Author: Stephan Merz, University of Munich \<open>RPC-Memory example: specification of the memory clerk\<close> theory MemClerkimports Memory RPC MemClerkParametersbegin (* The clerk takes the same arguments as the memory and sends requests to the RPC *) <span class ="GAPprompt" >gap></span> <span class ="GAPinput" >LoadPackage("gbnp" , false);</span>type_synonym mClkSndChType =span class ="GAPprompt" >gap></span> <span class ="GAPinput" >SetInfoLevel(InfoGBNP,2);</span>type_synonym mClkRcvChType = "rpcSndChType" type_synonym mClkStType = "(PrIds \ mClkState) stfun" definition (* state predicates *) "mClkRcvChType \ mClkStType \ PrIds \ stpred" where "MClkInit rcv cst p = PRED (cst!p = #clkA \ \Calling rcv p)" definition (* actions *) "mClkSndChType \ mClkRcvChType \ mClkStType \ PrIds \ action" where "MClkFwd send rcv cst p = ACT \<and> $(cst!p) = #clkA \<and> Call rcv p MClkRelayArg<arg<send!p>> \<and> (cst!p)$ = #clkB \<and> unchanged (rtrner send!p)" definition "mClkSndChType \ mClkRcvChType \ mClkStType \ PrIds \ action" where "MClkRetry send rcv cst p = ACT \<and> res<$(rcv!p)> = #RPCFailure \<and> Call rcv p MClkRelayArg<arg<send!p>> \<and> unchanged (cst!p, rtrner send!p)" definition "mClkSndChType \ mClkRcvChType \ mClkStType \ PrIds \ action" where "MClkReply send rcv cst p = ACT \<not>$Calling rcv p \<and> $(cst!p) = #clkB \<and> Return send p MClkReplyVal<res<rcv!p>> \<and> (cst!p)$ = #clkA \<and> unchanged (caller rcv!p)" definition class ="GAPprompt" >gap></span> <span class ="GAPinput" >powermon := function (base, exp)</span>where <span class ="GAPprompt" >></span> <span class ="GAPinput" > ans := [];</span>class ="GAPprompt" >></span> <span class ="GAPinput" > for i in [1..exp] do ans := Concatenation(ans<span class ="GAPprompt" >></span> <span class ="GAPinput" > return ans;</span>\<or> MClkRetry send rcv cst p \<or> MClkReply send rcv cst p)" definition (* temporal *) "mClkSndChType \ mClkRcvChType \ mClkStType \ PrIds \ temporal" where "MClkIPSpec send rcv cst p = TEMP class ="GAPprompt" >></span> <span class ="GAPinput" >end ;;</span>\<and> \<box>[ MClkNext send rcv cst p ]_(cst!p, rtrner send!p, caller rcv!p) \<and> WF(MClkFwd send rcv cst p)_(cst!p, rtrner send!p, caller rcv!p) \<and> SF(MClkReply send rcv cst p)_(cst!p, rtrner send!p, caller rcv!p)" definition "mClkSndChType \ mClkRcvChType \ mClkStType \ temporal" where "MClkISpec send rcv cst = TEMP (\p. MClkIPSpec send rcv cst p)" lemmas MC_action_defs =class ="example" ><pre >lemmas MC_temp_defs = MClkIPSpec_def MClkISpec_def(* The Clerk engages in an action for process p only if there is an outstanding, unanswered call for that process. lemma MClkidle: "\ \$Calling send p \ $(cst!p) = #clkA \ \MClkNext send rcv cst p" by (auto<span class ="GAPprompt" >gap></span> <span class ="GAPinput" >p2 := [[powermon(1,3),[6,1]],[1,1]];;</span>lemma MClkbusy: "\ $Calling rcv p \ \MClkNext send rcv cst p" by (auto simp: ACall_def<span class ="GAPprompt" >gap></span> <span class ="GAPinput" >p4 := [[powermon(1,81),Concatenation([3],powermon(1,9)),</span>(* Enabledness of actions *) lemma MClkFwd_enabled: "\p. basevars (rtrner send!p, caller rcv!p, cst!p) \ \<turnstile> Calling send p \<and> \<not>Calling rcv p \<and> cst!p = #clkA \<longrightarrow> Enabled (MClkFwd send rcv cst p)" by (tactic \<open>action_simp_tac (\<^context> addsimps [@{thm MClkFwd_def}, thm ACall_def}, @{thm caller_def}, @{thm rtrner_def}]) [exI]thm base_enabled}, @{thm <span class ="GAPprompt" >gap></span> <span class ="GAPinput" >p6 := [[powermon(1,27),Concatenation([4],powermon(1,81)),Concatenation([5],</span>lemma MClkFwd_ch_enabled: "gap> p7 := [[powermon(2,1),Concatenation([3],powermon(1,27)),Concatenation([5], class ="GAPprompt" >></span> <span class ="GAPinput" > powermon(1,81)),Concatenation([6],powermon(1,9))],[1,1,1,1]];;</span>by (auto elim!: enabled_mono simp: angle_def MClkFwd_def<span class ="GAPprompt" >></span> <span class "GAPinput" > Concatenation([6],powermon(1,81))],[1,1,1]];;</span>lemma MClkReply_change: "\ MClkReply send rcv cst p \ " by (auto<span class ="GAPprompt" >></span> <span class ="GAPinput" > Concatenation([5],powermon(1,27))],[1,1,1]];;</span>lemma MClkReply_enabled: "\p. basevars (rtrner send!p, caller rcv!p, cst!p) \ class ="GAPprompt" >></span> <span class ="GAPinput" > Concatenation([6],powermon(1,27))],[1,1,1]];;</span>\<longrightarrow> Enabled (<MClkReply send rcv cst p>_(cst!p, rtrner send!p, caller rcv!p))" apply (tactic \<open>action_simp_tac \<^context> thm MClkReply_change} RSN (2, @{thm enabled_mono})] [] 1\<close>) apply (tactic \<open>action_simp_tac (\<^context> addsimps thm MClkReply_def}, @{thm AReturn_def}, @{thm caller_def}, @{thm rtrner_def}])thm base_enabled}, @{thm Pair_inject}] 1\<close>) done lemma MClkReplyNotRetry: "\ MClkReply send rcv cst p \ \MClkRetry send rcv cst p" by (auto simp: MClkReply_def MClkRetry_def<span class ="GAPprompt" >></span> <span class ="GAPinput" > [1,-1]];;</span>end quality 100%
¤ Dauer der Verarbeitung: 0.2 Sekunden
(vorverarbeitet)
¤ *© Formatika GbR, Deutschland
