wneuper/isa: comparison src/HOL/IMP/Compiler.thy

equal deleted inserted replaced

-:eeba70379f1a
+:a666b8d11252
 (* Author: Tobias Nipkow *)
 header "A Compiler for IMP"
 theory Compiler imports Big_Step
 begin
+subsection "List setup"
+text {*
+We are going to define a small machine language where programs are
+lists of instructions. For nicer algebraic properties in our lemmas
+later, we prefer @{typ int} to @{term nat} as program counter.
+Therefore, we define notation for size and indexing for lists
+on @{typ int}:
+*}
+abbreviation "isize xs == int (length xs)"
+primrec
+inth :: "'a list => int => 'a" (infixl "!!" 100) where
+inth_Cons: "(x # xs) !! n = (if n = 0 then x else xs !! (n - 1))"
+text {*
+The only additional lemma we need is indexing over append:
+*}
+lemma inth_append [simp]:
+"0 \<le> n \<Longrightarrow>
+(xs @ ys) !! n = (if n < isize xs then xs !! n else ys !! (n - isize xs))"
+by (induct xs arbitrary: n) (auto simp: algebra_simps)
 subsection "Instructions and Stack Machine"
 datatype instr =
-LOADI int | LOAD string | ADD |
+LOADI int |
+LOAD string |
+ADD |
 STORE string |
-JMPF nat |
+JMP int |
-JMPB nat |
+JMPFLESS int |
-JMPFLESS nat |
+JMPFGE int
-JMPFGE nat
+(* reads slightly nicer *)
-type_synonym stack = "int list"
+abbreviation
-type_synonym config = "nat\<times>state\<times>stack"
+"JMPB i == JMP (-i)"
+type_synonym stack = "val list"
+type_synonym config = "int\<times>state\<times>stack"
 abbreviation "hd2 xs == hd(tl xs)"
 abbreviation "tl2 xs == tl(tl xs)"
-inductive exec1 :: "instr list \<Rightarrow> config \<Rightarrow> config \<Rightarrow> bool"
+inductive iexec1 :: "instr \<Rightarrow> config \<Rightarrow> config \<Rightarrow> bool"
-("(_/ \<turnstile> (_ \<rightarrow>/ _))" [50,0,0] 50)
+("(_/ \<turnstile>i (_ \<rightarrow>/ _))" [50,0,0] 50)
-for P :: "instr list"
 where
-"\<lbrakk> i < size P;  P!i = LOADI n \<rbrakk> \<Longrightarrow>
+"LOADI n \<turnstile>i (i,s,stk) \<rightarrow> (i+1,s, n#stk)" |
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1,s, n#stk)" |
+"LOAD x  \<turnstile>i (i,s,stk) \<rightarrow> (i+1,s, s x # stk)" |
-"\<lbrakk> i < size P;  P!i = LOAD x \<rbrakk> \<Longrightarrow>
+"ADD     \<turnstile>i (i,s,stk) \<rightarrow> (i+1,s, (hd2 stk + hd stk) # tl2 stk)" |
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1,s, s x # stk)" |
+"STORE n \<turnstile>i (i,s,stk) \<rightarrow> (i+1,s(n := hd stk),tl stk)" |
-"\<lbrakk> i < size P;  P!i = ADD \<rbrakk> \<Longrightarrow>
+"JMP n   \<turnstile>i (i,s,stk) \<rightarrow> (i+1+n,s,stk)" |
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1,s, (hd2 stk + hd stk) # tl2 stk)" |
+"JMPFLESS n \<turnstile>i (i,s,stk) \<rightarrow> (if hd2 stk < hd stk then i+1+n else i+1,s,tl2 stk)" |
-"\<lbrakk> i < size P;  P!i = STORE n \<rbrakk> \<Longrightarrow>
+"JMPFGE n \<turnstile>i (i,s,stk) \<rightarrow> (if hd2 stk >= hd stk then i+1+n else i+1,s,tl2 stk)"
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1,s(n := hd stk),tl stk)" |
-"\<lbrakk> i < size P;  P!i = JMPF n \<rbrakk> \<Longrightarrow>
+code_pred iexec1 .
