Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Cephes/   (Cephes Mathematical Library ©)  Datei vom 9.5.2026 mit Größe 2 kB image not shown  

SSL Circus_Actions.thy

  Sprache: Isabelle 		 

section Circus actions

theory Circus_Actions
imports HOLCF CSP_Processes
begin

text 
  useful theos assume F: "F

  type

 

 

  ('θev_eq",'σ,'σelain_r.i_SPprcss p}"
 morphisms relation_of action_of
  -
 have "R (false true) {p :: ('θ,'σ) relation_rp. is_CSP_process p}"
 by (auto intro: rd_is_CSP)
 thus ?thesis by auto
 

 

  The type-definition introduces a new type by stating a set. In our case,
 it is the set of reactive processes that satisfy the healthiness-conditions
 for CSP-processes, isomorphic to the new type.
 Technically, this construct introduces two constants (morphisms) definitions $relation\_of$
 and $action\_of$ as well as the usual axioms expressing the bijection @{thm relation_of_inverse}
 and @{thm action_of_inverse}.

  relation_of_CSP: "is_CSP_process (relation_of x)"
  -
  "(relation_of x) :{p. is_CSP_process p}" by (rule relation_of)
  show "is_CSP_process (relation_of x)" ..
 

  relation_of_CSP1: "(relation_of x) is CSP1 healthy"
  (rule CSP_is_CSP1[OF relation_of_CSP])

  relation_of_CSP2: "(relation_of x) is CSP2 healthy"
  (rule CSP_is_CSP2[OF relation_of_CSP])

  relation_of_R: "(relation_of x) is R healthy"
  (rule CSP_is_R[OF relation_of_CSP])

  Proofs

  In the following, Circus actions are proved to be an instance of the $Complete\_Lattice$ class.

  relation_of_spec_f_f:
 a b. (relation_of y relation_of x) (a, b) ==>
 (relation_of y)ff (a(tr := []), b) ==>
 (relation_of x)ff (a(tr := []), b)"
  (auto simp: spec_def)

  relation_of_spec_t_f:
 a b. (relation_of y relation_of x) (a, b) ==>
 (relation_of y)tf (a(tr := []), b) ==>
java.lang.NullPointerException
  (auto simp: spec_def)

  "action"::(ev_eq, type) below
 
  ref_def : "P Q [(relation_of Q) (relation_of P)]"
  ..
 

  "action" :: (ev_eq, type) po
 
 fix x y z::"('a, 'b) action"
 {
 show "x x" by (simp add: ref_def utp_defs)
 next
 assume "x y" and "y z" then show " x z"
 by (simp add: ref_def utp_defs)
 next
 assume A:"x y" and B:"y x" then show " x = y"
 by (auto simp add: ref_def relation_of_inject[symmetric] fun_eq_iff)
 }
 

  "action" :: (ev_eq, type) lattice
 

  inf_action : "(inf P Q action_of ((relation_of P) (relation_of Q)))"
  sup_action : "(sup P Q action_of ((relation_of P) (relation_of Q)))"
  less_eq_action : "(less_eq (P::('a, 'b) action) Q P Q)"
  less_action : "(less (P::('a, 'b) action) Q P Q ¬ Q P)"

 
 
