wneuper/isa: src/HOL/IMP/Abs_Int1_ivl.thy@054a9ac0d7ef (annotated)

nipkow@45963	1	(* Author: Tobias Nipkow *)
nipkow@45963	2
nipkow@45963	3	theory Abs_Int1_ivl
nipkow@45963	4	imports Abs_Int1
nipkow@45963	5	begin
nipkow@45963	6
nipkow@45963	7	subsection "Interval Analysis"
nipkow@45963	8
nipkow@45963	9	datatype ivl = I "int option" "int option"
nipkow@45963	10
nipkow@45963	11	definition "rep_ivl i = (case i of
nipkow@45963	12	I (Some l) (Some h) \<Rightarrow> {l..h} \|
nipkow@45963	13	I (Some l) None \<Rightarrow> {l..} \|
nipkow@45963	14	I None (Some h) \<Rightarrow> {..h} \|
nipkow@45963	15	I None None \<Rightarrow> UNIV)"
nipkow@45963	16
nipkow@45963	17	definition "num_ivl n = I (Some n) (Some n)"
nipkow@45963	18
nipkow@45963	19	instantiation option :: (plus)plus
nipkow@45963	20	begin
nipkow@45963	21
nipkow@45963	22	fun plus_option where
nipkow@45963	23	"Some x + Some y = Some(x+y)" \|
nipkow@45963	24	"_ + _ = None"
nipkow@45963	25
nipkow@45963	26	instance proof qed
nipkow@45963	27
nipkow@45963	28	end
nipkow@45963	29
nipkow@45963	30	definition empty where "empty = I (Some 1) (Some 0)"
nipkow@45963	31
nipkow@45963	32	fun is_empty where
nipkow@45963	33	"is_empty(I (Some l) (Some h)) = (h<l)" \|
nipkow@45963	34	"is_empty _ = False"
nipkow@45963	35
nipkow@45963	36	lemma [simp]: "is_empty(I l h) =
nipkow@45963	37	(case l of Some l \<Rightarrow> (case h of Some h \<Rightarrow> h<l \| None \<Rightarrow> False) \| None \<Rightarrow> False)"
nipkow@45963	38	by(auto split:option.split)
nipkow@45963	39
nipkow@45963	40	lemma [simp]: "is_empty i \<Longrightarrow> rep_ivl i = {}"
nipkow@45963	41	by(auto simp add: rep_ivl_def split: ivl.split option.split)
nipkow@45963	42
nipkow@45963	43	definition "plus_ivl i1 i2 = (if is_empty i1 \| is_empty i2 then empty else
nipkow@45963	44	case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow> I (l1+l2) (h1+h2))"
nipkow@45963	45
nipkow@45963	46	instantiation ivl :: SL_top
nipkow@45963	47	begin
nipkow@45963	48
nipkow@45963	49	definition le_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> bool" where
nipkow@45963	50	"le_option pos x y =
nipkow@45963	51	(case x of (Some i) \<Rightarrow> (case y of Some j \<Rightarrow> i\<le>j \| None \<Rightarrow> pos)
nipkow@45963	52	\| None \<Rightarrow> (case y of Some j \<Rightarrow> \<not>pos \| None \<Rightarrow> True))"
nipkow@45963	53
nipkow@45963	54	fun le_aux where
nipkow@45963	55	"le_aux (I l1 h1) (I l2 h2) = (le_option False l2 l1 & le_option True h1 h2)"
nipkow@45963	56
nipkow@45963	57	definition le_ivl where
nipkow@45963	58	"i1 \<sqsubseteq> i2 =
nipkow@45963	59	(if is_empty i1 then True else
nipkow@45963	60	if is_empty i2 then False else le_aux i1 i2)"
nipkow@45963	61
nipkow@45963	62	definition min_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> int option" where
nipkow@45963	63	"min_option pos o1 o2 = (if le_option pos o1 o2 then o1 else o2)"
nipkow@45963	64
nipkow@45963	65	definition max_option :: "bool \<Rightarrow> int option \<Rightarrow> int option \<Rightarrow> int option" where
nipkow@45963	66	"max_option pos o1 o2 = (if le_option pos o1 o2 then o2 else o1)"
nipkow@45963	67
nipkow@45963	68	definition "i1 \<squnion> i2 =
nipkow@45963	69	(if is_empty i1 then i2 else if is_empty i2 then i1
nipkow@45963	70	else case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow>
nipkow@45963	71	I (min_option False l1 l2) (max_option True h1 h2))"
nipkow@45963	72
