# HG changeset patch # User nipkow # Date 1360666469 -3600 # Node ID e7b54119c436cb3aa07e0976fa20dc87031e7a74 # Parent 36aee533d7a772fcda4a83916f5a8c60dad754b5 tuned top diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int0.thy --- a/src/HOL/IMP/Abs_Int0.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int0.thy Tue Feb 12 11:54:29 2013 +0100 @@ -242,9 +242,8 @@ and gamma_Top[simp]: "\ \ = UNIV" fixes num' :: "val \ 'av" and plus' :: "'av \ 'av \ 'av" - assumes gamma_num': "i : \(num' i)" - and gamma_plus': - "i1 : \ a1 \ i2 : \ a2 \ i1+i2 : \(plus' a1 a2)" + assumes gamma_num': "i \ \(num' i)" + and gamma_plus': "i1 \ \ a1 \ i2 \ \ a2 \ i1+i2 \ \(plus' a1 a2)" type_synonym 'av st = "(vname \ 'av)" @@ -263,7 +262,8 @@ x ::= e {case S of None \ None | Some S \ Some(S(x := aval' e S))}" | "step' S (C1; C2) = step' S C1; step' (post C1) C2" | "step' S (IF b THEN {P1} C1 ELSE {P2} C2 {Q}) = - IF b THEN {S} step' P1 C1 ELSE {S} step' P2 C2 {post C1 \ post C2}" | + IF b THEN {S} step' P1 C1 ELSE {S} step' P2 C2 + {post C1 \ post C2}" | "step' S ({I} WHILE b DO {P} C {Q}) = {S \ post C} WHILE b DO {I} step' P C {I}" @@ -290,8 +290,6 @@ lemma gamma_o_Top[simp]: "\\<^isub>o Top = UNIV" by (simp add: Top_option_def) -(* FIXME (maybe also le \ sqle?) *) - lemma mono_gamma_s: "f1 \ f2 \ \\<^isub>s f1 \ \\<^isub>s f2" by(auto simp: le_fun_def \_fun_def dest: mono_gamma) diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int1.thy --- a/src/HOL/IMP/Abs_Int1.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int1.thy Tue Feb 12 11:54:29 2013 +0100 @@ -71,7 +71,7 @@ {S \ post C} WHILE b DO {I} step' P C {I}" definition AI :: "com \ 'av st option acom option" where -"AI c = pfp (step' (top c)) (bot c)" +"AI c = pfp (step' (top(vars c))) (bot c)" lemma strip_step'[simp]: "strip(step' S C) = strip C" @@ -110,21 +110,21 @@ lemma AI_sound: "AI c = Some C \ CS c \ \\<^isub>c C" proof(simp add: CS_def AI_def) - assume 1: "pfp (step' (top c)) (bot c) = Some C" + assume 1: "pfp (step' (top(vars c))) (bot c) = Some C" have "C \ L(vars c)" by(rule pfp_inv[where P = "%C. C \ L(vars c)", OF 1 _ bot_in_L]) (erule step'_in_L[OF _ top_in_L]) - have pfp': "step' (top c) C \ C" by(rule pfp_pfp[OF 1]) - have 2: "step (\\<^isub>o(top c)) (\\<^isub>c C) \ \\<^isub>c C" + have pfp': "step' (top(vars c)) C \ C" by(rule pfp_pfp[OF 1]) + have 2: "step (\\<^isub>o(top(vars c))) (\\<^isub>c C) \ \\<^isub>c C" proof(rule order_trans) - show "step (\\<^isub>o (top c)) (\\<^isub>c C) \ \\<^isub>c (step' (top c) C)" + show "step (\\<^isub>o (top(vars c))) (\\<^isub>c C) \ \\<^isub>c (step' (top(vars c)) C)" by(rule step_step'[OF `C \ L(vars c)` top_in_L]) - show "\\<^isub>c (step' (top c) C) \ \\<^isub>c C" + show "\\<^isub>c (step' (top(vars c)) C) \ \\<^isub>c C" by(rule mono_gamma_c[OF pfp']) qed have 3: "strip (\\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1]) - have "lfp c (step (\\<^isub>o(top c))) \ \\<^isub>c C" - by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top c))", OF 3 2]) + have "lfp c (step (\\<^isub>o(top(vars c)))) \ \\<^isub>c C" + by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top(vars c)))", OF 3 2]) thus "lfp c (step UNIV) \ \\<^isub>c C" by simp qed @@ -153,8 +153,8 @@ split: option.split) done -lemma mono_step'_top: "C \ L(vars c) \ C' \ L(vars c) \ - C \ C' \ step' (top c) C \ step' (top c) C'" +lemma mono_step'_top: "C \ L X \ C' \ L X \ + C \ C' \ step' (top X) C \ step' (top X) C'" by (metis top_in_L mono_step' preord_class.le_refl) lemma pfp_bot_least: @@ -167,7 +167,7 @@ by (simp_all add: assms(4,5) bot_least) lemma AI_least_pfp: assumes "AI c = Some C" -and "step' (top c) C' \ C'" "strip C' = c" "C' \ L(vars c)" +and "step' (top(vars c)) C' \ C'" "strip C' = c" "C' \ L(vars c)" shows "C \ C'" apply(rule pfp_bot_least[OF _ _ assms(2-4) assms(1)[unfolded AI_def]]) by (simp_all add: mono_step'_top) diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int1_const.thy --- a/src/HOL/IMP/Abs_Int1_const.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int1_const.thy Tue Feb 12 11:54:29 2013 +0100 @@ -74,7 +74,7 @@ subsubsection "Tests" -definition "steps c i = (step_const(top c) ^^ i) (bot c)" +definition "steps c i = (step_const(top(vars c)) ^^ i) (bot c)" value "show_acom (steps test1_const 0)" value "show_acom (steps test1_const 1)" diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int1_parity.thy --- a/src/HOL/IMP/Abs_Int1_parity.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int1_parity.thy Tue Feb 12 11:54:29 2013 +0100 @@ -127,7 +127,7 @@ ''x'' ::= N 1; WHILE Less (V ''x'') (N 100) DO ''x'' ::= Plus (V ''x'') (N 3)" -definition "steps c i = (step_parity(top c) ^^ i) (bot c)" +definition "steps c i = (step_parity(top(vars c)) ^^ i) (bot c)" value "show_acom (steps test2_parity 0)" value "show_acom (steps test2_parity 1)" diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int2.thy --- a/src/HOL/IMP/Abs_Int2.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int2.thy Tue Feb 12 11:54:29 2013 +0100 @@ -55,11 +55,11 @@ fixes test_num' :: "val \ 'av \ bool" and filter_plus' :: "'av \ 'av \ 'av \ 'av * 'av" and filter_less' :: "bool \ 'av \ 'av \ 'av * 'av" -assumes test_num': "test_num' i a = (i : \ a)" +assumes test_num': "test_num' n a = (n : \ a)" and filter_plus': "filter_plus' a a1 a2 = (b1,b2) \ - i1 : \ a1 \ i2 : \ a2 \ i1+i2 : \ a \ i1 : \ b1 \ i2 : \ b2" -and filter_less': "filter_less' (i1 - i1 : \ a1 \ i2 : \ a2 \ i1 : \ b1 \ i2 : \ b2" + n1 : \ a1 \ n2 : \ a2 \ n1+n2 : \ a \ n1 : \ b1 \ n2 : \ b2" +and filter_less': "filter_less' (n1 + n1 : \ a1 \ n2 : \ a2 \ n1 : \ b1 \ n2 : \ b2" locale Abs_Int1 = @@ -80,13 +80,13 @@ subsubsection "Backward analysis" fun afilter :: "aexp \ 'av \ 'av st option \ 'av st option" where -"afilter (N i) a S = (if test_num' i a then S else None)" | +"afilter (N n) a S = (if test_num' n a then S else None)" | "afilter (V x) a S = (case S of None \ None | Some S \ let a' = fun S x \ a in if a' \ \ then None else Some(update S x a'))" | "afilter (Plus e1 e2) a S = - (let (a\<^isub>1',a\<^isub>2') = filter_plus' a (aval'' e1 S) (aval'' e2 S) - in afilter e1 a\<^isub>1' (afilter e2 a\<^isub>2' S))" + (let (a1,a2) = filter_plus' a (aval'' e1 S) (aval'' e2 S) + in afilter e1 a1 (afilter e2 a2 S))" text{* The test for @{const bot} in the @{const V}-case is important: @{const bot} indicates that a variable has no possible values, i.e.