(*  Title:      Tools/quickcheck.ML

     Author:     Stefan Berghofer, Florian Haftmann, Lukas Bulwahn, TU Muenchen

 Generic counterexample search engine.

 *)

 signature QUICKCHECK =

 sig

   val setup: theory -> theory

   (* configuration *)

   val auto: bool Unsynchronized.ref

   val timing : bool Unsynchronized.ref

   val tester : string Config.T 

   val size : int Config.T

   val iterations : int Config.T

   val no_assms : bool Config.T

   val report : bool Config.T

   val quiet : bool Config.T

   val timeout : real Config.T

   val finite_types : bool Config.T

   val finite_type_size : int Config.T

   datatype report = Report of

     { iterations : int, raised_match_errors : int,

       satisfied_assms : int list, positive_concl_tests : int }

   datatype expectation = No_Expectation | No_Counterexample | Counterexample;  

   datatype test_params = Test_Params of {default_type: typ list, expect : expectation};

   val test_params_of : Proof.context -> test_params

   val map_test_params : (typ list * expectation -> typ list * expectation)

     -> Context.generic -> Context.generic

   val add_generator:

     string * (Proof.context -> term -> int -> term list option * report option)

       -> Context.generic -> Context.generic

   (* testing terms and proof states *)

   val test_term: Proof.context -> bool -> term ->

     (string * term) list option * ((string * int) list * ((int * report) list) option)

   val test_goal_terms:

     Proof.context -> bool -> (string * typ) list -> term list

       -> (string * term) list option * ((string * int) list * ((int * report) list) option) list

   val quickcheck: (string * string list) list -> int -> Proof.state -> (string * term) list option

 end;

 structure Quickcheck : QUICKCHECK =

 struct

 (* preferences *)

 val auto = Unsynchronized.ref false;

 val timing = Unsynchronized.ref false;

 val _ =

   ProofGeneralPgip.add_preference Preferences.category_tracing

   (Unsynchronized.setmp auto true (fn () =>

     Preferences.bool_pref auto

       "auto-quickcheck"

       "Run Quickcheck automatically.") ());

 (* quickcheck report *)

 datatype report = Report of

   { iterations : int, raised_match_errors : int,

     satisfied_assms : int list, positive_concl_tests : int }

 (* expectation *)

 datatype expectation = No_Expectation | No_Counterexample | Counterexample; 

 fun merge_expectation (expect1, expect2) =

   if expect1 = expect2 then expect1 else No_Expectation

 (* quickcheck configuration -- default parameters, test generators *)

 val (tester, setup_tester) = Attrib.config_string "quickcheck_tester" (K "")

 val (size, setup_size) = Attrib.config_int "quickcheck_size" (K 10)

 val (iterations, setup_iterations) = Attrib.config_int "quickcheck_iterations" (K 100)

 val (no_assms, setup_no_assms) = Attrib.config_bool "quickcheck_no_assms" (K false)

 val (report, setup_report) = Attrib.config_bool "quickcheck_report" (K true)

 val (quiet, setup_quiet) = Attrib.config_bool "quickcheck_quiet" (K false)

 val (timeout, setup_timeout) = Attrib.config_real "quickcheck_timeout" (K 30.0)

 val (finite_types, setup_finite_types) = Attrib.config_bool "quickcheck_finite_types" (K true)

 val (finite_type_size, setup_finite_type_size) = Attrib.config_int "quickcheck_finite_type_size" (K 3)

 val setup_config =

   setup_tester #> setup_size #> setup_iterations #> setup_no_assms #> setup_report #> setup_quiet

     #> setup_timeout #> setup_finite_types #> setup_finite_type_size

 datatype test_params = Test_Params of

   {default_type: typ list, expect : expectation};

 fun dest_test_params (Test_Params {default_type, expect}) = (default_type, expect);

 fun make_test_params (default_type, expect) = Test_Params {default_type = default_type, expect = expect};

 fun map_test_params' f (Test_Params {default_type, expect}) = make_test_params (f (default_type, expect));

 fun merge_test_params

   (Test_Params {default_type = default_type1, expect = expect1},

     Test_Params {default_type = default_type2, expect = expect2}) =

   make_test_params

     (merge (op =) (default_type1, default_type2), merge_expectation (expect1, expect2));

 structure Data = Generic_Data

 (

   type T =

     (string * (Proof.context -> term -> int -> term list option * report option)) list

