(*  Title:      HOL/Library/Heap_Monad.thy

     Author:     John Matthews, Galois Connections; Alexander Krauss, Lukas Bulwahn & Florian Haftmann, TU Muenchen

 *)

 header {* A monad with a polymorphic heap *}

 theory Heap_Monad

 imports Heap

 begin

 subsection {* The monad *}

 subsubsection {* Monad combinators *}

 datatype exception = Exn

 text {* Monadic heap actions either produce values

   and transform the heap, or fail *}

 datatype 'a Heap = Heap "heap \<Rightarrow> ('a + exception) \<times> heap"

 primrec

   execute :: "'a Heap \<Rightarrow> heap \<Rightarrow> ('a + exception) \<times> heap" where

   "execute (Heap f) = f"

 lemmas [code del] = execute.simps

 lemma Heap_execute [simp]:

   "Heap (execute f) = f" by (cases f) simp_all

 lemma Heap_eqI:

   "(\<And>h. execute f h = execute g h) \<Longrightarrow> f = g"

     by (cases f, cases g) (auto simp: expand_fun_eq)

 lemma Heap_eqI':

   "(\<And>h. (\<lambda>x. execute (f x) h) = (\<lambda>y. execute (g y) h)) \<Longrightarrow> f = g"

     by (auto simp: expand_fun_eq intro: Heap_eqI)

 lemma Heap_strip: "(\<And>f. PROP P f) \<equiv> (\<And>g. PROP P (Heap g))"

 proof

   fix g :: "heap \<Rightarrow> ('a + exception) \<times> heap" 

   assume "\<And>f. PROP P f"

   then show "PROP P (Heap g)" .

 next

   fix f :: "'a Heap" 

   assume assm: "\<And>g. PROP P (Heap g)"

   then have "PROP P (Heap (execute f))" .

   then show "PROP P f" by simp

 qed

 definition

   heap :: "(heap \<Rightarrow> 'a \<times> heap) \<Rightarrow> 'a Heap" where

   [code del]: "heap f = Heap (\<lambda>h. apfst Inl (f h))"

 lemma execute_heap [simp]:

   "execute (heap f) h = apfst Inl (f h)"

   by (simp add: heap_def)

 definition

   bindM :: "'a Heap \<Rightarrow> ('a \<Rightarrow> 'b Heap) \<Rightarrow> 'b Heap" (infixl ">>=" 54) where

   [code del]: "f >>= g = Heap (\<lambda>h. case execute f h of

                   (Inl x, h') \<Rightarrow> execute (g x) h'

                 | r \<Rightarrow> r)"

 notation

   bindM (infixl "\<guillemotright>=" 54)

 abbreviation

   chainM :: "'a Heap \<Rightarrow> 'b Heap \<Rightarrow> 'b Heap"  (infixl ">>" 54) where

   "f >> g \<equiv> f >>= (\<lambda>_. g)"

 notation

   chainM (infixl "\<guillemotright>" 54)

 definition

   return :: "'a \<Rightarrow> 'a Heap" where

   [code del]: "return x = heap (Pair x)"

 lemma execute_return [simp]:

   "execute (return x) h = apfst Inl (x, h)"

   by (simp add: return_def)

 definition

   raise :: "string \<Rightarrow> 'a Heap" where -- {* the string is just decoration *}

   [code del]: "raise s = Heap (Pair (Inr Exn))"

 lemma execute_raise [simp]:

   "execute (raise s) h = (Inr Exn, h)"

   by (simp add: raise_def)

 subsubsection {* do-syntax *}

 text {*

   We provide a convenient do-notation for monadic expressions

   well-known from Haskell.  @{const Let} is printed

   specially in do-expressions.

