tm: comparison thys/Recursive.thy

equal deleted inserted replaced

-:e9ef4ada308b
+:d8e6f0798e23
-(* Title: thys/Recursive.thy
-Author: Jian Xu, Xingyuan Zhang, and Christian Urban
-*)
-header {* Translating Recursive Functions into Abacus Machines *}
 theory Recursive
-imports Rec_Def Abacus
+imports Abacus Rec_Def Abacus_Hoare
 begin
-text {*
-Some auxilliary Abacus machines used to construct the result Abacus machines.
-*}
-text {*
-@{text "get_paras_num recf"} returns the arity of recursive function @{text "recf"}.
-*}
-fun get_paras_num :: "recf \<Rightarrow> nat"
-where
-"get_paras_num z = 1" |
-"get_paras_num s = 1" |
-"get_paras_num (id m n) = m" |
-"get_paras_num (Cn n f gs) = n" |
-"get_paras_num (Pr n f g) = Suc n"  |
-"get_paras_num (Mn n f) = n"
 fun addition :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> abc_prog"
 where
 "addition m n p = [Dec m 4, Inc n, Inc p, Goto 0, Dec p 7, Inc m, Goto 4]"
 fun mv_box :: "nat \<Rightarrow> nat \<Rightarrow> abc_prog"
 where
 "mv_box m n = [Dec m 3, Inc n, Goto 0]"
-fun abc_inst_shift :: "abc_inst \<Rightarrow> nat \<Rightarrow> abc_inst"
-where
-"abc_inst_shift (Inc m) n = Inc m" |
-"abc_inst_shift (Dec m e) n = Dec m (e + n)" |
-"abc_inst_shift (Goto m) n = Goto (m + n)"
-fun abc_shift :: "abc_inst list \<Rightarrow> nat \<Rightarrow> abc_inst list"
-where
-"abc_shift xs n = map (\<lambda> x. abc_inst_shift x n) xs"
-fun abc_append :: "abc_inst list \<Rightarrow> abc_inst list \<Rightarrow>
-abc_inst list" (infixl "[+]" 60)
-where
-"abc_append al bl = (let al_len = length al in
-al @ abc_shift bl al_len)"
 text {* The compilation of @{text "z"}-operator. *}
 definition rec_ci_z :: "abc_inst list"
 where
 "rec_ci_z \<equiv> [Goto 1]"
 (fprog @ [Dec (Suc n) (len + 5), Dec (Suc n) (len + 3),
 Goto (len + 1), Inc n, Goto 0], n, max (Suc n) fn))"
 declare rec_ci.simps [simp del] rec_ci_s_def[simp del]
 rec_ci_z_def[simp del] rec_ci_id.simps[simp del]
-mv_boxes.simps[simp del] abc_append.simps[simp del]
+mv_boxes.simps[simp del]
 mv_box.simps[simp del] addition.simps[simp del]
 declare abc_steps_l.simps[simp del] abc_fetch.simps[simp del]
 abc_step_l.simps[simp del]
-lemma abc_steps_add:
+inductive_cases terminate_pr_reverse: "terminate (Pr n f g) xs"
-"abc_steps_l (as, lm) ap (m + n) =
-abc_steps_l (abc_steps_l (as, lm) ap m) ap n"
+inductive_cases terminate_z_reverse[elim!]: "terminate z xs"
-apply(induct m arbitrary: n as lm, simp add: abc_steps_l.simps)
-proof -
+inductive_cases terminate_s_reverse[elim!]: "terminate s xs"
-fix m n as lm
-assume ind:
+inductive_cases terminate_id_reverse[elim!]: "terminate (id m n) xs"
-"\<And>n as lm. abc_steps_l (as, lm) ap (m + n) =
-abc_steps_l (abc_steps_l (as, lm) ap m) ap n"
+inductive_cases terminate_cn_reverse[elim!]: "terminate (Cn n f gs) xs"
-show "abc_steps_l (as, lm) ap (Suc m + n) =
-abc_steps_l (abc_steps_l (as, lm) ap (Suc m)) ap n"
+inductive_cases terminate_mn_reverse[elim!]:"terminate (Mn n f) xs"
-apply(insert ind[of as lm "Suc n"], simp)
-apply(insert ind[of as lm "Suc 0"], simp add: abc_steps_l.simps)
-apply(case_tac "(abc_steps_l (as, lm) ap m)", simp)
-apply(simp add: abc_steps_l.simps)
-apply(case_tac "abc_step_l (a, b) (abc_fetch a ap)",
-simp add: abc_steps_l.simps)
-done
-qed
-(*lemmas: rec_ci and rec_calc_rel*)
-lemma rec_calc_inj_case_z:
-"\<lbrakk>rec_calc_rel z l x; rec_calc_rel z l y\<rbrakk> \<Longrightarrow> x = y"
-apply(auto elim: calc_z_reverse)
-done
-lemma  rec_calc_inj_case_s:
-"\<lbrakk>rec_calc_rel s l x; rec_calc_rel s l y\<rbrakk> \<Longrightarrow> x = y"
-apply(auto elim: calc_s_reverse)
-done
-lemma rec_calc_inj_case_id:
-"\<lbrakk>rec_calc_rel (recf.id nat1 nat2) l x;
-rec_calc_rel (recf.id nat1 nat2) l y\<rbrakk> \<Longrightarrow> x = y"
-apply(auto elim: calc_id_reverse)
-done
-lemma rec_calc_inj_case_mn:
-assumes ind: "\<And> l x y. \<lbrakk>rec_calc_rel f l x; rec_calc_rel f l y\<rbrakk>
-\<Longrightarrow> x = y"
-and h: "rec_calc_rel (Mn n f) l x" "rec_calc_rel (Mn n f) l y"
-shows "x = y"
-apply(insert h)
-apply(elim  calc_mn_reverse)
-apply(case_tac "x > y", simp)
-apply(erule_tac x = "y" in allE, auto)
-proof -
-fix v va
-assume "rec_calc_rel f (l @ [y]) 0"
-"rec_calc_rel f (l @ [y]) v"
-"0 < v"
-thus "False"
-apply(insert ind[of "l @ [y]" 0 v], simp)
-done
-next
-fix v va
-assume
-"rec_calc_rel f (l @ [x]) 0"
-"\<forall>x<y. \<exists>v. rec_calc_rel f (l @ [x]) v \<and> 0 < v" "\<not> y < x"
-thus "x = y"
-apply(erule_tac x = "x" in allE)
-apply(case_tac "x = y", auto)
-apply(drule_tac y = v in ind, simp, simp)
-done
-qed
-lemma rec_calc_inj_case_pr:
-assumes f_ind:
-"\<And>l x y. \<lbrakk>rec_calc_rel f l x; rec_calc_rel f l y\<rbrakk> \<Longrightarrow> x = y"
-and g_ind:
-"\<And>x xa y xb ya l xc yb.
-\<lbrakk>x = rec_ci f; (xa, y) = x; (xb, ya) = y;
-rec_calc_rel g l xc; rec_calc_rel g l yb\<rbrakk> \<Longrightarrow> xc = yb"
-and h: "rec_calc_rel (Pr n f g) l x" "rec_calc_rel (Pr n f g) l y"
-shows "x = y"
-apply(case_tac "rec_ci f")
-proof -
-fix a b c
-assume "rec_ci f = (a, b, c)"
-hence ng_ind:
-"\<And> l xc yb. \<lbrakk>rec_calc_rel g l xc; rec_calc_rel g l yb\<rbrakk>
-\<Longrightarrow> xc = yb"
-apply(insert g_ind[of "(a, b, c)" "a" "(b, c)" b c], simp)
-done
-from h show "x = y"
-apply(erule_tac calc_pr_reverse, erule_tac calc_pr_reverse)
-apply(erule f_ind, simp, simp)
-apply(erule_tac calc_pr_reverse, simp, simp)
-proof -
-fix la ya ry laa yaa rya
-assume k1:  "rec_calc_rel g (la @ [ya, ry]) x"
-"rec_calc_rel g (la @ [ya, rya]) y"
-and k2: "rec_calc_rel (Pr (length la) f g) (la @ [ya]) ry"
-"rec_calc_rel (Pr (length la) f g) (la @ [ya]) rya"
-from k2 have "ry = rya"
-apply(induct ya arbitrary: ry rya)
-apply(erule_tac calc_pr_reverse,
-erule_tac calc_pr_reverse, simp)
-apply(erule f_ind, simp, simp, simp)
-apply(erule_tac calc_pr_reverse, simp)
-apply(erule_tac rSucy = rya in calc_pr_reverse, simp, simp)
-proof -
-fix ya ry rya l y ryb laa yb ryc
-assume ind:
-"\<And>ry rya. \<lbrakk>rec_calc_rel (Pr (length l) f g) (l @ [y]) ry;
-rec_calc_rel (Pr (length l) f g) (l @ [y]) rya\<rbrakk> \<Longrightarrow> ry = rya"
-and j: "rec_calc_rel (Pr (length l) f g) (l @ [y]) ryb"
-"rec_calc_rel g (l @ [y, ryb]) ry"
-"rec_calc_rel (Pr (length l) f g) (l @ [y]) ryc"
-"rec_calc_rel g (l @ [y, ryc]) rya"
-from j show "ry = rya"
-	apply(insert ind[of ryb ryc], simp)
-	apply(insert ng_ind[of "l @ [y, ryc]" ry rya], simp)
-	done
-qed
-from k1 and this show "x = y"
-apply(simp)
-apply(insert ng_ind[of "la @ [ya, rya]" x y], simp)
-done
-qed
-qed
-lemma Suc_nth_part_eq:
-"\<forall>k<Suc (length list). (a # xs) ! k = (aa # list) ! k
-\<Longrightarrow> \<forall>k<(length list). (xs) ! k = (list) ! k"
-apply(rule allI, rule impI)
-apply(erule_tac x = "Suc k" in allE, simp)
-done
-lemma list_eq_intro:
-"\<lbrakk>length xs = length ys; \<forall> k < length xs. xs ! k = ys ! k\<rbrakk>
-\<Longrightarrow> xs = ys"
-apply(induct xs arbitrary: ys, simp)
-apply(case_tac ys, simp, simp)
-proof -
-fix a xs ys aa list
-assume ind:
-"\<And>ys. \<lbrakk>length list = length ys; \<forall>k<length ys. xs ! k = ys ! k\<rbrakk>
-\<Longrightarrow> xs = ys"
-and h: "length xs = length list"
-"\<forall>k<Suc (length list). (a # xs) ! k = (aa # list) ! k"
-from h show "a = aa \<and> xs = list"
-apply(insert ind[of list], simp)
-apply(frule Suc_nth_part_eq, simp)
-apply(erule_tac x = "0" in allE, simp)
-done
-qed
-lemma rec_calc_inj_case_cn:
-assumes ind:
-"\<And>x l xa y.
-\<lbrakk>x = f \<or> x \<in> set gs; rec_calc_rel x l xa; rec_calc_rel x l y\<rbrakk>
-\<Longrightarrow> xa = y"
-and h: "rec_calc_rel (Cn n f gs) l x"
-"rec_calc_rel (Cn n f gs) l y"
-shows "x = y"
-apply(insert h, elim  calc_cn_reverse)
-apply(subgoal_tac "rs = rsa")
-apply(rule_tac x = f and l = rsa and xa = x and y = y in ind,
-simp, simp, simp)
-apply(intro list_eq_intro, simp, rule allI, rule impI)
-apply(erule_tac x = k in allE, rule_tac x = k in allE, simp, simp)
-apply(rule_tac x = "gs ! k" in ind, simp, simp, simp)
-done
-lemma rec_calc_inj:
-"\<lbrakk>rec_calc_rel f l x;
-rec_calc_rel f l y\<rbrakk> \<Longrightarrow> x = y"
-apply(induct f arbitrary: l x y rule: rec_ci.induct)
-apply(simp add: rec_calc_inj_case_z)
-apply(simp add: rec_calc_inj_case_s)
-apply(simp add: rec_calc_inj_case_id)
-apply (metis rec_calc_inj_case_cn)
-apply(erule rec_calc_inj_case_pr, auto)
-apply(erule rec_calc_inj_case_mn, auto)
-done
-lemma calc_rel_reverse_ind_step_ex:
-"\<lbrakk>rec_calc_rel (Pr n f g) (lm @ [Suc x]) rs\<rbrakk>
-\<Longrightarrow> \<exists> rs. rec_calc_rel (Pr n f g) (lm @ [x]) rs"
-apply(erule calc_pr_reverse, simp, simp)
-apply(rule_tac x = rk in exI, simp)
-done
-lemma [simp]: "Suc x \<le> y \<Longrightarrow> Suc (y - Suc x) = y - x"
-by arith
-lemma calc_pr_para_not_null:
-"rec_calc_rel (Pr n f g) lm rs \<Longrightarrow> lm \<noteq> []"
-apply(erule calc_pr_reverse, simp, simp)
-done
-lemma calc_pr_less_ex:
-"\<lbrakk>rec_calc_rel (Pr n f g) lm rs; x \<le> last lm\<rbrakk> \<Longrightarrow>
-\<exists>rs. rec_calc_rel (Pr n f g) (butlast lm @ [last lm - x]) rs"
-apply(subgoal_tac "lm \<noteq> []")
-apply(induct x, rule_tac x = rs in exI, simp, simp, erule exE)
-apply(rule_tac rs = xa in calc_rel_reverse_ind_step_ex, simp)
-apply(simp add: calc_pr_para_not_null)
-done
-lemma calc_pr_zero_ex:
-"rec_calc_rel (Pr n f g) lm rs \<Longrightarrow>
-\<exists>rs. rec_calc_rel f (butlast lm) rs"
-apply(drule_tac x = "last lm" in calc_pr_less_ex, simp,
-erule_tac exE, simp)
-apply(erule_tac calc_pr_reverse, simp)
-apply(rule_tac x = rs in exI, simp, simp)
-done
-lemma abc_steps_ind:
-"abc_steps_l (as, am) ap (Suc stp) =
-abc_steps_l (abc_steps_l (as, am) ap stp) ap (Suc 0)"
-apply(insert abc_steps_add[of as am ap stp "Suc 0"], simp)
-done
-lemma abc_steps_zero: "abc_steps_l asm ap 0 = asm"
-apply(case_tac asm, simp add: abc_steps_l.simps)
-done
-lemma abc_append_nth:
-"n < length ap + length bp \<Longrightarrow>
-(ap [+] bp) ! n =
-(if n < length ap then ap ! n
-else abc_inst_shift (bp ! (n - length ap)) (length ap))"
-apply(simp add: abc_append.simps nth_append map_nth split: if_splits)
-done
-lemma abc_state_keep:
-"as \<ge> length bp \<Longrightarrow> abc_steps_l (as, lm) bp stp = (as, lm)"
-apply(induct stp, simp add: abc_steps_zero)
-apply(simp add: abc_steps_ind)
-apply(simp add: abc_steps_zero)
-apply(simp add: abc_steps_l.simps abc_fetch.simps abc_step_l.simps)
-done
-lemma abc_halt_equal:
-"\<lbrakk>abc_steps_l (0, lm) bp stpa = (length bp, lm1);
-abc_steps_l (0, lm) bp stpb = (length bp, lm2)\<rbrakk> \<Longrightarrow> lm1 = lm2"
-apply(case_tac "stpa - stpb > 0")
-apply(insert abc_steps_add[of 0 lm bp stpb "stpa - stpb"], simp)
-apply(insert abc_state_keep[of bp "length bp" lm2 "stpa - stpb"],
-simp, simp add: abc_steps_zero)
-apply(insert abc_steps_add[of 0 lm bp stpa "stpb - stpa"], simp)
-apply(insert abc_state_keep[of bp "length bp" lm1 "stpb - stpa"],
-simp)
-done
-lemma abc_halt_point_ex:
-"\<lbrakk>\<exists>stp. abc_steps_l (0, lm) bp stp = (bs, lm');
-bs = length bp; bp \<noteq> []\<rbrakk>
-\<Longrightarrow> \<exists> stp. (\<lambda> (s, l). s < bs \<and>
-(abc_steps_l (s, l) bp (Suc 0)) = (bs, lm'))
-(abc_steps_l (0, lm) bp stp) "
-apply(erule_tac exE)
-proof -
-fix stp
-assume "bs = length bp"
-"abc_steps_l (0, lm) bp stp = (bs, lm')"
-"bp \<noteq> []"
-thus
-"\<exists>stp. (\<lambda>(s, l). s < bs \<and>
-abc_steps_l (s, l) bp (Suc 0) = (bs, lm'))
-(abc_steps_l (0, lm) bp stp)"
-apply(induct stp, simp add: abc_steps_zero, simp)
-proof -
-fix stpa
-assume ind:
-"abc_steps_l (0, lm) bp stpa = (length bp, lm')
-\<Longrightarrow> \<exists>stp. (\<lambda>(s, l). s < length bp  \<and> abc_steps_l (s, l) bp
-(Suc 0) = (length bp, lm')) (abc_steps_l (0, lm) bp stp)"
-and h: "abc_steps_l (0, lm) bp (Suc stpa) = (length bp, lm')"
-"abc_steps_l (0, lm) bp stp = (length bp, lm')"
-"bp \<noteq> []"
-from h show
-"\<exists>stp. (\<lambda>(s, l). s < length bp \<and> abc_steps_l (s, l) bp (Suc 0)
-= (length bp, lm')) (abc_steps_l (0, lm) bp stp)"
-apply(case_tac "abc_steps_l (0, lm) bp stpa",
-case_tac "a = length bp")
-apply(insert ind, simp)
-apply(subgoal_tac "b = lm'", simp)
-apply(rule_tac abc_halt_equal, simp, simp)
-apply(rule_tac x = stpa in exI, simp add: abc_steps_ind)
-apply(simp add: abc_steps_zero)
-apply(rule classical, simp add: abc_steps_l.simps
-abc_fetch.simps abc_step_l.simps)
-done
-qed
-qed
-lemma abc_append_empty_r[simp]: "[] [+] ab = ab"
-apply(simp add: abc_append.simps abc_inst_shift.simps)
-apply(induct ab, simp, simp)
-apply(case_tac a, simp_all add: abc_inst_shift.simps)
-done
-lemma abc_append_empty_l[simp]:  "ab [+] [] = ab"
-apply(simp add: abc_append.simps abc_inst_shift.simps)
-done
-lemma abc_append_length[simp]:
-"length (ap [+] bp) = length ap + length bp"
-apply(simp add: abc_append.simps)
-done
-declare Let_def[simp]
-lemma abc_append_commute: "as [+] bs [+] cs = as [+] (bs [+] cs)"
-apply(simp add: abc_append.simps abc_shift.simps abc_inst_shift.simps)
-apply(induct cs, simp, simp)
-apply(case_tac a, auto simp: abc_inst_shift.simps Let_def)
-done
-lemma abc_halt_point_step[simp]:
-"\<lbrakk>a < length bp; abc_steps_l (a, b) bp (Suc 0) = (length bp, lm')\<rbrakk>
-\<Longrightarrow> abc_steps_l (length ap + a, b) (ap [+] bp [+] cp) (Suc 0) =
-(length ap + length bp, lm')"
-apply(simp add: abc_steps_l.simps abc_fetch.simps abc_append_nth)
-apply(case_tac "bp ! a",
-auto simp: abc_steps_l.simps abc_step_l.simps)
-done
-lemma abc_step_state_in:
-"\<lbrakk>bs < length bp;  abc_steps_l (a, b) bp (Suc 0) = (bs, l)\<rbrakk>
-\<Longrightarrow> a < length bp"
-apply(simp add: abc_steps_l.simps abc_fetch.simps)
-apply(rule_tac classical,
-simp add: abc_step_l.simps abc_steps_l.simps)
-done
-lemma abc_append_state_in_exc:
-"\<lbrakk>bs < length bp; abc_steps_l (0, lm) bp stpa = (bs, l)\<rbrakk>
-\<Longrightarrow> abc_steps_l (length ap, lm) (ap [+] bp [+] cp) stpa =
-(length ap + bs, l)"
-apply(induct stpa arbitrary: bs l, simp add: abc_steps_zero)
-proof -
-fix stpa bs l
-assume ind:
-"\<And>bs l. \<lbrakk>bs < length bp; abc_steps_l (0, lm) bp stpa = (bs, l)\<rbrakk>
-\<Longrightarrow> abc_steps_l (length ap, lm) (ap [+] bp [+] cp) stpa =
-(length ap + bs, l)"
-and h: "bs < length bp"
-"abc_steps_l (0, lm) bp (Suc stpa) = (bs, l)"
-from h show
-"abc_steps_l (length ap, lm) (ap [+] bp [+] cp) (Suc stpa) =
-(length ap + bs, l)"
-apply(simp add: abc_steps_ind)
-apply(case_tac "(abc_steps_l (0, lm) bp stpa)", simp)
-proof -
-fix a b
-assume g: "abc_steps_l (0, lm) bp stpa = (a, b)"
-"abc_steps_l (a, b) bp (Suc 0) = (bs, l)"
-from h and g have k1: "a < length bp"
-apply(simp add: abc_step_state_in)
-done
-from h and g and k1 show
-"abc_steps_l (abc_steps_l (length ap, lm) (ap [+] bp [+] cp) stpa)
-(ap [+] bp [+] cp) (Suc 0) = (length ap + bs, l)"
-apply(insert ind[of a b], simp)
-apply(simp add: abc_steps_l.simps abc_fetch.simps
-abc_append_nth)
-apply(case_tac "bp ! a", auto simp:
-abc_steps_l.simps abc_step_l.simps)
-done
-qed
-qed
-lemma [simp]: "abc_steps_l (0, am) [] stp = (0, am)"
-apply(induct stp, simp add: abc_steps_zero)
-apply(simp add: abc_steps_ind)
-apply(simp add: abc_steps_zero abc_steps_l.simps
-abc_fetch.simps abc_step_l.simps)
-done
-lemma abc_append_exc1:
-"\<lbrakk>\<exists> stp. abc_steps_l (0, lm) bp stp = (bs, lm');
-bs = length bp;
-as = length ap\<rbrakk>
-\<Longrightarrow> \<exists> stp. abc_steps_l (as, lm) (ap [+] bp [+] cp) stp
-= (as + bs, lm')"
-apply(case_tac "bp = []", erule_tac exE, simp,
-rule_tac x = 0 in exI, simp add: abc_steps_zero)
-apply(frule_tac abc_halt_point_ex, simp, simp,
-erule_tac exE, erule_tac exE)
-apply(rule_tac x = "stpa + Suc 0" in exI)
-apply(case_tac "(abc_steps_l (0, lm) bp stpa)",
-simp add: abc_steps_ind)
-apply(subgoal_tac
-"abc_steps_l (length ap, lm) (ap [+] bp [+] cp) stpa
-= (length ap + a, b)", simp)
-apply(simp add: abc_steps_zero)
-apply(rule_tac abc_append_state_in_exc, simp, simp)
-done
-lemma abc_append_exc3:
-"\<lbrakk>\<exists> stp. abc_steps_l (0, am) bp stp = (bs, bm); ss = length ap\<rbrakk>
-\<Longrightarrow>  \<exists> stp. abc_steps_l (ss, am) (ap [+] bp) stp = (bs + ss, bm)"
-apply(erule_tac exE)
-proof -
-fix stp
-assume h: "abc_steps_l (0, am) bp stp = (bs, bm)" "ss = length ap"
-thus " \<exists>stp. abc_steps_l (ss, am) (ap [+] bp) stp = (bs + ss, bm)"
-proof(induct stp arbitrary: bs bm)
-fix bs bm
-assume "abc_steps_l (0, am) bp 0 = (bs, bm)"
-thus "\<exists>stp. abc_steps_l (ss, am) (ap [+] bp) stp = (bs + ss, bm)"
-apply(rule_tac x = 0 in exI, simp add: abc_steps_l.simps)
-done
-next
-fix stp bs bm
-assume ind:
-"\<And>bs bm. \<lbrakk>abc_steps_l (0, am) bp stp = (bs, bm);
-ss = length ap\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (ss, am) (ap [+] bp) stp = (bs + ss, bm)"
-and g: "abc_steps_l (0, am) bp (Suc stp) = (bs, bm)"
-from g show
-"\<exists>stp. abc_steps_l (ss, am) (ap [+] bp) stp = (bs + ss, bm)"
-apply(insert abc_steps_add[of 0 am bp stp "Suc 0"], simp)
-apply(case_tac "(abc_steps_l (0, am) bp stp)", simp)
-proof -
-fix a b
-assume "(bs, bm) = abc_steps_l (a, b) bp (Suc 0)"
-"abc_steps_l (0, am) bp (Suc stp) =
-abc_steps_l (a, b) bp (Suc 0)"
-"abc_steps_l (0, am) bp stp = (a, b)"
-thus "?thesis"
-	apply(insert ind[of a b], simp add: h, erule_tac exE)
-	apply(rule_tac x = "Suc stp" in exI)
-	apply(simp only: abc_steps_ind, simp add: abc_steps_zero)
-proof -
-	fix stp
-	assume "(bs, bm) = abc_steps_l (a, b) bp (Suc 0)"
-	thus "abc_steps_l (a + length ap, b) (ap [+] bp) (Suc 0)
-= (bs + length ap, bm)"
-	  apply(simp add: abc_steps_l.simps abc_steps_zero
-abc_fetch.simps split: if_splits)
-	  apply(case_tac "bp ! a",
-simp_all add: abc_inst_shift.simps abc_append_nth
-abc_steps_l.simps abc_steps_zero abc_step_l.simps)
-	  apply(auto)
-	  done
-qed
-qed
-qed
-qed
-lemma abc_add_equal:
-"\<lbrakk>ap \<noteq> [];
-abc_steps_l (0, am) ap astp = (a, b);
-a < length ap\<rbrakk>
-\<Longrightarrow> (abc_steps_l (0, am) (ap @ bp) astp) = (a, b)"
-apply(induct astp arbitrary: a b, simp add: abc_steps_l.simps, simp)
-apply(simp add: abc_steps_ind)
-apply(case_tac "(abc_steps_l (0, am) ap astp)")
-proof -
-fix astp a b aa ba
-assume ind:
-"\<And>a b. \<lbrakk>abc_steps_l (0, am) ap astp = (a, b);
-a < length ap\<rbrakk> \<Longrightarrow>
-abc_steps_l (0, am) (ap @ bp) astp = (a, b)"
-and h: "abc_steps_l (abc_steps_l (0, am) ap astp) ap (Suc 0)
-= (a, b)"
-"a < length ap"
-"abc_steps_l (0, am) ap astp = (aa, ba)"
-from h show "abc_steps_l (abc_steps_l (0, am) (ap @ bp) astp)
-(ap @ bp) (Suc 0) = (a, b)"
-apply(insert ind[of aa ba], simp)
-apply(subgoal_tac "aa < length ap", simp)
-apply(simp add: abc_steps_l.simps abc_fetch.simps
-nth_append abc_steps_zero)
-apply(rule abc_step_state_in, auto)
-done
-qed
-lemma abc_add_exc1:
-"\<lbrakk>\<exists> astp. abc_steps_l (0, am) ap astp = (as, bm); as = length ap\<rbrakk>
-\<Longrightarrow> \<exists> stp. abc_steps_l (0, am) (ap @ bp) stp = (as, bm)"
-apply(case_tac "ap = []", simp,
-rule_tac x = 0 in exI, simp add: abc_steps_zero)
-apply(drule_tac abc_halt_point_ex, simp, simp)
-apply(erule_tac exE, case_tac "(abc_steps_l (0, am) ap astp)", simp)
-apply(rule_tac x = "Suc astp" in exI, simp add: abc_steps_ind, auto)
-apply(frule_tac bp = bp in abc_add_equal, simp, simp, simp)
-apply(simp add: abc_steps_l.simps abc_steps_zero
-abc_fetch.simps nth_append)
-done
-declare abc_shift.simps[simp del]
-lemma abc_append_exc2:
-"\<lbrakk>\<exists> astp. abc_steps_l (0, am) ap astp = (as, bm); as = length ap;
-\<exists> bstp. abc_steps_l (0, bm) bp bstp = (bs, bm'); bs = length bp;
-cs = as + bs; bp \<noteq> []\<rbrakk>
-\<Longrightarrow> \<exists> stp. abc_steps_l (0, am) (ap [+] bp) stp = (cs, bm')"
-apply(insert abc_append_exc1[of bm bp bs bm' as ap "[]"], simp)
-apply(drule_tac bp = "abc_shift bp (length ap)" in abc_add_exc1, simp)
-apply(subgoal_tac "ap @ abc_shift bp (length ap) = ap [+] bp",
-simp, auto)
-apply(rule_tac x = "stpa + stp" in exI, simp add: abc_steps_add)
-apply(simp add: abc_append.simps)
-done
-lemma exponent_add_iff: "a\<up>b @ a\<up>c@ xs = a\<up>(b+c) @ xs"
-apply(auto simp: replicate_add)
-done
-lemma exponent_cons_iff: "a # a\<up>c @ xs = a\<up>(Suc c) @ xs"
-apply(auto simp: replicate_add)
-done
-lemma  [simp]: "length lm = n \<Longrightarrow>
-abc_steps_l (Suc 0, lm @ Suc x # 0 # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] (Suc (Suc 0))
-= (3, lm @ Suc x # 0 # suf_lm)"
-apply(simp add: abc_steps_l.simps abc_fetch.simps
-abc_step_l.simps abc_lm_v.simps abc_lm_s.simps
-nth_append list_update_append)
-done
-lemma [simp]:
-"length lm = n \<Longrightarrow>
-abc_steps_l (Suc 0, lm @ Suc x # Suc y # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] (Suc (Suc 0))
-= (Suc 0, lm @ Suc x # y # suf_lm)"
-apply(simp add: abc_steps_l.simps abc_fetch.simps
-abc_step_l.simps abc_lm_v.simps abc_lm_s.simps
-nth_append list_update_append)
-done
-lemma pr_cycle_part_middle_inv:
-"\<lbrakk>length lm = n\<rbrakk> \<Longrightarrow>
-\<exists> stp. abc_steps_l (0, lm @ x # y # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] stp
-= (3, lm @ Suc x # 0 # suf_lm)"
-proof -
-assume h: "length lm = n"
-hence k1: "\<exists> stp. abc_steps_l (0, lm @ x # y # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] stp
-= (Suc 0, lm @ Suc x # y # suf_lm)"
-apply(rule_tac x = "Suc 0" in exI)
-apply(simp add: abc_steps_l.simps abc_step_l.simps
-abc_lm_v.simps abc_lm_s.simps nth_append
-list_update_append abc_fetch.simps)
-done
-from h have k2:
-"\<exists> stp. abc_steps_l (Suc 0, lm @ Suc x # y # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] stp
-= (3, lm @ Suc x # 0 # suf_lm)"
-apply(induct y)
-apply(rule_tac x = "Suc (Suc 0)" in exI, simp, simp,
-erule_tac exE)
-apply(rule_tac x = "Suc (Suc 0) + stp" in exI,
-simp only: abc_steps_add, simp)
-done
-from k1 and k2 show
-"\<exists> stp. abc_steps_l (0, lm @ x # y # suf_lm)
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)] stp
-= (3, lm @ Suc x # 0 # suf_lm)"
-apply(erule_tac exE, erule_tac exE)
-apply(rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add)
-done
-qed
-lemma [simp]:
-"length lm = Suc n \<Longrightarrow>
-(abc_steps_l (length ap, lm @ x # Suc y # suf_lm)
-(ap @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length ap)])
-(Suc (Suc (Suc 0))))
-= (length ap, lm @ Suc x # y # suf_lm)"
-apply(simp add: abc_steps_l.simps abc_fetch.simps abc_step_l.simps
-abc_lm_v.simps list_update_append nth_append abc_lm_s.simps)
-done
-lemma switch_para_inv:
-assumes bp_def:"bp =  ap @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto ss]"
-and h: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)"
-"ss = length ap"
-"length lm = Suc n"
-shows " \<exists>stp. abc_steps_l (ss, lm @ x # y # suf_lm) bp stp =
-(0, lm @ (x + y) # 0 # suf_lm)"
-apply(induct y arbitrary: x)
-apply(rule_tac x = "Suc 0" in exI,
-simp add: bp_def mv_box.simps abc_steps_l.simps
-abc_fetch.simps h abc_step_l.simps
-abc_lm_v.simps list_update_append nth_append
-abc_lm_s.simps)
-proof -
-fix y x
-assume ind:
-"\<And>x. \<exists>stp. abc_steps_l (ss, lm @ x # y # suf_lm) bp stp =
-(0, lm @ (x + y) # 0 # suf_lm)"
-show "\<exists>stp. abc_steps_l (ss, lm @ x # Suc y # suf_lm) bp stp =
-(0, lm @ (x + Suc y) # 0 # suf_lm)"
-apply(insert ind[of "Suc x"], erule_tac exE)
-apply(rule_tac x = "Suc (Suc (Suc 0)) + stp" in exI,
-simp only: abc_steps_add bp_def h)
-apply(simp add: h)
-done
-qed
-lemma [simp]:
-"length lm = rs_pos \<and> Suc (Suc rs_pos) < a_md \<and> 0 < rs_pos \<Longrightarrow>
-a_md - Suc 0 < Suc (Suc (Suc (a_md + length suf_lm -
-Suc (Suc (Suc 0)))))"
-apply(arith)
-done
-lemma [simp]:
-"Suc (Suc rs_pos) < a_md \<and> 0 < rs_pos \<Longrightarrow>
-\<not> a_md - Suc 0 < rs_pos - Suc 0"
-apply(arith)
-done
-lemma [simp]:
-"Suc (Suc rs_pos) < a_md \<and> 0 < rs_pos \<Longrightarrow>
-\<not> a_md - rs_pos < Suc (Suc (a_md - Suc (Suc rs_pos)))"
-apply(arith)
-done
-lemma butlast_append_last: "lm \<noteq> [] \<Longrightarrow> lm = butlast lm @ [last lm]"
-apply(auto)
-done
-lemma [simp]: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)
-\<Longrightarrow> (Suc (Suc rs_pos)) < a_md"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f", simp)
-apply(case_tac "rec_ci g", simp)
-apply(arith)
-done
-lemma ci_pr_para_eq: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)
-\<Longrightarrow> rs_pos = Suc n"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci g",  case_tac "rec_ci f", simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci z = (aprog, rs_pos, a_md); rec_calc_rel z lm xs\<rbrakk>
-\<Longrightarrow> length lm = rs_pos"
-apply(simp add: rec_ci.simps rec_ci_z_def)
-apply(erule_tac calc_z_reverse, simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci s = (aprog, rs_pos, a_md); rec_calc_rel s lm xs\<rbrakk>
-\<Longrightarrow> length lm = rs_pos"
-apply(simp add: rec_ci.simps rec_ci_s_def)
-apply(erule_tac calc_s_reverse, simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (recf.id nat1 nat2) = (aprog, rs_pos, a_md);
-rec_calc_rel (recf.id nat1 nat2) lm xs\<rbrakk> \<Longrightarrow> length lm = rs_pos"
-apply(simp add: rec_ci.simps rec_ci_id.simps)
-apply(erule_tac calc_id_reverse, simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_calc_rel (Cn n f gs) lm xs\<rbrakk> \<Longrightarrow> length lm = rs_pos"
-apply(erule_tac calc_cn_reverse, simp)
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f",  simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_calc_rel (Pr n f g) lm xs\<rbrakk> \<Longrightarrow> length lm = rs_pos"
-apply(erule_tac  calc_pr_reverse, simp)
-apply(drule_tac ci_pr_para_eq, simp, simp)
-apply(drule_tac ci_pr_para_eq, simp)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-rec_calc_rel (Mn n f) lm xs\<rbrakk> \<Longrightarrow> length lm = rs_pos"
-apply(erule_tac calc_mn_reverse)
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f",  simp)
-done
-lemma para_pattern:
-"\<lbrakk>rec_ci f = (aprog, rs_pos, a_md); rec_calc_rel f lm xs\<rbrakk>
-\<Longrightarrow> length lm = rs_pos"
-apply(case_tac f, auto)
-done
-lemma ci_pr_g_paras:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba);
-rec_calc_rel (Pr n f g) (lm @ [x]) rs; x > 0\<rbrakk> \<Longrightarrow>
-aa = Suc rs_pos "
-apply(erule calc_pr_reverse, simp)
-apply(subgoal_tac "length (args @ [k, rk]) = aa", simp)
