| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/Archive-of-Formal-Proofs/thys/HOL-CSPM/ (Sammlung formaler Beweise Version 2026-5©) Datei vom 31.4.2026 mit Größe 6 kB |
|
Quelle Conclusion.thySprache: Isabelle |
|||||||||||||||
|
(*<*) ―‹ ******************************************************************** * Project : HOL-CSPM - Architectural operators for HOL-CSP * * Author : Benoît Ballenghien, Safouan Taha, Burkhart Wolff. * * This file : Conclusion * * Copyright (c) 2025 Université Paris-Saclay, France * * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * * Neither the name of the copyright holders nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ******************************************************************************› (*>*) chapter‹ Conclusion › (*<*) theory Conclusion imports "HOL-CSPM" "HOL-Library.LaTeXsugar" begin (*>*) text ‹In this session, we defined three architectural operators: const‹GlobalDet› const‹MultiSync›, and const‹MultiSeq› as respective generalizations of term‹P ◻ Q›, term‹P [S] Q›, and term‹P ; Q›. The generalization of term‹P ⊓ Q›, term‹GlobalNdet›, is already in session‹HOL-CSP› since it is required for some algebraic laws. text ‹We did this in a fully-abstract way, that is: ▪ const‹Det› is commutative, idempotent and admits const‹STOP› as a neutral elem we defined const‹GlobalDet› on a 🍋‹'a set› term‹A› by making it equal to const‹STOP› when term‹A = {}›. Continuity only holds for finite cases, while the operator is always defined. ▪ const‹Ndet› is also commutative and idempotent so in session‹HOL-CSP› const‹GlobalNdet› has been defined on a 🍋‹'a set› term‹A› by making it equal to const‹STOP› when term‹A = {}›. Beware of the fact that const‹STOP› is not the neutral element for const‹Ndet› (this operator does not admit a neutral element) we \‹do not have› the equality @{term [display, eta_contract = false] ‹(⊓p ∈ {a}. P p) = P a ⊓ (⊓p ∈ {}. P p)›} while this holds for const‹Det› and const‹GlobalDet›). Again, continuity only holds for finite cases. ▪ const‹Sync› is commutative but is not idempotent so we defined const‹MultiSync on a 🍋‹'a multiset› term‹M› to keep the multiplicity of the processes. We made it equal to const‹STOP› when term‹M = {#}› but like const‹Ndet›, const‹Sync› does not admit a neutral element so beware of the fact that in gener @{term [display, eta_contract = false] ‹(\[S\]p ∈# {#a#}. P p) ≠ P a [S] (\[S\]p By construction, multiset are finite and therefore continuity holds. ▪ const‹Seq› is neither commutative nor idempotent, and term‹SKIP r› is neutral the left hand side (note if the second type 🍋‹'r› of 🍋‹('a, 'r) processptick› 🍋‹unit›, that is to say we go back to the old version without parameterized ter it is neutral element on both sides, see @{thm Seq_SKIP SKIP_Seq}). Therefore we defined const‹MultiSeq› on a 🍋‹'a list› term‹L› to keep the multip and the order of the processes, and the folding is done on the reversed list in enjoy the neutrality of term‹SKIP r› on the left hand side. For example, proving @{term [eta_contract = false] ‹SEQ p ∈@ L1. P p ; SEQ p ∈@ L2. P p = SEQ p ∈@ (L in general requires term‹L2 ≠ []›. text ‹We presented two examples: Dining philosophers, and the 'Plain old telephon In both, we underlined the usefulness of the architectural operators for modeling complex systems. text ‹Finally we provided powerful results on const‹events_of› and const‹deadlock among which the most important is undoubtedly: @{thm [display, eta_contract = false] MultiInter_deadlock_free[no_vars]} This theorem allows, for example, to establish: @{term [display, eta_contract = false] ‹0 < n ==> deadlock_free (||| m ∈# mset [0..<n]. P m)›} under the assumption that a family of processes parameterized by term‹m› @{text "::"} 🍋‹nat› verifies term‹∀m < n::nat. deadlock_free (P m)›. › text ‹More recently, two operators const‹Throw› and const‹Interrupt› have been ad The corresponding continuities and algebraic laws can also be found in this session. (*<*) end (*>*)
¤ Dauer der Verarbeitung: 0.1 Sekunden (vorverarbeitet am 2026-06-10) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-06-09