 *}

 nonterminals do_expr

 syntax

   "_do" :: "do_expr \<Rightarrow> 'a"

     ("(do (_)//done)" [12] 100)

   "_bindM" :: "pttrn \<Rightarrow> 'a \<Rightarrow> do_expr \<Rightarrow> do_expr"

     ("_ <- _;//_" [1000, 13, 12] 12)

   "_chainM" :: "'a \<Rightarrow> do_expr \<Rightarrow> do_expr"

     ("_;//_" [13, 12] 12)

   "_let" :: "pttrn \<Rightarrow> 'a \<Rightarrow> do_expr \<Rightarrow> do_expr"

     ("let _ = _;//_" [1000, 13, 12] 12)

   "_nil" :: "'a \<Rightarrow> do_expr"

     ("_" [12] 12)

 syntax (xsymbols)

   "_bindM" :: "pttrn \<Rightarrow> 'a \<Rightarrow> do_expr \<Rightarrow> do_expr"

     ("_ \<leftarrow> _;//_" [1000, 13, 12] 12)

 translations

   "_do f" => "f"

   "_bindM x f g" => "f \<guillemotright>= (\<lambda>x. g)"

   "_chainM f g" => "f \<guillemotright> g"

   "_let x t f" => "CONST Let t (\<lambda>x. f)"

   "_nil f" => "f"

 print_translation {*

 let

   fun dest_abs_eta (Abs (abs as (_, ty, _))) =

         let

           val (v, t) = Syntax.variant_abs abs;

         in (Free (v, ty), t) end

     | dest_abs_eta t =

         let

           val (v, t) = Syntax.variant_abs ("", dummyT, t $ Bound 0);

         in (Free (v, dummyT), t) end;

   fun unfold_monad (Const (@{const_syntax bindM}, _) $ f $ g) =

         let

           val (v, g') = dest_abs_eta g;

           val vs = fold_aterms (fn Free (v, _) => insert (op =) v | _ => I) v [];

           val v_used = fold_aterms

             (fn Free (w, _) => (fn s => s orelse member (op =) vs w) | _ => I) g' false;

         in if v_used then

           Const (@{syntax_const "_bindM"}, dummyT) $ v $ f $ unfold_monad g'

         else

           Const (@{syntax_const "_chainM"}, dummyT) $ f $ unfold_monad g'

         end

     | unfold_monad (Const (@{const_syntax chainM}, _) $ f $ g) =

         Const (@{syntax_const "_chainM"}, dummyT) $ f $ unfold_monad g

     | unfold_monad (Const (@{const_syntax Let}, _) $ f $ g) =

         let

           val (v, g') = dest_abs_eta g;

         in Const (@{syntax_const "_let"}, dummyT) $ v $ f $ unfold_monad g' end

     | unfold_monad (Const (@{const_syntax Pair}, _) $ f) =

         Const (@{const_syntax return}, dummyT) $ f

     | unfold_monad f = f;

   fun contains_bindM (Const (@{const_syntax bindM}, _) $ _ $ _) = true

     | contains_bindM (Const (@{const_syntax Let}, _) $ _ $ Abs (_, _, t)) =

         contains_bindM t;

   fun bindM_monad_tr' (f::g::ts) = list_comb

     (Const (@{syntax_const "_do"}, dummyT) $

       unfold_monad (Const (@{const_syntax bindM}, dummyT) $ f $ g), ts);

   fun Let_monad_tr' (f :: (g as Abs (_, _, g')) :: ts) =

     if contains_bindM g' then list_comb

       (Const (@{syntax_const "_do"}, dummyT) $

         unfold_monad (Const (@{const_syntax Let}, dummyT) $ f $ g), ts)

     else raise Match;

 in

  [(@{const_syntax bindM}, bindM_monad_tr'),

   (@{const_syntax Let}, Let_monad_tr')]

 end;

 *}

 subsection {* Monad properties *}

 subsubsection {* Monad laws *}

 lemma return_bind: "return x \<guillemotright>= f = f x"

   by (simp add: bindM_def return_def)

 lemma bind_return: "f \<guillemotright>= return = f"

 proof (rule Heap_eqI)

   fix h

   show "execute (f \<guillemotright>= return) h = execute f h"

     by (auto simp add: bindM_def return_def split: sum.splits prod.splits)

 qed

 lemma bind_bind: "(f \<guillemotright>= g) \<guillemotright>= h = f \<guillemotright>= (\<lambda>x. g x \<guillemotright>= h)"

   by (rule Heap_eqI) (auto simp add: bindM_def split: split: sum.splits prod.splits)