-apply(subgoal_tac "rs_pos = Suc n", simp)
-apply(simp add: ci_pr_para_eq)
-apply(erule para_pattern, simp)
-done
-lemma ci_pr_g_md_less:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba)\<rbrakk> \<Longrightarrow> ba < a_md"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f",  auto)
-done
-lemma [intro]: "rec_ci z = (ap, rp, ad) \<Longrightarrow> rp < ad"
-by(simp add: rec_ci.simps)
-lemma [intro]: "rec_ci s = (ap, rp, ad) \<Longrightarrow> rp < ad"
-by(simp add: rec_ci.simps)
-lemma [intro]: "rec_ci (recf.id nat1 nat2) = (ap, rp, ad) \<Longrightarrow> rp < ad"
-by(simp add: rec_ci.simps)
-lemma [intro]: "rec_ci (Cn n f gs) = (ap, rp, ad) \<Longrightarrow> rp < ad"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f",  simp)
-done
-lemma [intro]: "rec_ci (Pr n f g) = (ap, rp, ad) \<Longrightarrow> rp < ad"
-apply(simp add: rec_ci.simps)
-by(case_tac "rec_ci f", case_tac "rec_ci g",  auto)
-lemma [intro]: "rec_ci (Mn n f) = (ap, rp, ad) \<Longrightarrow> rp < ad"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f", simp)
-apply(arith)
-done
-lemma ci_ad_ge_paras: "rec_ci f = (ap, rp, ad) \<Longrightarrow> ad > rp"
-apply(case_tac f, auto)
-done
-lemma [elim]: "\<lbrakk>a [+] b = []; a \<noteq> [] \<or> b \<noteq> []\<rbrakk> \<Longrightarrow> RR"
-apply(auto simp: abc_append.simps abc_shift.simps)
-done
-lemma [intro]: "rec_ci z = ([], aa, ba) \<Longrightarrow> False"
-by(simp add: rec_ci.simps rec_ci_z_def)
-lemma [intro]: "rec_ci s = ([], aa, ba) \<Longrightarrow> False"
-by(auto simp: rec_ci.simps rec_ci_s_def addition.simps)
-lemma [intro]: "rec_ci (id m n) = ([], aa, ba) \<Longrightarrow> False"
-by(auto simp: rec_ci.simps rec_ci_id.simps addition.simps)
-lemma [intro]: "rec_ci (Cn n f gs) = ([], aa, ba) \<Longrightarrow> False"
-apply(case_tac "rec_ci f", auto simp: rec_ci.simps abc_append.simps)
-apply(simp add: abc_shift.simps mv_box.simps)
-done
-lemma [intro]: "rec_ci (Pr n f g) = ([], aa, ba) \<Longrightarrow> False"
-apply(simp add: rec_ci.simps)
-apply(case_tac "rec_ci f", case_tac "rec_ci g")
-by(auto)
-lemma [intro]: "rec_ci (Mn n f) = ([], aa, ba) \<Longrightarrow> False"
-apply(case_tac "rec_ci f", auto simp: rec_ci.simps)
-done
-lemma rec_ci_not_null:  "rec_ci g = (a, aa, ba) \<Longrightarrow> a \<noteq> []"
-by(case_tac g, auto)
-lemma calc_pr_g_def:
-"\<lbrakk>rec_calc_rel (Pr rs_pos f g) (lm @ [Suc x]) rsa;
-rec_calc_rel (Pr rs_pos f g) (lm @ [x]) rsxa\<rbrakk>
-\<Longrightarrow> rec_calc_rel g (lm @ [x, rsxa]) rsa"
-apply(erule_tac calc_pr_reverse, simp, simp)
-apply(subgoal_tac "rsxa = rk", simp)
-apply(erule_tac rec_calc_inj, auto)
-done
-lemma ci_pr_md_def:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba); rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow> a_md = Suc (max (n + 3) (max bc ba))"
-by(simp add: rec_ci.simps)
-lemma  ci_pr_f_paras:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_calc_rel (Pr n f g) lm rs;
-rec_ci f = (ab, ac, bc)\<rbrakk>  \<Longrightarrow> ac = rs_pos - Suc 0"
-apply(subgoal_tac "\<exists>rs. rec_calc_rel f (butlast lm) rs",
-erule_tac exE)
-apply(drule_tac f = f and lm = "butlast lm" in para_pattern,
-simp, simp)
-apply(drule_tac para_pattern, simp)
-apply(subgoal_tac "lm \<noteq> []", simp)
-apply(erule_tac calc_pr_reverse, simp, simp)
-apply(erule calc_pr_zero_ex)
-done
-lemma ci_pr_md_ge_f:  "\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci f = (ab, ac, bc)\<rbrakk> \<Longrightarrow> Suc bc \<le> a_md"
-apply(case_tac "rec_ci g")
-apply(simp add: rec_ci.simps, auto)
-done
-lemma ci_pr_md_ge_g:  "\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (ab, ac, bc)\<rbrakk> \<Longrightarrow> bc < a_md"
-apply(case_tac "rec_ci f")
-apply(simp add: rec_ci.simps, auto)
-done
-lemma rec_calc_rel_def0:
-"\<lbrakk>rec_calc_rel (Pr n f g) lm rs; rec_calc_rel f (butlast lm) rsa\<rbrakk>
-\<Longrightarrow> rec_calc_rel (Pr n f g) (butlast lm @ [0]) rsa"
-apply(rule_tac calc_pr_zero, simp)
-apply(erule_tac calc_pr_reverse, simp, simp, simp)
-done
-lemma [simp]:  "length (mv_box m n) = 3"
-by (auto simp: mv_box.simps)
-lemma [simp]: "\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md); rec_calc_rel (Pr n f g) lm rs\<rbrakk>
-\<Longrightarrow> rs_pos = Suc n"
-apply(simp add: ci_pr_para_eq)
-done
-lemma [simp]: "\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md); rec_calc_rel (Pr n f g) lm rs\<rbrakk>
-\<Longrightarrow> length lm = Suc n"
-apply(subgoal_tac "rs_pos = Suc n", rule_tac para_pattern, simp, simp)
-apply(case_tac "rec_ci f", case_tac "rec_ci g", simp add: rec_ci.simps)
-done
-lemma [simp]: "rec_ci (Pr n f g) = (a, rs_pos, a_md) \<Longrightarrow> Suc (Suc n) < a_md"
-apply(case_tac "rec_ci f", case_tac "rec_ci g", simp add: rec_ci.simps)
-apply arith
-done
-lemma [simp]: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md) \<Longrightarrow> 0 < rs_pos"
-apply(case_tac "rec_ci f", case_tac "rec_ci g")
-apply(simp add: rec_ci.simps)
-done
-lemma [simp]: "Suc (Suc rs_pos) < a_md \<Longrightarrow>
-butlast lm @ (last lm - xa) # (rsa::nat) # 0 # 0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm =
-butlast lm @ (last lm - xa) # rsa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm"
-apply(simp add: replicate_Suc[THEN sym])
-done
-lemma pr_cycle_part_ind:
-assumes g_ind:
-"\<And>lm rs suf_lm. rec_calc_rel g lm rs \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(ba - aa) @ suf_lm) a stp =
-(length a, lm @ rs # 0\<up>(ba - Suc aa) @ suf_lm)"
-and ap_def:
-"ap = ([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3, Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]"
-and h: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Pr n f g)
-(butlast lm @ [last lm - Suc xa]) rsxa"
-"Suc xa \<le> last lm"
-"rec_ci g = (a, aa, ba)"
-"rec_calc_rel (Pr n f g) (butlast lm @ [last lm - xa]) rsa"
-"lm \<noteq> []"
-shows
-"\<exists>stp. abc_steps_l
-(0, butlast lm @ (last lm - Suc xa) # rsxa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm) ap stp =
-(0, butlast lm @ (last lm - xa) # rsa
-# 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm)"
-proof -
-have k1: "\<exists>stp. abc_steps_l (0, butlast lm @ (last lm - Suc xa) #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm) ap stp =
-(length a + 4, butlast lm @ (last lm - xa) # 0 # rsa #
-0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm)"
-apply(simp add: ap_def, rule_tac abc_add_exc1)
-apply(rule_tac as = "Suc 0" and
-bm = "butlast lm @ (last lm - Suc xa) #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm" in abc_append_exc2,
-auto)
-proof -
-show
-"\<exists>astp. abc_steps_l (0, butlast lm @ (last lm - Suc xa) # rsxa
-# 0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm)
-[Dec (a_md - Suc 0)(length a + 7)] astp =
-(Suc 0, butlast lm @ (last lm - Suc xa) #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm)"
-apply(rule_tac x = "Suc 0" in exI,
-simp add: abc_steps_l.simps abc_step_l.simps
-abc_fetch.simps)
-apply(subgoal_tac "length lm = Suc n \<and> rs_pos = Suc n \<and>
-a_md > Suc (Suc rs_pos)")
-apply(simp add: abc_lm_v.simps nth_append abc_lm_s.simps)
-apply(insert nth_append[of
-"(last lm - Suc xa) # rsxa # 0\<up>(a_md - Suc (Suc rs_pos))"
-"Suc xa # suf_lm" "(a_md - rs_pos)"], simp)
-apply(simp add: list_update_append del: list_update.simps)
-apply(insert list_update_append[of "(last lm - Suc xa) # rsxa #
-0\<up>(a_md - Suc (Suc rs_pos))"
-"Suc xa # suf_lm" "a_md - rs_pos" "xa"], simp)
-apply(case_tac a_md, simp, simp)
-apply(insert h, simp)
-apply(insert para_pattern[of "Pr n f g" aprog rs_pos a_md
-"(butlast lm @ [last lm - Suc xa])" rsxa], simp)
-done
-next
-show "\<exists>bstp. abc_steps_l (0, butlast lm @ (last lm - Suc xa) #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm) (a [+]
-[Inc (rs_pos - Suc 0), Dec rs_pos 3, Goto (Suc 0)]) bstp =
-(3 + length a, butlast lm @ (last lm - xa) # 0 # rsa #
-0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm)"
-apply(rule_tac as = "length a" and
-bm = "butlast lm @ (last lm - Suc xa) # rsxa # rsa #
-0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm"
-in abc_append_exc2, simp_all)
-proof -
-from h have j1: "aa = Suc rs_pos \<and> a_md > ba \<and> ba > Suc rs_pos"
-	apply(insert h)
-	apply(insert ci_pr_g_paras[of n f g aprog rs_pos
-a_md a aa ba "butlast lm" "last lm - xa" rsa], simp)
-	apply(drule_tac ci_pr_md_ge_g, auto)
-	apply(erule_tac ci_ad_ge_paras)
-	done
-from h have j2: "rec_calc_rel g (butlast lm @
-[last lm - Suc xa, rsxa]) rsa"
-	apply(rule_tac  calc_pr_g_def, simp, simp)
-	done
-from j1 and j2 show
-"\<exists>astp. abc_steps_l (0, butlast lm @ (last lm - Suc xa) #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm) a astp =
-(length a, butlast lm @ (last lm - Suc xa) # rsxa # rsa
-# 0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm)"
-	apply(insert g_ind[of
-"butlast lm @ (last lm - Suc xa) # [rsxa]" rsa
-"0\<up>(a_md - ba - Suc 0) @ xa # suf_lm"], simp, auto)
-	apply(simp add: exponent_add_iff)
-	apply(rule_tac x = stp in exI, simp add: numeral_3_eq_3)
-	done
-next
-from h have j3: "length lm = rs_pos \<and> rs_pos > 0"
-	apply(rule_tac conjI)
-	apply(drule_tac lm = "(butlast lm @ [last lm - Suc xa])"
-and xs = rsxa in para_pattern, simp, simp, simp)
-done
-from h have j4: "Suc (last lm - Suc xa) = last lm - xa"
-	apply(case_tac "last lm", simp, simp)
-	done
-from j3 and j4 show
-"\<exists>bstp. abc_steps_l (0, butlast lm @ (last lm - Suc xa) # rsxa #
-rsa # 0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm)
-[Inc (rs_pos - Suc 0), Dec rs_pos 3, Goto (Suc 0)] bstp =
-(3, butlast lm @ (last lm - xa) # 0 # rsa #
-0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm)"
-	apply(insert pr_cycle_part_middle_inv[of "butlast lm"
-"rs_pos - Suc 0" "(last lm - Suc xa)" rsxa
-"rsa # 0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm"], simp)
-	done
-qed
-qed
-from h have k2:
-"\<exists>stp. abc_steps_l (length a + 4, butlast lm @ (last lm - xa) # 0
-# rsa # 0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm) ap stp =
-(0, butlast lm @ (last lm - xa) # rsa # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm)"
-apply(insert switch_para_inv[of ap
-"([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3, Goto (Suc 0)]))"
-n "length a + 4" f g aprog rs_pos a_md
-"butlast lm @ [last lm - xa]" 0 rsa
-"0\<up>(a_md - Suc (Suc (Suc rs_pos))) @ xa # suf_lm"])
-apply(simp add: h ap_def)
-apply(subgoal_tac "length lm = Suc n \<and> Suc (Suc rs_pos) < a_md",
-simp)
-apply(insert h, simp)
-apply(frule_tac lm = "(butlast lm @ [last lm - Suc xa])"
-and xs = rsxa in para_pattern, simp, simp)
-done
-from k1 and k2 show "?thesis"
-apply(auto)
-apply(rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add)
-done
-qed
-lemma ci_pr_ex1:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba);
-rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow> \<exists>ap bp. length ap = 6 + length ab \<and>
-aprog = ap [+] bp \<and>
-bp = ([Dec (a_md - Suc 0) (length a + 7)] [+] (a [+]
-[Inc (rs_pos - Suc 0), Dec rs_pos 3, Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "mv_box n (max (Suc (Suc (Suc n)))
-(max bc ba)) [+] ab [+] mv_box n (Suc n)" in exI,
-simp)
-apply(auto simp add: abc_append_commute numeral_3_eq_3)
-done
-lemma pr_cycle_part:
-"\<lbrakk>\<And>lm rs suf_lm. rec_calc_rel g lm rs \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(ba - aa) @ suf_lm) a stp =
-(length a, lm @ rs # 0\<up>(ba - Suc aa) @ suf_lm);
-rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_calc_rel (Pr n f g) lm rs;
-rec_ci g = (a, aa, ba);
-rec_calc_rel (Pr n f g) (butlast lm @ [last lm - x]) rsx;
-rec_ci f = (ab, ac, bc);
-lm \<noteq> [];
-x \<le> last lm\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (6 + length ab, butlast lm @ (last lm - x) #
-rsx # 0\<up>(a_md - Suc (Suc rs_pos)) @ x # suf_lm) aprog stp =
-(6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)"
-proof -
-assume g_ind:
-"\<And>lm rs suf_lm. rec_calc_rel g lm rs \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(ba - aa) @ suf_lm) a stp =
-(length a, lm @ rs # 0\<up>(ba - Suc aa) @ suf_lm)"
-and h: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Pr n f g) lm rs"
-"rec_ci g = (a, aa, ba)"
-"rec_calc_rel (Pr n f g) (butlast lm @ [last lm - x]) rsx"
-"lm \<noteq> []"
-"x \<le> last lm"
-"rec_ci f = (ab, ac, bc)"
-from h show
-"\<exists>stp. abc_steps_l (6 + length ab, butlast lm @ (last lm - x) #
-rsx # 0\<up>(a_md - Suc (Suc rs_pos)) @ x # suf_lm) aprog stp =
-(6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)"
-proof(induct x arbitrary: rsx, simp_all)
-fix rsxa
-assume "rec_calc_rel (Pr n f g) lm rsxa"
-"rec_calc_rel (Pr n f g) lm rs"
-from h and this have "rs = rsxa"
-apply(subgoal_tac "lm \<noteq> [] \<and> rs_pos = Suc n", simp)
-apply(rule_tac rec_calc_inj, simp, simp)
-apply(simp)
-done
-thus "\<exists>stp. abc_steps_l (6 + length ab, butlast lm @  last lm #
-rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm) aprog stp =
-(6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)"
-by(rule_tac x = 0 in exI, simp add: abc_steps_l.simps)
-next
-fix xa rsxa
-assume ind:
-"\<And>rsx. rec_calc_rel (Pr n f g) (butlast lm @ [last lm - xa]) rsx
-\<Longrightarrow> \<exists>stp. abc_steps_l (6 + length ab, butlast lm @ (last lm - xa) #
-rsx # 0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm) aprog stp =
-(6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)"
-and g: "rec_calc_rel (Pr n f g)
-(butlast lm @ [last lm - Suc xa]) rsxa"
-"Suc xa \<le> last lm"
-"rec_ci (Pr n f g) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Pr n f g) lm rs"
-"rec_ci g = (a, aa, ba)"
-"rec_ci f = (ab, ac, bc)" "lm \<noteq> []"
-from g have k1:
-"\<exists> rs. rec_calc_rel (Pr n f g) (butlast lm @ [last lm - xa]) rs"
-apply(rule_tac rs = rs in  calc_pr_less_ex, simp, simp)
-done
-from g and this show
-"\<exists>stp. abc_steps_l (6 + length ab,
-butlast lm @ (last lm - Suc xa) # rsxa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm) aprog stp =
-(6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)"
-proof(erule_tac exE)
-fix rsa
-assume k2: "rec_calc_rel (Pr n f g)
-(butlast lm @ [last lm - xa]) rsa"
-from g and k2 have
-"\<exists>stp. abc_steps_l (6 + length ab, butlast lm @
-(last lm - Suc xa) # rsxa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm) aprog stp
-= (6 + length ab, butlast lm @ (last lm - xa) # rsa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm)"
-	proof -
-	  from g have k2_1:
-"\<exists> ap bp. length ap = 6 + length ab \<and>
-aprog = ap [+] bp \<and>
-bp = ([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3,
-Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]"
-apply(rule_tac ci_pr_ex1, auto)
-	    done
-	  from k2_1 and k2 and g show "?thesis"
-	    proof(erule_tac exE, erule_tac exE)
-	      fix ap bp
-	      assume
-"length ap = 6 + length ab \<and>
-aprog = ap [+] bp \<and> bp =
-([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3,
-Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]"
-	      from g and this and k2 and g_ind show "?thesis"
-		apply(insert abc_append_exc3[of
-"butlast lm @ (last lm - Suc xa) # rsxa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa # suf_lm" bp 0
-"butlast lm @ (last lm - xa) # rsa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm" "length ap" ap],
-simp)
-		apply(subgoal_tac
-"\<exists>stp. abc_steps_l (0, butlast lm @ (last lm - Suc xa)
-# rsxa # 0\<up>(a_md - Suc (Suc rs_pos)) @ Suc xa #
-suf_lm) bp stp =
-	          (0, butlast lm @ (last lm - xa) # rsa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ xa # suf_lm)",
-simp, erule_tac conjE, erule conjE)
-		apply(erule pr_cycle_part_ind, auto)
-		done
-	    qed
-	  qed
-from g and k2 and this show "?thesis"
-	apply(erule_tac exE)
-	apply(insert ind[of rsa], simp)
-	apply(erule_tac exE)
-	apply(rule_tac x = "stp + stpa" in exI,
-simp add: abc_steps_add)
-	done
-qed
-qed
-qed
-lemma ci_pr_length:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba);
-rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow>  length aprog = 13 + length ab + length a"
-apply(auto simp: rec_ci.simps)
-done
-fun mv_box_inv :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat list \<Rightarrow> bool"
-where
-"mv_box_inv (as, lm) m n initlm =
-(let plus = initlm ! m + initlm ! n in
-length initlm > max m n \<and> m \<noteq> n \<and>
-(if as = 0 then \<exists> k l. lm = initlm[m := k, n := l] \<and>
-k + l = plus \<and> k \<le> initlm ! m
-else if as = 1 then \<exists> k l. lm = initlm[m := k, n := l]
-\<and> k + l + 1 = plus \<and> k < initlm ! m
-else if as = 2 then \<exists> k l. lm = initlm[m := k, n := l]
-\<and> k + l = plus \<and> k \<le> initlm ! m
-else if as = 3 then lm = initlm[m := 0, n := plus]
-else False))"
-fun mv_box_stage1 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mv_box_stage1 (as, lm) m  =
-(if as = 3 then 0
-else 1)"
-fun mv_box_stage2 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mv_box_stage2 (as, lm) m = (lm ! m)"
-fun mv_box_stage3 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mv_box_stage3 (as, lm) m = (if as = 1 then 3
-else if as = 2 then 2
-else if as = 0 then 1
-else 0)"
-fun mv_box_measure :: "((nat \<times> nat list) \<times> nat) \<Rightarrow> (nat \<times> nat \<times> nat)"
-where
-"mv_box_measure ((as, lm), m) =
-(mv_box_stage1 (as, lm) m, mv_box_stage2 (as, lm) m,
-mv_box_stage3 (as, lm) m)"
-definition lex_pair :: "((nat \<times> nat) \<times> nat \<times> nat) set"
-where
-"lex_pair = less_than <*lex*> less_than"
-definition lex_triple ::
-"((nat \<times> (nat \<times> nat)) \<times> (nat \<times> (nat \<times> nat))) set"
-where
-"lex_triple \<equiv> less_than <*lex*> lex_pair"
-definition mv_box_LE ::
-"(((nat \<times> nat list) \<times> nat) \<times> ((nat \<times> nat list) \<times> nat)) set"
-where
-"mv_box_LE \<equiv> (inv_image lex_triple mv_box_measure)"
-lemma wf_lex_triple: "wf lex_triple"
-by (auto intro:wf_lex_prod simp:lex_triple_def lex_pair_def)
-lemma wf_mv_box_le[intro]: "wf mv_box_LE"
-by(auto intro:wf_inv_image wf_lex_triple simp: mv_box_LE_def)
-declare mv_box_inv.simps[simp del]
-lemma mv_box_inv_init:
-"\<lbrakk>m < length initlm; n < length initlm; m \<noteq> n\<rbrakk> \<Longrightarrow>
-mv_box_inv (0, initlm) m n initlm"
-apply(simp add: abc_steps_l.simps mv_box_inv.simps)
-apply(rule_tac x = "initlm ! m" in exI,
-rule_tac x = "initlm ! n" in exI, simp)
-done
-lemma [simp]: "abc_fetch 0 (mv_box m n) = Some (Dec m 3)"
-apply(simp add: mv_box.simps abc_fetch.simps)
-done
-lemma [simp]: "abc_fetch (Suc 0) (mv_box m n) =
-Some (Inc n)"
-apply(simp add: mv_box.simps abc_fetch.simps)
-done
-lemma [simp]: "abc_fetch 2 (mv_box m n) = Some (Goto 0)"
-apply(simp add: mv_box.simps abc_fetch.simps)
-done
-lemma [simp]: "abc_fetch 3 (mv_box m n) = None"
-apply(simp add: mv_box.simps abc_fetch.simps)
-done
-lemma [simp]:
-"\<lbrakk>m \<noteq> n; m < length initlm; n < length initlm;
-k + l = initlm ! m + initlm ! n; k \<le> initlm ! m; 0 < k\<rbrakk>
-\<Longrightarrow> \<exists>ka la. initlm[m := k, n := l, m := k - Suc 0] =
-initlm[m := ka, n := la] \<and>
-Suc (ka + la) = initlm ! m + initlm ! n \<and>
-ka < initlm ! m"
-apply(rule_tac x = "k - Suc 0" in exI, rule_tac x = l in exI,
-simp, auto)
-apply(subgoal_tac
-"initlm[m := k, n := l, m := k - Suc 0] =
-initlm[n := l, m := k, m := k - Suc 0]")
-apply(simp add: list_update_overwrite )
-apply(simp add: list_update_swap)
-apply(simp add: list_update_swap)
-done
-lemma [simp]:
-"\<lbrakk>m \<noteq> n; m < length initlm; n < length initlm;
-Suc (k + l) = initlm ! m + initlm ! n;
-k < initlm ! m\<rbrakk>
-\<Longrightarrow> \<exists>ka la. initlm[m := k, n := l, n := Suc l] =
-initlm[m := ka, n := la] \<and>
-ka + la = initlm ! m + initlm ! n \<and>
-ka \<le> initlm ! m"
-apply(rule_tac x = k in exI, rule_tac x = "Suc l" in exI, auto)
-done
-lemma [simp]:
-"\<lbrakk>length initlm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
-\<forall>na. \<not> (\<lambda>(as, lm) m. as = 3)
-(abc_steps_l (0, initlm) (mv_box m n) na) m \<and>
-mv_box_inv (abc_steps_l (0, initlm)
-(mv_box m n) na) m n initlm \<longrightarrow>
-mv_box_inv (abc_steps_l (0, initlm)
-(mv_box m n) (Suc na)) m n initlm \<and>
-((abc_steps_l (0, initlm) (mv_box m n) (Suc na), m),
-abc_steps_l (0, initlm) (mv_box m n) na, m) \<in> mv_box_LE"
-apply(rule allI, rule impI, simp add: abc_steps_ind)
-apply(case_tac "(abc_steps_l (0, initlm) (mv_box m n) na)",
-simp)
-apply(auto split:if_splits simp add:abc_steps_l.simps mv_box_inv.simps)
-apply(auto simp add: mv_box_LE_def lex_triple_def lex_pair_def
-abc_step_l.simps abc_steps_l.simps
-mv_box_inv.simps abc_lm_v.simps abc_lm_s.simps
-split: if_splits )
-apply(rule_tac x = k in exI, rule_tac x = "Suc l" in exI, simp)
-done
-lemma mv_box_inv_halt:
-"\<lbrakk>length initlm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
-\<exists> stp. (\<lambda> (as, lm). as = 3 \<and>
-mv_box_inv (as, lm) m n initlm)
-(abc_steps_l (0::nat, initlm) (mv_box m n) stp)"
-apply(insert halt_lemma2[of mv_box_LE
-"\<lambda> ((as, lm), m). mv_box_inv (as, lm) m n initlm"
-"\<lambda> stp. (abc_steps_l (0, initlm) (mv_box m n) stp, m)"
-"\<lambda> ((as, lm), m). as = (3::nat)"
-])
-apply(insert wf_mv_box_le)
-apply(simp add: mv_box_inv_init abc_steps_zero)
-apply(erule_tac exE)
-apply(rule_tac x = na in exI)
-apply(case_tac "(abc_steps_l (0, initlm) (mv_box m n) na)",
-simp, auto)
-done
-lemma mv_box_halt_cond:
-"\<lbrakk>m \<noteq> n; mv_box_inv (a, b) m n lm; a = 3\<rbrakk> \<Longrightarrow>
-b = lm[n := lm ! m + lm ! n, m := 0]"
-apply(simp add: mv_box_inv.simps, auto)
-apply(simp add: list_update_swap)
-done
-lemma mv_box_ex:
-"\<lbrakk>length lm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
-\<exists> stp. abc_steps_l (0::nat, lm) (mv_box m n) stp
-= (3, (lm[n := (lm ! m + lm ! n)])[m := 0::nat])"
-apply(drule mv_box_inv_halt, simp, erule_tac exE)
-apply(rule_tac x = stp in exI)
-apply(case_tac "abc_steps_l (0, lm) (mv_box m n) stp",
-simp)
-apply(erule_tac mv_box_halt_cond, auto)
-done
-lemma [simp]:
-"\<lbrakk>a_md = Suc (max (Suc (Suc n)) (max bc ba));
-length lm = rs_pos \<and> rs_pos = n \<and> n > 0\<rbrakk>
-\<Longrightarrow> n - Suc 0 < length lm +
-(Suc (max (Suc (Suc n)) (max bc ba)) - rs_pos + length suf_lm) \<and>
-Suc (Suc n) < length lm + (Suc (max (Suc (Suc n)) (max bc ba)) -
-rs_pos + length suf_lm) \<and> bc < length lm + (Suc (max (Suc (Suc n))
-(max bc ba)) - rs_pos + length suf_lm) \<and> ba < length lm +
-(Suc (max (Suc (Suc n)) (max bc ba)) - rs_pos + length suf_lm)"
-apply(arith)
-done
-lemma [simp]:
-"\<lbrakk>a_md = Suc (max (Suc (Suc n)) (max bc ba));
-length lm = rs_pos \<and> rs_pos = n \<and> n > 0\<rbrakk>
-\<Longrightarrow> n - Suc 0 < Suc (length suf_lm + max (Suc (Suc n)) (max bc ba)) \<and>
-Suc n < length suf_lm + max (Suc (Suc n)) (max bc ba) \<and>
-bc < Suc (length suf_lm + max (Suc (Suc n)) (max bc ba)) \<and>
-ba < Suc (length suf_lm + max (Suc (Suc n)) (max bc ba))"
-apply(arith)
-done
-lemma [simp]: "n - Suc 0 \<noteq> max (Suc (Suc n)) (max bc ba)"
-apply(arith)
-done
-lemma [simp]:
-"a_md \<ge> Suc bc \<and> rs_pos > 0 \<and> bc \<ge> rs_pos \<Longrightarrow>
-bc - (rs_pos - Suc 0) + a_md - Suc bc = Suc (a_md - rs_pos - Suc 0)"
-apply(arith)
-done
-lemma [simp]: "length lm = n \<and> rs_pos = n \<and> 0 < rs_pos \<and>
-Suc rs_pos < a_md
-\<Longrightarrow> n - Suc 0 < Suc (Suc (a_md + length suf_lm - Suc (Suc 0)))
-\<and> n < Suc (Suc (a_md + length suf_lm - Suc (Suc 0)))"
-apply(arith)
-done
-lemma [simp]: "length lm = n \<and> rs_pos = n \<and> 0 < rs_pos \<and>
-Suc rs_pos < a_md \<Longrightarrow> n - Suc 0 \<noteq> n"
-by arith
-lemma ci_pr_ex2:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_calc_rel (Pr n f g) lm rs;
-rec_ci g = (a, aa, ba);
-rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow> \<exists>ap bp. aprog = ap [+] bp \<and>
-ap = mv_box n (max (Suc (Suc (Suc n))) (max bc ba))"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "(ab [+] (mv_box n (Suc n) [+]
-([Dec (max (n + 3) (max bc ba)) (length a + 7)]
-[+] (a [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]))" in exI, auto)
-apply(simp add: abc_append_commute numeral_3_eq_3)
-done
-lemma [simp]:
-"max (Suc (Suc (Suc n))) (max bc ba) - n <
-Suc (max (Suc (Suc (Suc n))) (max bc ba)) - n"
-apply(arith)
-done
-lemma [simp]: "length lm = n \<and> rs_pos = n \<and> 0 < n \<Longrightarrow>
-lm[n - Suc 0 := 0::nat] = butlast lm @ [0]"
-apply(auto)
-apply(insert list_update_append[of "butlast lm" "[last lm]"
-"length lm - Suc 0" "0"], simp)
-done
-lemma [simp]: "\<lbrakk>length lm = n; 0 < n\<rbrakk>  \<Longrightarrow> lm ! (n - Suc 0) = last lm"
-apply(insert nth_append[of "butlast lm" "[last lm]" "n - Suc 0"],
-simp)
-apply(insert butlast_append_last[of lm], auto)
-done
-lemma exp_suc_iff: "a\<up>b @ [a] = a\<up>(b + Suc 0)"
-apply(simp add: exp_ind del: replicate.simps)
-done
-lemma less_not_less[simp]: "n > 0 \<Longrightarrow> \<not> n < n - Suc 0"
-by auto
-lemma [simp]:
-"Suc n < length suf_lm + max (Suc (Suc n)) (max bc ba) \<and>
-bc < Suc (length suf_lm + max (Suc (Suc n))
-(max bc ba)) \<and>
-ba < Suc (length suf_lm + max (Suc (Suc n)) (max bc ba))"
-by arith
-lemma [simp]: "length lm = n \<and> rs_pos = n \<and> n > 0 \<Longrightarrow>
-(lm @ 0\<up>(Suc (max (Suc (Suc n)) (max bc ba)) - n) @ suf_lm)
-[max (Suc (Suc n)) (max bc ba) :=
-(lm @ 0\<up>(Suc (max (Suc (Suc n)) (max bc ba)) - n) @ suf_lm) ! (n - Suc 0) +
-(lm @ 0\<up>(Suc (max (Suc (Suc n)) (max bc ba)) - n) @ suf_lm) !
-max (Suc (Suc n)) (max bc ba), n - Suc 0 := 0::nat]
-= butlast lm @ 0 # 0\<up>(max (Suc (Suc n)) (max bc ba) - n) @ last lm # suf_lm"
-apply(simp add: nth_append nth_replicate list_update_append)
-apply(insert list_update_append[of "0\<up>((max (Suc (Suc n)) (max bc ba)) - n)"
-"[0]" "max (Suc (Suc n)) (max bc ba) - n" "last lm"], simp)
-apply(simp add: exp_suc_iff Suc_diff_le del: list_update.simps)
-done
-lemma exp_eq: "(a = b) = (c\<up>a = c\<up>b)"
-apply(auto)
-done
-lemma [simp]:
-"\<lbrakk>length lm = n; 0 < n;  Suc n < a_md\<rbrakk> \<Longrightarrow>
-(butlast lm @ rsa # 0\<up>(a_md - Suc n) @ last lm # suf_lm)
-[n := (butlast lm @ rsa # 0\<up>(a_md - Suc n) @ last lm # suf_lm) !
