author  nipkow 
Tue, 30 Apr 2013 12:26:41 +0200  
(* Author: Tobias Nipkow *) 
2 

3 
theory Abs_Int2 

4 
imports Abs_Int1 

5 
begin 

6 

7 
instantiation prod :: (order,order) order 
47613  8 
begin 
9 

10 
definition "less_eq_prod p1 p2 = (fst p1 \<le> fst p2 \<and> snd p1 \<le> snd p2)" 
11 
definition "less_prod p1 p2 = (p1 \<le> p2 \<and> \<not> p2 \<le> (p1::'a*'b))" 
47613  12 

13 
instance 

14 
proof 

15 
case goal1 show ?case by(rule less_prod_def) 
16 
next 
17 
case goal2 show ?case by(simp add: less_eq_prod_def) 
47613  18 
next 
19 
case goal3 thus ?case unfolding less_eq_prod_def by(metis order_trans) 
20 
next 
21 
case goal4 thus ?case by(simp add: less_eq_prod_def)(metis eq_iff surjective_pairing) 
47613  22 
qed 
23 

24 
end 

25 

26 

27 
subsection "Backward Analysis of Expressions" 

28 

51826  29 
subclass (in bounded_lattice) semilattice_sup_top .. 
47613  30 

51826  31 
locale Val_abs1_gamma = Gamma where \<gamma> = \<gamma> 
32 
for \<gamma> :: "'av::bounded_lattice \<Rightarrow> val set" + 

51390  33 
assumes inter_gamma_subset_gamma_inf: 
47613  34 
"\<gamma> a1 \<inter> \<gamma> a2 \<subseteq> \<gamma>(a1 \<sqinter> a2)" 
49396  35 
and gamma_bot[simp]: "\<gamma> \<bottom> = {}" 
47613  36 
begin 
37 

51390  38 
lemma in_gamma_inf: "x : \<gamma> a1 \<Longrightarrow> x : \<gamma> a2 \<Longrightarrow> x : \<gamma>(a1 \<sqinter> a2)" 
39 
by (metis IntI inter_gamma_subset_gamma_inf set_mp) 

47613  40 

51390  41 
lemma gamma_inf[simp]: "\<gamma>(a1 \<sqinter> a2) = \<gamma> a1 \<inter> \<gamma> a2" 
42 
by(rule equalityI[OF _ inter_gamma_subset_gamma_inf]) 

51389  43 
(metis inf_le1 inf_le2 le_inf_iff mono_gamma) 
47613  44 

45 
end 

46 

47 

51826  48 
locale Val_abs1 = Val_abs1_gamma where \<gamma> = \<gamma> 
49 
for \<gamma> :: "'av::bounded_lattice \<Rightarrow> val set" + 
47613  50 
fixes test_num' :: "val \<Rightarrow> 'av \<Rightarrow> bool" 
51 
and filter_plus' :: "'av \<Rightarrow> 'av \<Rightarrow> 'av \<Rightarrow> 'av * 'av" 

52 
and filter_less' :: "bool \<Rightarrow> 'av \<Rightarrow> 'av \<Rightarrow> 'av * 'av" 

51036  53 
assumes test_num': "test_num' n a = (n : \<gamma> a)" 
47613  54 
and filter_plus': "filter_plus' a a1 a2 = (b1,b2) \<Longrightarrow> 
51036  55 
n1 : \<gamma> a1 \<Longrightarrow> n2 : \<gamma> a2 \<Longrightarrow> n1+n2 : \<gamma> a \<Longrightarrow> n1 : \<gamma> b1 \<and> n2 : \<gamma> b2" 
56 
and filter_less': "filter_less' (n1<n2) a1 a2 = (b1,b2) \<Longrightarrow> 

57 
n1 : \<gamma> a1 \<Longrightarrow> n2 : \<gamma> a2 \<Longrightarrow> n1 : \<gamma> b1 \<and> n2 : \<gamma> b2" 

