# HG changeset patch # User haftmann # Date 1278341183 -7200 # Node ID 271ecd4fb9f9a3a460874fb960dbf20a452eb6ab # Parent 3046ebbb43c097b638e94d195679ae6e067e7d16 moved "open" operations from Heap.thy to Array.thy and Ref.thy diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/Array.thy --- a/src/HOL/Imperative_HOL/Array.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/Array.thy Mon Jul 05 16:46:23 2010 +0200 @@ -8,24 +8,132 @@ imports Heap_Monad begin +subsection {* Primitive layer *} + +definition + array_present :: "'a\heap array \ heap \ bool" where + "array_present a h \ addr_of_array a < lim h" + +definition + get_array :: "'a\heap array \ heap \ 'a list" where + "get_array a h = map from_nat (arrays h (TYPEREP('a)) (addr_of_array a))" + +definition + set_array :: "'a\heap array \ 'a list \ heap \ heap" where + "set_array a x = + arrays_update (\h. h(TYPEREP('a) := ((h(TYPEREP('a))) (addr_of_array a:=map to_nat x))))" + +definition array :: "'a list \ heap \ 'a\heap array \ heap" where + "array xs h = (let + l = lim h; + r = Array l; + h'' = set_array r xs (h\lim := l + 1\) + in (r, h''))" + +definition length :: "'a\heap array \ heap \ nat" where + "length a h = List.length (get_array a h)" + +definition change :: "'a\heap array \ nat \ 'a \ heap \ heap" where + "change a i x h = set_array a ((get_array a h)[i:=x]) h" + +text {* Properties of imperative arrays *} + +text {* FIXME: Does there exist a "canonical" array axiomatisation in +the literature? *} + +definition noteq_arrs :: "('a\heap) array \ ('b\heap) array \ bool" (infix "=!!=" 70) where + "r =!!= s \ TYPEREP('a) \ TYPEREP('b) \ addr_of_array r \ addr_of_array s" + +lemma noteq_arrs_sym: "a =!!= b \ b =!!= a" + and unequal_arrs [simp]: "a \ a' \ a =!!= a'" + unfolding noteq_arrs_def by auto + +lemma noteq_arrs_irrefl: "r =!!= r \ False" + unfolding noteq_arrs_def by auto + +lemma present_new_arr: "array_present a h \ a =!!= fst (array xs h)" + by (simp add: array_present_def noteq_arrs_def array_def Let_def) + +lemma array_get_set_eq [simp]: "get_array r (set_array r x h) = x" + by (simp add: get_array_def set_array_def o_def) + +lemma array_get_set_neq [simp]: "r =!!= s \ get_array r (set_array s x h) = get_array r h" + by (simp add: noteq_arrs_def get_array_def set_array_def) + +lemma set_array_same [simp]: + "set_array r x (set_array r y h) = set_array r x h" + by (simp add: set_array_def) + +lemma array_set_set_swap: + "r =!!= r' \ set_array r x (set_array r' x' h) = set_array r' x' (set_array r x h)" + by (simp add: Let_def expand_fun_eq noteq_arrs_def set_array_def) + +lemma get_array_change_eq [simp]: + "get_array a (change a i v h) = (get_array a h) [i := v]" + by (simp add: change_def) + +lemma nth_change_array_neq_array [simp]: + "a =!!= b \ get_array a (change b j v h) ! i = get_array a h ! i" + by (simp add: change_def noteq_arrs_def) + +lemma get_arry_array_change_elem_neqIndex [simp]: + "i \ j \ get_array a (change a j v h) ! i = get_array a h ! i" + by simp + +lemma length_change [simp]: + "length a (change b i v h) = length a h" + by (simp add: change_def length_def set_array_def get_array_def) + +lemma change_swap_neqArray: + "a =!!= a' \ + change a i v (change a' i' v' h) + = change a' i' v' (change a i v h)" +apply (unfold change_def) +apply simp +apply (subst array_set_set_swap, assumption) +apply (subst array_get_set_neq) +apply (erule noteq_arrs_sym) +apply (simp) +done + +lemma change_swap_neqIndex: + "\ i \ i' \ \ change a i v (change a i' v' h) = change a i' v' (change a i v h)" + by (auto simp add: change_def array_set_set_swap list_update_swap) + +lemma get_array_init_array_list: + "get_array (fst (array ls h)) (snd (array ls' h)) = ls'" + by (simp add: Let_def split_def array_def) + +lemma set_array: + "set_array (fst (array ls h)) + new_ls (snd (array ls h)) + = snd (array new_ls h)" + by (simp add: Let_def split_def array_def) + +lemma array_present_change [simp]: + "array_present a (change b i v h) = array_present a h" + by (simp add: change_def array_present_def set_array_def get_array_def) + + + subsection {* Primitives *} definition new :: "nat \ 'a\heap \ 'a array Heap" where - [code del]: "new n x = Heap_Monad.heap (Heap.array (replicate n x))" + [code del]: "new n x = Heap_Monad.heap (Array.array (replicate n x))" definition of_list :: "'a\heap list \ 'a array Heap" where - [code del]: "of_list xs = Heap_Monad.heap (Heap.array xs)" + [code del]: "of_list xs = Heap_Monad.heap (Array.array xs)" definition - length :: "'a\heap array \ nat Heap" where - [code del]: "length arr = Heap_Monad.heap (\h. (Heap.length arr h, h))" + len :: "'a\heap array \ nat Heap" where + [code del]: "len arr = Heap_Monad.heap (\h. (Array.length arr h, h))" definition nth :: "'a\heap array \ nat \ 'a Heap" where - [code del]: "nth a i = (do len \ length a; + [code del]: "nth a i = (do len \ len a; (if i < len then Heap_Monad.heap (\h. (get_array a h ! i, h)) else raise ''array lookup: index out of range'') @@ -34,9 +142,9 @@ definition upd :: "nat \ 'a \ 'a\heap array \ 'a\heap array Heap" where - [code del]: "upd i x a = (do len \ length a; + [code del]: "upd i x a = (do len \ len a; (if i < len - then Heap_Monad.heap (\h. (a, Heap.upd a i x h)) + then Heap_Monad.heap (\h. (a, change a i x h)) else raise ''array update: index out of range'') done)" @@ -73,7 +181,7 @@ freeze :: "'a\heap array \ 'a list Heap" where "freeze a = (do - n \ length a; + n \ len a; mapM (nth a) [0..heap \ 'a) \ 'a array \ 'a array Heap" where "map f a = (do - n \ length a; + n \ len a; mapM (\n. map_entry n f a) [0..