-(n - Suc 0) + (butlast lm @ rsa # (0::nat)\<up>(a_md - Suc n) @
-last lm # suf_lm) ! n, n - Suc 0 := 0]
-= butlast lm @ 0 # rsa # 0\<up>(a_md - Suc (Suc n)) @ last lm # suf_lm"
-apply(simp add: nth_append list_update_append)
-apply(case_tac "a_md - Suc n", auto)
-done
-lemma [simp]:
-"Suc (Suc rs_pos) \<le> a_md \<and> length lm = rs_pos \<and> 0 < rs_pos
-\<Longrightarrow> a_md - Suc 0 <
-Suc (Suc (Suc (a_md + length suf_lm - Suc (Suc (Suc 0)))))"
-by arith
-lemma [simp]:
-"Suc (Suc rs_pos) \<le> a_md \<and> length lm = rs_pos \<and> 0 < rs_pos \<Longrightarrow>
-\<not> a_md - Suc 0 < rs_pos - Suc 0"
-by arith
-lemma [simp]: "Suc (Suc rs_pos) \<le> a_md \<Longrightarrow>
-\<not> a_md - Suc 0 < rs_pos - Suc 0"
-by arith
-lemma [simp]: "\<lbrakk>Suc (Suc rs_pos) \<le> a_md\<rbrakk> \<Longrightarrow>
-\<not> a_md - rs_pos < Suc (Suc (a_md - Suc (Suc rs_pos)))"
-by arith
-lemma [simp]:
-"Suc (Suc rs_pos) \<le> a_md \<and> length lm = rs_pos \<and> 0 < rs_pos
-\<Longrightarrow> (abc_lm_v (butlast lm @ last lm # rs # 0\<up>(a_md - Suc (Suc rs_pos)) @
-0 # suf_lm) (a_md - Suc 0) = 0 \<longrightarrow>
-abc_lm_s (butlast lm @ last lm # rs # 0\<up>(a_md - Suc (Suc rs_pos)) @
-0 # suf_lm) (a_md - Suc 0) 0 =
-lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm) \<and>
-abc_lm_v (butlast lm @ last lm # rs # 0\<up>(a_md - Suc (Suc rs_pos)) @
-0 # suf_lm) (a_md - Suc 0) = 0"
-apply(simp add: abc_lm_v.simps nth_append abc_lm_s.simps)
-apply(insert nth_append[of "last lm # rs # 0\<up>(a_md - Suc (Suc rs_pos))"
-"0 # suf_lm" "(a_md - rs_pos)"], auto)
-apply(simp only: exp_suc_iff)
-apply(subgoal_tac "a_md - Suc 0 < a_md + length suf_lm", simp)
-apply(case_tac "lm = []", auto)
-done
-lemma pr_prog_ex[simp]: "\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba); rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow> \<exists>cp. aprog = mv_box n (max (n + 3)
-(max bc ba)) [+] cp"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "(ab [+] (mv_box n (Suc n) [+]
-([Dec (max (n + 3) (max bc ba)) (length a + 7)]
-[+] (a [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)]))
-@ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]))" in exI)
-apply(auto simp: abc_append_commute)
-done
-lemma [simp]: "mv_box m n \<noteq> []"
-by (simp add: mv_box.simps)
-(*
-lemma [simp]: "\<lbrakk>rs_pos = n; 0 < rs_pos ; Suc rs_pos < a_md\<rbrakk> \<Longrightarrow>
-n - Suc 0 < a_md + length suf_lm"
-by arith
-*)
-lemma [intro]:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci f = (ab, ac, bc)\<rbrakk> \<Longrightarrow>
-\<exists>ap. (\<exists>cp. aprog = ap [+] ab [+] cp) \<and> length ap = 3"
-apply(case_tac "rec_ci g", simp add: rec_ci.simps)
-apply(rule_tac x = "mv_box n
-(max (n + 3) (max bc c))" in exI, simp)
-apply(rule_tac x = "mv_box n (Suc n) [+]
-([Dec (max (n + 3) (max bc c)) (length a + 7)]
-[+] a [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)])
-@ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]" in exI,
-auto)
-apply(simp add: abc_append_commute)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba);
-rec_ci f = (ab, ac, bc)\<rbrakk> \<Longrightarrow>
-\<exists>ap. (\<exists>cp. aprog = ap [+] mv_box n (Suc n) [+] cp)
-\<and> length ap = 3 + length ab"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "mv_box n (max (n + 3)
-(max bc ba)) [+] ab" in exI, simp)
-apply(rule_tac x = "([Dec (max (n + 3) (max bc ba))
-(length a + 7)] [+] a [+]
-[Inc n, Dec (Suc n) 3, Goto (Suc 0)]) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]" in exI)
-apply(auto simp: abc_append_commute)
-done
-lemma [intro]:
-"\<lbrakk>rec_ci (Pr n f g) = (aprog, rs_pos, a_md);
-rec_ci g = (a, aa, ba);
-rec_ci f = (ab, ac, bc)\<rbrakk>
-\<Longrightarrow> \<exists>ap. (\<exists>cp. aprog = ap [+] ([Dec (a_md - Suc 0) (length a + 7)]
-[+] (a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3,
-Goto (Suc 0)])) @ [Dec (Suc (Suc n)) 0, Inc (Suc n),
-Goto (length a + 4)] [+] cp) \<and>
-length ap = 6 + length ab"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "mv_box n
-(max (n + 3) (max bc ba)) [+] ab [+]
-mv_box n (Suc n)" in exI, simp)
-apply(rule_tac x = "[]" in exI, auto)
-apply(simp add: abc_append_commute)
-done
-lemma [simp]:
-"n < Suc (max (n + 3) (max bc ba) + length suf_lm) \<and>
-Suc (Suc n) < max (n + 3) (max bc ba) + length suf_lm \<and>
-bc < Suc (max (n + 3) (max bc ba) + length suf_lm) \<and>
-ba < Suc (max (n + 3) (max bc ba) + length suf_lm)"
-by arith
-lemma [simp]: "n \<noteq> max (n + (3::nat)) (max bc ba)"
-by arith
-lemma [simp]:"length lm = Suc n \<Longrightarrow> lm[n := (0::nat)] = butlast lm @ [0]"
-apply(subgoal_tac "\<exists> xs x. lm = xs @ [x]", auto simp: list_update_append)
-apply(rule_tac x = "butlast lm" in exI, rule_tac x = "last lm" in exI)
-apply(case_tac lm, auto)
-done
-lemma [simp]:  "length lm = Suc n \<Longrightarrow> lm ! n =last lm"
-apply(subgoal_tac "lm \<noteq> []")
-apply(simp add: last_conv_nth, case_tac lm, simp_all)
-done
-lemma [simp]: "length lm = Suc n \<Longrightarrow>
-(lm @ (0::nat)\<up>(max (n + 3) (max bc ba) - n) @ suf_lm)
-[max (n + 3) (max bc ba) := (lm @ 0\<up>(max (n + 3) (max bc ba) - n) @ suf_lm) ! n +
-(lm @ 0\<up>(max (n + 3) (max bc ba) - n) @ suf_lm) ! max (n + 3) (max bc ba), n := 0]
-= butlast lm @ 0 # 0\<up>(max (n + 3) (max bc ba) - Suc n) @ last lm # suf_lm"
-apply(auto simp: list_update_append nth_append)
-apply(subgoal_tac "(0\<up>(max (n + 3) (max bc ba) - n)) = 0\<up>(max (n + 3) (max bc ba) - Suc n) @ [0::nat]")
-apply(simp add: list_update_append)
-apply(simp add: exp_suc_iff)
-done
-lemma [simp]: "Suc (Suc n) < a_md \<Longrightarrow>
-n < Suc (Suc (a_md + length suf_lm - 2)) \<and>
-n < Suc (a_md + length suf_lm - 2)"
-by(arith)
-lemma [simp]: "\<lbrakk>length lm = Suc n; Suc (Suc n) < a_md\<rbrakk>
-\<Longrightarrow>(butlast lm @ (rsa::nat) # 0\<up>(a_md - Suc (Suc n)) @ last lm # suf_lm)
-[Suc n := (butlast lm @ rsa # 0\<up>(a_md - Suc (Suc n)) @ last lm # suf_lm) ! n +
-(butlast lm @ rsa # 0\<up>(a_md - Suc (Suc n)) @ last lm # suf_lm) ! Suc n, n := 0]
-= butlast lm @ 0 # rsa # 0\<up>(a_md - Suc (Suc (Suc n))) @ last lm # suf_lm"
-apply(auto simp: list_update_append)
-apply(subgoal_tac "(0\<up>(a_md - Suc (Suc n))) = (0::nat) # (0\<up>(a_md - Suc (Suc (Suc n))))", simp add: nth_append)
-apply(simp add: replicate_Suc[THEN sym])
-done
-lemma pr_case:
-assumes nf_ind:
-"\<And> lm rs suf_lm. rec_calc_rel f lm rs \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(bc - ac) @ suf_lm) ab stp =
-(length ab, lm @ rs # 0\<up>(bc - Suc ac) @ suf_lm)"
-and ng_ind: "\<And> lm rs suf_lm. rec_calc_rel g lm rs \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(ba - aa) @ suf_lm) a stp =
-(length a, lm @ rs # 0\<up>(ba - Suc aa) @ suf_lm)"
-and h: "rec_ci (Pr n f g) = (aprog, rs_pos, a_md)"  "rec_calc_rel (Pr n f g) lm rs"
-"rec_ci g = (a, aa, ba)" "rec_ci f = (ab, ac, bc)"
-shows "\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp = (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-proof -
-from h have k1: "\<exists> stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (3, butlast lm @ 0 # 0\<up>(a_md - rs_pos - 1) @ last lm # suf_lm)"
-proof -
-have "\<exists>bp cp. aprog = bp [+] cp \<and> bp = mv_box n
-(max (n + 3) (max bc ba))"
-apply(insert h, simp)
-apply(erule pr_prog_ex, auto)
-done
-thus "?thesis"
-apply(erule_tac exE, erule_tac exE, simp)
-apply(subgoal_tac
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm)
-([] [+] mv_box n
-(max (n + 3) (max bc ba)) [+] cp) stp =
-(0 + 3, butlast lm @ 0 # 0\<up>(a_md - Suc rs_pos) @
-last lm # suf_lm)", simp)
-apply(rule_tac abc_append_exc1, simp_all)
-apply(insert mv_box_ex[of "n" "(max (n + 3)
-(max bc ba))" "lm @ 0\<up>(a_md - rs_pos) @ suf_lm"], simp)
-apply(subgoal_tac "a_md = Suc (max (n + 3) (max bc ba))",
-simp)
-apply(subgoal_tac "length lm = Suc n \<and> rs_pos = Suc n", simp)
-apply(insert h)
-apply(simp add: para_pattern ci_pr_para_eq)
-apply(rule ci_pr_md_def, auto)
-done
-qed
-from h have k2:
-"\<exists> stp. abc_steps_l (3,  butlast lm @ 0 # 0\<up>(a_md - rs_pos - 1) @
-last lm # suf_lm) aprog stp
-= (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-proof -
-from h have k2_1: "\<exists> rs. rec_calc_rel f (butlast lm) rs"
-apply(erule_tac calc_pr_zero_ex)
-done
-thus "?thesis"
-proof(erule_tac exE)
-fix rsa
-assume k2_2: "rec_calc_rel f (butlast lm) rsa"
-from h and k2_2 have k2_2_1:
-"\<exists> stp. abc_steps_l (3, butlast lm @ 0 # 0\<up>(a_md - rs_pos - 1)
-@ last lm # suf_lm) aprog stp
-= (3 + length ab, butlast lm @ rsa # 0\<up>(a_md - rs_pos - 1) @
-last lm # suf_lm)"
-proof -
-	from h have j1: "
-\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap = 3 \<and>
-bp = ab"
-	  apply(auto)
-	  done
-	from h have j2: "ac = rs_pos - 1"
-	  apply(drule_tac ci_pr_f_paras, simp, auto)
-	  done
-	from h and j2 have j3: "a_md \<ge> Suc bc \<and> rs_pos > 0 \<and> bc \<ge> rs_pos"
-	  apply(rule_tac conjI)
-	  apply(erule_tac ab = ab and ac = ac in ci_pr_md_ge_f, simp)
-	  apply(rule_tac context_conjI)
-apply(simp_all add: rec_ci.simps)
-	  apply(drule_tac ci_ad_ge_paras, drule_tac ci_ad_ge_paras)
-	  apply(arith)
-	  done
-	from j1 and j2 show "?thesis"
-	  apply(auto simp del: abc_append_commute)
-	  apply(rule_tac abc_append_exc1, simp_all)
-	  apply(insert nf_ind[of "butlast lm" "rsa"
-"0\<up>(a_md - bc - Suc 0) @ last lm # suf_lm"],
-simp add: k2_2 j2, erule_tac exE)
-	  apply(simp add: exponent_add_iff j3)
-	  apply(rule_tac x = "stp" in exI, simp)
-	  done
-qed
-from h have k2_2_2:
-"\<exists> stp. abc_steps_l (3 + length ab, butlast lm @ rsa #
-0\<up>(a_md - rs_pos - 1) @ last lm # suf_lm) aprog stp
-= (6 + length ab, butlast lm @ 0 # rsa #
-0\<up>(a_md - rs_pos - 2) @ last lm # suf_lm)"
-proof -
-	from h have "\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = 3 + length ab \<and> bp = mv_box n (Suc n)"
-	  by auto
-	thus "?thesis"
-	proof(erule_tac exE, erule_tac exE, erule_tac exE,
-erule_tac exE)
-	  fix ap cp bp apa
-	  assume "aprog = ap [+] bp [+] cp \<and> length ap = 3 +
-length ab \<and> bp = mv_box n (Suc n)"
-	  thus "?thesis"
-	    apply(simp del: abc_append_commute)
-	    apply(subgoal_tac
-"\<exists>stp. abc_steps_l (3 + length ab,
-butlast lm @ rsa # 0\<up>(a_md - Suc rs_pos) @
-last lm # suf_lm) (ap [+]
-mv_box n (Suc n) [+] cp) stp =
-((3 + length ab) + 3, butlast lm @ 0 # rsa #
-0\<up>(a_md - Suc (Suc rs_pos)) @ last lm # suf_lm)", simp)
-	    apply(rule_tac abc_append_exc1, simp_all)
-	    apply(insert mv_box_ex[of n "Suc n"
-"butlast lm @ rsa # 0\<up>(a_md - Suc rs_pos) @
-last lm # suf_lm"], simp)
-	    apply(subgoal_tac "length lm = Suc n \<and> rs_pos = Suc n \<and> a_md > Suc (Suc n)", simp)
-	    apply(insert h, simp)
-done
-	qed
-qed
-from h have k2_3: "lm \<noteq> []"
-	apply(rule_tac calc_pr_para_not_null, simp)
-	done
-from h and k2_2 and k2_3 have k2_2_3:
-"\<exists> stp. abc_steps_l (6 + length ab, butlast lm @
-(last lm - last lm) # rsa #
-0\<up>(a_md - (Suc (Suc rs_pos))) @ last lm # suf_lm) aprog stp
-= (6 + length ab, butlast lm @ last lm # rs #
-0\<up>(a_md - Suc (Suc (rs_pos))) @ 0 # suf_lm)"
-	apply(rule_tac x = "last lm" and g = g in pr_cycle_part, auto)
-	apply(rule_tac ng_ind, simp)
-	apply(rule_tac rec_calc_rel_def0, simp, simp)
-	done
-from h  have k2_2_4:
-"\<exists> stp. abc_steps_l (6 + length ab,
-butlast lm @ last lm # rs # 0\<up>(a_md - rs_pos - 2) @
-0 # suf_lm) aprog stp
-= (13 + length ab + length a,
-lm @ rs # 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-proof -
-	from h have
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = 6 + length ab \<and>
-bp = ([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0),
-Dec rs_pos 3, Goto (Suc 0)])) @
-[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length a + 4)]"
-	  by auto
-	thus "?thesis"
-	  apply(auto)
-	  apply(subgoal_tac
-"\<exists>stp. abc_steps_l (6 + length ab, butlast lm @
-last lm # rs # 0\<up>(a_md - Suc (Suc rs_pos)) @ 0 # suf_lm)
-(ap [+] ([Dec (a_md - Suc 0) (length a + 7)] [+]
-(a [+] [Inc (rs_pos - Suc 0), Dec rs_pos 3,
-Goto (Suc 0)])) @ [Dec (Suc (Suc n)) 0, Inc (Suc n),
-Goto (length a + 4)] [+] cp) stp =
-(6 + length ab + (length a + 7) ,
-lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)", simp)
-	  apply(subgoal_tac "13 + (length ab + length a) =
-13 + length ab + length a", simp)
-	  apply(arith)
-	  apply(rule abc_append_exc1, simp_all)
-	  apply(rule_tac x = "Suc 0" in exI,
-simp add: abc_steps_l.simps abc_fetch.simps
-nth_append abc_append_nth abc_step_l.simps)
-	  apply(subgoal_tac "a_md > Suc (Suc rs_pos) \<and>
-length lm = rs_pos \<and> rs_pos > 0", simp)
-	  apply(insert h, simp)
-	  apply(subgoal_tac "rs_pos = Suc n", simp, simp)
-done
-qed
-from h have k2_2_5: "length aprog = 13 + length ab + length a"
-	apply(rule_tac ci_pr_length, simp_all)
-	done
-from k2_2_1 and k2_2_2 and k2_2_3 and k2_2_4 and k2_2_5
-show "?thesis"
-	apply(auto)
-	apply(rule_tac x = "stp + stpa + stpb + stpc" in exI,
-simp add: abc_steps_add)
-	done
-qed
-qed
-from k1 and k2 show
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(erule_tac exE)
-apply(erule_tac exE)
-apply(rule_tac x = "stp + stpa" in exI)
-apply(simp add: abc_steps_add)
-done
-qed
-lemma eq_switch: "x = y \<Longrightarrow> y = x"
-by simp
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk> \<Longrightarrow> \<exists>bp. aprog = a @ bp"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "[Dec (Suc n) (length a + 5),
-Dec (Suc n) (length a + 3), Goto (Suc (length a)),
-Inc n, Goto 0]" in exI, auto)
-done
-lemma ci_mn_para_eq[simp]:
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md) \<Longrightarrow> rs_pos = n"
-apply(case_tac "rec_ci f", simp add: rec_ci.simps)
-done
-lemma [simp]: "rec_ci f = (a, aa, ba) \<Longrightarrow> aa < ba"
-apply(simp add: ci_ad_ge_paras)
-done
-lemma [simp]: "\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> ba \<le> a_md"
-apply(simp add: rec_ci.simps)
-by arith
-lemma mn_calc_f:
-assumes ind:
-"\<And>aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>rec_ci f = (aprog, rs_pos, a_md); rec_calc_rel f lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h: "rec_ci f = (a, aa, ba)"
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel f (lm @ [x]) rsx"
-"aa = Suc n"
-shows "\<exists>stp. abc_steps_l (0, lm @ x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (length a,
-lm @ x # rsx # 0\<up>(a_md - Suc (Suc rs_pos)) @ suf_lm)"
-proof -
-from h have k1: "\<exists> ap bp. aprog = ap @ bp \<and> ap = a"
-by simp
-from h have k2: "rs_pos = n"
-apply(erule_tac ci_mn_para_eq)
-done
-from h and k1 and k2 show "?thesis"
-proof(erule_tac exE, erule_tac exE, simp,
-rule_tac abc_add_exc1, auto)
-fix bp
-show
-"\<exists>astp. abc_steps_l (0, lm @ x # 0\<up>(a_md - Suc n) @ suf_lm) a astp
-= (length a, lm @ x # rsx # 0\<up>(a_md - Suc (Suc n)) @ suf_lm)"
-apply(insert ind[of a "Suc n" ba  "lm @ [x]" rsx
-"0\<up>(a_md - ba) @ suf_lm"], simp add: exponent_add_iff h k2)
-apply(subgoal_tac "ba > aa \<and> a_md \<ge> ba \<and> aa = Suc n",
-insert h, auto)
-done
-qed
-qed
-fun mn_ind_inv ::
-"nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat list \<Rightarrow> nat list \<Rightarrow> bool"
-where
-"mn_ind_inv (as, lm') ss x rsx suf_lm lm =
-(if as = ss then lm' = lm @ x # rsx # suf_lm
-else if as = ss + 1 then
-\<exists>y. (lm' = lm @ x # y # suf_lm) \<and> y \<le> rsx
-else if as = ss + 2 then
-\<exists>y. (lm' = lm @ x # y # suf_lm) \<and> y \<le> rsx
-else if as = ss + 3 then lm' = lm @ x # 0 # suf_lm
-else if as = ss + 4 then lm' = lm @ Suc x # 0 # suf_lm
-else if as = 0 then lm' = lm @ Suc x # 0 # suf_lm
-else False
-)"
-fun mn_stage1 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mn_stage1 (as, lm) ss n =
-(if as = 0 then 0
-else if as = ss + 4 then 1
-else if as = ss + 3 then 2
-else if as = ss + 2 \<or> as = ss + 1 then 3
-else if as = ss then 4
-else 0
-)"
-fun mn_stage2 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mn_stage2 (as, lm) ss n =
-(if as = ss + 1 \<or> as = ss + 2 then (lm ! (Suc n))
-else 0)"
-fun mn_stage3 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-where
-"mn_stage3 (as, lm) ss n = (if as = ss + 2 then 1 else 0)"
-fun mn_measure :: "((nat \<times> nat list) \<times> nat \<times> nat) \<Rightarrow>
-(nat \<times> nat \<times> nat)"
-where
-"mn_measure ((as, lm), ss, n) =
-(mn_stage1 (as, lm) ss n, mn_stage2 (as, lm) ss n,
-mn_stage3 (as, lm) ss n)"
-definition mn_LE :: "(((nat \<times> nat list) \<times> nat \<times> nat) \<times>
-((nat \<times> nat list) \<times> nat \<times> nat)) set"
-where "mn_LE \<equiv> (inv_image lex_triple mn_measure)"
-lemma wf_mn_le[intro]: "wf mn_LE"
-by(auto intro:wf_inv_image wf_lex_triple simp: mn_LE_def)
-declare mn_ind_inv.simps[simp del]
-lemma mn_inv_init:
-"mn_ind_inv (abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog 0)
-(length a) x rsx suf_lm lm"
-apply(simp add: mn_ind_inv.simps abc_steps_zero)
-done
-lemma mn_halt_init:
-"rec_ci f = (a, aa, ba) \<Longrightarrow>
-\<not> (\<lambda>(as, lm') (ss, n). as = 0)
-(abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog 0)
-(length a, n)"
-apply(simp add: abc_steps_zero)
-apply(erule_tac rec_ci_not_null)
-done
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> abc_fetch (length a) aprog =
-Some (Dec (Suc n) (length a + 5))"
-apply(simp add: rec_ci.simps abc_fetch.simps,
-erule_tac conjE, erule_tac conjE, simp)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp)
-done
-lemma [simp]: "\<lbrakk>rec_ci f = (a, aa, ba); rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> abc_fetch (Suc (length a)) aprog = Some (Dec (Suc n) (length a + 3))"
-apply(simp add: rec_ci.simps abc_fetch.simps, erule_tac conjE, erule_tac conjE, simp)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp add: nth_append)
-done
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> abc_fetch (Suc (Suc (length a))) aprog =
-Some (Goto (length a + 1))"
-apply(simp add: rec_ci.simps abc_fetch.simps,
-erule_tac conjE, erule_tac conjE, simp)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp add: nth_append)
-done
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> abc_fetch (length a + 3) aprog = Some (Inc n)"
-apply(simp add: rec_ci.simps abc_fetch.simps,
-erule_tac conjE, erule_tac conjE, simp)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp add: nth_append)
-done
-lemma [simp]: "\<lbrakk>rec_ci f = (a, aa, ba); rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> abc_fetch (length a + 4) aprog = Some (Goto 0)"
-apply(simp add: rec_ci.simps abc_fetch.simps, erule_tac conjE, erule_tac conjE, simp)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp add: nth_append)
-done
-lemma [simp]:
-"0 < rsx
-\<Longrightarrow> \<exists>y. (lm @ x # rsx # suf_lm)[Suc (length lm) := rsx - Suc 0]
-= lm @ x # y # suf_lm \<and> y \<le> rsx"
-apply(case_tac rsx, simp, simp)
-apply(rule_tac x = nat in exI, simp add: list_update_append)
-done
-lemma [simp]:
-"\<lbrakk>y \<le> rsx; 0 < y\<rbrakk>
-\<Longrightarrow> \<exists>ya. (lm @ x # y # suf_lm)[Suc (length lm) := y - Suc 0]
-= lm @ x # ya # suf_lm \<and> ya \<le> rsx"
-apply(case_tac y, simp, simp)
-apply(rule_tac x = nat in exI, simp add: list_update_append)
-done
-lemma mn_halt_lemma:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-0 < rsx; length lm = n\<rbrakk>
-\<Longrightarrow>
-\<forall>na. \<not> (\<lambda>(as, lm') (ss, n). as = 0)
-(abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog na)
-(length a, n)
-\<and> mn_ind_inv (abc_steps_l (length a, lm @ x # rsx # suf_lm)
-aprog na) (length a) x rsx suf_lm lm
-\<longrightarrow> mn_ind_inv (abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog
-(Suc na)) (length a) x rsx suf_lm lm
-\<and> ((abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog (Suc na),
-length a, n),
-abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog na,
-length a, n) \<in> mn_LE"
-apply(rule allI, rule impI, simp add: abc_steps_ind)
-apply(case_tac "(abc_steps_l (length a, lm @ x # rsx # suf_lm)
-aprog na)", simp)
-apply(auto split:if_splits simp add:abc_steps_l.simps
-mn_ind_inv.simps abc_steps_zero)
-apply(auto simp add: mn_LE_def lex_triple_def lex_pair_def
-abc_step_l.simps abc_steps_l.simps mn_ind_inv.simps
-abc_lm_v.simps abc_lm_s.simps nth_append
-split: if_splits)
-apply(drule_tac  rec_ci_not_null, simp)
-done
-lemma mn_halt:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-0 < rsx; length lm = n\<rbrakk>
-\<Longrightarrow> \<exists> stp. (\<lambda> (as, lm'). (as = 0 \<and>
-mn_ind_inv (as, lm')  (length a) x rsx suf_lm lm))
-(abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog stp)"
-apply(insert wf_mn_le)
-apply(insert halt_lemma2[of mn_LE
-"\<lambda> ((as, lm'), ss, n). mn_ind_inv (as, lm') ss x rsx suf_lm lm"
-"\<lambda> stp. (abc_steps_l (length a, lm @ x # rsx # suf_lm) aprog stp,
-length a, n)"
-"\<lambda> ((as, lm'), ss, n). as = 0"],
-simp)
-apply(simp add: mn_halt_init mn_inv_init)
-apply(drule_tac x = x and suf_lm = suf_lm in mn_halt_lemma, auto)
-apply(rule_tac x = n in exI,
-case_tac "(abc_steps_l (length a, lm @ x # rsx # suf_lm)
-aprog n)", simp)
-done
-lemma [simp]: "Suc rs_pos < a_md \<Longrightarrow>
-Suc (a_md - Suc (Suc rs_pos)) = a_md - Suc rs_pos"
-by arith
-lemma mn_ind_step:
-assumes ind:
-"\<And>aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>rec_ci f = (aprog, rs_pos, a_md);
-rec_calc_rel f lm rs\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h: "rec_ci f = (a, aa, ba)"
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel f (lm @ [x]) rsx"
-"rsx > 0"
-"Suc rs_pos < a_md"
-"aa = Suc rs_pos"
-shows "\<exists>stp. abc_steps_l (0, lm @ x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (0, lm @ Suc x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-proof -
-have k1:
-"\<exists> stp. abc_steps_l (0, lm @ x #  0\<up>(a_md - Suc (rs_pos)) @ suf_lm)
-aprog stp =
-(length a, lm @ x # rsx # 0\<up>(a_md  - Suc (Suc rs_pos)) @ suf_lm)"
-apply(insert h)
-apply(auto intro: mn_calc_f ind)
-done
-from h have k2: "length lm = n"
-apply(subgoal_tac "rs_pos = n")
-apply(drule_tac  para_pattern, simp, simp, simp)
-done
-from h have k3: "a_md > (Suc rs_pos)"
-apply(simp)
-done
-from k2 and h and k3 have k4:
-"\<exists> stp. abc_steps_l (length a,
-lm @ x # rsx # 0\<up>(a_md  - Suc (Suc rs_pos)) @ suf_lm) aprog stp =
-(0, lm @ Suc x # 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(frule_tac x = x and
-suf_lm = "0\<up>(a_md - Suc (Suc rs_pos)) @ suf_lm" in mn_halt, auto)
-apply(rule_tac x = "stp" in exI,
-simp add: mn_ind_inv.simps rec_ci_not_null)
-apply(simp only: replicate.simps[THEN sym], simp)
-done
-from k1 and k4 show "?thesis"
-apply(auto)
-apply(rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add)
-done
-qed
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba); rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-rec_calc_rel (Mn n f) lm rs\<rbrakk> \<Longrightarrow> aa = Suc rs_pos"
-apply(rule_tac calc_mn_reverse, simp)
-apply(insert para_pattern [of f a aa ba "lm @ [rs]" 0], simp)
-apply(subgoal_tac "rs_pos = length lm", simp)
-apply(drule_tac ci_mn_para_eq, simp)
-done
-lemma [simp]: "\<lbrakk>rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-rec_calc_rel (Mn n f) lm rs\<rbrakk>  \<Longrightarrow> Suc rs_pos < a_md"
-apply(case_tac "rec_ci f")
-apply(subgoal_tac "c > b \<and> b = Suc rs_pos \<and> a_md \<ge> c")
-apply(arith, auto)
-done
-lemma mn_ind_steps:
-assumes ind:
-"\<And>aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>rec_ci f = (aprog, rs_pos, a_md); rec_calc_rel f lm rs\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h: "rec_ci f = (a, aa, ba)"
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Mn n f) lm rs"
-"rec_calc_rel f (lm @ [rs]) 0"
-"\<forall>x<rs. (\<exists> v. rec_calc_rel f (lm @ [x]) v \<and> 0 < v)"
-"n = length lm"
-"x \<le> rs"
-shows "\<exists>stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (0, lm @ x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(insert h, induct x,
-rule_tac x = 0 in exI, simp add: abc_steps_zero, simp)
-proof -
-fix x
-assume k1:
-"\<exists>stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (0, lm @ x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-and k2: "rec_ci (Mn (length lm) f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Mn (length lm) f) lm rs"
-"rec_calc_rel f (lm @ [rs]) 0"
-"\<forall>x<rs.(\<exists> v. rec_calc_rel f (lm @ [x]) v \<and> v > 0)"
-"n = length lm"
-"Suc x \<le> rs"
-"rec_ci f = (a, aa, ba)"
-hence k2:
-"\<exists>stp. abc_steps_l (0, lm @ x # 0\<up>(a_md - rs_pos - 1) @ suf_lm) aprog
-stp = (0, lm @ Suc x # 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(erule_tac x = x in allE)
-apply(auto)
-apply(rule_tac  x = x in mn_ind_step)
-apply(rule_tac ind, auto)
-done
-from k1 and k2 show
-"\<exists>stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (0, lm @ Suc x # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(auto)
-apply(rule_tac x = "stp + stpa" in exI, simp only: abc_steps_add)
-done
-qed
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-rec_calc_rel (Mn n f) lm rs;
-length lm = n\<rbrakk>
-\<Longrightarrow> abc_lm_v (lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm) (Suc n) = 0"
-apply(auto simp: abc_lm_v.simps nth_append)
-done
-lemma [simp]:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md);
-rec_calc_rel (Mn n f) lm rs;
-length lm = n\<rbrakk>
-\<Longrightarrow> abc_lm_s (lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm) (Suc n) 0 =
-lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm"
-apply(auto simp: abc_lm_s.simps list_update_append)
-done
-lemma mn_length:
-"\<lbrakk>rec_ci f = (a, aa, ba);
-rec_ci (Mn n f) = (aprog, rs_pos, a_md)\<rbrakk>
-\<Longrightarrow> length aprog = length a + 5"
-apply(simp add: rec_ci.simps, erule_tac conjE)
-apply(drule_tac eq_switch, drule_tac eq_switch, simp)
-done
-lemma mn_final_step:
-assumes ind:
-"\<And>aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>rec_ci f = (aprog, rs_pos, a_md);
-rec_calc_rel f lm rs\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h: "rec_ci f = (a, aa, ba)"
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Mn n f) lm rs"
-"rec_calc_rel f (lm @ [rs]) 0"
-shows "\<exists>stp. abc_steps_l (0, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-proof -
-from h and ind have k1:
-"\<exists>stp.  abc_steps_l (0, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (length a,  lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(insert mn_calc_f[of f a aa ba n aprog
-rs_pos a_md lm rs 0 suf_lm], simp)
-apply(subgoal_tac "aa = Suc n", simp add: exponent_cons_iff)
-apply(subgoal_tac "rs_pos = n", simp, simp)
-done
-from h have k2: "length lm = n"
-apply(subgoal_tac "rs_pos = n")
-apply(drule_tac f = "Mn n f" in para_pattern, simp, simp, simp)
-done
-from h and k2 have k3:
-"\<exists>stp. abc_steps_l (length a, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stp = (length a + 5, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(rule_tac x = "Suc 0" in exI,
-simp add: abc_step_l.simps abc_steps_l.simps)
-done
-from h have k4: "length aprog = length a + 5"
-apply(simp add: mn_length)
-done
-from k1 and k3 and k4 show "?thesis"
-apply(auto)
-apply(rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add)
-done
-qed
-lemma mn_case:
-assumes ind:
-"\<And>aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>rec_ci f = (aprog, rs_pos, a_md); rec_calc_rel f lm rs\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h: "rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Mn n f) lm rs"
-shows "\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(case_tac "rec_ci f", simp)
-apply(insert h, rule_tac calc_mn_reverse, simp)
-proof -
-fix a b c v
-assume h: "rec_ci f = (a, b, c)"
-"rec_ci (Mn n f) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Mn n f) lm rs"
-"rec_calc_rel f (lm @ [rs]) 0"
-"\<forall>x<rs. \<exists>v. rec_calc_rel f (lm @ [x]) v \<and> 0 < v"
-"n = length lm"
-hence k1:
-"\<exists>stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm) aprog
-stp = (0, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(auto intro: mn_ind_steps ind)
-done
-from h have k2:
-"\<exists>stp. abc_steps_l (0, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm) aprog
-stp = (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(auto intro: mn_final_step ind)
-done
-from k1 and k2 show
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(auto, insert h)
-apply(subgoal_tac "Suc rs_pos < a_md")
-apply(rule_tac x = "stp + stpa" in exI,
-simp only: abc_steps_add exponent_cons_iff, simp, simp)
-done
-qed
-lemma z_rs: "rec_calc_rel z lm rs \<Longrightarrow> rs = 0"
-apply(rule_tac calc_z_reverse, auto)
-done
-lemma z_case:
-"\<lbrakk>rec_ci z = (aprog, rs_pos, a_md); rec_calc_rel z lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(simp add: rec_ci.simps rec_ci_z_def, auto)
-apply(rule_tac x = "Suc 0" in exI, simp add: abc_steps_l.simps
-abc_fetch.simps abc_step_l.simps z_rs)
-done
 fun addition_inv :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow>
 nat list \<Rightarrow> bool"
 where
 "addition_inv (as, lm') m n p lm =
 definition addition_LE :: "(((nat \<times> nat list) \<times> nat \<times> nat) \<times>
 ((nat \<times> nat list) \<times> nat \<times> nat)) set"
 where "addition_LE \<equiv> (inv_image lex_triple addition_measure)"
 lemma [simp]: "wf addition_LE"
-by(simp add: wf_inv_image wf_lex_triple addition_LE_def)
+by(auto simp: wf_inv_image addition_LE_def lex_triple_def
+lex_pair_def)
 declare addition_inv.simps[simp del]
 lemma addition_inv_init:
 "\<lbrakk>m \<noteq> n; max m n < p; length lm > p; lm ! p = 0\<rbrakk> \<Longrightarrow>
 addition_inv (0, lm) m n p lm"
-apply(simp add: addition_inv.simps)
+apply(simp add: addition_inv.simps Let_def)
 apply(rule_tac x = "lm ! m" in exI, simp)
 done
 lemma [simp]: "abc_fetch 0 (addition m n p) = Some (Dec m 4)"
 by(simp add: abc_fetch.simps addition.simps)
 p := lm ! m - Suc x]
 = lm[m := xa, n := lm ! n + lm ! m, p := lm ! m - xa]"
 apply(rule_tac x = "Suc x" in exI, simp)
 done
+lemma abc_steps_zero: "abc_steps_l asm ap 0 = asm"
+apply(case_tac asm, simp add: abc_steps_l.simps)
+done
+declare Let_def[simp]
 lemma addition_halt_lemma:
 "\<lbrakk>m \<noteq> n; max m n < p; length lm > p; lm ! p = 0\<rbrakk> \<Longrightarrow>
 \<forall>na. \<not> (\<lambda>(as, lm') (m, p). as = 7)
 (abc_steps_l (0, lm) (addition m n p) na) (m, p) \<and>
 addition_inv (abc_steps_l (0, lm) (addition m n p) na) m n p lm
 \<longrightarrow> addition_inv (abc_steps_l (0, lm) (addition m n p)
 (Suc na)) m n p lm
 \<and> ((abc_steps_l (0, lm) (addition m n p) (Suc na), m, p),
 abc_steps_l (0, lm) (addition m n p) na, m, p) \<in> addition_LE"
-apply(rule allI, rule impI, simp add: abc_steps_ind)
+apply(rule allI, rule impI, simp add: abc_step_red2)
 apply(case_tac "(abc_steps_l (0, lm) (addition m n p) na)", simp)
 apply(auto split:if_splits simp add: addition_inv.simps
 abc_steps_zero)
-apply(simp_all add: abc_steps_l.simps abc_steps_zero)
+apply(simp_all add: addition.simps abc_steps_l.simps)
 apply(auto simp add: addition_LE_def lex_triple_def lex_pair_def
 abc_step_l.simps addition_inv.simps
 abc_lm_v.simps abc_lm_s.simps nth_append
 split: if_splits)
-apply(rule_tac x = x in exI, simp)
+apply(rule_tac [!] x = x in exI, simp_all add: list_update_overwrite Suc_diff_Suc)
-done
+by (metis list_update_overwrite list_update_swap nat_neq_iff)
-lemma  addition_ex:
+lemma  addition_correct':
 "\<lbrakk>m \<noteq> n; max m n < p; length lm > p; lm ! p = 0\<rbrakk> \<Longrightarrow>
 \<exists> stp. (\<lambda> (as, lm'). as = 7 \<and> addition_inv (as, lm') m n p lm)
 (abc_steps_l (0, lm) (addition m n p) stp)"
 apply(insert halt_lemma2[of addition_LE
 "\<lambda> ((as, lm'), m, p). addition_inv (as, lm') m n p lm"
 simp, erule_tac exE)
 apply(rule_tac x = na in exI,
 case_tac "(abc_steps_l (0, lm) (addition m n p) na)", auto)
 done
-lemma [simp]: "length (addition m n p) = 7"
+lemma length_addition[simp]: "length (addition a b c) = 7"
-by (simp add: addition.simps)
+by(auto simp: addition.simps)
-lemma [elim]: "addition 0 (Suc 0) 2 = [] \<Longrightarrow> RR"
+lemma addition_correct:
-by(simp add: addition.simps)
+"\<lbrakk>m \<noteq> n; max m n < p; length lm > p; lm ! p = 0\<rbrakk>
+\<Longrightarrow> {\<lambda> a. a = lm} (addition m n p) {\<lambda> nl. addition_inv (7, nl) m n p lm}"
-lemma [simp]: "(0\<up>2)[0 := n] = [n, 0::nat]"
+using assms
-apply(subgoal_tac "2 = Suc 1",
+proof(rule_tac abc_Hoare_haltI, simp)
-simp only: replicate.simps)
+fix lma
-apply(auto)
+assume "m \<noteq> n" "m < p \<and> n < p" "p < length lm" "lm ! p = 0"
-done
+then have "\<exists> stp. (\<lambda> (as, lm'). as = 7 \<and> addition_inv (as, lm') m n p lm)
+(abc_steps_l (0, lm) (addition m n p) stp)"
-lemma [simp]:
+by(rule_tac addition_correct', auto simp: addition_inv.simps)
-"\<exists>stp. abc_steps_l (0, n # 0\<up>2 @ suf_lm)
+thus "\<exists>na. abc_final (abc_steps_l (0, lm) (addition m n p) na) (addition m n p) \<and>
-(addition 0 (Suc 0) 2 [+] [Inc (Suc 0)]) stp =
+(\<lambda>nl. addition_inv (7, nl) m n p lm) abc_holds_for abc_steps_l (0, lm) (addition m n p) na"
-(8, n # Suc n # 0 # suf_lm)"
+apply(erule_tac exE)
-apply(rule_tac bm = "n # n # 0 # suf_lm" in abc_append_exc2, auto)
+apply(rule_tac x = stp in exI)
-apply(insert addition_ex[of 0 "Suc 0" 2 "n # 0\<up>2 @ suf_lm"],
+apply(auto)
-simp add: nth_append numeral_2_eq_2, erule_tac exE)
+done
-apply(rule_tac x = stp in exI,
+qed
-case_tac "(abc_steps_l (0, n # 0\<up>2 @ suf_lm)
-(addition 0 (Suc 0) 2) stp)",
+lemma compile_s_correct':
-simp add: addition_inv.simps nth_append list_update_append numeral_2_eq_2)
+"{\<lambda>nl. nl = n # 0 \<up> 2 @ anything} addition 0 (Suc 0) 2 [+] [Inc (Suc 0)] {\<lambda>nl. nl = n # Suc n # 0 # anything}"
-apply(simp add: nth_append numeral_2_eq_2, erule_tac exE)
+proof(rule_tac abc_Hoare_plus_halt)
-apply(rule_tac x = "Suc 0" in exI,
+show "{\<lambda>nl. nl = n # 0 \<up> 2 @ anything} addition 0 (Suc 0) 2 {\<lambda> nl. addition_inv (7, nl) 0 (Suc 0) 2 (n # 0 \<up> 2 @ anything)}"
-simp add: abc_steps_l.simps abc_fetch.simps
+by(rule_tac addition_correct, auto simp: numeral_2_eq_2)
-abc_steps_zero abc_step_l.simps abc_lm_s.simps abc_lm_v.simps)
+next
-done
+show "{\<lambda>nl. addition_inv (7, nl) 0 (Suc 0) 2 (n # 0 \<up> 2 @ anything)} [Inc (Suc 0)] {\<lambda>nl. nl = n # Suc n # 0 # anything}"
+by(rule_tac abc_Hoare_haltI, rule_tac x = 1 in exI, auto simp: addition_inv.simps
-lemma s_case:
+abc_steps_l.simps abc_step_l.simps abc_fetch.simps numeral_2_eq_2 abc_lm_s.simps abc_lm_v.simps)
-"\<lbrakk>rec_ci s = (aprog, rs_pos, a_md); rec_calc_rel s lm rs\<rbrakk>
+qed
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
+declare rec_exec.simps[simp del]
-apply(simp add: rec_ci.simps rec_ci_s_def, auto)
-apply(rule_tac calc_s_reverse, auto)
+lemma abc_comp_commute: "(A [+] B) [+] C = A [+] (B [+] C)"
-done
+apply(auto simp: abc_comp.simps abc_shift.simps)
+apply(case_tac x, auto)
-lemma [simp]:
+done
-"\<lbrakk>n < length lm; lm ! n = rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0 # 0 #suf_lm)
-(addition n (length lm) (Suc (length lm))) stp
-= (7, lm @ rs # 0 # suf_lm)"
+lemma compile_z_correct:
-apply(insert addition_ex[of n "length lm"
+"\<lbrakk>rec_ci z = (ap, arity, fp); rec_exec z [n] = r\<rbrakk> \<Longrightarrow>
-"Suc (length lm)" "lm @ 0 # 0 # suf_lm"])
+{\<lambda>nl. nl = n # 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = n # r # 0 \<up> (fp - Suc arity) @ anything}"
-apply(simp add: nth_append, erule_tac exE)
+apply(rule_tac abc_Hoare_haltI)
-apply(rule_tac x = stp in exI)
+apply(rule_tac x = 1 in exI)
-apply(case_tac "abc_steps_l (0, lm @ 0 # 0 # suf_lm) (addition n (length lm)
+apply(auto simp: abc_steps_l.simps rec_ci.simps rec_ci_z_def
-(Suc (length lm))) stp", simp)
+numeral_2_eq_2 abc_fetch.simps abc_step_l.simps rec_exec.simps)
-apply(simp add: addition_inv.simps)
+done
-apply(insert nth_append[of lm "0 # 0 # suf_lm" "n"], simp)
-done
+lemma compile_s_correct:
+"\<lbrakk>rec_ci s = (ap, arity, fp); rec_exec s [n] = r\<rbrakk> \<Longrightarrow>
-lemma [simp]: "0\<up>2 = [0, 0::nat]"
+{\<lambda>nl. nl = n # 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = n # r # 0 \<up> (fp - Suc arity) @ anything}"
-apply(auto simp:numeral_2_eq_2)
+apply(auto simp: rec_ci.simps rec_ci_s_def compile_s_correct' rec_exec.simps)
 done
-lemma id_case:
+lemma compile_id_correct':
-"\<lbrakk>rec_ci (id m n) = (aprog, rs_pos, a_md);
+assumes "n < length args"
-rec_calc_rel (id m n) lm rs\<rbrakk>
+shows "{\<lambda>nl. nl = args @ 0 \<up> 2 @ anything} addition n (length args) (Suc (length args))
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
+{\<lambda>nl. nl = args @ rec_exec (recf.id (length args) n) args # 0 # anything}"
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(simp add: rec_ci.simps rec_ci_id.simps, auto)
-apply(rule_tac calc_id_reverse, simp, simp)
-done
-lemma list_tl_induct:
-"\<lbrakk>P []; \<And>a list. P list \<Longrightarrow> P (list @ [a::'a])\<rbrakk> \<Longrightarrow>
-P ((list::'a list))"
-apply(case_tac "length list", simp)
 proof -
-fix nat
+have "{\<lambda>nl. nl = args @ 0 \<up> 2 @ anything} addition n (length args) (Suc (length args))
-assume ind: "\<And>a list. P list \<Longrightarrow> P (list @ [a])"
+{\<lambda>nl. addition_inv (7, nl) n (length args) (Suc (length args)) (args @ 0 \<up> 2 @ anything)}"
-and h: "length list = Suc nat" "P []"
+using assms
-from h show "P list"
+by(rule_tac addition_correct, auto simp: numeral_2_eq_2 nth_append)
-proof(induct nat arbitrary: list, case_tac lista, simp, simp)
+thus "?thesis"
-fix lista a listaa
+using assms
-from h show "P [a]"
+by(simp add: addition_inv.simps rec_exec.simps
-by(insert ind[of "[]"], simp add: h)
+nth_append numeral_2_eq_2 list_update_append)
-next
+qed
-fix nat list
-assume nind: "\<And>list. \<lbrakk>length list = Suc nat; P []\<rbrakk> \<Longrightarrow> P list"
+lemma compile_id_correct:
-and g: "length (list:: 'a list) = Suc (Suc nat)"
+"\<lbrakk>n < m; length xs = m; rec_ci (recf.id m n) = (ap, arity, fp); rec_exec (recf.id m n) xs = r\<rbrakk>
-from g show "P (list::'a list)"
+\<Longrightarrow> {\<lambda>nl. nl = xs @ 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ r # 0 \<up> (fp - Suc arity) @ anything}"
-apply(insert nind[of "butlast list"], simp add: h)
+apply(auto simp: rec_ci.simps rec_ci_id.simps compile_id_correct')
-apply(insert ind[of "butlast list" "last list"], simp)
-apply(subgoal_tac "butlast list @ [last list] = list", simp)
-apply(case_tac "list::'a list", simp, simp)
-done
-qed
-qed
-lemma nth_eq_butlast_nth: "\<lbrakk>length ys > Suc k\<rbrakk> \<Longrightarrow>
-ys ! k = butlast ys ! k"
-apply(subgoal_tac "\<exists> xs y. ys = xs @ [y]", auto simp: nth_append)
-apply(rule_tac x = "butlast ys" in exI, rule_tac x = "last ys" in exI)
-apply(case_tac "ys = []", simp, simp)
-done
-lemma [simp]:
-"\<lbrakk>\<forall>k<Suc (length list). rec_calc_rel ((list @ [a]) ! k) lm (ys ! k);
-length ys = Suc (length list)\<rbrakk>
-\<Longrightarrow> \<forall>k<length list. rec_calc_rel (list ! k) lm (butlast ys ! k)"
-apply(rule allI, rule impI)
-apply(erule_tac  x = k in allE, simp add: nth_append)
-apply(subgoal_tac "ys ! k = butlast ys ! k", simp)
-apply(rule_tac nth_eq_butlast_nth, arith)
 done
 lemma cn_merge_gs_tl_app:
 "cn_merge_gs (gs @ [g]) pstr =
 cn_merge_gs gs pstr [+] cn_merge_gs [g] (pstr + length gs)"
-apply(induct gs arbitrary: pstr, simp add: cn_merge_gs.simps, simp)
+apply(induct gs arbitrary: pstr, simp add: cn_merge_gs.simps, auto)
-apply(case_tac a, simp add: abc_append_commute)
+apply(simp add: abc_comp_commute)
 done
-lemma cn_merge_gs_length:
+lemma footprint_ge:
-"length (cn_merge_gs (map rec_ci list) pstr) =
+"rec_ci a = (p, arity, fp) \<Longrightarrow> arity < fp"
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci list. length ap) + 3 * length list "
+apply(induct a)
-apply(induct list arbitrary: pstr, simp, simp)
+apply(auto simp: rec_ci.simps)
 apply(case_tac "rec_ci a", simp)
-done
+apply(case_tac "rec_ci a1", case_tac "rec_ci a2", auto)
+apply(case_tac "rec_ci a", auto)
-lemma [simp]: "Suc n \<le> pstr \<Longrightarrow> pstr + x - n > 0"
+done
-by arith
+lemma param_pattern:
+"\<lbrakk>terminate f xs; rec_ci f = (p, arity, fp)\<rbrakk> \<Longrightarrow> length xs = arity"
+apply(induct arbitrary: p arity fp rule: terminate.induct)
+apply(auto simp: rec_ci.simps)
+apply(case_tac "rec_ci f", simp)
+apply(case_tac "rec_ci f", case_tac "rec_ci g", simp)
+apply(case_tac "rec_ci f", case_tac "rec_ci gs", simp)
+done
+lemma replicate_merge_anywhere:
+"x\<up>a @ x\<up>b @ ys = x\<up>(a+b) @ ys"
+by(simp add:replicate_add)
+fun mv_box_inv :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat list \<Rightarrow> bool"
+where
+"mv_box_inv (as, lm) m n initlm =
+(let plus = initlm ! m + initlm ! n in
+length initlm > max m n \<and> m \<noteq> n \<and>
+(if as = 0 then \<exists> k l. lm = initlm[m := k, n := l] \<and>
+k + l = plus \<and> k \<le> initlm ! m
+else if as = 1 then \<exists> k l. lm = initlm[m := k, n := l]
+\<and> k + l + 1 = plus \<and> k < initlm ! m
+else if as = 2 then \<exists> k l. lm = initlm[m := k, n := l]
+\<and> k + l = plus \<and> k \<le> initlm ! m
+else if as = 3 then lm = initlm[m := 0, n := plus]
+else False))"
+fun mv_box_stage1 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
+where
+"mv_box_stage1 (as, lm) m  =
+(if as = 3 then 0
+else 1)"
+fun mv_box_stage2 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
+where
+"mv_box_stage2 (as, lm) m = (lm ! m)"
+fun mv_box_stage3 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat"
+where
+"mv_box_stage3 (as, lm) m = (if as = 1 then 3
+else if as = 2 then 2
+else if as = 0 then 1
+else 0)"
+fun mv_box_measure :: "((nat \<times> nat list) \<times> nat) \<Rightarrow> (nat \<times> nat \<times> nat)"
+where
+"mv_box_measure ((as, lm), m) =
+(mv_box_stage1 (as, lm) m, mv_box_stage2 (as, lm) m,
+mv_box_stage3 (as, lm) m)"
+definition lex_pair :: "((nat \<times> nat) \<times> nat \<times> nat) set"
+where
+"lex_pair = less_than <*lex*> less_than"
+definition lex_triple ::
+"((nat \<times> (nat \<times> nat)) \<times> (nat \<times> (nat \<times> nat))) set"
+where
+"lex_triple \<equiv> less_than <*lex*> lex_pair"
+definition mv_box_LE ::
+"(((nat \<times> nat list) \<times> nat) \<times> ((nat \<times> nat list) \<times> nat)) set"
+where
+"mv_box_LE \<equiv> (inv_image lex_triple mv_box_measure)"
+lemma wf_lex_triple: "wf lex_triple"
+by (auto intro:wf_lex_prod simp:lex_triple_def lex_pair_def)
+lemma wf_mv_box_le[intro]: "wf mv_box_LE"
+by(auto intro:wf_inv_image wf_lex_triple simp: mv_box_LE_def)
+declare mv_box_inv.simps[simp del]
+lemma mv_box_inv_init:
+"\<lbrakk>m < length initlm; n < length initlm; m \<noteq> n\<rbrakk> \<Longrightarrow>
+mv_box_inv (0, initlm) m n initlm"
+apply(simp add: abc_steps_l.simps mv_box_inv.simps)
+apply(rule_tac x = "initlm ! m" in exI,
+rule_tac x = "initlm ! n" in exI, simp)
+done
+lemma [simp]: "abc_fetch 0 (mv_box m n) = Some (Dec m 3)"
+apply(simp add: mv_box.simps abc_fetch.simps)
+done
+lemma [simp]: "abc_fetch (Suc 0) (mv_box m n) =
+Some (Inc n)"
+apply(simp add: mv_box.simps abc_fetch.simps)
+done
+lemma [simp]: "abc_fetch 2 (mv_box m n) = Some (Goto 0)"
+apply(simp add: mv_box.simps abc_fetch.simps)
+done
+lemma [simp]: "abc_fetch 3 (mv_box m n) = None"
+apply(simp add: mv_box.simps abc_fetch.simps)
+done
+lemma replicate_Suc_iff_anywhere: "x # x\<up>b @ ys = x\<up>(Suc b) @ ys"
+by simp
+lemma [simp]:
+"\<lbrakk>m \<noteq> n; m < length initlm; n < length initlm;
+k + l = initlm ! m + initlm ! n; k \<le> initlm ! m; 0 < k\<rbrakk>
+\<Longrightarrow> \<exists>ka la. initlm[m := k, n := l, m := k - Suc 0] =
+initlm[m := ka, n := la] \<and>
+Suc (ka + la) = initlm ! m + initlm ! n \<and>
+ka < initlm ! m"
+apply(rule_tac x = "k - Suc 0" in exI, rule_tac x = l in exI,
+simp, auto)
+apply(subgoal_tac
+"initlm[m := k, n := l, m := k - Suc 0] =
+initlm[n := l, m := k, m := k - Suc 0]")
+apply(simp add: list_update_overwrite )
+apply(simp add: list_update_swap)
+apply(simp add: list_update_swap)
+done
 lemma [simp]:
-"\<lbrakk>Suc (pstr + length list) \<le> a_md;
+"\<lbrakk>m \<noteq> n; m < length initlm; n < length initlm;
-length ys = Suc (length list);
+Suc (k + l) = initlm ! m + initlm ! n;
-length lm = n;
+k < initlm ! m\<rbrakk>
-Suc n \<le> pstr\<rbrakk>
+\<Longrightarrow> \<exists>ka la. initlm[m := k, n := l, n := Suc l] =
-\<Longrightarrow>  (ys ! length list # 0\<up>(pstr - Suc n) @ butlast ys @
+initlm[m := ka, n := la] \<and>
-0\<up>(a_md - (pstr + length list)) @ suf_lm) !
