(* * Copyright 2020, Data61, CSIRO (ABN 41 687 119 230) * * SPDX-License-Identifier: GPL-2.0-only *) (*<*) (* THIS FILE IS AUTOMATICALLY GENERATED. YOUR EDITS WILL BE OVERWRITTEN. *) theory GenEventSystem imports UserEvent begin (*>*) subsection \\label{ssec:eventsys}Generated System Theory\ subsubsection \\label{sssec:eventsystypes}Types\ text \ Identical types to those presented in \autoref{sssec:procsystypes} are generated for a system involving events. \ type_synonym component = "(channel, component_state) comp" type_synonym lstate = "component_state local_state" type_synonym gstate = "(inst, channel, component_state) global_state" subsubsection \\label{sssec:eventsysuntrusted}Untrusted Components\ text \ As before, an untrusted definition is generated for each component type that permits any local operation or sending or receiving on any available interface. \ definition Collector_untrusted :: "(Collector_channel \ channel) \ component" where "Collector_untrusted ch \ LOOP ( UserStep \ ArbitraryRequest (ch Collector_ev) \ ArbitraryResponse (ch Collector_ev))" definition Emitter_untrusted :: "(Emitter_channel \ channel) \ component" where "Emitter_untrusted ch \ LOOP ( UserStep \ ArbitraryRequest (ch Emitter_ev) \ ArbitraryResponse (ch Emitter_ev))" subsubsection \\label{sssec:eventsysev}Event Components\ text \ For each connection in the system over which events are transmitted, a definition is generated of a component type that models the state of the event. The type enumerating the interfaces of this component is expressed as @{term unit} because, naturally, there is only a single interface to this introduced component. The details of the execution of the component can largely be expressed statically, and are captured by the definition, @{term event}, described in \autoref{ssec:eventcomponents}. \ type_synonym SomethingHappenedEvent_channel = unit definition SomethingHappenedEvent :: "(SomethingHappenedEvent_channel \ channel) \ component" where "SomethingHappenedEvent ch \ event (ch ())" subsubsection \\label{sssec:eventsysinst}Component Instances\ text \ The definitions of untrusted component instances are generated as in \autoref{h:procbase}, but a definition is also derived for an instance of the introduced component. There is no opportunity for the user to provide a definition of the trusted execution of this component, because we already know exactly what actions this component takes. Being part of the component platform itself, we can generate a definition that exactly expresses its execution. \ definition sink_untrusted :: component where "sink_untrusted \ Collector_untrusted (\c. case c of Collector_ev \ simpleEvent1)" definition source_untrusted :: component where "source_untrusted \ Emitter_untrusted (\c. case c of Emitter_ev \ simpleEvent1)" definition simpleEvent1\<^sub>e_instance :: component where "simpleEvent1\<^sub>e_instance \ SomethingHappenedEvent (\_. simpleEvent1)" subsubsection \\label{sssec:eventsysgs}Initial State\ text \ The generated global state for this system also contains a case for the introduced event component, mapping to the instance definition presented above and the common initial event state. While this definition of the global state makes it possible for the user to override the mapping of @{term simpleEvent1\<^sub>e} in @{term trusted}, there is no practical reason to do this. \ definition gs\<^sub>0 :: gstate where "gs\<^sub>0 p \ case trusted p of Some s \ Some s | _ \ (case p of sink \ Some (sink_untrusted, Component init_component_state) | source \ Some (source_untrusted, Component init_component_state) | simpleEvent1\<^sub>e \ Some (simpleEvent1\<^sub>e_instance, init_event_state))" (*<*) end (*>*)