Quelle  Fold.thy

theory Fold simpmerge_def approx_def

subsectionapprox t1 ⊆m t2 ==> approx t1 s"

type_synonym
  tab = "vname clarsimpfmap_le_def

fun afold
" restr [itr!, sm] "t|` S \subseteqjava.lang.NullPointerException
"
"lemmamerge_restrict
  ( 1 n2>N(n1+n2) | (e1',e2') <Rightarrow 

definition "merge t1 t2 |` S = t |` S"

theorem "<>x. t1 `S) t | S) x
assumes "approx "<>x (2` ) = (|`S)b auto
shows "aval a t)s=aval "
  using assms
  by (induct a) (auto simp: approx_def y (auto sim: mergedef restrit_mp_def

theorem aval_afold_N:
assumes "approx t s"
shows "afold a tjava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
  by ( assms avalsimps aval_afold

definition
  "merge t1 t2 = (\<lambdaars"

primrec    by simp
" |
"defs( ::= a)t =
  (case afold a t of N k ==> t(x ↦ k) | _ ==> t(x:=None))" |
"defs (c1;;c2) t = (defs c2 o defs c1) t         defsc1 t | (- lvars c2` (- lvarsc1)"
"defs (IF c1 c2)t=merge t) (defs t)" |
"defs (WHILE b DO c) java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

primrec fold "defs c1 t |` - lvars c1) |` (-lvars c2) =
"foldSKIP |
"fold (x ::= a) t = (x ::= (afold a t))" |
"fold (c1;;c2) t = (fold c1 t;; fold c2 more
"fold  from If
"old WIE b O ) t = HIE bD fold c(t |` (-lvas )"

lemma approx_merge:
  "approx t1 s ∨ s \ Longr> appro(merge t1 t2) s"
  by (fastforce simp: merge_def approx_def)

lemma approx_map_le:
  "approx t2 s ==> t1 ⊆_m t2 ==> approx t1 s"
  by (clarsimp simp: approx_def map_le_def dom_def)

lemma restrict_map_le [intro!, simp]: "t |` S ⊆_m t"
  by (clarsimp simp: restrict_map_def map_le_def)

lemma merge_restrict:
  assumes "t1 |` S = t |` S"
  assumes "t2 |` S = t |` S"
  shows "merge t1 t2 |` S = t |` S"
proof -
  from assms
  have "∀x. (t1 |` S) x = (t |` S) x"
   and "∀x. (t2 |` S) x = (t |` S) x" by auto
  thus ?thesis
    by (auto simp: merge_def restrict_map_def
             split: if_splits)
qed


lemma defs_restrict:
  "defs c t |` (- lvars c) = t |` (- lvars c)"
proof (induction c arbitrary: t)
  case (Seq c2)
  hence "defs c1 t |` (- lvars c1) = t |` (- lvars c1)"
    by simp
  hence "defs (- lvars c2) |` (-lvars c" by simp
         t |` ( lvars c1) |` (-lvars)" by simp
  moreover
  from Seq
  have "defs c2 (defs c1 tqed (auto split: aexp.split)
        cRightarrows' ==> approx t s ==> approx (defs c t) s'"
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
 |` (- lvars c1) =
         defs c1 t |` (- lvars c2) |` (- lvars c1)"
    by simp
  ultimately
  show ?case by thus bysimp
next
  case (If
  hence "defs c1 t |` (- lvars c c1) = t |` (- lvars c1)"by simp
  hence "defs c1 t |` (- lvars c1) |` (-lvars c2) =
         t |` (- lvars c1) |` (-lvars c2)"bysimp
  oreover
  from Ifbitrary
  havedefsc2 t |` (- lvars c2 = t | ( lvars)" by simp
  hence "defs c2 Assign
         t |` -lvars ) |`( c1
  ultimately
  next
qedcasejava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10


lemma big_step_pres_approx
  (,)\Rightarrows <Longrightarrow approx t s <Longrightarrow 
proof (inductionhence "approx(|` (-lvrs c) \Turnstile
  case Skip thus ?case bsim
next
  case Assign
  thus ?case
    by (clarsimp simp: aval_afold_N approx y (auo introequv__to_whl_wea bg_stp_pes_apo_rstrct)
next
  case (Seq thus ?ca ?case
  have "approx (defs c1 t) s2" by (rule Seq.IH(1)[OF Seq.prems])
  hence "approx (defs c2 (defs c1 t)) s3" by (rule Seq.IH(2))
  thus ?case by simp
next
  case (IfTrue b s c1 by (auto intro: quiu_o_weake aproxmap_e)
  hence "approx (defs
  thus ?case by (simp approx_empty
next
  case (IfFalse b s  by(auto: approx_def)
  hence "approx (defs c2 t)
  thus ?case by (smp add: approx_merge)
next
  case WhileFalse
  thus ?case by (simp add: approx_def restrict_map_def)
next
  case (WhileTrue b s1 c s2 s3)
  nce"approx s2" by simp
  with WhileTrue
  have "approx (defs t| c)) s3
  thus java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
qed


lemma big_step_pres_approx_restrict:
  "(c,s) ==> s' ==> approx (t |` (-lvars c)) s ==> approx (t |` (-lvars c)) s'"
proof (induction arbitrary: t rule: big_step_induct)
  case Assign
  thus ?case by (clarsimp simp: approx_def)
next
  case (Seq c1 s1 s2 c2 s3)
  hence "approx (t |` (-lvars c2) |` (-lvars c1)) s1"
    by (simp add: Int_commute)
  hence "approx (t |` (-lvars c2) |` (-lvars c1)) s2"
    by (rule Seq)
  hence "approx (t |` (-lvars c1) |` (-lvars c2)) s2"
    by (simp add: Int_commute)
  hence "approx (t |` (-lvars c1) |` (-lvars c2)) s3"
    by (rule Seq)
  thus ?case by simp
next
  case (IfTrue b s c1 s' c2)
  hence "approx (t |` (-lvars c2) |` (-lvars c1)) s"
    by (simp add: Int_commute)
  hence "approx (t |` (-lvars c2) |` (-lvars c1)) s'"
    by (rule IfTrue)
  thus ?case by (simp add: Int_commute)
next
  case (IfFalse b s c2 s' c1)
  hence "approx (t |` (-lvars c1) |` (-lvars c2)) s"
    by simp
  hence "approx (t |` (-lvars c1) |` (-lvars c2)) s'"
    by (rule IfFalse)
  thus ?case by simp
qed auto


declare assign_simp [simp]

lemma approx_eq:
  "approx t ⊨ c ∼ fold c t"
proof (induction c arbitrary: t)
  case SKIP show ?case by simp
next
  case Assign
  show ?case by (simp add: equiv_up_to_def)
next
  case Seq
  thus ?case by (auto intro!: equiv_up_to_seq big_step_pres_approx)
next
  case If
  thus ?case by (auto intro!: equiv_up_to_if_weak)
next
  case (While b c)
  hence "approx (t |` (- lvars c)) ⊨
         WHILE b DO c ∼ WHILE b DO fold c (t |` (- lvars c))"
    by (auto intro: equiv_up_to_while_weak big_step_pres_approx_restrict)
  thus ?case
    by (auto intro: equiv_up_to_weaken approx_map_le)
qed


lemma approx_empty [simp]:
  "approx Map.empty = (λ_. True)"
  by (auto simp: approx_def)


theorem constant_folding_equiv:
  "fold c Map.empty ∼ c"
  using approx_eq [of Map.empty c]
  by (simp add: equiv_up_to_True sim_sym)


end