47613  58 

59 

51826  60 
locale Abs_Int1 = Val_abs1 where \<gamma> = \<gamma> 
61 
for \<gamma> :: "'av::bounded_lattice \<Rightarrow> val set" 

47613  62 
begin 
63 

51389  64 
lemma in_gamma_sup_UpI: 
65 
"s : \<gamma>\<^isub>o S1 \<or> s : \<gamma>\<^isub>o S2 \<Longrightarrow> s : \<gamma>\<^isub>o(S1 \<squnion> S2)" 
df3426139651
complete revision: finally got rid of annoying Lpredicate
nipkow
parents:
51390
diff
changeset

66 
by (metis (hide_lams, no_types) sup_ge1 sup_ge2 mono_gamma_o subsetD) 
47613  67 

68 
fun aval'' :: "aexp \<Rightarrow> 'av st option \<Rightarrow> 'av" where 

69 
"aval'' e None = \<bottom>"  

51834  70 
"aval'' e (Some S) = aval' e S" 
47613  71 

72 
lemma aval''_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval a s : \<gamma>(aval'' a S)" 
df3426139651
complete revision: finally got rid of annoying Lpredicate
nipkow
parents:
51390
diff
changeset

73 
by(cases S)(auto simp add: aval'_sound split: option.splits) 
47613  74 

75 
subsubsection "Backward analysis" 

76 

77 
fun afilter :: "aexp \<Rightarrow> 'av \<Rightarrow> 'av st option \<Rightarrow> 'av st option" where 

51036  78 
"afilter (N n) a S = (if test_num' n a then S else None)"  
47613  79 
"afilter (V x) a S = (case S of None \<Rightarrow> None  Some S \<Rightarrow> 
80 
let a' = fun S x \<sqinter> a in 

81 
if a' = \<bottom> then None else Some(update S x a'))"  
47613  82 
"afilter (Plus e1 e2) a S = 
51036  83 
(let (a1,a2) = filter_plus' a (aval'' e1 S) (aval'' e2 S) 
84 
in afilter e1 a1 (afilter e2 a2 S))" 

47613  85 

86 
text{* The test for @{const bot} in the @{const V}case is important: @{const 

87 
bot} indicates that a variable has no possible values, i.e.\ that the current 

88 
program point is unreachable. But then the abstract state should collapse to 

89 
@{const None}. Put differently, we maintain the invariant that in an abstract 

90 
state of the form @{term"Some s"}, all variables are mapped to non@{const 

51389  91 
bot} values. Otherwise the (pointwise) sup of two abstract states, one of 
47613  92 
which contains @{const bot} values, may produce too large a result, thus 
93 
making the analysis less precise. *} 

94 

95 

96 
fun bfilter :: "bexp \<Rightarrow> bool \<Rightarrow> 'av st option \<Rightarrow> 'av st option" where 

97 
"bfilter (Bc v) res S = (if v=res then S else None)"  

98 
"bfilter (Not b) res S = bfilter b (\<not> res) S"  

99 
"bfilter (And b1 b2) res S = 

100 
(if res then bfilter b1 True (bfilter b2 True S) 

101 
else bfilter b1 False S \<squnion> bfilter b2 False S)"  

102 
"bfilter (Less e1 e2) res S = 

51037  103 
(let (a1,a2) = filter_less' res (aval'' e1 S) (aval'' e2 S) 
104 
in afilter e1 a1 (afilter e2 a2 S))" 

47613  105 

106 
lemma afilter_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> aval e s : \<gamma> a \<Longrightarrow> s : \<gamma>\<^isub>o (afilter e a S)" 
47613  107 
proof(induction e arbitrary: a S) 
108 
case N thus ?case by simp (metis test_num') 

109 
next 

110 
case (V x) 