 fix x y z::"('a, 'b) action"
 {
 show "(x < y) = (x y ¬ y x)"
 by (simp add: less_action less_eq_action)
 next
 show "(x x)" by (simp add: less_eq_action)
 next
 assume "x y" and "y z"
 then show " x z"
 by (simp add: less_eq_action ref_def utp_defs)
 next
 assume "x y" and "y x"
 then show " x = y"
 by (auto simp add: less_eq_action ref_def relation_of_inject[symmetric] utp_defs)
 next
 show "inf x y x"
 apply (auto simp add: less_eq_action inf_action ref_def
 csp_defs design_defs rp_defs)
 apply (subst action_of_inverse, simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="x"])
 apply (insert relation_of_CSP[where x="y"])
 apply (simp_all add: CSP_join)
 apply (simp add: utp_defs)
 done
 next
 show "inf x y y"
 apply (auto simp add: less_eq_action inf_action ref_def csp_defs)
 apply (subst action_of_inverse, simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="x"])
 apply (insert relation_of_CSP[where x="y"])
 apply (simp_all add: CSP_join)
 apply (simp add: utp_defs)
 done
 next
 assume "x y" and "x z"
 then show "x inf y z"
 apply (auto simp add: less_eq_action inf_action ref_def impl_def csp_defs)
 apply (erule_tac x="a" in allE, erule_tac x="a" in allE)
 apply (erule_tac x="b" in allE)+
 apply (subst (asm) action_of_inverse)
 apply (simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="z"])
 apply (insert relation_of_CSP[where x="y"])
 apply (auto simp add: CSP_join)
 done
 next
 show "x sup x y"
 apply (auto simp add: less_eq_action sup_action ref_def
 impl_def csp_defs)
 apply (subst (asm) action_of_inverse)
 apply (simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="x"])
 apply (insert relation_of_CSP[where x="y"])
 apply (auto simp add: CSP_meet)
 done
 next
 show "y sup x y"
 apply (auto simp add: less_eq_action sup_action ref_def
 impl_def csp_defs)
 apply (subst (asm) action_of_inverse)
 apply (simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="x"])
 apply (insert relation_of_CSP[where x="y"])
 apply (auto simp add: CSP_meet)
 done
 next
 assume "y x" and "z x"
 then show "sup y z x"
 apply (auto simp add: less_eq_action sup_action ref_def impl_def csp_defs)
 apply (erule_tac x="a" in allE)
 apply (erule_tac x="a" in allE)
 apply (erule_tac x="b" in allE)+
 apply (subst action_of_inverse)
 apply (simp add: Healthy_def)
 apply (insert relation_of_CSP[where x="z"])
 apply (insert relation_of_CSP[where x="y"])
 apply (auto simp add: CSP_meet)
 done
 }
 

 

  bot_is_action: "R (false true) {p. is_CSP_process p}"
  fixfix y

  bot_eq_true: "R (false true) = R true"
 by (auto simp: fun_eq_iff design_defs rp_defs split: cond_splits)

  "action" :: (ev_eq, type) bounded_lattice
 

  bot_action : "(bot::('a, 'b) action) action_of (R(false true))"
  top_action : "(top::('a, 'b) action) action_of (R(true false))"

 
 
 fix x::"('a, 'b) action"
 {
 show "bot x"
 unfolding bot_action
 apply (auto simp add: less_action less_eq_action ref_def bot_action)
 apply (subst action_of_inverse) apply (rule bot_is_action)
 apply (subst bot_eq_true)
 apply (subst (asm) CSP_is_rd)
 apply (rule relation_of_CSP)
 apply (auto simp add: csp_defs rp_defs fun_eq_iff split: cond_splits)
 done
 next
 show "x top"
 apply (auto simp add: less_action less_eq_action ref_def top_action)
 apply (subst (asm) action_of_inverse)
 apply (simp)
 apply (rule rd_is_CSP)
 apply auto
 apply (subst action_of_cases[where x=x], simp_all)
 apply (subst action_of_inverse, simp_all)
 apply (subst CSP_is_rd[where P=y], simp_all)
 apply (auto simp: rp_defs design_defs fun_eq_iff split: cond_splits)
 done
 }
 

 

  relation_of_top: "relation_of top = R(true false)"
 apply (simp add: top_action)
 apply (subst action_of_inverse)
 apply (simp)
 apply (rule rd_is_CSP)
 apply (auto simp add: utp_defs design_defs rp_defs)
 done

  relation_of_bot: "relation_of bot = R true"
 apply (simp add: bot_action)
 apply (subst action_of_inverse)
 apply (simp add: bot_is_action[simplified], rule bot_eq_true)
 done

  non_emptyE: assumes "A {}" obtains x where "x : A"
 using assms by (auto simp add: ex_in_conv [symmetric])