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1+n,s,stk)" |
-"\<lbrakk> i < size P;  P!i = JMPB n;  n \<le> i+1 \<rbrakk> \<Longrightarrow>
+declare iexec1.intros
-P \<turnstile> (i,s,stk) \<rightarrow> (i+1-n,s,stk)" |
-"\<lbrakk> i < size P;  P!i = JMPFLESS n \<rbrakk> \<Longrightarrow>
+(* FIXME: why does code gen not work with fun? *)
-P \<turnstile> (i,s,stk) \<rightarrow> (if hd2 stk < hd stk then i+1+n else i+1,s,tl2 stk)" |
+inductive
-"\<lbrakk> i < size P;  P!i = JMPFGE n \<rbrakk> \<Longrightarrow>
+exec1 :: "instr list \<Rightarrow> config \<Rightarrow> config \<Rightarrow> bool"
-P \<turnstile> (i,s,stk) \<rightarrow> (if hd2 stk >= hd stk then i+1+n else i+1,s,tl2 stk)"
+("(_/ \<turnstile> (_ \<rightarrow>/ _))" [50,0,0] 50) where
+"\<lbrakk> P!!i \<turnstile>i (i,s,stk) \<rightarrow> c'; 0 \<le> i; i < isize P \<rbrakk> \<Longrightarrow> P \<turnstile> (i,s,stk) \<rightarrow> c'"
 code_pred exec1 .
-declare exec1.intros[intro]
+declare exec1.intros [intro!]
+inductive_cases exec1_elim [elim!]: "P \<turnstile> c \<rightarrow> c'"
+lemma exec1_simp [simp]:
+"P \<turnstile> c \<rightarrow> c' =
+(\<exists>i s stk. c = (i,s,stk) \<and> P!!i \<turnstile>i (i,s,stk) \<rightarrow> c' \<and> 0 \<le> i \<and> i < isize P)"
+by auto
 inductive exec :: "instr list \<Rightarrow> config \<Rightarrow> config \<Rightarrow> bool" ("_/ \<turnstile> (_ \<rightarrow>*/ _)" 50)
 where
 refl: "P \<turnstile> c \<rightarrow>* c" |
 step: "P \<turnstile> c \<rightarrow> c' \<Longrightarrow> P \<turnstile> c' \<rightarrow>* c'' \<Longrightarrow> P \<turnstile> c \<rightarrow>* c''"
-declare exec.intros[intro]
+declare refl[intro] step[intro]
 lemmas exec_induct = exec.induct[split_format(complete)]
 code_pred exec .