\ that the current @@ -105,8 +105,8 @@ (if res then bfilter b1 True (bfilter b2 True S) else bfilter b1 False S \ bfilter b2 False S)" | "bfilter (Less e1 e2) res S = - (let (a\<^isub>1',a\<^isub>2') = filter_less' res (aval'' e1 S) (aval'' e2 S) - in afilter e1 a\<^isub>1' (afilter e2 a\<^isub>2' S))" + (let (res1,res2) = filter_less' res (aval'' e1 S) (aval'' e2 S) + in afilter e1 res1 (afilter e2 res2 S))" lemma afilter_in_L: "S \ L X \ vars e \ X \ afilter e a S \ L X" by(induction e arbitrary: a S) @@ -167,7 +167,7 @@ {bfilter b False I}" definition AI :: "com \ 'av st option acom option" where -"AI c = pfp (step' \\<^bsub>c\<^esub>) (bot c)" +"AI c = pfp (step' \\<^bsub>vars c\<^esub>) (bot c)" lemma strip_step'[simp]: "strip(step' S c) = strip c" by(induct c arbitrary: S) (simp_all add: Let_def) @@ -209,21 +209,21 @@ lemma AI_sound: "AI c = Some C \ CS c \ \\<^isub>c C" proof(simp add: CS_def AI_def) - assume 1: "pfp (step' (top c)) (bot c) = Some C" + assume 1: "pfp (step' (top(vars c))) (bot c) = Some C" have "C \ L(vars c)" by(rule pfp_inv[where P = "%C. C \ L(vars c)", OF 1 _ bot_in_L]) (erule step'_in_L[OF _ top_in_L]) - have pfp': "step' (top c) C \ C" by(rule pfp_pfp[OF 1]) - have 2: "step (\\<^isub>o(top c)) (\\<^isub>c C) \ \\<^isub>c C" + have pfp': "step' (top(vars c)) C \ C" by(rule pfp_pfp[OF 1]) + have 2: "step (\\<^isub>o(top(vars c))) (\\<^isub>c C) \ \\<^isub>c C" proof(rule order_trans) - show "step (\\<^isub>o (top c)) (\\<^isub>c C) \ \\<^isub>c (step' (top c) C)" + show "step (\\<^isub>o (top(vars c))) (\\<^isub>c C) \ \\<^isub>c (step' (top(vars c)) C)" by(rule step_step'[OF `C \ L(vars c)` top_in_L]) - show "\\<^isub>c (step' (top c) C) \ \\<^isub>c C" + show "\\<^isub>c (step' (top(vars c)) C) \ \\<^isub>c C" by(rule mono_gamma_c[OF pfp']) qed have 3: "strip (\\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1]) - have "lfp c (step (\\<^isub>o(top c))) \ \\<^isub>c C" - by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top c))", OF 3 2]) + have "lfp c (step (\\<^isub>o(top(vars c)))) \ \\<^isub>c C" + by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top(vars c)))", OF 3 2]) thus "lfp c (step UNIV) \ \\<^isub>c C" by simp qed @@ -281,8 +281,8 @@ split: option.split) done -lemma mono_step'_top: "C1 \ L(vars c) \ C2 \ L(vars c) \ - C1 \ C2 \ step' (top c) C1 \ step' (top c) C2" +lemma mono_step'_top: "C1 \ L X \ C2 \ L X \ + C1 \ C2 \ step' (top X) C1 \ step' (top X) C2" by (metis top_in_L mono_step' preord_class.le_refl) end diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int2_ivl.thy --- a/src/HOL/IMP/Abs_Int2_ivl.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int2_ivl.thy Tue Feb 12 11:54:29 2013 +0100 @@ -248,27 +248,25 @@ subsubsection "Tests" -value "show_acom (the(AI_ivl test1_ivl))" +value "show_acom_opt (AI_ivl test1_ivl)" text{* Better than @{text AI_const}: *} -value "show_acom (the(AI_ivl test3_const))" -value "show_acom (the(AI_ivl test4_const))" -value "show_acom (the(AI_ivl test6_const))" +value "show_acom_opt (AI_ivl test3_const)" +value "show_acom_opt (AI_ivl test4_const)" +value "show_acom_opt (AI_ivl test6_const)" -definition "steps c i = (step_ivl(top c) ^^ i) (bot c)" +definition "steps c i = (step_ivl(top(vars c)) ^^ i) (bot c)" -value "test2_ivl" -value "show_acom (the(AI_ivl test2_ivl))" +value "show_acom_opt (AI_ivl test2_ivl)" value "show_acom (steps test2_ivl 0)" value "show_acom (steps test2_ivl 1)" value "show_acom (steps test2_ivl 2)" value "show_acom (steps test2_ivl 3)" -text{* Fixed point reached in 3 steps. +text{* Fixed point reached in 2 steps. Not so if the start value of x is known: *} -value "test3_ivl" -value "show_acom (the(AI_ivl test3_ivl))" +value "show_acom_opt (AI_ivl test3_ivl)" value "show_acom (steps test3_ivl 0)" value "show_acom (steps test3_ivl 1)" value "show_acom (steps test3_ivl 2)" @@ -281,15 +279,12 @@ the actual execution terminates, the analysis may not. The value of y keeps decreasing as the analysis is iterated, no matter how long: *} -value "test4_ivl" value "show_acom (steps test4_ivl 50)" text{* Relationships between variables are NOT captured: *} -value "test5_ivl" -value "show_acom (the(AI_ivl test5_ivl))" +value "show_acom_opt (AI_ivl test5_ivl)" text{* Again, the analysis would not terminate: *} -value "test6_ivl" value "show_acom (steps test6_ivl 50)" end diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_Int3.thy --- a/src/HOL/IMP/Abs_Int3.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_Int3.thy Tue Feb 12 11:54:29 2013 +0100 @@ -358,24 +358,24 @@ begin definition AI_wn :: "com \ 'av st option acom option" where -"AI_wn c = pfp_wn (step' (top c)) (bot c)" +"AI_wn c = pfp_wn (step' (top(vars c))) (bot c)" lemma AI_wn_sound: "AI_wn c = Some C \ CS c \ \\<^isub>c C" proof(simp add: CS_def AI_wn_def) - assume 1: "pfp_wn (step' (top c)) (bot c) = Some C" - have 2: "(strip C = c & C \ L(vars c)) \ step' \\<^bsub>c\<^esub> C \ C" + assume 1: "pfp_wn (step' (top(vars c))) (bot c) = Some C" + have 2: "(strip C = c & C \ L(vars c)) \ step' \\<^bsub>vars c\<^esub> C \ C" by(rule pfp_wn_pfp[where x="bot c"]) (simp_all add: 1 mono_step'_top widen_c_in_L narrow_c_in_L) - have pfp: "step (\\<^isub>o(top c)) (\\<^isub>c C) \ \\<^isub>c C" + have pfp: "step (\\<^isub>o(top(vars c))) (\\<^isub>c C) \ \\<^isub>c C" proof(rule order_trans) - show "step (\\<^isub>o (top c)) (\\<^isub>c C) \ \\<^isub>c (step' (top c) C)" + show "step (\\<^isub>o (top(vars c))) (\\<^isub>c C) \ \\<^isub>c (step' (top(vars c)) C)" by(rule step_step'[OF conjunct2[OF conjunct1[OF 2]] top_in_L]) show "... \ \\<^isub>c C" by(rule mono_gamma_c[OF conjunct2[OF 2]]) qed have 3: "strip (\\<^isub>c C) = c" by(simp add: strip_pfp_wn[OF _ 1]) - have "lfp c (step (\\<^isub>o (top c))) \ \\<^isub>c C" - by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top c))", OF 3 pfp]) + have "lfp c (step (\\<^isub>o (top(vars c)))) \ \\<^isub>c C" + by(rule lfp_lowerbound[simplified,where f="step (\\<^isub>o(top(vars c)))", OF 3 pfp]) thus "lfp c (step UNIV) \ \\<^isub>c C" by simp qed @@ -396,9 +396,9 @@ by(rule refl) definition "step_up_ivl n = - ((\C. C \ step_ivl (top(strip C)) C)^^n)" + ((\C. C \ step_ivl (top(vars(strip C))) C)^^n)" definition "step_down_ivl n = - ((\C. C \ step_ivl (top (strip C)) C)^^n)" + ((\C. C \ step_ivl (top(vars(strip C))) C)^^n)" text{* For @{const test3_ivl}, @{const AI_ivl} needed as many iterations as the loop took to execute. In contrast, @{const AI_ivl'} converges in a @@ -416,14 +416,14 @@ value "show_acom (step_down_ivl 2 (step_up_ivl 8 (bot