+ka + la = initlm ! m + initlm ! n \<and>
-(pstr + length list - n) = (0 :: nat)"
+ka \<le> initlm ! m"
-apply(insert nth_append[of "ys ! length list # 0\<up>(pstr - Suc n) @
+apply(rule_tac x = k in exI, rule_tac x = "Suc l" in exI, auto)
-butlast ys" "0\<up>(a_md - (pstr + length list)) @ suf_lm"
+done
-"(pstr + length list - n)"], simp add: nth_append)
-done
+lemma [simp]:
+"\<lbrakk>length initlm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
+\<forall>na. \<not> (\<lambda>(as, lm) m. as = 3)
+(abc_steps_l (0, initlm) (mv_box m n) na) m \<and>
+mv_box_inv (abc_steps_l (0, initlm)
+(mv_box m n) na) m n initlm \<longrightarrow>
+mv_box_inv (abc_steps_l (0, initlm)
+(mv_box m n) (Suc na)) m n initlm \<and>
+((abc_steps_l (0, initlm) (mv_box m n) (Suc na), m),
+abc_steps_l (0, initlm) (mv_box m n) na, m) \<in> mv_box_LE"
+apply(rule allI, rule impI, simp add: abc_step_red2)
+apply(case_tac "(abc_steps_l (0, initlm) (mv_box m n) na)",
+simp)
+apply(auto split:if_splits simp add:abc_steps_l.simps mv_box_inv.simps)
+apply(auto simp add: mv_box_LE_def lex_triple_def lex_pair_def
+abc_step_l.simps abc_steps_l.simps
+mv_box_inv.simps abc_lm_v.simps abc_lm_s.simps
+split: if_splits )
+apply(rule_tac x = k in exI, rule_tac x = "Suc l" in exI, simp)
+done
+lemma mv_box_inv_halt:
+"\<lbrakk>length initlm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
+\<exists> stp. (\<lambda> (as, lm). as = 3 \<and>
+mv_box_inv (as, lm) m n initlm)
+(abc_steps_l (0::nat, initlm) (mv_box m n) stp)"
+apply(insert halt_lemma2[of mv_box_LE
+"\<lambda> ((as, lm), m). mv_box_inv (as, lm) m n initlm"
+"\<lambda> stp. (abc_steps_l (0, initlm) (mv_box m n) stp, m)"
+"\<lambda> ((as, lm), m). as = (3::nat)"
+])
+apply(insert wf_mv_box_le)
+apply(simp add: mv_box_inv_init abc_steps_zero)
+apply(erule_tac exE)
+apply(rule_tac x = na in exI)
+apply(case_tac "(abc_steps_l (0, initlm) (mv_box m n) na)",
+simp, auto)
+done
+lemma mv_box_halt_cond:
+"\<lbrakk>m \<noteq> n; mv_box_inv (a, b) m n lm; a = 3\<rbrakk> \<Longrightarrow>
+b = lm[n := lm ! m + lm ! n, m := 0]"
+apply(simp add: mv_box_inv.simps, auto)
+apply(simp add: list_update_swap)
+done
+lemma mv_box_correct':
+"\<lbrakk>length lm > max m n; m \<noteq> n\<rbrakk> \<Longrightarrow>
+\<exists> stp. abc_steps_l (0::nat, lm) (mv_box m n) stp
+= (3, (lm[n := (lm ! m + lm ! n)])[m := 0::nat])"
+apply(drule mv_box_inv_halt, simp, erule_tac exE)
+apply(rule_tac x = stp in exI)
+apply(case_tac "abc_steps_l (0, lm) (mv_box m n) stp",
+simp)
+apply(erule_tac mv_box_halt_cond, auto)
+done
+lemma length_mvbox[simp]: "length (mv_box m n) = 3"
+by(simp add: mv_box.simps)
+lemma mv_box_correct:
+"\<lbrakk>length lm > max m n; m\<noteq>n\<rbrakk>
+\<Longrightarrow> {\<lambda> nl. nl = lm} mv_box m n {\<lambda> nl. nl = lm[n := (lm ! m + lm ! n), m:=0]}"
+apply(drule_tac mv_box_correct', simp)
+apply(auto simp: abc_Hoare_halt_def)
+apply(rule_tac x = stp in exI, simp)
+done
+declare list_update.simps(2)[simp del]
 lemma [simp]:
-"\<lbrakk>Suc (pstr + length list) \<le> a_md;
+"\<lbrakk>length xs < gf; gf \<le> ft; n < length gs\<rbrakk>
-length ys = Suc (length list);
+\<Longrightarrow> (rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything)
-length lm = n;
+[ft + n - length xs := rec_exec (gs ! n) xs, 0 := 0] =
-Suc n \<le> pstr\<rbrakk>
+0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything"
-\<Longrightarrow> (lm @ last ys # 0\<up>(pstr - Suc n) @ butlast ys @
+using list_update_append[of "rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs) (take n gs)"
-0\<up>(a_md - (pstr + length list)) @ suf_lm)[pstr + length list :=
+"0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything" "ft + n - length xs" "rec_exec (gs ! n) xs"]
-last ys, n := 0] =
+apply(auto)
-lm @ (0::nat)\<up>(pstr - n) @ ys @ 0\<up>(a_md - Suc (pstr + length list)) @ suf_lm"
+apply(case_tac "length gs - n", simp, simp add: list_update.simps replicate_Suc_iff_anywhere Suc_diff_Suc del: replicate_Suc)
-apply(insert list_update_length[of
+apply(simp add: list_update.simps)
-"lm @ last ys # 0\<up>(pstr - Suc n) @ butlast ys" 0
+done
-"0\<up>(a_md - Suc (pstr + length list)) @ suf_lm" "last ys"], simp)
-apply(simp add: exponent_cons_iff)
+lemma compile_cn_gs_correct':
-apply(insert list_update_length[of "lm"
+assumes
-"last ys" "0\<up>(pstr - Suc n) @ butlast ys @
+g_cond: "\<forall>g\<in>set (take n gs). terminate g xs \<and>
-last ys # 0\<up>(a_md - Suc (pstr + length list)) @ suf_lm" 0], simp)
+(\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow> (\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc}))"
-apply(simp add: exponent_cons_iff)
+and ft: "ft = max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
-apply(case_tac "ys = []", simp_all add: append_butlast_last_id)
+shows
-done
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything}
+cn_merge_gs (map rec_ci (take n gs)) ft
-lemma cn_merge_gs_ex:
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @
-"\<lbrakk>\<And>x aprog a_md rs_pos rs suf_lm lm.
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0\<up>(length gs - n) @ 0 \<up> Suc (length xs) @ anything}"
-\<lbrakk>x \<in> set gs; rec_ci x = (aprog, rs_pos, a_md);
+using g_cond
-rec_calc_rel x lm rs\<rbrakk>
+proof(induct n)
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
+case 0
-= (length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm);
+have "ft > length xs"
-pstr + length gs\<le> a_md;
+using ft
-\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k);
+by simp
-length ys = length gs; length lm = n;
+thus "?case"
-pstr \<ge> Max (set (Suc n # map (\<lambda>(aprog, p, n). n) (map rec_ci gs)))\<rbrakk>
+apply(rule_tac abc_Hoare_haltI)
-\<Longrightarrow> \<exists> stp. abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suf_lm)
+apply(rule_tac x = 0 in exI, simp add: abc_steps_l.simps replicate_add[THEN sym]
-(cn_merge_gs (map rec_ci gs) pstr) stp
+replicate_Suc[THEN sym] del: replicate_Suc)
-= (listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) gs) +
-3 * length gs, lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - (pstr + length gs)) @ suf_lm)"
-apply(induct gs arbitrary: ys rule: list_tl_induct)
-apply(simp add: exponent_add_iff, simp)
-proof -
-fix a list ys
-assume ind: "\<And>x aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>x = a \<or> x \<in> set list; rec_ci x = (aprog, rs_pos, a_md);
-rec_calc_rel x lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-and ind2:
-"\<And>ys. \<lbrakk>\<And>x aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>x \<in> set list; rec_ci x = (aprog, rs_pos, a_md);
-rec_calc_rel x lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ rs # 0\<up>(a_md - Suc rs_pos) @ suf_lm);
-\<forall>k<length list. rec_calc_rel (list ! k) lm (ys ! k);
-length ys = length list\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suf_lm)
-(cn_merge_gs (map rec_ci list) pstr) stp =
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) list) +
-3 * length list,
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - (pstr + length list)) @ suf_lm)"
-and h: "Suc (pstr + length list) \<le> a_md"
-"\<forall>k<Suc (length list).
-rec_calc_rel ((list @ [a]) ! k) lm (ys ! k)"
-"length ys = Suc (length list)"
-"length lm = n"
-"Suc n \<le> pstr \<and> (\<lambda>(aprog, p, n). n) (rec_ci a) \<le> pstr \<and>
-(\<forall>a\<in>set list. (\<lambda>(aprog, p, n). n) (rec_ci a) \<le> pstr)"
-from h have k1:
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suf_lm)
-(cn_merge_gs (map rec_ci list) pstr) stp =
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) list) +
-3 * length list, lm @ 0\<up>(pstr - n) @ butlast ys @
-0\<up>(a_md - (pstr + length list)) @ suf_lm) "
-apply(rule_tac ind2)
-apply(rule_tac ind, auto)
 done
-from k1 and h show
+next
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suf_lm)
+case (Suc n)
-(cn_merge_gs (map rec_ci list @ [rec_ci a]) pstr) stp =
+have ind': "\<forall>g\<in>set (take n gs).
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) list) +
+terminate g xs \<and> (\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow>
-(\<lambda>(ap, pos, n). length ap) (rec_ci a) + (3 + 3 * length list),
+(\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc})) \<Longrightarrow>
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - Suc (pstr + length list)) @ suf_lm)"
+{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything} cn_merge_gs (map rec_ci (take n gs)) ft
-apply(simp add: cn_merge_gs_tl_app)
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything}"
-apply(rule_tac as =
+by fact
-"(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci list. length ap) + 3 * length list"
+have g_newcond: "\<forall>g\<in>set (take (Suc n) gs).
-and bm = "lm @ 0\<up>(pstr - n) @ butlast ys @
+terminate g xs \<and> (\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow> (\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc}))"
-0\<up>(a_md - (pstr + length list)) @ suf_lm"
+by fact
-and bs = "(\<lambda>(ap, pos, n). length ap) (rec_ci a) + 3"
+from g_newcond have ind:
-and bm' = "lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - Suc (pstr + length list)) @
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything} cn_merge_gs (map rec_ci (take n gs)) ft
-suf_lm" in abc_append_exc2, simp)
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything}"
-apply(simp add: cn_merge_gs_length)
+apply(rule_tac ind', rule_tac ballI, erule_tac x = g in ballE, simp_all add: take_Suc)
-proof -
+by(case_tac "n < length gs", simp add:take_Suc_conv_app_nth, simp)
-from h show
+show "?case"
-"\<exists>bstp. abc_steps_l (0, lm @ 0\<up>(pstr - n) @ butlast ys @
+proof(cases "n < length gs")
-0\<up>(a_md - (pstr + length list)) @ suf_lm)
+case True
-((\<lambda>(gprog, gpara, gn). gprog [+] mv_box gpara
+have h: "n < length gs" by fact
-(pstr + length list)) (rec_ci a)) bstp =
+thus "?thesis"
-((\<lambda>(ap, pos, n). length ap) (rec_ci a) + 3,
+proof(simp add: take_Suc_conv_app_nth cn_merge_gs_tl_app)
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - Suc (pstr + length list)) @ suf_lm)"
+obtain gp ga gf where a: "rec_ci (gs!n) = (gp, ga, gf)"
-apply(case_tac "rec_ci a", simp)
+by (metis prod_cases3)
-apply(rule_tac as = "length aa" and
+moreover have "min (length gs) n = n"
-bm = "lm @ (ys ! (length list)) #
+using h by simp
-0\<up>(pstr - Suc n) @ butlast ys @ 0\<up>(a_md - (pstr + length list)) @ suf_lm"
+moreover have
-and bs = "3" and bm' = "lm @ 0\<up>(pstr - n) @ ys @
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything}
-0\<up>(a_md - Suc (pstr + length list)) @ suf_lm" in abc_append_exc2)
+cn_merge_gs (map rec_ci (take n gs)) ft [+] (gp [+] mv_box ga (ft + n))
-proof -
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @
-fix aa b c
+rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything}"
-assume g: "rec_ci a = (aa, b, c)"
+proof(rule_tac abc_Hoare_plus_halt)
-from h and g have k2: "b = n"
+show "{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything} cn_merge_gs (map rec_ci (take n gs)) ft
-	apply(erule_tac x = "length list" in allE, simp)
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything}"
-	apply(subgoal_tac "length lm = b", simp)
+using ind by simp
-	apply(rule para_pattern, simp, simp)
+next
-	done
+have x: "gs!n \<in> set (take (Suc n) gs)"
-from h and g and this show
+using h
-"\<exists>astp. abc_steps_l (0, lm @ 0\<up>(pstr - n) @ butlast ys @
+by(simp add: take_Suc_conv_app_nth)
-0\<up>(a_md - (pstr + length list)) @ suf_lm) aa astp =
+have b: "terminate (gs!n) xs"
-(length aa, lm @ ys ! length list # 0\<up>(pstr - Suc n) @
+using a g_newcond h x
-butlast ys @ 0\<up>(a_md - (pstr + length list)) @ suf_lm)"
+by(erule_tac x = "gs!n" in ballE, simp_all)
-	apply(subgoal_tac "c \<ge> Suc n")
+hence c: "length xs = ga"
-	apply(insert ind[of a aa b c lm "ys ! length list"
+using a param_pattern by metis
-"0\<up>(pstr - c) @ butlast ys @ 0\<up>(a_md - (pstr + length list)) @ suf_lm"], simp)
+have d: "gf > ga" using footprint_ge a by simp
-	apply(erule_tac x = "length list" in allE,
+have e: "ft \<ge> gf" using ft a h
-simp add: exponent_add_iff)
+by(simp,  rule_tac min_max.le_supI2, rule_tac Max_ge, simp,
-	apply(rule_tac Suc_leI, rule_tac ci_ad_ge_paras, simp)
+rule_tac insertI2,
-	done
+rule_tac f = "(\<lambda>(aprog, p, n). n)" and x = "rec_ci (gs!n)" in image_eqI, simp,
-next
+rule_tac x = "gs!n" in image_eqI, simp, simp)
-fix aa b c
+show "{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @
-show "length aa = length aa" by simp
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything} gp [+] mv_box ga (ft + n)
-next
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs)
-fix aa b c
+(take n gs) @ rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything}"
-assume "rec_ci a = (aa, b, c)"
+proof(rule_tac abc_Hoare_plus_halt)
-from h and this show
+show "{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything} gp
-"\<exists>bstp. abc_steps_l (0, lm @ ys ! length list #
+{\<lambda>nl. nl = xs @ (rec_exec (gs!n) xs) # 0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs)
-0\<up>(pstr - Suc n) @ butlast ys @ 0\<up>(a_md - (pstr + length list)) @ suf_lm)
+(take n gs) @  0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything}"
-(mv_box b (pstr + length list)) bstp =
+proof -
-(3, lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - Suc (pstr + length list)) @ suf_lm)"
+have
-	apply(insert mv_box_ex [of b "pstr + length list"
+"({\<lambda>nl. nl = xs @ 0 \<up> (gf - ga) @ 0\<up>(ft - gf)@map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything}
-"lm @ ys ! length list # 0\<up>(pstr - Suc n) @ butlast ys @
+gp {\<lambda>nl. nl = xs @ (rec_exec (gs!n) xs) # 0 \<up> (gf - Suc ga) @
-0\<up>(a_md - (pstr + length list)) @ suf_lm"], simp)
+0\<up>(ft - gf)@map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 \<up> Suc (length xs) @ anything})"
-apply(subgoal_tac "b = n")
+using a g_newcond h x
-	apply(simp add: nth_append split: if_splits)
+apply(erule_tac x = "gs!n" in ballE)
-	apply(erule_tac x = "length list" in allE, simp)
+apply(simp, simp)
-apply(drule para_pattern, simp, simp)
+done
-	done
+thus "?thesis"
-next
+using a b c d e
-fix aa b c
+by(simp add: replicate_merge_anywhere)
-show "3 = length (mv_box b (pstr + length list))"
+qed
+next
+show
+"{\<lambda>nl. nl = xs @ rec_exec (gs ! n) xs #
+0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything}
+mv_box ga (ft + n)
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @
+rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything}"
+proof -
+have "{\<lambda>nl. nl = xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything}
+mv_box ga (ft + n) {\<lambda>nl. nl = (xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything)
+[ft + n := (xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs) (take n gs) @
+0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything) ! ga +
+(xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything) !
+(ft + n),  ga := 0]}"
+using a c d e h
+apply(rule_tac mv_box_correct)
+apply(simp, arith, arith)
+done
+moreover have "(xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything)
+[ft + n := (xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @ map (\<lambda>i. rec_exec i xs) (take n gs) @
+0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything) ! ga +
+(xs @ rec_exec (gs ! n) xs # 0 \<up> (ft - Suc (length xs)) @
+map (\<lambda>i. rec_exec i xs) (take n gs) @ 0 \<up> (length gs - n) @ 0 # 0 \<up> length xs @ anything) !
+(ft + n),  ga := 0]=
+xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything"
+using a c d e h
+by(simp add: list_update_append nth_append length_replicate split: if_splits del: list_update.simps(2), auto)
+ultimately show "?thesis"
+by(simp)
+qed
+qed
+qed
+ultimately show
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything}
+cn_merge_gs (map rec_ci (take n gs)) ft [+] (case rec_ci (gs ! n) of (gprog, gpara, gn) \<Rightarrow>
+gprog [+] mv_box gpara (ft + min (length gs) n))
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) (take n gs) @ rec_exec (gs ! n) xs # 0 \<up> (length gs - Suc n) @ 0 # 0 \<up> length xs @ anything}"
 by simp
-next
-fix aa b aaa ba
-show "length aa + 3 = length aa + 3" by simp
-next
-fix aa b c
-show "mv_box b (pstr + length list) \<noteq> []"
-by(simp add: mv_box.simps)
 qed
 next
-show "(\<lambda>(ap, pos, n). length ap) (rec_ci a) + 3 =
+case False
-length ((\<lambda>(gprog, gpara, gn). gprog [+]
+have h: "\<not> n < length gs" by fact
-mv_box gpara (pstr + length list)) (rec_ci a))"
+hence ind':
-by(case_tac "rec_ci a", simp)
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything} cn_merge_gs (map rec_ci gs) ft
-next
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @ map (\<lambda>i. rec_exec i xs) gs @ 0 \<up> Suc (length xs) @ anything}"
-show "listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) list) +
+using ind
-(\<lambda>(ap, pos, n). length ap) (rec_ci a) + (3 + 3 * length list)=
+by simp
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci list. length ap) + 3 * length list +
+thus "?thesis"
-((\<lambda>(ap, pos, n). length ap) (rec_ci a) + 3)" by simp
+using h
-next
+by(simp)
-show "(\<lambda>(gprog, gpara, gn). gprog [+]
-mv_box gpara (pstr + length list)) (rec_ci a) \<noteq> []"
-by(case_tac "rec_ci a",
-simp add: abc_append.simps abc_shift.simps)
 qed
 qed
-lemma [simp]: "length (mv_boxes aa ba n) = 3*n"
+lemma compile_cn_gs_correct:
+assumes
+g_cond: "\<forall>g\<in>set gs. terminate g xs \<and>
+(\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow> (\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc}))"
+and ft: "ft = max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+shows
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft + length gs) @ anything}
+cn_merge_gs (map rec_ci gs) ft
+{\<lambda>nl. nl = xs @ 0 \<up> (ft - length xs) @
+map (\<lambda>i. rec_exec i xs) gs @ 0 \<up> Suc (length xs) @ anything}"
+using assms
+using compile_cn_gs_correct'[of "length gs" gs xs ft ffp anything ]
+apply(auto)
+done
+lemma length_mvboxes[simp]: "length (mv_boxes aa ba n) = 3*n"
 by(induct n, auto simp: mv_boxes.simps)
 lemma exp_suc: "a\<up>Suc b = a\<up>b @ [a]"
 by(simp add: exp_ind del: replicate.simps)
 [ba + n := last lm2, aa + n := 0] =
 lm1 @ 0 # 0\<up>n @ lm3 @ lm2 @ lm4"
 using list_update_append[of "lm1 @ 0\<up>n @ last lm2 # lm3 @ butlast lm2" "0 # lm4"
 "ba + n" "last lm2"]
 apply(simp)
-apply(simp add: list_update_append)
+apply(simp add: list_update_append list_update.simps replicate_Suc_iff_anywhere exp_suc
-apply(simp only: exponent_cons_iff exp_suc, simp)
+del: replicate_Suc)
 apply(case_tac lm2, simp, simp)
 done
-lemma mv_boxes_ex:
+lemma [simp]:
-"\<lbrakk>n \<le> ba - aa; ba > aa; length lm1 = aa;
+"\<lbrakk>Suc (length lm1 + n) \<le> ba; length lm2 = Suc n; length lm3 = ba - Suc (length lm1 + n);
-length (lm2::nat list) = n; length lm3 = ba - aa - n\<rbrakk>
+\<not> ba - Suc (length lm1) < ba - Suc (length lm1 + n); \<not> ba + n - length lm1 < n\<rbrakk>
-\<Longrightarrow> \<exists> stp. abc_steps_l (0, lm1 @ lm2 @ lm3 @ 0\<up>n @ lm4)
+\<Longrightarrow> (0::nat) \<up> n @ (last lm2 # lm3 @ butlast lm2 @ 0 # lm4)[ba - length lm1 := last lm2, 0 := 0] =
-(mv_boxes aa ba n) stp = (3 * n, lm1 @ 0\<up>n @ lm3 @ lm2 @ lm4)"
+0 # 0 \<up> n @ lm3 @ lm2 @ lm4"
-apply(induct n arbitrary: lm2 lm3 lm4, simp)
+apply(subgoal_tac "ba - length lm1 = Suc n + length lm3", simp add: list_update.simps list_update_append)
-apply(rule_tac x = 0 in exI, simp add: abc_steps_zero,
+apply(simp add: replicate_Suc_iff_anywhere exp_suc del: replicate_Suc)
-simp add: mv_boxes.simps del: exp_suc_iff)
+apply(case_tac lm2, simp, simp)
-apply(rule_tac as = "3 *n" and bm = "lm1 @ 0\<up>n @ last lm2 # lm3 @
+apply(auto)
-butlast lm2 @ 0 # lm4" in abc_append_exc2, simp_all)
+done
-apply(simp only: exponent_cons_iff, simp only: exp_suc, simp)
-proof -
+lemma mv_boxes_correct:
-fix n lm2 lm3 lm4
+"\<lbrakk>aa + n \<le> ba; ba > aa; length lm1 = aa; length lm2 = n; length lm3 = ba - aa - n\<rbrakk>
-assume ind:
+\<Longrightarrow> {\<lambda> nl. nl = lm1 @ lm2 @ lm3 @ 0\<up>n @ lm4} (mv_boxes aa ba n)
-"\<And>lm2 lm3 lm4. \<lbrakk>length lm2 = n; length lm3 = ba - (aa + n)\<rbrakk> \<Longrightarrow>
+{\<lambda> nl. nl = lm1 @ 0\<up>n @ lm3 @ lm2 @ lm4}"
-\<exists>stp. abc_steps_l (0, lm1 @ lm2 @ lm3 @ 0\<up>n @ lm4)
+proof(induct n arbitrary: lm2 lm3 lm4)
-(mv_boxes aa ba n) stp = (3 * n, lm1 @ 0\<up>n @ lm3 @ lm2 @ lm4)"
+case 0
-and h: "Suc n \<le> ba - aa" "aa < ba" "length (lm1::nat list) = aa"
+thus "?case"
-"length (lm2::nat list) = Suc n"
+by(simp add: mv_boxes.simps abc_Hoare_halt_def, rule_tac  x = 0 in exI, simp add: abc_steps_l.simps)
-"length (lm3::nat list) = ba - Suc (aa + n)"
-from h show
-"\<exists>astp. abc_steps_l (0, lm1 @ lm2 @ lm3 @ 0\<up>n @ 0 # lm4)
-(mv_boxes aa ba n) astp =
-(3 * n, lm1 @ 0\<up>n @ last lm2 # lm3 @ butlast lm2 @ 0 # lm4)"
-apply(insert ind[of "butlast lm2" "last lm2 # lm3" "0 # lm4"],
-simp)
-apply(subgoal_tac "lm1 @ butlast lm2 @ last lm2 # lm3 @ 0\<up>n @
-0 # lm4 = lm1 @ lm2 @ lm3 @ 0\<up>n @ 0 # lm4", simp, simp)
-apply(case_tac "lm2 = []", simp, simp)
-done
 next
-fix n lm2 lm3 lm4
+case (Suc n)
-assume h: "Suc n \<le> ba - aa"
+have ind:
-"aa < ba"
+"\<And>lm2 lm3 lm4.
-"length (lm1::nat list) = aa"
+\<lbrakk>aa + n \<le> ba; aa < ba; length lm1 = aa; length lm2 = n; length lm3 = ba - aa - n\<rbrakk>
-"length (lm2::nat list) = Suc n"
+\<Longrightarrow> {\<lambda>nl. nl = lm1 @ lm2 @ lm3 @ 0 \<up> n @ lm4} mv_boxes aa ba n {\<lambda>nl. nl = lm1 @ 0 \<up> n @ lm3 @ lm2 @ lm4}"
-"length (lm3::nat list) = ba - Suc (aa + n)"
+by fact
-thus " \<exists>bstp. abc_steps_l (0, lm1 @ 0\<up>n @ last lm2 # lm3 @
+have h1: "aa + Suc n \<le> ba"  by fact
-butlast lm2 @ 0 # lm4)
+have h2: "aa < ba" by fact
-(mv_box (aa + n) (ba + n)) bstp
+have h3: "length lm1 = aa" by fact
-= (3, lm1 @ 0 # 0\<up>n @ lm3 @ lm2 @ lm4)"
+have h4: "length lm2 = Suc n" by fact
-apply(insert mv_box_ex[of "aa + n" "ba + n"
+have h5: "length lm3 = ba - aa - Suc n" by fact
-"lm1 @ 0\<up>n @ last lm2 # lm3 @ butlast lm2 @ 0 # lm4"], simp)
+have "{\<lambda>nl. nl = lm1 @ lm2 @ lm3 @ 0 \<up> Suc n @ lm4} mv_boxes aa ba n [+] mv_box (aa + n) (ba + n)
-done
+{\<lambda>nl. nl = lm1 @ 0 \<up> Suc n @ lm3 @ lm2 @ lm4}"
-qed
+proof(rule_tac abc_Hoare_plus_halt)
+have "{\<lambda>nl. nl = lm1 @ butlast lm2 @ (last lm2 # lm3) @ 0 \<up> n @ (0 # lm4)} mv_boxes aa ba n
-lemma [simp]: "\<lbrakk>Suc n \<le> aa - ba; ba < aa; length lm1 = ba;
+{\<lambda> nl. nl = lm1 @ 0\<up>n @ (last lm2 # lm3) @ butlast lm2 @ (0 # lm4)}"
-length lm2 = aa - Suc (ba + n); length lm3 = Suc n\<rbrakk>
+using h1 h2 h3 h4 h5
-\<Longrightarrow> (lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n @ last lm3 # lm4) ! (aa + n) = last lm3"
+by(rule_tac ind, simp_all)
-using nth_append[of "lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n" "last lm3 # lm4" "aa + n"]
+moreover have " lm1 @ butlast lm2 @ (last lm2 # lm3) @ 0 \<up> n @ (0 # lm4)
-apply(simp)
+= lm1 @ lm2 @ lm3 @ 0 \<up> Suc n @ lm4"
-done
+using h4
+by(simp add: replicate_Suc[THEN sym] exp_suc del: replicate_Suc,
-lemma [simp]: "\<lbrakk>Suc n \<le> aa - ba; ba < aa; length lm1 = ba;
+case_tac lm2, simp_all)
-length lm2 = aa - Suc (ba + n); length lm3 = Suc n\<rbrakk>
+ultimately show "{\<lambda>nl. nl = lm1 @ lm2 @ lm3 @ 0 \<up> Suc n @ lm4} mv_boxes aa ba n
-\<Longrightarrow> (lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n @ last lm3 # lm4) ! (ba + n) = 0"
+{\<lambda> nl. nl = lm1 @ 0\<up>n @ last lm2 # lm3 @ butlast lm2 @ 0 # lm4}"
-apply(simp add: nth_append)
+by (metis append_Cons)
-done
+next
+let ?lm = "lm1 @ 0 \<up> n @ last lm2 # lm3 @ butlast lm2 @ 0 # lm4"
-lemma [simp]: "\<lbrakk>Suc n \<le> aa - ba; ba < aa; length lm1 = ba;
+have "{\<lambda>nl. nl = ?lm} mv_box (aa + n) (ba + n)
-length lm2 = aa - Suc (ba + n); length lm3 = Suc n\<rbrakk>
+{\<lambda> nl. nl = ?lm[(ba + n) := ?lm!(aa+n) + ?lm!(ba+n), (aa+n):=0]}"
-\<Longrightarrow> (lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n @ last lm3 # lm4)[ba + n := last lm3, aa + n := 0]
+using h1 h2 h3 h4  h5
-= lm1 @ lm3 @ lm2 @ 0 # 0\<up>n @ lm4"
+by(rule_tac mv_box_correct, simp_all)
-using list_update_append[of "lm1 @ butlast lm3" "(0\<Colon>'a) # lm2 @ (0\<Colon>'a)\<up>n @ last lm3 # lm4"]
+moreover have "?lm[(ba + n) := ?lm!(aa+n) + ?lm!(ba+n), (aa+n):=0]
-apply(simp)
+=  lm1 @ 0 \<up> Suc n @ lm3 @ lm2 @ lm4"
-using list_update_append[of "lm1 @ butlast lm3 @ last lm3 # lm2 @ (0\<Colon>'a)\<up>n"
+using h1 h2 h3 h4 h5
-"last lm3 # lm4" "aa + n" "0"]
+by(auto simp: nth_append list_update_append split: if_splits)
-apply(simp)
+ultimately show "{\<lambda>nl. nl = lm1 @ 0 \<up> n @ last lm2 # lm3 @ butlast lm2 @ 0 # lm4} mv_box (aa + n) (ba + n)
-apply(simp only: replicate_Suc[THEN sym] exp_suc, simp)
+{\<lambda>nl. nl = lm1 @ 0 \<up> Suc n @ lm3 @ lm2 @ lm4}"
-apply(case_tac lm3, simp, simp)
+by simp
-done
+qed
+thus "?case"
-lemma mv_boxes_ex2:
+by(simp add: mv_boxes.simps)
+qed
+lemma [simp]:
+"\<lbrakk>Suc n \<le> aa - length lm1; length lm1 < aa;
+length lm2 = aa - Suc (length lm1 + n);
+length lm3 = Suc n;
+\<not> aa - Suc (length lm1) < aa - Suc (length lm1 + n);
+\<not> aa + n - length lm1 < n\<rbrakk>
+\<Longrightarrow> butlast lm3 @ ((0::nat) # lm2 @ 0 \<up> n @ last lm3 # lm4)[0 := last lm3, aa - length lm1 := 0] = lm3 @ lm2 @ 0 # 0 \<up> n @ lm4"
+apply(subgoal_tac "aa - length lm1 = length lm2 + Suc n")
+apply(simp add: list_update.simps list_update_append)
+apply(simp add: replicate_Suc[THEN sym] exp_suc del: replicate_Suc)
+apply(case_tac lm3, simp, simp)
+apply(auto)
+done
+lemma mv_boxes_correct2:
 "\<lbrakk>n \<le> aa - ba;
 ba < aa;
 length (lm1::nat list) = ba;
 length (lm2::nat list) = aa - ba - n;
 length (lm3::nat list) = n\<rbrakk>
-\<Longrightarrow> \<exists> stp. abc_steps_l (0, lm1 @ 0\<up>n @ lm2 @ lm3 @ lm4)
+\<Longrightarrow>{\<lambda> nl. nl = lm1 @ 0\<up>n @ lm2 @ lm3 @ lm4}
-(mv_boxes aa ba n) stp =
+(mv_boxes aa ba n)
-(3 * n, lm1 @ lm3 @ lm2 @ 0\<up>n @ lm4)"
+{\<lambda> nl. nl = lm1 @ lm3 @ lm2 @ 0\<up>n @ lm4}"
-apply(induct n arbitrary: lm2 lm3 lm4, simp)
+proof(induct n arbitrary: lm2 lm3 lm4)
-apply(rule_tac x = 0 in exI, simp add: abc_steps_zero,
+case 0
-simp add: mv_boxes.simps del: exp_suc_iff)
+thus "?case"
-apply(rule_tac as = "3 *n" and bm = "lm1 @ butlast lm3 @ 0 # lm2 @
+by(simp add: mv_boxes.simps abc_Hoare_halt_def, rule_tac  x = 0 in exI, simp add: abc_steps_l.simps)
-0\<up>n @ last lm3 # lm4" in abc_append_exc2, simp_all)
+next
-apply(simp only: exponent_cons_iff, simp only: exp_suc, simp)
+case (Suc n)
+have ind:
+"\<And>lm2 lm3 lm4.
