1: "(Th th, Th th1) \ child s" + and ch2: "(Th th, Th th2) \ child s" + shows "th1 = th2" +proof - + from ch1 ch2 show ?thesis + proof(unfold child_def, clarsimp) + fix cs csa + assume h1: "(Th th, Cs cs) \ depend s" + and h2: "(Cs cs, Th th1) \ depend s" + and h3: "(Th th, Cs csa) \ depend s" + and h4: "(Cs csa, Th th2) \ depend s" + from unique_depend[OF vt h1 h3] have "cs = csa" by simp + with h4 have "(Cs cs, Th th2) \ depend s" by simp + from unique_depend[OF vt h2 this] + show "th1 = th2" by simp + qed +qed + + +lemma cp_eq_cpreced_f: "cp s = cpreced s (wq s)" +proof - + from fun_eq_iff + have h:"\f g. (\ x. f x = g x) \ f = g" by auto + show ?thesis + proof(rule h) + from cp_eq_cpreced show "\x. cp s x = cpreced s (wq s) x" by auto + qed +qed + +lemma depend_children: + assumes h: "(Th th1, Th th2) \ (depend s)^+" + shows "th1 \ children s th2 \ (\ th3. th3 \ children s th2 \ (Th th1, Th th3) \ (depend s)^+)" +proof - + from h show ?thesis + proof(induct rule: tranclE) + fix c th2 + assume h1: "(Th th1, c) \ (depend s)\<^sup>+" + and h2: "(c, Th th2) \ depend s" + from h2 obtain cs where eq_c: "c = Cs cs" + by (case_tac c, auto simp:s_depend_def) + show "th1 \ children s th2 \ (\th3. th3 \ children s th2 \ (Th th1, Th th3) \ (depend s)\<^sup>+)" + proof(rule tranclE[OF h1]) + fix ca + assume h3: "(Th th1, ca) \ (depend s)\<^sup>+" + and h4: "(ca, c) \ depend s" + show "th1 \ children s th2 \ (\th3. th3 \ children s th2 \ (Th th1, Th th3) \ (depend s)\<^sup>+)" + proof - + from eq_c and h4 obtain th3 where eq_ca: "ca = Th th3" + by (case_tac ca, auto simp:s_depend_def) + from eq_ca h4 h2 eq_c + have "th3 \ children s th2" by (auto simp:children_def child_def) + moreover from h3 eq_ca have "(Th th1, Th th3) \ (depend s)\<^sup>+" by simp + ultimately show ?thesis by auto + qed + next + assume "(Th th1, c) \ depend s" + with h2 eq_c + have "th1 \ children s th2" + by (auto simp:children_def child_def) + thus ?thesis by auto + qed + next + assume "(Th th1, Th th2) \ depend s" + thus ?thesis + by (auto simp:s_depend_def) + qed +qed + +lemma sub_child: "child s \ (depend s)^+" + by (unfold child_def, auto) + +lemma wf_child: + assumes vt: "vt step s" + shows "wf (child s)" +proof(rule wf_subset) + from wf_trancl[OF wf_depend[OF vt]] + show "wf ((depend s)\<^sup>+)" . +next + from sub_child show "child s \ (depend s)\<^sup>+" . +qed + +lemma depend_child_pre: + assumes vt: "vt step s" + shows + "(Th th, n) \ (depend s)^+ \ (\ th'. n = (Th th') \ (Th th, Th th') \ (child s)^+)" (is "?P n") +proof - + from wf_trancl[OF wf_depend[OF vt]] + have wf: "wf ((depend s)^+)" . + show ?thesis + proof(rule wf_induct[OF wf, of ?P], clarsimp) + fix th' + assume ih[rule_format]: "\y. (y, Th th') \ (depend s)\<^sup>+ \ + (Th th, y) \ (depend s)\<^sup>+ \ (\th'. y = Th th' \ (Th th, Th th') \ (child s)\<^sup>+)" + and h: "(Th th, Th th') \ (depend s)\<^sup>+" + show "(Th th, Th th') \ (child s)\<^sup>+" + proof - + from depend_children[OF h] + have "th \ children s th' \ (\th3. th3 \ children s th' \ (Th th, Th th3) \ (depend s)\<^sup>+)" . + thus ?thesis + proof + assume "th \ children s th'" + thus "(Th th, Th th') \ (child s)\<^sup>+" by (auto simp:children_def) + next + assume "\th3. th3 \ children s th' \ (Th th, Th th3) \ (depend s)\<^sup>+" + then obtain th3 where th3_in: "th3 \ children s th'" + and th_dp: "(Th th, Th th3) \ (depend s)\<^sup>+" by auto + from th3_in have "(Th th3, Th th') \ (depend s)^+" by (auto simp:children_def child_def) + from ih[OF this th_dp, of th3] have "(Th th, Th th3) \ (child s)\<^sup>+" by simp + with th3_in show "(Th th, Th th') \ (child s)\<^sup>+" by (auto simp:children_def) + qed + qed + qed +qed + +lemma depend_child: "\vt step s; (Th th, Th th') \ (depend s)^+\ \ (Th th, Th th') \ (child s)^+" + by (insert depend_child_pre, auto) + +lemma child_depend_p: + assumes "(n1, n2) \ (child s)^+" + shows "(n1, n2) \ (depend s)^+" +proof - + from assms show ?thesis + proof(induct) + case (base y) + with sub_child show ?case by auto + next + case (step y z) + assume "(y, z) \ child s" + with sub_child have "(y, z) \ (depend s)^+" by auto + moreover have "(n1, y) \ (depend s)^+" by fact + ultimately show ?case by auto + qed +qed + +lemma child_depend_eq: + assumes vt: "vt step s" + shows + "((Th th1, Th th2) \ (child s)^+) = + ((Th th1, Th th2) \ (depend s)^+)" + by (auto intro: depend_child[OF vt] child_depend_p) + +lemma children_no_dep: + fixes s th th1 th2 th3 + assumes vt: "vt step s" + and ch1: "(Th th1, Th th) \ child s" + and ch2: "(Th th2, Th th) \ child s" + and ch3: "(Th th1, Th th2) \ (depend s)^+" + shows "False" +proof - + from depend_child[OF vt ch3] + have "(Th th1, Th th2) \ (child s)\<^sup>+" . + thus ?thesis + proof(rule converse_tranclE) + thm tranclD + assume "(Th th1, Th th2) \ child s" + from child_unique[OF vt ch1 this] have "th = th2" by simp + with ch2 have "(Th th2, Th th2) \ child s" by simp + with wf_child[OF vt] show ?thesis by auto + next + fix c + assume h1: "(Th th1, c) \ child s" + and h2: "(c, Th th2) \ (child s)\<^sup>+" + from h1 obtain th3 where eq_c: "c = Th th3" by (unfold child_def, auto) + with h1 have "(Th th1, Th th3) \ child s" by simp + from child_unique[OF vt ch1 this] have eq_th3: "th3 = th" by simp + with eq_c and h2 have "(Th th, Th th2) \ (child s)\<^sup>+" by simp + with ch2 have "(Th th, Th th) \ (child s)\<^sup>+" by auto + moreover have "wf ((child s)\<^sup>+)" + proof(rule wf_trancl) + from wf_child[OF vt] show "wf (child s)" . + qed + ultimately show False by auto + qed +qed + +lemma unique_depend_p: + assumes vt: "vt step s" + and dp1: "(n, n1) \ (depend s)^+" + and dp2: "(n, n2) \ (depend s)^+" + and neq: "n1 \ n2" + shows "(n1, n2) \ (depend s)^+ \ (n2, n1) \ (depend s)^+" +proof(rule unique_chain [OF _ dp1 dp2 neq]) + from unique_depend[OF vt] + show "\a b c. \(a, b) \ depend s; (a, c) \ depend s\ \ b = c" by auto +qed + +lemma dependents_child_unique: + fixes s th th1 th2 th3 + assumes vt: "vt step s" + and ch1: "(Th th1, Th th) \ child s" + and ch2: "(Th th2, Th th) \ child s" + and dp1: "th3 \ dependents s th1" + and dp2: "th3 \ dependents s th2" +shows "th1 = th2" +proof - + { assume neq: "th1 \ th2" + from dp1 have dp1: "(Th th3, Th th1) \ (depend s)^+" + by (simp add:s_dependents_def eq_depend) + from dp2 have dp2: "(Th th3, Th th2) \ (depend s)^+" + by (simp add:s_dependents_def eq_depend) + from unique_depend_p[OF vt dp1 dp2] and neq + have "(Th th1, Th th2) \ (depend s)\<^sup>+ \ (Th th2, Th th1) \ (depend s)\<^sup>+" by auto + hence False + proof + assume "(Th th1, Th th2) \ (depend s)\<^sup>+ " + from children_no_dep[OF vt ch1 ch2 this] show ?thesis . + next + assume " (Th th2, Th th1) \ (depend s)\<^sup>+" + from children_no_dep[OF vt ch2 ch1 this] show ?thesis . + qed + } thus ?thesis by auto +qed + +lemma cp_rec: + fixes s th + assumes vt: "vt step s" + shows "cp s th = Max ({preced th s} \ (cp s ` children s th))" +proof(unfold cp_eq_cpreced_f cpreced_def) + let ?f = "(\th. preced th s)" + show "Max ((\th. preced th s) ` ({th} \ dependents (wq s) th)) = + Max ({preced th s} \ (\th. Max ((\th. preced th s) ` ({th} \ dependents (wq s) th))) ` children s th)" + proof(cases " children s th = {}") + case False + have "(\th. Max ((\th. preced th s) ` ({th} \ dependents (wq s) th))) ` children s th = + {Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) | th' . th' \ children s th}" + (is "?L = ?R") + by auto + also have "\ = + Max ` {((\th. preced th s) ` ({th'} \ dependents (wq s) th')) | th' . th' \ children s th}" + (is "_ = Max ` ?C") + by auto + finally have "Max ?L = Max (Max ` ?C)" by auto + also have "\ = Max (\ ?C)" + proof(rule Max_Union[symmetric]) + from children_dependents[of s th] finite_threads[OF vt] and dependents_threads[OF vt, of th] + show "finite {(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + by (auto simp:finite_subset) + next + from False + show "{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th} \ {}" + by simp + next + show "\A. A \ {(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th} \ + finite A \ A \ {}" + apply (auto simp:finite_subset) + proof - + fix th' + from finite_threads[OF vt] and dependents_threads[OF vt, of th'] + show "finite ((\th. preced th s) ` dependents (wq s) th')" by (auto simp:finite_subset) + qed + qed + also have "\ = Max ((\th. preced th s) ` dependents (wq s) th)" + (is "Max ?A = Max ?B") + proof - + have "?A = ?B" + proof + show "\{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th} + \ (\th. preced th s) ` dependents (wq s) th" + proof + fix x + assume "x \ \{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + then obtain th' where + th'_in: "th' \ children s th" + and x_in: "x \ ?f ` ({th'} \ dependents (wq s) th')" by auto + hence "x = ?f th' \ x \ (?f ` dependents (wq s) th')" by auto + thus "x \ ?f ` dependents (wq s) th" + proof + assume "x = preced th' s" + with th'_in and children_dependents + show "x \ (\th. preced th s) ` dependents (wq s) th" by auto + next + assume "x \ (\th. preced th s) ` dependents (wq s) th'" + moreover note th'_in + ultimately show " x \ (\th. preced th s) ` dependents (wq s) th" + by (unfold cs_dependents_def children_def child_def, auto simp:eq_depend) + qed + qed + next + show "?f ` dependents (wq s) th + \ \{?f ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + proof + fix x + assume x_in: "x \ (\th. preced th s) ` dependents (wq s) th" + then obtain th' where + eq_x: "x = ?f th'" and dp: "(Th th', Th th) \ (depend s)^+" + by (auto simp:cs_dependents_def eq_depend) + from depend_children[OF dp] + have "th' \ children s th \ (\th3. th3 \ children s th \ (Th th', Th th3) \ (depend s)\<^sup>+)" . + thus "x \ \{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + proof + assume "th' \ children s th" + with eq_x + show "x \ \{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + by auto + next + assume "\th3. th3 \ children s th \ (Th th', Th th3) \ (depend s)\<^sup>+" + then obtain th3 where th3_in: "th3 \ children s th" + and dp3: "(Th th', Th th3) \ (depend s)\<^sup>+" by auto + show "x \ \{(\th. preced th s) ` ({th'} \ dependents (wq s) th') |th'. th' \ children s th}" + proof - + from dp3 + have "th' \ dependents (wq s) th3" + by (auto simp:cs_dependents_def eq_depend) + with eq_x th3_in show ?thesis by auto + qed + qed + qed + qed + thus ?thesis by simp + qed + finally have "Max ((\th. preced th s) ` dependents (wq s) th) = Max (?L)" + (is "?X = ?Y") by auto + moreover have "Max ((\th. preced th s) ` ({th} \ dependents (wq s) th)) = + max (?f th) ?X" + proof - + have "Max ((\th. preced th s) ` ({th} \ dependents (wq s) th)) = + Max ({?f th} \ ?f ` (dependents (wq s) th))" by simp + also have "\ = max (Max {?f th}) (Max (?f ` (dependents (wq s) th)))" + proof(rule Max_Un, auto) + from finite_threads[OF vt] and dependents_threads[OF vt, of th] + show "finite ((\th. preced th s) ` dependents (wq s) th)" by (auto simp:finite_subset) + next + assume "dependents (wq s) th = {}" + with False and children_dependents show False by auto + qed + also have "\ = max (?f th) ?X" by simp + finally show ?thesis . + qed + moreover have "Max ({preced th s} \ + (\th. Max ((\th. preced th s) ` ({th} \ dependents (wq s) th))) ` children s th) = + max (?f th) ?Y" + proof - + have "Max ({preced th s} \ + (\th. Max ((\th. preced th s) ` ({th} \ dependents (wq s) th))) ` children s th) = + max (Max {preced th s}) ?Y" + proof(rule Max_Un, auto) + from finite_threads[OF vt] dependents_threads[OF vt, of th] children_dependents [of s th] + show "finite ((\th. Max (insert (preced th s) ((\th. preced th s) ` dependents (wq s) th))) ` + children s th)" + by (auto simp:finite_subset) + next + assume "children s th = {}" + with False show False by auto + qed + thus ?thesis by simp + qed + ultimately show ?thesis by auto + next + case True + moreover have "dependents (wq s) th = {}" + proof - + { fix th' + assume "th' \ dependents (wq s) th" + hence " (Th th', Th th) \ (depend s)\<^sup>+" by (simp add:cs_dependents_def eq_depend) + from depend_children[OF this] and True + have "False" by auto + } thus ?thesis by auto + qed + ultimately show ?thesis by auto + qed +qed + +definition cps:: "state \ (thread \ precedence) set" +where "cps s = {(th, cp s th) | th . th \ threads s}" + +locale step_set_cps = + fixes s' th prio s + defines s_def : "s \ (Set th prio#s')" + assumes vt_s: "vt step s" + +context step_set_cps +begin + +lemma eq_preced: + fixes th' + assumes "th' \ th" + shows "preced th' s = preced th' s'" +proof - + from assms show ?thesis + by (unfold s_def, auto simp:preced_def) +qed + +lemma eq_dep: "depend s = depend s'" + by (unfold s_def depend_set_unchanged, auto) + +lemma eq_cp: + fixes th' + assumes neq_th: "th' \ th" + and nd: "th \ dependents s th'" + shows "cp s th' = cp s' th'" + apply (unfold cp_eq_cpreced cpreced_def) +proof - + have eq_dp: "\ th. dependents (wq s) th = dependents (wq s') th" + by (unfold cs_dependents_def, auto simp:eq_dep eq_depend) + moreover { + fix th1 + assume "th1 \ {th'} \ dependents (wq s') th'" + hence "th1 = th' \ th1 \ dependents (wq s') th'" by auto + hence "preced th1 s = preced th1 s'" + proof + assume "th1 = th'" + with eq_preced[OF neq_th] + show "preced th1 s = preced th1 s'" by simp + next + assume "th1 \ dependents (wq s') th'" + with nd and eq_dp have "th1 \ th" + by (auto simp:eq_depend cs_dependents_def s_dependents_def eq_dep) + from eq_preced[OF this] show "preced th1 s = preced th1 s'" by simp + qed + } ultimately have "((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" + by (auto simp:image_def) + thus "Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + Max ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" by simp +qed + +lemma eq_up: + fixes th' th'' + assumes dp1: "th \ dependents s th'" + and dp2: "th' \ dependents s th''" + and eq_cps: "cp s th' = cp s' th'" + shows "cp s th'' = cp s' th''" +proof - + from dp2 + have "(Th th', Th th'') \ (depend (wq s))\<^sup>+" by (simp add:s_dependents_def) + from depend_child[OF vt_s this[unfolded eq_depend]] + have ch_th': "(Th th', Th th'') \ (child s)\<^sup>+" . + moreover { fix n th'' + have "\(Th th', n) \ (child s)^+\ \ + (\ th'' . n = Th th'' \ cp s th'' = cp s' th'')" + proof(erule trancl_induct, auto) + fix y th'' + assume y_ch: "(y, Th th'') \ child s" + and ih: "\th''. y = Th th'' \ cp s th'' = cp s' th''" + and ch': "(Th th', y) \ (child s)\<^sup>+" + from y_ch obtain thy where eq_y: "y = Th thy" by (auto simp:child_def) + with ih have eq_cpy:"cp s thy = cp s' thy" by blast + from dp1 have "(Th th, Th th') \ (depend s)^+" by (auto simp:s_dependents_def eq_depend) + moreover from child_depend_p[OF ch'] and eq_y + have "(Th th', Th thy) \ (depend s)^+" by simp + ultimately have dp_thy: "(Th th, Th thy) \ (depend s)^+" by auto + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + proof(rule eq_preced) + show "th'' \ th" + proof + assume "th'' = th" + with dp_thy y_ch[unfolded eq_y] + have "(Th th, Th th) \ (depend s)^+" + by (auto simp:child_def) + with wf_trancl[OF wf_depend[OF vt_s]] + show False by auto + qed + qed + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = thy") + case True + with eq_cpy show ?thesis by simp + next + case False + have neq_th1: "th1 \ th" + proof + assume eq_th1: "th1 = th" + with dp_thy have "(Th th1, Th thy) \ (depend s)^+" by simp + from children_no_dep[OF vt_s _ _ this] and + th1_in y_ch eq_y show False by (auto simp:children_def) + qed + have "th \ dependents s th1" + proof + assume h:"th \ dependents s th1" + from eq_y dp_thy have "th \ dependents s thy" by (auto simp:s_dependents_def eq_depend) + from dependents_child_unique[OF vt_s _ _ h this] + th1_in y_ch eq_y have "th1 = thy" by (auto simp:children_def child_def) + with False show False by auto + qed + from eq_cp[OF neq_th1 this] + show ?thesis . + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + by (unfold children_def child_def s_def depend_set_unchanged, simp) + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + next + fix th'' + assume dp': "(Th th', Th th'') \ child s" + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + proof(rule eq_preced) + show "th'' \ th" + proof + assume "th'' = th" + with dp1 dp' + have "(Th th, Th th) \ (depend s)^+" + by (auto simp:child_def s_dependents_def eq_depend) + with wf_trancl[OF wf_depend[OF vt_s]] + show False by auto + qed + qed + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = th'") + case True + with eq_cps show ?thesis by simp + next + case False + have neq_th1: "th1 \ th" + proof + assume eq_th1: "th1 = th" + with dp1 have "(Th th1, Th th') \ (depend s)^+" + by (auto simp:s_dependents_def eq_depend) + from children_no_dep[OF vt_s _ _ this] + th1_in dp' + show False by (auto simp:children_def) + qed + thus ?thesis + proof(rule eq_cp) + show "th \ dependents s th1" + proof + assume "th \ dependents s th1" + from dependents_child_unique[OF vt_s _ _ this dp1] + th1_in dp' have "th1 = th'" + by (auto simp:children_def) + with False show False by auto + qed + qed + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + by (unfold children_def child_def s_def depend_set_unchanged, simp) + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + qed + } + ultimately show ?thesis by auto +qed + +lemma eq_up_self: + fixes th' th'' + assumes dp: "th \ dependents s th''" + and eq_cps: "cp s th = cp s' th" + shows "cp s th'' = cp s' th''" +proof - + from dp + have "(Th th, Th th'') \ (depend (wq s))\<^sup>+" by (simp add:s_dependents_def) + from depend_child[OF vt_s this[unfolded eq_depend]] + have ch_th': "(Th th, Th th'') \ (child s)\<^sup>+" . + moreover { fix n th'' + have "\(Th th, n) \ (child s)^+\ \ + (\ th'' . n = Th th'' \ cp s th'' = cp s' th'')" + proof(erule trancl_induct, auto) + fix y th'' + assume y_ch: "(y, Th th'') \ child s" + and ih: "\th''. y = Th th'' \ cp s th'' = cp s' th''" + and ch': "(Th th, y) \ (child s)\<^sup>+" + from y_ch obtain thy where eq_y: "y = Th thy" by (auto simp:child_def) + with ih have eq_cpy:"cp s thy = cp s' thy" by blast + from child_depend_p[OF ch'] and eq_y + have dp_thy: "(Th th, Th thy) \ (depend s)^+" by simp + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + proof(rule