Quelle Traces.thy

Sprache: Isabelle

(*  Title:      HOL/HOLCF/IOA/Traces.thy
    Author
*)

section ‹\>'s"

Traces
Sequence Automata

type

('a, 's) pairs = "('a × 's) Seq"
('a, 's) execution = "'s × ('a, 's) pairs"
'a trace = "'a Seq"
('a, 's) execution_module = "('a, 's) execution set × 'a signature"
type_synonym 'a schedule_module = "'a trace set \<times> 'a signature"
type_synonym trace <>'asignature

<>xecutionsclose

definition is_exec_fragC :: "('a, 's fin_often: (a\Rightarrow> bool <> ' Seq \Rightarrowbool

    (fix<>
      LAM .
        (\<lambda>s.
          case ex of
            nil \<Rightarrow> TT
          | x ## xs \<Rightarrow> flift1 (\<lambda>p. Def ((s, p) \<in> trans_of A) andalso (h \<cdot> xs) (snd p)) \<cdot> x)))"

is_exec_frag :: "('a, 's) ioa ==> ('a, 's) execution ==>(io =< a2
where "is_exec_frag A ex \<ongleftrightarrows_exec_fragCi==> bool"

execut :: "('a, 's) ioa 🚫Taes.hy
imp "A=<B\

‹› ‹ ppcutions , asigffA)" ('a

filter_actwhe "Scheds ('a, 's)execution_m= "('a, 's)
where "filter_act = Map fst"

has_schedule "('a, 's ioa \<>' [s del] = HOL.ex_s HOL.all_simps spl
where "hasdLet_def [si]

java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null

has_trace :: "('a, 's) ioa ==> ak hedorof cedls
has_trace_def2:: "has_trace A b ⟷ex ∈ lsttte_U:latt, U "

acese : "a, 's) i Rightarrow> 'a trace set"
where "traces ioa ≡

mk_trace :: "('a, 's) ioa ==> ('a, 's) pairs →done
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

‹ have only actions of ‹

l :: "('a, s) execution ==>
take the detour of schedud
has_trace_def2: "has_trace A b ⟷ i \open this conis included once more. (See Le
<>fst
| Def at ==> snd at)"

java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "macro" is null
inf_often :: "('a ==> xs \<> state_trans› \openIOA›): We have no
rein_tnP longleftrightarrow> Infinite (Filter P ⋅ n 🚫

‹
fin_often :: "('
where "fin_often P s ⟷

‹

done
Note that p eee_insg:
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "macro" is null
openW›

See 🍋
superseding this one.

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
(inf_often (λx. fst x
inf_often (\lambda \not En A W (snd x)) (snd ex))"

wfair_ex :: "(a, s) ioa \Rightarrow('a, 's) ex ==>
where "wfair_ex A ex ⟷
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
if Finite (snd ex)
then ¬ Enabled A W (laststate ex)
else is_wfair A W ex)"

is_sfair :: "('a, 's) ioa ==> 'a set ==> ('a, 's) execution ==> bool"
where "is_sfair A W ex ⟷
(inf_often (λx. fst x ∈ W) (snd ex) ∨
fin_often (λx. Enabled A W (snd x)) (snd ex))"

sfair_ex :: "('a, 's)ioa ==> ('a, 's) execution ==> bool"
where "sfair_ex A ex ⟷
(∀W ∈ sfair_of A.
if Finite (snd ex)
then ¬ Enabled A W (laststate ex)
else is_sfair A W ex)"

fair_ex :: "('a, 's) ioa ==> ('a, 's) execution ==> bool"
where "fair_ex A ex ⟷ wfair_ex A ex ∧ sfair_ex A ex"

‹Fair behavior sets.›

fairexecutions :: "('a, 's) ioa ==> ('a, 's) execution set"
where "fairexecutions A = {ex. ex ∈ executions A ∧ fair_ex A ex}"

fairtraces :: "('a, 's) ioa ==> 'a trace set"
where "fairtraces A = {mk_trace A ⋅ (snd ex) | ex. ex ∈ fairexecutions A}"

