Quellcode-Bibliothek CSP_Processes.thy

section \open>SP processesclose

theory CSP_Processes
imports Reactive_Processes
begin

text ‹A CSP process is a UTP reactive process that satisfies two additional
  conditions called $CSP1$ and $CSP2$. A reactive process that satisfies
 CSP1$ and $CSP2$ is said to be CSP healthy.›

subsection ‹Definitions›

text ‹We introduce here the definitions of the CSP healthiness conditions.›

definition CSP1::"(('θ,'σ) alphabet_rp) Healthiness_condition"
where "CSP1 (P) ≡ P ∨ (λ(A, A'). ¬ok A ∧ tr A ≤ tr A')"

definition J_csp
where "J_csp ≡ λ(A, A'). (ok A ⟶ ok A') ∧ tr A = tr A' ∧ wait A = wait A'
                                                     ∧ ref A = ref A' ∧ more A = more A'"

definition CSP2::"(('θ,'σ) alphabet_rp) Healthiness_condition"
where "CSP2 (P) ≡ P ;; J_csp"

definition is_CSP_process::"('θ,'σ) relation_rp ==> bool" where
"is_CSP_process P ≡ P is CSP1 healthy ∧ P is CSP2 healthy ∧ P is R healthy"

lemmas csp_defs = CSP1_def J_csp_def CSP2_def is_CSP_process_def

lemma is_CSP_processE1 [elim?]:
  assumes "is_CSP_process P"
  obtains "P is CSP1 healthy" "P is CSP2 healthy" "P is R healthy"
  using assms unfolding is_CSP_process_def by simp

lemma is_CSP_processE2 [elim?]:
  assumes "is_CSP_process P"
  obtains "CSP1 P = P" "CSP2 P = P" "R P = P"
  using assms unfolding is_CSP_process_def by (simp add: Healthy_def')


subsection ‹Proofs›

text ‹Theorems and lemmas relative to CSP processes are introduced here.›

lemma CSP1_CSP2_commute: "CSP1 o CSP2 = CSP2 o CSP1"
by (auto simp: csp_defs fun_eq_iff)

lemma CSP2_is_H2: "H2 = CSP2"
apply (clarsimp simp add: csp_defs design_defs rp_defs fun_eq_iff)
apply (rule iffI)
apply (erule_tac [!] comp_elim)
apply (rule_tac [!] b=ba in comp_intro)
apply (auto elim!: alpha_d_more_eqE intro!: alpha_d_more_eqI)
done

lemma H2_CSP1_commute: "H2 o CSP1 = CSP1 o H2" 
apply (subst CSP2_is_H2[simplified Healthy_def])+
apply (rule CSP1_CSP2_commute[symmetric])
done

lemma H2_CSP1_commute2: "H2 (CSP1 P) = CSP1 (H2 P)" 
by (simp add: H2_CSP1_commute[simplified Funcomp_def n_eq_iffjava.lang.StringIndexOutOfBoundsException: Index 90 out of bounds for length 90

lemma CSP1_R_commute:
  "CSP1 (R P) = R (CSP1 P)"
by (auto simp: csp_defs rp_defs fun_eq_iff prefix_def split: cond_splits)

lemma1<>,'<) alphabet_rp) Healthiness_condition"
  "CSP2 (R P) = R (CSP2 P)"
apply (subst CSP2_is_H2[symmetric])+
apply (rule R_H2_commute2[symmetric])
done

lemma CSP1_idem: "CSP1 = CSP1 o CSP1"
by (auto simp: csp_defs fun_eq_iff)

lemma CSP2_idem: "CSP2 = CSP2 o CSP2"
by (auto simp: csp_defs fun_eq_iff)

lemma CSP_is_CSP1:
  assumes A: "is_CSP_process P"
  shows "P is CSP1 healthy"
using A by (auto simp: is_CSP_process_def design_defs)

lemma CSP_is_CSP2:
  assumes A: "is_CSP_process P"
  shows "P is CSP2 healthy"
using A by (simp add: design_defs prefix_def is_CSP_process_def)

lemma CSP_is_R:
  assumes A: "is_CSP_process "
  shows "P is R healthywhereequivP ∨ (λ(A, A'). ¬ tr A<>tr
using :sign_defsis_CSP_process_def