eq_preced) + show "th'' \ th" + proof + assume "th'' = th" + with dp_thy y_ch[unfolded eq_y] + have "(Th th, Th th) \ (depend s)^+" + by (auto simp:child_def) + with wf_trancl[OF wf_depend[OF vt_s]] + show False by auto + qed + qed + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = thy") + case True + with eq_cpy show ?thesis by simp + next + case False + have neq_th1: "th1 \ th" + proof + assume eq_th1: "th1 = th" + with dp_thy have "(Th th1, Th thy) \ (depend s)^+" by simp + from children_no_dep[OF vt_s _ _ this] and + th1_in y_ch eq_y show False by (auto simp:children_def) + qed + have "th \ dependents s th1" + proof + assume h:"th \ dependents s th1" + from eq_y dp_thy have "th \ dependents s thy" by (auto simp:s_dependents_def eq_depend) + from dependents_child_unique[OF vt_s _ _ h this] + th1_in y_ch eq_y have "th1 = thy" by (auto simp:children_def child_def) + with False show False by auto + qed + from eq_cp[OF neq_th1 this] + show ?thesis . + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + by (unfold children_def child_def s_def depend_set_unchanged, simp) + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + next + fix th'' + assume dp': "(Th th, Th th'') \ child s" + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + proof(rule eq_preced) + show "th'' \ th" + proof + assume "th'' = th" + with dp dp' + have "(Th th, Th th) \ (depend s)^+" + by (auto simp:child_def s_dependents_def eq_depend) + with wf_trancl[OF wf_depend[OF vt_s]] + show False by auto + qed + qed + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = th") + case True + with eq_cps show ?thesis by simp + next + case False + assume neq_th1: "th1 \ th" + thus ?thesis + proof(rule eq_cp) + show "th \ dependents s th1" + proof + assume "th \ dependents s th1" + hence "(Th th, Th th1) \ (depend s)^+" by (auto simp:s_dependents_def eq_depend) + from children_no_dep[OF vt_s _ _ this] + and th1_in dp' show False + by (auto simp:children_def) + qed + qed + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + by (unfold children_def child_def s_def depend_set_unchanged, simp) + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + qed + } + ultimately show ?thesis by auto +qed +end + +lemma next_waiting: + assumes vt: "vt step s" + and nxt: "next_th s th cs th'" + shows "waiting s th' cs" +proof - + from assms show ?thesis + apply (auto simp:next_th_def s_waiting_def) + proof - + fix rest + assume ni: "hd (SOME q. distinct q \ set q = set rest) \ set rest" + and eq_wq: "wq s cs = th # rest" + and ne: "rest \ []" + have "set (SOME q. distinct q \ set q = set rest) = set rest" + proof(rule someI2) + from wq_distinct[OF vt, of cs] eq_wq + show "distinct rest \ set rest = set rest" by auto + next + show "\x. distinct x \ set x = set rest \ set x = set rest" by auto + qed + with ni + have "hd (SOME q. distinct q \ set q = set rest) \ set (SOME q. distinct q \ set q = set rest)" + by simp + moreover have "(SOME q. distinct q \ set q = set rest) \ []" + proof(rule someI2) + from wq_distinct[OF vt, of cs] eq_wq + show "distinct rest \ set rest = set rest" by auto + next + from ne show "\x. distinct x \ set x = set rest \ x \ []" by auto + qed + ultimately show "hd (SOME q. distinct q \ set q = set rest) = th" by auto + next + fix rest + assume eq_wq: "wq s cs = hd (SOME q. distinct q \ set q = set rest) # rest" + and ne: "rest \ []" + have "(SOME q. distinct q \ set q = set rest) \ []" + proof(rule someI2) + from wq_distinct[OF vt, of cs] eq_wq + show "distinct rest \ set rest = set rest" by auto + next + from ne show "\x. distinct x \ set x = set rest \ x \ []" by auto + qed + hence "hd (SOME q. distinct q \ set q = set rest) \ set (SOME q. distinct q \ set q = set rest)" + by auto + moreover have "set (SOME q. distinct q \ set q = set rest) = set rest" + proof(rule someI2) + from wq_distinct[OF vt, of cs] eq_wq + show "distinct rest \ set rest = set rest" by auto + next + show "\x. distinct x \ set x = set rest \ set x = set rest" by auto + qed + ultimately have "hd (SOME q. distinct q \ set q = set rest) \ set rest" by simp + with eq_wq and wq_distinct[OF vt, of cs] + show False by auto + qed +qed + +locale step_v_cps = + fixes s' th cs s + defines s_def : "s \ (V th cs#s')" + assumes vt_s: "vt step s" + +locale step_v_cps_nt = step_v_cps + + fixes th' + assumes nt: "next_th s' th cs th'" + +context step_v_cps_nt +begin + +lemma depend_s: + "depend s = (depend s' - {(Cs cs, Th th)} - {(Th th', Cs cs)}) \ + {(Cs cs, Th th')}" +proof - + from step_depend_v[OF vt_s[unfolded s_def], folded s_def] + and nt show ?thesis by (auto intro:next_th_unique) +qed + +lemma dependents_kept: + fixes th'' + assumes neq1: "th'' \ th" + and neq2: "th'' \ th'" + shows "dependents (wq s) th'' = dependents (wq s') th''" +proof(auto) + fix x + assume "x \ dependents (wq s) th''" + hence dp: "(Th x, Th th'') \ (depend s)^+" + by (auto simp:cs_dependents_def eq_depend) + { fix n + have "(n, Th th'') \ (depend s)^+ \ (n, Th th'') \ (depend s')^+" + proof(induct rule:converse_trancl_induct) + fix y + assume "(y, Th th'') \ depend s" + with depend_s neq1 neq2 + have "(y, Th th'') \ depend s'" by auto + thus "(y, Th th'') \ (depend s')\<^sup>+" by auto + next + fix y z + assume yz: "(y, z) \ depend s" + and ztp: "(z, Th th'') \ (depend s)\<^sup>+" + and ztp': "(z, Th th'') \ (depend s')\<^sup>+" + have "y \ Cs cs \ y \ Th th'" + proof + show "y \ Cs cs" + proof + assume eq_y: "y = Cs cs" + with yz have dp_yz: "(Cs cs, z) \ depend s" by simp + from depend_s + have cst': "(Cs cs, Th th') \ depend s" by simp + from unique_depend[OF vt_s this dp_yz] + have eq_z: "z = Th th'" by simp + with ztp have "(Th th', Th th'') \ (depend s)^+" by simp + from converse_tranclE[OF this] + obtain cs' where dp'': "(Th th', Cs cs') \ depend s" + by (auto simp:s_depend_def) + with depend_s have dp': "(Th th', Cs cs') \ depend s'" by auto + from dp'' eq_y yz eq_z have "(Cs cs, Cs cs') \ (depend s)^+" by auto + moreover have "cs' = cs" + proof - + from next_waiting[OF step_back_vt[OF vt_s[unfolded s_def]] nt] + have "(Th th', Cs cs) \ depend