 lemma bind_bind': "f \<guillemotright>= (\<lambda>x. g x \<guillemotright>= h x) = f \<guillemotright>= (\<lambda>x. g x \<guillemotright>= (\<lambda>y. return (x, y))) \<guillemotright>= (\<lambda>(x, y). h x y)"

   by (rule Heap_eqI) (auto simp add: bindM_def split: split: sum.splits prod.splits)

 lemma raise_bind: "raise e \<guillemotright>= f = raise e"

   by (simp add: raise_def bindM_def)

 lemmas monad_simp = return_bind bind_return bind_bind raise_bind

 subsection {* Generic combinators *}

 definition

   liftM :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b Heap"

 where

   "liftM f = return o f"

 definition

   compM :: "('a \<Rightarrow> 'b Heap) \<Rightarrow> ('b \<Rightarrow> 'c Heap) \<Rightarrow> 'a \<Rightarrow> 'c Heap" (infixl ">>==" 54)

 where

   "(f >>== g) = (\<lambda>x. f x \<guillemotright>= g)"

 notation

   compM (infixl "\<guillemotright>==" 54)

 lemma liftM_collapse: "liftM f x = return (f x)"

   by (simp add: liftM_def)

 lemma liftM_compM: "liftM f \<guillemotright>== g = g o f"

   by (auto intro: Heap_eqI' simp add: expand_fun_eq liftM_def compM_def bindM_def)

 lemma compM_return: "f \<guillemotright>== return = f"

   by (simp add: compM_def monad_simp)

 lemma compM_compM: "(f \<guillemotright>== g) \<guillemotright>== h = f \<guillemotright>== (g \<guillemotright>== h)"

   by (simp add: compM_def monad_simp)

 lemma liftM_bind:

   "(\<lambda>x. liftM f x \<guillemotright>= liftM g) = liftM (\<lambda>x. g (f x))"

   by (rule Heap_eqI') (simp add: monad_simp liftM_def bindM_def)

 lemma liftM_comp:

   "liftM f o g = liftM (f o g)"

   by (rule Heap_eqI') (simp add: liftM_def)

 lemmas monad_simp' = monad_simp liftM_compM compM_return

   compM_compM liftM_bind liftM_comp

 primrec 

   mapM :: "('a \<Rightarrow> 'b Heap) \<Rightarrow> 'a list \<Rightarrow> 'b list Heap"

 where

   "mapM f [] = return []"

   | "mapM f (x#xs) = do y \<leftarrow> f x;

                         ys \<leftarrow> mapM f xs;

                         return (y # ys)

                      done"

 primrec

   foldM :: "('a \<Rightarrow> 'b \<Rightarrow> 'b Heap) \<Rightarrow> 'a list \<Rightarrow> 'b \<Rightarrow> 'b Heap"

 where

   "foldM f [] s = return s"

   | "foldM f (x#xs) s = f x s \<guillemotright>= foldM f xs"

 definition

   assert :: "('a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> 'a Heap"

 where

   "assert P x = (if P x then return x else raise (''assert''))"

 lemma assert_cong [fundef_cong]:

   assumes "P = P'"

   assumes "\<And>x. P' x \<Longrightarrow> f x = f' x"

   shows "(assert P x >>= f) = (assert P' x >>= f')"

   using assms by (auto simp add: assert_def return_bind raise_bind)

 subsubsection {* A monadic combinator for simple recursive functions *}

 text {* Using a locale to fix arguments f and g of MREC *}

 locale mrec =

 fixes

   f :: "'a => ('b + 'a) Heap"

   and g :: "'a => 'a => 'b => 'b Heap"

 begin

 function (default "\<lambda>(x,h). (Inr Exn, undefined)") 

   mrec 

 where

   "mrec x h = 

    (case Heap_Monad.execute (f x) h of

      (Inl (Inl r), h') \<Rightarrow> (Inl r, h')

    | (Inl (Inr s), h') \<Rightarrow> 

           (case mrec s h' of

              (Inl z, h'') \<Rightarrow> Heap_Monad.execute (g x s z) h''

            | (Inr e, h'') \<Rightarrow> (Inr e, h''))

    | (Inr e, h') \<Rightarrow> (Inr e, h')