       * test_params;

   val empty = ([], Test_Params {default_type = [], expect = No_Expectation});

   val extend = I;

   fun merge ((generators1, params1), (generators2, params2)) : T =

     (AList.merge (op =) (K true) (generators1, generators2),

       merge_test_params (params1, params2));

 );

 val test_params_of = snd o Data.get o Context.Proof;

 val default_type = fst o dest_test_params o test_params_of

 val expect = snd o dest_test_params o test_params_of

 val map_test_params = Data.map o apsnd o map_test_params'

 val add_generator = Data.map o apfst o AList.update (op =);

 (* generating tests *)

 fun mk_tester ctxt t =

   let

     val name = Config.get ctxt tester

     val tester = case AList.lookup (op =) ((fst o Data.get o Context.Proof) ctxt) name

       of NONE => error ("No such quickcheck tester: " ^ name)

       | SOME tester => tester ctxt;

   in

     if Config.get ctxt quiet then

       try tester t

     else

       let

         val tester = Exn.interruptible_capture tester t

       in case Exn.get_result tester of

           NONE => SOME (Exn.release tester)

         | SOME tester => SOME tester

       end

   end

 (* testing propositions *)

 fun prep_test_term t =

   let

     val _ = (null (Term.add_tvars t []) andalso null (Term.add_tfrees t [])) orelse

       error "Term to be tested contains type variables";

     val _ = null (Term.add_vars t []) orelse

       error "Term to be tested contains schematic variables";

     val frees = Term.add_frees t [];

   in (frees, list_abs_free (frees, t)) end

 fun cpu_time description f =

   let

     val start = start_timing ()

     val result = Exn.capture f ()

     val time = Time.toMilliseconds (#cpu (end_timing start))

   in (Exn.release result, (description, time)) end

 fun test_term ctxt is_interactive t =

   let

     val (names, t') = apfst (map fst) (prep_test_term t);

     val current_size = Unsynchronized.ref 0

     fun excipit s =

       "Quickcheck " ^ s ^ " while testing at size " ^ string_of_int (!current_size)

     val (test_fun, comp_time) = cpu_time "quickcheck compilation" (fn () => mk_tester ctxt t');

     fun with_size test_fun k reports =

       if k > Config.get ctxt size then

         (NONE, reports)

       else

         let

           val _ = if Config.get ctxt quiet then () else Output.urgent_message

             ("Test data size: " ^ string_of_int k)

           val _ = current_size := k

           val ((result, new_report), timing) =

             cpu_time ("size " ^ string_of_int k) (fn () => test_fun (k - 1))

           val reports = case new_report of NONE => reports | SOME rep => (k, rep) :: reports

         in case result of NONE => with_size test_fun (k + 1) reports | SOME q => (SOME q, reports) end;

   in

     case test_fun of NONE => (NONE, ([comp_time], NONE)) 

       | SOME test_fun =>

         TimeLimit.timeLimit (seconds (Config.get ctxt timeout)) (fn () =>

           let

             val ((result, reports), exec_time) =

               cpu_time "quickcheck execution" (fn () => with_size test_fun 1 [])

           in

             (case result of NONE => NONE | SOME ts => SOME (names ~~ ts),

               ([exec_time, comp_time],

                if Config.get ctxt report andalso not (null reports) then SOME reports else NONE))

           end) ()

         handle TimeLimit.TimeOut =>

           if is_interactive then error (excipit "ran out of time") else raise TimeLimit.TimeOut

   end;

 (* FIXME: this function shows that many assumptions are made upon the generation *)

 (* In the end there is probably no generic quickcheck interface left... *)

 fun test_term_with_increasing_cardinality ctxt is_interactive ts =

   let

     val thy = ProofContext.theory_of ctxt

     val (freess, ts') = split_list (map prep_test_term ts)

     val Ts = map snd (hd freess)

     val (test_funs, comp_time) = cpu_time "quickcheck compilation"

