Quelle  DefAss.thy

(*  Title:      JinjaThreads/J/DefAss.thy
    Author:     Tobias Nipkow, Andreas Lochbihler
*)

section ‹Definite assignment›

theory DefAss
imports 
  Expr
begin

subsection "Hypersets"

type_synonym 'a hyperset = "'a set option"

definition hyperUn :: "'a hyperset ==> 'a hyperset ==> 'a hyperset"   (infixl ‹⊔› 65)
where
  "A ⊔ B ≡ case A of None ==> None
                 | ⌊A⌋ ==> (case B of None ==> None | ⌊B⌋ ==> ⌊A ∪ B⌋)"

definition hyperInt :: "'a hyperset ==> 'a hyperset ==> 'a hyperset"   (infixl ‹⊓› 70)
where
  "A ⊓ B ≡ case A of None ==> B
                 | ⌊A⌋ ==> (case B of None ==> ⌊A⌋ | ⌊B⌋ ==> ⌊A ∩ B⌋)"

definition hyperDiff1 :: "'a hyperset ==> 'a ==> 'a hyperset"   (infixl ‹⊖› 65)
where
  "A ⊖ a ≡ case A of None ==> None | ⌊A⌋ ==> ⌊A - {a}⌋"

definition hyper_isin :: "'a ==> 'a hyperset ==> bool"   (infix ‹∈∈› 50)
where
 "a ∈∈ A ≡ case A of None ==> True | ⌊A⌋ ==> a ∈ A"

definition hyper_subset :: "'a hyperset ==> 'a hyperset ==> bool"   (infix ‹⊑› 50)
where
  "A ⊑ B ≡ case B of None ==> True
                 | ⌊B⌋ ==> (case A of None ==> False | ⌊A⌋ ==> A ⊆ B)"

lemmas hyperset_defs =
 hyperUn_def hyperInt_def hyperDiff1_def hyper_isin_def hyper_subset_def

lemma [simp]: "⌊{}⌋ ⊔ A = A ∧ A ⊔ ⌊{}⌋ = A"
(*<*)by(simp add:hyperset_defs)(*>*)

lemma [simp]: "⌊A⌋ ⊔ ⌊B⌋ = ⌊A ∪ B⌋ ∧ ⌊A⌋ ⊖ a = ⌊A - {a}⌋"
(*<*)by(simp add:hyperset_defs)(*>*)

lemma [simp]: "None ⊔ A = None ∧ A ⊔ None = None"
(*<*)by(simp add:hyperset_defs)(*>*)

lemma [simp]: "a ∈∈ None ∧ None ⊖ a = None"
(*<*)by(simp add:hyperset_defs)(*>*)

lemma hyperUn_assoc: "(A ⊔ B) ⊔ C = A ⊔ (B ⊔ C)"
(*<*)by(simp add:hyperset_defs Un_assoc)(*>*)

lemma hyper_insert_comm: "A ⊔ ⌊{a}⌋ = ⌊{a}⌋ ⊔ A ∧ A ⊔ (⌊{a}⌋ ⊔ B) = ⌊{a}⌋ ⊔ (A ⊔ B)"
(*<*)by(simp add:hyperset_defs)(*>*)

lemma sqSub_mem_lem [elim]: "[ A ⊑ A'; a ∈∈ A ] ==> a ∈∈ A'"
by(auto simp add: hyperset_defs)

lemma [iff]: "A ⊑ None"
by(auto simp add: hyperset_defs)

lemma [simp]: "A ⊑ A"
by(auto simp add: hyperset_defs)

lemma [iff]: "⌊A⌋ ⊑ ⌊B⌋ ⟷ A ⊆ B"
by(auto simp add: hyperset_defs)

lemma sqUn_lem2: "A ⊑ A' ==> B ⊔ A ⊑ B ⊔ A'"
by(simp add:hyperset_defs) blast

lemma sqSub_trans [trans, intro]: "[ A ⊑ B; B ⊑ C ] ==> A ⊑ C"
by(auto simp add: hyperset_defs)

