Up to index of Isabelle/HOL/HOL-Complex/CSP/CSP_T/CSP_F/DFP
theory DFP_Proof_Rule1(*-------------------------------------------* | DFP package | | June 2005 | | December 2005 (modified) | | | | DFP on CSP-Prover ver.3.0 | | September 2006 (modified) | | April 2007 (modified) | | | | Yoshinao Isobe (AIST JAPAN) | *-------------------------------------------*) theory DFP_Proof_Rule1 imports DFP_Block begin (* The following simplification rules are deleted in this theory file *) (* because they unexpectly rewrite UnionT and InterT. *) (* Union (B ` A) = (UN x:A. B x) *) (* Inter (B ` A) = (INT x:A. B x) *) declare Union_image_eq [simp del] declare Inter_image_eq [simp del] (* The following simplification rules are deleted in this theory file *) (* because they unexpectly rewrite (notick | t = []t) *) (* *) (* disj_not1: (~ P | Q) = (P --> Q) *) declare disj_not1 [simp del] (***************************************************************** 1. 2. 3. 4. *****************************************************************) (*--------------------------------------------------* | Theorem 1 [Roscoe_Dathi_1987 P.8] | *--------------------------------------------------*) theorem Theorem1_Roscoe_Dathi_1987: "[| (I,FXf) isFailureOf (I,PXf) ; I ~= {} ; finite I ; triple_disjoint (I,FXf) ; BusyNetwork (I,FXf) ; EX f::('i => 'a failure => ('pi::order)). ALL t Yf. (t,Yf) isStateOf (I,FXf) --> (ALL i j. (I,FXf) >> i --[(t,Yf), (VocabularyOf (I,FXf))]-->o j --> f j (t rest-tr (snd (FXf j)), Yf j) < f i (t rest-tr (snd (FXf i)), Yf i)) |] ==> DeadlockFreeNetwork (I,PXf)" apply (simp add: DeadlockFree_notDeadlockState) apply (case_tac "ALL t Yf. ~ (t, Yf) isDeadlockStateOf (I, FXf)", simp) (* by contradiction *) apply (simp) apply (elim conjE exE) apply (subgoal_tac "(t,Yf) isStateOf (I,FXf)") apply (simp add: Lemma1_Roscoe_Dathi_1987) apply (subgoal_tac "EX j:I. ALL i:I. ~(f i (t rest-tr (snd (FXf i)), Yf i) < f j (t rest-tr (snd (FXf j)), Yf j))") apply (elim bexE) apply (drule_tac x="j" in bspec, simp) apply (simp add: isBlockedIn_def) apply (elim conjE exE) apply (drule_tac x="x" in spec) apply (simp) apply (drule_tac x="t" in spec) apply (drule_tac x="Yf" in spec) apply (simp) apply (drule_tac x="j" in spec) apply (drule_tac x="x" in spec) apply (simp) apply (drule_tac x="x" in bspec, simp add: isRequestOf_def) apply (simp) apply (simp add: nonempty_finite_set_exists_min_fun) apply (simp add: isDeadlockStateOf_def) done (*--------------------------------------------------* | Lemma 2 [Roscoe_Dathi_1987 P.9] | *--------------------------------------------------*) lemma Lemma2_Roscoe_Dathi_1987: "[| I ~= {} ; finite I ; triple_disjoint (I,FXf) ; BusyNetwork (I,FXf) ; EX f::('i => 'a failure => ('pi::order)). ALL i:I. ALL j:I. i ~= j --> (ALL t Yf. (t,Yf) isStateOf ({i,j},FXf) & ({i,j},FXf) >> i --[(t,Yf), (VocabularyOf (I,FXf))]-->o j --> f j (t rest-tr (snd (FXf j)), Yf j) < f i (t rest-tr (snd (FXf i)), Yf i)) |] ==> EX f::('i => 'a failure => ('pi::order)). ALL t Yf. (t,Yf) isStateOf (I,FXf) --> (ALL i j. (I,FXf) >> i --[(t,Yf), (VocabularyOf (I,FXf))]-->o j --> f j (t rest-tr (snd (FXf j)), Yf j) < f i (t rest-tr (snd (FXf i)), Yf i))" apply (elim exE) apply (rule_tac x="f" in exI) apply (intro allI impI) apply (drule_tac x="i" in bspec) apply (simp add: in_index_I) apply (drule_tac x="j" in bspec) apply (simp add: in_index_I) apply (simp add: in_index_I) apply (drule_tac x="t rest-tr ((snd (FXf i) Un snd (FXf j)))" in spec) apply (drule_tac x="Yf" in spec) apply (drule mp) apply (rule conjI) apply (rule isStateOf_subsetI) apply (simp) apply (simp add: in_index_I) apply (blast) apply (rule isUngrantedRequestOfwrt_subsetI) apply (simp_all add: in_index_I) apply (simp add: in_index_I) apply (fast) apply (fast) apply (subgoal_tac "t rest-tr ((snd (FXf i) Un snd (FXf j))) rest-tr (snd (FXf i)) = t rest-tr (snd (FXf i))") apply (subgoal_tac "t rest-tr ((snd (FXf i) Un snd (FXf j))) rest-tr (snd (FXf j)) = t rest-tr (snd (FXf j))") apply (simp) apply (rule rest_tr_of_rest_tr_subset) apply (force) apply (rule rest_tr_of_rest_tr_subset) apply (force) done (*--------------------------------------------------* | Rule 1 [Roscoe_Dathi_1987 P.9] | *--------------------------------------------------*) lemma Rule1_Roscoe_Dathi_1987: "[| (I,FXf) isFailureOf (I,PXf) ; I ~= {} ; finite I ; triple_disjoint (I,FXf) ; BusyNetwork (I,FXf) ; EX f::('i => 'a failure => ('pi::order)). ALL i:I. ALL j:I. i ~= j --> (ALL t Yf. ({i,j},FXf) >> i --[(t,Yf), (VocabularyOf (I,FXf))]-->o j --> f j (t rest-tr (snd (FXf j)), Yf j) < f i (t rest-tr (snd (FXf i)), Yf i)) |] ==> DeadlockFreeNetwork (I,PXf)" apply (rule Theorem1_Roscoe_Dathi_1987) apply (simp_all) apply (rule Lemma2_Roscoe_Dathi_1987) apply (simp_all) apply (simp add: isUngrantedRequestOfwrt_def) apply (simp add: isUngrantedRequestOf_def) apply (simp add: isRequestOf_def) done lemma Rule1_Roscoe_Dathi_1987_I: "[| (I,FXf) isFailureOf V ; I ~= {} ; finite I ; triple_disjoint (I,FXf) ; BusyNetwork (I,FXf) ; EX f::('i => 'a failure => ('pi::order)). ALL i:I. ALL j:I. i ~= j --> (ALL t Yf. ({i,j},FXf) >> i --[(t,Yf), (VocabularyOf (I,FXf))]-->o j --> f j (t rest-tr (snd (FXf j)), Yf j) < f i (t rest-tr (snd (FXf i)), Yf i)) |] ==> DeadlockFreeNetwork V" apply (insert decompo_V[of V]) apply (rotate_tac -1, erule exE) apply (rotate_tac -1, erule exE) apply (subgoal_tac "Ia = I") apply (simp add: Rule1_Roscoe_Dathi_1987) apply (simp add: isFailureOf_def) done (*** looks test ***) theorem Rule1_Roscoe_Dathi_1987_simp: "[| VF = {(F i, X i) | i:I}Fnet ; V = {(P i, X i) | i:I}net ; VF isFailureOf V ; I ~= {} ; finite I ; triple_disjoint VF ; BusyNetwork VF ; EX f::('i => 'a failure => ('pi::order)). ALL i:I. ALL j:I. i ~= j --> (ALL t Y. {(F i, X i) | i:{i,j}}Fnet >> i --[(t,Y), (VocabularyOf VF)]-->o j --> f j (t rest-tr (X j), Y j) < f i (t rest-tr (X i), Y i)) |] ==> DeadlockFreeNetwork V" apply (simp) apply (rule Rule1_Roscoe_Dathi_1987_I) apply (simp_all) apply (elim conjE exE) apply (rule_tac x="f" in exI) apply (auto) done (****************** to add it again ******************) declare disj_not1 [simp] declare Union_image_eq [simp] declare Inter_image_eq [simp] end
theorem Theorem1_Roscoe_Dathi_1987:
[| (I, FXf) isFailureOf (I, PXf); I ≠ {}; finite I; triple_disjoint (I, FXf);
BusyNetwork (I, FXf);
∃f. ∀t Yf. (t, Yf) isStateOf (I, FXf) -->
(∀i j. (I, FXf) >> i --[(t, Yf),VocabularyOf (I, FXf)]-->o j -->
f j (t rest-tr snd (FXf j), Yf j)
< f i (t rest-tr snd (FXf i), Yf i)) |]
==> DeadlockFreeNetwork (I, PXf)
lemma Lemma2_Roscoe_Dathi_1987:
[| I ≠ {}; finite I; triple_disjoint (I, FXf); BusyNetwork (I, FXf);
∃f. ∀i∈I. ∀j∈I. i ≠ j -->
(∀t Yf. (t, Yf) isStateOf ({i, j}, FXf) ∧
({i, j}, FXf) >>
i --[(t, Yf),VocabularyOf (I, FXf)]-->o j -->
f j (t rest-tr snd (FXf j), Yf j)
< f i (t rest-tr snd (FXf i), Yf i)) |]
==> ∃f. ∀t Yf. (t, Yf) isStateOf (I, FXf) -->
(∀i j. (I, FXf) >> i --[(t, Yf),VocabularyOf (I, FXf)]-->o j -->
f j (t rest-tr snd (FXf j), Yf j)
< f i (t rest-tr snd (FXf i), Yf i))
lemma Rule1_Roscoe_Dathi_1987:
[| (I, FXf) isFailureOf (I, PXf); I ≠ {}; finite I; triple_disjoint (I, FXf);
BusyNetwork (I, FXf);
∃f. ∀i∈I. ∀j∈I. i ≠ j -->
(∀t Yf. ({i, j}, FXf) >>
i --[(t, Yf),VocabularyOf (I, FXf)]-->o j -->
f j (t rest-tr snd (FXf j), Yf j)
< f i (t rest-tr snd (FXf i), Yf i)) |]
==> DeadlockFreeNetwork (I, PXf)
lemma Rule1_Roscoe_Dathi_1987_I:
[| (I, FXf) isFailureOf V; I ≠ {}; finite I; triple_disjoint (I, FXf);
BusyNetwork (I, FXf);
∃f. ∀i∈I. ∀j∈I. i ≠ j -->
(∀t Yf. ({i, j}, FXf) >>
i --[(t, Yf),VocabularyOf (I, FXf)]-->o j -->
f j (t rest-tr snd (FXf j), Yf j)
< f i (t rest-tr snd (FXf i), Yf i)) |]
==> DeadlockFreeNetwork V
theorem Rule1_Roscoe_Dathi_1987_simp:
[| VF = { (F i, X i) | i:I }Fnet; V = { (P i, X i) | i:I }Fnet;
VF isFailureOf V; I ≠ {}; finite I; triple_disjoint VF; BusyNetwork VF;
∃f. ∀i∈I. ∀j∈I. i ≠ j -->
(∀t Y. { (F i, X i) | i:{i, j} }Fnet >>
i --[(t, Y),VocabularyOf VF]-->o j -->
f j (t rest-tr X j, Y j)
< f i (t rest-tr X i, Y i)) |]
==> DeadlockFreeNetwork V