+\<lbrakk>n \<le> aa - ba; ba < aa; length lm1 = ba; length lm2 = aa - ba - n; length lm3 = n\<rbrakk>
+\<Longrightarrow> {\<lambda>nl. nl = lm1 @ 0 \<up> n @ lm2 @ lm3 @ lm4} mv_boxes aa ba n {\<lambda>nl. nl = lm1 @ lm3 @ lm2 @ 0 \<up> n @ lm4}"
+by fact
+have h1: "Suc n \<le> aa - ba" by fact
+have h2: "ba < aa" by fact
+have h3: "length lm1 = ba" by fact
+have h4: "length lm2 = aa - ba - Suc n" by fact
+have h5: "length lm3 = Suc n" by fact
+have "{\<lambda>nl. nl = lm1 @ 0 \<up> Suc n @ lm2 @ lm3 @ lm4}  mv_boxes aa ba n [+] mv_box (aa + n) (ba + n)
+{\<lambda>nl. nl = lm1 @ lm3 @ lm2 @ 0 \<up> Suc n @ lm4}"
+proof(rule_tac abc_Hoare_plus_halt)
+have "{\<lambda> nl. nl = lm1 @ 0 \<up> n @ (0 # lm2) @ (butlast lm3) @ (last lm3 # lm4)} mv_boxes aa ba n
+{\<lambda> nl. nl = lm1 @ butlast lm3 @ (0 # lm2) @ 0\<up>n @ (last lm3 # lm4)}"
+using h1 h2 h3 h4 h5
+by(rule_tac ind, simp_all)
+moreover have "lm1 @ 0 \<up> n @ (0 # lm2) @ (butlast lm3) @ (last lm3 # lm4)
+= lm1 @ 0 \<up> Suc n @ lm2 @ lm3 @ lm4"
+using h5
+by(simp add: replicate_Suc_iff_anywhere exp_suc
+del: replicate_Suc, case_tac lm3, simp_all)
+ultimately show "{\<lambda>nl. nl = lm1 @ 0 \<up> Suc n @ lm2 @ lm3 @ lm4} mv_boxes aa ba n
+{\<lambda> nl. nl = lm1 @ butlast lm3 @ (0 # lm2) @ 0\<up>n @ (last lm3 # lm4)}"
+by metis
+next
+thm mv_box_correct
+let ?lm = "lm1 @ butlast lm3 @ (0 # lm2) @ 0 \<up> n @ last lm3 # lm4"
+have "{\<lambda>nl. nl = ?lm} mv_box (aa + n) (ba + n)
+{\<lambda>nl. nl = ?lm[ba+n := ?lm!(aa+n)+?lm!(ba+n), (aa+n):=0]}"
+using h1 h2 h3 h4 h5
+by(rule_tac mv_box_correct, simp_all)
+moreover have "?lm[ba+n := ?lm!(aa+n)+?lm!(ba+n), (aa+n):=0]
+= lm1 @ lm3 @ lm2 @ 0 \<up> Suc n @ lm4"
+using h1 h2 h3 h4 h5
+by(auto simp: nth_append list_update_append split: if_splits)
+ultimately show "{\<lambda>nl. nl = lm1 @ butlast lm3 @ (0 # lm2) @ 0 \<up> n @ last lm3 # lm4} mv_box (aa + n) (ba + n)
+{\<lambda>nl. nl = lm1 @ lm3 @ lm2 @ 0 \<up> Suc n @ lm4}"
+by simp
+qed
+thus "?case"
+by(simp add: mv_boxes.simps)
+qed
+lemma save_paras:
+"{\<lambda>nl. nl = xs @ 0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - length xs) @
+map (\<lambda>i. rec_exec i xs) gs @ 0 \<up> Suc (length xs) @ anything}
+mv_boxes 0 (Suc (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs)) (length xs)
+{\<lambda>nl. nl = 0 \<up> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @ map (\<lambda>i. rec_exec i xs) gs @ 0 # xs @ anything}"
 proof -
-fix n lm2 lm3 lm4
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
-assume ind:
+have "{\<lambda>nl. nl = [] @ xs @ (0\<up>(?ft - length xs) @  map (\<lambda>i. rec_exec i xs) gs @ [0]) @
-"\<And>lm2 lm3 lm4. \<lbrakk>length lm2 = aa - (ba + n); length lm3 = n\<rbrakk> \<Longrightarrow>
+0 \<up> (length xs) @ anything} mv_boxes 0 (Suc ?ft + length gs) (length xs)
-\<exists>stp. abc_steps_l (0, lm1 @ 0\<up>n @ lm2 @ lm3 @ lm4)
+{\<lambda>nl. nl = [] @ 0 \<up> (length xs) @ (0\<up>(?ft - length xs) @  map (\<lambda>i. rec_exec i xs) gs @ [0]) @ xs @ anything}"
-(mv_boxes aa ba n) stp =
+by(rule_tac mv_boxes_correct, auto)
-(3 * n, lm1 @ lm3 @ lm2 @ 0\<up>n @ lm4)"
+thus "?thesis"
-and h: "Suc n \<le> aa - ba"
+by(simp add: replicate_merge_anywhere)
-"ba < aa"
+qed
-"length (lm1::nat list) = ba"
-"length (lm2::nat list) = aa - Suc (ba + n)"
+lemma [intro]:
-"length (lm3::nat list) = Suc n"
+"length gs \<le> ffp \<Longrightarrow> length gs \<le> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
-from h show
+apply(rule_tac min_max.le_supI2)
-"\<exists>astp. abc_steps_l (0, lm1 @ 0\<up>n @ 0 # lm2 @ lm3 @ lm4)
+apply(simp add: Max_ge_iff)
-(mv_boxes aa ba n) astp =
+done
-(3 * n, lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n @ last lm3 # lm4)"
-apply(insert ind[of "0 # lm2" "butlast lm3" "last lm3 # lm4"],
+lemma restore_new_paras:
-simp)
+"ffp \<ge> length gs
-apply(subgoal_tac
+\<Longrightarrow> {\<lambda>nl. nl = 0 \<up> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @ map (\<lambda>i. rec_exec i xs) gs @ 0 # xs @ anything}
-"lm1 @ 0\<up>n @ 0 # lm2 @ butlast lm3 @ last lm3 # lm4 =
+mv_boxes (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) 0 (length gs)
-lm1 @ 0\<up>n @ 0 # lm2 @ lm3 @ lm4", simp, simp)
+{\<lambda>nl. nl = map (\<lambda>i. rec_exec i xs) gs @ 0 \<up> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @ 0 # xs @ anything}"
-apply(case_tac "lm3 = []", simp, simp)
+proof -
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+assume j: "ffp \<ge> length gs"
+hence "{\<lambda> nl. nl = [] @ 0\<up>length gs @ 0\<up>(?ft - length gs) @  map (\<lambda>i. rec_exec i xs) gs @ ((0 # xs) @ anything)}
+mv_boxes ?ft 0 (length gs)
+{\<lambda> nl. nl = [] @ map (\<lambda>i. rec_exec i xs) gs @ 0\<up>(?ft - length gs) @ 0\<up>length gs @ ((0 # xs) @ anything)}"
+by(rule_tac mv_boxes_correct2, auto)
+moreover have "?ft \<ge> length gs"
+using j
+by(auto)
+ultimately show "?thesis"
+using j
+by(simp add: replicate_merge_anywhere le_add_diff_inverse)
+qed
+lemma [intro]: "ffp \<le> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+apply(rule_tac min_max.le_supI2)
+apply(rule_tac Max_ge, auto)
+done
+declare max_less_iff_conj[simp del]
+lemma save_rs:
+"\<lbrakk>far = length gs;
+ffp \<le> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)));
+far < ffp\<rbrakk>
+\<Longrightarrow>  {\<lambda>nl. nl = map (\<lambda>i. rec_exec i xs) gs @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> max (Suc (length xs))
+(Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @ xs @ anything}
+mv_box far (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))))
+{\<lambda>nl. nl = map (\<lambda>i. rec_exec i xs) gs @
+0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - length gs) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything}"
+proof -
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+thm mv_box_correct
+let ?lm= " map (\<lambda>i. rec_exec i xs) gs @ rec_exec (Cn (length xs) f gs) xs # 0 \<up> ?ft @ xs @ anything"
+assume h: "far = length gs" "ffp \<le> ?ft" "far < ffp"
+hence "{\<lambda> nl. nl = ?lm} mv_box far ?ft {\<lambda> nl. nl = ?lm[?ft := ?lm!far + ?lm!?ft, far := 0]}"
+apply(rule_tac mv_box_correct)
+by(case_tac "rec_ci a", auto)
+moreover have "?lm[?ft := ?lm!far + ?lm!?ft, far := 0]
+= map (\<lambda>i. rec_exec i xs) gs @
+0 \<up> (?ft - length gs) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything"
+using h
+apply(simp add: nth_append)
+using list_update_length[of "map (\<lambda>i. rec_exec i xs) gs @ rec_exec (Cn (length xs) f gs) xs #
+0 \<up> (?ft - Suc (length gs))" 0 "0 \<up> length gs @ xs @ anything" "rec_exec (Cn (length xs) f gs) xs"]
+apply(simp add: replicate_merge_anywhere replicate_Suc_iff_anywhere del: replicate_Suc)
+by(simp add: list_update_append list_update.simps replicate_Suc_iff_anywhere del: replicate_Suc)
+ultimately show "?thesis"
+by(simp)
+qed
+lemma [simp]: "length (empty_boxes n) = 2*n"
+apply(induct n, simp, simp)
+done
+lemma empty_one_box_correct:
+"{\<lambda>nl. nl = 0 \<up> n @ x # lm} [Dec n 2, Goto 0] {\<lambda>nl. nl = 0 # 0 \<up> n @ lm}"
+proof(induct x)
+case 0
+thus "?case"
+by(simp add: abc_Hoare_halt_def,
+rule_tac x = 1 in exI, simp add: abc_steps_l.simps
+abc_step_l.simps abc_fetch.simps abc_lm_v.simps nth_append abc_lm_s.simps
+replicate_Suc[THEN sym] exp_suc del: replicate_Suc)
+next
+case (Suc x)
+have "{\<lambda>nl. nl = 0 \<up> n @ x # lm} [Dec n 2, Goto 0] {\<lambda>nl. nl = 0 # 0 \<up> n @ lm}"
+by fact
+then obtain stp where "abc_steps_l (0, 0 \<up> n @ x # lm) [Dec n 2, Goto 0] stp
+= (Suc (Suc 0), 0 # 0 \<up> n @ lm)"
+apply(auto simp: abc_Hoare_halt_def)
+by(case_tac "abc_steps_l (0, 0 \<up> n @ x # lm) [Dec n 2, Goto 0] na", simp)
+moreover have "abc_steps_l (0, 0\<up>n @ Suc x # lm) [Dec n 2, Goto 0] (Suc (Suc 0))
+= (0,  0 \<up> n @ x # lm)"
+by(auto simp: abc_steps_l.simps abc_step_l.simps abc_fetch.simps abc_lm_v.simps
+nth_append abc_lm_s.simps list_update.simps list_update_append)
+ultimately have "abc_steps_l (0, 0\<up>n @ Suc x # lm) [Dec n 2, Goto 0] (Suc (Suc 0) + stp)
+= (Suc (Suc 0), 0 # 0\<up>n @ lm)"
+by(simp only: abc_steps_add)
+thus "?case"
+apply(simp add: abc_Hoare_halt_def)
+apply(rule_tac x = "Suc (Suc stp)" in exI, simp)
+done
+qed
+lemma empty_boxes_correct:
+"length lm \<ge> n \<Longrightarrow>
+{\<lambda> nl. nl = lm} empty_boxes n {\<lambda> nl. nl = 0\<up>n @ drop n lm}"
+proof(induct n)
+case 0
+thus "?case"
+by(simp add: empty_boxes.simps abc_Hoare_halt_def,
+rule_tac x = 0 in exI, simp add: abc_steps_l.simps)
+next
+case (Suc n)
+have ind: "n \<le> length lm \<Longrightarrow> {\<lambda>nl. nl = lm} empty_boxes n {\<lambda>nl. nl = 0 \<up> n @ drop n lm}" by fact
+have h: "Suc n \<le> length lm" by fact
+have "{\<lambda>nl. nl = lm} empty_boxes n [+] [Dec n 2, Goto 0] {\<lambda>nl. nl = 0 # 0 \<up> n @ drop (Suc n) lm}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{\<lambda>nl. nl = lm} empty_boxes n {\<lambda>nl. nl = 0 \<up> n @ drop n lm}"
+using h
+by(rule_tac ind, simp)
+next
+show "{\<lambda>nl. nl = 0 \<up> n @ drop n lm} [Dec n 2, Goto 0] {\<lambda>nl. nl = 0 # 0 \<up> n @ drop (Suc n) lm}"
+using empty_one_box_correct[of n "lm ! n" "drop (Suc n) lm"]
+using h
+by(simp add: nth_drop')
+qed
+thus "?case"
+by(simp add: empty_boxes.simps)
+qed
+lemma [simp]: "length gs \<le> ffp \<Longrightarrow>
+length gs + (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - length gs) =
+max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+apply(rule_tac le_add_diff_inverse)
+apply(rule_tac min_max.le_supI2)
+apply(simp add: Max_ge_iff)
+done
+lemma clean_paras:
+"ffp \<ge> length gs \<Longrightarrow>
+{\<lambda>nl. nl = map (\<lambda>i. rec_exec i xs) gs @
+0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - length gs) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything}
+empty_boxes (length gs)
+{\<lambda>nl. nl = 0 \<up> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything}"
+proof-
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+assume h: "length gs \<le> ffp"
+let ?lm = "map (\<lambda>i. rec_exec i xs) gs @ 0 \<up> (?ft - length gs) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything"
+have "{\<lambda> nl. nl = ?lm} empty_boxes (length gs) {\<lambda> nl. nl = 0\<up>length gs @ drop (length gs) ?lm}"
+by(rule_tac empty_boxes_correct, simp)
+moreover have "0\<up>length gs @ drop (length gs) ?lm
+=  0 \<up> ?ft @  rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything"
+using h
+by(simp add: replicate_merge_anywhere)
+ultimately show "?thesis"
+by metis
+qed
+lemma restore_rs:
+"{\<lambda>nl. nl = 0 \<up> max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) @
+rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything}
+mv_box (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) (length xs)
+{\<lambda>nl. nl = 0 \<up> length xs @
+rec_exec (Cn (length xs) f gs) xs #
+0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - (length xs)) @
+0 \<up> length gs @ xs @ anything}"
+proof -
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+let ?lm = "0\<up>(length xs) @  0\<up>(?ft - (length xs)) @ rec_exec (Cn (length xs) f gs) xs # 0 \<up> length gs @ xs @ anything"
+thm mv_box_correct
+have "{\<lambda> nl. nl = ?lm} mv_box ?ft (length xs) {\<lambda> nl. nl = ?lm[length xs := ?lm!?ft + ?lm!(length xs), ?ft := 0]}"
+by(rule_tac mv_box_correct, simp, simp)
+moreover have "?lm[length xs := ?lm!?ft + ?lm!(length xs), ?ft := 0]
+=  0 \<up> length xs @ rec_exec (Cn (length xs) f gs) xs # 0 \<up> (?ft - (length xs)) @ 0 \<up> length gs @ xs @ anything"
+apply(auto simp: list_update_append nth_append)
+apply(case_tac ?ft, simp_all add: Suc_diff_le list_update.simps)
+apply(simp add: exp_suc replicate_Suc[THEN sym] del: replicate_Suc)
+done
+ultimately show "?thesis"
+by(simp add: replicate_merge_anywhere)
+qed
+lemma restore_orgin_paras:
+"{\<lambda>nl. nl = 0 \<up> length xs @
+rec_exec (Cn (length xs) f gs) xs #
+0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) - length xs) @ 0 \<up> length gs @ xs @ anything}
+mv_boxes (Suc (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs)) 0 (length xs)
+{\<lambda>nl. nl = xs @ rec_exec (Cn (length xs) f gs) xs # 0 \<up>
+(max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs) @ anything}"
+proof -
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+thm mv_boxes_correct2
+have "{\<lambda> nl. nl = [] @ 0\<up>(length xs) @ (rec_exec (Cn (length xs) f gs) xs # 0 \<up> (?ft - length xs) @ 0 \<up> length gs) @ xs @ anything}
+mv_boxes (Suc ?ft + length gs) 0 (length xs)
+{\<lambda> nl. nl = [] @ xs @ (rec_exec (Cn (length xs) f gs) xs # 0 \<up> (?ft - length xs) @ 0 \<up> length gs) @ 0\<up>length xs @ anything}"
+by(rule_tac mv_boxes_correct2, auto)
+thus "?thesis"
+by(simp add: replicate_merge_anywhere)
+qed
+lemma compile_cn_correct':
+assumes f_ind:
+"\<And> anything r. rec_exec f (map (\<lambda>g. rec_exec g xs) gs) = rec_exec (Cn (length xs) f gs) xs \<Longrightarrow>
+{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ 0 \<up> (ffp - far) @ anything} fap
+{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ rec_exec (Cn (length xs) f gs) xs # 0 \<up> (ffp - Suc far) @ anything}"
+and compile: "rec_ci f = (fap, far, ffp)"
+and term_f: "terminate f (map (\<lambda>g. rec_exec g xs) gs)"
+and g_cond: "\<forall>g\<in>set gs. terminate g xs \<and>
+(\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow>
+(\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc}))"
+shows
+"{\<lambda>nl. nl = xs @ 0 # 0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs) @ anything}
+cn_merge_gs (map rec_ci gs) (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) [+]
+(mv_boxes 0 (Suc (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs)) (length xs) [+]
+(mv_boxes (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) 0 (length gs) [+]
+(fap [+] (mv_box far (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) [+]
+(empty_boxes (length gs) [+]
+(mv_box (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))) (length xs) [+]
+mv_boxes (Suc (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs)) 0 (length xs)))))))
+{\<lambda>nl. nl = xs @ rec_exec (Cn (length xs) f gs) xs #
+0 \<up> (max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs))) + length gs) @ anything}"
+proof -
+let ?ft = "max (Suc (length xs)) (Max (insert ffp ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+let ?A = "cn_merge_gs (map rec_ci gs) ?ft"
+let ?B = "mv_boxes 0 (Suc (?ft+length gs)) (length xs)"
+let ?C = "mv_boxes ?ft 0 (length gs)"
+let ?D = fap
+let ?E = "mv_box far ?ft"
+let ?F = "empty_boxes (length gs)"
+let ?G = "mv_box ?ft (length xs)"
+let ?H = "mv_boxes (Suc (?ft + length gs)) 0 (length xs)"
+let ?P1 = "\<lambda>nl. nl = xs @ 0 # 0 \<up> (?ft + length gs) @ anything"
+let ?S = "\<lambda>nl. nl = xs @ rec_exec (Cn (length xs) f gs) xs # 0 \<up> (?ft + length gs) @ anything"
+let ?Q1 = "\<lambda> nl. nl = xs @ 0\<up>(?ft - length xs) @ map (\<lambda> i. rec_exec i xs) gs @ 0\<up>(Suc (length xs)) @ anything"
+show "{?P1} (?A [+] (?B [+] (?C [+] (?D [+] (?E [+] (?F [+] (?G [+] ?H))))))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{?P1} ?A {?Q1}"
+using g_cond
+by(rule_tac compile_cn_gs_correct, auto)
+next
+let ?Q2 = "\<lambda>nl. nl = 0 \<up> ?ft @
+map (\<lambda>i. rec_exec i xs) gs @ 0 # xs @ anything"
+show "{?Q1} (?B [+] (?C [+] (?D [+] (?E [+] (?F [+] (?G [+] ?H)))))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{?Q1} ?B {?Q2}"
+by(rule_tac save_paras)
+next
+let ?Q3 = "\<lambda> nl. nl = map (\<lambda>i. rec_exec i xs) gs @ 0\<up>?ft @ 0 # xs @ anything"
+show "{?Q2} (?C [+] (?D [+] (?E [+] (?F [+] (?G [+] ?H))))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+have "ffp \<ge> length gs"
+using compile term_f
+apply(subgoal_tac "length gs = far")
+apply(drule_tac footprint_ge, simp)
+by(drule_tac param_pattern, auto)
+thus "{?Q2} ?C {?Q3}"
+by(erule_tac restore_new_paras)
+next
+let ?Q4 = "\<lambda> nl. nl = map (\<lambda>i. rec_exec i xs) gs @ rec_exec (Cn (length xs) f gs) xs # 0\<up>?ft @ xs @ anything"
+have a: "far = length gs"
+using compile term_f
+by(drule_tac param_pattern, auto)
+have b:"?ft \<ge> ffp"
+by auto
+have c: "ffp > far"
+using compile
+by(erule_tac footprint_ge)
+show "{?Q3} (?D [+] (?E [+] (?F [+] (?G [+] ?H)))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+have "{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ 0 \<up> (ffp - far) @ 0\<up>(?ft - ffp + far) @ 0 # xs @ anything} fap
+{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ rec_exec (Cn (length xs) f gs) xs #
+0 \<up> (ffp - Suc far) @ 0\<up>(?ft - ffp + far) @ 0 # xs @ anything}"
+by(rule_tac f_ind, simp add: rec_exec.simps)
+thus "{?Q3} fap {?Q4}"
+using a b c
+by(simp add: replicate_merge_anywhere,
+case_tac "?ft", simp_all add: exp_suc del: replicate_Suc)
+next
+let ?Q5 = "\<lambda>nl. nl = map (\<lambda>i. rec_exec i xs) gs @
+0\<up>(?ft - length gs) @ rec_exec (Cn (length xs) f gs) xs # 0\<up>(length gs)@ xs @ anything"
+show "{?Q4} (?E [+] (?F [+] (?G [+] ?H))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+from a b c show "{?Q4} ?E {?Q5}"
+by(erule_tac save_rs, simp_all)
+next
+let ?Q6 = "\<lambda>nl. nl = 0\<up>?ft @ rec_exec (Cn (length xs) f gs) xs # 0\<up>(length gs)@ xs @ anything"
+show "{?Q5} (?F [+] (?G [+] ?H)) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+have "length gs \<le> ffp" using a b c
+by simp
+thus "{?Q5} ?F {?Q6}"
+by(erule_tac clean_paras)
+next
+let ?Q7 = "\<lambda>nl. nl = 0\<up>length xs @ rec_exec (Cn (length xs) f gs) xs # 0\<up>(?ft - (length xs)) @ 0\<up>(length gs)@ xs @ anything"
+show "{?Q6} (?G [+] ?H) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{?Q6} ?G {?Q7}"
+by(rule_tac restore_rs)
+next
+show "{?Q7} ?H {?S}"
+by(rule_tac restore_orgin_paras)
+qed
+qed
+qed
+qed
+qed
+qed
+qed
+qed
+lemma compile_cn_correct:
+assumes termi_f: "terminate f (map (\<lambda>g. rec_exec g xs) gs)"
+and f_ind: "\<And>ap arity fp anything.
+rec_ci f = (ap, arity, fp)
+\<Longrightarrow> {\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ 0 \<up> (fp - arity) @ anything} ap
+{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ rec_exec f (map (\<lambda>g. rec_exec g xs) gs) # 0 \<up> (fp - Suc arity) @ anything}"
+and g_cond:
+"\<forall>g\<in>set gs. terminate g xs \<and>
+(\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow>   (\<forall>xc. {\<lambda>nl. nl = xs @ 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ rec_exec g xs # 0 \<up> (xb - Suc xa) @ xc}))"
+and compile: "rec_ci (Cn n f gs) = (ap, arity, fp)"
+and len: "length xs = n"
+shows "{\<lambda>nl. nl = xs @ 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ rec_exec (Cn n f gs) xs # 0 \<up> (fp - Suc arity) @ anything}"
+proof(case_tac "rec_ci f")
+fix fap far ffp
+assume h: "rec_ci f = (fap, far, ffp)"
+then have f_newind: "\<And> anything .{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ 0 \<up> (ffp - far) @ anything} fap
+{\<lambda>nl. nl = map (\<lambda>g. rec_exec g xs) gs @ rec_exec f (map (\<lambda>g. rec_exec g xs) gs) # 0 \<up> (ffp - Suc far) @ anything}"
+by(rule_tac f_ind, simp_all)
+thus "{\<lambda>nl. nl = xs @ 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ rec_exec (Cn n f gs) xs # 0 \<up> (fp - Suc arity) @ anything}"
+using compile len h termi_f g_cond
+apply(auto simp: rec_ci.simps abc_comp_commute)
+apply(rule_tac compile_cn_correct', simp_all)
+done
+qed
+lemma [simp]:
+"\<lbrakk>length xs = n; ft = max (n+3) (max fft gft)\<rbrakk>
+\<Longrightarrow> {\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft - n) @ anything} mv_box n ft
+{\<lambda>nl. nl = xs @ 0 # 0 \<up> (ft - n) @ anything}"
+using mv_box_correct[of n ft "xs @ 0 # 0 \<up> (ft - n) @ anything"]
+by(auto)
+lemma [simp]: "length xs < max (length xs + 3) (max fft gft)"
+by auto
+lemma save_init_rs:
+"\<lbrakk>length xs = n; ft = max (n+3) (max fft gft)\<rbrakk>
+\<Longrightarrow>  {\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (ft - n) @ anything} mv_box n (Suc n)
+{\<lambda>nl. nl = xs @ 0 # rec_exec f xs # 0 \<up> (ft - Suc n) @ anything}"
+using mv_box_correct[of n "Suc n" "xs @ rec_exec f xs # 0 \<up> (ft - n) @ anything"]
+apply(auto simp: list_update_append list_update.simps nth_append split: if_splits)
+apply(case_tac "(max (length xs + 3) (max fft gft))", simp_all add: list_update.simps Suc_diff_le)
+done
+lemma [simp]: "n + (2::nat) < max (n + 3) (max fft gft)"
+by auto
+lemma [simp]: "n < max (n + (3::nat)) (max fft gft)"
+by auto
+lemma [simp]:
+"length xs = n \<Longrightarrow>
+{\<lambda>nl. nl = xs @ x # 0 \<up> (max (n + (3::nat)) (max fft gft) - n) @ anything} mv_box n (max (n + 3) (max fft gft))
+{\<lambda>nl. nl = xs @ 0 \<up> (max (n + 3) (max fft gft) - n) @ x # anything}"
+proof -
+assume h: "length xs = n"
+let ?ft = "max (n+3) (max fft gft)"
+let ?lm = "xs @ x # 0\<up>(?ft - Suc n) @ 0 # anything"
+have g: "?ft > n + 2"
+by simp
+thm mv_box_correct
+have a: "{\<lambda> nl. nl = ?lm} mv_box n ?ft {\<lambda> nl. nl = ?lm[?ft := ?lm!n + ?lm!?ft, n := 0]}"
+using h
+by(rule_tac mv_box_correct, auto)
+have b:"?lm = xs @ x # 0 \<up> (max (n + 3) (max fft gft) - n) @ anything"
+by(case_tac ?ft, simp_all add: Suc_diff_le exp_suc del: replicate_Suc)
+have c: "?lm[?ft := ?lm!n + ?lm!?ft, n := 0] = xs @ 0 \<up> (max (n + 3) (max fft gft) - n) @ x # anything"
+using h g
+apply(auto simp: nth_append list_update_append split: if_splits)
+using list_update_append[of "x # 0 \<up> (max (length xs + 3) (max fft gft) - Suc (length xs))" "0 # anything"
+"max (length xs + 3) (max fft gft) - length xs" "x"]
+apply(auto simp: if_splits)
+apply(simp add: list_update.simps replicate_Suc[THEN sym] del: replicate_Suc)
+done
+from a c show "?thesis"
+using h
+apply(simp)
+using b
+by simp
+qed
+lemma [simp]: "max n (Suc n) < Suc (Suc (max (n + 3) (max fft gft) + length anything - Suc 0))"
+by arith
+lemma [simp]: "Suc n < max (n + 3) (max fft gft)"
+by arith
+lemma [simp]:
+"length xs = n
+\<Longrightarrow> {\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ x # anything} mv_box n (Suc n)
+{\<lambda>nl. nl = xs @ 0 # rec_exec f xs # 0 \<up> (max (n + 3) (max fft gft) - Suc (Suc n)) @ x # anything}"
+using mv_box_correct[of n "Suc n" "xs @ rec_exec f xs # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ x # anything"]
+apply(simp add: nth_append list_update_append list_update.simps)
+apply(case_tac "max (n + 3) (max fft gft)", simp_all)
+apply(case_tac nat, simp_all add: Suc_diff_le list_update.simps)
+done
+lemma abc_append_frist_steps_eq_pre:
+assumes notfinal: "abc_notfinal (abc_steps_l (0, lm)  A n) A"
+and notnull: "A \<noteq> []"
+shows "abc_steps_l (0, lm) (A @ B) n = abc_steps_l (0, lm) A n"
+using notfinal
+proof(induct n)
+case 0
+thus "?case"
+by(simp add: abc_steps_l.simps)
+next
+case (Suc n)
+have ind: "abc_notfinal (abc_steps_l (0, lm) A n) A \<Longrightarrow> abc_steps_l (0, lm) (A @ B) n = abc_steps_l (0, lm) A n"
+by fact
+have h: "abc_notfinal (abc_steps_l (0, lm) A (Suc n)) A" by fact
+then have a: "abc_notfinal (abc_steps_l (0, lm) A n) A"
+by(simp add: notfinal_Suc)
+then have b: "abc_steps_l (0, lm) (A @ B) n = abc_steps_l (0, lm) A n"
+using ind by simp
+obtain s lm' where c: "abc_steps_l (0, lm) A n = (s, lm')"
+by (metis prod.exhaust)
+then have d: "s < length A \<and> abc_steps_l (0, lm) (A @ B) n = (s, lm')"
+using a b by simp
+thus "?case"
+using c
+by(simp add: abc_step_red2 abc_fetch.simps abc_step_l.simps nth_append)
+qed
+lemma abc_append_first_step_eq_pre:
+"st < length A
+\<Longrightarrow> abc_step_l (st, lm) (abc_fetch st (A @ B)) =
+abc_step_l (st, lm) (abc_fetch st A)"
+by(simp add: abc_step_l.simps abc_fetch.simps nth_append)
+lemma abc_append_frist_steps_halt_eq':
+assumes final: "abc_steps_l (0, lm) A n = (length A, lm')"
+and notnull: "A \<noteq> []"
+shows "\<exists> n'. abc_steps_l (0, lm) (A @ B) n' = (length A, lm')"
+proof -
+have "\<exists> n'. abc_notfinal (abc_steps_l (0, lm) A n') A \<and>
+abc_final (abc_steps_l (0, lm) A (Suc n')) A"
+using assms
+by(rule_tac n = n in abc_before_final, simp_all)
+then obtain na where a:
+"abc_notfinal (abc_steps_l (0, lm) A na) A \<and>
+abc_final (abc_steps_l (0, lm) A (Suc na)) A" ..
+obtain sa lma where b: "abc_steps_l (0, lm) A na = (sa, lma)"
+by (metis prod.exhaust)
+then have c: "abc_steps_l (0, lm) (A @ B) na = (sa, lma)"
+using a abc_append_frist_steps_eq_pre[of lm A na B] assms
+by simp
+have d: "sa < length A" using b a by simp
+then have e: "abc_step_l (sa, lma) (abc_fetch sa (A @ B)) =
+abc_step_l (sa, lma) (abc_fetch sa A)"
+by(rule_tac abc_append_first_step_eq_pre)
+from a have "abc_steps_l (0, lm) A (Suc na) = (length A, lm')"
+using final equal_when_halt
+by(case_tac "abc_steps_l (0, lm) A (Suc na)" , simp)
+then have "abc_steps_l (0, lm) (A @ B) (Suc na) = (length A, lm')"
+using a b c e
+by(simp add: abc_step_red2)
+thus "?thesis"
+by blast
+qed
+lemma abc_append_frist_steps_halt_eq:
+assumes final: "abc_steps_l (0, lm) A n = (length A, lm')"
+shows "\<exists> n'. abc_steps_l (0, lm) (A @ B) n' = (length A, lm')"
+using final
+apply(case_tac "A = []")
+apply(rule_tac x = 0 in exI, simp add: abc_steps_l.simps abc_exec_null)
+apply(rule_tac abc_append_frist_steps_halt_eq', simp_all)
+done
+lemma [simp]: "Suc (Suc (max (length xs + 3) (max fft gft) - Suc (Suc (length xs))))
+= max (length xs + 3) (max fft gft) - (length xs)"
+by arith
+lemma [simp]: "\<lbrakk>ft = max (n + 3) (max fft gft); length xs = n\<rbrakk> \<Longrightarrow>
+{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything}
+[Dec ft (length gap + 7)]
+{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ y # anything}"
+apply(simp add: abc_Hoare_halt_def)
+apply(rule_tac x = 1 in exI)
+apply(auto simp: abc_steps_l.simps abc_step_l.simps abc_fetch.simps nth_append abc_lm_v.simps abc_lm_s.simps list_update_append)
+using list_update_length
+[of "(x - Suc y) # rec_exec (Pr (length xs) f g) (xs @ [x - Suc y]) #
+0 \<up> (max (length xs + 3) (max fft gft) - Suc (Suc (length xs)))" "Suc y" anything y]
+apply(simp)
+done
+lemma adjust_paras':
+"length xs = n \<Longrightarrow> {\<lambda>nl. nl = xs @ x # y # anything}  [Inc n] [+] [Dec (Suc n) 2, Goto 0]
+{\<lambda>nl. nl = xs @ Suc x # 0 # anything}"
+proof(rule_tac abc_Hoare_plus_halt)
+assume "length xs = n"
+thus "{\<lambda>nl. nl = xs @ x # y # anything} [Inc n] {\<lambda> nl. nl = xs @ Suc x # y # anything}"
+apply(simp add: abc_Hoare_halt_def)
+apply(rule_tac x = 1 in exI, simp add: abc_steps_l.simps abc_step_l.simps abc_fetch.simps abc_comp.simps
+abc_lm_v.simps abc_lm_s.simps nth_append list_update_append list_update.simps)
 done
 next
-fix n lm2 lm3 lm4
+assume h: "length xs = n"
-assume h:
+thus "{\<lambda>nl. nl = xs @ Suc x # y # anything} [Dec (Suc n) 2, Goto 0] {\<lambda>nl. nl = xs @ Suc x # 0 # anything}"
-"Suc n \<le> aa - ba"
+proof(induct y)
-"ba < aa"
+case 0
-"length lm1 = ba"
+thus "?case"
-"length (lm2::nat list) = aa - Suc (ba + n)"
+apply(simp add: abc_Hoare_halt_def)
-"length (lm3::nat list) = Suc n"
+apply(rule_tac x = 1 in exI, simp add: abc_steps_l.simps abc_step_l.simps abc_fetch.simps abc_comp.simps
-thus
+abc_lm_v.simps abc_lm_s.simps nth_append list_update_append list_update.simps)
-"\<exists>bstp. abc_steps_l (0, lm1 @ butlast lm3 @ 0 # lm2 @ 0\<up>n @
-last lm3 # lm4)
-(mv_box (aa + n) (ba + n)) bstp =
-(3, lm1 @ lm3 @ lm2 @ 0 # 0\<up>n @ lm4)"
-apply(insert mv_box_ex[of "aa + n" "ba + n" "lm1 @ butlast lm3 @
-0 # lm2 @ 0\<up>n @ last lm3 # lm4"], simp)
-done
-qed
-lemma cn_merge_gs_len:
-"length (cn_merge_gs (map rec_ci gs) pstr) =
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs"
-apply(induct gs arbitrary: pstr, simp, simp)
-apply(case_tac "rec_ci a", simp)
-done
-lemma [simp]: "n < pstr \<Longrightarrow>
-Suc (pstr + length ys - n) = Suc (pstr + length ys) - n"
-by arith
-lemma save_paras':
-"\<lbrakk>length lm = n; pstr > n; a_md > pstr + length ys + n\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(pstr - n) @ ys @
-0\<up>(a_md - pstr - length ys) @ suf_lm)
-(mv_boxes 0 (pstr + Suc (length ys)) n) stp
-= (3 * n, 0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-apply(insert mv_boxes_ex[of n "pstr + Suc (length ys)" 0 "[]" "lm"
-"0\<up>(pstr - n) @ ys @ [0]" "0\<up>(a_md - pstr - length ys - n - Suc 0) @ suf_lm"], simp)
-apply(erule_tac exE, rule_tac x = stp in exI,
-simp add: exponent_add_iff)
-apply(simp only: exponent_cons_iff, simp)
-done
-lemma [simp]:
-"(max ba (Max (insert ba (((\<lambda>(aprog, p, n). n) o rec_ci) ` set gs))))
-= (Max (insert ba (((\<lambda>(aprog, p, n). n) o rec_ci) ` set gs)))"
-apply(rule min_max.sup_absorb2, auto)
-done
-lemma [simp]:
-"((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs) =
-(((\<lambda>(aprog, p, n). n) o rec_ci) ` set gs)"
-apply(induct gs)
-apply(simp, simp)
-done
-lemma ci_cn_md_def:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba)\<rbrakk>
-\<Longrightarrow> a_md = max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) o
-rec_ci) ` set gs))) + Suc (length gs) + n"
-apply(simp add: rec_ci.simps, auto)
-done
-lemma save_paras_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))\<rbrakk>
-\<Longrightarrow> \<exists>ap bp cp.
-aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs \<and> bp = mv_boxes 0 (pstr + Suc (length gs)) n"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x =
-"cn_merge_gs (map rec_ci gs) (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) o rec_ci) ` set gs))))" in exI,
-simp add: cn_merge_gs_len)
-apply(rule_tac x =
-"mv_boxes (max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))
-0 (length gs) [+] a [+]mv_box aa (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs) [+] mv_box (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
-mv_boxes (Suc (max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci)
-` set gs))) + length gs)) 0 n" in exI, auto)
-apply(simp add: abc_append_commute)
-done
-lemma save_paras:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rs_pos = n;
-\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k);
-length ys = length gs;
-length lm = n;
-rec_ci f = (a, aa, ba);
-pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l ((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs, lm @ 0\<up>(pstr - n) @ ys @
-0\<up>(a_md - pstr - length ys) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs + 3 * n,
-0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-assume h:
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rs_pos = n"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"length lm = n"
-"rec_ci f = (a, aa, ba)"
-and g: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-from h and g have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 *length gs \<and> bp = mv_boxes 0 (pstr + Suc (length ys)) n"
-apply(drule_tac save_paras_prog_ex, auto)
-done
-from h have k2:
-"\<exists> stp. abc_steps_l (0, lm @ 0\<up>(pstr - n) @ ys @
-0\<up>(a_md - pstr - length ys) @ suf_lm)
-(mv_boxes 0 (pstr + Suc (length ys)) n) stp =
-(3 * n, 0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-apply(rule_tac save_paras', simp, simp_all add: g)
-apply(drule_tac a = a and aa = aa and ba = ba in
-ci_cn_md_def, simp, simp)
-done
-from k1 show
-"\<exists>stp. abc_steps_l ((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs, lm @ 0\<up>(pstr - n) @ ys @
-0\<up>(a_md - pstr - length ys) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs + 3 * n,
-0\<up> pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof(erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and> length ap =
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs
-\<and> bp = mv_boxes 0 (pstr + Suc (length ys)) n"
-from this and k2 show "?thesis"
-apply(simp)
-apply(rule_tac abc_append_exc1, simp, simp, simp)
-done
-qed
-qed
-lemma ci_cn_para_eq:
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md) \<Longrightarrow> rs_pos = n"
-apply(simp add: rec_ci.simps, case_tac "rec_ci f", simp)
-done
-lemma calc_gs_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr\<rbrakk>
-\<Longrightarrow> \<exists>ap bp. aprog = ap [+] bp \<and>
-ap = cn_merge_gs (map rec_ci gs) pstr"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "mv_boxes 0 (Suc (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) n [+]
-mv_boxes (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs) [+]
-a [+] mv_box aa (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs) [+] mv_box (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
-mv_boxes (Suc (max (Suc n) (Max
-(insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) 0 n"
-in exI)
-apply(auto simp: abc_append_commute)
-done
-lemma cn_calc_gs:
-assumes ind:
-"\<And>x aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>x \<in> set gs;
-rec_ci x = (aprog, rs_pos, a_md);
-rec_calc_rel x lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and h:  "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"length lm = n"
-"rec_ci f = (a, aa, ba)"
-"Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr"
-shows
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs,
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md -pstr - length ys) @ suf_lm) "
-proof -
-from h have k1:
-"\<exists> ap bp. aprog = ap [+] bp \<and> ap =
-cn_merge_gs (map rec_ci gs) pstr"
-by(erule_tac calc_gs_prog_ex, auto)
-from h have j1: "rs_pos = n"
-by(simp add: ci_cn_para_eq)
-from h have j2: "a_md \<ge> pstr"
-by(drule_tac a = a and aa = aa and ba = ba in
-ci_cn_md_def, simp, simp)
-from h have j3: "pstr > n"
-by(auto)
-from j1 and j2 and j3 and h have k2:
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm)
-(cn_merge_gs (map rec_ci gs) pstr) stp
-= ((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs,
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - pstr - length ys) @ suf_lm)"
-apply(simp)
-apply(rule_tac cn_merge_gs_ex, rule_tac ind, simp, simp, auto)
-apply(drule_tac a = a and aa = aa and ba = ba in
-ci_cn_md_def, simp, simp)
-apply(rule min_max.le_supI2, auto)
-done
-from k1 show "?thesis"
-proof(erule_tac exE, erule_tac exE, simp)
-fix ap bp
-from k2 show
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm)
-(cn_merge_gs (map rec_ci gs) pstr [+] bp) stp =
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) gs) +
-3 * length gs,
-lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - (pstr + length ys)) @ suf_lm)"
-apply(insert abc_append_exc1[of
-"lm @ 0\<up>(a_md - rs_pos) @ suf_lm"
-"(cn_merge_gs (map rec_ci gs) pstr)"
-"length (cn_merge_gs (map rec_ci gs) pstr)"
-"lm @ 0\<up>(pstr - n) @ ys @ 0\<up>(a_md - pstr - length ys) @ suf_lm" 0
-"[]" bp], simp add: cn_merge_gs_len)
-done
-qed
-qed
-lemma reset_new_paras':
-"\<lbrakk>length lm = n;
-pstr > 0;
-a_md \<ge> pstr + length ys + n;
-pstr > length ys\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, 0\<up>pstr @ ys @ 0 # lm @  0\<up>(a_md - Suc (pstr + length ys + n)) @
-suf_lm) (mv_boxes pstr 0 (length ys)) stp =
-(3 * length ys, ys @ 0\<up>pstr @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-apply(insert mv_boxes_ex2[of "length ys" "pstr" 0 "[]"
-"0\<up>(pstr - length ys)" "ys"
-"0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm"],
-simp add: exponent_add_iff)
-done
-lemma [simp]:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_calc_rel f ys rs; rec_ci f = (a, aa, ba);
-pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))\<rbrakk>
-\<Longrightarrow> length ys < pstr"
-apply(subgoal_tac "length ys = aa", simp)
-apply(subgoal_tac "aa < ba \<and> ba \<le> pstr",
-rule basic_trans_rules(22), auto)
-apply(rule min_max.le_supI2)
-apply(auto)
-apply(erule_tac para_pattern, simp)
-done
-lemma reset_new_paras_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 *length gs + 3 * n \<and> bp = mv_boxes pstr 0 (length gs)"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "cn_merge_gs (map rec_ci gs) (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-mv_boxes 0 (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) n" in exI,
-simp add: cn_merge_gs_len)
-apply(rule_tac x = "a [+]
-mv_box aa (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs) [+] mv_box
-(max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n
-[+] mv_boxes (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) 0 n" in exI,
-auto simp: abc_append_commute)
-done
-lemma reset_new_paras:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rs_pos = n;
-\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k);
-length ys = length gs;
-length lm = n;
-length ys = aa;
-rec_ci f = (a, aa, ba);
-pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l ((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 * length gs + 3 * n,
-0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs + 3 * n,
-ys @ 0\<up>pstr @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-assume h:
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rs_pos = n"
-"length ys = aa"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"  "length lm = n"
-"rec_ci f = (a, aa, ba)"
-and g: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-from h and g have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap =
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-3 *length gs + 3 * n \<and> bp = mv_boxes pstr 0 (length ys)"
-by(drule_tac reset_new_paras_prog_ex, auto)
-from h have k2:
-"\<exists> stp. abc_steps_l (0, 0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @
-suf_lm) (mv_boxes pstr 0 (length ys)) stp =
-(3 * (length ys),
-ys @ 0\<up>pstr @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-apply(rule_tac reset_new_paras', simp)
-apply(simp add: g)
-apply(drule_tac a = a and aa = aa and ba = ba in ci_cn_md_def,
-simp, simp add: g, simp)
-apply(subgoal_tac "length gs = aa \<and> aa < ba \<and> ba \<le> pstr", arith,
-simp add: para_pattern)
-apply(insert g, auto intro: min_max.le_supI2)
-done
-from k1 show
-"\<exists>stp. abc_steps_l ((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3
-* length gs + 3 * n, 0\<up>pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @
-suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs +
-3 * n, ys @ 0\<up>pstr @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof(erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and> length ap =
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs +
-3 * n \<and> bp = mv_boxes pstr 0 (length ys)"
-from this and k2 show "?thesis"
-apply(simp)
-apply(drule_tac as =
-"(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 3 * length gs +
-3 * n" and ap = ap and cp = cp in abc_append_exc1, auto)
-apply(rule_tac x = stp in exI, simp add: h)
-using h
-apply(simp)
-done
-qed
-qed
-lemma calc_f_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n \<and> bp = a"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "cn_merge_gs (map rec_ci gs) (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-mv_boxes 0 (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) n [+]
-mv_boxes (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs)" in exI,
-simp add: cn_merge_gs_len)
-apply(rule_tac x = "mv_box aa (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs) [+] mv_box (max (Suc n) (
-Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
-mv_boxes (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) 0 n" in exI,
-auto simp: abc_append_commute)
-done
-lemma calc_cn_f:
-assumes ind:
-"\<And>x ap fp arity r anything args.