= (\n. return (Code_Numeral.of_nat n))" -hide_const (open) length' +definition len' where + [code del]: "len' a = Array.len a \= (\n. return (Code_Numeral.of_nat n))" +hide_const (open) len' lemma [code]: - "Array.length a = Array.length' a \= (\i. return (Code_Numeral.nat_of i))" - by (simp add: length'_def) + "Array.len a = Array.len' a \= (\i. return (Code_Numeral.nat_of i))" + by (simp add: len'_def) definition nth' where [code del]: "nth' a = Array.nth a o Code_Numeral.nat_of" @@ -154,7 +261,7 @@ code_const Array.new' (SML "(fn/ ()/ =>/ Array.array/ ((_),/ (_)))") code_const Array.of_list' (SML "(fn/ ()/ =>/ Array.fromList/ _)") code_const Array.make' (SML "(fn/ ()/ =>/ Array.tabulate/ ((_),/ (_)))") -code_const Array.length' (SML "(fn/ ()/ =>/ Array.length/ _)") +code_const Array.len' (SML "(fn/ ()/ =>/ Array.length/ _)") code_const Array.nth' (SML "(fn/ ()/ =>/ Array.sub/ ((_),/ (_)))") code_const Array.upd' (SML "(fn/ ()/ =>/ Array.update/ ((_),/ (_),/ (_)))") @@ -167,7 +274,7 @@ code_const Array (OCaml "failwith/ \"bare Array\"") code_const Array.new' (OCaml "(fun/ ()/ ->/ Array.make/ (Big'_int.int'_of'_big'_int/ _)/ _)") code_const Array.of_list' (OCaml "(fun/ ()/ ->/ Array.of'_list/ _)") -code_const Array.length' (OCaml "(fun/ ()/ ->/ Big'_int.big'_int'_of'_int/ (Array.length/ _))") +code_const Array.len' (OCaml "(fun/ ()/ ->/ Big'_int.big'_int'_of'_int/ (Array.length/ _))") code_const Array.nth' (OCaml "(fun/ ()/ ->/ Array.get/ _/ (Big'_int.int'_of'_big'_int/ _))") code_const Array.upd' (OCaml "(fun/ ()/ ->/ Array.set/ _/ (Big'_int.int'_of'_big'_int/ _)/ _)") @@ -180,8 +287,10 @@ code_const Array (Haskell "error/ \"bare Array\"") code_const Array.new' (Haskell "Heap.newArray/ (0,/ _)") code_const Array.of_list' (Haskell "Heap.newListArray/ (0,/ _)") -code_const Array.length' (Haskell "Heap.lengthArray") +code_const Array.len' (Haskell "Heap.lengthArray") code_const Array.nth' (Haskell "Heap.readArray") code_const Array.upd' (Haskell "Heap.writeArray") +hide_const (open) new map -- {* avoid clashed with some popular names *} + end diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/Heap.thy --- a/src/HOL/Imperative_HOL/Heap.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/Heap.thy Mon Jul 05 16:46:23 2010 +0200 @@ -37,7 +37,10 @@ subsection {* A polymorphic heap with dynamic arrays and references *} -subsubsection {* Type definitions *} +text {* + References and arrays are developed in parallel, + but keeping them separate makes some later proofs simpler. +*} types addr = nat -- "untyped heap references" types heap_rep = nat -- "representable values" @@ -82,283 +85,4 @@ #> Sign.add_const_constraint (@{const_name addr_of_ref}, SOME @{typ "'a\heap ref \ nat"}) *} - -subsection {* Imperative references and arrays *} - -text {* - References and arrays are developed in parallel, - but keeping them separate makes some later proofs simpler. -*} - -subsubsection {* Primitive operations *} - -definition - ref_present :: "'a\heap ref \ heap \ bool" where - "ref_present r h \ addr_of_ref r < lim h" - -definition - array_present :: "'a\heap array \ heap \ bool" where - "array_present a h \ addr_of_array a < lim h" - -definition - get_ref :: "'a\heap ref \ heap \ 'a" where - "get_ref r h = from_nat (refs h (TYPEREP('a)) (addr_of_ref r))" - -definition - get_array :: "'a\heap array \ heap \ 'a list" where - "get_array a h = map from_nat (arrays h (TYPEREP('a)) (addr_of_array a))" - -definition - set_ref :: "'a\heap ref \ 'a \ heap \ heap" where - "set_ref r x = - refs_update (\h. h(TYPEREP('a) := ((h (TYPEREP('a))) (addr_of_ref r:=to_nat x))))" - -definition - set_array :: "'a\heap array \ 'a list \ heap \ heap" where - "set_array a x = - arrays_update (\h. h(TYPEREP('a) := ((h(TYPEREP('a))) (addr_of_array a:=map to_nat x))))" - -definition ref :: "'a \ heap \ 'a\heap ref \ heap" where - "ref x h = (let - l = lim h; - r = Ref l; - h'' = set_ref r x (h\lim := l + 1\) - in (r, h''))" - -definition array :: "'a list \ heap \ 'a\heap array \ heap" where - "array xs h = (let - l = lim h; - r = Array l; - h'' = set_array r xs (h\lim := l + 1\) - in (r, h''))" - -definition - upd :: "'a\heap array \ nat \ 'a \ heap \ heap" where - "upd a i x h = set_array a ((get_array a h)[i:=x]) h" - -definition - length :: "'a\heap array \ heap \ nat" where - "length a h = size (get_array a h)" - - -subsubsection {* Reference equality *} - -text {* - The following relations are useful for comparing arrays and references. -*} - -definition - noteq_refs :: "('a\heap) ref \ ('b\heap) ref \ bool" (infix "=!=" 70) -where - "r =!= s \ TYPEREP('a) \ TYPEREP('b) \ addr_of_ref r \ addr_of_ref s" - -definition - noteq_arrs :: "('a\heap) array \ ('b\heap) array \ bool" (infix "=!!=" 70) -where - "r =!!= s \ TYPEREP('a) \ TYPEREP('b) \ addr_of_array r \ addr_of_array s" - -lemma noteq_refs_sym: "r =!= s \ s =!= r" - and noteq_arrs_sym: "a =!!= b \ b =!!= a" - and unequal_refs [simp]: "r \ r' \ r =!= r'" -- "same types!" - and unequal_arrs [simp]: "a \ a' \ a =!!= a'" -unfolding noteq_refs_def noteq_arrs_def by auto - -lemma noteq_refs_irrefl: "r =!= r \ False" - unfolding noteq_refs_def by auto - -lemma present_new_ref: "ref_present r h \ r =!