  CSP1_Inf:
  *:"A {}"
  "( relation_of ` A) is CSP1 healthy"
  -
 have "( relation_of ` A) = CSP1 ( relation_of ` A)"
 proof
 fix P
 note * then
 show "(P {{p. P p} |P. P relation_of ` A}) = CSP1 (λAa. Aa {{p. P p} |P. P relation_of ` A}) P"
 apply (intro iffI)
 apply (simp_all add: csp_defs)
 apply (rule disj_introC, simp)
 apply (erule disj_elim, simp_all)
 apply (cases P, simp_all)
 apply (erule non_emptyE)
 apply (rule_tac x="Collect (relation_of x)" in exI, simp)
 apply (rule conjI)
 apply (rule_tac x="(relation_of x)" in exI, simp)
 apply (subst CSP_is_rd, simp add: relation_of_CSP)
 apply (auto simp add: csp_defs design_defs rp_defs fun_eq_iff split: cond_splits)
 done
 qed
 then show "( relation_of ` A) is CSP1 healthy" by (simp add: design_defs)
 

  CSP2_Inf:
  *:"A {}"
  "( relation_of ` A) is CSP2 healthy"
  -
 have "( relatio
 proof
 fix P
 note * then
 show "(P {{p. P p} |P. P relation_of ` A}) = CSP2 (λAa. Aa {{p
 apply (intro iffI)
 apply (simp_all add: csp_defs)
 apply (cases P, simp_all)
 apply (erule exE)
 apply (rule_tac b=b in comp_intro, simp_all)
 apply (rule_tac x=x in exI, simp)
 apply (erule comp_elim, simp_all)
 apply (erule exE | erule conjE)+
 apply (simp_all)
 apply (rule_tac x="Collect Pa" in exI, simp)
 apply (rule conjI)
 apply (rule_tac x="Pa" in exI, simp)
 apply (erule Set.imageE, simp add: relation_of)
 apply (subst CSP_is_rd, simp add: relation_of_CSP)
 apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP)
 apply (auto simp add: csp_defs rp_defs prefix_def design_defs fun_eq_iff split: cond_splits)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := False) = c(tr := zs, ok := False)", auto)
 apply (subgoal_tac "b(tr := zs, ok := True) = c(
 apply (subgoal_tac "b(tr := zs, ok := True) = c(tr := zs, ok := True)", auto)
 done
 qed
 then show "( relation_of ` A) is CSP2 healthy" by (simp add: design_defs)
 

  R_Inf:
  *:"A {}"
  "( relation_of ` A) is R healthy"
  -
 have "( relation_of ` A) = R ( relation_of ` A)"
 proof
 fix P
 show "(P {{p. P p} |P. P relation_of ` A}) = R (λAa. Aa {{p. P p} |P. P relation_of ` A}) P"
 apply (cases P, simp_all)
 apply (rule)
 apply (simp_all add: csp_defs rp_defs split: cond_splits)
 apply (erule exE)
 apply (erule exE | erule conjE)+
 apply (simp_all)
 apply (erule Set.imageE, simp add: relation_of)
 apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP)
 apply (simp add: csp_defs prefix_def design_defs rp_defs fun_eq_iff split: cond_splits)
 apply (rule_tac x="x" in exI, simp)
 apply (rule conjI)
 apply (rule_tac x="relation_of xa" in exI, simp)
 apply (subst CSP_is_rd, simp add: relation_of_CSP)
 apply (simp add: csp_defs prefix_def design_defs rp_defs fun_eq_iff split: cond_splits)
    apply (insert *)
    apply (erule non_emptyE)
    apply (rule_tac x="Collect (relation_of x)" in exI, simp)
    apply (rule conjI)
    apply (rule_tac x="(relation_of x)" in exI, simp)
    apply (subst CSP_is_rd, simp add: relation_of_CSP)
    apply (simp add: csp_defs prefix_def design_defs rp_defs fun_eq_iff split: cond_splits)
    apply (erule exE | erule conjE)+
    apply (simp_all)
    apply (erule Set.imageE, simp add: relation_of)
    apply (rule_tac x="x" in exI, simp)
    apply (rule conjI)
    apply (rule_tac x="(relation_of xa)" in exI, simp)
    apply (subst CSP_is_rd, simp add: relation_of_CSP)
    apply (simp add: csp_defs prefix_def design_defs rp_defs fun_eq_iff split: cond_splits)
    apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP)
    apply (simp add: csp_defs prefix_def design_defs rp_defs fun_eq_iff split: cond_splits)
    done
  qed
  then show "( relation_of ` A) is R healthy" by (simp add: design_defs)
qed