    )"

 by auto

 lemma graph_implies_dom:

   "mrec_graph x y \<Longrightarrow> mrec_dom x"

 apply (induct rule:mrec_graph.induct) 

 apply (rule accpI)

 apply (erule mrec_rel.cases)

 by simp

 lemma mrec_default: "\<not> mrec_dom (x, h) \<Longrightarrow> mrec x h = (Inr Exn, undefined)"

   unfolding mrec_def 

   by (rule fundef_default_value[OF mrec_sumC_def graph_implies_dom, of _ _ "(x, h)", simplified])

 lemma mrec_di_reverse: 

   assumes "\<not> mrec_dom (x, h)"

   shows "

    (case Heap_Monad.execute (f x) h of

      (Inl (Inl r), h') \<Rightarrow> False

    | (Inl (Inr s), h') \<Rightarrow> \<not> mrec_dom (s, h')

    | (Inr e, h') \<Rightarrow> False

    )" 

 using assms

 by (auto split:prod.splits sum.splits)

  (erule notE, rule accpI, elim mrec_rel.cases, simp)+

 lemma mrec_rule:

   "mrec x h = 

    (case Heap_Monad.execute (f x) h of

      (Inl (Inl r), h') \<Rightarrow> (Inl r, h')

    | (Inl (Inr s), h') \<Rightarrow> 

           (case mrec s h' of

              (Inl z, h'') \<Rightarrow> Heap_Monad.execute (g x s z) h''

            | (Inr e, h'') \<Rightarrow> (Inr e, h''))

    | (Inr e, h') \<Rightarrow> (Inr e, h')

    )"

 apply (cases "mrec_dom (x,h)", simp)

 apply (frule mrec_default)

 apply (frule mrec_di_reverse, simp)

 by (auto split: sum.split prod.split simp: mrec_default)

 definition

   "MREC x = Heap (mrec x)"

 lemma MREC_rule:

   "MREC x = 

   (do y \<leftarrow> f x;

                 (case y of 

                 Inl r \<Rightarrow> return r

               | Inr s \<Rightarrow> 

                 do z \<leftarrow> MREC s ;

                    g x s z

                 done) done)"

   unfolding MREC_def

   unfolding bindM_def return_def

   apply simp

   apply (rule ext)

   apply (unfold mrec_rule[of x])

   by (auto split:prod.splits sum.splits)

 lemma MREC_pinduct:

   assumes "Heap_Monad.execute (MREC x) h = (Inl r, h')"

   assumes non_rec_case: "\<And> x h h' r. Heap_Monad.execute (f x) h = (Inl (Inl r), h') \<Longrightarrow> P x h h' r"

   assumes rec_case: "\<And> x h h1 h2 h' s z r. Heap_Monad.execute (f x) h = (Inl (Inr s), h1) \<Longrightarrow> Heap_Monad.execute (MREC s) h1 = (Inl z, h2) \<Longrightarrow> P s h1 h2 z

     \<Longrightarrow> Heap_Monad.execute (g x s z) h2 = (Inl r, h') \<Longrightarrow> P x h h' r"

   shows "P x h h' r"

 proof -

   from assms(1) have mrec: "mrec x h = (Inl r, h')"

     unfolding MREC_def execute.simps .

   from mrec have dom: "mrec_dom (x, h)"

     apply -

     apply (rule ccontr)

     apply (drule mrec_default) by auto

   from mrec have h'_r: "h' = (snd (mrec x h))" "r = (Sum_Type.Projl (fst (mrec x h)))"

     by auto

   from mrec have "P x h (snd (mrec x h)) (Sum_Type.Projl (fst (mrec x h)))"

   proof (induct arbitrary: r h' rule: mrec.pinduct[OF dom])

     case (1 x h)

     obtain rr h' where "mrec x h = (rr, h')" by fastsimp

     obtain fret h1 where exec_f: "Heap_Monad.execute (f x) h = (fret, h1)" by fastsimp

     show ?case

     proof (cases fret)

       case (Inl a)

