-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpacked_no_fails.thy
54 lines (45 loc) · 1.64 KB
/
packed_no_fails.thy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
section "Packed Traces without Failures"
theory packed_no_fails
imports packed_traces ignore_fails
begin
text \<open>
To show that a program is correct, we only have to consider packed transactions without crashes.
\<close>
text_raw \<open>\DefineSnippet{show_programCorrect_noTransactionInterleaving}{\<close>
theorem show_programCorrect_noTransactionInterleaving:
assumes packedTracesCorrect:
"\<And>trace s. \<lbrakk>
initialState program ~~ trace \<leadsto>* s;
packed_trace trace;
\<And>s. (s, ACrash) \<notin> set trace
\<rbrakk> \<Longrightarrow> traceCorrect trace"
shows "programCorrect program"
text_raw \<open>}%EndSnippet\<close>
unfolding programCorrect_def proof -
text "We only have to consider traces without ACrash actions"
show "\<forall>trace\<in>traces program. traceCorrect trace"
proof (subst can_ignore_fails, clarsimp)
text "Let tr be some trace such that program executes trace to s."
fix tr
assume is_trace: "tr \<in> traces program"
and noFail: "\<forall>s. (s, ACrash) \<notin> set tr"
from is_trace
obtain s where steps: "initialState program ~~ tr \<leadsto>* s"
by (auto simp add: traces_def)
show "traceCorrect tr"
proof (rule ccontr)
assume "\<not> traceCorrect tr"
with noFail steps
obtain tr'' s''
where "initialState program ~~ tr'' \<leadsto>* s''"
and "packed_trace tr''"
and "\<not>traceCorrect tr''"
and "\<forall>s. (s, ACrash) \<notin> set tr''"
using pack_incorrect_trace
by blast
then show False
using packedTracesCorrect by blast
qed
qed
qed
end