-\<lbrakk>x = map rec_ci gs; rec_ci f = (ap, arity, fp); rec_calc_rel f args r\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, args @ 0 \<up> (fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0 \<up> (fp - arity - 1) @ anything)"
-and h: "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"length lm = n"
-"rec_ci f = (a, aa, ba)"
-and p: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-shows "\<exists>stp. abc_steps_l
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs + 3 * n,
-ys @ 0\<up>pstr @ 0 # lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs +
-3 * n + length a,
-ys @ rs # 0\<up>pstr @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-from h have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n \<and> bp = a"
-by(drule_tac calc_f_prog_ex, auto)
-from h and k1 show "?thesis"
-proof (erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume
-"aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 * length gs + 3 * n \<and> bp = a"
-from h and this show "?thesis"
-apply(simp, rule_tac abc_append_exc1, simp_all)
-thm ind
-apply(insert ind[of "map rec_ci gs" a aa ba ys rs
-"0\<up>(pstr - ba + length gs) @ 0 # lm @
-0\<up>(a_md - Suc (pstr + length gs + n)) @ suf_lm"], simp)
-apply(subgoal_tac "ba > aa \<and> aa = length gs\<and> pstr \<ge> ba", simp)
-apply(simp add: exponent_add_iff)
-apply(case_tac pstr, simp add: p)
-apply(simp only: exp_suc, simp)
-apply(rule conjI, rule ci_ad_ge_paras, simp, rule conjI)
-apply(subgoal_tac "length ys = aa", simp,
-rule para_pattern, simp, simp)
-apply(insert p, simp)
-apply(auto intro: min_max.le_supI2)
-done
-qed
-qed
-lemma [simp]:
-"\<lbrakk>pstr + length ys + n \<le> a_md; ys \<noteq> []\<rbrakk> \<Longrightarrow>
-pstr < a_md + length suf_lm"
-apply(case_tac "length ys", simp)
-apply(arith)
-done
-lemma [simp]:
-"pstr > length ys
-\<Longrightarrow> (ys @ rs # 0\<up>pstr @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) ! pstr = (0::nat)"
-apply(simp add: nth_append)
-done
-(*
-lemma [simp]: "\<lbrakk>length ys < pstr; pstr - length ys = Suc x\<rbrakk>
-\<Longrightarrow> pstr - Suc (length ys) = x"
-by arith
-*)
-lemma [simp]: "pstr > length ys \<Longrightarrow>
-(ys @ rs # 0\<up>pstr @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)
-[pstr := rs, length ys := 0] =
-ys @ 0\<up>(pstr - length ys) @ (rs::nat) # 0\<up>length ys @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm"
-apply(auto simp: list_update_append)
-apply(case_tac "pstr - length ys",simp_all)
-using list_update_length[of
-"0\<up>(pstr - Suc (length ys))" "0" "0\<up>length ys @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm" rs]
-apply(simp only: exponent_cons_iff exponent_add_iff, simp)
-apply(subgoal_tac "pstr - Suc (length ys) = nat", simp, simp)
-done
-lemma save_rs':
-"\<lbrakk>pstr > length ys\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, ys @ rs # 0\<up>pstr @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)
-(mv_box (length ys) pstr) stp =
-(3, ys @ 0\<up>(pstr - (length ys)) @ rs #
-0\<up>length ys  @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-apply(insert mv_box_ex[of "length ys" pstr
-"ys @ rs # 0\<up>pstr @ lm @ 0\<up>(a_md - Suc(pstr + length ys + n)) @ suf_lm"],
-simp)
-done
-lemma save_rs_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n + length a
-\<and> bp = mv_box aa pstr"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x =
-"cn_merge_gs (map rec_ci gs) (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))
-[+] mv_boxes 0 (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) n [+]
-mv_boxes (max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))
-0 (length gs) [+] a"
-in exI, simp add: cn_merge_gs_len)
-apply(rule_tac x =
-"empty_boxes (length gs) [+]
-mv_box (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
-mv_boxes (Suc (max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))
-+ length gs)) 0 n" in exI,
-auto simp: abc_append_commute)
-done
-lemma save_rs:
-assumes h:
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"rec_ci f = (a, aa, ba)"
-"length lm = n"
-and pdef: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-shows "\<exists>stp. abc_steps_l
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs
-+ 3 * n + length a, ys @ rs # 0\<up>pstr @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs
-+ 3 * n + length a + 3,
-ys @ 0\<up>(pstr - length ys) @ rs # 0\<up>length ys @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-from h and pdef have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n + length a \<and> bp = mv_box (length ys) pstr "
-apply(subgoal_tac "length ys = aa")
-apply(drule_tac a = a and aa = aa and ba = ba in save_rs_prog_ex,
-simp, simp, simp)
-by(rule_tac para_pattern, simp, simp)
-from k1 show
-"\<exists>stp. abc_steps_l
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs + 3 * n
-+ length a, ys @ rs # 0\<up>pstr @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n))
-@ suf_lm) aprog stp =
-((\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs + 3 * n
-+ length a + 3, ys @ 0\<up>(pstr - length ys) @ rs #
-0\<up>length ys @ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof (erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and> length ap =
-(\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) + 6 * length gs +
-3 * n + length a \<and> bp = mv_box (length ys) pstr"
-thus"?thesis"
-apply(simp, rule_tac abc_append_exc1, simp_all)
-apply(rule_tac save_rs', insert h)
-apply(subgoal_tac "length gs = aa \<and> pstr \<ge> ba \<and> ba > aa",
-arith)
-apply(simp add: para_pattern, insert pdef, auto)
-apply(rule_tac min_max.le_supI2, simp)
-done
-qed
-qed
-lemma [simp]: "length (empty_boxes n) = 2*n"
-apply(induct n, simp, simp)
-done
-lemma mv_box_step_ex: "length lm = n \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, lm @ Suc x # suf_lm) [Dec n 2, Goto 0] stp
-= (0, lm @ x # suf_lm)"
-apply(rule_tac x = "Suc (Suc 0)" in exI,
-simp add: abc_steps_l.simps abc_step_l.simps abc_fetch.simps
-abc_lm_v.simps abc_lm_s.simps nth_append list_update_append)
-done
-lemma mv_box_ex':
-"\<lbrakk>length lm = n\<rbrakk> \<Longrightarrow>
-\<exists> stp. abc_steps_l (0, lm @ x # suf_lm) [Dec n 2, Goto 0] stp =
-(Suc (Suc 0), lm @ 0 # suf_lm)"
-apply(induct x)
-apply(rule_tac x = "Suc 0" in exI,
-simp add: abc_steps_l.simps abc_fetch.simps abc_step_l.simps
-abc_lm_v.simps nth_append abc_lm_s.simps, simp)
-apply(drule_tac x = x and suf_lm = suf_lm in mv_box_step_ex,
-erule_tac exE, erule_tac exE)
-apply(rule_tac x = "stpa + stp" in exI, simp add: abc_steps_add)
-done
-lemma [simp]: "drop n lm = a # list \<Longrightarrow> list = drop (Suc n) lm"
-apply(induct n arbitrary: lm a list, simp)
-apply(case_tac "lm", simp, simp)
-done
-lemma empty_boxes_ex: "\<lbrakk>length lm \<ge> n\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm) (empty_boxes n) stp =
-(2*n, 0\<up>n @ drop n lm)"
-apply(induct n, simp, simp)
-apply(rule_tac abc_append_exc2, auto)
-apply(case_tac "drop n lm", simp, simp)
-proof -
-fix n stp a list
-assume h: "Suc n \<le> length lm"  "drop n lm = a # list"
-thus "\<exists>bstp. abc_steps_l (0, 0\<up>n @ a # list) [Dec n 2, Goto 0] bstp =
-(Suc (Suc 0), 0 # 0\<up>n @ drop (Suc n) lm)"
-apply(insert mv_box_ex'[of "0\<up>n" n a list], simp, erule_tac exE)
-apply(rule_tac x = stp in exI, simp, simp only: exponent_cons_iff)
-apply(simp add:exp_ind del: replicate.simps)
-done
-qed
-lemma mv_box_paras_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n + length a + 3 \<and> bp = empty_boxes (length gs)"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "cn_merge_gs (map rec_ci gs) (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-mv_boxes 0 (Suc (max (Suc n) (Max
-(insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) n
-[+] mv_boxes (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs) [+]
-a [+] mv_box aa (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))"
-in exI, simp add: cn_merge_gs_len)
-apply(rule_tac x = " mv_box (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
-mv_boxes (Suc (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) 0 n" in exI,
-auto simp: abc_append_commute)
-done
-lemma mv_box_paras:
-assumes h:
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"rec_ci f = (a, aa, ba)"
-and pdef: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-and starts: "ss = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 * length gs + 3 * n + length a + 3"
-shows "\<exists>stp. abc_steps_l
-(ss, ys @ 0\<up>(pstr - length ys) @ rs # 0\<up>length ys
-@ lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) aprog stp =
-(ss + 2 * length gs, 0\<up>pstr @ rs # 0\<up>length ys  @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-from h and pdef and starts have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 *length gs + 3 * n + length a + 3
-\<and> bp = empty_boxes (length ys)"
-by(drule_tac mv_box_paras_prog_ex, auto)
-from h have j1: "aa < ba"
-by(simp add: ci_ad_ge_paras)
-from h have j2: "length gs = aa"
-by(drule_tac f = f in para_pattern, simp, simp)
-from h and pdef have j3: "ba \<le> pstr"
-apply simp
-apply(rule_tac min_max.le_supI2, simp)
-done
-from k1 show "?thesis"
-proof (erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and>
-length ap = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-6 * length gs + 3 * n + length a + 3 \<and>
-bp = empty_boxes (length ys)"
-thus"?thesis"
-apply(simp, rule_tac abc_append_exc1, simp_all add: starts h)
-apply(insert empty_boxes_ex[of
-"length gs" "ys @ 0\<up>(pstr - (length gs)) @ rs #
-0\<up>length gs @ lm @ 0\<up>(a_md - Suc (pstr + length gs + n)) @ suf_lm"],
-simp add: h)
-apply(erule_tac exE, rule_tac x = stp in exI,
-simp add: replicate.simps[THEN sym]
-replicate_add[THEN sym] del: replicate.simps)
-apply(subgoal_tac "pstr >(length gs)", simp)
-apply(subgoal_tac "ba > aa \<and> length gs = aa \<and> pstr \<ge> ba", simp)
-apply(simp add: j1 j2 j3)
-done
-qed
-qed
-lemma restore_rs_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr;
-ss = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-8 * length gs + 3 * n + length a + 3\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_box pstr n"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "cn_merge_gs (map rec_ci gs) (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-mv_boxes 0 (Suc (max (Suc n) (Max (insert ba (((\<lambda>(aprog, p, n). n)
-\<circ> rec_ci) ` set gs))) + length gs)) n [+]
-mv_boxes (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs) [+]
-a [+] mv_box aa (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs)" in exI, simp add: cn_merge_gs_len)
-apply(rule_tac x = "mv_boxes (Suc (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))
-+ length gs)) 0 n"
-in exI, auto simp: abc_append_commute)
-done
-lemma exp_add: "a\<up>(b+c) = a\<up>b @ a\<up>c"
-apply(simp add:replicate_add)
-done
-lemma [simp]: "n < pstr \<Longrightarrow> (0\<up>pstr)[n := rs] @ [0::nat] = 0\<up>n @ rs # 0\<up>(pstr - n)"
-using list_update_length[of "0\<up>n" "0::nat" "0\<up>(pstr - Suc n)" rs]
-apply(simp add: replicate_Suc[THEN sym] exp_add[THEN sym] exp_suc[THEN sym])
-done
-lemma restore_rs:
-assumes h: "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"rec_ci f = (a, aa, ba)"
-and pdef: "pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-and starts: "ss = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-8 * length gs + 3 * n + length a + 3"
-shows "\<exists>stp. abc_steps_l
-(ss, 0\<up>pstr @ rs # 0\<up>length ys  @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm) aprog stp =
-(ss + 3, 0\<up>n @ rs # 0\<up>(pstr - n) @ 0\<up>length ys  @ lm @
-0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)"
-proof -
-from h and pdef and starts have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_box pstr n"
-by(drule_tac restore_rs_prog_ex, auto)
-from k1 show "?thesis"
-proof (erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_box pstr n"
-thus"?thesis"
-apply(simp, rule_tac abc_append_exc1, simp_all add: starts h)
-apply(insert mv_box_ex[of pstr n "0\<up>pstr @ rs # 0\<up>length gs @
-lm @ 0\<up>(a_md - Suc (pstr + length gs + n)) @ suf_lm"], simp)
-apply(subgoal_tac "pstr > n", simp)
-apply(erule_tac exE, rule_tac x = stp in exI,
-simp add: nth_append list_update_append)
-apply(simp add: pdef)
-done
-qed
-qed
-lemma [simp]:"xs \<noteq> [] \<Longrightarrow> length xs \<ge> Suc 0"
-by(case_tac xs, auto)
-lemma  [simp]: "n < max (Suc n) (max ba (Max (((\<lambda>(aprog, p, n). n) o
-rec_ci) ` set gs)))"
-by(simp)
-lemma restore_paras_prog_ex:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_ci f = (a, aa, ba);
-Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))) = pstr;
-ss = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-8 * length gs + 3 * n + length a + 6\<rbrakk>
-\<Longrightarrow> \<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_boxes (pstr + Suc (length gs)) (0::nat) n"
-apply(simp add: rec_ci.simps)
-apply(rule_tac x = "cn_merge_gs (map rec_ci gs) (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))
-[+] mv_boxes 0 (Suc (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))
-+ length gs)) n [+] mv_boxes (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs) [+]
-a [+] mv_box aa (max (Suc n)
-(Max (insert ba (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
-empty_boxes (length gs) [+]
-mv_box (max (Suc n) (Max (insert ba
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n" in exI, simp add: cn_merge_gs_len)
-apply(rule_tac x = "[]" in exI, auto simp: abc_append_commute)
-done
-lemma restore_paras:
-assumes h: "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"rec_ci f = (a, aa, ba)"
-and pdef:
-"pstr = Max (set (Suc n # ba # map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs))))"
-and starts: "ss = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-8 * length gs + 3 * n + length a + 6"
-shows "\<exists>stp. abc_steps_l (ss, 0\<up>n @ rs # 0\<up>(pstr - n+ length ys) @
-lm @ 0\<up>(a_md - Suc (pstr + length ys + n)) @ suf_lm)
-aprog stp = (ss + 3 * n, lm @ rs # 0\<up>(a_md - Suc n) @ suf_lm)"
-proof -
-from h and pdef and starts have k1:
-"\<exists> ap bp cp. aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_boxes (pstr + Suc (length gs)) (0::nat) n"
-by(drule_tac restore_paras_prog_ex, auto)
-from k1 show "?thesis"
-proof (erule_tac exE, erule_tac exE, erule_tac exE, erule_tac exE)
-fix ap bp apa cp
-assume "aprog = ap [+] bp [+] cp \<and> length ap = ss \<and>
-bp = mv_boxes (pstr + Suc (length gs)) 0 n"
-thus"?thesis"
-apply(simp, rule_tac abc_append_exc1, simp_all add: starts h)
-apply(insert mv_boxes_ex2[of n "pstr + Suc (length gs)" 0 "[]"
-"rs # 0\<up>(pstr - n + length gs)" "lm"
-"0\<up>(a_md - Suc (pstr + length gs + n)) @ suf_lm"], simp)
-apply(subgoal_tac "pstr > n \<and>
-a_md > pstr + length gs + n \<and> length lm = n" , simp add: exponent_add_iff h)
-using h pdef
-apply(simp)
-apply(frule_tac a = a and
-aa = aa and ba = ba in ci_cn_md_def, simp, simp)
-apply(subgoal_tac "length lm = rs_pos",
-simp add: ci_cn_para_eq, erule_tac para_pattern, simp)
-done
-qed
-qed
-lemma ci_cn_length:
-"\<lbrakk>rec_ci (Cn n f gs) = (aprog, rs_pos, a_md);
-rec_calc_rel (Cn n f gs) lm rs;
-rec_ci f = (a, aa, ba)\<rbrakk>
-\<Longrightarrow> length aprog = (\<Sum>(ap, pos, n)\<leftarrow>map rec_ci gs. length ap) +
-8 * length gs + 6 * n + length a + 6"
-apply(simp add: rec_ci.simps, auto simp: cn_merge_gs_len)
-done
-lemma  cn_case:
-assumes ind1:
-"\<And>x aprog a_md rs_pos rs suf_lm lm.
-\<lbrakk>x \<in> set gs;
-rec_ci x = (aprog, rs_pos, a_md);
-rec_calc_rel x lm rs\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-and ind2:
-"\<And>x ap fp arity r anything args.
-\<lbrakk>x = map rec_ci gs; rec_ci f = (ap, arity, fp); rec_calc_rel f args r\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, args @ 0 \<up> (fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0 \<up> (fp - arity - 1) @ anything)"
-and h: "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-shows "\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
-= (length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(insert h, case_tac "rec_ci f",  rule_tac calc_cn_reverse, simp)
-proof -
-fix a b c ys
-let ?pstr = "Max (set (Suc n # c # (map (\<lambda>(aprog, p, n). n)
-(map rec_ci (gs)))))"
-let ?gs_len = "listsum (map (\<lambda> (ap, pos, n). length ap)
-(map rec_ci (gs)))"
-assume g: "rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
-"rec_calc_rel (Cn n f gs) lm rs"
-"\<forall>k<length gs. rec_calc_rel (gs ! k) lm (ys ! k)"
-"length ys = length gs"
-"rec_calc_rel f ys rs"
-"n = length lm"
-"rec_ci f = (a, b, c)"
-hence k1:
-"\<exists> stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(?gs_len + 3 * length gs, lm @ 0\<up>(?pstr - n) @ ys @
-0\<up>(a_md - ?pstr - length ys) @ suf_lm)"
-apply(rule_tac a = a and aa = b and ba = c in cn_calc_gs)
-apply(rule_tac ind1, auto)
-done
-from g have k2:
-"\<exists> stp. abc_steps_l (?gs_len + 3 * length gs,  lm @
-0\<up>(?pstr - n) @ ys @ 0\<up>(a_md - ?pstr - length ys) @ suf_lm) aprog stp =
-(?gs_len + 3 * length gs + 3 * n, 0\<up>?pstr @ ys @ 0 # lm @
-0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(erule_tac ba = c in save_paras, auto intro: ci_cn_para_eq)
-done
-from g have k3:
-"\<exists> stp. abc_steps_l (?gs_len + 3 * length gs + 3 * n,
-0\<up>?pstr @ ys @ 0 # lm @ 0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm) aprog stp =
-(?gs_len + 6 * length gs + 3 * n,
-ys @ 0\<up>?pstr @ 0 # lm @ 0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(erule_tac ba = c in reset_new_paras,
-auto intro: ci_cn_para_eq)
-using para_pattern[of f a b c ys rs]
-apply(simp)
-done
-from g have k4:
-"\<exists>stp. abc_steps_l  (?gs_len + 6 * length gs + 3 * n,
-ys @ 0\<up>?pstr @ 0 # lm @ 0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm) aprog stp =
-(?gs_len + 6 * length gs + 3 * n + length a,
-ys @ rs # 0\<up>?pstr  @ lm @ 0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(rule_tac ba = c in calc_cn_f, rule_tac ind2, auto)
-done
-from g h have k5:
-"\<exists> stp. abc_steps_l (?gs_len + 6 * length gs + 3 * n + length a,
-ys @ rs # 0\<up>?pstr @ lm @ 0\<up>(a_md - Suc (?pstr + length ys + n)) @ suf_lm)
-aprog stp =
-(?gs_len + 6 * length gs + 3 * n + length a + 3,
-ys @ 0\<up>(?pstr - length ys) @ rs # 0\<up>length ys @ lm @
-0\<up>(a_md  - Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(rule_tac save_rs, auto simp: h)
-done
-from g have k6:
-"\<exists> stp. abc_steps_l (?gs_len + 6 * length gs + 3 * n +
-length a + 3, ys @ 0\<up>(?pstr - length ys) @ rs # 0\<up>length ys @ lm @
-0\<up>(a_md  - Suc (?pstr + length ys + n)) @ suf_lm)
-aprog stp =
-(?gs_len + 8 * length gs + 3 *n + length a + 3,
-0\<up>?pstr @ rs # 0\<up>length ys @ lm @
-0\<up>(a_md -Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(drule_tac suf_lm = suf_lm in mv_box_paras, auto)
-apply(rule_tac x = stp in exI, simp)
-done
-from g have k7:
-"\<exists> stp. abc_steps_l (?gs_len + 8 * length gs + 3 *n +
-length a + 3, 0\<up>?pstr  @ rs # 0\<up>length ys @ lm @
-0\<up>(a_md -Suc (?pstr + length ys + n)) @ suf_lm) aprog stp =
-(?gs_len + 8 * length gs + 3 * n + length a + 6,
-0\<up>n @ rs # 0\<up>(?pstr  - n) @ 0\<up>length ys @ lm @
-0\<up>(a_md -Suc (?pstr + length ys + n)) @ suf_lm)"
-apply(drule_tac suf_lm = suf_lm in restore_rs, auto)
-apply(rule_tac x = stp in exI, simp)
-done
-from g have k8: "\<exists> stp. abc_steps_l (?gs_len + 8 * length gs +
-3 * n + length a + 6,
-0\<up>n @ rs # 0\<up>(?pstr  - n) @ 0\<up>length ys @ lm @
-0\<up>(a_md -Suc (?pstr + length ys + n)) @ suf_lm) aprog stp =
-(?gs_len + 8 * length gs + 6 * n + length a + 6,
-lm @ rs # 0\<up>(a_md - Suc n) @ suf_lm)"
-apply(drule_tac suf_lm = suf_lm in restore_paras, auto)
-apply(simp add: exponent_add_iff)
-apply(rule_tac x = stp in exI, simp)
-done
-from g have j1:
-"length aprog = ?gs_len + 8 * length gs + 6 * n + length a + 6"
-by(drule_tac a = a and aa = b and ba = c in ci_cn_length,
-simp, simp, simp)
-from g have j2: "rs_pos = n"
-by(simp add: ci_cn_para_eq)
-from k1 and k2 and k3 and k4 and k5 and k6 and k7 and k8
-and j1 and j2 show
-"\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp =
-(length aprog, lm @ [rs] @ 0\<up>(a_md - rs_pos - 1) @ suf_lm)"
-apply(auto)
-apply(rule_tac x = "stp + stpa + stpb + stpc +
-stpd + stpe + stpf + stpg" in exI, simp add: abc_steps_add)
-done
-qed
-text {*
-Correctness of the complier (terminate case), which says if the execution of
-a recursive function @{text "recf"} terminates and gives result, then
-the Abacus program compiled from @{text "recf"} termintes and gives the same result.
-Additionally, to facilitate induction proof, we append @{text "anything"} to the
-end of Abacus memory.
-*}
-lemma recursive_compile_correct:
-"\<lbrakk>rec_ci recf = (ap, arity, fp);
-rec_calc_rel recf args r\<rbrakk>
-\<Longrightarrow> (\<exists> stp. (abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp) =
-(length ap, args@[r]@0\<up>(fp - arity - 1) @ anything))"
-apply(induct arbitrary: ap fp arity r anything args
-rule: rec_ci.induct)
-prefer 5
-proof(case_tac "rec_ci g", case_tac "rec_ci f", simp)
-fix n f g ap fp arity r anything args  a b c aa ba ca
-assume f_ind:
-"\<And>ap fp arity r anything args.
-\<lbrakk>aa = ap \<and> ba = arity \<and> ca = fp; rec_calc_rel f args r\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ r # 0\<up>(fp - Suc arity) @ anything)"
-and g_ind:
-"\<And>x xa y xb ya ap fp arity r anything args.
-\<lbrakk>x = (aa, ba, ca); xa = aa \<and> y = (ba, ca); xb = ba \<and> ya = ca;
-a = ap \<and> b = arity \<and> c = fp; rec_calc_rel g args r\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ r # 0\<up>(fp - Suc arity) @ anything)"
-and h: "rec_ci (Pr n f g) = (ap, arity, fp)"
-"rec_calc_rel (Pr n f g) args r"
-"rec_ci g = (a, b, c)"
-"rec_ci f = (aa, ba, ca)"
-from h have nf_ind:
-"\<And> args r anything. rec_calc_rel f args r \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, args @ 0\<up>(ca - ba) @ anything) aa stp =
-(length aa, args @ r # 0\<up>(ca - Suc ba) @ anything)"
-and ng_ind:
-"\<And> args r anything. rec_calc_rel g args r \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, args @ 0\<up>(c - b) @ anything) a stp =
-(length a, args @ r # 0\<up>(c - Suc b)  @ anything)"
-apply(insert f_ind[of aa ba ca], simp)
-apply(insert g_ind[of "(aa, ba, ca)" aa "(ba, ca)" ba ca a b c],
-simp)
-done
-from nf_ind and ng_ind and h show
-"\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ r # 0\<up>(fp - Suc arity) @ anything)"
-apply(auto intro: nf_ind ng_ind pr_case)
-done
-next
-fix ap fp arity r anything args
-assume h:
-"rec_ci z = (ap, arity, fp)" "rec_calc_rel z args r"
-thus "\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-by (rule_tac z_case)
-next
-fix ap fp arity r anything args
-assume h:
-"rec_ci s = (ap, arity, fp)"
-"rec_calc_rel s args r"
-thus
-"\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-by(erule_tac s_case, simp)
-next
-fix m n ap fp arity r anything args
-assume h: "rec_ci (id m n) = (ap, arity, fp)"
-"rec_calc_rel (id m n) args r"
-thus "\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp
-= (length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-by(erule_tac id_case)
-next
-fix n f gs ap fp arity r anything args
-assume ind1: "\<And>x ap fp arity r anything args.
-\<lbrakk>x \<in> set gs;
-rec_ci x = (ap, arity, fp);
-rec_calc_rel x args r\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-and ind2:
-"\<And>x ap fp arity r anything args.
-\<lbrakk>x = map rec_ci gs; rec_ci f = (ap, arity, fp); rec_calc_rel f args r\<rbrakk>
-\<Longrightarrow> \<exists>stp. abc_steps_l (0, args @ 0 \<up> (fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0 \<up> (fp - arity - 1) @ anything)"
-and h: "rec_ci (Cn n f gs) = (ap, arity, fp)"
-"rec_calc_rel (Cn n f gs) args r"
-from h show
-"\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything)
-ap stp = (length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-apply(rule_tac cn_case)
-apply(rule_tac ind1, simp, simp, simp)
-apply(rule_tac ind2, auto)
-done
-next
-fix n f ap fp arity r anything args
-assume ind:
-"\<And>ap fp arity r anything args.
-\<lbrakk>rec_ci f = (ap, arity, fp); rec_calc_rel f args r\<rbrakk> \<Longrightarrow>
-\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-and h: "rec_ci (Mn n f) = (ap, arity, fp)"
-"rec_calc_rel (Mn n f) args r"
-from h show
-"\<exists>stp. abc_steps_l (0, args @ 0\<up>(fp - arity) @ anything) ap stp =
-(length ap, args @ [r] @ 0\<up>(fp - arity - 1) @ anything)"
-apply(rule_tac mn_case, rule_tac ind, auto)
-done
-qed
-lemma abc_append_uhalt1:
-"\<lbrakk>\<forall> stp. (\<lambda> (ss, e). ss < length bp) (abc_steps_l (0, lm) bp stp);
-p = ap [+] bp [+] cp\<rbrakk>
-\<Longrightarrow> \<forall> stp. (\<lambda> (ss, e). ss < length p)
-(abc_steps_l (length ap, lm) p stp)"
-apply(auto)
-apply(erule_tac x = stp in allE, auto)
-apply(frule_tac ap = ap and cp = cp in abc_append_state_in_exc, auto)
-done
-lemma abc_append_unhalt2:
-"\<lbrakk>abc_steps_l (0, am) ap stp = (length ap, lm); bp \<noteq> [];
-\<forall> stp. (\<lambda> (ss, e). ss < length bp) (abc_steps_l (0, lm) bp stp);
-p = ap [+] bp [+] cp\<rbrakk>
-\<Longrightarrow> \<forall> stp. (\<lambda> (ss, e). ss < length p) (abc_steps_l (0, am) p stp)"
-proof -
-assume h:
-"abc_steps_l (0, am) ap stp = (length ap, lm)"
-"bp \<noteq> []"
-"\<forall> stp. (\<lambda> (ss, e). ss < length bp) (abc_steps_l (0, lm) bp stp)"
-"p = ap [+] bp [+] cp"
-have "\<exists> stp. (abc_steps_l (0, am) p stp) = (length ap, lm)"
-using h
-apply(simp add: abc_append.simps)
-apply(rule_tac abc_add_exc1, auto)
-done
-from this obtain stpa where g1:
-"(abc_steps_l (0, am) p stpa) = (length ap, lm)" ..
-moreover have g2: "\<forall> stp. (\<lambda> (ss, e). ss < length p)
-(abc_steps_l (length ap, lm) p stp)"
-using h
-apply(erule_tac abc_append_uhalt1, simp)
-done
-moreover from g1 and g2 have
-"\<forall> stp. (\<lambda> (ss, e). ss < length p)
-(abc_steps_l (0, am) p (stpa + stp))"
-apply(simp add: abc_steps_add)
-done
-thus "\<forall> stp. (\<lambda> (ss, e). ss < length p)
-(abc_steps_l (0, am) p stp)"
-apply(rule_tac allI, auto)
-apply(case_tac "stp \<ge>  stpa")
-apply(erule_tac x = "stp - stpa" in allE, simp)
-proof -
-fix stp a b
-assume g3:  "abc_steps_l (0, am) p stp = (a, b)"
-"\<not> stpa \<le> stp"
-thus "a < length p"
-using g1 h
-apply(case_tac "a < length p", simp, simp)
-apply(subgoal_tac "\<exists> d. stpa = stp + d")
-using  abc_state_keep[of p a b "stpa - stp"]
-apply(erule_tac exE, simp add: abc_steps_add)
-apply(rule_tac x = "stpa - stp" in exI, simp)
-done
-qed
-qed
-text {*
-Correctness of the complier (non-terminating case for Mn). There are many cases when a
-recursive function does not terminate. For the purpose of Uiversal Turing Machine, we only
-need to prove the case for @{text "Mn"} and @{text "Cn"}.
-This lemma is for @{text "Mn"}. For @{text "Mn n f"}, this lemma describes what
-happens when @{text "f"} always terminates but always does not return zero, so that
-@{text "Mn"} has to loop forever.
-*}
-lemma Mn_unhalt:
-assumes mn_rf: "rf = Mn n f"
-and compiled_mnrf: "rec_ci rf = (aprog, rs_pos, a_md)"
-and compiled_f: "rec_ci f = (aprog', rs_pos', a_md')"
-and args: "length lm = n"
-and unhalt_condition: "\<forall> y. (\<exists> rs. rec_calc_rel f (lm @ [y]) rs \<and> rs \<noteq> 0)"
-shows "\<forall> stp. case abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm)
-aprog stp of (ss, e) \<Rightarrow> ss < length aprog"
-using mn_rf compiled_mnrf compiled_f args unhalt_condition
-proof(rule_tac allI)
-fix stp
-assume h: "rf = Mn n f"
-"rec_ci rf = (aprog, rs_pos, a_md)"
-"rec_ci f = (aprog', rs_pos', a_md')"
-"\<forall>y. \<exists>rs. rec_calc_rel f (lm @ [y]) rs \<and> rs \<noteq> 0" "length lm = n"
-have "\<exists>stpa \<ge> stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm) aprog stpa
-= (0, lm @ stp # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-proof(induct stp, auto)
-show "\<exists>stpa. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stpa = (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-apply(rule_tac x = 0 in exI, simp add: abc_steps_l.simps)
 done
 next
-fix stp stpa
+case (Suc y)
-assume g1: "stp \<le> stpa"
+have "length xs = n \<Longrightarrow>
-and g2: "abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
+{\<lambda>nl. nl = xs @ Suc x # y # anything} [Dec (Suc n) 2, Goto 0] {\<lambda>nl. nl = xs @ Suc x # 0 # anything}" by fact
-aprog stpa
+then obtain stp where
-= (0, lm @ stp # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
+"abc_steps_l (0, xs @ Suc x # y # anything) [Dec (Suc n) 2, Goto 0] stp = (2, xs @ Suc x # 0 # anything)"
-have "\<exists>rs. rec_calc_rel f (lm @ [stp]) rs \<and> rs \<noteq> 0"
 using h
-apply(erule_tac x = stp in allE, simp)
+apply(auto simp: abc_Hoare_halt_def)
-done
+by(case_tac "abc_steps_l (0, xs @ Suc x # y # anything) [Dec (Suc (length xs)) 2, Goto 0] n",
-from this obtain rs where g3:
+simp_all add: numeral_2_eq_2)
-"rec_calc_rel f (lm @ [stp]) rs \<and> rs \<noteq> 0" ..
+moreover have "abc_steps_l (0, xs @ Suc x # Suc y # anything) [Dec (Suc n) 2, Goto 0] 2 =
-hence "\<exists> stpb. abc_steps_l (0, lm @ stp # 0\<up>(a_md - Suc rs_pos) @
+(0, xs @ Suc x # y # anything)"
-suf_lm) aprog stpb
-= (0, lm @ Suc stp # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
 using h
-apply(rule_tac mn_ind_step)
+by(simp add: abc_steps_l.simps numeral_2_eq_2 abc_step_l.simps abc_fetch.simps
-apply(rule_tac recursive_compile_correct, simp, simp)
+abc_lm_v.simps abc_lm_s.simps nth_append list_update_append list_update.simps)
+ultimately show "?case"
+apply(simp add: abc_Hoare_halt_def)
+by(rule_tac x = "2 + stp" in exI, simp only: abc_steps_add, simp)
+qed
+qed
+lemma adjust_paras:
+"length xs = n \<Longrightarrow> {\<lambda>nl. nl = xs @ x # y # anything}  [Inc n, Dec (Suc n) 3, Goto (Suc 0)]
+{\<lambda>nl. nl = xs @ Suc x # 0 # anything}"
+using adjust_paras'[of xs n x y anything]
+by(simp add: abc_comp.simps abc_shift.simps numeral_2_eq_2 numeral_3_eq_3)
+lemma [simp]: "\<lbrakk>rec_ci g = (gap, gar, gft); \<forall>y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]);
+length xs = n; Suc y\<le>x\<rbrakk> \<Longrightarrow> gar = Suc (Suc n)"
+apply(erule_tac x = y in allE, simp)
+apply(drule_tac param_pattern, auto)
+done
+lemma loop_back':
+assumes h: "length A = length gap + 4" "length xs = n"
+and le: "y \<ge> x"
+shows "\<exists> stp. abc_steps_l (length A, xs @ m # (y - x) # x # anything) (A @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]) stp
+= (length A, xs @ m # y # 0 # anything)"
+using le
+proof(induct x)
+case 0
+thus "?case"
+using h
+by(rule_tac x = 0 in exI,
+auto simp: abc_steps_l.simps abc_step_l.simps abc_fetch.simps nth_append abc_lm_s.simps abc_lm_v.simps)
+next
+case (Suc x)
+have "x \<le> y \<Longrightarrow> \<exists>stp. abc_steps_l (length A, xs @ m # (y - x) # x # anything) (A @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]) stp =
+(length A, xs @ m # y # 0 # anything)" by fact
+moreover have "Suc x \<le> y" by fact
+moreover then have "\<exists> stp. abc_steps_l (length A, xs @ m # (y - Suc x) # Suc x # anything) (A @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]) stp
+= (length A, xs @ m # (y - x) # x # anything)"
+using h
+apply(rule_tac x = 3 in exI)
+by(simp add: abc_steps_l.simps numeral_3_eq_3 abc_step_l.simps abc_fetch.simps nth_append abc_lm_v.simps abc_lm_s.simps
+list_update_append list_update.simps)
+ultimately show "?case"
+apply(auto)
+apply(rule_tac x = "stpa + stp" in exI)
+by(simp add: abc_steps_add)
+qed
+lemma loop_back:
+assumes h: "length A = length gap + 4" "length xs = n"
+shows "\<exists> stp. abc_steps_l (length A, xs @ m # 0 # x # anything) (A @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]) stp
+= (0, xs @ m # x # 0 # anything)"
+using loop_back'[of A gap xs n x x m anything] assms
+apply(auto)
+apply(rule_tac x = "stp + 1" in exI)
+apply(simp only: abc_steps_add, simp)
+apply(simp add: abc_steps_l.simps abc_step_l.simps abc_fetch.simps nth_append abc_lm_v.simps abc_lm_s.simps)
+done
+lemma rec_exec_pr_0_simps: "rec_exec (Pr n f g) (xs @ [0]) = rec_exec f xs"
+by(simp add: rec_exec.simps)
+lemma rec_exec_pr_Suc_simps: "rec_exec (Pr n f g) (xs @ [Suc y])
+= rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])])"
+apply(induct y)
+apply(simp add: rec_exec.simps)
+apply(simp add: rec_exec.simps)
+done
+lemma [simp]: "Suc (max (n + 3) (max fft gft) - Suc (Suc (Suc n))) = max (n + 3) (max fft gft) - Suc (Suc n)"
+by arith
+lemma pr_loop:
+assumes code: "code = ([Dec (max (n + 3) (max fft gft)) (length gap + 7)] [+] (gap [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)])) @
+[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]"
+and len: "length xs = n"
+and g_ind: "\<forall> y<x. (\<forall>anything. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (gft - gar) @ anything} gap
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (gft - Suc gar) @ anything})"
+and compile_g: "rec_ci g = (gap, gar, gft)"
+and termi_g: "\<forall> y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])])"
+and ft: "ft = max (n + 3) (max fft gft)"
+and less: "Suc y \<le> x"
+shows
+"\<exists>stp. abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything)
+code stp = (0, xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (ft - Suc (Suc n)) @ y # anything)"
+proof -
+let ?A = "[Dec  ft (length gap + 7)]"
+let ?B = "gap"
+let ?C = "[Inc n, Dec (Suc n) 3, Goto (Suc 0)]"
+let ?D = "[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]"
+have "\<exists> stp. abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything)
+((?A [+] (?B [+] ?C)) @ ?D) stp = (length (?A [+] (?B [+] ?C)),
+xs @ (x - y) # 0 # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])])
+# 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything)"
+proof -
+have "\<exists> stp. abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything)
+((?A [+] (?B [+] ?C))) stp = (length (?A [+] (?B [+] ?C)),  xs @ (x - y) # 0 #
+rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything)"
 proof -
-show "rec_ci f = ((aprog', rs_pos', a_md'))" using h by simp
+have "{\<lambda> nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything}
+(?A [+] (?B [+] ?C))
+{\<lambda> nl. nl = xs @ (x - y) # 0 #
+rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything}
+[Dec ft (length gap + 7)]
+{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ y # anything}"
+using ft len
+by(simp)
+next
+show
+"{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ y # anything}
+?B [+] ?C
+{\<lambda>nl. nl = xs @ (x - y) # 0 # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything}"
+proof(rule_tac abc_Hoare_plus_halt)
+have a: "gar = Suc (Suc n)"
+using compile_g termi_g len less
+by simp
+have b: "gft > gar"
+using compile_g
+by(erule_tac footprint_ge)
+show "{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ y # anything} gap
+{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) #
+rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything}"
+proof -
+have
+"{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (gft - gar) @ 0\<up>(ft - gft) @ y # anything} gap
+{\<lambda>nl. nl = xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) #
+rec_exec g (xs @ [(x - Suc y), rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (gft - Suc gar) @ 0\<up>(ft - gft) @ y # anything}"
+using g_ind less by simp
+thus "?thesis"
+using a b ft
+by(simp add: replicate_merge_anywhere numeral_3_eq_3)
+qed
+next
+show "{\<lambda>nl. nl = xs @ (x - Suc y) #
+rec_exec (Pr n f g) (xs @ [x - Suc y]) #
+rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything}
+[Inc n, Dec (Suc n) 3, Goto (Suc 0)]
+{\<lambda>nl. nl = xs @ (x - y) # 0 # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g)
+(xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything}"
+using len less
+using adjust_paras[of xs n "x - Suc y" " rec_exec (Pr n f g) (xs @ [x - Suc y])"
+" rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) #
+0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything"]
+by(simp add: Suc_diff_Suc)
+qed
+qed
+thus "?thesis"
+by(simp add: abc_Hoare_halt_def, auto, rule_tac x = na in exI, case_tac "abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) #
+0 \<up> (ft - Suc (Suc n)) @ Suc y # anything)
+([Dec ft (length gap + 7)] [+] (gap [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)])) na", simp)
+qed
+then obtain stpa where "abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (ft - Suc (Suc n)) @ Suc y # anything)
+((?A [+] (?B [+] ?C))) stpa = (length (?A [+] (?B [+] ?C)),
+xs @ (x - y) # 0 # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])])
+# 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything)" ..
