tm2: comparison thys/StateMonad.thy

equal deleted inserted replaced

-:6c722e960f2e
+:38cef5407d82
+theory StateMonad
+imports
+"~~/src/HOL/Library/Monad_Syntax"
+begin
+datatype ('result, 'state) SM = SM "'state => ('result \<times> 'state) option"
+fun execute :: "('result, 'state) SM \<Rightarrow> 'state \<Rightarrow> ('result \<times> 'state) option" where
+"execute (SM f) = f"
+lemma SM_cases [case_names succeed fail]:
+fixes f and s
+assumes succeed: "\<And>x s'. execute f h = Some (x, s') \<Longrightarrow> P"
+assumes fail: "execute f h = None \<Longrightarrow> P"
+shows P
+using assms by (cases "execute f h") auto
+lemma SM_execute [simp]:
+"SM (execute f) = f" by (cases f) simp_all
+lemma SM_eqI:
+"(\<And>h. execute f h = execute g h) \<Longrightarrow> f = g"
+by (cases f, cases g) (auto simp: fun_eq_iff)
+ML {* structure Execute_Simps = Named_Thms
+(
+val name = @{binding execute_simps}
+val description = "simplification rules for execute"
+) *}
+setup Execute_Simps.setup
+lemma execute_Let [execute_simps]:
+"execute (let x = t in f x) = (let x = t in execute (f x))"
+by (simp add: Let_def)
+subsubsection {* Specialised lifters *}
+definition sm :: "('state \<Rightarrow> 'a \<times> 'state) \<Rightarrow> ('a, 'state) SM" where
+"sm f = SM (Some \<circ> f)"
+definition tap :: "('state \<Rightarrow> 'a) \<Rightarrow> ('a, 'state) SM" where
+"tap f = SM (\<lambda>s. Some (f s, s))"
+definition "sm_get = tap id"
+definition "sm_map f = sm (\<lambda> s.((), f s))"
+definition "sm_set s' = sm_map (\<lambda> s. s)"
+lemma execute_tap [execute_simps]:
+"execute (tap f) h = Some (f h, h)"
+by (simp add: tap_def)
+lemma execute_heap [execute_simps]:
+"execute (sm f) = Some \<circ> f"
+by (simp add: sm_def)
+definition guard :: "('state \<Rightarrow> bool) \<Rightarrow> ('state \<Rightarrow> 'a \<times> 'state)
+\<Rightarrow> ('a, 'state) SM" where
+"guard P f = SM (\<lambda>h. if P h then Some (f h) else None)"
+lemma execute_guard [execute_simps]:
+"\<not> P h \<Longrightarrow> execute (guard P f) h = None"
+"P h \<Longrightarrow> execute (guard P f) h = Some (f h)"
+by (simp_all add: guard_def)
+subsubsection {* Predicate classifying successful computations *}
+definition success :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> bool" where
+"success f h = (execute f h \<noteq> None)"
+lemma successI:
+"execute f h \<noteq> None \<Longrightarrow> success f h"
+by (simp add: success_def)
+lemma successE:
+assumes "success f h"
+obtains r h' where "r = fst (the (execute c h))"
+and "h' = snd (the (execute c h))"
+and "execute f h \<noteq> None"
+using assms by (simp add: success_def)
+ML {* structure Success_Intros = Named_Thms
+(
+val name = @{binding success_intros}
+val description = "introduction rules for success"
+) *}
+setup Success_Intros.setup
+lemma success_tapI [success_intros]:
+"success (tap f) h"
+by (rule successI) (simp add: execute_simps)
+lemma success_heapI [success_intros]:
+"success (sm f) h"
+by (rule successI) (simp add: execute_simps)
+lemma success_guardI [success_intros]:
+"P h \<Longrightarrow> success (guard P f) h"
+by (rule successI) (simp add: execute_guard)
+lemma success_LetI [success_intros]:
+"x = t \<Longrightarrow> success (f x) h \<Longrightarrow> success (let x = t in f x) h"
+by (simp add: Let_def)
+lemma success_ifI:
+"(c \<Longrightarrow> success t h) \<Longrightarrow> (\<not> c \<Longrightarrow> success e h) \<Longrightarrow>
+success (if c then t else e) h"
+by (simp add: success_def)
+subsubsection {* Predicate for a simple relational calculus *}
+text {*
+The @{text effect} predicate states that when a computation @{text c}
+runs with the state @{text h} will result in return value @{text r}
+and a state @{text "h'"}, i.e.~no exception occurs.
