# HG changeset patch # User nipkow # Date 1327846587 -3600 # Node ID 42a01315d9986d43c272251f771b7db0db9be926 # Parent 25f081f779158dfb0cfad5a237a25832af584f18 removed accidental dependance of abstract interpreter on gamma diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int0.thy --- a/src/HOL/IMP/Abs_Int0.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int0.thy Sun Jan 29 15:16:27 2012 +0100 @@ -150,7 +150,7 @@ text{* ACC for option type: *} lemma acc_option: assumes "acc {(x,y::'a::preord). x \ y}" -shows "acc {(x,y::'a option). x \ y}" +shows "acc {(x,y::'a::preord option). x \ y}" proof(auto simp: wf_eq_minimal) fix xo :: "'a option" and Qo assume "xo : Qo" let ?Q = "{x. Some x \ Qo}" @@ -195,8 +195,8 @@ qed lemma measure_st: assumes "(strict{(x,y::'a::SL_top). x \ y})^-1 <= measure m" -and "\x y::'a. x \ y \ y \ x \ m x = m y" -shows "(strict{(S,S'::'a st). S \ S'})^-1 \ +and "\x y::'a::SL_top. x \ y \ y \ x \ m x = m y" +shows "(strict{(S,S'::'a::SL_top st). S \ S'})^-1 \ measure(%fd. \x| x\set(dom fd) \ ~ \ \ fun fd x. m(fun fd x)+1)" proof- { fix S S' :: "'a st" assume "S \ S'" "~ S' \ S" diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int0_const.thy --- a/src/HOL/IMP/Abs_Int0_const.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int0_const.thy Sun Jan 29 15:16:27 2012 +0100 @@ -69,7 +69,7 @@ interpretation Abs_Int where \ = \_const and num' = Const and plus' = plus_const defines AI_const is AI and step_const is step' and aval'_const is aval' -proof qed +.. subsubsection "Tests" diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int0_parity.thy --- a/src/HOL/IMP/Abs_Int0_parity.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int0_parity.thy Sun Jan 29 15:16:27 2012 +0100 @@ -114,7 +114,7 @@ interpretation Abs_Int where \ = \_parity and num' = num_parity and plus' = plus_parity defines aval_parity is aval' and step_parity is step' and AI_parity is AI -proof qed +.. subsubsection "Tests" diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int1.thy --- a/src/HOL/IMP/Abs_Int1.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int1.thy Sun Jan 29 15:16:27 2012 +0100 @@ -77,14 +77,16 @@ locale Val_abs1 = - Val_abs1_gamma where \ = \ - for \ :: "'av::L_top_bot \ val set" + -fixes filter_plus' :: "'av \ 'av \ 'av \ 'av * 'av" + Val_abs1_gamma where \ = \ + for \ :: "'av::L_top_bot \ val set" + +fixes test_num' :: "val \ 'av \ bool" +and filter_plus' :: "'av \ 'av \ 'av \ 'av * 'av" and filter_less' :: "bool \ 'av \ 'av \ 'av * 'av" -assumes filter_plus': "filter_plus' a a1 a2 = (a1',a2') \ - n1 : \ a1 \ n2 : \ a2 \ n1+n2 : \ a \ n1 : \ a1' \ n2 : \ a2'" -and filter_less': "filter_less' (n1 - n1 : \ a1 \ n2 : \ a2 \ n1 : \ a1' \ n2 : \ a2'" +assumes test_num': "test_num' n a = (n : \ a)" +and filter_plus': "filter_plus' a a1 a2 = (b1,b2) \ + n1 : \ a1 \ n2 : \ a2 \ n1+n2 : \ a \ n1 : \ b1 \ n2 : \ b2" +and filter_less': "filter_less' (n1 + n1 : \ a1 \ n2 : \ a2 \ n1 : \ b1 \ n2 : \ b2" locale Abs_Int1 = @@ -104,7 +106,7 @@ subsubsection "Backward analysis" fun afilter :: "aexp \ 'av \ 'av st option \ 'av st option" where -"afilter (N n) a S = (if n : \ a then S else None)" | +"afilter (N n) a S = (if test_num' n a then S else None)" | "afilter (V x) a S = (case S of None \ None | Some S \ let a' = lookup S x \ a in if a' \ \ then None else Some(update S x a'))" | @@ -134,7 +136,7 @@ lemma afilter_sound: "s : \\<^isub>o S \ aval e s : \ a \ s : \\<^isub>o (afilter e a S)" proof(induction e arbitrary: a S) - case N thus ?case by simp + case N thus ?case by simp (metis test_num') next case (V x) obtain S' where "S = Some S'" and "s : \\<^isub>f S'" using `s : \\<^isub>o S` @@ -328,7 +330,7 @@ lemma mono_afilter: "r \ r' \ S \ S' \ afilter e r S \ afilter e r' S'" apply(induction e arbitrary: r r' S S') -apply(auto simp: Let_def split: option.splits prod.splits) +apply(auto simp: test_num' Let_def split: option.splits prod.splits) apply (metis mono_gamma subsetD) apply(drule_tac x = "list" in mono_lookup) apply (metis mono_meet le_trans) diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int1_ivl.thy --- a/src/HOL/IMP/Abs_Int1_ivl.