src/HOL/IMP/Abs_Int1_ivl.thy
author haftmann
Mon Dec 26 22:17:10 2011 +0100 (2011-12-26)
changeset 45990 b7b905b23b2a
parent 45978 d3325de5f299
child 46028 9f113cdf3d66
permissions -rw-r--r--
incorporated More_Set and More_List into the Main body -- to be consolidated later
nipkow@45111
     1
(* Author: Tobias Nipkow *)
nipkow@45111
     2
nipkow@45111
     3
theory Abs_Int1_ivl
haftmann@45990
     4
imports Abs_Int1 Abs_Int_Tests
nipkow@45111
     5
begin
nipkow@45111
     6
nipkow@45111
     7
subsection "Interval Analysis"
nipkow@45111
     8
nipkow@45111
     9
datatype ivl = I "int option" "int option"
nipkow@45111
    10
nipkow@45111
    11
definition "rep_ivl i = (case i of
nipkow@45111
    12
  I (Some l) (Some h) \<Rightarrow> {l..h} |
nipkow@45111
    13
  I (Some l) None \<Rightarrow> {l..} |
nipkow@45111
    14
  I None (Some h) \<Rightarrow> {..h} |
nipkow@45111
    15
  I None None \<Rightarrow> UNIV)"
nipkow@45111
    16
nipkow@45113
    17
abbreviation I_Some_Some :: "int \<Rightarrow> int \<Rightarrow> ivl"  ("{_\<dots>_}") where
nipkow@45113
    18
"{lo\<dots>hi} == I (Some lo) (Some hi)"
nipkow@45113
    19
abbreviation I_Some_None :: "int \<Rightarrow> ivl"  ("{_\<dots>}") where
nipkow@45113
    20
"{lo\<dots>} == I (Some lo) None"
nipkow@45113
    21
abbreviation I_None_Some :: "int \<Rightarrow> ivl"  ("{\<dots>_}") where
nipkow@45113
    22
"{\<dots>hi} == I None (Some hi)"
nipkow@45113
    23
abbreviation I_None_None :: "ivl"  ("{\<dots>}") where
nipkow@45113
    24
"{\<dots>} == I None None"
nipkow@45113
    25
nipkow@45113
    26
definition "num_ivl n = {n\<dots>n}"
nipkow@45111
    27
haftmann@45978
    28
definition
haftmann@45978
    29
  "contained_in i k \<longleftrightarrow> k \<in> rep_ivl i"
haftmann@45978
    30
haftmann@45978
    31
lemma in_rep_ivl_contained_in [code_unfold_post]:
haftmann@45978
    32
  "k \<in> rep_ivl i \<longleftrightarrow> contained_in i k"
haftmann@45978
    33
  by (simp only: contained_in_def)
haftmann@45978
    34
haftmann@45978
    35
lemma contained_in_simps [code]:
haftmann@45978
    36
  "contained_in (I (Some l) (Some h)) k \<longleftrightarrow> l \<le> k \<and> k \<le> h"
haftmann@45978
    37
  "contained_in (I (Some l) None) k \<longleftrightarrow> l \<le> k"
haftmann@45978
    38
  "contained_in (I None (Some h)) k \<longleftrightarrow> k \<le> h"
haftmann@45978
    39
  "contained_in (I None None) k \<longleftrightarrow> True"
haftmann@45978
    40
  by (simp_all add: contained_in_def rep_ivl_def)
haftmann@45978
    41
nipkow@45111
    42
instantiation option :: (plus)plus
nipkow@45111
    43
begin
nipkow@45111
    44
nipkow@45111
    45
fun plus_option where
nipkow@45111
    46
"Some x + Some y = Some(x+y)" |
nipkow@45111
    47
"_ + _ = None"
nipkow@45111
    48
nipkow@45111
    49
instance proof qed
nipkow@45111
    50
nipkow@45111
    51
end
nipkow@45111
    52
nipkow@45113
    53
definition empty where "empty = {1\<dots>0}"
nipkow@45111
    54
nipkow@45111
    55
fun is_empty where
nipkow@45113
    56
"is_empty {l\<dots>h} = (h<l)" |
nipkow@45111
    57
"is_empty _ = False"
nipkow@45111
    58
nipkow@45111
    59
