From d026ada66d305e3e7b1fa5483b0389b92d4fef54 Mon Sep 17 00:00:00 2001 From: Corey Lewis Date: Wed, 27 Sep 2023 14:53:47 +1000 Subject: [PATCH] squash lib/monads/trace: suggestions from PR review Signed-off-by: Corey Lewis --- lib/Monads/trace/Trace_Empty_Fail.thy | 11 ++-- lib/Monads/trace/Trace_Monad.thy | 16 ++--- lib/Monads/trace/Trace_Monad_Equations.thy | 33 +++++----- lib/Monads/trace/Trace_More_VCG.thy | 73 +++++++++++----------- lib/Monads/trace/Trace_No_Throw.thy | 2 + 5 files changed, 68 insertions(+), 67 deletions(-) diff --git a/lib/Monads/trace/Trace_Empty_Fail.thy b/lib/Monads/trace/Trace_Empty_Fail.thy index b468cabd9f7..c974e9edd8a 100644 --- a/lib/Monads/trace/Trace_Empty_Fail.thy +++ b/lib/Monads/trace/Trace_Empty_Fail.thy @@ -21,8 +21,9 @@ definition empty_fail :: "('s,'a) tmonad \ bool" where "empty_fail m \ \s. mres (m s) = {} \ Failed \ snd ` (m s)" text \Useful in forcing otherwise unknown executions to have the @{const empty_fail} property.\ -\ \definition mk_ef :: "'a set \ bool \ 'a set \ bool" where - "mk_ef S \ (fst S, fst S = {} \ snd S)"\ +definition mk_ef :: + "((tmid \ 's) list \ ('s, 'a) tmres) set \ ((tmid \ 's) list \ ('s, 'a) tmres) set" where + "mk_ef S \ if mres S = {} then S \ {([], Failed)} else S" subsection \WPC setup\ @@ -66,7 +67,7 @@ subsection \Wellformed monads\ (* Collect generic empty_fail lemmas here: - - naming convention is emtpy_fail_NAME. + - naming convention is empty_fail_NAME. - add lemmas with assumptions to [empty_fail_cond] set - add lemmas without assumption to [empty_fail_term] set *) @@ -195,9 +196,9 @@ lemma empty_fail_assert_opt[empty_fail_term]: "empty_fail (assert_opt x)" by (simp add: assert_opt_def empty_fail_term split: option.splits) -\ \lemma empty_fail_mk_ef[empty_fail_term]: +lemma empty_fail_mk_ef[empty_fail_term]: "empty_fail (mk_ef o m)" - by (simp add: empty_fail_def mk_ef_def)\ + by (simp add: empty_fail_def mk_ef_def) lemma empty_fail_gets_the[empty_fail_term]: "empty_fail (gets_the f)" diff --git a/lib/Monads/trace/Trace_Monad.thy b/lib/Monads/trace/Trace_Monad.thy index e287245d49e..7ddffb245c2 100644 --- a/lib/Monads/trace/Trace_Monad.thy +++ b/lib/Monads/trace/Trace_Monad.thy @@ -727,16 +727,16 @@ section "Combinators that have conditions with side effects" definition notM :: "('s, bool) tmonad \ ('s, bool) tmonad" where "notM m = do c \ m; return (\ c) od" -definition - whileM :: "('s, bool) tmonad \ ('s, 'a) tmonad \ ('s, unit) tmonad" where +definition whileM :: + "('s, bool) tmonad \ ('s, 'a) tmonad \ ('s, unit) tmonad" where "whileM C B \ do c \ C; whileLoop (\c s. c) (\_. do B; C od) c; return () od" -definition - ifM :: "('s, bool) tmonad \ ('s, 'a) tmonad \ ('s, 'a) tmonad \ +definition ifM :: + "('s, bool) tmonad \ ('s, 'a) tmonad \ ('s, 'a) tmonad \ ('s, 'a) tmonad" where "ifM test t f = do c \ test; @@ -751,12 +751,12 @@ definition ifME :: if c then t else f odE" -definition - whenM :: "('s, bool) tmonad \ ('s, unit) tmonad \ ('s, unit) tmonad" where +definition whenM :: + "('s, bool) tmonad \ ('s, unit) tmonad \ ('s, unit) tmonad" where "whenM t m = ifM t m (return ())" -definition - orM :: "('s, bool) tmonad \ ('s, bool) tmonad \ ('s, bool) tmonad" where +definition orM :: + "('s, bool) tmonad \ ('s, bool) tmonad \ ('s, bool) tmonad" where "orM a b = ifM a (return True) b" definition diff --git a/lib/Monads/trace/Trace_Monad_Equations.thy b/lib/Monads/trace/Trace_Monad_Equations.thy index 