       (fn () => map (mk_tester ctxt) ts')

     fun test_card_size (card, size) =

       (* FIXME: why decrement size by one? *)

       case fst (the (nth test_funs (card - 1)) (size - 1)) of

         SOME ts => SOME (map fst (nth freess (card - 1)) ~~ ts)

       | NONE => NONE

     val enumeration_card_size =

       if forall (fn T => Sign.of_sort thy (T,  ["Enum.enum"])) Ts then

         (* size does not matter *)

         map (rpair 0) (1 upto (length ts))

       else

         (* size does matter *)

         map_product pair (1 upto (length ts)) (1 upto (Config.get ctxt size))

         |> sort (fn ((c1, s1), (c2, s2)) => int_ord ((c1 + s1), (c2 + s2)))

     in

       if (forall is_none test_funs) then

         (NONE, ([comp_time], NONE))

       else if (forall is_some test_funs) then

         TimeLimit.timeLimit (seconds (Config.get ctxt timeout)) (fn () =>

           (get_first test_card_size enumeration_card_size, ([comp_time], NONE))) ()

         handle TimeLimit.TimeOut =>

           if is_interactive then error ("Quickcheck ran out of time") else raise TimeLimit.TimeOut

       else

         error "Unexpectedly, testers of some cardinalities are executable but others are not"       

     end

 fun get_finite_types ctxt =

   fst (chop (Config.get ctxt finite_type_size)

     (map (Type o rpair []) ["Enum.finite_1", "Enum.finite_2", "Enum.finite_3",

      "Enum.finite_4", "Enum.finite_5"]))  

 exception WELLSORTED of string

 fun monomorphic_term thy insts default_T = 

   let

     fun subst (T as TFree (v, S)) =

       let

         val T' = AList.lookup (op =) insts v

           |> the_default default_T

       in if Sign.of_sort thy (T', S) then T'

         else raise (WELLSORTED ("For instantiation with default_type " ^ Syntax.string_of_typ_global thy default_T ^

           ":\n" ^ Syntax.string_of_typ_global thy T' ^

           " to be substituted for variable " ^

           Syntax.string_of_typ_global thy T ^ " does not have sort " ^

           Syntax.string_of_sort_global thy S))

       end

       | subst T = T;

   in (map_types o map_atyps) subst end;

 datatype wellsorted_error = Wellsorted_Error of string | Term of term

 fun test_goal_terms lthy is_interactive insts check_goals =

   let

     val thy = ProofContext.theory_of lthy 

     val default_insts =

       if Config.get lthy finite_types then (get_finite_types lthy) else (default_type lthy)

     val inst_goals =

       map (fn check_goal =>

         if not (null (Term.add_tfree_names check_goal [])) then

           map (fn T =>

             (pair (SOME T) o Term o Object_Logic.atomize_term thy o monomorphic_term thy insts T) check_goal

               handle WELLSORTED s => (SOME T, Wellsorted_Error s)) default_insts

         else

           [(NONE, Term (Object_Logic.atomize_term thy check_goal))]) check_goals

     val error_msg = cat_lines (maps (map_filter (fn (_, Term t) => NONE | (_, Wellsorted_Error s) => SOME s)) inst_goals)

     fun is_wellsorted_term (T, Term t) = SOME (T, t)

       | is_wellsorted_term (_, Wellsorted_Error s) = NONE

     val correct_inst_goals =

       case map (map_filter is_wellsorted_term) inst_goals of

         [[]] => error error_msg

       | xs => xs

     val _ = if Config.get lthy quiet then () else warning error_msg

     fun collect_results f reports [] = (NONE, rev reports)

       | collect_results f reports (t :: ts) =

         case f t of

           (SOME res, report) => (SOME res, rev (report :: reports))

         | (NONE, report) => collect_results f (report :: reports) ts

     fun test_term' goal =

       case goal of

         [(NONE, t)] => test_term lthy is_interactive t

       | ts => test_term_with_increasing_cardinality lthy is_interactive (map snd ts)                           

   in

     if Config.get lthy finite_types then

       collect_results test_term' [] correct_inst_goals

     else

       collect_results (test_term lthy is_interactive) [] (maps (map snd) correct_inst_goals)

   end;