       note Inl' = this

       show ?thesis

       proof (cases a)

         case (Inl aa)

         from this Inl' 1(1) exec_f mrec non_rec_case show ?thesis

           by auto

       next

         case (Inr b)

         note Inr' = this

         obtain ret_mrec h2 where mrec_rec: "mrec b h1 = (ret_mrec, h2)" by fastsimp

         from this Inl 1(1) exec_f mrec show ?thesis

         proof (cases "ret_mrec")

           case (Inl aaa)

           from this mrec exec_f Inl' Inr' 1(1) mrec_rec 1(2) [OF exec_f [symmetric] Inl' Inr', of "aaa" "h2"] 1(3)

             show ?thesis

               apply auto

               apply (rule rec_case)

               unfolding MREC_def by auto

         next

           case (Inr b)

           from this Inl 1(1) exec_f mrec Inr' mrec_rec 1(3) show ?thesis by auto

         qed

       qed

     next

       case (Inr b)

       from this 1(1) mrec exec_f 1(3) show ?thesis by simp

     qed

   qed

   from this h'_r show ?thesis by simp

 qed

 end

 text {* Providing global versions of the constant and the theorems *}

 abbreviation "MREC == mrec.MREC"

 lemmas MREC_rule = mrec.MREC_rule

 lemmas MREC_pinduct = mrec.MREC_pinduct

 hide_const (open) heap execute

 subsection {* Code generator setup *}

 subsubsection {* Logical intermediate layer *}

 definition

   Fail :: "String.literal \<Rightarrow> exception"

 where

   [code del]: "Fail s = Exn"

 definition

   raise_exc :: "exception \<Rightarrow> 'a Heap"

 where

   [code del]: "raise_exc e = raise []"

 lemma raise_raise_exc [code, code_unfold]:

   "raise s = raise_exc (Fail (STR s))"

   unfolding Fail_def raise_exc_def raise_def ..

 hide_const (open) Fail raise_exc

 subsubsection {* SML and OCaml *}

 code_type Heap (SML "unit/ ->/ _")

 code_const Heap (SML "raise/ (Fail/ \"bare Heap\")")

 code_const "op \<guillemotright>=" (SML "!(fn/ f'_/ =>/ fn/ ()/ =>/ f'_/ (_/ ())/ ())")

 code_const return (SML "!(fn/ ()/ =>/ _)")

 code_const "Heap_Monad.Fail" (SML "Fail")

 code_const "Heap_Monad.raise_exc" (SML "!(fn/ ()/ =>/ raise/ _)")

 code_type Heap (OCaml "_")

 code_const Heap (OCaml "failwith/ \"bare Heap\"")

 code_const "op \<guillemotright>=" (OCaml "!(fun/ f'_/ ()/ ->/ f'_/ (_/ ())/ ())")

 code_const return (OCaml "!(fun/ ()/ ->/ _)")

 code_const "Heap_Monad.Fail" (OCaml "Failure")

 code_const "Heap_Monad.raise_exc" (OCaml "!(fun/ ()/ ->/ raise/ _)")

 setup {*

 let

 open Code_Thingol;

 fun imp_program naming =

   let

     fun is_const c = case lookup_const naming c

      of SOME c' => (fn c'' => c' = c'')

       | NONE => K false;

     val is_bindM = is_const @{const_name bindM};

     val is_return = is_const @{const_name return};

     val dummy_name = "";

     val dummy_type = ITyVar dummy_name;

     val dummy_case_term = IVar NONE;

     (*assumption: dummy values are not relevant for serialization*)

     val unitt = case lookup_const naming @{const_name Unity}

      of SOME unit' => IConst (unit', (([], []), []))

       | NONE => error ("Must include " ^ @{const_name Unity} ^ " in generated constants.");

     fun dest_abs ((v, ty) `|=> t, _) = ((v, ty), t)

       | dest_abs (t, ty) =

           let

             val vs = fold_varnames cons t [];

             val v = Name.variant vs "x";

             val ty' = (hd o fst o unfold_fun) ty;

           in ((SOME v, ty'), t `$ IVar (SOME v)) end;

