theory StateMonad
imports
"~~/src/HOL/Library/Monad_Syntax"
begin
datatype ('result, 'state) SM = SM "'state => ('result \<times> 'state) option"
fun execute :: "('result, 'state) SM \<Rightarrow> 'state \<Rightarrow> ('result \<times> 'state) option" where
"execute (SM f) = f"
lemma SM_cases [case_names succeed fail]:
fixes f and s
assumes succeed: "\<And>x s'. execute f h = Some (x, s') \<Longrightarrow> P"
assumes fail: "execute f h = None \<Longrightarrow> P"
shows P
using assms by (cases "execute f h") auto
lemma SM_execute [simp]:
"SM (execute f) = f" by (cases f) simp_all
lemma SM_eqI:
"(\<And>h. execute f h = execute g h) \<Longrightarrow> f = g"
by (cases f, cases g) (auto simp: fun_eq_iff)
ML {* structure Execute_Simps = Named_Thms
(
val name = @{binding execute_simps}
val description = "simplification rules for execute"
) *}
setup Execute_Simps.setup
lemma execute_Let [execute_simps]:
"execute (let x = t in f x) = (let x = t in execute (f x))"
by (simp add: Let_def)
subsubsection {* Specialised lifters *}
definition sm :: "('state \<Rightarrow> 'a \<times> 'state) \<Rightarrow> ('a, 'state) SM" where
"sm f = SM (Some \<circ> f)"
definition tap :: "('state \<Rightarrow> 'a) \<Rightarrow> ('a, 'state) SM" where
"tap f = SM (\<lambda>s. Some (f s, s))"
definition "sm_get = tap id"
definition "sm_map f = sm (\<lambda> s.((), f s))"
definition "sm_set s' = sm_map (\<lambda> s. s)"
lemma execute_tap [execute_simps]:
"execute (tap f) h = Some (f h, h)"
by (simp add: tap_def)
lemma execute_heap [execute_simps]:
"execute (sm f) = Some \<circ> f"
by (simp add: sm_def)
definition guard :: "('state \<Rightarrow> bool) \<Rightarrow> ('state \<Rightarrow> 'a \<times> 'state)
\<Rightarrow> ('a, 'state) SM" where
"guard P f = SM (\<lambda>h. if P h then Some (f h) else None)"
lemma execute_guard [execute_simps]:
"\<not> P h \<Longrightarrow> execute (guard P f) h = None"
"P h \<Longrightarrow> execute (guard P f) h = Some (f h)"
by (simp_all add: guard_def)
subsubsection {* Predicate classifying successful computations *}
definition success :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> bool" where
"success f h = (execute f h \<noteq> None)"
lemma successI:
"execute f h \<noteq> None \<Longrightarrow> success f h"
by (simp add: success_def)
lemma successE:
assumes "success f h"
obtains r h' where "r = fst (the (execute c h))"
and "h' = snd (the (execute c h))"
and "execute f h \<noteq> None"
using assms by (simp add: success_def)
ML {* structure Success_Intros = Named_Thms
(
val name = @{binding success_intros}
val description = "introduction rules for success"
) *}
setup Success_Intros.setup
lemma success_tapI [success_intros]:
"success (tap f) h"
by (rule successI) (simp add: execute_simps)
lemma success_heapI [success_intros]:
"success (sm f) h"
by (rule successI) (simp add: execute_simps)
lemma success_guardI [success_intros]:
"P h \<Longrightarrow> success (guard P f) h"
by (rule successI) (simp add: execute_guard)
lemma success_LetI [success_intros]:
"x = t \<Longrightarrow> success (f x) h \<Longrightarrow> success (let x = t in f x) h"
by (simp add: Let_def)
lemma success_ifI:
"(c \<Longrightarrow> success t h) \<Longrightarrow> (\<not> c \<Longrightarrow> success e h) \<Longrightarrow>
success (if c then t else e) h"
by (simp add: success_def)
subsubsection {* Predicate for a simple relational calculus *}
text {*
The @{text effect} predicate states that when a computation @{text c}
runs with the state @{text h} will result in return value @{text r}
and a state @{text "h'"}, i.e.~no exception occurs.