 fun test_goal insts i state =

   let

     val lthy = Proof.context_of state;

     val thy = Proof.theory_of state;

     fun strip (Const ("all", _) $ Abs (_, _, t)) = strip t

       | strip t = t;

     val {goal = st, ...} = Proof.raw_goal state;

     val (gi, frees) = Logic.goal_params (prop_of st) i;

     val some_locale = case (Option.map #target o Named_Target.peek) lthy

      of NONE => NONE

       | SOME "" => NONE

       | SOME locale => SOME locale;

     val assms = if Config.get lthy no_assms then [] else case some_locale

      of NONE => Assumption.all_assms_of lthy

       | SOME locale => Assumption.local_assms_of lthy (Locale.init locale thy);

     val proto_goal = Logic.list_implies (map Thm.term_of assms, subst_bounds (frees, strip gi));

     val check_goals = case some_locale

      of NONE => [proto_goal]

       | SOME locale => map (fn (_, phi) => Morphism.term phi proto_goal)

         (Locale.registrations_of (Context.Theory thy) (*FIXME*) locale);

   in

     test_goal_terms lthy true insts check_goals

   end

 (* pretty printing *)

 fun tool_name auto = (if auto then "Auto " else "") ^ "Quickcheck"

 fun pretty_counterex ctxt auto NONE = Pretty.str (tool_name auto ^ " found no counterexample.")

   | pretty_counterex ctxt auto (SOME cex) =

       Pretty.chunks (Pretty.str (tool_name auto ^ " found a counterexample:\n") ::

         map (fn (s, t) =>

           Pretty.block [Pretty.str (s ^ " ="), Pretty.brk 1, Syntax.pretty_term ctxt t]) (rev cex));

 fun pretty_report (Report {iterations = iterations, raised_match_errors = raised_match_errors,

     satisfied_assms = satisfied_assms, positive_concl_tests = positive_concl_tests}) =

   let

     fun pretty_stat s i = Pretty.block ([Pretty.str (s ^ ": " ^ string_of_int i)])

   in

      ([pretty_stat "iterations" iterations,

      pretty_stat "match exceptions" raised_match_errors]

      @ map_index (fn (i, n) => pretty_stat ("satisfied " ^ string_of_int (i + 1) ^ ". assumption") n)

        satisfied_assms

      @ [pretty_stat "positive conclusion tests" positive_concl_tests])

   end

 fun pretty_reports ctxt (SOME reports) =

   Pretty.chunks (Pretty.fbrk :: Pretty.str "Quickcheck report:" ::

     maps (fn (size, report) =>

       Pretty.str ("size " ^ string_of_int size ^ ":") :: pretty_report report @ [Pretty.brk 1])

       (rev reports))

   | pretty_reports ctxt NONE = Pretty.str ""

 fun pretty_counterex_and_reports ctxt auto (cex, timing_and_reports) =

   Pretty.chunks (pretty_counterex ctxt auto cex ::

     map (pretty_reports ctxt) (map snd timing_and_reports))

 (* automatic testing *)

 fun auto_quickcheck state =

   let

     val ctxt = Proof.context_of state;

     val res =

       state

       |> Proof.map_context (Config.put report false #> Config.put quiet true)

       |> try (test_goal [] 1);

   in

     case res of

       NONE => (false, state)

     | SOME (NONE, report) => (false, state)

     | SOME (cex, report) => (true, Proof.goal_message (K (Pretty.chunks [Pretty.str "",

         Pretty.mark Markup.hilite (pretty_counterex ctxt true cex)])) state)

   end

 val setup = Auto_Tools.register_tool (auto, auto_quickcheck)