49497  111 
obtain S' where "S = Some S'" and "s : \<gamma>\<^isub>s S'" using `s : \<gamma>\<^isub>o S` 
47613  112 
by(auto simp: in_gamma_option_iff) 
113 
moreover hence "s x : \<gamma> (fun S' x)" 

114 
using V(1,2) by(simp add: \<gamma>_st_def) 
47613  115 
moreover have "s x : \<gamma> a" using V by simp 
116 
ultimately show ?case 
47613  117 
by(simp add: Let_def \<gamma>_st_def) 
51390  118 
(metis mono_gamma emptyE in_gamma_inf gamma_bot subset_empty) 
47613  119 
next 
120 
case (Plus e1 e2) thus ?case 

121 
using filter_plus'[OF _ aval''_sound aval''_sound] 
qed 
124 

125 
lemma bfilter_sound: "s : \<gamma>\<^isub>o S \<Longrightarrow> bv = bval b s \<Longrightarrow> s : \<gamma>\<^isub>o(bfilter b bv S)" 
47613  126 
proof(induction b arbitrary: S bv) 
127 
case Bc thus ?case by simp 

128 
next 

129 
case (Not b) thus ?case by simp 

130 
next 

131 
case (And b1 b2) thus ?case 

132 
by simp (metis And(1) And(2) in_gamma_sup_UpI) 
47613  133 
next 
134 
case (Less e1 e2) thus ?case 

135 
by(auto split: prod.split) 

136 
(metis (lifting) afilter_sound aval''_sound filter_less') 
47613  137 
qed 
138 

51390  139 
definition "step' = Step 
51389  140 
(\<lambda>x e S. case S of None \<Rightarrow> None  Some S \<Rightarrow> Some(update S x (aval' e S))) 
141 
(\<lambda>b S. bfilter b True S)" 

47613  142 

143 
definition AI :: "com \<Rightarrow> 'av st option acom option" where 

144 
"AI c = pfp (step' \<top>) (bot c)" 
47613  145 

146 
lemma strip_step'[simp]: "strip(step' S c) = strip c" 

51390  147 
by(simp add: step'_def) 
47613  148 

51785  149 
lemma top_on_afilter: "\<lbrakk> top_on_opt S X; vars e \<subseteq> X \<rbrakk> \<Longrightarrow> top_on_opt (afilter e a S) X" 
150 
by(induction e arbitrary: a S) (auto simp: Let_def split: option.splits prod.split) 
51785  152 
lemma top_on_bfilter: "\<lbrakk>top_on_opt S X; vars b \<subseteq> X\<rbrakk> \<Longrightarrow> top_on_opt (bfilter b r S) X" 
153 
by(induction b arbitrary: r S) (auto simp: top_on_afilter top_on_sup split: prod.split) 
51785  155 
lemma top_on_step': "top_on_acom C ( vars C) \<Longrightarrow> top_on_acom (step' \<top> C) ( vars C)" 
156 
unfolding step'_def 
by(rule top_on_Step) 
47613  159 

160 
subsubsection "Soundness" 

161 

162 
lemma step_step': "step (\<gamma>\<^isub>o S) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' S C)" 
51390  163 
unfolding step_def step'_def 
164 
by(rule gamma_Step_subcomm) 

165 
(auto simp: intro!: aval'_sound bfilter_sound in_gamma_update split: option.splits) 
47613  166 