nipkow@45963	73	definition "\<top> = I None None"
nipkow@45963	74
nipkow@45963	75	instance
nipkow@45963	76	proof
nipkow@45963	77	case goal1 thus ?case
nipkow@45963	78	by(cases x, simp add: le_ivl_def le_option_def split: option.split)
nipkow@45963	79	next
nipkow@45963	80	case goal2 thus ?case
nipkow@45963	81	by(cases x, cases y, cases z, auto simp: le_ivl_def le_option_def split: option.splits if_splits)
nipkow@45963	82	next
nipkow@45963	83	case goal3 thus ?case
nipkow@45963	84	by(cases x, cases y, simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45963	85	next
nipkow@45963	86	case goal4 thus ?case
nipkow@45963	87	by(cases x, cases y, simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45963	88	next
nipkow@45963	89	case goal5 thus ?case
nipkow@45963	90	by(cases x, cases y, cases z, auto simp add: le_ivl_def join_ivl_def le_option_def min_option_def max_option_def split: option.splits if_splits)
nipkow@45963	91	next
nipkow@45963	92	case goal6 thus ?case
nipkow@45963	93	by(cases x, simp add: Top_ivl_def le_ivl_def le_option_def split: option.split)
nipkow@45963	94	qed
nipkow@45963	95
nipkow@45963	96	end
nipkow@45963	97
nipkow@45963	98
nipkow@45963	99	instantiation ivl :: L_top_bot
nipkow@45963	100	begin
nipkow@45963	101
nipkow@45963	102	definition "i1 \<sqinter> i2 = (if is_empty i1 \<or> is_empty i2 then empty else
nipkow@45963	103	case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow>
nipkow@45963	104	I (max_option False l1 l2) (min_option True h1 h2))"
nipkow@45963	105
nipkow@45963	106	definition "\<bottom> = empty"
nipkow@45963	107
nipkow@45963	108	instance
nipkow@45963	109	proof
nipkow@45963	110	case goal1 thus ?case
nipkow@45963	111	by (simp add:meet_ivl_def empty_def meet_ivl_def le_ivl_def le_option_def max_option_def min_option_def split: ivl.splits option.splits)
nipkow@45963	112	next
nipkow@45963	113	case goal2 thus ?case
nipkow@45963	114	by (simp add:meet_ivl_def empty_def meet_ivl_def le_ivl_def le_option_def max_option_def min_option_def split: ivl.splits option.splits)
nipkow@45963	115	next
nipkow@45963	116	case goal3 thus ?case
nipkow@45963	117	by (cases x, cases y, cases z, auto simp add: le_ivl_def meet_ivl_def empty_def le_option_def max_option_def min_option_def split: option.splits if_splits)
nipkow@45963	118	next
nipkow@45963	119	case goal4 show ?case by(cases x, simp add: bot_ivl_def empty_def le_ivl_def)
nipkow@45963	120	qed
nipkow@45963	121
nipkow@45963	122	end
nipkow@45963	123
nipkow@45963	124	instantiation option :: (minus)minus
nipkow@45963	125	begin
nipkow@45963	126
nipkow@45963	127	fun minus_option where
nipkow@45963	128	"Some x - Some y = Some(x-y)" \|
nipkow@45963	129	"_ - _ = None"
nipkow@45963	130
nipkow@45963	131	instance proof qed
nipkow@45963	132
nipkow@45963	133	end
nipkow@45963	134
nipkow@45963	135	definition "minus_ivl i1 i2 = (if is_empty i1 \| is_empty i2 then empty else
nipkow@45963	136	case (i1,i2) of (I l1 h1, I l2 h2) \<Rightarrow> I (l1-h2) (h1-l2))"
nipkow@45963	137
nipkow@45963	138	lemma rep_minus_ivl:
nipkow@45963	139	"n1 : rep_ivl i1 \<Longrightarrow> n2 : rep_ivl i2 \<Longrightarrow> n1-n2 : rep_ivl(minus_ivl i1 i2)"
nipkow@45963	140	by(auto simp add: minus_ivl_def rep_ivl_def split: ivl.splits option.splits)
nipkow@45963	141
nipkow@45963	142
nipkow@45963	143	definition "filter_plus_ivl i i1 i2 = ((if is_empty i then empty else)
nipkow@45963	144	i1 \<sqinter> minus_ivl i i2, i2 \<sqinter> minus_ivl i i1)"