     fun force (t as IConst (c, _) `$ t') = if is_return c

           then t' else t `$ unitt

       | force t = t `$ unitt;

     fun tr_bind' [(t1, _), (t2, ty2)] =

       let

         val ((v, ty), t) = dest_abs (t2, ty2);

       in ICase (((force t1, ty), [(IVar v, tr_bind'' t)]), dummy_case_term) end

     and tr_bind'' t = case unfold_app t

          of (IConst (c, (_, ty1 :: ty2 :: _)), [x1, x2]) => if is_bindM c

               then tr_bind' [(x1, ty1), (x2, ty2)]

               else force t

           | _ => force t;

     fun imp_monad_bind'' ts = (SOME dummy_name, dummy_type) `|=> ICase (((IVar (SOME dummy_name), dummy_type),

       [(unitt, tr_bind' ts)]), dummy_case_term)

     and imp_monad_bind' (const as (c, (_, tys))) ts = if is_bindM c then case (ts, tys)

        of ([t1, t2], ty1 :: ty2 :: _) => imp_monad_bind'' [(t1, ty1), (t2, ty2)]

         | ([t1, t2, t3], ty1 :: ty2 :: _) => imp_monad_bind'' [(t1, ty1), (t2, ty2)] `$ t3

         | (ts, _) => imp_monad_bind (eta_expand 2 (const, ts))

       else IConst const `$$ map imp_monad_bind ts

     and imp_monad_bind (IConst const) = imp_monad_bind' const []

       | imp_monad_bind (t as IVar _) = t

       | imp_monad_bind (t as _ `$ _) = (case unfold_app t

          of (IConst const, ts) => imp_monad_bind' const ts

           | (t, ts) => imp_monad_bind t `$$ map imp_monad_bind ts)

       | imp_monad_bind (v_ty `|=> t) = v_ty `|=> imp_monad_bind t

       | imp_monad_bind (ICase (((t, ty), pats), t0)) = ICase

           (((imp_monad_bind t, ty),

             (map o pairself) imp_monad_bind pats),

               imp_monad_bind t0);

   in (Graph.map_nodes o map_terms_stmt) imp_monad_bind end;

 in

 Code_Target.extend_target ("SML_imp", ("SML", imp_program))

 #> Code_Target.extend_target ("OCaml_imp", ("OCaml", imp_program))

 end

 *}

 code_reserved OCaml Failure raise

 subsubsection {* Haskell *}

 text {* Adaption layer *}

 code_include Haskell "Heap"

 {*import qualified Control.Monad;

 import qualified Control.Monad.ST;

 import qualified Data.STRef;

 import qualified Data.Array.ST;

 type RealWorld = Control.Monad.ST.RealWorld;

 type ST s a = Control.Monad.ST.ST s a;

 type STRef s a = Data.STRef.STRef s a;

 type STArray s a = Data.Array.ST.STArray s Int a;

 newSTRef = Data.STRef.newSTRef;

 readSTRef = Data.STRef.readSTRef;

 writeSTRef = Data.STRef.writeSTRef;

 newArray :: (Int, Int) -> a -> ST s (STArray s a);

 newArray = Data.Array.ST.newArray;

 newListArray :: (Int, Int) -> [a] -> ST s (STArray s a);

 newListArray = Data.Array.ST.newListArray;

 lengthArray :: STArray s a -> ST s Int;

 lengthArray a = Control.Monad.liftM snd (Data.Array.ST.getBounds a);

 readArray :: STArray s a -> Int -> ST s a;

 readArray = Data.Array.ST.readArray;

 writeArray :: STArray s a -> Int -> a -> ST s ();

 writeArray = Data.Array.ST.writeArray;*}

 code_reserved Haskell Heap

 text {* Monad *}

 code_type Heap (Haskell "Heap.ST/ Heap.RealWorld/ _")

 code_const Heap (Haskell "error/ \"bare Heap\"")

 code_monad "op \<guillemotright>=" Haskell

 code_const return (Haskell "return")

 code_const "Heap_Monad.Fail" (Haskell "_")

 code_const "Heap_Monad.raise_exc" (Haskell "error")

 end