‹Implementation›

‹Notions of implementation›

ioa_implements :: "('a, 's1) ioa ==> ('a, 's2) ioa ==> bool" (infixr ‹=<|\› 12)
where "(ioa1 =<| ioa2) ⟷
(inputs (asig_of ioa1) = inputs (asig_of ioa2) ∧
outputs (asig_of ioa1) = outputs (asig_of ioa2)) ∧
traces ioa1 ⊆ traces ioa2"

fair_implements :: "('a, 's1) ioa ==> ('a, 's2) ioa ==> bool"
where "fair_implements C A ⟷
inp C = inp A ∧ out C = out A ∧ fairtraces C ⊆ fairtraces A"

implements_trans: "A =<| B ==> B =<| C ==> A =<| C"
by (auto simp add: ioa_implements_def)

‹Modules›

‹Execution, schedule and trace modules›

Execs :: "('a, 's) ioa ==> ('a, 's) execution_module"
where "Execs A = (executions A, asig_of A)"

Scheds :: "('a, 's) ioa ==> 'a schedule_module"
where "Scheds A = (schedules A, asig_of A)"

Traces :: "('a, 's) ioa ==> 'a trace_module"
where "Traces A = (traces A, asig_of A)"

[simp del] = HOL.ex_simps HOL.all_simps split_paired_Ex
Let_def [simp]
‹map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")›

exec_rws = executions_def is_exec_frag_def

‹Recursive equations of operators›

‹‹filter_act››

filter_act_UU: "filter_act ⋅ UU = UU"
by (simp add: filter_act_def)

filter_act_nil: "filter_act ⋅ nil = nil"
by (simp add: filter_act_def)

filter_act_cons: "filter_act ⋅ (x ↝ xs) = fst x ↝ filter_act ⋅ xs"
by (simp add: filter_act_def)

filter_act_UU [simp] filter_act_nil [simp] filter_act_cons [simp]

‹‹mk_trace››

mk_trace_UU: "mk_trace A ⋅ UU = UU"
by (simp add: mk_trace_def)

mk_trace_nil: "mk_trace A ⋅ nil = nil"
by (simp add: mk_trace_def)

mk_trace_cons:
"mk_trace A ⋅ (at ↝ xs) =
(if fst at ∈ ext A
then fst at ↝ mk_trace A ⋅ xs
else mk_trace A ⋅ xs)"
by (simp add: mk_trace_def)

mk_trace_UU [simp] mk_trace_nil [simp] mk_trace_cons [simp]

‹‹is_exec_fragC››

is_exec_fragC_unfold:
"is_exec_fragC A =
(LAM ex.
(λs.
case ex of
nil ==> TT
| x ## xs ==>
(flift1 (λp. Def ((s, p) ∈ trans_of A) andalso (is_exec_fragC A⋅xs) (snd p)) ⋅ x)))"
apply (rule trans)
apply (rule fix_eq4)
apply (rule is_exec_fragC_def)
apply (rule beta_cfun)
apply (simp add: flift1_def)
done

is_exec_fragC_UU: "(is_exec_fragC A ⋅ UU) s = UU"
apply (subst is_exec_fragC_unfold)
apply simp
done

is_exec_fragC_nil: "(is_exec_fragC A ⋅ nil) s = TT"
apply (subst is_exec_fragC_unfold)
apply simp
done

is_exec_fragC_cons:
"(is_exec_fragC A ⋅ (pr ↝ xs)) s =
(Def ((s, pr) ∈ trans_of A) andalso (is_exec_fragC A ⋅ xs) (snd pr))"
  apply (rule trans)
  apply (subst is_exec_fragC_unfold)
  apply (simp add: Consq_def flift1_def)
  apply simp
  done

declare is_exec_fragC_UU [simp] is_exec_fragC_nil [simp] is_exec_fragC_cons [simp]

subsubsection \<open>\<open>is_exec_frag\<close>\<close>

lemma is_exec_frag_UU: "is_exec_frag A (s, UU)"
  by (simp add: is_exec_frag_def)

lemma is_exec_frag_nil: "is_exec_frag A (s, nil)"
  by (simp add: is_exec_frag_def)

lemma is_exec_frag_cons:
  "is_exec_frag A (s, (a, t) \<leadsto> ex) \<longleftrightarrow> (s, a, t) \<in> trans_of A \<and> is_exec_frag A (t, ex)"
  by (simp add: is_exec_frag_def)