lemma hyperUn_comm: "A ⊔ B = B ⊔ A"
by(auto simp add: hyperset_defs)

lemma hyperUn_leftComm: "A ⊔ (B ⊔ C) = B ⊔ (A ⊔ C)"
by(auto simp add: hyperset_defs)

lemmas hyperUn_ac = hyperUn_comm hyperUn_leftComm hyperUn_assoc

lemma [simp]: "⌊{}⌋ ⊔ B = B"
by(auto)

lemma [simp]: "⌊{}⌋ ⊑ A"
by(auto simp add: hyperset_defs)

lemma sqInt_lem: "A ⊑ A' ==> A ⊓ B ⊑ A' ⊓ B"
by(auto simp add: hyperset_defs)

subsection "Definite assignment"

primrec A  :: "('a,'b,'addr) exp ==> 'a hyperset"
  and As :: "('a,'b,'addr) exp list ==> 'a hyperset"
where
  "A (new C) = ⌊{}⌋"
| "A (newA T⌊e⌉) = A e"
| "A (Cast C e) = A e"
| "A (e instanceof T) = A e"
| "A (Val v) = ⌊{}⌋"
| "A (e₁ «bop¬ e₂) = A e₁ ⊔ A e₂"
| "A (Var V) = ⌊{}⌋"
| "A (LAss V e) = ⌊{V}⌋ ⊔ A e"
| "A (a⌊i⌉) = A a ⊔ A i"
| "A (a⌊i⌉ := e) = A a ⊔ A i ⊔ A e"
| "A (a∙length) = A a"
| "A (e∙F{D}) = A e"
| "A (e₁∙F{D}:=e₂) = A e₁ ⊔ A e₂"
| "A (e1∙compareAndSwap(D∙F, e2, e3)) = A e1 ⊔ A e2 ⊔ A e3"
| "A (e∙M(es)) = A e ⊔ As es"
| "A ({V:T=vo; e}) = A e ⊖ V"
| "A (sync (o') e) = A o' ⊔ A e"
| "A (insync (a) e) = A e"
| "A (e₁;;e₂) = A e₁ ⊔ A e₂"
| "A (if (e) e₁ else e₂) = A e ⊔ (A e₁ ⊓ A e₂)"
| "A (while (b) e) = A b"
| "A (throw e) = None"
| "A (try e₁ catch(C V) e₂) = A e₁ ⊓ (A e₂ ⊖ V)"

| "As ([]) = ⌊{}⌋"
| "As (e#es) = A e ⊔ As es"

primrec D  :: "('a,'b,'addr) exp ==> 'a hyperset ==> bool"
  and Ds :: "('a,'b,'addr) exp list ==> 'a hyperset ==> bool"
where
  "D (new C) A = True"
| "D (newA T⌊e⌉) A = D e A"
| "D (Cast C e) A = D e A"
| "D (e instanceof T) = D e"
| "D (Val v) A = True"
| "D (e₁ «bop¬ e₂) A = (D e₁ A ∧ D e₂ (A ⊔ A e₁))"
| "D (Var V) A = (V ∈∈ A)"
| "D (LAss V e) A = D e A"
| "D (a⌊i⌉) A = (D a A ∧ D i (A ⊔ A a))"
| "D (a⌊i⌉ := e) A = (D a A ∧ D i (A ⊔ A a) ∧ D e (A ⊔ A a ⊔ A i))"
| "D (a∙length) A = D a A"
| "D (e∙F{D}) A = D e A"
| "D (e₁∙F{D}:=e₂) A = (D e₁ A ∧ D e₂ (A ⊔ A e₁))"
| "D (e1∙compareAndSwap(D∙F, e2, e3)) A = (D e1 A ∧ D e2 (A ⊔ A e1) ∧ D e3 (A ⊔ A e1 ⊔ A e2))"
| "D (e∙M(es)) A = (D e A ∧ Ds es (A ⊔ A e))"
| "D ({V:T=vo; e}) A = (if vo = None then D e (A ⊖ V) else D e (A ⊔ ⌊{V}⌋))"
| "D (sync (o') e) A = (D o' A ∧ D e (A ⊔ A o'))"
| "D (insync (a) e) A = D e A"
| "D (e₁;;e₂) A = (D e₁ A ∧ D e₂ (A ⊔ A e₁))"
| "D (if (e) e₁ else e₂) A = (D e A ∧ D e₁ (A ⊔ A e) ∧ D e₂ (A ⊔ A e))"
| "D (while (e) c) A = (D e A ∧ D c (A ⊔ A e))"
| "D (throw e) A = D e A"
| "D (try e₁ catch(C V) e₂) A = (D e₁ A ∧ D e₂ (A ⊔ ⌊{V}⌋))"

