| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/HOL/UNITY/Simple/ (Beweissystem Isabelle Version 2025-1©) Datei vom 16.11.2025 mit Größe 4 kB |
|
Quelle Token.thy Sprache: Isabelle |
|||||||||||||||
|
(* Title: HOL/UNITY/Simple/Token.thy Author: Lawrence C Paulson, Cambridge University Computer Laboratory Copyright 1998 University of Cambridge *) section ‹The Token Ring› theory Token imports "../WFair" begin text‹From Misra, "A Logic for Concurrent Programming" (1994), sections 5.2 and 13.2.› subsection‹Definitions› datatype pstate = Hungry | Eating | Thinking 🍋 ‹process states› record state = token :: "nat" proc :: "nat => pstate" definition HasTok :: "nat => state set" where "HasTok i == {s. token s = i}" definition H :: "nat => state set" where "H i == {s. proc s i = Hungry}" definition E :: "nat => state set" where "E i == {s. proc s i = Eating}" definition T :: "nat => state set" where "T i == {s. proc s i = Thinking}" locale Token = fixes N and F and nodeOrder and "next" defines nodeOrder_def: "nodeOrder j == measure(%i. ((j+N)-i) mod N) \ and next_def: "next i == (Suc i) mod N" assumes N_positive [iff]: "0 and TR2: "F \ and TR3: "F \ and TR4: "F \ and TR5: "F \ and TR6: "F \ and TR7: "F \ lemma HasToK_partition: "[| s \ by (unfold HasTok_def, auto) lemma not_E_eq: "(s \ apply (simp add: H_def E_def T_def) apply (cases "proc s i", auto) done context Token begin lemma token_stable: "F \ apply (unfold stable_def) apply (rule constrains_weaken) apply (rule constrains_Un [OF constrains_Un [OF TR2 TR4] TR5]) apply (auto simp add: not_E_eq) apply (simp_all add: H_def E_def T_def) done subsection‹Progress under Weak Fairness› lemma wf_nodeOrder: "wf(nodeOrder j)" apply (unfold nodeOrder_def) apply (rule wf_measure [THEN wf_subset], blast) done lemma nodeOrder_eq: "[| i apply (cases ‹i < j›) apply (auto simp add: nodeOrder_def next_def mod_Suc add.commute [of _ N]) apply (simp only: diff_add_assoc mod_add_self1) apply simp done text‹From "A Logic for Concurrent Programming", but not used in Chapter 4. Note the use of ‹cases›. Reasoning about leadsTo takes practice!› lemma TR7_nodeOrder: "[| i F ∈ (HasTok i) leadsTo ({s. (token s, i) ∈ nodeOrder j} ∪ HasTok j)" apply (cases "i=j") apply (blast intro: subset_imp_leadsTo) apply (rule TR7 [THEN leadsTo_weaken_R]) apply (auto simp add: HasTok_def nodeOrder_eq) done text‹Chapter 4 variant, the one actually used below.› lemma TR7_aux: "[| i ==> F ∈ (HasTok i) leadsTo {s. (token s, i) ∈ nodeOrder j}" apply (rule TR7 [THEN leadsTo_weaken_R]) apply (auto simp add: HasTok_def nodeOrder_eq) done lemma token_lemma: "({s. token s < N} \ by auto text‹Misra's TR9: the token reaches an arbitrary node\ lemma leadsTo_j: "j apply (rule leadsTo_weaken_R) apply (rule_tac I = "-{j}" and f = token and B = "{}" in wf_nodeOrder [THEN bounded_induct]) apply (simp_all (no_asm_simp) add: token_lemma vimage_Diff HasTok_def) prefer 2 apply blast apply clarify apply (rule TR7_aux [THEN leadsTo_weaken]) apply (auto simp add: HasTok_def nodeOrder_def) done text‹Misra's TR8: a hungry process eventually eats\ lemma token_progress: "j apply (rule leadsTo_cancel1 [THEN leadsTo_Un_duplicate]) apply (rule_tac [2] TR6) apply (rule psp [OF leadsTo_j TR3, THEN leadsTo_weaken], blast+) done end end
¤ Dauer der Verarbeitung: 0.17 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-02