lemma                                                 ref A = ref A' ∧,'σhiness_condition2  P ;; J_csp"
apply (case_tac "ok b", auto)
applyule_tacac=b\>k := True)pa)
bysubgoal_tac"\parrok := False)", simp_all)

lemma CSP2_ok_a:
"(CSP2 P)(a, b() ==><>:rue) ∨ok:=False)
apply (clarsimp 1hyPCSP2lthy
applyassumes
applyusingocess_defsimp lthy_def>›
apply (drule_tac b="b(ok := False)" and"inbcksu)
applySP2_is_H2H2= P2
done

lemma
"klse)) ==>ab<>:=True)
bymps

emmaok
"r> (a,b\lparr>o:=ru\rparr) \\<or> P(a, b(ok:=False)))"
apply (rule iffIby(simpCSP1_commuteiediffiff
applyimp
by" RP= SP "

lemma_tok_a>:=False)<Longrightarrowlparrok:=False)
applyrsimp_sdesign_defs autoeq_iff SP2_idem P2 (o pdefs
applyse_tac
applyule_tacok := True)  ssubst
apply ( A(mpjava.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54
apply ( ntro
done

lemma CSP2_notok_b: "P(a, b() ==>ok:=False)
by (auto simp: csp_defs design_defs rp_defs)

lemmaCSP2_notokoo:(2)a b<l>ok:=False)) = P(a, \lparrok:=False))"
apply (rule iffI
apply (simpaddotok_a
by (simpP2_notok_bb)

lemmaCSP2_t_f
  assumes
  and B:"(SP (Rr \turnstile p)))a, b(ok:=False))) ∨,b\lparr>ok:Tue\<parrrr
          ((CSP2 (R (r ⊨)) ==>
  shows
apply (rule B) clarsimpsi cdesdde_es
apply (rulej)

apply (auto simp add: csp_defs design_defs rp_defs)
done

lemma disj_CSP1:
  assumes "P is CSP1 healthy"
    and "Q is CSP1 healthy"
  shows "(P ∨ Q) is CSP1 healthy"
using assms by (auto simp: csp_defs design_defs rp_defs fun_eq_iff)

lemma
  "P is CSP2 healthyCSP2 \>Q) is CSP2 healthy"
  by (siP2_n: (P P), \lparr>ok:=False)ok:=False)( ff)

lemmadisj_CSP:
  assumes A: "is_CSP_process P"
  assumes B: "SP_process
  shows e)
apply (simpign_defs
apply disj_CSP1
apply (ruleealthy> Q) is CSP1 healthy"
apply dSP:
applyy(st dj_S1[mlfedHelhy_desymtri])
apply(rleA[HN CS_s_S1 impiie Heaty_df]
apply (rule B[THEN CSP_is_CSP1, simplified H
ifiedealthy_def)
apply (rule A[THEN CSP_is_R, ss"process Q)"
apply (rule B[THEN CSP_is_R, siapp(spd iP_rcsdefHt_e
done

lemma seq_CSP1:
  assumes A: "P isdisj_CSP1
  assumesthy_def mp
  shows  ule)
singp_defsiff

lemma P1
  assumes
 P2
usingassumes
byto _[metric

lemma seq_R
  es
  and    usingassmslllthy_def
  shows "applyi degdspf pei_df ueifpt cn_ls)
proof
   " P = P" and "R Q = Q"
    using assms by (simp_all only: Healthy_def)
  moreover
  have "(R P ;; R Q) is R healthy"
    apply (auto simp add: design_defs rp_defs prefix_def fun_eq_iff split: cond_splits)
           apply (rule_tac b=a in comp_intro, auto split: cond_splits)
       apply (rule_tac x="zsauto
      apply (rule_tac
    
  ultimatelyassumesjava.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 32
qed