   #> setup_config

 (* Isar commands *)

 fun read_nat s = case (Library.read_int o Symbol.explode) s

  of (k, []) => if k >= 0 then k

       else error ("Not a natural number: " ^ s)

   | (_, _ :: _) => error ("Not a natural number: " ^ s);

 fun read_bool "false" = false

   | read_bool "true" = true

   | read_bool s = error ("Not a Boolean value: " ^ s)

 fun read_real s =

   case (Real.fromString s) of

     SOME s => s

   | NONE => error ("Not a real number: " ^ s)

 fun read_expectation "no_expectation" = No_Expectation

   | read_expectation "no_counterexample" = No_Counterexample 

   | read_expectation "counterexample" = Counterexample

   | read_expectation s = error ("Not an expectation value: " ^ s)  

 fun valid_tester_name genctxt = AList.defined (op =) (fst (Data.get genctxt))

 fun parse_tester name genctxt =

   if valid_tester_name genctxt name then

     Config.put_generic tester name genctxt

   else

     error ("Unknown tester: " ^ name)

 fun parse_test_param ("tester", [arg]) = parse_tester arg

   | parse_test_param ("size", [arg]) = Config.put_generic size (read_nat arg)

   | parse_test_param ("iterations", [arg]) = Config.put_generic iterations (read_nat arg)

   | parse_test_param ("default_type", arg) = (fn gen_ctxt =>

     map_test_params ((apfst o K) (map (ProofContext.read_typ (Context.proof_of gen_ctxt)) arg)) gen_ctxt)

   | parse_test_param ("no_assms", [arg]) = Config.put_generic no_assms (read_bool arg)

   | parse_test_param ("expect", [arg]) = map_test_params ((apsnd o K) (read_expectation arg))

   | parse_test_param ("report", [arg]) = Config.put_generic report (read_bool arg)

   | parse_test_param ("quiet", [arg]) = Config.put_generic quiet (read_bool arg)

   | parse_test_param ("timeout", [arg]) = Config.put_generic timeout (read_real arg)

   | parse_test_param ("finite_types", [arg]) = Config.put_generic finite_types (read_bool arg)

   | parse_test_param ("finite_type_size", [arg]) = Config.put_generic finite_type_size (read_nat arg)

   | parse_test_param (name, _) = fn genctxt =>

     if valid_tester_name genctxt name then

       Config.put_generic tester name genctxt

     else error ("Unknown tester or test parameter: " ^ name);

 fun parse_test_param_inst (name, arg) (insts, ctxt) =

       case try (ProofContext.read_typ ctxt) name

        of SOME (TFree (v, _)) => (apfst o AList.update (op =))

               (v, ProofContext.read_typ ctxt (the_single arg)) (insts, ctxt)

         | _ => (apsnd o Context.proof_map o parse_test_param) (name, arg) (insts, ctxt);

 fun quickcheck_params_cmd args = Context.theory_map (fold parse_test_param args);

 fun gen_quickcheck args i state =

   state

   |> Proof.map_context_result (fn ctxt => fold parse_test_param_inst args ([], ctxt))

   |> (fn (insts, state') => test_goal insts i state'

   |> tap (fn (SOME x, _) => if expect (Proof.context_of state') = No_Counterexample then

                error ("quickcheck expected to find no counterexample but found one") else ()

            | (NONE, _) => if expect (Proof.context_of state') = Counterexample then

                error ("quickcheck expected to find a counterexample but did not find one") else ()))

 fun quickcheck args i state = fst (gen_quickcheck args i state);

 fun quickcheck_cmd args i state =

   gen_quickcheck args i (Toplevel.proof_of state)

   |> Pretty.writeln o pretty_counterex_and_reports (Toplevel.context_of state) false;

 val parse_arg = Parse.name -- (Scan.optional (Parse.$$$ "=" |-- 

   (((Parse.name || Parse.float_number) >> single) || (Parse.$$$ "[" |-- Parse.list1 Parse.name --| Parse.$$$ "]"))) ["true"]);

 val parse_args = Parse.$$$ "[" |-- Parse.list1 parse_arg --| Parse.$$$ "]"

   || Scan.succeed [];

 val _ =

   Outer_Syntax.command "quickcheck_params" "set parameters for random testing" Keyword.thy_decl

     (parse_args >> (fn args => Toplevel.theory (quickcheck_params_cmd args)));

 val _ =

   Outer_Syntax.improper_command "quickcheck" "try to find counterexample for subgoal" Keyword.diag

     (parse_args -- Scan.optional Parse.nat 1

       >> (fn (args, i) => Toplevel.no_timing o Toplevel.keep (quickcheck_cmd args i)));

 end;

 val auto_quickcheck = Quickcheck.auto;