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int1_ivl.thy Sun Jan 29 15:16:27 2012 +0100 @@ -42,7 +42,7 @@ "Some x + Some y = Some(x+y)" | "_ + _ = None" -instance proof qed +instance .. end @@ -147,7 +147,7 @@ "Some x - Some y = Some(x-y)" | "_ - _ = None" -instance proof qed +instance .. end @@ -158,6 +158,7 @@ "n1 : \_ivl i1 \ n2 : \_ivl i2 \ n1-n2 : \_ivl(minus_ivl i1 i2)" by(auto simp add: minus_ivl_def \_ivl_def split: ivl.splits option.splits) +definition "test_num_ivl n ivl = contained_in ivl n" definition "filter_plus_ivl i i1 i2 = ((*if is_empty i then empty else*) i1 \ minus_ivl i i2, i2 \ minus_ivl i i1)" @@ -205,32 +206,38 @@ interpretation Val_abs1 where \ = \_ivl and num' = num_ivl and plus' = plus_ivl +and test_num' = test_num_ivl and filter_plus' = filter_plus_ivl and filter_less' = filter_less_ivl proof case goal1 thus ?case + by(auto simp add: test_num_ivl_def contained_in_def) +next + case goal2 thus ?case by(auto simp add: filter_plus_ivl_def) (metis gamma_minus_ivl add_diff_cancel add_commute)+ next - case goal2 thus ?case + case goal3 thus ?case by(cases a1, cases a2, auto simp: \_ivl_def min_option_def max_option_def le_option_def split: if_splits option.splits) qed interpretation Abs_Int1 where \ = \_ivl and num' = num_ivl and plus' = plus_ivl +and test_num' = test_num_ivl and filter_plus' = filter_plus_ivl and filter_less' = filter_less_ivl defines afilter_ivl is afilter and bfilter_ivl is bfilter and step_ivl is step' and AI_ivl is AI and aval_ivl' is aval'' -proof qed +.. text{* Monotonicity: *} interpretation Abs_Int1_mono where \ = \_ivl and num' = num_ivl and plus' = plus_ivl +and test_num' = test_num_ivl and filter_plus' = filter_plus_ivl and filter_less' = filter_less_ivl proof case goal1 thus ?case @@ -247,38 +254,38 @@ subsubsection "Tests" -value [code] "show_acom_opt (AI_ivl test1_ivl)" +value "show_acom_opt (AI_ivl test1_ivl)" text{* Better than @{text AI_const}: *} -value [code] "show_acom_opt (AI_ivl test3_const)" -value [code] "show_acom_opt (AI_ivl test4_const)" -value [code] "show_acom_opt (AI_ivl test6_const)" +value "show_acom_opt (AI_ivl test3_const)" +value "show_acom_opt (AI_ivl test4_const)" +value "show_acom_opt (AI_ivl test6_const)" -value [code] "show_acom_opt (AI_ivl test2_ivl)" -value [code] "show_acom (((step_ivl \)^^0) (\\<^sub>c test2_ivl))" -value [code] "show_acom (((step_ivl \)^^1) (\\<^sub>c test2_ivl))" -value [code] "show_acom (((step_ivl \)^^2) (\\<^sub>c test2_ivl))" +value "show_acom_opt (AI_ivl test2_ivl)" +value "show_acom (((step_ivl \)^^0) (\\<^sub>c test2_ivl))" +value "show_acom (((step_ivl \)^^1) (\\<^sub>c test2_ivl))" +value "show_acom (((step_ivl \)^^2) (\\<^sub>c test2_ivl))" text{* Fixed point reached in 2 steps. Not so if the start value of x is known: *} -value [code] "show_acom_opt (AI_ivl test3_ivl)" -value [code] "show_acom (((step_ivl \)^^0) (\\<^sub>c test3_ivl))" -value [code] "show_acom (((step_ivl \)^^1) (\\<^sub>c test3_ivl))" -value [code] "show_acom (((step_ivl \)^^2) (\\<^sub>c test3_ivl))" -value [code] "show_acom (((step_ivl \)^^3) (\\<^sub>c test3_ivl))" -value [code] "show_acom (((step_ivl \)^^4) (\\<^sub>c test3_ivl))" +value "show_acom_opt (AI_ivl test3_ivl)" +value "show_acom (((step_ivl \)^^0) (\\<^sub>c test3_ivl))" +value "show_acom (((step_ivl \)^^1) (\\<^sub>c test3_ivl))" +value "show_acom (((step_ivl \)^^2) (\\<^sub>c test3_ivl))" +value "show_acom (((step_ivl \)^^3) (\\<^sub>c test3_ivl))" +value "show_acom (((step_ivl \)^^4) (\\<^sub>c test3_ivl))" text{* Takes as many iterations as the actual execution. Would diverge if loop did not terminate. Worse still, as the following example shows: even if the actual execution terminates, the analysis may not. The value of y keeps decreasing as the analysis is iterated, no matter how long: *} -value [code] "show_acom (((step_ivl \)^^50) (\\<^sub>c test4_ivl))" +value "show_acom (((step_ivl \)^^50) (\\<^sub>c test4_ivl))" text{* Relationships between variables are NOT captured: *} -value [code] "show_acom_opt (AI_ivl test5_ivl)" +value "show_acom_opt (AI_ivl test5_ivl)" text{* Again, the analysis would not terminate: *} -value [code] "show_acom (((step_ivl \)^^50) (\\<^sub>c test6_ivl))" +value "show_acom (((step_ivl \)^^50) (\\<^sub>c test6_ivl))" end diff -r 25f081f77915 -r 42a01315d998 src/HOL/IMP/Abs_Int2.thy --- a/src/HOL/IMP/Abs_Int2.thy Sun Jan 29 10:34:02 2012 +0100 +++ b/src/HOL/IMP/Abs_Int2.thy Sun Jan 29 15:16:27 2012 +0100 @@ -227,9 +227,10 @@ interpretation Abs_Int2 where \ = \_ivl and num' = num_ivl and plus' = plus_ivl +and test_num' = test_num_ivl and filter_plus' = filter_plus_ivl and filter_less' = filter_less_ivl defines AI_ivl' is AI_wn -proof qed +.. subsubsection "Tests"