lemma CSP_Inf: 
  assumes "A {}"
  shows "is_CSP_process ( relation_of ` A)"
  unfolding is_CSP_process_def 
  using assms CSP1_Inf CSP2_Inf R_Inf 
  by auto

lemma Inf_is_action: "A {} ==> relation_of ` A {p. is_CSP_process p}"
  by (auto dest!: CSP_Inf)

lemma CSP1_Sup: "A {} ==> ( relation_of ` A) is CSP1 healthy"
  apply (auto simp add: design_defs csp_defs fun_eq_iff)
  apply (subst CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs prefix_def design_defs rp_defs split: cond_splits)
done

lemma CSP2_Sup: "A {} ==> ( relation_of ` A) is CSP2 healthy"
  supply [[simproc del: defined_all]]
  apply (simp add: design_defs csp_defs fun_eq_iff)
  apply (rule allI)+
  apply (rule)
  apply (rule_tac b=b in comp_intro, simp_all)
  apply (erule comp_elim, simp_all)
  apply (rule allI)
  apply (erule_tac x=x in allE)
  apply (rule impI)
  apply (case_tac "(P. x = Collect P & P relation_of ` A)", simp_all)
  apply (erule exE | erule conjE)+
  apply (simp_all)
  apply (erule Set.imageE, simp add: relation_of)
  apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP, subst CSP_is_rd, simp add: relation_of_CSP)
  apply (auto simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := False) = c(tr := tr c - tr aa, ok := False)", simp_all)
  apply (subgoal_tac "ba(tr := tr c - thus ?thesis
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := False) = c(tr := tr c - tr aa, ok := False)", simp_all)
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := False) = c(tr := tr c - tr aa, ok := False)", simp_all)
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := False) = c(tr := tr c - tr aa, ok := False)", simp_all)
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := False                  using False Fun_def by auto
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := True) = c(tr := tr c - tr aa, ok := True)", simp_all)
  apply (subgoal_tac "ba(tr := tr c - tr aa, ok := True) = c(tr := tr c - tr aa, ok := True)", simp_all)
done

lemma R_Sup: "A {} ==> ( relation_of ` A) is R healthy"
  apply (simp add: rp_defs design_defs csp_defs fun_eq_iff)
  apply (rule allI)+
  apply (rule)
  apply (simp split: cond_splits)
  apply (case_tac "wait a", simp_all)
  apply (erule non_emptyE)
  apply (erule_tac x="Collect (relation_of x)" in allE, simp_all)
  apply (case_tac "relation_of x (a, b)", simp_all)
  apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (erule_tac x="(relation_of x)" in allE, simp_allusing F by auto
  apply (rule conjI)
  apply (rule allI)
  apply (erule_tac x=x in allE)
  apply (rule impI)
  apply (case_tac "(P. x = Collect P & P relation_of ` A)", simp_all)
  apply (erule exE | erule conjE)+
  apply (simp_all)
  apply (erule Set.imageE, simp add: relation_of)
  apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP, subst CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (erule non_emptyE)
  apply (erule_tac x="Collect (relation_of x)" in allE, simp_all)
  apply (case_tac "relation_of x (a, b)", simp_all)
  apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (erule_tac x="(relation_of x)" in allE, simp_all)
  apply (simp split: cond_splits)
  apply (rule allI)
  apply (rule impI)
  apply (erule exE | erule conjE)+
  apply (simp_all)
  apply (erule Set.imageE, simp add: relation_of)
  apply (subst (asm) CSP_is_rd, simp add: relation_of_CSP, subst CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (rule allI)
  apply (rule impI)
  apply (erule exE | erule conjE)+
  apply (simp_all)
  apply (erule Set.imageE, simp add: relation_of)
  apply (erule_tac x="x" in allE, simp_all)
  apply (case_tac "relation_of xa (a(tr := []), b(tr := tr b - tr a))", simp_all)
  apply (subst (asm) CSP_is_rd) back back back
  apply (simp add: relation_of_CSP, subst CSP_is_rd, simp add: relation_of_CSP)
  apply (simp add: csp_defs design_defs rp_defs split: cond_splits)
  apply (erule_tac x="P" in allE, simp_all)
done