nipkow@45963	145
nipkow@45963	146	fun filter_less_ivl :: "bool \<Rightarrow> ivl \<Rightarrow> ivl \<Rightarrow> ivl * ivl" where
nipkow@45963	147	"filter_less_ivl res (I l1 h1) (I l2 h2) =
nipkow@45963	148	(if is_empty(I l1 h1) \<or> is_empty(I l2 h2) then (empty, empty) else
nipkow@45963	149	if res
nipkow@45963	150	then (I l1 (min_option True h1 (h2 - Some 1)),
nipkow@45963	151	I (max_option False (l1 + Some 1) l2) h2)
nipkow@45963	152	else (I (max_option False l1 l2) h1, I l2 (min_option True h1 h2)))"
nipkow@45963	153
nipkow@45963	154	interpretation Rep rep_ivl
nipkow@45963	155	proof
nipkow@45963	156	case goal1 thus ?case
nipkow@45963	157	by(auto simp: rep_ivl_def le_ivl_def le_option_def split: ivl.split option.split if_splits)
nipkow@45963	158	next
nipkow@45963	159	case goal2 show ?case by(simp add: rep_ivl_def Top_ivl_def)
nipkow@45963	160	qed
nipkow@45963	161
nipkow@45963	162	interpretation Val_abs rep_ivl num_ivl plus_ivl
nipkow@45963	163	proof
nipkow@45963	164	case goal1 thus ?case by(simp add: rep_ivl_def num_ivl_def)
nipkow@45963	165	next
nipkow@45963	166	case goal2 thus ?case
nipkow@45963	167	by(auto simp add: rep_ivl_def plus_ivl_def split: ivl.split option.splits)
nipkow@45963	168	next
nipkow@45963	169	case goal3 thus ?case
nipkow@45963	170	by(auto simp: plus_ivl_def le_ivl_def le_option_def empty_def split: if_splits ivl.splits option.splits)
nipkow@45963	171	qed
nipkow@45963	172
nipkow@45963	173	interpretation Rep1 rep_ivl
nipkow@45963	174	proof
nipkow@45963	175	case goal1 thus ?case
nipkow@45963	176	by(auto simp add: rep_ivl_def meet_ivl_def empty_def min_option_def max_option_def split: ivl.split option.split)
nipkow@45963	177	next
nipkow@45963	178	case goal2 show ?case by(auto simp add: bot_ivl_def rep_ivl_def empty_def)
nipkow@45963	179	qed
nipkow@45963	180
nipkow@45963	181	lemma mono_minus_ivl:
nipkow@45963	182	"i1 \<sqsubseteq> i1' \<Longrightarrow> i2 \<sqsubseteq> i2' \<Longrightarrow> minus_ivl i1 i2 \<sqsubseteq> minus_ivl i1' i2'"
nipkow@45963	183	apply(auto simp add: minus_ivl_def empty_def le_ivl_def le_option_def split: ivl.splits)
nipkow@45963	184	apply(simp split: option.splits)
nipkow@45963	185	apply(simp split: option.splits)
nipkow@45963	186	apply(simp split: option.splits)
nipkow@45963	187	done
nipkow@45963	188
nipkow@45963	189
nipkow@45963	190	interpretation
nipkow@45963	191	Val_abs1 rep_ivl num_ivl plus_ivl filter_plus_ivl filter_less_ivl
nipkow@45963	192	proof
nipkow@45963	193	case goal1 thus ?case
nipkow@45963	194	by(auto simp add: filter_plus_ivl_def)
nipkow@45963	195	(metis rep_minus_ivl add_diff_cancel add_commute)+
nipkow@45963	196	next
nipkow@45963	197	case goal2 thus ?case
nipkow@45963	198	by(cases a1, cases a2,
nipkow@45963	199	auto simp: rep_ivl_def min_option_def max_option_def le_option_def split: if_splits option.splits)
nipkow@45963	200	next
nipkow@45963	201	case goal3 thus ?case
nipkow@45963	202	by(auto simp: filter_plus_ivl_def le_prod_def mono_meet mono_minus_ivl)
nipkow@45963	203	next
nipkow@45963	204	case goal4 thus ?case
nipkow@45963	205	apply(cases a1, cases b1, cases a2, cases b2, auto simp: le_prod_def)
nipkow@45963	206	by(auto simp add: empty_def le_ivl_def le_option_def min_option_def max_option_def split: option.splits)
nipkow@45963	207	qed
nipkow@45963	208
nipkow@45963	209	interpretation
nipkow@45963	210	Abs_Int1 rep_ivl num_ivl plus_ivl filter_plus_ivl filter_less_ivl "(iter 20)"