= fst (ref v h)" - by (simp add: ref_present_def ref_def Let_def noteq_refs_def) - -lemma present_new_arr: "array_present a h \ a =!!= fst (array xs h)" - by (simp add: array_present_def noteq_arrs_def array_def Let_def) - - -subsubsection {* Properties of heap containers *} - -text {* Properties of imperative arrays *} - -text {* FIXME: Does there exist a "canonical" array axiomatisation in -the literature? *} - -lemma array_get_set_eq [simp]: "get_array r (set_array r x h) = x" - by (simp add: get_array_def set_array_def o_def) - -lemma array_get_set_neq [simp]: "r =!!= s \ get_array r (set_array s x h) = get_array r h" - by (simp add: noteq_arrs_def get_array_def set_array_def) - -lemma set_array_same [simp]: - "set_array r x (set_array r y h) = set_array r x h" - by (simp add: set_array_def) - -lemma array_set_set_swap: - "r =!!= r' \ set_array r x (set_array r' x' h) = set_array r' x' (set_array r x h)" - by (simp add: Let_def expand_fun_eq noteq_arrs_def set_array_def) - -lemma array_ref_set_set_swap: - "set_array r x (set_ref r' x' h) = set_ref r' x' (set_array r x h)" - by (simp add: Let_def expand_fun_eq set_array_def set_ref_def) - -lemma get_array_upd_eq [simp]: - "get_array a (upd a i v h) = (get_array a h) [i := v]" - by (simp add: upd_def) - -lemma nth_upd_array_neq_array [simp]: - "a =!!= b \ get_array a (upd b j v h) ! i = get_array a h ! i" - by (simp add: upd_def noteq_arrs_def) - -lemma get_arry_array_upd_elem_neqIndex [simp]: - "i \ j \ get_array a (upd a j v h) ! i = get_array a h ! i" - by simp - -lemma length_upd_eq [simp]: - "length a (upd a i v h) = length a h" - by (simp add: length_def upd_def) - -lemma length_upd_neq [simp]: - "length a (upd b i v h) = length a h" - by (simp add: upd_def length_def set_array_def get_array_def) - -lemma upd_swap_neqArray: - "a =!!= a' \ - upd a i v (upd a' i' v' h) - = upd a' i' v' (upd a i v h)" -apply (unfold upd_def) -apply simp -apply (subst array_set_set_swap, assumption) -apply (subst array_get_set_neq) -apply (erule noteq_arrs_sym) -apply (simp) -done - -lemma upd_swap_neqIndex: - "\ i \ i' \ \ upd a i v (upd a i' v' h) = upd a i' v' (upd a i v h)" -by (auto simp add: upd_def array_set_set_swap list_update_swap) - -lemma get_array_init_array_list: - "get_array (fst (array ls h)) (snd (array ls' h)) = ls'" - by (simp add: Let_def split_def array_def) - -lemma set_array: - "set_array (fst (array ls h)) - new_ls (snd (array ls h)) - = snd (array new_ls h)" - by (simp add: Let_def split_def array_def) - -lemma array_present_upd [simp]: - "array_present a (upd b i v h) = array_present a h" - by (simp add: upd_def array_present_def set_array_def get_array_def) - -(*lemma array_of_list_replicate: - "array_of_list (replicate n x) = array n x" - by (simp add: expand_fun_eq array_of_list_def array_def)*) - -text {* Properties of imperative references *} - -lemma next_ref_fresh [simp]: - assumes "(r, h') = ref x h" - shows "\ ref_present r h" - using assms by (cases h) (auto simp add: ref_def ref_present_def Let_def) - -lemma next_ref_present [simp]: - assumes "(r, h') = ref x h" - shows "ref_present r h'" - using assms by (cases h) (auto simp add: ref_def set_ref_def ref_present_def Let_def) - -lemma ref_get_set_eq [simp]: "get_ref r (set_ref r x h) = x" - by (simp add: get_ref_def set_ref_def) - -lemma ref_get_set_neq [simp]: "r =!= s \ get_ref r (set_ref s x h) = get_ref r h" - by (simp add: noteq_refs_def get_ref_def set_ref_def) - -(* FIXME: We need some infrastructure to infer that locally generated - new refs (by new_ref(_no_init), new_array(')) are distinct - from all existing refs. -*) - -lemma ref_set_get: "set_ref r (get_ref r h) h = h" -apply (simp add: set_ref_def get_ref_def) -oops - -lemma set_ref_same[simp]: - "set_ref r x (set_ref r y h) = set_ref r x h" - by (simp add: set_ref_def) - -lemma ref_set_set_swap: - "r =!= r' \ set_ref r x (set_ref r' x' h) = set_ref r' x' (set_ref r x h)" - by (simp add: Let_def expand_fun_eq noteq_refs_def set_ref_def) - -lemma ref_new_set: "fst (ref v (set_ref r v' h)) = fst (ref v h)" - by (simp add: ref_def set_ref_def Let_def) - -lemma ref_get_new [simp]: - "get_ref (fst (ref v h)) (snd (ref v' h)) = v'" - by (simp add: ref_def Let_def split_def) - -lemma ref_set_new [simp]: - "set_ref (fst (ref v h)) new_v (snd (ref v h)) = snd (ref new_v h)" - by (simp add: ref_def Let_def split_def) - -lemma ref_get_new_neq: "r =!= (fst (ref v h)) \ - get_ref r (snd (ref v h)) = get_ref r h" - by (simp add: get_ref_def set_ref_def ref_def Let_def noteq_refs_def) - -lemma lim_set_ref [simp]: - "lim (set_ref r v h) = lim h" - by (simp add: set_ref_def) - -lemma ref_present_new_ref [simp]: - "ref_present r h \ ref_present r (snd (ref v h))" - by (simp add: ref_present_def ref_def Let_def) - -lemma ref_present_set_ref [simp]: - "ref_present r (set_ref r' v h) = ref_present r h" - by (simp add: set_ref_def ref_present_def) - -lemma noteq_refsI: "\ ref_present r h; \ref_present r' h \ \ r =!= r'" - unfolding noteq_refs_def ref_present_def - by auto - -text {* Non-interaction between imperative array and imperative references *} - -lemma get_array_set_ref [simp]: "get_array a (set_ref r v h) = get_array a h" - by (simp add: get_array_def set_ref_def) - -lemma nth_set_ref [simp]: "get_array a (set_ref r v h) ! i = get_array a h ! i" - by simp - -lemma get_ref_upd [simp]: "get_ref r (upd a i v h) = get_ref r h" - by (simp add: get_ref_def set_array_def upd_def) - -lemma new_ref_upd: "fst (ref v (upd a i v' h)) = fst (ref v h)" - by (simp add: set_array_def get_array_def Let_def ref_new_set upd_def ref_def) - -text {*not actually true ???