lemma [simp]: "is_empty(I l h) =
nipkow@45111
    60
  (case l of Some l \<Rightarrow> (case h of Some h \<Rightarrow> h<l | None \<Rightarrow> False) | None \<Rightarrow> False)"
nipkow@45111
    61
by(auto split:option.split)
nipkow@45111
    62
nipkow@45111
    63
lemma [simp]: "is_empty i \<Longrightarrow> rep_ivl i = {}"
nipkow@45111
    64
by(auto simp add: rep_ivl_def split: ivl.split option.split)
nipkow@45111
    65
nipkow@45111
    66
definition "plus_ivl i1 i2 = (if is_empty i1 | is_empty i2 then empty else
nipkow@45111
    67
  case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow> I (l1+l2) (h1+h2))"
nipkow@45111
    68
nipkow@45111
    69
instantiation ivl :: SL_top
nipkow@45111
    70
begin
nipkow@45111
    71
nipkow@45111
    72
definition le_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> bool" where
nipkow@45111
    73
"le_option pos x y =
nipkow@45111
    74
 (case x of (Some i) \<Rightarrow> (case y of Some j \<Rightarrow> i\<le>j | None \<Rightarrow> pos)
nipkow@45111
    75
  | None \<Rightarrow> (case y of Some j \<Rightarrow> \<not>pos | None \<Rightarrow> True))"
nipkow@45111
    76
nipkow@45111
    77
fun le_aux where
nipkow@45111
    78
"le_aux (I l1 h1) (I l2 h2) = (le_option False l2 l1 & le_option True h1 h2)"
nipkow@45111
    79
nipkow@45111
    80
definition le_ivl where
nipkow@45111
    81
"i1 \<sqsubseteq> i2 =
nipkow@45111
    82
 (if is_empty i1 then True else
nipkow@45111
    83
  if is_empty i2 then False else le_aux i1 i2)"
nipkow@45111
    84
nipkow@45111
    85
definition min_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> int option" where
nipkow@45111
    86
"min_option pos o1 o2 = (if le_option pos o1 o2 then o1 else o2)"
nipkow@45111
    87
nipkow@45111
    88
definition max_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> int option" where
nipkow@45111
    89
"max_option pos o1 o2 = (if le_option pos o1 o2 then o2 else o1)"
nipkow@45111
    90
nipkow@45111
    91
definition "i1 \<squnion> i2 =
nipkow@45111
    92
 (if is_empty i1 then i2 else if is_empty i2 then i1
nipkow@45111
    93
  else case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow>
nipkow@45111
    94
          I (min_option False l1 l2) (max_option True h1 h2))"
nipkow@45111
    95
nipkow@45113
    96
definition "\<top> = {\<dots>}"
nipkow@45111
    97
nipkow@45111
    98
instance
nipkow@45111
    99
proof
nipkow@45111
   100
  case goal1 thus ?case
nipkow@45111
   101
    by(cases x, simp add: le_ivl_def le_option_def split: option.split)
nipkow@45111
   102
next
nipkow@45111
   103
  case goal2 thus ?case
nipkow@45111
   104
    by(cases x, cases y, cases z, auto simp: le_ivl_def le_option_def split: option.splits if_splits)
nipkow@45111
   105
next
nipkow@45111
   106
  case goal3 thus ?case
nipkow@45111
   107
    by(cases x, cases y, simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45111
   108
next
nipkow@45111
   109
  case goal4 thus ?case
nipkow@45111
   110
    by(cases x, cases y, simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45111
   111
next
nipkow@45111
   112
  case goal5 thus ?case
nipkow@45111
   113