 subsection{* Verification infrastructure *}
 lemma exec_trans: "P \<turnstile> c \<rightarrow>* c' \<Longrightarrow> P \<turnstile> c' \<rightarrow>* c'' \<Longrightarrow> P \<turnstile> c \<rightarrow>* c''"
-apply(induct rule: exec.induct)
+by (induct rule: exec.induct) fastsimp+
-apply blast
-by (metis exec.step)
+inductive_cases iexec1_cases [elim!]:
+"LOADI n \<turnstile>i c \<rightarrow> c'"
-lemma exec1_subst: "P \<turnstile> c \<rightarrow> c' \<Longrightarrow> c' = c'' \<Longrightarrow> P \<turnstile> c \<rightarrow> c''"
+"LOAD x  \<turnstile>i c \<rightarrow> c'"
-by auto
+"ADD     \<turnstile>i c \<rightarrow> c'"
+"STORE n \<turnstile>i c \<rightarrow> c'"
-lemmas exec1_simps = exec1.intros[THEN exec1_subst]
+"JMP n   \<turnstile>i c \<rightarrow> c'"
+"JMPFLESS n \<turnstile>i c \<rightarrow> c'"
+"JMPFGE n \<turnstile>i c \<rightarrow> c'"
+text {* Simplification rules for @{const iexec1}. *}
+lemma iexec1_simps [simp]:
+"LOADI n \<turnstile>i c \<rightarrow> c' = (\<exists>i s stk. c = (i, s, stk) \<and> c' = (i + 1, s, n # stk))"
+"LOAD x \<turnstile>i c \<rightarrow> c' = (\<exists>i s stk. c = (i, s, stk) \<and> c' = (i + 1, s, s x # stk))"
+"ADD \<turnstile>i c \<rightarrow> c' =
+(\<exists>i s stk. c = (i, s, stk) \<and> c' = (i + 1, s, (hd2 stk + hd stk) # tl2 stk))"
+"STORE x \<turnstile>i c \<rightarrow> c' =
+(\<exists>i s stk. c = (i, s, stk) \<and> c' = (i + 1, s(x \<rightarrow> hd stk), tl stk))"
+"JMP n \<turnstile>i c \<rightarrow> c' = (\<exists>i s stk. c = (i, s, stk) \<and> c' = (i + 1 + n, s, stk))"
+"JMPFLESS n \<turnstile>i c \<rightarrow> c' =
+(\<exists>i s stk. c = (i, s, stk) \<and>
+c' = (if hd2 stk < hd stk then i + 1 + n else i + 1, s, tl2 stk))"
+"JMPFGE n \<turnstile>i c \<rightarrow> c' =
+(\<exists>i s stk. c = (i, s, stk) \<and>
+c' = (if hd stk \<le> hd2 stk then i + 1 + n else i + 1, s, tl2 stk))"
+by (auto split del: split_if intro!: iexec1.intros)
 text{* Below we need to argue about the execution of code that is embedded in
 larger programs. For this purpose we show that execution is preserved by
 appending code to the left or right of a program. *}
-lemma exec1_appendR: assumes "P \<turnstile> c \<rightarrow> c'" shows "P@P' \<turnstile> c \<rightarrow> c'"
+lemma exec1_appendR: "P \<turnstile> c \<rightarrow> c' \<Longrightarrow> P@P' \<turnstile> c \<rightarrow> c'"
-proof-
+by auto
-from assms show ?thesis
-by cases (simp_all add: exec1_simps nth_append)
--- "All cases proved with the final simp-all"
-qed
 lemma exec_appendR: "P \<turnstile> c \<rightarrow>* c' \<Longrightarrow> P@P' \<turnstile> c \<rightarrow>* c'"
-apply(induct rule: exec.induct)
+by (induct rule: exec.induct) (fastsimp intro: exec1_appendR)+
-apply blast
-by (metis exec1_appendR exec.step)
+lemma iexec1_shiftI:
+assumes "X \<turnstile>i (i,s,stk) \<rightarrow> (i',s',stk')"
+shows "X \<turnstile>i (n+i,s,stk) \<rightarrow> (n+i',s',stk')"
+using assms by cases auto
+lemma iexec1_shiftD:
+assumes "X \<turnstile>i (n+i,s,stk) \<rightarrow> (n+i',s',stk')"
+shows "X \<turnstile>i (i,s,stk) \<rightarrow> (i',s',stk')"
+using assms by cases auto
+lemma iexec_shift [simp]:
+"(X \<turnstile>i (n+i,s,stk) \<rightarrow> (n+i',s',stk')) = (X \<turnstile>i (i,s,stk) \<rightarrow> (i',s',stk'))"
+by (blast intro: iexec1_shiftI dest: iexec1_shiftD)
 lemma exec1_appendL:
-assumes "P \<turnstile> (i,s,stk) \<rightarrow> (i',s',stk')"
+"P \<turnstile> (i,s,stk) \<rightarrow> (i',s',stk') \<Longrightarrow>
-shows "P' @ P \<turnstile> (size(P')+i,s,stk) \<rightarrow> (size(P')+i',s',stk')"
+P' @ P \<turnstile> (isize(P')+i,s,stk) \<rightarrow> (isize(P')+i',s',stk')"
-proof-
+by simp
-from assms show ?thesis
-by cases (simp_all add: exec1_simps)
-qed
 lemma exec_appendL:
 "P \<turnstile> (i,s,stk) \<rightarrow>* (i',s',stk')  \<Longrightarrow>
-P' @ P \<turnstile> (size(P')+i,s,stk) \<rightarrow>* (size(P')+i',s',stk')"
+P' @ P \<turnstile> (isize(P')+i,s,stk) \<rightarrow>* (isize(P')+i',s',stk')"
-apply(induct rule: exec_induct)
+by (induct rule: exec_induct) (blast intro!: exec1_appendL)+
-apply blast
-by (blast intro: exec1_appendL exec.step)
 text{* Now we specialise the above lemmas to enable automatic proofs of
 @{prop "P \<turnstile> c \<rightarrow>* c'"} where @{text P} is a mixture of concrete instructions and
 pieces of code that we already know how they execute (by induction), combined
 by @{text "@"} and @{text "#"}. Backward jumps are not supported.
 The details should be skipped on a first reading.
-If the pc points beyond the first instruction or part of the program, drop it: *}
+If we have just executed the first instruction of the program, drop it: *}
-lemma exec_Cons_Suc[intro]:
+lemma exec_Cons_1 [intro]:
-"P \<turnstile> (i,s,stk) \<rightarrow>* (j,t,stk') \<Longrightarrow>
+"P \<turnstile> (0,s,stk) \<rightarrow>* (j,t,stk') \<Longrightarrow>
-instr#P \<turnstile> (Suc i,s,stk) \<rightarrow>* (Suc j,t,stk')"
+instr#P \<turnstile> (1,s,stk) \<rightarrow>* (1+j,t,stk')"
-apply(drule exec_appendL[where P'="[instr]"])
+by (drule exec_appendL[where P'="[instr]"]) simp
-apply simp
-done
 lemma exec_appendL_if[intro]:
-"size P' <= i
+"isize P' <= i
-\<Longrightarrow> P \<turnstile> (i - size P',s,stk) \<rightarrow>* (i',s',stk')
+\<Longrightarrow> P \<turnstile> (i - isize P',s,stk) \<rightarrow>* (i',s',stk')
-\<Longrightarrow> P' @ P \<turnstile> (i,s,stk) \<rightarrow>* (size P' + i',s',stk')"
+\<Longrightarrow> P' @ P \<turnstile> (i,s,stk) \<rightarrow>* (isize P' + i',s',stk')"
-apply(drule exec_appendL[where P'=P'])
+by (drule exec_appendL[where P'=P']) simp
-apply simp
-done