*} -lemma upd_set_ref_swap: "upd a i v (set_ref r v' h) = set_ref r v' (upd a i v h)" -apply (case_tac a) -apply (simp add: Let_def upd_def) -apply auto -oops - -lemma length_new_ref[simp]: - "length a (snd (ref v h)) = length a h" - by (simp add: get_array_def set_ref_def length_def ref_def Let_def) - -lemma get_array_new_ref [simp]: - "get_array a (snd (ref v h)) = get_array a h" - by (simp add: ref_def set_ref_def get_array_def Let_def) - -lemma ref_present_upd [simp]: - "ref_present r (upd a i v h) = ref_present r h" - by (simp add: upd_def ref_present_def set_array_def get_array_def) - -lemma array_present_set_ref [simp]: - "array_present a (set_ref r v h) = array_present a h" - by (simp add: array_present_def set_ref_def) - -lemma array_present_new_ref [simp]: - "array_present a h \ array_present a (snd (ref v h))" - by (simp add: array_present_def ref_def Let_def) - -hide_const (open) empty upd length array ref - end diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/Ref.thy --- a/src/HOL/Imperative_HOL/Ref.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/Ref.thy Mon Jul 05 16:46:23 2010 +0200 @@ -5,7 +5,7 @@ header {* Monadic references *} theory Ref -imports Heap_Monad +imports Array begin text {* @@ -14,11 +14,111 @@ and http://www.smlnj.org/doc/Conversion/top-level-comparison.html *} +subsection {* Primitive layer *} + +definition + ref_present :: "'a\heap ref \ heap \ bool" where + "ref_present r h \ addr_of_ref r < lim h" + +definition + get_ref :: "'a\heap ref \ heap \ 'a" where + "get_ref r h = from_nat (refs h (TYPEREP('a)) (addr_of_ref r))" + +definition + set_ref :: "'a\heap ref \ 'a \ heap \ heap" where + "set_ref r x = + refs_update (\h. h(TYPEREP('a) := ((h (TYPEREP('a))) (addr_of_ref r:=to_nat x))))" + +definition ref :: "'a \ heap \ 'a\heap ref \ heap" where + "ref x h = (let + l = lim h; + r = Ref l; + h'' = set_ref r x (h\lim := l + 1\) + in (r, h''))" + +definition noteq_refs :: "('a\heap) ref \ ('b\heap) ref \ bool" (infix "=!=" 70) where + "r =!= s \ TYPEREP('a) \ TYPEREP('b) \ addr_of_ref r \ addr_of_ref s" + +lemma noteq_refs_sym: "r =!= s \ s =!= r" + and unequal_refs [simp]: "r \ r' \ r =!= r'" -- "same types!" + unfolding noteq_refs_def by auto + +lemma noteq_refs_irrefl: "r =!= r \ False" + unfolding noteq_refs_def by auto + +lemma present_new_ref: "ref_present r h \ r =!= fst (ref v h)" + by (simp add: ref_present_def ref_def Let_def noteq_refs_def) + +lemma next_ref_fresh [simp]: + assumes "(r, h') = ref x h" + shows "\ ref_present r h" + using assms by (cases h) (auto simp add: ref_def ref_present_def Let_def) + +lemma next_ref_present [simp]: + assumes "(r, h') = ref x h" + shows "ref_present r h'" + using assms by (cases h) (auto simp add: ref_def set_ref_def ref_present_def Let_def) + +lemma ref_get_set_eq [simp]: "get_ref r (set_ref r x h) = x" + by (simp add: get_ref_def set_ref_def) + +lemma ref_get_set_neq [simp]: "r =!= s \ get_ref r (set_ref s x h) = get_ref r h" + by (simp add: noteq_refs_def get_ref_def set_ref_def) + +(* FIXME: We need some infrastructure to infer that locally generated + new refs (by new_ref(_no_init), new_array(')) are distinct + from all existing refs. +*) + +lemma ref_set_get: "set_ref r (get_ref r h) h = h" +apply (simp add: set_ref_def get_ref_def) +oops + +lemma set_ref_same[simp]: + "set_ref r x (set_ref r y h) = set_ref r x h" + by (simp add: set_ref_def) + +lemma ref_set_set_swap: + "r =!= r' \ set_ref r x (set_ref r' x' h) = set_ref r' x' (set_ref r x h)" + by (simp add: Let_def expand_fun_eq noteq_refs_def set_ref_def) + +lemma ref_new_set: "fst (ref v (set_ref r v' h)) = fst (ref v h)" + by (simp add: ref_def set_ref_def Let_def) + +lemma ref_get_new [simp]: + "get_ref (fst (ref v h)) (snd (ref v' h)) = v'" + by (simp add: ref_def Let_def split_def) + +lemma ref_set_new [simp]: + "set_ref (fst (ref v h)) new_v (snd (ref v h)) = snd (ref new_v h)" + by (simp add: ref_def Let_def split_def) + +lemma ref_get_new_neq: "r =!= (fst (ref v h)) \ + get_ref r (snd (ref v h)) = get_ref r h" + by (simp add: get_ref_def set_ref_def ref_def Let_def noteq_refs_def) + +lemma lim_set_ref [simp]: + "lim (set_ref r v h) = lim h" + by (simp add: set_ref_def) + +lemma ref_present_new_ref [simp]: + "ref_present r h \ ref_present r (snd (ref v h))" + by (simp add: ref_present_def ref_def Let_def) + +lemma ref_present_set_ref [simp]: + "ref_present r (set_ref r' v h) = ref_present r h" + by (simp add: set_ref_def ref_present_def) + +lemma noteq_refsI: "\ ref_present r h; \ref_present r' h \ \ r =!= r'" + unfolding noteq_refs_def ref_present_def + by auto + + subsection {* Primitives *} definition new :: "'a\heap \ 'a ref Heap" where - [code del]: "new v = Heap_Monad.heap (Heap.ref v)" + [code del]: "new v = Heap_Monad.heap (Ref.ref v)" definition lookup :: "'a\heap ref \ 'a Heap" ("!