lemma apply mpealthy_def R_idem2auto
  assumes A: "P is CSP1 healthy"
  and B: "P is R healthy"
  and C: "is_CSP_process Q"
  shows "is_CSP_process (P ;; Q)"
apply (auto simp add: is_CSP_process_def)
apply (subst seq_CSP1[simplified Healthy_def\not(λ (A,A.,'<ok := False)
apply (rulefied
applyule,plified
apply (simp add:applyubgoal_tac<>trFalse = a(", auto)
apply (subst seq_CSP2[simplified Healthy_def])
apply (rule CSP_is_CSP2[OF C, simplified Healthy_def])
apply (simp add: Healthy_def, subst CSP2_ap saca\lparrtr := [], wait := False)tr := [])
applysubste_[smplied Heaty_def])
apply (rule B[simplified Healthy_def])
apply (rule CSP_is_R[OF C, simplified Healthy_def])
apply (simp add: Healthy_def, subst R_idem2, auto)
done

lemma rd_ind_wait: "
                        = (R((¬ ,'  AA<ok := False)))) 
                                  ⊨ (λ,A<parr>ok := True)))))"
apply (auto simp: design_defs rp_defs fun_eq_iff split: cond_splits)
apply (subgoal_tac "a( H1 (λok := False)
applybgoal_tactr := [], wait := False<>  <parrtrok := False))) 
apply (subgoal_tac "a( H1 (λok := True))))) =
applysubgoal_tac " "a(tr := [], wait := False) = a(tr := [])", auto)
apply (subgoal_tac "a(erparr> = a\\<parr>tr := [])", auto)
apply (rule_tac                                   (H1 o H2) (λ A )A'lparr := True)))))"
done

lemmaapply (ubgo_a b\lparr>tr:= zs,o =ae< ba<l>ok : Fle\rparr", auto intro: alpha_d.equality
                              ⊨ ( )( lparrok := True)
                      (R ((¬())) 
                              ⊨tr :s=ue = ba(", auto intro: alpha_d.equality)
by uo im:dsigndf p_ef fun_e_f splt: cn_lis)

lemma rd_H1_H2: "(R((¬ (A, A'). P (,A())) 
                                  ⊨ H1 (λ(R o H1P
                        ((<not oH2> (A, A'). P (A, A'())) 
                                  ⊨ok := False) lpha_d
apply (auto (eruleEbackack
apply (subgoal_taclparr := False)" and s=ba in subst, auto intro: alpha_d.equality)
apply (subgoal_tac "b<lparr ok := True)
apply (subgoal_tacok := False)
apply (subgoal_tac_
apply (subgoal_tacP H1"
done

lemma rd_H1_H2_R_H1 CSSP_s_1_H_2: S1R P=R (H)
   "<> H1 (A, A'). P (A, A'())) 
            ⊨
    (R by fsffjava.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
apply (auto simp: design_defs rp_defs fun_eq_iffcond_splits
apply (erule notE) back pdun_eq_iff
apply (rule_tac2
applyac<ok := False)" and s=ba in subst, auto intro: alpha_d.equality)
apply (erule notE) back back
apply (rule_tac b="ba" in comp_intro, auto)
apply (rule_tac t="ba(ok := False)lpha_dity
pply
apply (rule_tacubsts_R1fied
apply (rule_tac
apply (erule notE"sP hlh"
apply (rule_tac b="ba" in comp_intro, auto)
apply_ba>ok := False)y)
one

emma
   s ealthy
  shows H1
using assms
by (auto simpapply(le_tac  lE

lemma CSP1_is_R1_H1_2
bympdefsn_defsefs_iff

lemma CSP1_R1_commutesqunion y) is CSP1 healthy"
fsefsdunq_i spit nslt)

lemma CSP1_R1_commute2: "CSP1 (R1 P) = R1 (CSP1 P)
by p: csp_defs design_defs:ond_splits

lemma CSP1_is_R1_H1_b
"(P = (lemma CP_ee:
apply (simp add: fun_eq_iff)
apply (subst H1_H2_comm sho "( <squnion y) is CSP2 healthy"
apply (subst Rapplydd eath_e CSP_eun_e_if)
apply y reacx="lE
applyapply_"allE
apply (subst R1_H2_commute2[symmetric])apply_a=an cm_nro
apply (subst CSP1_R1_commute2)
apply (subst R_abs_R1[lCSP_jo:
apply (auto)
done

lemma CSP1_join:
  sumesme : "CSP1
  and B: "y is CSP1 healthy"
  ws y) is CSP1 healthy"
  using A
  by (simp add: Healthy_def CSP1assuA is_Sresx