s'" + by (auto simp:s_waiting_def s_depend_def cs_waiting_def) + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] this dp'] + show ?thesis by simp + qed + ultimately have "(Cs cs, Cs cs) \ (depend s)^+" by simp + moreover note wf_trancl[OF wf_depend[OF vt_s]] + ultimately show False by auto + qed + next + show "y \ Th th'" + proof + assume eq_y: "y = Th th'" + with yz have dps: "(Th th', z) \ depend s" by simp + with depend_s have dps': "(Th th', z) \ depend s'" by auto + have "z = Cs cs" + proof - + from next_waiting[OF step_back_vt[OF vt_s[unfolded s_def]] nt] + have "(Th th', Cs cs) \ depend s'" + by (auto simp:s_waiting_def s_depend_def cs_waiting_def) + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] dps' this] + show ?thesis . + qed + with dps depend_s show False by auto + qed + qed + with depend_s yz have "(y, z) \ depend s'" by auto + with ztp' + show "(y, Th th'') \ (depend s')\<^sup>+" by auto + qed + } + from this[OF dp] + show "x \ dependents (wq s') th''" + by (auto simp:cs_dependents_def eq_depend) +next + fix x + assume "x \ dependents (wq s') th''" + hence dp: "(Th x, Th th'') \ (depend s')^+" + by (auto simp:cs_dependents_def eq_depend) + { fix n + have "(n, Th th'') \ (depend s')^+ \ (n, Th th'') \ (depend s)^+" + proof(induct rule:converse_trancl_induct) + fix y + assume "(y, Th th'') \ depend s'" + with depend_s neq1 neq2 + have "(y, Th th'') \ depend s" by auto + thus "(y, Th th'') \ (depend s)\<^sup>+" by auto + next + fix y z + assume yz: "(y, z) \ depend s'" + and ztp: "(z, Th th'') \ (depend s')\<^sup>+" + and ztp': "(z, Th th'') \ (depend s)\<^sup>+" + have "y \ Cs cs \ y \ Th th'" + proof + show "y \ Cs cs" + proof + assume eq_y: "y = Cs cs" + with yz have dp_yz: "(Cs cs, z) \ depend s'" by simp + from this have eq_z: "z = Th th" + proof - + from step_back_step[OF vt_s[unfolded s_def]] + have "(Cs cs, Th th) \ depend s'" + by(cases, auto simp: s_depend_def cs_holding_def s_holding_def) + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] this dp_yz] + show ?thesis by simp + qed + from converse_tranclE[OF ztp] + obtain u where "(z, u) \ depend s'" by auto + moreover + from step_back_step[OF vt_s[unfolded s_def]] + have "th \ readys s'" by (cases, simp add:runing_def) + moreover note eq_z + ultimately show False + by (auto simp:readys_def s_depend_def s_waiting_def cs_waiting_def) + qed + next + show "y \ Th th'" + proof + assume eq_y: "y = Th th'" + with yz have dps: "(Th th', z) \ depend s'" by simp + have "z = Cs cs" + proof - + from next_waiting[OF step_back_vt[OF vt_s[unfolded s_def]] nt] + have "(Th th', Cs cs) \ depend s'" + by (auto simp:s_waiting_def s_depend_def cs_waiting_def) + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] dps this] + show ?thesis . + qed + with ztp have cs_i: "(Cs cs, Th th'') \ (depend s')\<^sup>+" by simp + from step_back_step[OF vt_s[unfolded s_def]] + have cs_th: "(Cs cs, Th th) \ depend s'" + by(cases, auto simp: s_depend_def cs_holding_def s_holding_def) + have "(Cs cs, Th th'') \ depend s'" + proof + assume "(Cs cs, Th th'') \ depend s'" + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] this cs_th] + and neq1 show "False" by simp + qed + with converse_tranclE[OF cs_i] + obtain u where cu: "(Cs cs, u) \ depend s'" + and u_t: "(u, Th th'') \ (depend s')\<^sup>+" by auto + have "u = Th th" + proof - + from unique_depend[OF step_back_vt[OF vt_s[unfolded s_def]] cu cs_th] + show ?thesis . + qed + with u_t have "(Th th, Th th'') \ (depend s')\<^sup>+" by simp + from converse_tranclE[OF this] + obtain v where "(Th th, v) \ (depend s')" by auto + moreover from step_back_step[OF vt_s[unfolded s_def]] + have "th \ readys s'" by (cases, simp add:runing_def) + ultimately show False + by (auto simp:readys_def s_depend_def s_waiting_def cs_waiting_def) + qed + qed + with depend_s yz have "(y, z) \ depend s" by auto + with ztp' + show "(y, Th th'') \ (depend s)\<^sup>+" by auto + qed + } + from this[OF dp] + show "x \ dependents (wq s) th''" + by (auto simp:cs_dependents_def eq_depend) +qed + +lemma cp_kept: + fixes th'' + assumes neq1: "th'' \ th" + and neq2: "th'' \ th'" + shows "cp s th'' = cp s' th''" +proof - + from dependents_kept[OF neq1 neq2] + have "dependents (wq s) th'' = dependents (wq s') th''" . + moreover { + fix th1 + assume "th1 \ dependents (wq s) th''" + have "preced th1 s = preced th1 s'" + by (unfold s_def, auto simp:preced_def) + } + moreover have "preced th'' s = preced th'' s'" + by (unfold s_def, auto simp:preced_def) + ultimately have "((\th. preced th s) ` ({th''} \ dependents (wq s) th'')) = + ((\th. preced th s') ` ({th''} \ dependents (wq s') th''))" + by (auto simp:image_def) + thus ?thesis + by (unfold cp_eq_cpreced cpreced_def, simp) +qed + +end + +locale step_v_cps_nnt = step_v_cps + + assumes nnt: "\ th'. (\ next_th s' th cs th')" + +context step_v_cps_nnt +begin + +lemma nw_cs: "(Th th1, Cs cs) \ depend s'" +proof + assume "(Th th1, Cs cs) \ depend s'" + thus "False" + apply (auto simp:s_depend_def cs_waiting_def) + proof - + assume h1: "th1 \ set (wq s' cs)" + and h2: "th1 \ hd (wq s' cs)" + from step_back_step[OF vt_s[unfolded s_def]] + show "False" + proof(cases) + assume "holding s' th cs" + then obtain rest where + eq_wq: "wq s' cs = th#rest" + apply (unfold s_holding_def) + by (case_tac "(wq s' cs)", auto) + with h1 h2 have ne: "rest \ []" by auto + with eq_wq + have "next_th s' th cs (hd (SOME q. distinct q \ set q = set rest))" + by(unfold next_th_def, rule_tac x = "rest" in exI, auto) + with nnt show ?thesis by auto + qed + qed +qed + +lemma depend_s: "depend s = depend s' - {(Cs cs, Th th)}" +proof - + from nnt and step_depend_v[OF vt_s[unfolded s_def], folded s_def] + show ?thesis by auto +qed + +lemma child_kept_left: + assumes + "(n1, n2) \ (child s')^+" + shows "(n1, n2) \ (child s)^+" +proof - + from assms show ?thesis + proof(induct rule: converse_trancl_induct) + case (base y) + from base obtain th1 cs1 th2 + where h1: "(Th th1, Cs cs1) \ depend s'" + and h2: "(Cs cs1, Th th2) \ depend s'" + and eq_y: "y = Th th1" and eq_n2: "n2 = Th th2" by (auto simp:child_def) + have "cs1 \ cs" + proof + assume eq_cs: "cs1 = cs" + with h1 have "(Th th1, Cs cs1) \ depend s'" by simp + with nw_cs eq_cs show False by auto + qed + with h1 h2 depend_s have + h1': "(Th th1, Cs cs1) \ depend s" and + h2': "(Cs cs1, Th th2) \ depend s" by auto + hence "(Th th1, Th th2) \ child s" by (auto simp:child_def) + with eq_y eq_n2 have "(y, n2) \ child s" by simp + thus ?case by auto + next + case (step y z) + have "(y, z) \ child s'" by fact + then obtain th1 cs1 th2 + where h1: "(Th th1, Cs cs1) \ depend s'" + and h2: "(Cs cs1, Th th2) \ depend s'" + and eq_y: "y = Th th1" and eq_z: "z = Th th2" by (auto simp:child_def) + have "cs1 \ cs" + proof + assume eq_cs: "cs1 = cs" + with h1 have "(Th th1, Cs cs1) \ depend s'" by simp + with nw_cs eq_cs show False by auto + qed + with h1 h2 depend_s have + h1': "(Th th1, Cs cs1) \ depend s" and + h2': "(Cs cs1, Th th2) \ depend s" by auto + hence "(Th th1, Th th2) \ child s" by (auto simp:child_def) + with eq_y eq_z have "(y, z) \ child s" by simp + moreover have "(z, n2) \ (child s)^+" by fact + ultimately show ?case by auto + qed +qed + +lemma child_kept_right: + assumes + "(n1, n2) \ (child s)^+" + shows "(n1, n2) \ (child s')^+" +proof - + from assms show ?thesis + proof(induct) + case (base y) + from base and depend_s + have "(n1, y) \ child s'" + by (auto simp:child_def) + thus ?case by auto + next + case (step y z) + have "(y, z) \ child s" by fact + with depend_s have "(y, z) \ child s'" + by (auto simp:child_def) + moreover have "(n1, y) \ (child s')\<^sup>+" by fact + ultimately show ?case by auto + qed +qed + +lemma eq_child: "(child s)^+ = (child s')^+" + by (insert child_kept_left child_kept_right, auto) + +lemma eq_cp: + fixes th' + shows "cp s th' = cp s' th'" + apply (unfold cp_eq_cpreced cpreced_def) +proof - + have eq_dp: "\ th. dependents (wq s) th = dependents (wq s') th" + apply (unfold cs_dependents_def, unfold eq_depend) + proof - + from eq_child + have "\th. {th'. (Th th', Th th) \ (child s)\<^sup>+} = {th'. (Th th', Th th) \ (child s')\<^sup>+}" + by simp + with child_depend_eq[OF vt_s] child_depend_eq[OF step_back_vt[OF vt_s[unfolded s_def]]] + show "\th. {th'. (Th th', Th th) \ (depend s)\<^sup>+} = {th'. (Th th', Th th) \ (depend s')\<^sup>+}" + by simp + qed + moreover { + fix th1 + assume "th1 \ {th'} \ dependents (wq s') th'" + hence "th1 = th' \ th1 \ dependents (wq s') th'" by auto + hence "preced th1 s = preced th1 s'" + proof + assume "th1 = th'" + show "preced th1 s = preced th1 s'" by (simp add:s_def preced_def) + next + assume "th1 \ dependents (wq s') th'" + show "preced th1 s = preced th1 s'" by (simp add:s_def preced_def) + qed + } ultimately have "((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" + by (auto simp:image_def) + thus "Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + Max ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" by simp +qed + +end + +locale step_P_cps = + fixes s' th cs s + defines s_def : "s \ (P th cs#s')" + assumes vt_s: "vt step s" + +locale step_P_cps_ne =step_P_cps + + assumes ne: "wq s' cs \ []" + +context step_P_cps_ne +begin + +lemma depend_s: "depend s = depend s' \ {(Th th, Cs cs)}" +proof - + from step_depend_p[OF vt_s[unfolded s_def]] and ne + show ?thesis by (simp add:s_def) +qed + +lemma eq_child_left: + assumes nd: "(Th th, Th th') \ (child s)^+" + shows "(n1, Th th') \ (child s)^+ \ (n1, Th th') \ (child s')^+" +proof(induct rule:converse_trancl_induct) + case (base y) + from base obtain th1 cs1 + where h1: "(Th th1, Cs cs1) \ depend s" + and h2: "(Cs cs1, Th th') \ depend s" + and eq_y: "y = Th th1" by (auto simp:child_def) + have "th1 \ th" + proof + assume "th1 = th" + with base eq_y have "(Th th, Th th') \ child s" by simp + with nd show False by auto + qed + with h1 h2 depend_s + have h1': "(Th th1, Cs cs1) \ depend s'" and + h2': "(Cs cs1, Th th') \ depend s'" by auto + with eq_y show ?case by (auto simp:child_def) +next + case (step y z) + have yz: "(y, z) \ child s" by fact + then obtain th1 cs1 th2 + where h1: "(Th th1, Cs cs1) \ depend s" + and h2: "(Cs cs1, Th th2) \ depend s" + and eq_y: "y = Th th1" and eq_z: "z = Th th2" by (auto simp:child_def) + have "th1 \ th" + proof + assume "th1 = th" + with yz eq_y have "(Th th, z) \ child s" by simp + moreover have "(z, Th th') \ (child s)^+" by fact + ultimately have "(Th th, Th th') \ (child s)^+" by auto + with nd show False by auto + qed + with h1 h2 depend_s have h1': "(Th th1, Cs cs1) \ depend s'" + and h2': "(Cs cs1, Th th2) \ depend s'" by auto + with eq_y eq_z have "(y, z) \ child s'" by (auto simp:child_def) + moreover have "(z, Th th') \ (child s')^+" by fact + ultimately show ?case by auto +qed + +lemma eq_child_right: + shows "(n1, Th th') \ (child s')^+ \ (n1, Th th') \ (child s)^+" +proof(induct rule:converse_trancl_induct) + case (base y) + with depend_s show ?case by (auto simp:child_def) +next + case (step y z) + have "(y, z) \ child s'" by fact + with depend_s have "(y, z) \ child s" by (auto simp:child_def) + moreover have "(z, Th th') \ (child s)^+" by fact + ultimately show ?case by auto +qed + +lemma eq_child: + assumes nd: "(Th th, Th th') \ (child s)^+" + shows "((n1, Th th') \ (child s)^+) = ((n1, Th th') \ (child s')^+)" + by (insert eq_child_left[OF nd] eq_child_right, auto) + +lemma eq_cp: + fixes th' + assumes nd: "th \ dependents s th'" + shows "cp s th' = cp s' th'" + apply (unfold cp_eq_cpreced cpreced_def) +proof - + have nd': "(Th th, Th th') \ (child s)^+" + proof + assume "(Th th, Th th') \ (child s)\<^sup>+" + with child_depend_eq[OF vt_s] + have "(Th th, Th th') \ (depend s)\<^sup>+" by simp + with nd show False + by (simp add:s_dependents_def eq_depend) + qed + have eq_dp: "dependents (wq s) th' = dependents (wq s') th'" + proof(auto) + fix x assume " x \ dependents (wq s) th'" + thus "x \ dependents (wq s') th'" + apply (auto simp:cs_dependents_def eq_depend) + proof - + assume "(Th x, Th th') \ (depend s)\<^sup>+" + with child_depend_eq[OF vt_s] have "(Th x, Th th') \ (child s)\<^sup>+" by simp + with eq_child[OF nd'] have "(Th x, Th th') \ (child s')^+" by simp + with child_depend_eq[OF step_back_vt[OF vt_s[unfolded s_def]]] + show "(Th x, Th th') \ (depend s')\<^sup>+" by simp + qed + next + fix x assume "x \ dependents (wq s') th'" + thus "x \ dependents (wq s) th'" + apply (auto simp:cs_dependents_def eq_depend) + proof - + assume "(Th x, Th th') \ (depend s')\<^sup>+" + with child_depend_eq[OF step_back_vt[OF vt_s[unfolded s_def]]] + have "(Th x, Th th') \ (child s')\<^sup>+" by simp + with eq_child[OF nd'] have "(Th x, Th th') \ (child s)^+" by simp + with child_depend_eq[OF vt_s] + show "(Th x, Th th') \ (depend s)\<^sup>+" by simp + qed + qed + moreover { + fix th1 have "preced th1 s = preced th1 s'" by (simp add:s_def preced_def) + } ultimately have "((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" + by (auto simp:image_def) + thus "Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + Max ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" by simp +qed + +lemma eq_up: + fixes th' th'' + assumes dp1: "th \ dependents s th'" + and dp2: "th' \ dependents s th''" + and eq_cps: "cp s th' = cp s' th'" + shows "cp s th'' = cp s' th''" +proof - + from dp2 + have "(Th th', Th th'') \ (depend (wq s))\<^sup>+" by (simp add:s_dependents_def) + from depend_child[OF vt_s this[unfolded eq_depend]] + have ch_th': "(Th th', Th th'') \ (child s)\<^sup>+" . + moreover { + fix n th'' + have "\(Th th', n) \ (child s)^+\ \ + (\ th'' . n = Th th'' \ cp s th'' = cp s' th'')" + proof(erule trancl_induct, auto) + fix y th'' + assume y_ch: "(y, Th th'') \ child s" + and ih: "\th''. y = Th th'' \ cp s th'' = cp s' th''" + and ch': "(Th th', y) \ (child s)\<^sup>+" + from y_ch obtain thy where eq_y: "y = Th thy" by (auto simp:child_def) + with ih have eq_cpy:"cp s thy = cp s' thy" by blast + from dp1 have "(Th th, Th th') \ (depend s)^+" by (auto simp:s_dependents_def eq_depend) + moreover from child_depend_p[OF ch'] and eq_y + have "(Th th', Th thy) \ (depend s)^+" by simp + ultimately have dp_thy: "(Th th, Th thy) \ (depend s)^+" by auto + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + by (simp add:s_def preced_def) + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = thy") + case True + with eq_cpy show ?thesis by simp + next + case False + have neq_th1: "th1 \ th" + proof + assume eq_th1: "th1 = th" + with dp_thy have "(Th th1, Th thy) \ (depend s)^+" by simp + from children_no_dep[OF vt_s _ _ this] and + th1_in y_ch eq_y show False by (auto simp:children_def) + qed + have "th \ dependents s th1" + proof + assume h:"th \ dependents s th1" + from eq_y dp_thy have "th \ dependents s thy" by (auto simp:s_dependents_def eq_depend) + from dependents_child_unique[OF vt_s _ _ h this] + th1_in y_ch eq_y have "th1 = thy" by (auto simp:children_def child_def) + with False show False by auto + qed + from eq_cp[OF this] + show ?thesis . + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + apply (unfold children_def child_def s_def depend_set_unchanged, simp) + apply (fold s_def, auto simp:depend_s) + proof - + assume "(Cs cs, Th th'') \ depend s'" + with depend_s have cs_th': "(Cs cs, Th th'') \ depend s" by auto + from dp1 have "(Th th, Th th') \ (depend s)^+" + by (auto simp:s_dependents_def eq_depend) + from converse_tranclE[OF this] + obtain cs1 where h1: "(Th th, Cs cs1) \ depend s" + and h2: "(Cs cs1 , Th th') \ (depend s)\<^sup>+" + by (auto simp:s_depend_def) + have eq_cs: "cs1 = cs" + proof - + from depend_s have "(Th th, Cs cs) \ depend s" by simp + from unique_depend[OF vt_s this h1] + show ?thesis by simp + qed + have False + proof(rule converse_tranclE[OF h2]) + assume "(Cs cs1, Th th') \ depend s" + with eq_cs have "(Cs cs, Th th') \ depend s" by simp + from unique_depend[OF vt_s this cs_th'] + have "th' = th''" by simp + with ch' y_ch have "(Th th'', Th th'') \ (child s)^+" by auto + with wf_trancl[OF wf_child[OF vt_s]] + show False by auto + next + fix y + assume "(Cs cs1, y) \ depend s" + and ytd: " (y, Th th') \ (depend s)\<^sup>+" + with eq_cs have csy: "(Cs cs, y) \ depend s" by simp + from unique_depend[OF vt_s this cs_th'] + have "y = Th th''" . + with ytd have "(Th th'', Th th') \ (depend s)^+" by simp + from depend_child[OF vt_s this] + have "(Th th'', Th th') \ (child s)\<^sup>+" . + moreover from ch' y_ch have ch'': "(Th th', Th th'') \ (child s)^+" by auto + ultimately have "(Th th'', Th th'') \ (child s)^+" by auto + with wf_trancl[OF wf_child[OF vt_s]] + show False by auto + qed + thus "\cs. (Th th, Cs cs) \ depend s' \ (Cs cs, Th th'') \ depend s'" by auto + qed + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + next + fix th'' + assume dp': "(Th th', Th th'') \ child s" + show "cp s th'' = cp s' th''" + apply (subst cp_rec[OF vt_s]) + proof - + have "preced th'' s = preced th'' s'" + by (simp add:s_def preced_def) + moreover { + fix th1 + assume th1_in: "th1 \ children s th''" + have "cp s th1 = cp s' th1" + proof(cases "th1 = th'") + case True + with eq_cps show ?thesis by simp + next + case False + have neq_th1: "th1 \ th" + proof + assume eq_th1: "th1 = th" + with dp1 have "(Th th1, Th th') \ (depend s)^+" + by (auto simp:s_dependents_def eq_depend) + from children_no_dep[OF vt_s _ _ this] + th1_in dp' + show False by (auto simp:children_def) + qed + show ?thesis + proof(rule eq_cp) + show "th \ dependents s th1" + proof + assume "th \ dependents s th1" + from dependents_child_unique[OF vt_s _ _ this dp1] + th1_in dp' have "th1 = th'" + by (auto simp:children_def) + with False show False by auto + qed + qed + qed + } + ultimately have "{preced th'' s} \ (cp s ` children s th'') = + {preced th'' s'} \ (cp s' ` children s th'')" by (auto simp:image_def) + moreover have "children s th'' = children s' th''" + apply (unfold children_def child_def s_def depend_set_unchanged, simp) + apply (fold s_def, auto simp:depend_s) + proof - + assume "(Cs cs, Th th'') \ depend s'" + with depend_s have cs_th': "(Cs cs, Th th'') \ depend s" by auto + from dp1 have "(Th th, Th th') \ (depend s)^+" + by (auto simp:s_dependents_def