theory StateMonad

imports 

       "~~/src/HOL/Library/Monad_Syntax" 

begin

datatype ('result, 'state) SM = SM "'state => ('result \<times> 'state) option"

fun execute :: "('result, 'state) SM \<Rightarrow> 'state \<Rightarrow> ('result \<times> 'state) option" where

  "execute (SM f) = f"

lemma SM_cases [case_names succeed fail]:

  fixes f and s

  assumes succeed: "\<And>x s'. execute f h = Some (x, s') \<Longrightarrow> P"

  assumes fail: "execute f h = None \<Longrightarrow> P"

  shows P

  using assms by (cases "execute f h") auto

lemma SM_execute [simp]:

  "SM (execute f) = f" by (cases f) simp_all

lemma SM_eqI:

  "(\<And>h. execute f h = execute g h) \<Longrightarrow> f = g"

    by (cases f, cases g) (auto simp: fun_eq_iff)

ML {* structure Execute_Simps = Named_Thms

(

  val name = @{binding execute_simps}

  val description = "simplification rules for execute"

) *}

setup Execute_Simps.setup

lemma execute_Let [execute_simps]:

  "execute (let x = t in f x) = (let x = t in execute (f x))"

  by (simp add: Let_def)

subsubsection {* Specialised lifters *}

definition sm :: "('state \<Rightarrow> 'a \<times> 'state) \<Rightarrow> ('a, 'state) SM" where

  "sm f = SM (Some \<circ> f)"

definition tap :: "('state \<Rightarrow> 'a) \<Rightarrow> ('a, 'state) SM" where

  "tap f = SM (\<lambda>s. Some (f s, s))"

definition "sm_get = tap id"

definition "sm_map f = sm (\<lambda> s.((), f s))"

definition "sm_set s' = sm_map (\<lambda> s. s)"

lemma execute_tap [execute_simps]:

  "execute (tap f) h = Some (f h, h)"

  by (simp add: tap_def)

lemma execute_heap [execute_simps]:

  "execute (sm f) = Some \<circ> f"

  by (simp add: sm_def)

definition guard :: "('state \<Rightarrow> bool) \<Rightarrow> ('state \<Rightarrow> 'a \<times> 'state) 

                        \<Rightarrow> ('a, 'state) SM" where

 "guard P f = SM (\<lambda>h. if P h then Some (f h) else None)"

lemma execute_guard [execute_simps]:

  "\<not> P h \<Longrightarrow> execute (guard P f) h = None"

  "P h \<Longrightarrow> execute (guard P f) h = Some (f h)"

  by (simp_all add: guard_def)

subsubsection {* Predicate classifying successful computations *}

definition success :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> bool" where

  "success f h = (execute f h \<noteq> None)"

lemma successI:

  "execute f h \<noteq> None \<Longrightarrow> success f h"

  by (simp add: success_def)

lemma successE:

  assumes "success f h"

  obtains r h' where "r = fst (the (execute c h))"

    and "h' = snd (the (execute c h))"

    and "execute f h \<noteq> None"

  using assms by (simp add: success_def)

ML {* structure Success_Intros = Named_Thms

(

  val name = @{binding success_intros}

  val description = "introduction rules for success"

) *}

setup Success_Intros.setup

lemma success_tapI [success_intros]:

  "success (tap f) h"

  by (rule successI) (simp add: execute_simps)

lemma success_heapI [success_intros]:

  "success (sm f) h"

  by (rule successI) (simp add: execute_simps)

lemma success_guardI [success_intros]:

  "P h \<Longrightarrow> success (guard P f) h"

  by (rule successI) (simp add: execute_guard)

lemma success_LetI [success_intros]:

  "x = t \<Longrightarrow> success (f x) h \<Longrightarrow> success (let x = t in f x) h"

  by (simp add: Let_def)

lemma success_ifI:

  "(c \<Longrightarrow> success t h) \<Longrightarrow> (\<not> c \<Longrightarrow> success e h) \<Longrightarrow>

    success (if c then t else e) h"

  by (simp add: success_def)

subsubsection {* Predicate for a simple relational calculus *}

text {*

  The @{text effect} predicate states that when a computation @{text c}

  runs with the state @{text h} will result in return value @{text r}

  and a state @{text "h'"}, i.e.~no exception occurs.