 text{* Split the execution of a compound program up into the excution of its
 parts: *}
 lemma exec_append_trans[intro]:
 "P \<turnstile> (0,s,stk) \<rightarrow>* (i',s',stk') \<Longrightarrow>
-size P \<le> i' \<Longrightarrow>
+isize P \<le> i' \<Longrightarrow>
-P' \<turnstile>  (i' - size P,s',stk') \<rightarrow>* (i'',s'',stk'') \<Longrightarrow>
+P' \<turnstile>  (i' - isize P,s',stk') \<rightarrow>* (i'',s'',stk'') \<Longrightarrow>
-j'' = size P + i''
+j'' = isize P + i''
 \<Longrightarrow>
 P @ P' \<turnstile> (0,s,stk) \<rightarrow>* (j'',s'',stk'')"
-by(metis exec_trans[OF  exec_appendR exec_appendL_if])
+by(metis exec_trans[OF exec_appendR exec_appendL_if])
-declare Let_def[simp] eval_nat_numeral[simp]
+declare Let_def[simp]
 subsection "Compilation"
 fun acomp :: "aexp \<Rightarrow> instr list" where
 "acomp (N n) = [LOADI n]" |
 "acomp (V x) = [LOAD x]" |
 "acomp (Plus a1 a2) = acomp a1 @ acomp a2 @ [ADD]"
 lemma acomp_correct[intro]:
-"acomp a \<turnstile> (0,s,stk) \<rightarrow>* (size(acomp a),s,aval a s#stk)"
+"acomp a \<turnstile> (0,s,stk) \<rightarrow>* (isize(acomp a),s,aval a s#stk)"
-apply(induct a arbitrary: stk)
+by (induct a arbitrary: stk) fastsimp+
-apply(fastsimp)+
-done
+fun bcomp :: "bexp \<Rightarrow> bool \<Rightarrow> int \<Rightarrow> instr list" where
+"bcomp (B bv) c n = (if bv=c then [JMP n] else [])" |
-fun bcomp :: "bexp \<Rightarrow> bool \<Rightarrow> nat \<Rightarrow> instr list" where
-"bcomp (B bv) c n = (if bv=c then [JMPF n] else [])" |
 "bcomp (Not b) c n = bcomp b (\<not>c) n" |
 "bcomp (And b1 b2) c n =
 (let cb2 = bcomp b2 c n;
-m = (if c then size cb2 else size cb2+n);
+m = (if c then isize cb2 else isize cb2+n);
 cb1 = bcomp b1 False m
 in cb1 @ cb2)" |
 "bcomp (Less a1 a2) c n =
 acomp a1 @ acomp a2 @ (if c then [JMPFLESS n] else [JMPFGE n])"
 value
 "bcomp (And (Less (V ''x'') (V ''y'')) (Not(Less (V ''u'') (V ''v''))))
 False 3"
 lemma bcomp_correct[intro]:
-"bcomp b c n \<turnstile>
+"0 \<le> n \<Longrightarrow>
-(0,s,stk)  \<rightarrow>*  (size(bcomp b c n) + (if c = bval b s then n else 0),s,stk)"
+bcomp b c n \<turnstile>
+(0,s,stk)  \<rightarrow>*  (isize(bcomp b c n) + (if c = bval b s then n else 0),s,stk)"
 proof(induct b arbitrary: c n m)
 case Not
-from Not[of "~c"] show ?case by fastsimp
+from Not(1)[where c="~c"] Not(2) show ?case by fastsimp
 next
 case (And b1 b2)
-from And(1)[of "False"] And(2)[of "c"] show ?case by fastsimp
+from And(1)[of "if c then isize (bcomp b2 c n) else isize (bcomp b2 c n) + n"
+"False"]
+And(2)[of n  "c"] And(3)
+show ?case by fastsimp
 qed fastsimp+
 fun ccomp :: "com \<Rightarrow> instr list" where
 "ccomp SKIP = []" |
 "ccomp (x ::= a) = acomp a @ [STORE x]" |
 "ccomp (c\<^isub>1;c\<^isub>2) = ccomp c\<^isub>1 @ ccomp c\<^isub>2" |
 "ccomp (IF b THEN c\<^isub>1 ELSE c\<^isub>2) =