*}
definition effect :: "('a, 'state) SM \<Rightarrow> 'state \<Rightarrow> 'state \<Rightarrow> 'a \<Rightarrow> bool" where
effect_def: "effect c h h' r = (execute c h = Some (r, h'))"
lemma effectI:
"execute c h = Some (r, h') \<Longrightarrow> effect c h h' r"
by (simp add: effect_def)
lemma effectE:
assumes "effect c h h' r"
obtains "r = fst (the (execute c h))"
and "h' = snd (the (execute c h))"
and "success c h"
proof (rule that)
from assms have *: "execute c h = Some (r, h')" by (simp add: effect_def)
then show "success c h" by (simp add: success_def)
from * have "fst (the (execute c h)) = r" and "snd (the (execute c h)) = h'"
by simp_all
then show "r = fst (the (execute c h))"
and "h' = snd (the (execute c h))" by simp_all
qed
lemma effect_success:
"effect c h h' r \<Longrightarrow> success c h"
by (simp add: effect_def success_def)
lemma success_effectE:
assumes "success c h"
obtains r h' where "effect c h h' r"
using assms by (auto simp add: effect_def success_def)
lemma effect_deterministic:
assumes "effect f h h' a"
and "effect f h h'' b"
shows "a = b" and "h' = h''"
using assms unfolding effect_def by auto
ML {* structure Effect_Intros = Named_Thms
(
val name = @{binding effect_intros}
val description = "introduction rules for effect"
) *}
ML {* structure Effect_Elims = Named_Thms
(
val name = @{binding effect_elims}
val description = "elimination rules for effect"
) *}
setup "Effect_Intros.setup #> Effect_Elims.setup"
lemma effect_LetI [effect_intros]:
assumes "x = t" "effect (f x) h h' r"
shows "effect (let x = t in f x) h h' r"
using assms by simp
lemma effect_LetE [effect_elims]:
assumes "effect (let x = t in f x) h h' r"
obtains "effect (f t) h h' r"
using assms by simp
lemma effect_ifI:
assumes "c \<Longrightarrow> effect t h h' r"
and "\<not> c \<Longrightarrow> effect e h h' r"
shows "effect (if c then t else e) h h' r"
by (cases c) (simp_all add: assms)
lemma effect_ifE:
assumes "effect (if c then t else e) h h' r"
obtains "c" "effect t h h' r"
| "\<not> c" "effect e h h' r"
using assms by (cases c) simp_all
lemma effect_tapI [effect_intros]:
assumes "h' = h" "r = f h"
shows "effect (tap f) h h' r"
by (rule effectI) (simp add: assms execute_simps)
lemma effect_tapE [effect_elims]:
assumes "effect (tap f) h h' r"
obtains "h' = h" and "r = f h"
using assms by (rule effectE) (auto simp add: execute_simps)
lemma effect_heapI [effect_intros]:
assumes "h' = snd (f h)" "r = fst (f h)"
shows "effect (sm f) h h' r"
by (rule effectI) (simp add: assms execute_simps)
lemma effect_heapE [effect_elims]:
assumes "effect (sm f) h h' r"
obtains "h' = snd (f h)" and "r = fst (f h)"
using assms by (rule effectE) (simp add: execute_simps)
lemma effect_guardI [effect_intros]:
assumes "P h" "h' = snd (f h)" "r = fst (f h)"
shows "effect (guard P f) h h' r"
by (rule effectI) (simp add: assms execute_simps)
lemma effect_guardE [effect_elims]:
assumes "effect (guard P f) h h' r"
obtains "h' = snd (f h)" "r = fst (f h)" "P h"
using assms by (rule effectE)
(auto simp add: execute_simps elim!: successE,
cases "P h", auto simp add: execute_simps)
subsubsection {* Monad combinators *}
definition return :: "'a \<Rightarrow> ('a, 'state) SM" where
"return x = sm (Pair x)"
lemma execute_return [execute_simps]:
"execute (return x) = Some \<circ> Pair x"
by (simp add: return_def execute_simps)
lemma success_returnI [success_intros]:
"success (return x) h"
by (rule successI) (simp add: execute_simps)
lemma effect_returnI [effect_intros]:
"h = h' \<Longrightarrow> effect (return x) h h' x"
by (rule effectI) (simp add: execute_simps)
lemma effect_returnE [effect_elims]:
assumes "effect (return x) h h' r"
obtains "r = x" "h' = h"
using assms by (rule effectE) (simp add: execute_simps)
definition raise :: "string \<Rightarrow> ('a, 'state) SM" where
-- {* the string is just decoration *}
"raise s = SM (\<lambda>_. None)"
lemma execute_raise [execute_simps]:
"execute (raise s) = (\<lambda>_. None)"
by (simp add: raise_def)
lemma effect_raiseE [effect_elims]:
assumes "effect (raise x) h h' r"
obtains "False"