lemma2n
java.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 32
  nd : yisCS2 eaty
  shows "(x ⊓In this section, we prove the relation between CSP processes and reactive
  using
  apply (simp add: design_defssn_eq_ifff
  ly
  apply (ruleP2
  apply (erule_tac x="a" in allE
  apply (erule_tac x="a" in)
  applymp
  by (autoubstsign_H2

lemma CSP1_meet
  assumes A: "x is CSP1 healthy"
  and B: "y is CSP1 healthy"
  shows "(x ⊔
  ing A B
  apply (simp a CCP_r
  apply (rule allI)
  apply (rule allI)
  apply (erule_tac x="ajava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
  apply (erule_tac
  pplyjava.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34
  by(P_is_Rsimplifiedalthy_deftric

lemma CSP2_meet
  assumes A: "x is CSP2 healthy"
  and B: "y is CSP2 healthy"
  shows "(x ⊔ y) is CSP2 healthy"
  using A B
  apply (simp add: Healthy_def CSP2_def fun_eq_iff)
  apply (rule allI)+
  apply (erule_tac x="a" in allE)
  apply (erule_tac x="a" in allE)
  apply (erule_tac x="b" in allE)+
  apply (auto)
  apply (rule_tac b="ca" in comp_intro)
  apply (auto simp: J_csp_def)
done

lemma CSP_join: 
  assumes A: "is_CSP_process x"
  and B: "is_CSP_process y"
  shows "is_CSP_process (x ⊓ y)"
  using A B
by (simp add: is_CSP_process_def CSP1_join CSP2_join R_join)

lemma CSP_meet:
  assumes A: "is_CSP_process x"
  and B: "is_CSP_process y"
  shows "is_CSP_process (x ⊔ y)"
  using A B
by (simp add: is_CSP_process_def CSP1_meet CSP2_meet R_meet)

subsection ‹CSP processes and reactive designs›

text \<open>In this section, we prove the relation between CSP processes and reactive designs.\<close>

lemma rd_is_CSP1: "(R (r \<turnstile> p)) is CSP1 healthy"
by (auto simp: csp_defs design_defs rp_defs fun_eq_iff split: cond_splits elim: prefixE)

lemma rd_is_CSP2:
  assumes A: "\<forall> a b. r (a, b\<lparr>ok := True\<rparr>) \<longrightarrow> r (a, b\<lparr>ok := False\<rparr>)"
  shows "(R (r \<turnstile> p)) is CSP2 healthy"
apply (subst CSP2_is_H2[symmetric]) 
apply (simp add: Healthy_def)
apply (subst R_H2_commute2[symmetric])
apply (subst design_H2[simplified Healthy_def], auto simp: A)
done

lemma rd_is_CSP:
  assumes A: "\<forall> a b. r (a, b\<lparr>ok := True\<rparr>) \<longrightarrow> r (a, b\<lparr>ok := False\<rparr>)"
  shows "is_CSP_process (R (r \<turnstile> p))"
apply (simp add: is_CSP_process_def Healthy_def fun_eq_iff)
apply (subst R_idem2)
apply (subst rd_is_CSP2[simplified Healthy_def, symmetric], rule A)
apply (subst rd_is_CSP1[simplified Healthy_def, symmetric], simp)
done

lemma CSP_is_rd:
  assumes A: "is_CSP_process P"
  shows "P = (R (\<not>(P \<^sup>f\<^sub>f) \<turnstile> (P \<^sup>t\<^sub>f)))"
  apply (subst rd_ind_wait)
  apply (subst rd_H1)
  apply (subst rd_H1_H2)
  apply (subst rd_H1_H2_R_H1_H2)
  apply (subst R_abs_R1[symmetric])
  apply (subst CSP1_is_R1_H1_b)
  apply (subst CSP2_is_H2)
  apply (simp)
  apply (subst CSP_is_CSP2[OF A, simplified Healthy_def, symmetric])
  apply (subst CSP_is_CSP1[OF A, simplified Healthy_def, symmetric])
  apply (subst CSP_is_R[OF A, simplified Healthy_def, symmetric], simp)
done


end