+thus "?thesis"
+by(erule_tac abc_append_frist_steps_halt_eq)
+qed
+moreover have
+"\<exists> stp. abc_steps_l (length (?A [+] (?B [+] ?C)),
+xs @ (x - y) # 0 # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything)
+((?A [+] (?B [+] ?C)) @ ?D) stp  = (0, xs @ (x - y) # rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) #
+0 # 0 \<up> (ft - Suc (Suc (Suc n))) @ y # anything)"
+using len
+by(rule_tac loop_back, simp_all)
+moreover have "rec_exec g (xs @ [x - Suc y, rec_exec (Pr n f g) (xs @ [x - Suc y])]) = rec_exec (Pr n f g) (xs @ [x - y])"
+using less
+thm rec_exec.simps
+apply(case_tac "x - y", simp_all add: rec_exec_pr_Suc_simps)
+by(subgoal_tac "nat = x - Suc y", simp, arith)
+ultimately show "?thesis"
+using code ft
+by(auto, rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add replicate_Suc_iff_anywhere del: replicate_Suc)
+qed
+lemma [simp]:
+"length xs = n \<Longrightarrow> abc_lm_s (xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (max (n + 3)
+(max fft gft) - Suc (Suc n)) @ 0 # anything) (max (n + 3) (max fft gft)) 0 =
+xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ anything"
+apply(simp add: abc_lm_s.simps)
+using list_update_length[of "xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (max (n + 3) (max fft gft) - Suc (Suc n))"
+0 anything 0]
+apply(auto simp: Suc_diff_Suc)
+apply(simp add: exp_suc[THEN sym] Suc_diff_Suc  del: replicate_Suc)
+done
+lemma [simp]:
+"(xs @ x # rec_exec (Pr (length xs) f g) (xs @ [x]) # 0 \<up> (max (length xs + 3)
+(max fft gft) - Suc (Suc (length xs))) @ 0 # anything) !
+max (length xs + 3) (max fft gft) = 0"
+using nth_append_length[of "xs @ x # rec_exec (Pr (length xs) f g) (xs @ [x]) #
+0 \<up> (max (length xs + 3) (max fft gft) - Suc (Suc (length xs)))" 0  anything]
+by(simp)
+lemma pr_loop_correct:
+assumes less: "y \<le> x"
+and len: "length xs = n"
+and compile_g: "rec_ci g = (gap, gar, gft)"
+and termi_g: "\<forall> y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])])"
+and g_ind: "\<forall> y<x. (\<forall>anything. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (gft - gar) @ anything} gap
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (gft - Suc gar) @ anything})"
+shows "{\<lambda>nl. nl = xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (max (n + 3) (max fft gft) - Suc (Suc n)) @ y # anything}
+([Dec (max (n + 3) (max fft gft)) (length gap + 7)] [+] (gap [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)])) @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]
+{\<lambda>nl. nl = xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ anything}"
+using less
+proof(induct y)
+case 0
+thus "?case"
+using len
+apply(simp add: abc_Hoare_halt_def)
+apply(rule_tac x = 1 in exI)
+by(auto simp: abc_steps_l.simps abc_step_l.simps abc_fetch.simps
+nth_append abc_comp.simps abc_shift.simps, simp add: abc_lm_v.simps)
+next
+case (Suc y)
+let ?ft = "max (n + 3) (max fft gft)"
+let ?C = "[Dec (max (n + 3) (max fft gft)) (length gap + 7)] [+] (gap [+]
+[Inc n, Dec (Suc n) 3, Goto (Suc 0)]) @ [Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]"
+have ind: "y \<le> x \<Longrightarrow>
+{\<lambda>nl. nl = xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything}
+?C {\<lambda>nl. nl = xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (?ft - Suc n) @ anything}" by fact
+have less: "Suc y \<le> x" by fact
+have stp1:
+"\<exists> stp. abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (?ft - Suc (Suc n)) @ Suc y # anything)
+?C stp  = (0, xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything)"
+using assms less
+by(rule_tac  pr_loop, auto)
+then obtain stp1 where a:
+"abc_steps_l (0, xs @ (x - Suc y) # rec_exec (Pr n f g) (xs @ [x - Suc y]) # 0 \<up> (?ft - Suc (Suc n)) @ Suc y # anything)
+?C stp1 = (0, xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything)" ..
+moreover have
+"\<exists> stp. abc_steps_l (0, xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything)
+?C stp = (length ?C, xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (?ft - Suc n) @ anything)"
+using ind less
+by(auto simp: abc_Hoare_halt_def, case_tac "abc_steps_l (0, xs @ (x - y) # rec_exec (Pr n f g)
+(xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything) ?C na", rule_tac x = na in exI, simp)
+then obtain stp2 where b:
+"abc_steps_l (0, xs @ (x - y) # rec_exec (Pr n f g) (xs @ [x - y]) # 0 \<up> (?ft - Suc (Suc n)) @ y # anything)
+?C stp2 = (length ?C, xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (?ft - Suc n) @ anything)" ..
+from a b show "?case"
+by(simp add: abc_Hoare_halt_def, rule_tac x = "stp1 + stp2" in exI, simp add: abc_steps_add)
+qed
+lemma compile_pr_correct':
+assumes termi_g: "\<forall> y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])])"
+and g_ind:
+"\<forall> y<x. (\<forall>anything. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (gft - gar) @ anything} gap
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (gft - Suc gar) @ anything})"
+and termi_f: "terminate f xs"
+and f_ind: "\<And> anything. {\<lambda>nl. nl = xs @ 0 \<up> (fft - far) @ anything} fap {\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (fft - Suc far) @ anything}"
+and len: "length xs = n"
+and compile1: "rec_ci f = (fap, far, fft)"
+and compile2: "rec_ci g = (gap, gar, gft)"
+shows
+"{\<lambda>nl. nl = xs @ x # 0 \<up> (max (n + 3) (max fft gft) - n) @ anything}
+mv_box n (max (n + 3) (max fft gft)) [+]
+(fap [+] (mv_box n (Suc n) [+]
+([Dec (max (n + 3) (max fft gft)) (length gap + 7)] [+] (gap [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)]) @
+[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)])))
+{\<lambda>nl. nl = xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ anything}"
+proof -
+let ?ft = "max (n+3) (max fft gft)"
+let ?A = "mv_box n ?ft"
+let ?B = "fap"
+let ?C = "mv_box n (Suc n)"
+let ?D = "[Dec ?ft (length gap + 7)]"
+let ?E = "gap [+] [Inc n, Dec (Suc n) 3, Goto (Suc 0)]"
+let ?F = "[Dec (Suc (Suc n)) 0, Inc (Suc n), Goto (length gap + 4)]"
+let ?P = "\<lambda>nl. nl = xs @ x # 0 \<up> (?ft - n) @ anything"
+let ?S = "\<lambda>nl. nl = xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (?ft - Suc n) @ anything"
+let ?Q1 = "\<lambda>nl. nl = xs @ 0 \<up> (?ft - n) @  x # anything"
+show "{?P} (?A [+] (?B [+] (?C [+] (?D [+] ?E @ ?F)))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+show "{?P} ?A {?Q1}"
+using len by simp
+next
+let ?Q2 = "\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (?ft - Suc n) @  x # anything"
+have a: "?ft \<ge> fft"
+by arith
+have b: "far = n"
+using compile1 termi_f len
+by(drule_tac param_pattern, auto)
+have c: "fft > far"
+using compile1
+by(simp add: footprint_ge)
+show "{?Q1} (?B [+] (?C [+] (?D [+] ?E @ ?F))) {?S}"
+proof(rule_tac abc_Hoare_plus_halt)
+have "{\<lambda>nl. nl = xs @ 0 \<up> (fft - far) @ 0\<up>(?ft - fft) @ x # anything} fap
+{\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (fft - Suc far) @ 0\<up>(?ft - fft) @ x # anything}"
+by(rule_tac f_ind)
+moreover have "fft - far + ?ft - fft = ?ft - far"
+using a b c by arith
+moreover have "fft - Suc n + ?ft - fft = ?ft - Suc n"
+using a b c by arith
+ultimately show "{?Q1} ?B {?Q2}"
+using b
+by(simp add: replicate_merge_anywhere)
 next
-show "rec_ci (Mn n f) = (aprog, rs_pos, a_md)" using h by simp
+let ?Q3 = "\<lambda> nl. nl = xs @ 0 # rec_exec f xs # 0\<up>(?ft - Suc (Suc n)) @ x # anything"
-next
+show "{?Q2} (?C [+] (?D [+] ?E @ ?F)) {?S}"
-show "rec_calc_rel f (lm @ [stp]) rs" using g3 by simp
+proof(rule_tac abc_Hoare_plus_halt)
-next
+show "{?Q2} (?C) {?Q3}"
-show "0 < rs" using g3 by simp
+using mv_box_correct[of n "Suc n" "xs @ rec_exec f xs # 0 \<up> (max (n + 3) (max fft gft) - Suc n) @ x # anything"]
-next
+using len
-show "Suc rs_pos < a_md"
+by(auto)
-using g3 h
+next
-apply(auto)
+show "{?Q3} (?D [+] ?E @ ?F) {?S}"
-apply(frule_tac f = f in para_pattern, simp, simp)
+using pr_loop_correct[of x x xs n g  gap gar gft f fft anything] assms
-apply(simp add: rec_ci.simps, auto)
+by(simp add: rec_exec_pr_0_simps)
-apply(subgoal_tac "Suc (length lm) < a_md'")
+qed
-apply(arith)
-apply(simp add: ci_ad_ge_paras)
-done
-next
-show "rs_pos' = Suc rs_pos"
-using g3 h
-apply(auto)
-apply(frule_tac f = f in para_pattern, simp, simp)
-apply(simp add: rec_ci.simps)
-done
 qed
-thus "\<exists>stpa\<ge>Suc stp. abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @
-suf_lm) aprog stpa
-= (0, lm @ Suc stp # 0\<up>(a_md - Suc rs_pos) @ suf_lm)"
-using g2
-apply(erule_tac exE)
-apply(case_tac "stpb = 0", simp add: abc_steps_l.simps)
-apply(rule_tac x = "stpa + stpb" in exI, simp add:
-abc_steps_add)
-using g1
-apply(arith)
-done
 qed
-from this obtain stpa where
+qed
-"stp \<le> stpa \<and> abc_steps_l (0, lm @ 0 # 0\<up>(a_md - Suc rs_pos) @ suf_lm)
-aprog stpa = (0, lm @ stp # 0\<up>(a_md - Suc rs_pos) @ suf_lm)" ..
+lemma compile_pr_correct:
-thus "case abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog stp
+assumes g_ind: "\<forall>y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) \<and>
-of (ss, e) \<Rightarrow> ss < length aprog"
+(\<forall>x xa xb. rec_ci g = (x, xa, xb) \<longrightarrow>
-apply(case_tac "abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suf_lm) aprog
+(\<forall>xc. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (xb - xa) @ xc} x
-stp", simp, case_tac "a \<ge> length aprog",
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (xb - Suc xa) @ xc}))"
-simp, simp)
+and termi_f: "terminate f xs"
-apply(subgoal_tac "\<exists> d. stpa = stp + d", erule_tac exE)
+and f_ind:
-apply(subgoal_tac "lm @ 0\<up>(a_md - rs_pos) @ suf_lm = lm @ 0 #
+"\<And>ap arity fp anything.
-0\<up>(a_md - Suc rs_pos) @ suf_lm", simp add: abc_steps_add)
+rec_ci f = (ap, arity, fp) \<Longrightarrow> {\<lambda>nl. nl = xs @ 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (fp - Suc arity) @ anything}"
-apply(frule_tac as = a and lm = b and stp = d in abc_state_keep,
+and len: "length xs = n"
-simp)
+and compile: "rec_ci (Pr n f g) = (ap, arity, fp)"
-using h
+shows "{\<lambda>nl. nl = xs @ x # 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ x # rec_exec (Pr n f g) (xs @ [x]) # 0 \<up> (fp - Suc arity) @ anything}"
-apply(simp add: rec_ci.simps, simp,
+proof(case_tac "rec_ci f", case_tac "rec_ci g")
-simp only: replicate_Suc[THEN sym])
+fix fap far fft gap gar gft
-apply(case_tac rs_pos, simp, simp)
+assume h: "rec_ci f = (fap, far, fft)" "rec_ci g = (gap, gar, gft)"
-apply(rule_tac x = "stpa - stp" in exI, simp, simp)
+have g:
-done
+"\<forall>y<x. (terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) \<and>
-qed
+(\<forall>anything. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (gft - gar) @ anything} gap
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (gft - Suc gar) @ anything}))"
-lemma abc_append_cons_eq[intro!]:
+using g_ind h
-"\<lbrakk>ap = bp; cp = dp\<rbrakk> \<Longrightarrow> ap [+] cp = bp [+] dp"
+by(auto)
-by simp
+hence termi_g: "\<forall> y<x. terminate g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])])"
+by simp
-lemma cn_merge_gs_split:
+from g have g_newind:
-"\<lbrakk>i < length gs; rec_ci (gs!i) = (ga, gb, gc)\<rbrakk> \<Longrightarrow>
+"\<forall> y<x. (\<forall>anything. {\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # 0 \<up> (gft - gar) @ anything} gap
-cn_merge_gs (map rec_ci gs) p =
+{\<lambda>nl. nl = xs @ y # rec_exec (Pr n f g) (xs @ [y]) # rec_exec g (xs @ [y, rec_exec (Pr n f g) (xs @ [y])]) # 0 \<up> (gft - Suc gar) @ anything})"
-cn_merge_gs (map rec_ci (take i gs)) p [+] ga [+]
+by auto
-mv_box gb (p + i) [+]
+have f_newind: "\<And> anything. {\<lambda>nl. nl = xs @ 0 \<up> (fft - far) @ anything} fap {\<lambda>nl. nl = xs @ rec_exec f xs # 0 \<up> (fft - Suc far) @ anything}"
-cn_merge_gs (map rec_ci (drop (Suc i) gs)) (p + Suc i)"
+using h
-apply(induct i arbitrary: gs p, case_tac gs, simp, simp)
+by(rule_tac f_ind, simp)
-apply(case_tac gs, simp, case_tac "rec_ci a",
+show "?thesis"
-simp add: abc_append_commute[THEN sym])
+using termi_f termi_g h compile
-done
+apply(simp add: rec_ci.simps abc_comp_commute, auto)
+using g_newind f_newind len
-text {*
+by(rule_tac compile_pr_correct', simp_all)
-Correctness of the complier (non-terminating case for Mn). There are many cases when a
+qed
-recursive function does not terminate. For the purpose of Uiversal Turing Machine, we only
-need to prove the case for @{text "Mn"} and @{text "Cn"}.
+fun mn_ind_inv ::
-This lemma is for @{text "Cn"}. For @{text "Cn f g1 g2 \<dots>gi, gi+1, \<dots> gn"}, this lemma describes what
+"nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat list \<Rightarrow> nat list \<Rightarrow> bool"
-happens when every one of @{text "g1, g2, \<dots> gi"} terminates, but
+where
-@{text "gi+1"} does not terminate, so that whole function @{text "Cn f g1 g2 \<dots>gi, gi+1, \<dots> gn"}
+"mn_ind_inv (as, lm') ss x rsx suf_lm lm =
-does not terminate.
+(if as = ss then lm' = lm @ x # rsx # suf_lm
-*}
+else if as = ss + 1 then
+\<exists>y. (lm' = lm @ x # y # suf_lm) \<and> y \<le> rsx
-lemma cn_gi_uhalt:
+else if as = ss + 2 then
-assumes cn_recf: "rf = Cn n f gs"
+\<exists>y. (lm' = lm @ x # y # suf_lm) \<and> y \<le> rsx
-and compiled_cn_recf: "rec_ci rf = (aprog, rs_pos, a_md)"
+else if as = ss + 3 then lm' = lm @ x # 0 # suf_lm
-and args_length: "length lm = n"
+else if as = ss + 4 then lm' = lm @ Suc x # 0 # suf_lm
-and exist_unhalt_recf: "i < length gs" "gi = gs ! i"
+else if as = 0 then lm' = lm @ Suc x # 0 # suf_lm
-and complied_unhalt_recf: "rec_ci gi = (ga, gb, gc)"  "gb = n"
+else False
-and all_halt_before_gi: "\<forall> j < i. (\<exists> rs. rec_calc_rel (gs!j) lm rs)"
+)"
-and unhalt_condition: "\<And> slm. \<forall> stp. case abc_steps_l (0, lm @ 0\<up>(gc - gb) @ slm)
-ga stp of (se, e) \<Rightarrow> se < length ga"
+fun mn_stage1 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-shows " \<forall> stp. case abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suflm) aprog
+where
-stp of (ss, e) \<Rightarrow> ss < length aprog"
+"mn_stage1 (as, lm) ss n =
-using cn_recf compiled_cn_recf args_length exist_unhalt_recf complied_unhalt_recf
+(if as = 0 then 0
-all_halt_before_gi unhalt_condition
+else if as = ss + 4 then 1
-proof(case_tac "rec_ci f", simp)
+else if as = ss + 3 then 2
-fix a b c
+else if as = ss + 2 \<or> as = ss + 1 then 3
-assume h1: "rf = Cn n f gs"
+else if as = ss then 4
-"rec_ci (Cn n f gs) = (aprog, rs_pos, a_md)"
+else 0
-"length lm = n"
+)"
-"gi = gs ! i"
-"rec_ci (gs!i) = (ga, n, gc)"
+fun mn_stage2 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-"gb = n" "rec_ci f = (a, b, c)"
+where
-and h2: "\<forall>j<i. \<exists>rs. rec_calc_rel (gs ! j) lm rs"
+"mn_stage2 (as, lm) ss n =
-"i < length gs"
+(if as = ss + 1 \<or> as = ss + 2 then (lm ! (Suc n))
-and ind:
+else 0)"
-"\<And> slm. \<forall> stp. case abc_steps_l (0, lm @ 0\<up>(gc - n) @ slm) ga stp of (se, e) \<Rightarrow> se < length ga"
-have h3: "rs_pos = n"
+fun mn_stage3 :: "nat \<times> nat list \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat"
-using h1
+where
-by(rule_tac ci_cn_para_eq, simp)
+"mn_stage3 (as, lm) ss n = (if as = ss + 2 then 1 else 0)"
-let ?ggs = "take i gs"
-have "\<exists> ys. (length ys = i \<and>
-(\<forall> k < i. rec_calc_rel (?ggs ! k) lm (ys ! k)))"
+fun mn_measure :: "((nat \<times> nat list) \<times> nat \<times> nat) \<Rightarrow>
-using h2
+(nat \<times> nat \<times> nat)"
-apply(induct i, simp, simp)
+where
-apply(erule_tac exE)
+"mn_measure ((as, lm), ss, n) =
-apply(erule_tac x = ia in allE, simp)
+(mn_stage1 (as, lm) ss n, mn_stage2 (as, lm) ss n,
-apply(erule_tac exE)
+mn_stage3 (as, lm) ss n)"
-apply(rule_tac x = "ys @ [x]" in exI, simp add: nth_append, auto)
-apply(subgoal_tac "k = length ys", simp, simp)
+definition mn_LE :: "(((nat \<times> nat list) \<times> nat \<times> nat) \<times>
-done
+((nat \<times> nat list) \<times> nat \<times> nat)) set"
-from this obtain ys where g1:
+where "mn_LE \<equiv> (inv_image lex_triple mn_measure)"
-"(length ys = i \<and> (\<forall> k < i. rec_calc_rel (?ggs ! k)
-lm (ys ! k)))" ..
+lemma wf_mn_le[intro]: "wf mn_LE"
-let ?pstr = "Max (set (Suc n # c # map (\<lambda>(aprog, p, n). n)
+by(auto intro:wf_inv_image wf_lex_triple simp: mn_LE_def)
-(map rec_ci (gs))))"
-have "\<exists>stp. abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suflm)
+declare mn_ind_inv.simps[simp del]
-(cn_merge_gs (map rec_ci ?ggs) ?pstr) stp =
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) ?ggs) +
+lemma [simp]:
-3 * length ?ggs, lm @ 0\<up>(?pstr - n) @ ys @ 0\<up>(a_md -(?pstr + length ?ggs)) @
+"0 < rsx \<Longrightarrow>
-suflm) "
+\<exists>y. (xs @ x # rsx # anything)[Suc (length xs) := rsx - Suc 0] = xs @ x # y # anything \<and> y \<le> rsx"
-apply(rule_tac  cn_merge_gs_ex)
+apply(rule_tac x = "rsx - 1" in exI)
-apply(rule_tac  recursive_compile_correct, simp, simp)
+apply(simp add: list_update_append list_update.simps)
-using h1
+done
-apply(simp add: rec_ci.simps, auto)
-using g1
+lemma [simp]:
-apply(simp)
+"\<lbrakk>y \<le> rsx; 0 < y\<rbrakk>
-using h2 g1
+\<Longrightarrow> \<exists>ya. (xs @ x # y # anything)[Suc (length xs) := y - Suc 0] = xs @ x # ya # anything \<and> ya \<le> rsx"
-apply(simp)
+apply(rule_tac x = "y - 1" in exI)
-apply(rule_tac min_max.le_supI2)
+apply(simp add: list_update_append list_update.simps)
-apply(rule_tac Max_ge, simp, simp, rule_tac disjI2)
+done
-apply(subgoal_tac "aa \<in> set gs", simp)
-using h2
+lemma abc_comp_null[simp]: "(A [+] B = []) = (A = [] \<and> B = [])"
-apply(rule_tac A = "set (take i gs)" in subsetD,
+by(auto simp: abc_comp.simps abc_shift.simps)
-simp add: set_take_subset, simp)
-done
+lemma rec_ci_not_null[simp]: "(rec_ci f \<noteq> ([], a, b))"
-from this obtain stpa where g2:
+apply(case_tac f, auto simp: rec_ci_z_def rec_ci_s_def rec_ci.simps addition.simps rec_ci_id.simps)
-"abc_steps_l (0, lm @ 0\<up>(a_md - n) @ suflm)
+apply(case_tac "rec_ci recf", auto simp: mv_box.simps)
-(cn_merge_gs (map rec_ci ?ggs) ?pstr) stpa =
+apply(case_tac "rec_ci recf1", case_tac "rec_ci recf2", simp)
-(listsum (map ((\<lambda>(ap, pos, n). length ap) \<circ> rec_ci) ?ggs) +
+apply(case_tac "rec_ci recf", simp)
-3 * length ?ggs, lm @ 0\<up>(?pstr - n) @ ys @ 0\<up>(a_md -(?pstr + length ?ggs)) @
+done
-suflm)" ..
+lemma mn_correct:
+assumes compile: "rec_ci rf = (fap, far, fft)"
+and ge: "0 < rsx"
+and len: "length xs = arity"
+and B: "B = [Dec (Suc arity) (length fap + 5), Dec (Suc arity) (length fap + 3), Goto (Suc (length fap)), Inc arity, Goto 0]"
+and f: "f = (\<lambda> stp. (abc_steps_l (length fap, xs @ x # rsx # anything) (fap @ B) stp, (length fap), arity)) "
+and P: "P =(\<lambda> ((as, lm), ss, arity). as = 0)"
+and Q: "Q = (\<lambda> ((as, lm), ss, arity). mn_ind_inv (as, lm) (length fap) x rsx anything xs)"
+shows "\<exists> stp. P (f stp) \<and> Q (f stp)"
+proof(rule_tac halt_lemma2)
+show "wf mn_LE"
+using wf_mn_le by simp
+next
+show "Q (f 0)"
+by(auto simp: Q f abc_steps_l.simps mn_ind_inv.simps)
+next
+have "fap \<noteq> []"
+using compile by auto
+thus "\<not> P (f 0)"
+by(auto simp: f P abc_steps_l.simps)
+next
+have "fap \<noteq> []"
+using compile by auto
+then have "\<And> stp. \<lbrakk>\<not> P (f stp); Q (f stp)\<rbrakk> \<Longrightarrow> Q (f (Suc stp)) \<and> (f (Suc stp), f stp) \<in> mn_LE"
+using ge len
+apply(case_tac "(abc_steps_l (length fap, xs @ x # rsx # anything) (fap @ B) stp)")
+apply(simp add: abc_step_red2  B f P Q)
+apply(auto split:if_splits simp add:abc_steps_l.simps  mn_ind_inv.simps abc_steps_zero B abc_fetch.simps nth_append)
+by(auto simp: mn_LE_def lex_triple_def lex_pair_def
+abc_step_l.simps abc_steps_l.simps mn_ind_inv.simps
+abc_lm_v.simps abc_lm_s.simps nth_append abc_fetch.simps
+split: if_splits)
+thus "\<forall>stp. \<not> P (f stp) \<and> Q (f stp) \<longrightarrow> Q (f (Suc stp)) \<and> (f (Suc stp), f stp) \<in> mn_LE"
+by(auto)
+qed
+lemma abc_Hoare_haltE:
+"{\<lambda> nl. nl = lm1} p {\<lambda> nl. nl = lm2}
+\<Longrightarrow> \<exists> stp. abc_steps_l (0, lm1) p stp = (length p, lm2)"
+apply(auto simp: abc_Hoare_halt_def)
+apply(rule_tac x = n in exI)
+apply(case_tac "abc_steps_l (0, lm1) p n", auto)
+done
+lemma mn_loop:
+assumes B:  "B = [Dec (Suc arity) (length fap + 5), Dec (Suc arity) (length fap + 3), Goto (Suc (length fap)), Inc arity, Goto 0]"
+and ft: "ft = max (Suc arity) fft"
+and len: "length xs = arity"
+and far: "far = Suc arity"
+and ind: " (\<forall>xc. ({\<lambda>nl. nl = xs @ x # 0 \<up> (fft - far) @ xc} fap
+{\<lambda>nl. nl = xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (fft - Suc far) @ xc}))"
+and exec_less: "rec_exec f (xs @ [x]) > 0"
+and compile: "rec_ci f = (fap, far, fft)"
+shows "\<exists> stp > 0. abc_steps_l (0, xs @ x # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
+(0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)"
+proof -
+have "\<exists> stp. abc_steps_l (0, xs @ x # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
+(length fap, xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
+proof -
+have "\<exists> stp. abc_steps_l (0, xs @ x # 0 \<up> (ft - Suc arity) @ anything) fap stp =
+(length fap, xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
+proof -
+have "{\<lambda>nl. nl = xs @ x # 0 \<up> (fft - far) @ 0\<up>(ft - fft) @ anything} fap
+{\<lambda>nl. nl = xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (fft - Suc far) @ 0\<up>(ft - fft) @ anything}"
+using ind by simp
+moreover have "fft > far"
+using compile
+by(erule_tac footprint_ge)
+ultimately show "?thesis"
+using ft far
+apply(drule_tac abc_Hoare_haltE)
+by(simp add: replicate_merge_anywhere max_absorb2)
+qed
+then obtain stp where "abc_steps_l (0, xs @ x # 0 \<up> (ft - Suc arity) @ anything) fap stp =
+(length fap, xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)" ..
+thus "?thesis"
+by(erule_tac abc_append_frist_steps_halt_eq)
+qed
 moreover have
-"\<exists> cp. aprog = (cn_merge_gs
+"\<exists> stp > 0. abc_steps_l (length fap, xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (ft - Suc (Suc arity)) @ anything) (fap @ B) stp =
-(map rec_ci ?ggs) ?pstr) [+] ga [+] cp"
+(0, xs @ Suc x # 0 # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
-using h1
+using mn_correct[of f fap far fft "rec_exec f (xs @ [x])" xs arity B
-apply(simp add: rec_ci.simps)
+"(\<lambda>stp. (abc_steps_l (length fap, xs @ x # rec_exec f (xs @ [x]) # 0 \<up> (ft - Suc (Suc arity)) @ anything) (fap @ B) stp, length fap, arity))"
-apply(rule_tac x = "mv_box n (?pstr + i) [+]
+x "0 \<up> (ft - Suc (Suc arity)) @ anything" "(\<lambda>((as, lm), ss, arity). as = 0)"
-(cn_merge_gs (map rec_ci (drop (Suc i) gs)) (?pstr + Suc i))
+"(\<lambda>((as, lm), ss, aritya). mn_ind_inv (as, lm) (length fap) x (rec_exec f (xs @ [x])) (0 \<up> (ft - Suc (Suc arity)) @ anything) xs) "]
-[+]mv_boxes 0 (Suc (max (Suc n) (Max (insert c
+B compile  exec_less len
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) +
+apply(subgoal_tac "fap \<noteq> []", auto)
-length gs)) n [+] mv_boxes (max (Suc n) (Max (insert c
+apply(rule_tac x = stp in exI, auto simp: mn_ind_inv.simps)
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) 0 (length gs) [+]
+by(case_tac "stp = 0", simp_all add: abc_steps_l.simps)
-a [+] mv_box b (max (Suc n)
+moreover have "fft > far"
-(Max (insert c (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) [+]
+using compile
-empty_boxes (length gs) [+] mv_box (max (Suc n)
+by(erule_tac footprint_ge)
-(Max (insert c (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs)))) n [+]
+ultimately show "?thesis"
-mv_boxes (Suc (max (Suc n) (Max (insert c
+using ft far
-(((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))) + length gs)) 0 n" in exI)
-apply(simp add: abc_append_commute [THEN sym])
 apply(auto)
-using cn_merge_gs_split[of i gs ga "length lm" gc
+by(rule_tac x = "stp + stpa" in exI,
-"(max (Suc (length lm))
+simp add: abc_steps_add replicate_Suc[THEN sym] diff_Suc_Suc del: replicate_Suc)
-(Max (insert c (((\<lambda>(aprog, p, n). n) \<circ> rec_ci) ` set gs))))"]
+qed
-h2
-apply(simp)
+lemma mn_loop_correct':
-done
+assumes B:  "B = [Dec (Suc arity) (length fap + 5), Dec (Suc arity) (length fap + 3), Goto (Suc (length fap)), Inc arity, Goto 0]"
-from this obtain cp where g3:
+and ft: "ft = max (Suc arity) fft"
-"aprog = (cn_merge_gs (map rec_ci ?ggs) ?pstr) [+] ga [+] cp" ..
+and len: "length xs = arity"
-show "\<forall> stp. case abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suflm)
+and ind_all: "\<forall>i\<le>x. (\<forall>xc. ({\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap
-aprog stp of (ss, e) \<Rightarrow> ss < length aprog"
+{\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc}))"
-proof(rule_tac abc_append_unhalt2)
+and exec_ge: "\<forall> i\<le>x. rec_exec f (xs @ [i]) > 0"
-show "abc_steps_l (0, lm @ 0\<up>(a_md - rs_pos) @ suflm) (
+and compile: "rec_ci f = (fap, far, fft)"
-cn_merge_gs (map rec_ci ?ggs) ?pstr) stpa =
+and far: "far = Suc arity"
-(length ((cn_merge_gs (map rec_ci ?ggs) ?pstr)),
+shows "\<exists> stp > x. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
-lm @ 0\<up>(?pstr - n) @ ys @ 0\<up>(a_md -(?pstr + length ?ggs)) @ suflm)"
+(0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)"
-using h3 g2
+using ind_all exec_ge
-apply(simp add: cn_merge_gs_length)
+proof(induct x)
-done
+case 0
-next
+thus "?case"
-show "ga \<noteq> []"
+using assms
-using h1
+by(rule_tac mn_loop, simp_all)
-apply(simp add: rec_ci_not_null)
+next
-done
+case (Suc x)
-next
+have ind': "\<lbrakk>\<forall>i\<le>x. \<forall>xc. {\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap {\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc};
-show "\<forall>stp. case abc_steps_l (0, lm @ 0\<up>(?pstr - n) @ ys
+\<forall>i\<le>x. 0 < rec_exec f (xs @ [i])\<rbrakk> \<Longrightarrow>
-@ 0\<up>(a_md - (?pstr + length (take i gs))) @ suflm) ga  stp of
+\<exists>stp > x. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp = (0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)" by fact
-(ss, e) \<Rightarrow> ss < length ga"
+have exec_ge: "\<forall>i\<le>Suc x. 0 < rec_exec f (xs @ [i])" by fact
-using ind[of "0\<up>(?pstr - gc) @ ys @ 0\<up>(a_md - (?pstr + length (take i gs)))
+have ind_all: "\<forall>i\<le>Suc x. \<forall>xc. {\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap
-@ suflm"]
+{\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc}" by fact
-apply(subgoal_tac "lm @ 0\<up>(?pstr - n) @ ys
+have ind: "\<exists>stp > x. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
-@ 0\<up>(a_md - (?pstr + length (take i gs))) @ suflm
+(0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)" using ind' exec_ge ind_all by simp
-= lm @ 0\<up>(gc - n) @
+have stp: "\<exists> stp > 0. abc_steps_l (0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
-0\<up>(?pstr - gc) @ ys @ 0\<up>(a_md - (?pstr + length (take i gs))) @ suflm", simp)
+(0, xs @ Suc (Suc x) # 0 \<up> (ft - Suc arity) @ anything)"
-apply(simp add: replicate_add[THEN sym])
+using ind_all exec_ge B ft len far compile
-apply(subgoal_tac "gc > n \<and> ?pstr \<ge> gc")
+by(rule_tac mn_loop, simp_all)
-apply(erule_tac conjE)
+from ind stp show "?case"
-apply(simp add: h1)
+apply(auto)
-using h1
+by(rule_tac x = "stp + stpa" in exI, simp add: abc_steps_add)
-apply(auto)
+qed
-apply(rule_tac min_max.le_supI2)
-apply(rule_tac Max_ge, simp, simp)
+lemma mn_loop_correct:
-apply(rule_tac disjI2)
+assumes B:  "B = [Dec (Suc arity) (length fap + 5), Dec (Suc arity) (length fap + 3), Goto (Suc (length fap)), Inc arity, Goto 0]"
-using h2
+and ft: "ft = max (Suc arity) fft"
-apply(rule_tac x = "gs!i" in rev_image_eqI, simp, simp)
+and len: "length xs = arity"
-done
+and ind_all: "\<forall>i\<le>x. (\<forall>xc. ({\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap
-next
+{\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc}))"
-show "aprog = cn_merge_gs (map rec_ci (take i gs))
+and exec_ge: "\<forall> i\<le>x. rec_exec f (xs @ [i]) > 0"
-?pstr [+] ga [+] cp"
+and compile: "rec_ci f = (fap, far, fft)"
-using g3 by simp
+and far: "far = Suc arity"
+shows "\<exists> stp. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
+(0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)"
+proof -
+have "\<exists>stp>x. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp = (0, xs @ Suc x # 0 \<up> (ft - Suc arity) @ anything)"
+using assms
+by(rule_tac mn_loop_correct', simp_all)
+thus "?thesis"
+by(auto)
+qed
+lemma compile_mn_correct':
+assumes B:  "B = [Dec (Suc arity) (length fap + 5), Dec (Suc arity) (length fap + 3), Goto (Suc (length fap)), Inc arity, Goto 0]"
+and ft: "ft = max (Suc arity) fft"
+and len: "length xs = arity"
+and termi_f: "terminate f (xs @ [r])"
+and f_ind: "\<And>anything. {\<lambda>nl. nl = xs @ r # 0 \<up> (fft - far) @ anything} fap
+{\<lambda>nl. nl = xs @ r # 0 # 0 \<up> (fft - Suc far) @ anything}"
+and ind_all: "\<forall>i < r. (\<forall>xc. ({\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap
+{\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc}))"
+and exec_less: "\<forall> i<r. rec_exec f (xs @ [i]) > 0"
+and exec: "rec_exec f (xs @ [r]) = 0"
+and compile: "rec_ci f = (fap, far, fft)"
+shows "{\<lambda>nl. nl = xs @ 0 \<up> (max (Suc arity) fft - arity) @ anything}
+fap @ B
+{\<lambda>nl. nl = xs @ rec_exec (Mn arity f) xs # 0 \<up> (max (Suc arity) fft - Suc arity) @ anything}"
+proof -
+have a: "far = Suc arity"
+using len compile termi_f
+by(drule_tac param_pattern, auto)
+have b: "fft > far"
+using compile
+by(erule_tac footprint_ge)
+have "\<exists> stp. abc_steps_l (0, xs @ 0 # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
+(0, xs @ r # 0 \<up> (ft - Suc arity) @ anything)"
+using assms a
+apply(case_tac r, rule_tac x = 0 in exI, simp add: abc_steps_l.simps, simp)
+by(rule_tac mn_loop_correct, auto)
+moreover have
+"\<exists> stp. abc_steps_l (0, xs @ r # 0 \<up> (ft - Suc arity) @ anything) (fap @ B) stp =
+(length fap, xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
+proof -
+have "\<exists> stp. abc_steps_l (0, xs @ r # 0 \<up> (ft - Suc arity) @ anything) fap stp =
+(length fap, xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
+proof -
+have "{\<lambda>nl. nl = xs @ r # 0 \<up> (fft - far) @ 0\<up>(ft - fft) @ anything} fap
+{\<lambda>nl. nl = xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (fft - Suc far) @ 0\<up>(ft - fft) @ anything}"
+using f_ind exec by simp
+thus "?thesis"
+using ft a b
+apply(drule_tac abc_Hoare_haltE)
+by(simp add: replicate_merge_anywhere max_absorb2)
+qed
+then obtain stp where "abc_steps_l (0, xs @ r # 0 \<up> (ft - Suc arity) @ anything) fap stp =
+(length fap, xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)" ..
