definition mk_trace :: "('a, 's) ioa \ ('a, 's) pairs \ 'a trace" where"mk_trace ioa = (LAM tr. Filter (\a. a \ ext ioa) \ (filter_act \ tr))"
subsection \<open>Fair Traces\<close>
definition laststate :: "('a, 's) execution \ 's" where"laststate ex =
(case Last \<cdot> (snd ex) of
UU \<Rightarrow> fst ex
| Def at \<Rightarrow> snd at)"
text\<open>A predicate holds infinitely (finitely) often in a sequence.\<close> definition inf_often :: "('a \ bool) \ 'a Seq \ bool" where"inf_often P s \ Infinite (Filter P \ s)"
text\<open>Filtering \<open>P\<close> yields a finite or partial sequence.\<close> definition fin_often :: "('a \ bool) \ 'a Seq \ bool" where"fin_often P s \ \ inf_often P s"
subsection \<open>Fairness of executions\<close>
text\<open> Note that partial execs cannot be \<open>wfair\<close> as the inf_often predicate in the
else branch prohibits it. However they can be \<open>sfair\<close> in the case when all \<open>W\<close> are only finitely often enabled: Is this the right model?
See \<^file>\<open>LiveIOA.thy\<close> for solution conforming with the literature and
superseding this one. \<close>
definition is_wfair :: "('a, 's) ioa \ 'a set \ ('a, 's) execution \ bool" where"is_wfair A W ex \
(inf_often (\<lambda>x. fst x \<in> W) (snd ex) \<or>
inf_often (\<lambda>x. \<not> Enabled A W (snd x)) (snd ex))"
definition wfair_ex :: "('a, 's) ioa \ ('a, 's) execution \ bool" where"wfair_ex A ex \
(\<forall>W \<in> wfair_of A. if Finite (snd ex) then\<not> Enabled A W (laststate ex)
else is_wfair A W ex)"
definition is_sfair :: "('a, 's) ioa \ 'a set \ ('a, 's) execution \ bool" where"is_sfair A W ex \
(inf_often (\<lambda>x. fst x \<in> W) (snd ex) \<or>
fin_often (\<lambda>x. Enabled A W (snd x)) (snd ex))"
definition sfair_ex :: "('a, 's)ioa \ ('a, 's) execution \ bool" where"sfair_ex A ex \
(\<forall>W \<in> sfair_of A. if Finite (snd ex) then\<not> Enabled A W (laststate ex)
else is_sfair A W ex)"
definition fair_ex :: "('a, 's) ioa \ ('a, 's) execution \ bool" where"fair_ex A ex \ wfair_ex A ex \ sfair_ex A ex"
text\<open>Fair behavior sets.\<close>
definition fairexecutions :: "('a, 's) ioa \ ('a, 's) execution set" where"fairexecutions A = {ex. ex \ executions A \ fair_ex A ex}"
definition fairtraces :: "('a, 's) ioa \ 'a trace set" where"fairtraces A = {mk_trace A \ (snd ex) | ex. ex \ fairexecutions A}"
subsection \<open>Implementation\<close>
subsubsection \<open>Notions of implementation\<close>
definition fair_implements :: "('a, 's1) ioa \ ('a, 's2) ioa \ bool" where"fair_implements C A \
inp C = inp A \<and> out C = out A \<and> fairtraces C \<subseteq> fairtraces A"
lemma implements_trans: "A =<| B \ B =<| C \ A =<| C" by (auto simp add: ioa_implements_def)
subsection \<open>Modules\<close>
subsubsection \<open>Execution, schedule and trace modules\<close>
definition Execs :: "('a, 's) ioa \ ('a, 's) execution_module" where"Execs A = (executions A, asig_of A)"
definition Scheds :: "('a, 's) ioa \ 'a schedule_module" where"Scheds A = (schedules A, asig_of A)"
definition Traces :: "('a, 's) ioa \ 'a trace_module" where"Traces A = (traces A, asig_of A)"
lemma mk_trace_UU: "mk_trace A \ UU = UU" by (simp add: mk_trace_def)
lemma mk_trace_nil: "mk_trace A \ nil = nil" by (simp add: mk_trace_def)
lemma mk_trace_cons: "mk_trace A \ (at \ xs) =
(if fst at \<in> ext A then fst at \<leadsto> mk_trace A \<cdot> xs
else mk_trace A \<cdot> xs)" by (simp add: mk_trace_def)
(*alternative definition of has_trace tailored for the refinement proof, as it does not
take the detour of schedules*) lemma has_trace_def2: "has_trace A b \ (\ex \ executions A. b = mk_trace A \ (snd ex))" apply (unfold executions_def mk_trace_def has_trace_def schedules_def has_schedule_def [abs_def]) apply auto done
subsection \<open>Signatures and executions, schedules\<close>
text\<open>
All executions of \<open>A\<close> have only actions of \<open>A\<close>. This is only true because of
the predicate \<open>state_trans\<close> (part of the predicate \<open>IOA\<close>): We have no
dependent types. For executions of parallel automata this assumption is not
needed, as in\<open>par_def\<close> this condition is included once more. (See Lemmas
1.1.1c in CompoExecs for example.) \<close>
lemma execfrag_in_sig: "is_trans_of A \ \s. is_exec_frag A (s, xs) \ Forall (\a. a \ act A) (filter_act \ xs)" apply (pair_induct xs simp: is_exec_frag_def Forall_def sforall_def) text\<open>main case\<close> apply (auto simp add: is_trans_of_def) done
lemma exec_in_sig: "is_trans_of A \ x \ executions A \ Forall (\a. a \ act A) (filter_act \ (snd x))" apply (simp add: executions_def) apply (pair x) apply (rule execfrag_in_sig [THEN spec, THEN mp]) apply auto done
lemma scheds_in_sig: "is_trans_of A \ x \ schedules A \ Forall (\a. a \ act A) x" apply (unfold schedules_def has_schedule_def [abs_def]) apply (fast intro!: exec_in_sig) done
subsection \<open>Executions are prefix closed\<close>
(*only admissible in y, not if done in x!*) lemma execfrag_prefixclosed: "\x s. is_exec_frag A (s, x) \ y \ x \ is_exec_frag A (s, y)" apply (pair_induct y simp: is_exec_frag_def) apply (intro strip) apply (Seq_case_simp x) apply (pair a) apply auto done
lemmas exec_prefixclosed =
conjI [THEN execfrag_prefixclosed [THEN spec, THEN spec, THEN mp]]
(*second prefix notion for Finite x*) lemma exec_prefix2closed [rule_format]: "\y s. is_exec_frag A (s, x @@ y) \ is_exec_frag A (s, x)" apply (pair_induct x simp: is_exec_frag_def) apply (intro strip) apply (Seq_case_simp s) apply (pair a) apply auto done
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