| "Ds ([]) A = True"
| "Ds (e#es) A = (D e A ∧ Ds es (A ⊔ A e))"

lemma As_map_Val[simp]: "As (map Val vs) = ⌊{}⌋"
(*<*)by (induct vs) simp_all(*>*)

lemma As_append [simp]: "As (xs @ ys) = (As xs) ⊔ (As ys)"
by(induct xs, auto simp add: hyperset_defs)

lemma Ds_map_Val[simp]: "Ds (map Val vs) A"
(*<*)by (induct vs) simp_all(*>*)

lemma D_append[iff]: "∧A. Ds (es @ es') A = (Ds es A ∧ Ds es' (A ⊔ As es))"
(*<*)by (induct es type:list) (auto simp:hyperUn_assoc)(*>*)


lemma fixes e :: "('a,'b,'addr) exp" and es :: "('a,'b,'addr) exp list"
  shows A_fv: "∧A. A e = ⌊A⌋ ==> A ⊆ fv e"
  and  "∧A. As es = ⌊A⌋ ==> A ⊆ fvs es"
apply(induct e and es rule: A.induct As.induct)
apply (simp_all add:hyperset_defs)
apply fast+
done


lemma sqUn_lem: "A ⊑ A' ==> A ⊔ B ⊑ A' ⊔ B"
(*<*)by(simp add:hyperset_defs) blast(*>*)

lemma diff_lem: "A ⊑ A' ==> A ⊖ b ⊑ A' ⊖ b"
(*<*)by(simp add:hyperset_defs) blast(*>*)

(* This order of the premises avoids looping of the simplifier *)
lemma fixes e :: "('a, 'b, 'addr) exp" and es :: "('a, 'b, 'addr) exp list"
  shows D_mono: "∧A A'. A ⊑ A' ==> D e A ==> D e A'"
  and Ds_mono: "∧A A'. A ⊑ A' ==> Ds es A ==> Ds es A'"
(*<*)
apply(induct e and es rule: D.induct Ds.induct)
subgoal by simp
subgoal by simp
subgoal by simp
subgoal by simp
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
subgoal by(fastforce simp add:hyperset_defs)
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp (iprover dest: sqUn_lem)
subgoal 
  apply(clarsimp split: if_split_asm) 
  apply (iprover dest:diff_lem) 
  apply(iprover dest: sqUn_lem)
  done
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
subgoal by simp
subgoal by simp (iprover dest:sqUn_lem)
done
(*>*)

(* And this is the order of premises preferred during application: *)
lemma D_mono': "D e A ==> A ⊑ A' ==> D e A'"
and Ds_mono': "Ds es A ==> A ⊑ A' ==> Ds es A'"
(*<*)by(blast intro:D_mono, blast intro:Ds_mono)(*>*)

declare hyperUn_comm [simp]
declare hyperUn_leftComm [simp]

end