declare is_exec_frag_UU [simp] is_exec_frag_nil [simp] is_exec_frag_cons [simp]

subsubsection \<open>\<open>laststate\<close>\<close>

lemma laststate_UU: "laststate (s, UU) = s"
  by (simp add: laststate_def)

lemma laststate_nil: "laststate (s, nil) = s"
  by (simp add: laststate_def)

lemma laststate_cons: "Finite ex \<Longrightarrow> laststate (s, at \<leadsto> ex) = laststate (snd at, ex)"
  apply (simp add: laststate_def)
  apply (cases "ex = nil")
  apply simp
  apply simp
  apply (drule Finite_Last1 [THEN mp])
  apply assumption
  apply defined
  done

declare laststate_UU [simp] laststate_nil [simp] laststate_cons [simp]

lemma exists_laststate: "Finite ex \<Longrightarrow> \<forall>s. \<exists>u. laststate (s, ex) = u"
  by Seq_Finite_induct

subsection \<open>\<open>has_trace\<close> \<open>mk_trace\<close>\<close>

(*alternative definition of has_trace tailored for the refinement proof, as it does not
  take the detour of schedules*)
lemma has_trace_def2: "has_trace A b \<longleftrightarrow> (\<exists>ex \<in> executions A. b = mk_trace A \<cdot> (snd ex))"
  apply (unfold executions_def mk_trace_def has_trace_def schedules_def has_schedule_def [abs_def])
  apply auto
  done

subsection \<open>Signatures and executions, schedules\<close>

text \<open>
  All executions of \<open>A\<close> have only actions of \<open>A\<close>. This is only true because of
  the predicate \<open>state_trans\<close> (part of the predicate \<open>IOA\<close>): We have no
  dependent types. For executions of parallel automata this assumption is not
  needed, as in \<open>par_def\<close> this condition is included once more. (See Lemmas
  1.1.1c in CompoExecs for example.)
\<close>

lemma execfrag_in_sig:
  "is_trans_of A \<Longrightarrow> \<forall>s. is_exec_frag A (s, xs) \<longrightarrow> Forall (\<lambda>a. a \<in> act A) (filter_act \<cdot> xs)"
  apply (pair_induct xs simp: is_exec_frag_def Forall_def sforall_def)
  text \<open>main case\<close>
  apply (auto simp add: is_trans_of_def)
  done

lemma exec_in_sig:
  "is_trans_of A \<Longrightarrow> x \<in> executions A \<Longrightarrow> Forall (\<lambda>a. a \<in> act A) (filter_act \<cdot> (snd x))"
  apply (simp add: executions_def)
  apply (pair x)
  apply (rule execfrag_in_sig [THEN spec, THEN mp])
  apply auto
  done

lemma scheds_in_sig: "is_trans_of A \<Longrightarrow> x \<in> schedules A \<Longrightarrow> Forall (\<lambda>a. a \<in> act A) x"
  apply (unfold schedules_def has_schedule_def [abs_def])
  apply (fast intro!: exec_in_sig)
  done

subsection \<open>Executions are prefix closed\<close>

(*only admissible in y, not if done in x!*)
lemma execfrag_prefixclosed: "\<forall>x s. is_exec_frag A (s, x) \<and> y \<sqsubseteq> x \<longrightarrow> is_exec_frag A (s, y)"
  apply (pair_induct y simp: is_exec_frag_def)
  apply (intro strip)
  apply (Seq_case_simp x)
  apply (pair a)
  apply auto
  done

lemmas exec_prefixclosed =
  conjI [THEN execfrag_prefixclosed [THEN spec, THEN spec, THEN mp]]

(*second prefix notion for Finite x*)
lemma exec_prefix2closed [rule_format]:
  "\<forall>y s. is_exec_frag A (s, x @@ y) \<longrightarrow> is_exec_frag A (s, x)"
  apply (pair_induct x simp: is_exec_frag_def)
  apply (intro strip)
  apply (Seq_case_simp s)
  apply (pair a)
  apply auto
  done

end

Messung V0.5 in Prozent

¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.9Bemerkung: ¤

*Bot Zugriff

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.