test3_ivl)))" value "show_acom (step_down_ivl 3 (step_up_ivl 8 (bot test3_ivl)))" value "show_acom (step_down_ivl 4 (step_up_ivl 8 (bot test3_ivl)))" -value "show_acom (the(AI_ivl' test3_ivl))" +value "show_acom_opt (AI_ivl' test3_ivl)" text{* Now all the analyses terminate: *} -value "show_acom (the(AI_ivl' test4_ivl))" -value "show_acom (the(AI_ivl' test5_ivl))" -value "show_acom (the(AI_ivl' test6_ivl))" +value "show_acom_opt (AI_ivl' test4_ivl)" +value "show_acom_opt (AI_ivl' test5_ivl)" +value "show_acom_opt (AI_ivl' test6_ivl)" subsubsection "Generic Termination Proof" @@ -629,14 +629,14 @@ lemma iter_winden_step_ivl_termination: - "\C. iter_widen (step_ivl (top c)) (bot c) = Some C" + "\C. iter_widen (step_ivl (top(vars c))) (bot c) = Some C" apply(rule iter_widen_termination[where m = "m_c" and P = "%C. C \ Lc c"]) apply (simp_all add: step'_in_Lc m_c_widen) done lemma iter_narrow_step_ivl_termination: - "C0 \ Lc c \ step_ivl (top c) C0 \ C0 \ - \C. iter_narrow (step_ivl (top c)) C0 = Some C" + "C0 \ Lc c \ step_ivl (top(vars c)) C0 \ C0 \ + \C. iter_narrow (step_ivl (top(vars c))) C0 = Some C" apply(rule iter_narrow_termination[where n = "n_c" and P = "%C. C \ Lc c"]) apply (simp add: step'_in_Lc) apply (simp) @@ -654,7 +654,7 @@ apply(auto simp: AI_wn_def pfp_wn_def iter_winden_step_ivl_termination split: option.split) apply(rule iter_narrow_step_ivl_termination) -apply(blast intro: iter_widen_inv[where f = "step' \\<^bsub>c\<^esub>" and P = "%C. C \ Lc c"] bot_in_Lc Lc_widen step'_in_Lc[where S = "\\<^bsub>c\<^esub>" and c=c, simplified]) +apply(blast intro: iter_widen_inv[where f = "step' \\<^bsub>vars c\<^esub>" and P = "%C. C \ Lc c"] bot_in_Lc Lc_widen step'_in_Lc[where S = "\\<^bsub>vars c\<^esub>" and c=c, simplified]) apply(erule iter_widen_pfp) done diff -r 36aee533d7a7 -r e7b54119c436 src/HOL/IMP/Abs_State.thy --- a/src/HOL/IMP/Abs_State.thy Mon Feb 11 11:38:16 2013 +0100 +++ b/src/HOL/IMP/Abs_State.thy Tue Feb 12 11:54:29 2013 +0100 @@ -60,12 +60,12 @@ end class semilatticeL = join + L + -fixes top :: "com \ 'a" +fixes top :: "vname set \ 'a" assumes join_ge1 [simp]: "x \ L X \ y \ L X \ x \ x \ y" and join_ge2 [simp]: "x \ L X \ y \ L X \ y \ x \ y" and join_least[simp]: "x \ z \ y \ z \ x \ y \ z" -and top[simp]: "x \ L(vars c) \ x \ top c" -and top_in_L[simp]: "top c \ L(vars c)" +and top[simp]: "x \ L X \ x \ top X" +and top_in_L[simp]: "top X \ L X" and join_in_L[simp]: "x \ L X \ y \ L X \ x \ y \ L X" notation (input) top ("\\<^bsub>_\<^esub>") @@ -109,6 +109,7 @@ value [code] "show_st (FunDom (\x. 1::int) {''a'',''b''})" definition "show_acom = map_acom (Option.map show_st)" +definition "show_acom_opt = Option.map show_acom" definition "update F x y = FunDom ((fun F)(x:=y)) (dom F)" @@ -157,7 +158,7 @@ instantiation st :: (semilattice) semilatticeL begin -definition top_st where "top c = FunDom (\x. \) (vars c)" +definition top_st where "top X = FunDom (\x. \) X" instance proof @@ -200,8 +201,6 @@ lemma gamma_o_Top[simp]: "\\<^isub>o (top c) = UNIV" by (simp add: top_option_def) -(* FIXME (maybe also le \ sqle?) *) - lemma mono_gamma_s: "f \ g \ \\<^isub>s f \ \\<^isub>s g" apply(simp add:\_st_def subset_iff le_st_def split: if_splits) by (metis mono_gamma subsetD)