+thus "?thesis"
+by(erule_tac abc_append_frist_steps_halt_eq)
 qed
-qed
+moreover have
+"\<exists> stp. abc_steps_l (length fap, xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (ft - Suc (Suc arity)) @ anything) (fap @ B) stp =
-lemma recursive_compile_correct_spec:
+(length fap + 5, xs @ r # rec_exec f (xs @ [r]) # 0 \<up> (ft - Suc (Suc arity)) @ anything)"
-"\<lbrakk>rec_ci re = (ap, ary, fp);
+using ft a b len B exec
-rec_calc_rel re args r\<rbrakk>
+apply(rule_tac x = 1 in exI, auto)
-\<Longrightarrow> (\<exists> stp. (abc_steps_l (0, args @ 0\<up>(fp - ary)) ap stp) =
+by(auto simp: abc_steps_l.simps B abc_step_l.simps
-(length ap, args@[r]@0\<up>(fp - ary - 1)))"
+abc_fetch.simps nth_append max_absorb2 abc_lm_v.simps abc_lm_s.simps)
-using recursive_compile_correct[of re ap ary fp args r "[]"]
+moreover have "rec_exec (Mn (length xs) f) xs = r"
-by simp
+using exec exec_less
+apply(auto simp: rec_exec.simps Least_def)
+thm the_equality
+apply(rule_tac the_equality, auto)
+apply(metis exec_less less_not_refl3 linorder_not_less)
+by (metis le_neq_implies_less less_not_refl3)
+ultimately show "?thesis"
+using ft a b len B exec
+apply(auto simp: abc_Hoare_halt_def)
+apply(rule_tac x = "stp + stpa + stpb"  in exI)
+by(simp add: abc_steps_add replicate_Suc_iff_anywhere max_absorb2 Suc_diff_Suc del: replicate_Suc)
+qed
+lemma compile_mn_correct:
+assumes len: "length xs = n"
+and termi_f: "terminate f (xs @ [r])"
+and f_ind: "\<And>ap arity fp anything. rec_ci f = (ap, arity, fp) \<Longrightarrow>
+{\<lambda>nl. nl = xs @ r # 0 \<up> (fp - arity) @ anything} ap {\<lambda>nl. nl = xs @ r # 0 # 0 \<up> (fp - Suc arity) @ anything}"
+and exec: "rec_exec f (xs @ [r]) = 0"
+and ind_all:
+"\<forall>i<r. terminate f (xs @ [i]) \<and>
+(\<forall>x xa xb. rec_ci f = (x, xa, xb) \<longrightarrow>
+(\<forall>xc. {\<lambda>nl. nl = xs @ i # 0 \<up> (xb - xa) @ xc} x {\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (xb - Suc xa) @ xc})) \<and>
+0 < rec_exec f (xs @ [i])"
+and compile: "rec_ci (Mn n f) = (ap, arity, fp)"
+shows "{\<lambda>nl. nl = xs @ 0 \<up> (fp - arity) @ anything} ap
+{\<lambda>nl. nl = xs @ rec_exec (Mn n f) xs # 0 \<up> (fp - Suc arity) @ anything}"
+proof(case_tac "rec_ci f")
+fix fap far fft
+assume h: "rec_ci f = (fap, far, fft)"
+hence f_newind:
+"\<And>anything. {\<lambda>nl. nl = xs @ r # 0 \<up> (fft - far) @ anything} fap
+{\<lambda>nl. nl = xs @ r # 0 # 0 \<up> (fft - Suc far) @ anything}"
+by(rule_tac f_ind, simp)
+have newind_all:
+"\<forall>i < r. (\<forall>xc. ({\<lambda>nl. nl = xs @ i # 0 \<up> (fft - far) @ xc} fap
+{\<lambda>nl. nl = xs @ i # rec_exec f (xs @ [i]) # 0 \<up> (fft - Suc far) @ xc}))"
+using ind_all h
+by(auto)
+have all_less: "\<forall> i<r. rec_exec f (xs @ [i]) > 0"
+using ind_all by auto
+show "?thesis"
+using h compile f_newind newind_all all_less len termi_f exec
+apply(auto simp: rec_ci.simps)
+by(rule_tac compile_mn_correct', auto)
+qed
+lemma recursive_compile_correct:
+"\<lbrakk>terminate recf args; rec_ci recf = (ap, arity, fp)\<rbrakk>
+\<Longrightarrow> {\<lambda> nl. nl = args @ 0\<up>(fp - arity) @ anything} ap
+{\<lambda> nl. nl = args@ rec_exec recf args # 0\<up>(fp - Suc arity) @ anything}"
+apply(induct arbitrary: ap arity fp anything r rule: terminate.induct)
+apply(simp_all add: compile_s_correct compile_z_correct compile_id_correct
+compile_cn_correct compile_pr_correct compile_mn_correct)
+done
 definition dummy_abc :: "nat \<Rightarrow> abc_inst list"
 where
 "dummy_abc k = [Inc k, Dec k 0, Goto 3]"
 definition abc_list_crsp:: "nat list \<Rightarrow> nat list \<Rightarrow> bool"
 where
 "abc_list_crsp xs ys = (\<exists> n. xs = ys @ 0\<up>n \<or> ys = xs @ 0\<up>n)"
-lemma [intro]: "abc_list_crsp (lm @ 0\<up>m) lm"
+lemma abc_list_crsp_simp1[intro]: "abc_list_crsp (lm @ 0\<up>m) lm"
-apply(auto simp: abc_list_crsp_def)
+by(auto simp: abc_list_crsp_def)
-done
 lemma abc_list_crsp_lm_v:
 "abc_list_crsp lma lmb \<Longrightarrow> abc_lm_v lma n = abc_lm_v lmb n"
-apply(auto simp: abc_list_crsp_def abc_lm_v.simps
+by(auto simp: abc_list_crsp_def abc_lm_v.simps
 nth_append)
-done
-lemma  rep_app_cons_iff:
+lemma abc_list_crsp_elim:
-"k < n \<Longrightarrow> replicate n a[k:=b] =
+"\<lbrakk>abc_list_crsp lma lmb; \<exists> n. lma = lmb @ 0\<up>n \<or> lmb = lma @ 0\<up>n \<Longrightarrow> P \<rbrakk> \<Longrightarrow> P"
-replicate k a @ b # replicate (n - k - 1) a"
+by(auto simp: abc_list_crsp_def)
-apply(induct n arbitrary: k, simp)
-apply(simp split:nat.splits)
+lemma [simp]:
-done
+"\<lbrakk>abc_list_crsp lma lmb; m < length lma; m < length lmb\<rbrakk> \<Longrightarrow>
+abc_list_crsp (lma[m := n]) (lmb[m := n])"
+by(auto simp: abc_list_crsp_def list_update_append)
+lemma [simp]:
+"\<lbrakk>abc_list_crsp lma lmb; m < length lma; \<not> m < length lmb\<rbrakk> \<Longrightarrow>
+abc_list_crsp (lma[m := n]) (lmb @ 0 \<up> (m - length lmb) @ [n])"
+apply(auto simp: abc_list_crsp_def list_update_append)
+apply(rule_tac x = "na + length lmb - Suc m" in exI)
+apply(rule_tac disjI1)
+apply(simp add: upd_conv_take_nth_drop min_absorb1)
+done
+lemma [simp]:
+"\<lbrakk>abc_list_crsp lma lmb; \<not> m < length lma; m < length lmb\<rbrakk> \<Longrightarrow>
+abc_list_crsp (lma @ 0 \<up> (m - length lma) @ [n]) (lmb[m := n])"
+apply(auto simp: abc_list_crsp_def list_update_append)
+apply(rule_tac x = "na + length lma - Suc m" in exI)
+apply(rule_tac disjI2)
+apply(simp add: upd_conv_take_nth_drop min_absorb1)
+done
+lemma [simp]: "\<lbrakk>abc_list_crsp lma lmb; \<not> m < length lma; \<not> m < length lmb\<rbrakk> \<Longrightarrow>
+abc_list_crsp (lma @ 0 \<up> (m - length lma) @ [n]) (lmb @ 0 \<up> (m - length lmb) @ [n])"
+by(auto simp: abc_list_crsp_def list_update_append replicate_merge_anywhere)
 lemma abc_list_crsp_lm_s:
 "abc_list_crsp lma lmb \<Longrightarrow>
 abc_list_crsp (abc_lm_s lma m n) (abc_lm_s lmb m n)"
-apply(auto simp: abc_list_crsp_def abc_lm_v.simps abc_lm_s.simps)
+by(auto simp: abc_lm_s.simps)
-apply(simp_all add: list_update_append, auto)
-proof -
-fix na
-assume h: "m < length lmb + na" " \<not> m < length lmb"
-hence "m - length lmb < na" by simp
-hence "replicate na 0[(m- length lmb):= n] =
-replicate (m - length lmb) 0 @ n #
-replicate (na - (m - length lmb) - 1) 0"
-apply(erule_tac rep_app_cons_iff)
-done
-thus "\<exists>nb. replicate na 0[m - length lmb := n] =
-replicate (m - length lmb) 0 @ n # replicate nb 0 \<or>
-replicate (m - length lmb) 0 @ [n] =
-replicate na 0[m - length lmb := n] @ replicate nb 0"
-apply(auto)
-done
-next
-fix na
-assume h: "\<not> m < length lmb + na"
-show
-"\<exists>nb. replicate na 0 @ replicate (m - (length lmb + na)) 0 @ [n] =
-replicate (m - length lmb) 0 @ n # replicate nb 0 \<or>
-replicate (m - length lmb) 0 @ [n] =
-replicate na 0 @
-replicate (m - (length lmb + na)) 0 @ n # replicate nb 0"
-apply(rule_tac x = 0 in exI, simp, auto)
-using h
-apply(simp add: replicate_add[THEN sym])
-done
-next
-fix na
-assume h: "\<not> m < length lma" "m < length lma + na"
-hence "m - length lma < na" by simp
-hence
-"replicate na 0[(m- length lma):= n] = replicate (m - length lma)
-0 @ n # replicate (na - (m - length lma) - 1) 0"
-apply(erule_tac rep_app_cons_iff)
-done
-thus "\<exists>nb. replicate (m - length lma) 0 @ [n] =
-replicate na 0[m - length lma := n] @ replicate nb 0
-\<or> replicate na 0[m - length lma := n] =
-replicate (m - length lma) 0 @ n # replicate nb 0"
-apply(auto)
-done
-next
-fix na
-assume "\<not> m < length lma + na"
-thus " \<exists>nb. replicate (m - length lma) 0 @ [n] =
-replicate na 0 @
-replicate (m - (length lma + na)) 0 @ n # replicate nb 0
-\<or>   replicate na 0 @
-replicate (m - (length lma + na)) 0 @ [n] =
-replicate (m - length lma) 0 @ n # replicate nb 0"
-apply(rule_tac x = 0 in exI, simp, auto)
-apply(simp add: replicate_add[THEN sym])
-done
-qed
 lemma abc_list_crsp_step:
 "\<lbrakk>abc_list_crsp lma lmb; abc_step_l (aa, lma) i = (a, lma');
 abc_step_l (aa, lmb) i = (a', lmb')\<rbrakk>
 \<Longrightarrow> a' = a \<and> abc_list_crsp lma' lmb'"
 case_tac "abc_step_l (aa, lma) (abc_fetch aa aprog)", simp)
 apply(rule_tac abc_list_crsp_step, auto)
 done
 qed
-lemma recursive_compile_correct_norm:
+lemma list_crsp_simp2: "abc_list_crsp (lm1 @ 0\<up>n) lm2 \<Longrightarrow> abc_list_crsp lm1 lm2"
-"\<lbrakk>rec_ci re = (aprog, rs_pos, a_md);
+proof(induct n)
-rec_calc_rel re lm rs\<rbrakk>
+case 0
-\<Longrightarrow> (\<exists> stp lm' m. (abc_steps_l (0, lm) aprog stp) =
+thus "?case"
-(length aprog, lm') \<and> abc_list_crsp lm' (lm @ rs # 0\<up>m))"
+by(auto simp: abc_list_crsp_def)
-apply(frule_tac recursive_compile_correct_spec, auto)
+next
-apply(drule_tac abc_list_crsp_steps)
+case (Suc n)
-apply(rule_tac rec_ci_not_null, simp)
+have ind: "abc_list_crsp (lm1 @ 0 \<up> n) lm2 \<Longrightarrow> abc_list_crsp lm1 lm2" by fact
-apply(erule_tac exE, rule_tac x = stp in exI,
+have h: "abc_list_crsp (lm1 @ 0 \<up> Suc n) lm2" by fact
-auto simp: abc_list_crsp_def)
+then have "abc_list_crsp (lm1 @ 0 \<up> n) lm2"
-done
+apply(auto simp: exp_suc abc_list_crsp_def del: replicate_Suc)
+apply(case_tac n, simp_all add: exp_suc replicate_Suc[THEN sym] del: replicate_Suc, auto)
-lemma [simp]: "length (dummy_abc (length lm)) = 3"
+apply(rule_tac x = 1 in exI, simp)
-apply(simp add: dummy_abc_def)
+by(rule_tac x = "Suc n" in exI, simp,  simp add: exp_suc replicate_Suc[THEN sym] del: replicate_Suc)
-done
+thus "?case"
+using ind
-lemma [simp]: "dummy_abc (length lm) \<noteq> []"
+by auto
-apply(simp add: dummy_abc_def)
+qed
-done
+lemma recursive_compile_correct_norm':
-lemma dummy_abc_steps_ex:
+"\<lbrakk>rec_ci f = (ap, arity, ft);
-"\<exists>bstp. abc_steps_l (0, lm') (dummy_abc (length lm)) bstp =
+terminate f args\<rbrakk>
-((Suc (Suc (Suc 0))), abc_lm_s lm' (length lm) (abc_lm_v lm' (length lm)))"
+\<Longrightarrow> \<exists> stp rl. (abc_steps_l (0, args) ap stp) = (length ap, rl) \<and> abc_list_crsp (args @ [rec_exec f args]) rl"
-apply(rule_tac x = "Suc (Suc (Suc 0))" in exI)
+using recursive_compile_correct[of f args ap arity ft "[]"]
-apply(auto simp: abc_steps_l.simps abc_step_l.simps
+apply(auto simp: abc_Hoare_halt_def)
-dummy_abc_def abc_fetch.simps)
+apply(rule_tac x = n in exI)
-apply(auto simp: abc_lm_s.simps abc_lm_v.simps nth_append)
+apply(case_tac "abc_steps_l (0, args @ 0 \<up> (ft - arity)) ap n", auto)
-apply(simp add: butlast_append)
+apply(drule_tac abc_list_crsp_steps, auto)
+apply(rule_tac list_crsp_simp2, auto)
+done
+lemma [simp]:
+assumes a: "args @ [rec_exec f args] = lm @ 0 \<up> n"
+and b: "length args < length lm"
+shows "\<exists>m. lm = args @ rec_exec f args # 0 \<up> m"
+using assms
+apply(case_tac n, simp)
+apply(rule_tac x = 0 in exI, simp)
+apply(drule_tac length_equal, simp)
 done
 lemma [simp]:
-"\<lbrakk>Suc (length lm) - length lm' \<le> n; \<not> length lm < length lm'; lm @ rs # 0 \<up> m = lm' @ 0 \<up> n\<rbrakk>
+"\<lbrakk>args @ [rec_exec f args] = lm @ 0 \<up> n; \<not> length args < length lm\<rbrakk>
-\<Longrightarrow> lm' @ 0 \<up> Suc (length lm - length lm') = lm @ [rs]"
+\<Longrightarrow> \<exists>m. (lm @ 0 \<up> (length args - length lm) @ [Suc 0])[length args := 0] =
-apply(subgoal_tac "n > m")
+args @ rec_exec f args # 0 \<up> m"
-apply(subgoal_tac "\<exists> d. n = d + m", erule_tac exE)
+apply(case_tac n, simp_all add: exp_suc list_update_append list_update.simps del: replicate_Suc)
-apply(simp add: replicate_add)
+apply(subgoal_tac "length args = Suc (length lm)", simp)
-apply(drule_tac length_equal, simp)
+apply(rule_tac x = "Suc (Suc 0)" in exI, simp)
-apply(simp add: replicate_Suc[THEN sym] del: replicate_Suc)
+apply(drule_tac length_equal, simp, auto)
-apply(rule_tac x = "n - m" in exI, simp)
+done
-apply(drule_tac length_equal, simp)
-done
+lemma compile_append_dummy_correct:
+assumes compile: "rec_ci f = (ap, ary, fp)"
-lemma [elim]:
+and termi: "terminate f args"
-"lm @ rs # 0\<up>m = lm' @ 0\<up>n \<Longrightarrow>
+shows "{\<lambda> nl. nl = args} (ap [+] dummy_abc (length args)) {\<lambda> nl. (\<exists> m. nl = args @ rec_exec f args # 0\<up>m)}"
-\<exists>m. abc_lm_s lm' (length lm) (abc_lm_v lm' (length lm)) =
+proof(rule_tac abc_Hoare_plus_halt)
-lm @ rs # 0\<up>m"
+show "{\<lambda>nl. nl = args} ap {\<lambda> nl. abc_list_crsp (args @ [rec_exec f args]) nl}"
-proof(cases "length lm' > length lm")
+using compile termi recursive_compile_correct_norm'[of f ap ary fp args]
-case True
+apply(auto simp: abc_Hoare_halt_def)
-assume h: "lm @ rs # 0\<up>m = lm' @ 0\<up>n" "length lm < length lm'"
+by(rule_tac x = stp in exI, simp)
-hence "m \<ge> n"
-apply(drule_tac length_equal)
-apply(simp)
-done
-hence "\<exists> d. m = d + n"
-apply(rule_tac x = "m - n" in exI, simp)
-done
-from this obtain d where "m = d + n" ..
-from h and this show "?thesis"
-apply(auto simp: abc_lm_s.simps abc_lm_v.simps
-replicate_add)
-done
 next
-case False
+show "{abc_list_crsp (args @ [rec_exec f args])} dummy_abc (length args)
-assume h:"lm @ rs # 0\<up>m = lm' @ 0\<up>n"
+{\<lambda>nl. \<exists>m. nl = args @ rec_exec f args # 0 \<up> m}"
-and    g: "\<not> length lm < length lm'"
+apply(auto simp: dummy_abc_def abc_Hoare_halt_def)
-have "take (Suc (length lm)) (lm @ rs # 0\<up>m) =
+apply(rule_tac x = 3 in exI)
-take (Suc (length lm)) (lm' @ 0\<up>n)"
+by(auto simp: abc_steps_l.simps abc_list_crsp_def abc_step_l.simps numeral_3_eq_3 abc_fetch.simps
-using h by simp
+abc_lm_v.simps nth_append abc_lm_s.simps)
-moreover have "n \<ge> (Suc (length lm) - length lm')"
+qed
-using h g
-apply(drule_tac length_equal)
+lemma cn_merge_gs_split:
-apply(simp)
+"\<lbrakk>i < length gs; rec_ci (gs!i) = (ga, gb, gc)\<rbrakk> \<Longrightarrow>
-done
+cn_merge_gs (map rec_ci gs) p =  cn_merge_gs (map rec_ci (take i gs)) p [+] (ga [+]
-ultimately show
+mv_box gb (p + i)) [+]  cn_merge_gs (map rec_ci (drop (Suc i) gs)) (p + Suc i)"
-"\<exists>m. abc_lm_s lm' (length lm) (abc_lm_v lm' (length lm)) =
+apply(induct i arbitrary: gs p, case_tac gs, simp, simp)
-lm @ rs # 0\<up>m"
+apply(case_tac gs, simp, case_tac "rec_ci a",
-using g h
+simp add: abc_comp_commute[THEN sym])
-apply(simp add: abc_lm_s.simps abc_lm_v.simps min_def)
+done
-apply(rule_tac x = 0 in exI,
-simp add:replicate_append_same replicate_Suc[THEN sym]
+lemma cn_unhalt_case:
-del:replicate_Suc)
+assumes compile1: "rec_ci (Cn n f gs) = (ap, ar, ft) \<and> length args = ar"
-done
+and g: "i < length gs"
-qed
+and compile2: "rec_ci (gs!i) = (gap, gar, gft) \<and> gar = length args"
+and g_unhalt: "\<And> anything. {\<lambda> nl. nl = args @ 0\<up>(gft - gar) @ anything} gap \<up>"
-lemma [elim]:
+and g_ind: "\<And> apj arj ftj j anything. \<lbrakk>j < i; rec_ci (gs!j) = (apj, arj, ftj)\<rbrakk>
-"abc_list_crsp lm' (lm @ rs # 0\<up>m)
+\<Longrightarrow> {\<lambda> nl. nl = args @ 0\<up>(ftj - arj) @ anything} apj {\<lambda> nl. nl = args @ rec_exec (gs!j) args # 0\<up>(ftj - Suc arj) @ anything}"
-\<Longrightarrow> \<exists>m. abc_lm_s lm' (length lm) (abc_lm_v lm' (length lm))
+and all_termi: "\<forall> j<i. terminate (gs!j) args"
-= lm @ rs # 0\<up>m"
+shows "{\<lambda> nl. nl = args @ 0\<up>(ft - ar) @ anything} ap \<up>"
-apply(auto simp: abc_list_crsp_def)
+using compile1
-apply(simp add: abc_lm_v.simps abc_lm_s.simps)
+apply(case_tac "rec_ci f", auto simp: rec_ci.simps abc_comp_commute)
-apply(rule_tac x =  "m + n" in exI,
+proof(rule_tac abc_Hoare_plus_unhalt1)
-simp add: replicate_add)
+fix fap far fft
-done
+let ?ft = "max (Suc (length args)) (Max (insert fft ((\<lambda>(aprog, p, n). n) ` rec_ci ` set gs)))"
+let ?Q = "\<lambda>nl. nl = args @ 0\<up> (?ft - length args) @ map (\<lambda>i. rec_exec i args) (take i gs) @
-lemma abc_append_dummy_complie:
+0\<up>(length gs - i) @ 0\<up> Suc (length args) @ anything"
-"\<lbrakk>rec_ci recf = (ap, ary, fp);
+have "cn_merge_gs (map rec_ci gs) ?ft =
-rec_calc_rel recf args r;
+cn_merge_gs (map rec_ci (take i gs)) ?ft [+] (gap [+]
-length args = k\<rbrakk>
+mv_box gar (?ft + i)) [+]  cn_merge_gs (map rec_ci (drop (Suc i) gs)) (?ft + Suc i)"
-\<Longrightarrow> (\<exists> stp m. (abc_steps_l (0, args) (ap [+] dummy_abc k) stp) =
+using g compile2 cn_merge_gs_split by simp
-(length ap + 3, args @ r # 0\<up>m))"
+thus "{\<lambda>nl. nl = args @ 0 # 0 \<up> (?ft + length gs) @ anything} (cn_merge_gs (map rec_ci gs) ?ft) \<up>"
-apply(drule_tac recursive_compile_correct_norm, auto simp: numeral_3_eq_3)
+proof(simp, rule_tac abc_Hoare_plus_unhalt1, rule_tac abc_Hoare_plus_unhalt2,
-proof -
+rule_tac abc_Hoare_plus_unhalt1)
-fix stp lm' m
+let ?Q_tmp = "\<lambda>nl. nl = args @ 0\<up> (gft - gar) @ 0\<up>(?ft - (length args) - (gft -gar)) @ map (\<lambda>i. rec_exec i args) (take i gs) @
-assume h: "rec_calc_rel recf args r"
+0\<up>(length gs - i) @ 0\<up> Suc (length args) @ anything"
-"abc_steps_l (0, args) ap stp = (length ap, lm')"
+have a: "{?Q_tmp} gap \<up>"
-"abc_list_crsp lm' (args @ r # 0\<up>m)"
+using g_unhalt[of "0 \<up> (?ft - (length args) - (gft - gar)) @
-have "\<exists>stp. abc_steps_l (0, args) (ap [+]
+map (\<lambda>i. rec_exec i args) (take i gs) @ 0 \<up> (length gs - i) @ 0 \<up> Suc (length args) @ anything"]
-(dummy_abc (length args))) stp = (length ap + 3,
+by simp
-abc_lm_s lm' (length args) (abc_lm_v lm' (length args)))"
+moreover have "?ft \<ge> gft"
-using h
+using g compile2
-apply(rule_tac bm = lm' in abc_append_exc2,
+apply(rule_tac min_max.le_supI2, rule_tac Max_ge, simp, rule_tac insertI2)
-auto intro: dummy_abc_steps_ex simp: numeral_3_eq_3)
+apply(rule_tac  x = "rec_ci (gs ! i)" in image_eqI, simp)
-done
+by(rule_tac x = "gs!i"  in image_eqI, simp, simp)
-thus "\<exists>stp m. abc_steps_l (0, args) (ap [+]
+then have b:"?Q_tmp = ?Q"
-dummy_abc (length args)) stp = (Suc (Suc (Suc (length ap))), args @ r # 0\<up>m)"
+using compile2
-using h
+apply(rule_tac arg_cong)
-apply(erule_tac exE)
+by(simp add: replicate_merge_anywhere)
-apply(rule_tac x = stpa in exI, auto)
+thus "{?Q} gap \<up>"
-done
+using a by simp
-qed
+next
+show "{\<lambda>nl. nl = args @ 0 # 0 \<up> (?ft + length gs) @ anything}
-lemma [simp]: "length (dummy_abc k) = 3"
+cn_merge_gs (map rec_ci (take i gs)) ?ft
-apply(simp add: dummy_abc_def)
+{\<lambda>nl. nl = args @ 0 \<up> (?ft - length args) @
-done
+map (\<lambda>i. rec_exec i args) (take i gs) @ 0 \<up> (length gs - i) @ 0 \<up> Suc (length args) @ anything}"
+using all_termi
-lemma [simp]: "length args = k \<Longrightarrow> abc_lm_v (args @ r # 0\<up>m) k = r "
+apply(rule_tac compile_cn_gs_correct', auto simp: set_conv_nth)
-apply(simp add: abc_lm_v.simps nth_append)
+by(drule_tac apj = x and arj = xa and  ftj = xb and j = ia and anything = xc in g_ind, auto)
-done
+qed
+qed
-lemma [simp]: "crsp (layout_of (ap [+] dummy_abc k)) (0, args)
-(Suc 0, Bk # Bk # ires, <args> @ Bk \<up> rn) ires"
-apply(auto simp: crsp.simps start_of.simps)
-done
+lemma mn_unhalt_case':
+assumes compile: "rec_ci f = (a, b, c)"
-(* cccc *)
+and all_termi: "\<forall>i. terminate f (args @ [i]) \<and> 0 < rec_exec f (args @ [i])"
+and B: "B = [Dec (Suc (length args)) (length a + 5), Dec (Suc (length args)) (length a + 3),
+Goto (Suc (length a)), Inc (length args), Goto 0]"
+shows "{\<lambda>nl. nl = args @ 0 \<up> (max (Suc (length args)) c - length args) @ anything}
+a @ B \<up>"
+proof(rule_tac abc_Hoare_unhaltI, auto)
+fix n
+have a:  "b = Suc (length args)"
+using all_termi compile
+apply(erule_tac x = 0 in allE)
+by(auto, drule_tac param_pattern,auto)
+moreover have b: "c > b"
+using compile by(elim footprint_ge)
+ultimately have c: "max (Suc (length args)) c = c" by arith
+have "\<exists> stp > n. abc_steps_l (0, args @ 0 # 0\<up>(c - Suc (length args)) @ anything) (a @ B) stp
+= (0, args @ Suc n # 0\<up>(c - Suc (length args)) @ anything)"
+using assms a b c
+proof(rule_tac mn_loop_correct', auto)
+fix i xc
+show "{\<lambda>nl. nl = args @ i # 0 \<up> (c - Suc (length args)) @ xc} a
+{\<lambda>nl. nl = args @ i # rec_exec f (args @ [i]) # 0 \<up> (c - Suc (Suc (length args))) @ xc}"
+using all_termi recursive_compile_correct[of f "args @ [i]" a b c xc] compile a
+by(simp)
+qed
+then obtain stp where d: "stp > n \<and> abc_steps_l (0, args @ 0 # 0\<up>(c - Suc (length args)) @ anything) (a @ B) stp
+= (0, args @ Suc n # 0\<up>(c - Suc (length args)) @ anything)" ..
+then obtain d where e: "stp = n + Suc d"
+by (metis add_Suc_right less_iff_Suc_add)
+obtain s nl where f: "abc_steps_l (0, args @ 0 # 0\<up>(c - Suc (length args)) @ anything) (a @ B) n = (s, nl)"
+by (metis prod.exhaust)
+have g: "s < length (a @ B)"
+using d e f
+apply(rule_tac classical, simp only: abc_steps_add)
+by(simp add: halt_steps2 leI)
+from f g show "abc_notfinal (abc_steps_l (0, args @ 0 \<up>
+(max (Suc (length args)) c - length args) @ anything) (a @ B) n) (a @ B)"
+using c b a
+by(simp add: replicate_Suc_iff_anywhere Suc_diff_Suc del: replicate_Suc)
+qed
+lemma mn_unhalt_case:
+assumes compile: "rec_ci (Mn n f) = (ap, ar, ft) \<and> length args = ar"
+and all_term: "\<forall> i. terminate f (args @ [i]) \<and> rec_exec f (args @ [i]) > 0"
+shows "{\<lambda> nl. nl = args @ 0\<up>(ft - ar) @ anything} ap \<up> "
+using assms
+apply(case_tac "rec_ci f", auto simp: rec_ci.simps abc_comp_commute)
+by(rule_tac mn_unhalt_case', simp_all)
 fun tm_of_rec :: "recf \<Rightarrow> instr list"
 where "tm_of_rec recf = (let (ap, k, fp) = rec_ci recf in
 let tp = tm_of (ap [+] dummy_abc k) in
 tp @ (shift (mopup k) (length tp div 2)))"
-lemma recursive_compile_to_tm_correct:
+lemma recursive_compile_to_tm_correct1:
-"\<lbrakk>rec_ci recf = (ap, ary, fp);
+assumes  compile: "rec_ci recf = (ap, ary, fp)"
-rec_calc_rel recf args r;
+and termi: " terminate recf args"
-length args = k;
+and tp: "tp = tm_of (ap [+] dummy_abc (length args))"
-ly = layout_of (ap [+] dummy_abc k);
+shows "\<exists> stp m l. steps0 (Suc 0, Bk # Bk # ires, <args> @ Bk\<up>rn)
-tp = tm_of (ap [+] dummy_abc k)\<rbrakk>
+(tp @ shift (mopup (length args)) (length tp div 2)) stp = (0, Bk\<up>m @ Bk # Bk # ires, Oc\<up>Suc (rec_exec recf args) @ Bk\<up>l)"
-\<Longrightarrow> \<exists> stp m l. steps0 (Suc 0, Bk # Bk # ires, <args> @ Bk\<up>rn)
+proof -
-(tp @ shift (mopup k) (length tp div 2)) stp
+have "{\<lambda>nl. nl = args} ap [+] dummy_abc (length args) {\<lambda>nl. \<exists>m. nl = args @ rec_exec recf args # 0 \<up> m}"
-= (0, Bk\<up>m @ Bk # Bk # ires, Oc\<up>Suc r @ Bk\<up>l)"
+using compile termi compile
-using abc_append_dummy_complie[of recf ap ary fp args r k]
+by(rule_tac compile_append_dummy_correct, auto)
-apply(simp)
+then obtain stp m where h: "abc_steps_l (0, args) (ap [+] dummy_abc (length args)) stp =
-apply(erule_tac exE)+
+(length (ap [+] dummy_abc (length args)), args @ rec_exec recf args # 0\<up>m) "
-apply(frule_tac tp = tp and n = k
+apply(simp add: abc_Hoare_halt_def, auto)
-and ires = ires in compile_correct_halt, simp_all add: length_append)
+by(case_tac "abc_steps_l (0, args) (ap [+] dummy_abc (length args)) n", auto)
-apply(simp_all add: length_append)
+thus "?thesis"
-done
+using assms tp
+by(rule_tac  lm = args and stp = stp and am = "args @ rec_exec recf args # 0 \<up> m"
+in compile_correct_halt, auto simp: crsp.simps start_of.simps length_abc_comp abc_lm_v.simps)
+qed
 lemma recursive_compile_to_tm_correct2:
-assumes "rec_ci recf = (ap, ary, fp)"
+assumes  compile: "rec_ci recf = (ap, ary, fp)"
-and     "rec_calc_rel recf args r"
+and termi: " terminate recf args"
-and     "length args = k"
+shows "\<exists> stp m l. steps0 (Suc 0, [Bk, Bk], <args>) (tm_of_rec recf) stp =
-and     "tp = tm_of (ap [+] dummy_abc k)"
+(0, Bk\<up>Suc (Suc m), Oc\<up>Suc (rec_exec recf args) @ Bk\<up>l)"
-shows "\<exists> m n. {\<lambda>tp. tp = ([Bk, Bk], <args>)}
+using recursive_compile_to_tm_correct1[of recf ap ary fp args "tm_of (ap [+] dummy_abc (length args))" "[]" 0]
-(tp @ (shift (mopup k) (length tp div 2)))
+assms param_pattern[of recf args ap ary fp]
-{\<lambda>tp. tp = (Bk \<up> m, Oc \<up> (Suc r) @ Bk \<up> n)}"
+by(simp add: exp_suc replicate_Suc[THEN sym] del: replicate_Suc tm_of_rec_def)
-using recursive_compile_to_tm_correct[where ires="[]" and rn="0", OF assms(1-3) _ assms(4)]
-apply(simp add: Hoare_halt_def)
-apply(drule_tac x="layout_of (ap [+] dummy_abc k)" in meta_spec)
-apply(auto)
-apply(rule_tac x="m + 2" in exI)
-apply(rule_tac x="l" in exI)
-apply(rule_tac x="stp" in exI)
-apply(auto)
-by (metis append_Nil2 replicate_app_Cons_same)
 lemma recursive_compile_to_tm_correct3:
-assumes "rec_calc_rel recf args r"
+assumes compile: "rec_ci recf = (ap, ary, fp)"
-shows "{\<lambda>tp. tp = ([Bk, Bk], <args>)} tm_of_rec recf {\<lambda>tp. \<exists>k l. tp = (Bk \<up> k, <r> @ Bk \<up> l)}"
+and termi: "terminate recf args"
-using recursive_compile_to_tm_correct2[OF _ assms]
+shows "{\<lambda> (l, r). l = [Bk, Bk] \<and> r = <args>} (tm_of_rec recf)
-apply(auto)
+{\<lambda> (l, r). \<exists> m i. l = Bk\<up>(Suc (Suc m)) \<and> r = Oc\<up>Suc (rec_exec recf args) @ Bk \<up> i}"
-apply(case_tac "rec_ci recf")
+using recursive_compile_to_tm_correct2[of recf ap ary fp args] assms
-apply(auto)
+apply(simp add: Hoare_halt_def, auto)
-apply(drule_tac x="a" in meta_spec)
+apply(rule_tac x = stp in exI, simp)
-apply(drule_tac x="b" in meta_spec)
+done
-apply(drule_tac x="c" in meta_spec)
-apply(drule_tac x="length args" in meta_spec)
-apply(drule_tac x="tm_of (a [+] dummy_abc (length args))" in meta_spec)
-apply(auto)
-apply(simp add: tape_of_nat_abv)
-apply(subgoal_tac "b = length args")
-apply(simp add: Hoare_halt_def)
-apply(auto)[1]
-apply(rule_tac x="na" in exI)
-apply(auto)[1]
-apply(case_tac "steps0 (Suc 0, [Bk, Bk], <args>)
-(tm_of (a [+] dummy_abc (length args)) @
-shift (mopup (length args))
-(listsum
-(layout_of (a [+] dummy_abc (length args)))))
-na")
-apply(simp)
-by (metis assms para_pattern)
 lemma [simp]:
 "list_all (\<lambda>(acn, s). s \<le> Suc (Suc (Suc (Suc (Suc (Suc (2 * n))))))) xs \<Longrightarrow>
 list_all (\<lambda>(acn, s). s \<le> Suc (Suc (Suc (Suc (Suc (Suc (Suc (Suc (2 * n))))))))) xs"
 apply(induct xs, simp, simp)
 apply(rule_tac start_of_all_le)
 apply(rule_tac dec_state_all_le, simp_all)
 apply(rule_tac start_of_all_le)
 done
-lemma concat_in: "i < length (concat xs) \<Longrightarrow> \<exists>k < length xs. concat xs ! i \<in> set (xs ! k)"
+lemma concat_in: "i < length (concat xs) \<Longrightarrow>
-apply(induct xs rule: list_tl_induct, simp, simp)
+\<exists>k < length xs. concat xs ! i \<in> set (xs ! k)"
-apply(case_tac "i < length (concat list)", simp)
+apply(induct xs rule: rev_induct, simp, simp)
+apply(case_tac "i < length (concat xs)", simp)
 apply(erule_tac exE, rule_tac x = k in exI)
 apply(simp add: nth_append)
-apply(rule_tac x = "length list" in exI, simp)
+apply(rule_tac x = "length xs" in exI, simp)
 apply(simp add: nth_append)
 done
 lemma [simp]: "length (tms_of ap) = length ap"
 apply(simp add: tms_of.simps tpairs_of.simps)
 apply(case_tac i, auto simp: ci.simps length_findnth
 tinc_b_def adjust.simps tdec_b_def)
 done
 lemma [intro]: "listsum (map (length \<circ> (\<lambda>(x, y). ci ly x y)) zs) mod 2 = 0"
-apply(induct zs rule: list_tl_induct, simp)
+apply(induct zs rule: rev_induct, simp)
-apply(case_tac a, simp)
+apply(case_tac x, simp)
-apply(subgoal_tac "length (ci ly aa b) mod 2 = 0")
+apply(subgoal_tac "length (ci ly a b) mod 2 = 0")
 apply(auto)
 done
 lemma zip_pre:
 "(length ys) \<le> length ap \<Longrightarrow>
 done
 lemma [simp]: "length mopup_b = 12"
 apply(simp add: mopup_b_def)
 done
-(*
-lemma [elim]: "\<lbrakk>na < 4 * n; tshift (mop_bef n) q ! na = (a, b)\<rbrakk> \<Longrightarrow>
-b \<le> q + (2 * n + 6)"
-apply(induct n, simp, simp add: mop_bef.simps nth_append tshift_append shift_length)
-apply(case_tac "na < 4*n", simp, simp)
-apply(subgoal_tac "na = 4*n \<or> na = 1 + 4*n \<or> na = 2 + 4*n \<or> na = 3 + 4*n",
-auto simp: shift_length)
-apply(simp_all add: tshift.simps)
-done
-*)
 lemma mp_up_all_le: "list_all  (\<lambda>(acn, s). s \<le> q + (2 * n + 6))
 [(R, Suc (Suc (2 * n + q))), (R, Suc (2 * n + q)),
 (L, 5 + 2 * n + q), (W0, Suc (Suc (Suc (2 * n + q)))), (R, 4 + 2 * n + q),
 (W0, Suc (Suc (Suc (2 * n + q)))), (R, Suc (Suc (2 * n + q))),
 lemma [simp]: "b \<le> Suc x
 \<Longrightarrow> b \<le> (2 * x + length (mopup n)) div 2"
 apply(auto simp: mopup.simps)
 done
-lemma t_compiled_correct:
+lemma wf_tm_from_abacus:
-"\<lbrakk>tp = tm_of ap; ly = layout_of ap; mop_ss = start_of ly (length ap)\<rbrakk> \<Longrightarrow>
+"tp = tm_of ap \<Longrightarrow>
 tm_wf (tp @ shift( mopup n) (length tp div 2), 0)"
 using length_start_of_tm[of ap] all_le_start_of[of ap]
 apply(auto simp: tm_wf.simps List.list_all_iff)
 done
+lemma wf_tm_from_recf:
+assumes compile: "tp = tm_of_rec recf"
+shows "tm_wf0 tp"
+proof -
+obtain a b c where "rec_ci recf = (a, b, c)"
+by (metis prod_cases3)
+thus "?thesis"
+using compile
+using wf_tm_from_abacus[of "tm_of (a [+] dummy_abc b)" "(a [+] dummy_abc b)" b]
+by simp
+qed
 end

changeset 229	d8e6f0798e23
parent 204	e55c8e5da49f
child 230	49dcc0b9b0b3