+*}
+definition effect :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> 'state \<Rightarrow> 'a \<Rightarrow> bool" where
+effect_def: "effect c h h' r = (execute c h = Some (r, h'))"
+lemma effectI:
+"execute c h = Some (r, h') \<Longrightarrow> effect c h h' r"
+by (simp add: effect_def)
+lemma effectE:
+assumes "effect c h h' r"
+obtains "r = fst (the (execute c h))"
+and "h' = snd (the (execute c h))"
+and "success c h"
+proof (rule that)
+from assms have *: "execute c h = Some (r, h')" by (simp add: effect_def)
+then show "success c h" by (simp add: success_def)
+from * have "fst (the (execute c h)) = r" and "snd (the (execute c h)) = h'"
+by simp_all
+then show "r = fst (the (execute c h))"
+and "h' = snd (the (execute c h))" by simp_all
+qed
+lemma effect_success:
+"effect c h h' r \<Longrightarrow> success c h"
+by (simp add: effect_def success_def)
+lemma success_effectE:
+assumes "success c h"
+obtains r h' where "effect c h h' r"
+using assms by (auto simp add: effect_def success_def)
+lemma effect_deterministic:
+assumes "effect f h h' a"
+and "effect f h h'' b"
+shows "a = b" and "h' = h''"
+using assms unfolding effect_def by auto
+ML {* structure Effect_Intros = Named_Thms
+(
+val name = @{binding effect_intros}
+val description = "introduction rules for effect"
+) *}
+ML {* structure Effect_Elims = Named_Thms
+(
+val name = @{binding effect_elims}
+val description = "elimination rules for effect"
+) *}
+setup "Effect_Intros.setup #> Effect_Elims.setup"
+lemma effect_LetI [effect_intros]:
+assumes "x = t" "effect (f x) h h' r"
+shows "effect (let x = t in f x) h h' r"
+using assms by simp
+lemma effect_LetE [effect_elims]:
+assumes "effect (let x = t in f x) h h' r"
+obtains "effect (f t) h h' r"
+using assms by simp
+lemma effect_ifI:
+assumes "c \<Longrightarrow> effect t h h' r"
+and "\<not> c \<Longrightarrow> effect e h h' r"
+shows "effect (if c then t else e) h h' r"
+by (cases c) (simp_all add: assms)
+lemma effect_ifE:
+assumes "effect (if c then t else e) h h' r"
+obtains "c" "effect t h h' r"
+| "\<not> c" "effect e h h' r"
+using assms by (cases c) simp_all
+lemma effect_tapI [effect_intros]:
+assumes "h' = h" "r = f h"
+shows "effect (tap f) h h' r"
+by (rule effectI) (simp add: assms execute_simps)
+lemma effect_tapE [effect_elims]:
+assumes "effect (tap f) h h' r"
+obtains "h' = h" and "r = f h"
+using assms by (rule effectE) (auto simp add: execute_simps)
+lemma effect_heapI [effect_intros]:
+assumes "h' = snd (f h)" "r = fst (f h)"
+shows "effect (sm f) h h' r"
+by (rule effectI) (simp add: assms execute_simps)
+lemma effect_heapE [effect_elims]:
+assumes "effect (sm f) h h' r"
+obtains "h' = snd (f h)" and "r = fst (f h)"
+using assms by (rule effectE) (simp add: execute_simps)
+lemma effect_guardI [effect_intros]:
+assumes "P h" "h' = snd (f h)" "r = fst (f h)"
+shows "effect (guard P f) h h' r"
+by (rule effectI) (simp add: assms execute_simps)
+lemma effect_guardE [effect_elims]:
+assumes "effect (guard P f) h h' r"
+obtains "h' = snd (f h)" "r = fst (f h)" "P h"
+using assms by (rule effectE)
+(auto simp add: execute_simps elim!: successE,
+cases "P h", auto simp add: execute_simps)
+subsubsection {* Monad combinators *}
+definition return :: "'a \<Rightarrow> ('a, 'state) SM" where
+"return x = sm (Pair x)"
+lemma execute_return [execute_simps]:
+"execute (return x) = Some \<circ> Pair x"
+by (simp add: return_def execute_simps)
+lemma success_returnI [success_intros]:
+"success (return x) h"
+by (rule successI) (simp add: execute_simps)
+lemma effect_returnI [effect_intros]:
+"h = h' \<Longrightarrow> effect (return x) h h' x"
+by (rule effectI) (simp add: execute_simps)
+lemma effect_returnE [effect_elims]:
+assumes "effect (return x) h h' r"
+obtains "r = x" "h' = h"
+using assms by (rule effectE) (simp add: execute_simps)
+definition raise :: "string \<Rightarrow> ('a, 'state) SM" where
+-- {* the string is just decoration *}
+"raise s = SM (\<lambda>_. None)"
+lemma execute_raise [execute_simps]:
+"execute (raise s) = (\<lambda>_. None)"
+by (simp add: raise_def)
+lemma effect_raiseE [effect_elims]:
+assumes "effect (raise x) h h' r"
+obtains "False"
+using assms by (rule effectE) (simp add: success_def execute_simps)
+definition bind :: "('a, 'state) SM \<Rightarrow> ('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> ('b, 'state) SM" where
+"bind f g = SM (\<lambda>h. case execute f h of
+Some (x, h') \<Rightarrow> execute (g x) h'
+| None \<Rightarrow> None)"
+adhoc_overloading
+Monad_Syntax.bind StateMonad.bind
+lemma execute_bind [execute_simps]:
+"execute f h = Some (x, h') \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g x) h'"
+"execute f h = None \<Longrightarrow> execute (f \<guillemotright>= g) h = None"
+by (simp_all add: bind_def)
+lemma execute_bind_case:
+"execute (f \<guillemotright>= g) h = (case (execute f h) of
+Some (x, h') \<Rightarrow> execute (g x) h' | None \<Rightarrow> None)"
+by (simp add: bind_def)
+lemma execute_bind_success:
+"success f h \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g (fst (the (execute f h)))) (snd (the (execute f h)))"
+by (cases f h rule: SM_cases) (auto elim!: successE simp add: bind_def)
+lemma success_bind_executeI:
+"execute f h = Some (x, h') \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"
+by (auto intro!: successI elim!: successE simp add: bind_def)
+lemma success_bind_effectI [success_intros]:
+"effect f h h' x \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"
+by (auto simp add: effect_def success_def bind_def)
+lemma effect_bindI [effect_intros]:
+assumes "effect f h h' r" "effect (g r) h' h'' r'"
+shows "effect (f \<guillemotright>= g) h h'' r'"
+using assms
+apply (auto intro!: effectI elim!: effectE successE)
+apply (subst execute_bind, simp_all)
+done
+lemma effect_bindE [effect_elims]:
+assumes "effect (f \<guillemotright>= g) h h'' r'"
+obtains h' r where "effect f h h' r" "effect (g r) h' h'' r'"
+using assms by (auto simp add: effect_def bind_def split: option.split_asm)
+lemma execute_bind_eq_SomeI:
+assumes "execute f h = Some (x, h')"
+and "execute (g x) h' = Some (y, h'')"
+shows "execute (f \<guillemotright>= g) h = Some (y, h'')"
+using assms by (simp add: bind_def)
+lemma return_bind [simp]: "return x \<guillemotright>= f = f x"
+by (rule SM_eqI) (simp add: execute_bind execute_simps)
+lemma bind_return [simp]: "f \<guillemotright>= return = f"
+by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)
+lemma bind_bind [simp]: "(f \<guillemotright>= g) \<guillemotright>= k = (f :: ('a, 'state) SM) \<guillemotright>= (\<lambda>x. g x \<guillemotright>= k)"
+by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)
+lemma raise_bind [simp]: "raise e \<guillemotright>= f = raise e"
+by (rule SM_eqI) (simp add: execute_simps)
+subsection {* Generic combinators *}
+subsubsection {* Assertions *}
+definition assert :: "('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> ('a, 'state) SM" where
+"assert P x = (if P x then return x else raise ''assert'')"
+lemma execute_assert [execute_simps]:
+"P x \<Longrightarrow> execute (assert P x) h = Some (x, h)"
+"\<not> P x \<Longrightarrow> execute (assert P x) h = None"
+by (simp_all add: assert_def execute_simps)
+lemma success_assertI [success_intros]:
+"P x \<Longrightarrow> success (assert P x) h"
+by (rule successI) (simp add: execute_assert)
+lemma effect_assertI [effect_intros]:
+"P x \<Longrightarrow> h' = h \<Longrightarrow> r = x \<Longrightarrow> effect (assert P x) h h' r"
+by (rule effectI) (simp add: execute_assert)
+lemma effect_assertE [effect_elims]:
+assumes "effect (assert P x) h h' r"
+obtains "P x" "r = x" "h' = h"
+using assms by (rule effectE) (cases "P x", simp_all add: execute_assert success_def)
+lemma assert_cong [fundef_cong]:
+assumes "P = P'"
+assumes "\<And>x. P' x \<Longrightarrow> f x = f' x"
+shows "(assert P x >>= f) = (assert P' x >>= f')"
+by (rule SM_eqI) (insert assms, simp add: assert_def)
+subsubsection {* Plain lifting *}
+definition lift :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> ('b, 'state) SM" where
+"lift f = return o f"
+lemma lift_collapse [simp]:
+"lift f x = return (f x)"
+by (simp add: lift_def)
+lemma bind_lift:
+"(f \<guillemotright>= lift g) = (f \<guillemotright>= (\<lambda>x. return (g x)))"
+by (simp add: lift_def comp_def)
+subsubsection {* Iteration -- warning: this is rarely useful! *}
+primrec fold_map :: "('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> 'a list \<Rightarrow> ('b list, 'state) SM" where
+"fold_map f [] = return []"
+| "fold_map f (x # xs) = do {
+y \<leftarrow> f x;
+ys \<leftarrow> fold_map f xs;
+return (y # ys)
+}"
+lemma fold_map_append:
+"fold_map f (xs @ ys) = fold_map f xs \<guillemotright>= (\<lambda>xs. fold_map f ys \<guillemotright>= (\<lambda>ys. return (xs @ ys)))"
+by (induct xs) simp_all
+lemma execute_fold_map_unchanged_heap [execute_simps]:
+assumes "\<And>x. x \<in> set xs \<Longrightarrow> \<exists>y. execute (f x) h = Some (y, h)"
+shows "execute (fold_map f xs) h =
+Some (List.map (\<lambda>x. fst (the (execute (f x) h))) xs, h)"
+using assms proof (induct xs)
+case Nil show ?case by (simp add: execute_simps)
+next
+case (Cons x xs)
+from Cons.prems obtain y
+where y: "execute (f x) h = Some (y, h)" by auto
+moreover from Cons.prems Cons.hyps have "execute (fold_map f xs) h =
+Some (map (\<lambda>x. fst (the (execute (f x) h))) xs, h)" by auto
+ultimately show ?case by (simp, simp only: execute_bind(1), simp add: execute_simps)
+qed
+subsection {* Partial function definition setup *}
+definition SM_ord :: "('a, 'state) SM \<Rightarrow> ('a, 'state) SM \<Rightarrow> bool" where
+"SM_ord = img_ord execute (fun_ord option_ord)"
+definition SM_lub :: "('a , 'state) SM set \<Rightarrow> ('a, 'state) SM" where
+"SM_lub = img_lub execute SM (fun_lub (flat_lub None))"
+interpretation sm!: partial_function_definitions SM_ord SM_lub
+proof -
+have "partial_function_definitions (fun_ord option_ord) (fun_lub (flat_lub None))"
+by (rule partial_function_lift) (rule flat_interpretation)
+then have "partial_function_definitions (img_ord execute (fun_ord option_ord))
+(img_lub execute SM (fun_lub (flat_lub None)))"
+by (rule partial_function_image) (auto intro: SM_eqI)
+then show "partial_function_definitions SM_ord SM_lub"
+by (simp only: SM_ord_def SM_lub_def)
+qed
+declaration {* Partial_Function.init "sm" @{term sm.fixp_fun}
+@{term sm.mono_body} @{thm sm.fixp_rule_uc} @{thm sm.fixp_induct_uc}  NONE *}
+abbreviation "mono_SM \<equiv> monotone (fun_ord SM_ord) SM_ord"
+lemma SM_ordI:
+assumes "\<And>h. execute x h = None \<or> execute x h = execute y h"
+shows  "SM_ord x y"
+using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def
+by blast
+lemma SM_ordE:
+assumes "SM_ord x y"
+obtains "execute x h = None" | "execute x h = execute y h"
+using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def
+by atomize_elim blast
+lemma bind_mono [partial_function_mono]:
+assumes mf: "mono_SM B" and mg: "\<And>y. mono_SM (\<lambda>f. C y f)"
+shows "mono_SM (\<lambda>f. B f \<guillemotright>= (\<lambda>y. C y f))"
+proof (rule monotoneI)
+fix f g :: "'a \<Rightarrow> ('b, 'c) SM" assume fg: "fun_ord SM_ord f g"
+from mf
+have 1: "SM_ord (B f) (B g)" by (rule monotoneD) (rule fg)
+from mg
+have 2: "\<And>y'. SM_ord (C y' f) (C y' g)" by (rule monotoneD) (rule fg)
+have "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y. C y f))"
+(is "SM_ord ?L ?R")
+proof (rule SM_ordI)
+fix h
+from 1 show "execute ?L h = None \<or> execute ?L h = execute ?R h"
+by (rule SM_ordE[where h = h]) (auto simp: execute_bind_case)
+qed
+also
+have "SM_ord (B g \<guillemotright>= (\<lambda>y'. C y' f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))"
+(is "SM_ord ?L ?R")
+proof (rule SM_ordI)
+fix h
+show "execute ?L h = None \<or> execute ?L h = execute ?R h"
+proof (cases "execute (B g) h")
+case None
+then have "execute ?L h = None" by (auto simp: execute_bind_case)
+thus ?thesis ..
+next
+case Some
+then obtain r h' where "execute (B g) h = Some (r, h')"
+by (metis surjective_pairing)
+then have "execute ?L h = execute (C r f) h'"
+"execute ?R h = execute (C r g) h'"
+by (auto simp: execute_bind_case)
+with 2[of r] show ?thesis by (auto elim: SM_ordE)
+qed
+qed
+finally (sm.leq_trans)
+show "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))" .
+qed
+end