using assms by (rule effectE) (simp add: success_def execute_simps)
definition bind :: "('a, 'state) SM \<Rightarrow> ('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> ('b, 'state) SM" where
"bind f g = SM (\<lambda>h. case execute f h of
Some (x, h') \<Rightarrow> execute (g x) h'
| None \<Rightarrow> None)"
adhoc_overloading
Monad_Syntax.bind StateMonad.bind
lemma execute_bind [execute_simps]:
"execute f h = Some (x, h') \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g x) h'"
"execute f h = None \<Longrightarrow> execute (f \<guillemotright>= g) h = None"
by (simp_all add: bind_def)
lemma execute_bind_case:
"execute (f \<guillemotright>= g) h = (case (execute f h) of
Some (x, h') \<Rightarrow> execute (g x) h' | None \<Rightarrow> None)"
by (simp add: bind_def)
lemma execute_bind_success:
"success f h \<Longrightarrow> execute (f \<guillemotright>= g) h = execute (g (fst (the (execute f h)))) (snd (the (execute f h)))"
by (cases f h rule: SM_cases) (auto elim!: successE simp add: bind_def)
lemma success_bind_executeI:
"execute f h = Some (x, h') \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"
by (auto intro!: successI elim!: successE simp add: bind_def)
lemma success_bind_effectI [success_intros]:
"effect f h h' x \<Longrightarrow> success (g x) h' \<Longrightarrow> success (f \<guillemotright>= g) h"
by (auto simp add: effect_def success_def bind_def)
lemma effect_bindI [effect_intros]:
assumes "effect f h h' r" "effect (g r) h' h'' r'"
shows "effect (f \<guillemotright>= g) h h'' r'"
using assms
apply (auto intro!: effectI elim!: effectE successE)
apply (subst execute_bind, simp_all)
done
lemma effect_bindE [effect_elims]:
assumes "effect (f \<guillemotright>= g) h h'' r'"
obtains h' r where "effect f h h' r" "effect (g r) h' h'' r'"
using assms by (auto simp add: effect_def bind_def split: option.split_asm)
lemma execute_bind_eq_SomeI:
assumes "execute f h = Some (x, h')"
and "execute (g x) h' = Some (y, h'')"
shows "execute (f \<guillemotright>= g) h = Some (y, h'')"
using assms by (simp add: bind_def)
lemma return_bind [simp]: "return x \<guillemotright>= f = f x"
by (rule SM_eqI) (simp add: execute_bind execute_simps)
lemma bind_return [simp]: "f \<guillemotright>= return = f"
by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)
lemma bind_bind [simp]: "(f \<guillemotright>= g) \<guillemotright>= k = (f :: ('a, 'state) SM) \<guillemotright>= (\<lambda>x. g x \<guillemotright>= k)"
by (rule SM_eqI) (simp add: bind_def execute_simps split: option.splits)
lemma raise_bind [simp]: "raise e \<guillemotright>= f = raise e"
by (rule SM_eqI) (simp add: execute_simps)
subsection {* Generic combinators *}
subsubsection {* Assertions *}
definition assert :: "('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> ('a, 'state) SM" where
"assert P x = (if P x then return x else raise ''assert'')"
lemma execute_assert [execute_simps]:
"P x \<Longrightarrow> execute (assert P x) h = Some (x, h)"
"\<not> P x \<Longrightarrow> execute (assert P x) h = None"
by (simp_all add: assert_def execute_simps)
lemma success_assertI [success_intros]:
"P x \<Longrightarrow> success (assert P x) h"
by (rule successI) (simp add: execute_assert)
lemma effect_assertI [effect_intros]:
"P x \<Longrightarrow> h' = h \<Longrightarrow> r = x \<Longrightarrow> effect (assert P x) h h' r"
by (rule effectI) (simp add: execute_assert)
lemma effect_assertE [effect_elims]:
assumes "effect (assert P x) h h' r"
obtains "P x" "r = x" "h' = h"
using assms by (rule effectE) (cases "P x", simp_all add: execute_assert success_def)
lemma assert_cong [fundef_cong]:
assumes "P = P'"
assumes "\<And>x. P' x \<Longrightarrow> f x = f' x"
shows "(assert P x >>= f) = (assert P' x >>= f')"
by (rule SM_eqI) (insert assms, simp add: assert_def)
subsubsection {* Plain lifting *}
definition lift :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> ('b, 'state) SM" where
"lift f = return o f"
lemma lift_collapse [simp]:
"lift f x = return (f x)"
by (simp add: lift_def)
lemma bind_lift:
"(f \<guillemotright>= lift g) = (f \<guillemotright>= (\<lambda>x. return (g x)))"
by (simp add: lift_def comp_def)
subsubsection {* Iteration -- warning: this is rarely useful! *}
primrec fold_map :: "('a \<Rightarrow> ('b, 'state) SM) \<Rightarrow> 'a list \<Rightarrow> ('b list, 'state) SM" where
"fold_map f [] = return []"
| "fold_map f (x # xs) = do {
y \<leftarrow> f x;
ys \<leftarrow> fold_map f xs;
return (y # ys)
}"
lemma fold_map_append:
"fold_map f (xs @ ys) = fold_map f xs \<guillemotright>= (\<lambda>xs. fold_map f ys \<guillemotright>= (\<lambda>ys. return (xs @ ys)))"
by (induct xs) simp_all
lemma execute_fold_map_unchanged_heap [execute_simps]:
assumes "\<And>x. x \<in> set xs \<Longrightarrow> \<exists>y. execute (f x) h = Some (y, h)"
shows "execute (fold_map f xs) h =
Some (List.map (\<lambda>x. fst (the (execute (f x) h))) xs, h)"
using assms proof (induct xs)
case Nil show ?case by (simp add: execute_simps)
next
case (Cons x xs)
from Cons.prems obtain y
where y: "execute (f x) h = Some (y, h)" by auto
moreover from Cons.prems Cons.hyps have "execute (fold_map f xs) h =
Some (map (\<lambda>x. fst (the (execute (f x) h))) xs, h)" by auto
ultimately show ?case by (simp, simp only: execute_bind(1), simp add: execute_simps)
qed
subsection {* Partial function definition setup *}
definition SM_ord :: "('a, 'state) SM \<Rightarrow> ('a, 'state) SM \<Rightarrow> bool" where
"SM_ord = img_ord execute (fun_ord option_ord)"
definition SM_lub :: "('a , 'state) SM set \<Rightarrow> ('a, 'state) SM" where
"SM_lub = img_lub execute SM (fun_lub (flat_lub None))"
interpretation sm!: partial_function_definitions SM_ord SM_lub
proof -
have "partial_function_definitions (fun_ord option_ord) (fun_lub (flat_lub None))"
by (rule partial_function_lift) (rule flat_interpretation)
then have "partial_function_definitions (img_ord execute (fun_ord option_ord))
(img_lub execute SM (fun_lub (flat_lub None)))"
by (rule partial_function_image) (auto intro: SM_eqI)
then show "partial_function_definitions SM_ord SM_lub"
by (simp only: SM_ord_def SM_lub_def)
qed
declaration {* Partial_Function.init "sm" @{term sm.fixp_fun}
@{term sm.mono_body} @{thm sm.fixp_rule_uc} @{thm sm.fixp_induct_uc} NONE *}
abbreviation "mono_SM \<equiv> monotone (fun_ord SM_ord) SM_ord"
lemma SM_ordI:
assumes "\<And>h. execute x h = None \<or> execute x h = execute y h"
shows "SM_ord x y"
using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def
by blast
lemma SM_ordE:
assumes "SM_ord x y"
obtains "execute x h = None" | "execute x h = execute y h"
using assms unfolding SM_ord_def img_ord_def fun_ord_def flat_ord_def
by atomize_elim blast
lemma bind_mono [partial_function_mono]:
assumes mf: "mono_SM B" and mg: "\<And>y. mono_SM (\<lambda>f. C y f)"
shows "mono_SM (\<lambda>f. B f \<guillemotright>= (\<lambda>y. C y f))"
proof (rule monotoneI)
fix f g :: "'a \<Rightarrow> ('b, 'c) SM" assume fg: "fun_ord SM_ord f g"
from mf
have 1: "SM_ord (B f) (B g)" by (rule monotoneD) (rule fg)
from mg
have 2: "\<And>y'. SM_ord (C y' f) (C y' g)" by (rule monotoneD) (rule fg)
have "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y. C y f))"
(is "SM_ord ?L ?R")
proof (rule SM_ordI)
fix h
from 1 show "execute ?L h = None \<or> execute ?L h = execute ?R h"
by (rule SM_ordE[where h = h]) (auto simp: execute_bind_case)
qed
also
have "SM_ord (B g \<guillemotright>= (\<lambda>y'. C y' f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))"
(is "SM_ord ?L ?R")
proof (rule SM_ordI)
fix h
show "execute ?L h = None \<or> execute ?L h = execute ?R h"
proof (cases "execute (B g) h")
case None
then have "execute ?L h = None" by (auto simp: execute_bind_case)
thus ?thesis ..
next
case Some
then obtain r h' where "execute (B g) h = Some (r, h')"
by (metis surjective_pairing)
then have "execute ?L h = execute (C r f) h'"
"execute ?R h = execute (C r g) h'"
by (auto simp: execute_bind_case)
with 2[of r] show ?thesis by (auto elim: SM_ordE)
qed
qed
finally (sm.leq_trans)
show "SM_ord (B f \<guillemotright>= (\<lambda>y. C y f)) (B g \<guillemotright>= (\<lambda>y'. C y' g))" .
qed
end