    by(cases x, cases y, cases z, auto simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits if_splits)
nipkow@45111
   114
next
nipkow@45111
   115
  case goal6 thus ?case
nipkow@45111
   116
    by(cases x, simp add: Top_ivl_def le_ivl_def le_option_def split: option.split)
nipkow@45111
   117
qed
nipkow@45111
   118
nipkow@45111
   119
end
nipkow@45111
   120
nipkow@45111
   121
nipkow@45111
   122
instantiation ivl :: L_top_bot
nipkow@45111
   123
begin
nipkow@45111
   124
nipkow@45111
   125
definition "i1 \<sqinter> i2 = (if is_empty i1 \<or> is_empty i2 then empty else
nipkow@45111
   126
  case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow>
nipkow@45111
   127
    I (max_option False l1 l2) (min_option True h1 h2))"
nipkow@45111
   128
nipkow@45111
   129
definition "\<bottom> = empty"
nipkow@45111
   130
nipkow@45111
   131
instance
nipkow@45111
   132
proof
nipkow@45111
   133
  case goal1 thus ?case
nipkow@45623
   134
    by (simp add:meet_ivl_def empty_def le_ivl_def le_option_def max_option_def min_option_def split: ivl.splits option.splits)
nipkow@45111
   135
next
nipkow@45111
   136
  case goal2 thus ?case
nipkow@45623
   137
    by (simp add: empty_def meet_ivl_def le_ivl_def le_option_def max_option_def min_option_def split: ivl.splits option.splits)
nipkow@45111
   138
next
nipkow@45111
   139
  case goal3 thus ?case
nipkow@45111
   140
    by (cases x, cases y, cases z, auto simp add: le_ivl_def meet_ivl_def empty_def le_option_def max_option_def min_option_def split: option.splits if_splits)
nipkow@45111
   141
next
nipkow@45111
   142
  case goal4 show ?case by(cases x, simp add: bot_ivl_def empty_def le_ivl_def)
nipkow@45111
   143
qed
nipkow@45111
   144
nipkow@45111
   145
end
nipkow@45111
   146
nipkow@45111
   147
instantiation option :: (minus)minus
nipkow@45111
   148
begin
nipkow@45111
   149
nipkow@45111
   150
fun minus_option where
nipkow@45111
   151
"Some x - Some y = Some(x-y)" |
nipkow@45111
   152
"_ - _ = None"
nipkow@45111
   153
nipkow@45111
   154
instance proof qed
nipkow@45111
   155
nipkow@45111
   156
end
nipkow@45111
   157
nipkow@45111
   158
definition "minus_ivl i1 i2 = (if is_empty i1 | is_empty i2 then empty else
nipkow@45111
   159
  case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow> I (l1-h2) (h1-l2))"
nipkow@45111
   160
nipkow@45111
   161
lemma rep_minus_ivl:
nipkow@45111
   162
  "n1 : rep_ivl i1 \<Longrightarrow> n2 : rep_ivl i2 \<Longrightarrow> n1-n2 : rep_ivl(minus_ivl i1 i2)"
nipkow@45111
   163
by(auto simp add: minus_ivl_def rep_ivl_def split: ivl.splits option.splits)
nipkow@45111
   164
nipkow@45111
   165
nipkow@45111
   166
definition "filter_plus_ivl i i1 i2 = ((*if is_empty i then empty else*)
nipkow@45111
   167
  i1 \<sqinter> minus_ivl i i2, i2 \<sqinter> minus_ivl i i1)"
nipkow@45111
   168
nipkow@45111
   169
fun filter_less_ivl :: "bool \<Rightarrow> ivl \<Rightarrow> ivl \<Rightarrow> ivl * ivl" where
nipkow@45111
   170
"filter_less_ivl res (I l1 h1) (I l2 h2) =
nipkow@45111
   171
  (if is_empty(I l1 h1) \<or> is_empty(I l2 h2) then (empty, empty) else
nipkow@45111
   172
   if res
nipkow@45111
   173
   then (I l1 (min_option True h1 (h2 - Some 1)),