50986  167 
lemma AI_sound: "AI c = Some C \<Longrightarrow> CS c \<le> \<gamma>\<^isub>c C" 
47613  168 
proof(simp add: CS_def AI_def) 
169 
assume 1: "pfp (step' \<top>) (bot c) = Some C" 
have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1]) 
have 2: "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c C" "transfer the pfp'" 
50986  172 
proof(rule order_trans) 
173 
show "step (\<gamma>\<^isub>o \<top>) (\<gamma>\<^isub>c C) \<le> \<gamma>\<^isub>c (step' \<top> C)" by(rule step_step') 
show "... \<le> \<gamma>\<^isub>c C" by (metis mono_gamma_c[OF pfp']) 
47613  175 
qed 
176 
have 3: "strip (\<gamma>\<^isub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def) 
have "lfp c (step (\<gamma>\<^isub>o \<top>)) \<le> \<gamma>\<^isub>c C" 
by(rule lfp_lowerbound[simplified,where f="step (\<gamma>\<^isub>o \<top>)", OF 3 2]) 
50986  179 
thus "lfp c (step UNIV) \<le> \<gamma>\<^isub>c C" by simp 
47613  180 
qed 
181 

182 
end 

183 

184 

185 
subsubsection "Monotonicity" 

186 

187 
locale Abs_Int1_mono = Abs_Int1 + 

188 
assumes mono_plus': "a1 \<le> b1 \<Longrightarrow> a2 \<le> b2 \<Longrightarrow> plus' a1 a2 \<le> plus' b1 b2" 
and mono_filter_plus': "a1 \<le> b1 \<Longrightarrow> a2 \<le> b2 \<Longrightarrow> r \<le> r' \<Longrightarrow> 
filter_plus' r a1 a2 \<le> filter_plus' r' b1 b2" 
and mono_filter_less': "a1 \<le> b1 \<Longrightarrow> a2 \<le> b2 \<Longrightarrow> 
47613  193 
begin 
194 

195 
lemma mono_aval': 

196 
"S1 \<le> S2 \<Longrightarrow> aval' e S1 \<le> aval' e S2" 
by(induction e) (auto simp: mono_plus' mono_fun) 
47613  198 

199 
lemma mono_aval'': 

200 
"S1 \<le> S2 \<Longrightarrow> aval'' e S1 \<le> aval'' e S2" 
47613  201 
apply(cases S1) 
202 
apply simp 

203 
apply(cases S2) 

204 
apply simp 

205 
by (simp add: mono_aval') 

206 

207 
lemma mono_afilter: "r1 \<le> r2 \<Longrightarrow> S1 \<le> S2 \<Longrightarrow> afilter e r1 S1 \<le> afilter e r2 S2" 
47613  208 
apply(induction e arbitrary: r1 r2 S1 S2) 
51390  209 
apply(auto simp: test_num' Let_def inf_mono split: option.splits prod.splits) 
210 
apply (metis mono_gamma subsetD) 

211 
apply (metis le_bot inf_mono le_st_iff) 
apply (metis inf_mono mono_update le_st_iff) 
apply(metis mono_aval'' mono_filter_plus'[simplified less_eq_prod_def] fst_conv snd_conv) 
47613  214 
done 
215 

216 
lemma mono_bfilter: "S1 \<le> S2 \<Longrightarrow> bfilter b bv S1 \<le> bfilter b bv S2" 
47613  217 
apply(induction b arbitrary: bv S1 S2) 
51390  218 
apply(simp) 
219 
apply(simp) 

220 
apply simp 

221 
apply(metis order_trans[OF _ sup_ge1] order_trans[OF _ sup_ge2]) 
47613  222 
apply (simp split: prod.splits) 
223 
apply(metis mono_aval'' mono_afilter mono_filter_less'[simplified less_eq_prod_def] fst_conv snd_conv) 
47613  224 
done 
225 

226 
theorem mono_step': "S1 \<le> S2 \<Longrightarrow> C1 \<le> C2 \<Longrightarrow> step' S1 C1 \<le> step' S2 C2" 
51390  227 
unfolding step'_def 
228 
by(rule mono2_Step) (auto simp: mono_aval' mono_bfilter split: option.split) 

47613  229 

230 
lemma mono_step'_top: "C1 \<le> C2 \<Longrightarrow> step' \<top> C1 \<le> step' \<top> C2" 
by (metis mono_step' order_refl) 
47613  232 

233 
end 

234 

235 
end 