eq_depend) + from converse_tranclE[OF this] + obtain cs1 where h1: "(Th th, Cs cs1) \ depend s" + and h2: "(Cs cs1 , Th th') \ (depend s)\<^sup>+" + by (auto simp:s_depend_def) + have eq_cs: "cs1 = cs" + proof - + from depend_s have "(Th th, Cs cs) \ depend s" by simp + from unique_depend[OF vt_s this h1] + show ?thesis by simp + qed + have False + proof(rule converse_tranclE[OF h2]) + assume "(Cs cs1, Th th') \ depend s" + with eq_cs have "(Cs cs, Th th') \ depend s" by simp + from unique_depend[OF vt_s this cs_th'] + have "th' = th''" by simp + with dp' have "(Th th'', Th th'') \ (child s)^+" by auto + with wf_trancl[OF wf_child[OF vt_s]] + show False by auto + next + fix y + assume "(Cs cs1, y) \ depend s" + and ytd: " (y, Th th') \ (depend s)\<^sup>+" + with eq_cs have csy: "(Cs cs, y) \ depend s" by simp + from unique_depend[OF vt_s this cs_th'] + have "y = Th th''" . + with ytd have "(Th th'', Th th') \ (depend s)^+" by simp + from depend_child[OF vt_s this] + have "(Th th'', Th th') \ (child s)\<^sup>+" . + moreover from dp' have ch'': "(Th th', Th th'') \ (child s)^+" by auto + ultimately have "(Th th'', Th th'') \ (child s)^+" by auto + with wf_trancl[OF wf_child[OF vt_s]] + show False by auto + qed + thus "\cs. (Th th, Cs cs) \ depend s' \ (Cs cs, Th th'') \ depend s'" by auto + qed + ultimately show "Max ({preced th'' s} \ cp s ` children s th'') = cp s' th''" + by (simp add:cp_rec[OF step_back_vt[OF vt_s[unfolded s_def]]]) + qed + qed + } + ultimately show ?thesis by auto +qed + +end + +locale step_create_cps = + fixes s' th prio s + defines s_def : "s \ (Create th prio#s')" + assumes vt_s: "vt step s" + +context step_create_cps +begin + +lemma eq_dep: "depend s = depend s'" + by (unfold s_def depend_create_unchanged, auto) + +lemma eq_cp: + fixes th' + assumes neq_th: "th' \ th" + shows "cp s th' = cp s' th'" + apply (unfold cp_eq_cpreced cpreced_def) +proof - + have nd: "th \ dependents s th'" + proof + assume "th \ dependents s th'" + hence "(Th th, Th th') \ (depend s)^+" by (simp add:s_dependents_def eq_depend) + with eq_dep have "(Th th, Th th') \ (depend s')^+" by simp + from converse_tranclE[OF this] + obtain y where "(Th th, y) \ depend s'" by auto + with dm_depend_threads[OF step_back_vt[OF vt_s[unfolded s_def]]] + have in_th: "th \ threads s'" by auto + from step_back_step[OF vt_s[unfolded s_def]] + show False + proof(cases) + assume "th \ threads s'" + with in_th show ?thesis by simp + qed + qed + have eq_dp: "\ th. dependents (wq s) th = dependents (wq s') th" + by (unfold cs_dependents_def, auto simp:eq_dep eq_depend) + moreover { + fix th1 + assume "th1 \ {th'} \ dependents (wq s') th'" + hence "th1 = th' \ th1 \ dependents (wq s') th'" by auto + hence "preced th1 s = preced th1 s'" + proof + assume "th1 = th'" + with neq_th + show "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def) + next + assume "th1 \ dependents (wq s') th'" + with nd and eq_dp have "th1 \ th" + by (auto simp:eq_depend cs_dependents_def s_dependents_def eq_dep) + thus "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def) + qed + } ultimately have "((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" + by (auto simp:image_def) + thus "Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + Max ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" by simp +qed + +lemma nil_dependents: "dependents s th = {}" +proof - + from step_back_step[OF vt_s[unfolded s_def]] + show ?thesis + proof(cases) + assume "th \ threads s'" + from not_thread_holdents[OF step_back_vt[OF vt_s[unfolded s_def]] this] + have hdn: " holdents s' th = {}" . + have "dependents s' th = {}" + proof - + { assume "dependents s' th \ {}" + then obtain th' where dp: "(Th th', Th th) \ (depend s')^+" + by (auto simp:s_dependents_def eq_depend) + from tranclE[OF this] obtain cs' where + "(Cs cs', Th th) \ depend s'" by (auto simp:s_depend_def) + with hdn + have False by (auto simp:holdents_def) + } thus ?thesis by auto + qed + thus ?thesis + by (unfold s_def s_dependents_def eq_depend depend_create_unchanged, simp) + qed +qed + +lemma eq_cp_th: "cp s th = preced th s" + apply (unfold cp_eq_cpreced cpreced_def) + by (insert nil_dependents, unfold s_dependents_def cs_dependents_def, auto) + +end + + +locale step_exit_cps = + fixes s' th prio s + defines s_def : "s \ (Exit th#s')" + assumes vt_s: "vt step s" + +context step_exit_cps +begin + +lemma eq_dep: "depend s = depend s'" + by (unfold s_def depend_exit_unchanged, auto) + +lemma eq_cp: + fixes th' + assumes neq_th: "th' \ th" + shows "cp s th' = cp s' th'" + apply (unfold cp_eq_cpreced cpreced_def) +proof - + have nd: "th \ dependents s th'" + proof + assume "th \ dependents s th'" + hence "(Th th, Th th') \ (depend s)^+" by (simp add:s_dependents_def eq_depend) + with eq_dep have "(Th th, Th th') \ (depend s')^+" by simp + from converse_tranclE[OF this] + obtain cs' where bk: "(Th th, Cs cs') \ depend s'" + by (auto simp:s_depend_def) + from step_back_step[OF vt_s[unfolded s_def]] + show False + proof(cases) + assume "th \ runing s'" + with bk show ?thesis + apply (unfold runing_def readys_def s_waiting_def s_depend_def) + by (auto simp:cs_waiting_def) + qed + qed + have eq_dp: "\ th. dependents (wq s) th = dependents (wq s') th" + by (unfold cs_dependents_def, auto simp:eq_dep eq_depend) + moreover { + fix th1 + assume "th1 \ {th'} \ dependents (wq s') th'" + hence "th1 = th' \ th1 \ dependents (wq s') th'" by auto + hence "preced th1 s = preced th1 s'" + proof + assume "th1 = th'" + with neq_th + show "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def) + next + assume "th1 \ dependents (wq s') th'" + with nd and eq_dp have "th1 \ th" + by (auto simp:eq_depend cs_dependents_def s_dependents_def eq_dep) + thus "preced th1 s = preced th1 s'" by (auto simp:s_def preced_def) + qed + } ultimately have "((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" + by (auto simp:image_def) + thus "Max ((\th. preced th s) ` ({th'} \ dependents (wq s) th')) = + Max ((\th. preced th s') ` ({th'} \ dependents (wq s') th'))" by simp +qed + +end +end +