nipkow@45111
   174
         I (max_option False (l1 + Some 1) l2) h2)
nipkow@45111
   175
   else (I (max_option False l1 l2) h1, I l2 (min_option True h1 h2)))"
nipkow@45111
   176
nipkow@45127
   177
interpretation Val_abs rep_ivl num_ivl plus_ivl
nipkow@45623
   178
defines aval_ivl is aval'
nipkow@45111
   179
proof
nipkow@45111
   180
  case goal1 thus ?case
nipkow@45111
   181
    by(auto simp: rep_ivl_def le_ivl_def le_option_def split: ivl.split option.split if_splits)
nipkow@45111
   182
next
nipkow@45111
   183
  case goal2 show ?case by(simp add: rep_ivl_def Top_ivl_def)
nipkow@45127
   184
next
nipkow@45127
   185
  case goal3 thus ?case by(simp add: rep_ivl_def num_ivl_def)
nipkow@45127
   186
next
nipkow@45127
   187
  case goal4 thus ?case
nipkow@45127
   188
    by(auto simp add: rep_ivl_def plus_ivl_def split: ivl.split option.splits)
nipkow@45111
   189
qed
nipkow@45111
   190
nipkow@45127
   191
interpretation Val_abs1_rep rep_ivl num_ivl plus_ivl
nipkow@45111
   192
proof
nipkow@45111
   193
  case goal1 thus ?case
nipkow@45111
   194
    by(auto simp add: rep_ivl_def meet_ivl_def empty_def min_option_def max_option_def split: ivl.split option.split)
nipkow@45111
   195
next
nipkow@45111
   196
  case goal2 show ?case by(auto simp add: bot_ivl_def rep_ivl_def empty_def)
nipkow@45111
   197
qed
nipkow@45111
   198
nipkow@45111
   199
lemma mono_minus_ivl:
nipkow@45111
   200
  "i1 \<sqsubseteq> i1' \<Longrightarrow> i2 \<sqsubseteq> i2' \<Longrightarrow> minus_ivl i1 i2 \<sqsubseteq> minus_ivl i1' i2'"
nipkow@45111
   201
apply(auto simp add: minus_ivl_def empty_def le_ivl_def le_option_def split: ivl.splits)
nipkow@45111
   202
  apply(simp split: option.splits)
nipkow@45111
   203
 apply(simp split: option.splits)
nipkow@45111
   204
apply(simp split: option.splits)
nipkow@45111
   205
done
nipkow@45111
   206
nipkow@45111
   207
nipkow@45111
   208
interpretation
nipkow@45111
   209
  Val_abs1 rep_ivl num_ivl plus_ivl filter_plus_ivl filter_less_ivl
nipkow@45111
   210
proof
nipkow@45111
   211
  case goal1 thus ?case
nipkow@45111
   212
    by(auto simp add: filter_plus_ivl_def)
nipkow@45111
   213
      (metis rep_minus_ivl add_diff_cancel add_commute)+
nipkow@45111
   214
next
nipkow@45111
   215
  case goal2 thus ?case
nipkow@45111
   216
    by(cases a1, cases a2,
nipkow@45111
   217
      auto simp: rep_ivl_def min_option_def max_option_def le_option_def split: if_splits option.splits)
nipkow@45111
   218
qed
nipkow@45111
   219
nipkow@45111
   220
interpretation
nipkow@45127
   221
  Abs_Int1 rep_ivl num_ivl plus_ivl filter_plus_ivl filter_less_ivl
nipkow@45111
   222
defines afilter_ivl is afilter
nipkow@45111
   223
and bfilter_ivl is bfilter
nipkow@45655
   224
and step_ivl is step'
nipkow@45111
   225
and AI_ivl is AI
nipkow@45623
   226
and aval_ivl' is aval''
nipkow@45127
   227
proof qed
nipkow@45111
   228
nipkow@45127
   229
nipkow@45127
   230
text{* Monotonicity: *}
nipkow@45127
   231
nipkow@45127
   232
interpretation
nipkow@45127
   233
  Abs_Int1_mono rep_ivl num_ivl plus_ivl filter_plus_ivl filter_less_ivl
nipkow@45127
   234
proof