*}  

definition effect :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> 'state \<Rightarrow> 'a \<Rightarrow> bool" where

  effect_def: "effect c h h' r = (execute c h = Some (r, h'))"

lemma effectI:

  "execute c h = Some (r, h') \<Longrightarrow> effect c h h' r"

  by (simp add: effect_def)

lemma effectE:

  assumes "effect c h h' r"

  obtains "r = fst (the (execute c h))"

    and "h' = snd (the (execute c h))"

    and "success c h"

proof (rule that)

  from assms have *: "execute c h = Some (r, h')" by (simp add: effect_def)

  then show "success c h" by (simp add: success_def)

  from * have "fst (the (execute c h)) = r" and "snd (the (execute c h)) = h'"

    by simp_all

  then show "r = fst (the (execute c h))"

    and "h' = snd (the (execute c h))" by simp_all

qed

lemma effect_success:

  "effect c h h' r \<Longrightarrow> success c h"

  by (simp add: effect_def success_def)

lemma success_effectE:

  assumes "success c h"

  obtains r h' where "effect c h h' r"

  using assms by (auto simp add: effect_def success_def)

lemma effect_deterministic:

  assumes "effect f h h' a"

    and "effect f h h'' b"

  shows "a = b" and "h' = h''"

  using assms unfolding effect_def by auto

ML {* structure Effect_Intros = Named_Thms

(

  val name = @{binding effect_intros}

  val description = "introduction rules for effect"

) *}

ML {* structure Effect_Elims = Named_Thms

(

  val name = @{binding effect_elims}

  val description = "elimination rules for effect"

) *}

setup "Effect_Intros.setup #> Effect_Elims.setup"

lemma effect_LetI [effect_intros]:

  assumes "x = t" "effect (f x) h h' r"

  shows "effect (let x = t in f x) h h' r"

  using assms by simp

lemma effect_LetE [effect_elims]:

  assumes "effect (let x = t in f x) h h' r"

  obtains "effect (f t) h h' r"

  using assms by simp

lemma effect_ifI:

  assumes "c \<Longrightarrow> effect t h h' r"

    and "\<not> c \<Longrightarrow> effect e h h' r"

  shows "effect (if c then t else e) h h' r"

  by (cases c) (simp_all add: assms)

lemma effect_ifE:

  assumes "effect (if c then t else e) h h' r"

  obtains "c" "effect t h h' r"

    | "\<not> c" "effect e h h' r"

  using assms by (cases c) simp_all

lemma effect_tapI [effect_intros]:

  assumes "h' = h" "r = f h"

  shows "effect (tap f) h h' r"

  by (rule effectI) (simp add: assms execute_simps)

lemma effect_tapE [effect_elims]:

  assumes "effect (tap f) h h' r"

  obtains "h' = h" and "r = f h"

  using assms by (rule effectE) (auto simp add: execute_simps)

lemma effect_heapI [effect_intros]:

  assumes "h' = snd (f h)" "r = fst (f h)"

  shows "effect (sm f) h h' r"

  by (rule effectI) (simp add: assms execute_simps)

lemma effect_heapE [effect_elims]:

  assumes "effect (sm f) h h' r"

  obtains "h' = snd (f h)" and "r = fst (f h)"

  using assms by (rule effectE) (simp add: execute_simps)

lemma effect_guardI [effect_intros]:

  assumes "P h" "h' = snd (f h)" "r = fst (f h)"

  shows "effect (guard P f) h h' r"

  by (rule effectI) (simp add: assms execute_simps)

lemma effect_guardE [effect_elims]:

  assumes "effect (guard P f) h h' r"

  obtains "h' = snd (f h)" "r = fst (f h)" "P h"

  using assms by (rule effectE)

    (auto simp add: execute_simps elim!: successE, 

        cases "P h", auto simp add: execute_simps)

subsubsection {* Monad combinators *}

definition return :: "'a \<Rightarrow> ('a, 'state) SM" where

       "return x = sm (Pair x)"

lemma execute_return [execute_simps]:

  "execute (return x) = Some \<circ> Pair x"

  by (simp add: return_def execute_simps)

lemma success_returnI [success_intros]:

  "success (return x) h"

  by (rule successI) (simp add: execute_simps)

lemma effect_returnI [effect_intros]:

  "h = h' \<Longrightarrow> effect (return x) h h' x"

  by (rule effectI) (simp add: execute_simps)

lemma effect_returnE [effect_elims]:

  assumes "effect (return x) h h' r"

  obtains "r = x" "h' = h"

  using assms by (rule effectE) (simp add: execute_simps)

definition raise :: "string \<Rightarrow> ('a, 'state) SM" where 

      -- {* the string is just decoration *}

               "raise s = SM (\<lambda>_. None)"

lemma execute_raise [execute_simps]:

  "execute (raise s) = (\<lambda>_. None)"

  by (simp add: raise_def)

lemma effect_raiseE [effect_elims]:

  assumes "effect (raise x) h h' r"

  obtains "False"

  using assms by (rule effectE) (simp add: success_def execute_simps)

definition bind :: "('a, 'state) SM \<Rightarrow> ('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> ('b, 'state) SM" where