_" 61) where @@ -55,6 +155,48 @@ by (auto simp add: change_def lookup_chain) +text {* Non-interaction between imperative array and imperative references *} + +lemma get_array_set_ref [simp]: "get_array a (set_ref r v h) = get_array a h" + by (simp add: get_array_def set_ref_def) + +lemma nth_set_ref [simp]: "get_array a (set_ref r v h) ! i = get_array a h ! i" + by simp + +lemma get_ref_upd [simp]: "get_ref r (Array.change a i v h) = get_ref r h" + by (simp add: get_ref_def set_array_def Array.change_def) + +lemma new_ref_upd: "fst (ref v (Array.change a i v' h)) = fst (ref v h)" + by (simp add: set_array_def get_array_def Let_def ref_new_set Array.change_def ref_def) + +lemma upd_set_ref_swap: "Array.change a i v (set_ref r v' h) = set_ref r v' (Array.change a i v h)" + by (simp add: set_ref_def Array.change_def get_array_def set_array_def) + +lemma length_new_ref[simp]: + "length a (snd (ref v h)) = length a h" + by (simp add: get_array_def set_ref_def length_def ref_def Let_def) + +lemma get_array_new_ref [simp]: + "get_array a (snd (ref v h)) = get_array a h" + by (simp add: ref_def set_ref_def get_array_def Let_def) + +lemma ref_present_upd [simp]: + "ref_present r (Array.change a i v h) = ref_present r h" + by (simp add: Array.change_def ref_present_def set_array_def get_array_def) + +lemma array_present_set_ref [simp]: + "array_present a (set_ref r v h) = array_present a h" + by (simp add: array_present_def set_ref_def) + +lemma array_present_new_ref [simp]: + "array_present a h \ array_present a (snd (ref v h))" + by (simp add: array_present_def ref_def Let_def) + +lemma array_ref_set_set_swap: + "set_array r x (set_ref r' x' h) = set_ref r' x' (set_array r x h)" + by (simp add: Let_def expand_fun_eq set_array_def set_ref_def) + + subsection {* Code generator setup *} subsubsection {* SML *} diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/Relational.thy --- a/src/HOL/Imperative_HOL/Relational.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/Relational.thy Mon Jul 05 16:46:23 2010 +0200 @@ -91,10 +91,10 @@ subsection {* Elimination rules for array commands *} lemma crel_length: - assumes "crel (length a) h h' r" - obtains "h = h'" "r = Heap.length a h'" + assumes "crel (len a) h h' r" + obtains "h = h'" "r = Array.length a h'" using assms - unfolding length_def + unfolding Array.len_def by (elim crel_heap) simp (* Strong version of the lemma for this operation is missing *) @@ -106,14 +106,14 @@ lemma crel_nth[consumes 1]: assumes "crel (nth a i) h h' r" - obtains "r = (get_array a h) ! i" "h = h'" "i < Heap.length a h" + obtains "r = (get_array a h) ! i" "h = h'" "i < Array.length a h" using assms unfolding nth_def by (auto elim!: crelE crel_if crel_raise crel_length crel_heap) lemma crel_upd[consumes 1]: assumes "crel (upd i v a) h h' r" - obtains "r = a" "h' = Heap.upd a i v h" + obtains "r = a" "h' = Array.change a i v h" using assms unfolding upd_def by (elim crelE crel_if crel_return crel_raise @@ -129,14 +129,14 @@ lemma crel_map_entry: assumes "crel (Array.map_entry i f a) h h' r" - obtains "r = a" "h' = Heap.upd a i (f (get_array a h ! i)) h" + obtains "r = a" "h' = Array.change a i (f (get_array a h ! i)) h" using assms unfolding Array.map_entry_def by (elim crelE crel_upd crel_nth) auto lemma crel_swap: assumes "crel (Array.swap i x a) h h' r" - obtains "r = get_array a h ! i" "h' = Heap.upd a i x h" + obtains "r = get_array a h ! i" "h' = Array.change a i x h" using assms unfolding Array.swap_def by (elim crelE crel_upd crel_nth crel_return) auto @@ -160,25 +160,25 @@ lemma crel_mapM_nth: assumes - "crel (mapM (Array.nth a) [Heap.length a h - n.. Heap.length a h" - shows "h = h' \ xs = drop (Heap.length a h - n) (get_array a h)" + "crel (mapM (Array.nth a) [Array.length a h - n.. Array.length a h" + shows "h = h' \ xs = drop (Array.length a h - n) (get_array a h)" using assms proof (induct n arbitrary: xs h h') case 0 thus ?case - by (auto elim!: crel_return simp add: Heap.length_def) + by (auto elim!: crel_return simp add: Array.length_def) next case (Suc n) - from Suc(3) have "[Heap.length a h - Suc n..n. map_entry n f a) [Heap.length a h - n..n. map_entry n f a) [Array.length a h - n..n. map_entry n f a) [Heap.length a h - n..n. map_entry n f a) [Array.length a h - n..n. map_entry n f a) [Heap.length a ?h1 - n..n. map_entry n f a) [Array.length a ?h1 - n..n. map_entry n f a) [Heap.length a h - n.. Heap.length a h" - assumes "i \ Heap.length a h - n" - assumes "i < Heap.length a h" + assumes "crel (mapM (\n. map_entry n f a) [Array.length a h - n.. Array.length a h" + assumes "i \ Array.length a h - n" + assumes "i < Array.length a h" shows "get_array a h' ! i = f (get_array a h ! i)" using assms proof (induct n arbitrary: h h' r) @@ -230,54 +230,54 @@ by (auto elim!: crel_return) next case (Suc n) - let ?h1 = "Heap.upd a (Heap.length a h - Suc n) (f (get_array a h ! (Heap.length a h - Suc n))) h" - from Suc(3) have "[Heap.length a h - Suc n..n. map_entry n f a) [Heap.length a h - n..n. map_entry n f a) [Array.length a h - n.. i \ Heap.length a ?h1 - n" by arith - from crel_mapM have crel_mapM': "crel (mapM (\n. map_entry n f a) [Heap.length a ?h1 - n.. i \ Array.length a ?h1 - n" by arith + from crel_mapM have crel_mapM': "crel (mapM (\n. map_entry n f a) [Array.length a ?h1 - n..n. map_entry n f a) [Heap.length a h - n.. Heap.length a h" - shows "Heap.length a h' = Heap.length a h" + assumes "crel (mapM (\n. map_entry n f a) [Array.length a h - n.. Array.length a h" + shows "Array.length a h' = Array.length a h" using assms proof (induct n arbitrary: h h' r) case 0 thus ?case by (auto elim!: crel_return) next case (Suc n) - let ?h1 = "Heap.upd a (Heap.length a h - Suc n) (f (get_array a h ! (Heap.length a h - Suc n))) h" - from Suc(3) have "[Heap.length a h - Suc n..n. map_entry n f a) [Heap.length a h - n..n. map_entry n f a) [Array.length a h - n..n. map_entry n f a) [Heap.length a ?h1 - n..n. map_entry n f a) [Array.length a ?h1 - n..n. map_entry n f a) [0..n. map_entry n f a) [0..n. map_entry n f a) [Heap.length a h - Heap.length a h..n. map_entry n f a) [Array.length a h - Array.length a h.. Heap.length a h" - shows "noError (mapM (\n. map_entry n f a) [Heap.length a h - n.. Array.length a h" + shows "noError (mapM (\n. map_entry n f a) [Array.length a h - n.. nat \ nat \ nat \ nat Heap" where @@ -101,7 +101,7 @@ lemma part_length_remains: assumes "crel (part1 a l r p) h h' rs" - shows "Heap.length a h = Heap.length a h'" + shows "Array.length a h = Array.length a h'" using assms proof (induct a l r p arbitrary: h h' rs rule:part1.induct) case (1 a l r p h h' rs) @@ -207,7 +207,7 @@ by (elim crelE crel_nth crel_if crel_return) auto from swp False have "get_array a h1 ! r \ p" unfolding swap_def - by (auto simp add: Heap.length_def elim!: crelE crel_nth crel_upd crel_return) + by (auto simp add: Array.length_def elim!: crelE crel_nth crel_upd crel_return) with part_outer_remains [OF rec2] lr have a_r: "get_array a h' ! r \ p" by fastsimp have "\i. (i \ r = (i = r \ i \ r - 1))" by arith @@ -243,7 +243,7 @@ lemma partition_length_remains: assumes "crel (partition a l r) h h' rs" - shows "Heap.length a h = Heap.length a h'" + shows "Array.length a h = Array.length a h'" proof - from assms part_length_remains show ?thesis unfolding partition.simps swap_def @@ -287,14 +287,14 @@ else middle)" unfolding partition.simps by (elim crelE crel_return crel_nth crel_if crel_upd) simp - from swap have h'_def: "h' = Heap.upd a r (get_array a h1 ! rs) - (Heap.upd a rs (get_array a h1 ! r) h1)" + from swap have h'_def: "h' = Array.change a r (get_array a h1 ! rs) + (Array.change a rs (get_array a h1 ! r) h1)" unfolding swap_def by (elim crelE crel_return crel_nth crel_upd) simp - from swap have in_bounds: "r < Heap.length a h1 \ rs < Heap.length a h1" + from swap have in_bounds: "r < Array.length a h1 \ rs < Array.length a h1" unfolding swap_def by (elim crelE crel_return crel_nth crel_upd) simp - from swap have swap_length_remains: "Heap.length a h1 = Heap.length a h'" + from swap have swap_length_remains: "Array.length a h1 = Array.length a h'" unfolding swap_def by (elim crelE crel_return crel_nth crel_upd) auto from `l < r` have "l \ r - 1" by simp note middle_in_bounds = part_returns_index_in_bounds[OF part this] @@ -304,7 +304,7 @@ with swap have right_remains: "get_array a h ! r = get_array a h' ! rs" unfolding swap_def - by (auto simp add: Heap.length_def elim!: crelE crel_return crel_nth crel_upd) (cases "r = rs", auto) + by (auto simp add: Array.length_def elim!: crelE crel_return crel_nth crel_upd) (cases "r = rs", auto) from part_partitions [OF part] show ?thesis proof (cases "get_array a h1 ! middle \ ?pivot") @@ -314,12 +314,12 @@ fix i assume i_is_left: "l \ i \ i < rs" with swap_length_remains in_bounds middle_in_bounds rs_equals `l < r` - have i_props: "i < Heap.length a h'" "i \ r" "i \ rs" by auto + have i_props: "i < Array.length a h'" "i \ r" "i \ rs" by auto from i_is_left rs_equals have "l \ i \ i < middle \ i = middle" by arith with part_partitions[OF part] right_remains True have "get_array a h1 ! i \ get_array a h' ! rs" by fastsimp with i_props h'_def in_bounds have "get_array a h' ! i \ get_array a h' ! rs" - unfolding Heap.upd_def Heap.length_def by simp + unfolding Array.change_def Array.length_def by simp } moreover { @@ -331,7 +331,7 @@ proof assume i_is: "rs < i \ i \ r - 1" with swap_length_remains in_bounds middle_in_bounds rs_equals - have i_props: "i < Heap.length a h'" "i \ r" "i \ rs" by auto + have i_props: "i < Array.length a h'" "i \ r" "i \ rs" by auto from part_partitions[OF part] rs_equals right_remains i_is have "get_array a h' ! rs \ get_array a h1 ! i" by fastsimp @@ -345,7 +345,7 @@ by fastsimp with i_is True rs_equals right_remains h'_def show ?thesis using in_bounds - unfolding Heap.upd_def Heap.length_def + unfolding Array.change_def Array.length_def by auto qed } @@ -357,11 +357,11 @@ fix i assume i_is_left: "l \ i \ i < rs" with swap_length_remains in_bounds middle_in_bounds rs_equals - have i_props: "i < Heap.length a h'" "i \ r" "i \ rs" by auto + have i_props: "i < Array.length a h'" "i \ r" "i \ rs" by auto from part_partitions[OF part] rs_equals right_remains i_is_left have "get_array a h1 ! i \ get_array a h' ! rs" by fastsimp with i_props h'_def have "get_array a h' ! i \ get_array a h' ! rs" - unfolding Heap.upd_def by simp + unfolding Array.change_def by simp } moreover { @@ -372,7 +372,7 @@ proof assume i_is: "rs < i \ i \ r - 1" with swap_length_remains in_bounds middle_in_bounds rs_equals - have i_props: "i < Heap.length a h'" "i \ r" "i \ rs" by auto + have i_props: "i < Array.length a h'" "i \ r" "i \ rs" by auto from part_partitions[OF part] rs_equals right_remains i_is have "get_array a h' ! rs \ get_array a h1 ! i" by fastsimp @@ -381,7 +381,7 @@ assume i_is: "i = r" from i_is False rs_equals right_remains h'_def show ?thesis using in_bounds - unfolding Heap.upd_def Heap.length_def + unfolding Array.change_def Array.length_def by auto qed } @@ -425,7 +425,7 @@ lemma length_remains: assumes "crel (quicksort a l r) h h' rs" - shows "Heap.length a h = Heap.length a h'" + shows "Array.length a h = Array.length a h'" using assms proof (induct a l r arbitrary: h h' rs rule: quicksort.induct) case (1 a l r h h' rs) @@ -482,7 +482,7 @@ lemma quicksort_sorts: assumes "crel (quicksort a l r) h h' rs" - assumes l_r_length: "l < Heap.length a h" "r < Heap.length a h" + assumes l_r_length: "l < Array.length a h" "r < Array.length a h" shows "sorted (subarray l (r + 1) a h')" using assms proof (induct a l r arbitrary: h h' rs rule: quicksort.induct) @@ -524,7 +524,7 @@ from quicksort_outer_remains [OF qs1] quicksort_permutes [OF qs1] True length_remains 1(5) pivot multiset_of_sublist [of l p "get_array a h1" "get_array a h2"] have multiset_partconds1: "multiset_of (subarray l p a h2) = multiset_of (subarray l p a h1)" - unfolding Heap.length_def subarray_def by (cases p, auto) + unfolding Array.length_def subarray_def by (cases p, auto) with left_subarray_remains part_conds1 pivot_unchanged have part_conds2': "\j. j \ set (subarray l p a h') \ j \ get_array a h' ! p" by (simp, subst set_of_multiset_of[symmetric], simp) @@ -535,7 +535,7 @@ from quicksort_outer_remains [OF qs2] quicksort_permutes [OF qs2] True length_remains 1(5) pivot multiset_of_sublist [of "p + 1" "r + 1" "get_array a h2" "get_array a h'"] have multiset_partconds2: "multiset_of (subarray (p + 1) (r + 1) a h') = multiset_of (subarray (p + 1) (r + 1) a h2)" - unfolding Heap.length_def subarray_def by auto + unfolding Array.length_def subarray_def by auto with right_subarray_remains part_conds2 pivot_unchanged have part_conds1': "\j. j \ set (subarray (p + 1) (r + 1) a h') \ get_array a h' ! p \ j" by (simp, subst set_of_multiset_of[symmetric], simp) @@ -556,18 +556,18 @@ lemma quicksort_is_sort: - assumes crel: "crel (quicksort a 0 (Heap.length a h - 1)) h h' rs" + assumes crel: "crel (quicksort a 0 (Array.length a h - 1)) h h' rs" shows "get_array a h' = sort (get_array a h)" proof (cases "get_array a h = []") case True with quicksort_is_skip[OF crel] show ?thesis - unfolding Heap.length_def by simp + unfolding Array.length_def by simp next case False from quicksort_sorts [OF crel] False have "sorted (sublist' 0 (List.length (get_array a h)) (get_array a h'))" - unfolding Heap.length_def subarray_def by auto + unfolding Array.length_def subarray_def by auto with length_remains[OF crel] have "sorted (get_array a h')" - unfolding Heap.length_def by simp + unfolding Array.length_def by simp with quicksort_permutes [OF crel] properties_for_sort show ?thesis by fastsimp qed @@ -576,7 +576,7 @@ We will now show that exceptions do not occur. *} lemma noError_part1: - assumes "l < Heap.length a h" "r < Heap.length a h" + assumes "l < Array.length a h" "r < Array.length a h" shows "noError (part1 a l r p) h" using assms proof (induct a l r p arbitrary: h rule: part1.induct) @@ -587,7 +587,7 @@ qed lemma noError_partition: - assumes "l < r" "l < Heap.length a h" "r < Heap.length a h" + assumes "l < r" "l < Array.length a h" "r < Array.length a h" shows "noError (partition a l r) h" using assms unfolding partition.simps swap_def @@ -603,7 +603,7 @@ done lemma noError_quicksort: - assumes "l < Heap.length a h" "r < Heap.length a h" + assumes "l < Array.length a h" "r < Array.length a h" shows "noError (quicksort a l r) h" using assms proof (induct a l r arbitrary: h rule: quicksort.induct) @@ -628,7 +628,7 @@ subsection {* Example *} definition "qsort a = do - k \ length a; + k \ len a; quicksort a 0 (k - 1); return a done" diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/ex/Imperative_Reverse.thy --- a/src/HOL/Imperative_HOL/ex/Imperative_Reverse.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/ex/Imperative_Reverse.thy Mon Jul 05 16:46:23 2010 +0200 @@ -37,7 +37,7 @@ else get_array a h ! k)" using assms unfolding swap.simps by (elim crel_elim_all) - (auto simp: Heap.length_def) + (auto simp: length_def) lemma rev_pointwise: assumes "crel (rev a i j) h h' r" shows "get_array a h' ! k = (if k < i then get_array a h ! k @@ -69,7 +69,7 @@ lemma rev_length: assumes "crel (rev a i j) h h' r" - shows "Heap.length a h = Heap.length a h'" + shows "Array.length a h = Array.length a h'" using assms proof (induct a i j arbitrary: h h' rule: rev.induct) case (1 a i j h h'') @@ -93,7 +93,7 @@ qed lemma rev2_rev': assumes "crel (rev a i j) h h' u" - assumes "j < Heap.length a h" + assumes "j < Array.length a h" shows "subarray i (j + 1) a h' = List.rev (subarray i (j + 1) a h)" proof - { @@ -103,15 +103,15 @@ by auto } with assms(2) rev_length[OF assms(1)] show ?thesis - unfolding subarray_def Heap.length_def + unfolding subarray_def Array.length_def by (auto simp add: length_sublist' rev_nth min_def nth_sublist' intro!: nth_equalityI) qed lemma rev2_rev: - assumes "crel (rev a 0 (Heap.length a h - 1)) h h' u" + assumes "crel (rev a 0 (Array.length a h - 1)) h h' u" shows "get_array a h' = List.rev (get_array a h)" using rev2_rev'[OF assms] rev_length[OF assms] assms - by (cases "Heap.length a h = 0", auto simp add: Heap.length_def + by (cases "Array.length a h = 0", auto simp add: Array.length_def subarray_def sublist'_all rev.simps[where j=0] elim!: crel_elim_all) (drule sym[of "List.length (get_array a h)"], simp) diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/ex/SatChecker.thy --- a/src/HOL/Imperative_HOL/ex/SatChecker.