-(let cc\<^isub>1 = ccomp c\<^isub>1; cc\<^isub>2 = ccomp c\<^isub>2; cb = bcomp b False (size cc\<^isub>1 + 1)
+(let cc\<^isub>1 = ccomp c\<^isub>1; cc\<^isub>2 = ccomp c\<^isub>2; cb = bcomp b False (isize cc\<^isub>1 + 1)
-in cb @ cc\<^isub>1 @ JMPF(size cc\<^isub>2) # cc\<^isub>2)" |
+in cb @ cc\<^isub>1 @ JMP (isize cc\<^isub>2) # cc\<^isub>2)" |
 "ccomp (WHILE b DO c) =
-(let cc = ccomp c; cb = bcomp b False (size cc + 1)
+(let cc = ccomp c; cb = bcomp b False (isize cc + 1)
-in cb @ cc @ [JMPB (size cb + size cc + 1)])"
+in cb @ cc @ [JMPB (isize cb + isize cc + 1)])"
 value "ccomp
 (IF Less (V ''u'') (N 1) THEN ''u'' ::= Plus (V ''u'') (N 1)
 ELSE ''v'' ::= V ''u'')"
 value "ccomp (WHILE Less (V ''u'') (N 1) DO (''u'' ::= Plus (V ''u'') (N 1)))"
 subsection "Preservation of sematics"
-lemma ccomp_correct:
+lemma ccomp_bigstep:
-"(c,s) \<Rightarrow> t \<Longrightarrow> ccomp c \<turnstile> (0,s,stk) \<rightarrow>* (size(ccomp c),t,stk)"
+"(c,s) \<Rightarrow> t \<Longrightarrow> ccomp c \<turnstile> (0,s,stk) \<rightarrow>* (isize(ccomp c),t,stk)"
 proof(induct arbitrary: stk rule: big_step_induct)
 case (Assign x a s)
-show ?case by (fastsimp simp:fun_upd_def)
+show ?case by (fastsimp simp:fun_upd_def cong: if_cong)
 next
 case (Semi c1 s1 s2 c2 s3)
 let ?cc1 = "ccomp c1"  let ?cc2 = "ccomp c2"
-have "?cc1 @ ?cc2 \<turnstile> (0,s1,stk) \<rightarrow>* (size ?cc1,s2,stk)"
+have "?cc1 @ ?cc2 \<turnstile> (0,s1,stk) \<rightarrow>* (isize ?cc1,s2,stk)"
-using Semi.hyps(2) by (fastsimp)
+using Semi.hyps(2) by fastsimp
 moreover
-have "?cc1 @ ?cc2 \<turnstile> (size ?cc1,s2,stk) \<rightarrow>* (size(?cc1 @ ?cc2),s3,stk)"
+have "?cc1 @ ?cc2 \<turnstile> (isize ?cc1,s2,stk) \<rightarrow>* (isize(?cc1 @ ?cc2),s3,stk)"
-using Semi.hyps(4) by (fastsimp)
+using Semi.hyps(4) by fastsimp
 ultimately show ?case by simp (blast intro: exec_trans)
 next
 case (WhileTrue b s1 c s2 s3)
 let ?cc = "ccomp c"
-let ?cb = "bcomp b False (size ?cc + 1)"
+let ?cb = "bcomp b False (isize ?cc + 1)"
 let ?cw = "ccomp(WHILE b DO c)"
-have "?cw \<turnstile> (0,s1,stk) \<rightarrow>* (size ?cb + size ?cc,s2,stk)"
+have "?cw \<turnstile> (0,s1,stk) \<rightarrow>* (isize ?cb + isize ?cc,s2,stk)"
 using WhileTrue(1,3) by fastsimp
 moreover
-have "?cw \<turnstile> (size ?cb + size ?cc,s2,stk) \<rightarrow>* (0,s2,stk)"
+have "?cw \<turnstile> (isize ?cb + isize ?cc,s2,stk) \<rightarrow>* (0,s2,stk)"
-by (fastsimp)
+by fastsimp
 moreover
-have "?cw \<turnstile> (0,s2,stk) \<rightarrow>* (size ?cw,s3,stk)" by(rule WhileTrue(5))
+have "?cw \<turnstile> (0,s2,stk) \<rightarrow>* (isize ?cw,s3,stk)" by(rule WhileTrue(5))
 ultimately show ?case by(blast intro: exec_trans)
 qed fastsimp+
 end

changeset 44296	a666b8d11252
parent 43999	686fa0a0696e
child 44871	ab4d8499815c