  "bind f g = SM (\<lambda>h. case execute f h of

                  Some (x, h') \<Rightarrow> execute (g x) h'

                | None \<Rightarrow> None)"

adhoc_overloading

  Monad_Syntax.bind StateMonad.bind

lemma execute_bind [execute_simps]:

  "execute f h = Some (x, h') \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g x) h'"

  "execute f h = None \<Longrightarrow> execute (f \<guillemotright>= g) h = None"

  by (simp_all add: bind_def)

lemma execute_bind_case:

  "execute (f \<guillemotright>= g) h = (case (execute f h) of

    Some (x, h') \<Rightarrow> execute (g x) h' | None \<Rightarrow> None)"

  by (simp add: bind_def)

lemma execute_bind_success:

  "success f h \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g (fst (the (execute f h)))) (snd (the (execute f h)))"

  by (cases f h rule: SM_cases) (auto elim!: successE simp add: bind_def)

lemma success_bind_executeI:

  "execute f h = Some (x, h') \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"

  by (auto intro!: successI elim!: successE simp add: bind_def)

lemma success_bind_effectI [success_intros]:

  "effect f h h' x \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"

  by (auto simp add: effect_def success_def bind_def)

lemma effect_bindI [effect_intros]:

  assumes "effect f h h' r" "effect (g r) h' h'' r'"

  shows "effect (f \<guillemotright>= g) h h'' r'"

  using assms

  apply (auto intro!: effectI elim!: effectE successE)

  apply (subst execute_bind, simp_all)

  done

lemma effect_bindE [effect_elims]:

  assumes "effect (f \<guillemotright>= g) h h'' r'"

  obtains h' r where "effect f h h' r" "effect (g r) h' h'' r'"

  using assms by (auto simp add: effect_def bind_def split: option.split_asm)

lemma execute_bind_eq_SomeI:

  assumes "execute f h = Some (x, h')"

    and "execute (g x) h' = Some (y, h'')"

  shows "execute (f \<guillemotright>= g) h = Some (y, h'')"

  using assms by (simp add: bind_def)

lemma return_bind [simp]: "return x \<guillemotright>= f = f x"

  by (rule SM_eqI) (simp add: execute_bind execute_simps)

lemma bind_return [simp]: "f \<guillemotright>= return = f"

  by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)

lemma bind_bind [simp]: "(f \<guillemotright>= g) \<guillemotright>= k = (f :: ('a, 'state) SM) \<guillemotright>= (\<lambda>x. g x \<guillemotright>= k)"

  by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)

lemma raise_bind [simp]: "raise e \<guillemotright>= f = raise e"

  by (rule SM_eqI) (simp add: execute_simps)

subsection {* Generic combinators *}

subsubsection {* Assertions *}

definition assert :: "('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> ('a, 'state) SM" where

  "assert P x = (if P x then return x else raise ''assert'')"

lemma execute_assert [execute_simps]:

  "P x \<Longrightarrow> execute (assert P x) h = Some (x, h)"

  "\<not> P x \<Longrightarrow> execute (assert P x) h = None"

  by (simp_all add: assert_def execute_simps)

lemma success_assertI [success_intros]:

  "P x \<Longrightarrow> success (assert P x) h"

  by (rule successI) (simp add: execute_assert)

lemma effect_assertI [effect_intros]:

  "P x \<Longrightarrow> h' = h \<Longrightarrow> r = x \<Longrightarrow> effect (assert P x) h h' r"

  by (rule effectI) (simp add: execute_assert)

lemma effect_assertE [effect_elims]:

  assumes "effect (assert P x) h h' r"

  obtains "P x" "r = x" "h' = h"

  using assms by (rule effectE) (cases "P x", simp_all add: execute_assert success_def)

lemma assert_cong [fundef_cong]:

  assumes "P = P'"

  assumes "\<And>x. P' x \<Longrightarrow> f x = f' x"

  shows "(assert P x >>= f) = (assert P' x >>= f')"

  by (rule SM_eqI) (insert assms, simp add: assert_def)

subsubsection {* Plain lifting *}

definition lift :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> ('b, 'state) SM" where

  "lift f = return o f"

lemma lift_collapse [simp]:

  "lift f x = return (f x)"

  by (simp add: lift_def)

lemma bind_lift:

  "(f \<guillemotright>= lift g) = (f \<guillemotright>= (\<lambda>x. return (g x)))"

  by (simp add: lift_def comp_def)

subsubsection {* Iteration -- warning: this is rarely useful! *}

primrec fold_map :: "('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> 'a list \<Rightarrow> ('b list, 'state) SM" where