nipkow@45963	211	defines afilter_ivl is afilter
nipkow@45963	212	and bfilter_ivl is bfilter
nipkow@45963	213	and step_ivl is step
nipkow@45963	214	and AI_ivl is AI
nipkow@45963	215	and aval_ivl is aval'
nipkow@45963	216	proof qed (auto simp: iter_pfp strip_iter)
nipkow@45963	217
nipkow@45963	218	definition "test1_ivl =
nipkow@45963	219	''y'' ::= N 7;
nipkow@45963	220	IF Less (V ''x'') (V ''y'')
nipkow@45963	221	THEN ''y'' ::= Plus (V ''y'') (V ''x'')
nipkow@45963	222	ELSE ''x'' ::= Plus (V ''x'') (V ''y'')"
nipkow@45963	223
nipkow@45963	224	translations
nipkow@45963	225	"{i..j}" <= "CONST I (CONST Some i) (CONST Some j)"
nipkow@45963	226	"{..j}" <= "CONST I (CONST None) (CONST Some j)"
nipkow@45963	227	"{i..}" <= "CONST I (CONST Some i) (CONST None)"
nipkow@45963	228	"CONST UNIV" <= "CONST I (CONST None) (CONST None)"
nipkow@45963	229
nipkow@45963	230	value [code] "show_acom (AI_ivl test1_ivl)"
nipkow@45963	231
nipkow@45963	232	value [code] "show_acom (AI_const test3_const)"
nipkow@45963	233	value [code] "show_acom (AI_ivl test3_const)"
nipkow@45963	234
nipkow@45963	235	value [code] "show_acom (AI_const test4_const)"
nipkow@45963	236	value [code] "show_acom (AI_ivl test4_const)"
nipkow@45963	237
nipkow@45963	238	value [code] "show_acom (AI_ivl test6_const)"
nipkow@45963	239
nipkow@45963	240	definition "test2_ivl =
nipkow@45963	241	WHILE Less (V ''x'') (N 100)
nipkow@45963	242	DO ''x'' ::= Plus (V ''x'') (N 1)"
nipkow@45963	243
nipkow@45963	244	value [code] "show_acom (AI_ivl test2_ivl)"
nipkow@45963	245
nipkow@45963	246	definition "test3_ivl =
nipkow@45963	247	''x'' ::= N 7;
nipkow@45963	248	WHILE Less (V ''x'') (N 100)
nipkow@45963	249	DO ''x'' ::= Plus (V ''x'') (N 1)"
nipkow@45963	250
nipkow@45963	251	value [code] "show_acom (AI_ivl test3_ivl)"
nipkow@45963	252	value [code] "show_acom (((step_ivl \<top>)^^0) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45963	253	value [code] "show_acom (((step_ivl \<top>)^^1) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45963	254	value [code] "show_acom (((step_ivl \<top>)^^2) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45963	255	value [code] "show_acom (((step_ivl \<top>)^^3) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45963	256	value [code] "show_acom (((step_ivl \<top>)^^4) (\<bottom>\<^sub>c test3_ivl))"
nipkow@45963	257
nipkow@45963	258	definition "test4_ivl =
nipkow@45963	259	''x'' ::= N 0; ''y'' ::= N 100; ''z'' ::= Plus (V ''x'') (V ''y'');
nipkow@45963	260	WHILE Less (V ''x'') (N 11)
nipkow@45963	261	DO (''x'' ::= Plus (V ''x'') (N 1); ''y'' ::= Plus (V ''y'') (N -1))"
nipkow@45963	262	value [code] "show_acom(AI_ivl test4_ivl)"
nipkow@45963	263
nipkow@45963	264	definition "test5_ivl =
nipkow@45963	265	''x'' ::= N 0; ''y'' ::= N 0;
nipkow@45963	266	WHILE Less (V ''x'') (N 1001)
nipkow@45963	267	DO (''y'' ::= V ''x''; ''x'' ::= Plus (V ''x'') (N 1))"
nipkow@45963	268	value [code] "show_acom(AI_ivl test5_ivl)"
nipkow@45963	269
nipkow@45963	270	text{* Nontermination not detected: *}
nipkow@45963	271	definition "test6_ivl =
nipkow@45963	272	''x'' ::= N 0;
nipkow@45963	273	WHILE Less (V ''x'') (N 1) DO ''x'' ::= Plus (V ''x'') (N -1)"
nipkow@45963	274	value [code] "show_acom(AI_ivl test6_ivl)"
nipkow@45963	275
nipkow@45963	276	end

author	nipkow
	Wed, 28 Sep 2011 09:55:11 +0200
changeset 45963	054a9ac0d7ef
child 45965	2a0d7be998bb
permissions	-rw-r--r--