nipkow@45127
   235
  case goal1 thus ?case
nipkow@45127
   236
    by(auto simp: plus_ivl_def le_ivl_def le_option_def empty_def split: if_splits ivl.splits option.splits)
nipkow@45127
   237
next
nipkow@45127
   238
  case goal2 thus ?case
nipkow@45127
   239
    by(auto simp: filter_plus_ivl_def le_prod_def mono_meet mono_minus_ivl)
nipkow@45127
   240
next
nipkow@45127
   241
  case goal3 thus ?case
nipkow@45127
   242
    apply(cases a1, cases b1, cases a2, cases b2, auto simp: le_prod_def)
nipkow@45127
   243
    by(auto simp add: empty_def le_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45127
   244
qed
nipkow@45111
   245
nipkow@45623
   246
nipkow@45623
   247
subsubsection "Tests"
nipkow@45623
   248
nipkow@45623
   249
value [code] "show_acom_opt (AI_ivl test1_ivl)"
nipkow@45623
   250
nipkow@45623
   251
text{* Better than @{text AI_const}: *}
nipkow@45623
   252
value [code] "show_acom_opt (AI_ivl test3_const)"
nipkow@45623
   253
value [code] "show_acom_opt (AI_ivl test4_const)"
nipkow@45623
   254
value [code] "show_acom_opt (AI_ivl test6_const)"
nipkow@45623
   255
nipkow@45623
   256
value [code] "show_acom_opt (AI_ivl test2_ivl)"
nipkow@45623
   257
value [code] "show_acom (((step_ivl \<top>)^^0) (\<bottom>\<^sub>c test2_ivl))"
nipkow@45623
   258
value [code] "show_acom (((step_ivl \<top>)^^1) (\<bottom>\<^sub>c test2_ivl))"
nipkow@45623
   259
value [code] "show_acom (((step_ivl \<top>)^^2) (\<bottom>\<^sub>c test2_ivl))"
nipkow@45623
   260
nipkow@45623
   261
text{* Fixed point reached in 2 steps. Not so if the start value of x is known: *}
nipkow@45623
   262
nipkow@45623
   263
value [code] "show_acom_opt (AI_ivl test3_ivl)"
nipkow@45623
   264
value [code] "show_acom (((step_ivl \<top>)^^0) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45623
   265
value [code] "show_acom (((step_ivl \<top>)^^1) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45623
   266
value [code] "show_acom (((step_ivl \<top>)^^2) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45623
   267
value [code] "show_acom (((step_ivl \<top>)^^3) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45623
   268
value [code] "show_acom (((step_ivl \<top>)^^4) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45623
   269
nipkow@45623
   270
text{* Takes as many iterations as the actual execution. Would diverge if
nipkow@45623
   271
loop did not terminate. Worse still, as the following example shows: even if
nipkow@45623
   272
the actual execution terminates, the analysis may not. The value of y keeps
nipkow@45623
   273
decreasing as the analysis is iterated, no matter how long: *}
nipkow@45623
   274
nipkow@45623
   275
value [code] "show_acom (((step_ivl \<top>)^^50) (\<bottom>\<^sub>c test4_ivl))"
nipkow@45623
   276
nipkow@45623
   277
text{* Relationships between variables are NOT captured: *}
nipkow@45623
   278
value [code] "show_acom_opt (AI_ivl test5_ivl)"
nipkow@45623
   279
nipkow@45623
   280
text{* Again, the analysis would not terminate: *}
nipkow@45623
   281
value [code] "show_acom (((step_ivl \<top>)^^50) (\<bottom>\<^sub>c test6_ivl))"
nipkow@45623
   282
nipkow@45111
   283
end