  "fold_map f [] = return []"

| "fold_map f (x # xs) = do {

     y \<leftarrow> f x;

     ys \<leftarrow> fold_map f xs;

     return (y # ys)

   }"

lemma fold_map_append:

  "fold_map f (xs @ ys) = fold_map f xs \<guillemotright>= (\<lambda>xs. fold_map f ys \<guillemotright>= (\<lambda>ys. return (xs @ ys)))"

  by (induct xs) simp_all

lemma execute_fold_map_unchanged_heap [execute_simps]:

  assumes "\<And>x. x \<in> set xs \<Longrightarrow> \<exists>y. execute (f x) h = Some (y, h)"

  shows "execute (fold_map f xs) h =

    Some (List.map (\<lambda>x. fst (the (execute (f x) h))) xs, h)"

using assms proof (induct xs)

  case Nil show ?case by (simp add: execute_simps)

next

  case (Cons x xs)

  from Cons.prems obtain y

    where y: "execute (f x) h = Some (y, h)" by auto

  moreover from Cons.prems Cons.hyps have "execute (fold_map f xs) h =

    Some (map (\<lambda>x. fst (the (execute (f x) h))) xs, h)" by auto

  ultimately show ?case by (simp, simp only: execute_bind(1), simp add: execute_simps)

qed

subsection {* Partial function definition setup *}

definition SM_ord :: "('a, 'state) SM \<Rightarrow> ('a, 'state) SM \<Rightarrow> bool" where

  "SM_ord = img_ord execute (fun_ord option_ord)"

definition SM_lub :: "('a , 'state) SM set \<Rightarrow> ('a, 'state) SM" where

  "SM_lub = img_lub execute SM (fun_lub (flat_lub None))"

interpretation sm!: partial_function_definitions SM_ord SM_lub

proof -

  have "partial_function_definitions (fun_ord option_ord) (fun_lub (flat_lub None))"

    by (rule partial_function_lift) (rule flat_interpretation)

  then have "partial_function_definitions (img_ord execute (fun_ord option_ord))

      (img_lub execute SM (fun_lub (flat_lub None)))"

    by (rule partial_function_image) (auto intro: SM_eqI)

  then show "partial_function_definitions SM_ord SM_lub"

    by (simp only: SM_ord_def SM_lub_def)

qed

declaration {* Partial_Function.init "sm" @{term sm.fixp_fun}

  @{term sm.mono_body} @{thm sm.fixp_rule_uc} @{thm sm.fixp_induct_uc}  NONE *}

abbreviation "mono_SM \<equiv> monotone (fun_ord SM_ord) SM_ord"

lemma SM_ordI:

  assumes "\<And>h. execute x h = None \<or> execute x h = execute y h"

  shows  "SM_ord x y"

  using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def

  by blast

lemma SM_ordE:

  assumes "SM_ord x y"

  obtains "execute x h = None" | "execute x h = execute y h"

  using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def

  by atomize_elim blast

lemma bind_mono [partial_function_mono]:

  assumes mf: "mono_SM B" and mg: "\<And>y. mono_SM (\<lambda>f. C y f)"

  shows "mono_SM (\<lambda>f. B f \<guillemotright>= (\<lambda>y. C y f))"

proof (rule monotoneI)

  fix f g :: "'a \<Rightarrow> ('b, 'c) SM" assume fg: "fun_ord SM_ord f g"

  from mf

  have 1: "SM_ord (B f) (B g)" by (rule monotoneD) (rule fg)

  from mg

  have 2: "\<And>y'. SM_ord (C y' f) (C y' g)" by (rule monotoneD) (rule fg)

  have "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y. C y f))"

    (is "SM_ord ?L ?R")

  proof (rule SM_ordI)

    fix h

    from 1 show "execute ?L h = None \<or> execute ?L h = execute ?R h"

      by (rule SM_ordE[where h = h]) (auto simp: execute_bind_case)

  qed

  also

  have "SM_ord (B g \<guillemotright>= (\<lambda>y'. C y' f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))"

    (is "SM_ord ?L ?R")

  proof (rule SM_ordI)

    fix h

    show "execute ?L h = None \<or> execute ?L h = execute ?R h"

    proof (cases "execute (B g) h")

      case None

      then have "execute ?L h = None" by (auto simp: execute_bind_case)

      thus ?thesis ..

    next

      case Some

      then obtain r h' where "execute (B g) h = Some (r, h')"

        by (metis surjective_pairing)

      then have "execute ?L h = execute (C r f) h'"

        "execute ?R h = execute (C r g) h'"

        by (auto simp: execute_bind_case)

      with 2[of r] show ?thesis by (auto elim: SM_ordE)

    qed

  qed

  finally (sm.leq_trans)

  show "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))" .

qed

end