lemma CSP_Sup: "A {} ==> is_CSP_process ( relation_of ` A)"
  unfolding is_CSP_process_def using CSP1_Sup CSP2_Sup R_Sup by auto

lemma Sup_is_action: "A {} ==> relation_of ` A {p. is_CSP_process p}"
  by (auto dest!: CSP_Sup)

lemma relation_of_Sup: 
  "A {} ==> relation_of (action_of relation_of ` A) = relation_of ` A"
  by (auto simp: action_of_inverse dest!: Sup_is_action)

instantiation "action"  ::  (ev_eq, type) complete_lattice
begin

definition Sup_action : 
"(Sup (S:: ('a, 'b) action set) if S={} then bot else action_of (relation_of ` S))"
definition Inf_action : 
"(Inf (S:: ('a, 'b) action set) if S={} then top else action_of actionst) <equiv> i if S={} ten tpes ato_of\Sqinter (elato_f S)

instance
proof
  fix A::"('a, 'b) action set" and z::"('a, 'b) action"
  {
    fix x::"('a, 'b) action"
    assume " A"
    then show "Inf A  x"
      apply (auto simp add: less_action less_eq_action Inf_action ref_def)
      apply (subst (asm) action_of_inverse)
      apply (auto intro: Inf_is_action[simplified])
      done
  } note rule1 = this
  {
    assume *: "x. x  A ==> z  x"
    show " Inf A"
    proof (cases "A = {}")
      case True
      then show ?thesis by (simp add: Inf_action)
    next
      case False
      show ?thesis
        using *
        apply (auto simp add: Inf_action)
        using A {}
        apply (simp add: less_eq_action Inf_action ref_def)
        apply (subst (asm) action_of_inverse)
        apply (subst (asm) ex_in_conv[symmetric])
        apply (erule exE)
        apply (auto intro: Inf_is_action[simplified])
        done
    qed
  }{
    fix x::"('a, 'b) action"
    assume " A"
    then show " (Sup A)"
      apply (auto simp add: less_action less_eq_action Sup_action ref_def)
      apply (subst (asm) action_of_inverse)
      apply (auto intro: Sup_is_action[simplified])
      done
  } note rule2 = this
  {
    assume "x. x  A ==> x  z"
    then show "Sup A  z"
      apply (auto simp add: Sup_action)
      apply atomize
      apply (case_tac "A = {}", simp_all)
      apply (insert rule2)
      apply (auto simp add: less_action less_eq_action Sup_action ref_def)
      apply (subst (asm) action_of_inverse)
      apply (auto intro: Sup_is_action[simplified])
      apply (subst (asm) action_of_inverse)
      apply (auto intro: Sup_is_action[simplified])
      done
  }
  { show "Inf ({}::('a, 'b) action set) = top" by(simp add:Inf_action) }
  { show "Sup ({}::('a, 'b) action set) = bot" by(simp add:Sup_action) }
qed

end

end

Messung V0.5 in Prozent
C=82 H=96 G=89

¤ Dauer der Verarbeitung: 0.15 Sekunden  ¤

*© Formatika GbR, Deutschland




Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.