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/ex/SatChecker.thy Mon Jul 05 16:46:23 2010 +0200 @@ -123,25 +123,25 @@ "array_ran a h = {e. Some e \ set (get_array a h)}" -- {*FIXME*} -lemma array_ranI: "\ Some b = get_array a h ! i; i < Heap.length a h \ \ b \ array_ran a h" -unfolding array_ran_def Heap.length_def by simp +lemma array_ranI: "\ Some b = get_array a h ! i; i < Array.length a h \ \ b \ array_ran a h" +unfolding array_ran_def Array.length_def by simp lemma array_ran_upd_array_Some: - assumes "cl \ array_ran a (Heap.upd a i (Some b) h)" + assumes "cl \ array_ran a (Array.change a i (Some b) h)" shows "cl \ array_ran a h \ cl = b" proof - have "set (get_array a h[i := Some b]) \ insert (Some b) (set (get_array a h))" by (rule set_update_subset_insert) with assms show ?thesis - unfolding array_ran_def Heap.upd_def by fastsimp + unfolding array_ran_def Array.change_def by fastsimp qed lemma array_ran_upd_array_None: - assumes "cl \ array_ran a (Heap.upd a i None h)" + assumes "cl \ array_ran a (Array.change a i None h)" shows "cl \ array_ran a h" proof - have "set (get_array a h[i := None]) \ insert None (set (get_array a h))" by (rule set_update_subset_insert) with assms show ?thesis - unfolding array_ran_def Heap.upd_def by auto + unfolding array_ran_def Array.change_def by auto qed definition correctArray :: "Clause list \ Clause option array \ heap \ bool" @@ -152,7 +152,7 @@ lemma correctArray_update: assumes "correctArray rcs a h" assumes "correctClause rcs c" "sorted c" "distinct c" - shows "correctArray rcs a (Heap.upd a i (Some c) h)" + shows "correctArray rcs a (Array.change a i (Some c) h)" using assms unfolding correctArray_def by (auto dest:array_ran_upd_array_Some) @@ -471,7 +471,7 @@ fix clj let ?rs = "merge (remove l cli) (remove (compl l) clj)" let ?rs' = "merge (remove (compl l) cli) (remove l clj)" - assume "h = h'" "Some clj = get_array a h' ! j" "j < Heap.length a h'" + assume "h = h'" "Some clj = get_array a h' ! j" "j < Array.length a h'" with correct_a have clj: "correctClause r clj" "sorted clj" "distinct clj" unfolding correctArray_def by (auto intro: array_ranI) with clj l_not_zero correct_cli @@ -485,7 +485,7 @@ } { fix v clj - assume "Some clj = get_array a h ! j" "j < Heap.length a h" + assume "Some clj = get_array a h ! j" "j < Array.length a h" with correct_a have clj: "correctClause r clj \ sorted clj \ distinct clj" unfolding correctArray_def by (auto intro: array_ranI) assume "crel (res_thm' l cli clj) h h' rs" diff -r 3046ebbb43c0 -r 271ecd4fb9f9 src/HOL/Imperative_HOL/ex/Subarray.thy --- a/src/HOL/Imperative_HOL/ex/Subarray.thy Mon Jul 05 15:36:37 2010 +0200 +++ b/src/HOL/Imperative_HOL/ex/Subarray.thy Mon Jul 05 16:46:23 2010 +0200 @@ -8,65 +8,64 @@ imports Array Sublist begin -definition subarray :: "nat \ nat \ ('a::heap) array \ heap \ 'a list" -where +definition subarray :: "nat \ nat \ ('a::heap) array \ heap \ 'a list" where "subarray n m a h \ sublist' n m (get_array a h)" -lemma subarray_upd: "i \ m \ subarray n m a (Heap.upd a i v h) = subarray n m a h" -apply (simp add: subarray_def Heap.upd_def) +lemma subarray_upd: "i \ m \ subarray n m a (Array.change a i v h) = subarray n m a h" +apply (simp add: subarray_def Array.change_def) apply (simp add: sublist'_update1) done -lemma subarray_upd2: " i < n \ subarray n m a (Heap.upd a i v h) = subarray n m a h" -apply (simp add: subarray_def Heap.upd_def) +lemma subarray_upd2: " i < n \ subarray n m a (Array.change a i v h) = subarray n m a h" +apply (simp add: subarray_def Array.change_def) apply (subst sublist'_update2) apply fastsimp apply simp done -lemma subarray_upd3: "\ n \ i; i < m\ \ subarray n m a (Heap.upd a i v h) = subarray n m a h[i - n := v]" -unfolding subarray_def Heap.upd_def +lemma subarray_upd3: "\ n \ i; i < m\ \ subarray n m a (Array.change a i v h) = subarray n m a h[i - n := v]" +unfolding subarray_def Array.change_def by (simp add: sublist'_update3) lemma subarray_Nil: "n \ m \ subarray n m a h = []" by (simp add: subarray_def sublist'_Nil') -lemma subarray_single: "\ n < Heap.length a h \ \ subarray n (Suc n) a h = [get_array a h ! n]" -by (simp add: subarray_def Heap.length_def sublist'_single) +lemma subarray_single: "\ n < Array.length a h \ \ subarray n (Suc n) a h = [get_array a h ! n]" +by (simp add: subarray_def length_def sublist'_single) -lemma length_subarray: "m \ Heap.length a h \ List.length (subarray n m a h) = m - n" -by (simp add: subarray_def Heap.length_def length_sublist') +lemma length_subarray: "m \ Array.length a h \ List.length (subarray n m a h) = m - n" +by (simp add: subarray_def length_def length_sublist') -lemma length_subarray_0: "m \ Heap.length a h \ List.length (subarray 0 m a h) = m" +lemma length_subarray_0: "m \ Array.length a h \ List.length (subarray 0 m a h) = m" by (simp add: length_subarray) -lemma subarray_nth_array_Cons: "\ i < Heap.length a h; i < j \ \ (get_array a h ! i) # subarray (Suc i) j a h = subarray i j a h" -unfolding Heap.length_def subarray_def +lemma subarray_nth_array_Cons: "\ i < Array.length a h; i < j \ \ (get_array a h ! i) # subarray (Suc i) j a h = subarray i j a h" +unfolding Array.length_def subarray_def by (simp add: sublist'_front) -lemma subarray_nth_array_back: "\ i < j; j \ Heap.length a h\ \ subarray i j a h = subarray i (j - 1) a h @ [get_array a h ! (j - 1)]" -unfolding Heap.length_def subarray_def +lemma subarray_nth_array_back: "\ i < j; j \