20587e6cb85..2e0815222df 100644 --- a/lib/Monads/trace/Trace_Monad_Equations.thy +++ b/lib/Monads/trace/Trace_Monad_Equations.thy @@ -47,7 +47,7 @@ lemma throwError_bind: lemma bind_bindE_assoc: "((f >>= g) >>=E h) - = f >>= (\rv. g rv >>=E h)" + = f >>= (\rv. g rv >>=E h)" by (simp add: bindE_def bind_assoc) lemma returnOk_bind: @@ -67,7 +67,7 @@ lemma cart_singleton_image: lemma liftE_bindE_handle: "((liftE f >>=E (\x. g x)) h) - = f >>= (\x. g x h)" + = f >>= (\x. g x h)" by (simp add: liftE_bindE handleE_def handleE'_def bind_assoc) @@ -89,7 +89,7 @@ lemma liftE_bindE_assoc: lemma unlessE_throw_catch_If: "catch (unlessE P (throwError e) >>=E f) g - = (if P then catch (f ()) g else g e)" + = (if P then catch (f ()) g else g e)" by (simp add: unlessE_def catch_throwError split: if_split) lemma whenE_bindE_throwError_to_if: @@ -125,13 +125,13 @@ lemma all_rv_choice_fn_eq_pred: lemma all_rv_choice_fn_eq: "\ \rv. \fn. f rv = g fn \ - \ \fn. f = (\rv. g (fn rv))" + \ \fn. f = (\rv. g (fn rv))" using all_rv_choice_fn_eq_pred[where f=f and g=g and P=\] by (simp add: fun_eq_iff) lemma gets_the_eq_bind: "\ \fn. f = gets_the (fn o fn'); \rv. \fn. g rv = gets_the (fn o fn') \ - \ \fn. (f >>= g) = gets_the (fn o fn')" + \ \fn. (f >>= g) = gets_the (fn o fn')" apply (clarsimp dest!: all_rv_choice_fn_eq) apply (rule_tac x="\s. case (fn s) of None \ None | Some v \ fna v s" in exI) apply (simp add: gets_the_def bind_assoc exec_gets @@ -141,7 +141,7 @@ lemma gets_the_eq_bind: lemma gets_the_eq_bindE: "\ \fn. f = gets_the (fn o fn'); \rv. \fn. g rv = gets_the (fn o fn') \ - \ \fn. (f >>=E g) = gets_the (fn o fn')" + \ \fn. (f >>=E g) = gets_the (fn o fn')" apply (simp add: bindE_def) apply (erule gets_the_eq_bind) apply (simp add: lift_def gets_the_returns split: sum.split) @@ -167,9 +167,9 @@ lemma ex_const_function: lemma gets_the_condsE: "(\fn. whenE P f = gets_the (fn o fn')) - = (P \ (\fn. f = gets_the (fn o fn')))" + = (P \ (\fn. f = gets_the (fn o fn')))" "(\fn. unlessE P g = gets_the (fn o fn')) - = (\ P \ (\fn. g = gets_the (fn o fn')))" + = (\ P \ (\fn. g = gets_the (fn o fn')))" by (simp add: whenE_def unlessE_def gets_the_returns ex_const_function split: if_split)+ @@ -183,7 +183,7 @@ lemma liftME_return: lemma fold_bindE_into_list_case: "(doE v \ f; case_list (g v) (h v) x odE) - = (case_list (doE v \ f; g v odE) (\x xs. doE v \ f; h v x xs odE) x)" + = (case_list (doE v \ f; g v odE) (\x xs. doE v \ f; h v x xs odE) x)" by (simp split: list.split) lemma whenE_liftE: @@ -230,10 +230,9 @@ lemma modify_id_return: "modify id = return ()" by (simp add: simpler_modify_def return_def) - lemma liftE_bind_return_bindE_returnOk: "liftE (v >>= (\rv. return (f rv))) - = (liftE v >>=E (\rv. returnOk (f rv)))" + = (liftE v >>=E (\rv. returnOk (f rv)))" by (simp add: liftE_bindE, simp add: liftE_def returnOk_def) lemma bind_eqI: @@ -241,12 +240,12 @@ lemma bind_eqI: lemma unlessE_throwError_returnOk: "(if P then returnOk v else throwError x) - = (unlessE P (throwError x) >>=E (\_. returnOk v))" + = (unlessE P (throwError x) >>=E (\_. returnOk v))" by (cases P, simp_all add: unlessE_def) lemma gets_the_bind_eq: "\ f s = Some x; g x s = h s \ - \ (gets_the f >>= g) s = h s" + \ (gets_the f >>= g) s = h s" by (simp add: gets_the_def bind_assoc exec_gets assert_opt_def) lemma zipWithM_x_modify: @@ -261,7 +260,7 @@ lemma zipWithM_x_modify: lemma assert2: "(do v1 \ assert P; v2 \ assert Q; c od) - = (do v \ assert (P \ Q); c od)" + = (do v \ assert (P \ Q); c od)" by (simp add: assert_def split: if_split) lemma assert_opt_def2: @@ -270,20 +269,20 @@ lemma assert_opt_def2: lemma gets_assert: "(do v1 \ assert v; v2 \ gets f; c v1 v2 od) - = (do v2 \ gets f; v1 \ assert v; c v1 v2 od)" + = (do v2 \ gets f; v1 \ assert v; c v1 v2 od)" by (simp add: simpler_gets_def return_def assert_def fail_def bind_def split: if_split) lemma modify_assert: "(do v2 \ modify f; v1 \ assert v; c v1 od) - = (do v1 \ assert v; v2 \ modify f; c v1 od)" + = (do v1 \ assert v; v2 \ modify f; c v1 od)" by (simp add: simpler_modify_def return_def assert_def fail_def bind_def split: if_split) lemma gets_fold_into_modify: "do x \ gets f; modify (g x) od = modify (\s. g (f s) s)" "do x \ gets f; _ \ modify (g x); h od - = do modify (\s. g (f s) s); h od" + = do modify (\s. g (f s) s); h od" by (simp_all add: fun_eq_iff modify_def bind_assoc exec_gets exec_get exec_put) diff --git a/lib/Monads/trace/Trace_More_VCG.thy b/lib/Monads/trace/Trace_More_VCG.thy index ffc3879ad2f..80f4ab5f7a7 100644 --- a/lib/Monads/trace/Trace_More_VCG.thy +++ b/lib/Monads/trace/Trace_More_VCG.thy @@ -16,7 +16,7 @@ begin lemma hoare_take_disjunct: "\P\ f \\rv s. P' rv s \ (False \ P'' rv s)\ - \ \P\ f \P''\" + \ \P\ f \P''\" by (erule hoare_strengthen_post, simp) lemma hoare_post_add: @@ -94,12 +94,12 @@ lemmas hoare_lift_Pf_pre_conj' = hoare_lift_Pf2_pre_conj[where Q=P and P=P for P lemma hoare_if_r_and: "\P\ f \\r. if R r then Q r else Q' r\ - = \P\ f \\r s. (R r \ Q r s) \ (\R r \ Q' r s)\" + = \P\ f \\r s. (R r \ Q r s) \ (\R r \ Q' r s)\" by (fastforce simp: valid_def) lemma hoare_convert_imp: - "\ \\s. \ P s\ f \\rv s. \ Q s\; \R\ f \S\ \ \ - \\s. P s \ R s\ f \\rv s. Q s \ S rv s\" + "\ \\s. \ P s\ f \\rv s. \ Q s\; \R\ f \S\ \ + \ \\s. P s \ R s\ f \\rv s. Q s \ S rv s\" apply (simp only: imp_conv_disj) apply (erule(1) hoare_vcg_disj_lift) done @@ -112,8 +112,8 @@ lemma hoare_vcg_ex_lift_R: done lemma hoare_case_option_wpR: - "\\P\ f None \Q\,-; \x. \P' x\ f (Some x) \Q' x\,-\ \ - \case_option P P' v\ f v \\rv. case v of None \ Q rv | Some x \ Q' x rv\,-" + "\\P\ f None \Q\,-; \x. \P' x\ f (Some x) \Q' x\,-\ + \ \case_option P P' v\ f v \\rv. case v of None \ Q rv | Some x \ Q' x rv\,-" by (cases v) auto lemma hoare_vcg_conj_liftE_R: @@ -214,9 +214,10 @@ lemma list_cases_weak_wp: assumes "\x xs. \P_B\ b x xs \Q\" shows "\P_A and P_B\ - case ts of - [] \ a - | x#xs \ b x xs \Q\" + case ts of + [] \ a + | x#xs \ b x xs + \Q\" apply (cases ts) apply (simp, rule hoare_weaken_pre, rule assms, simp)+ done @@ -225,18 +226,18 @@ lemmas hoare_FalseE_R = hoare_FalseE[where E="\\", folded validE_R_def lemma hoare_vcg_if_lift2: "\R\ f \\rv s. (P rv s \ X rv s) \ (\ P rv s \ Y rv s)\ \ - \R\ f \\rv s. if P rv s then X rv s else Y rv s\" + \R\ f \\rv s. if P rv s then X rv s else Y rv s\" "\R\ f \\rv s. (P' rv \ X rv s) \ (\ P' rv \ Y rv s)\ \ - \R\ f \\rv. if P' rv then X rv else Y rv\" + \R\ f \\rv. if P' rv then X rv else Y rv\" by (auto simp: valid_def split_def) lemma hoare_vcg_if_lift_ER: (* Required because of lack of rv in lifting rules *) "\R\ f \\rv s. (P rv s \ X rv s) \ (\ P rv s \ Y rv s)\, - \ - \R\ f \\rv s. if P rv s then X rv s else Y rv s\, -" + \R\ f \\rv s. if P rv s then X rv s else Y rv s\, -" "\R\ f \\rv s. (P' rv \ X rv s) \ (\ P' rv \ Y rv s)\, - \ - \R\ f \\rv. if P' rv then X rv else Y rv\, -" + \R\ f \\rv. if P' rv then X rv else Y rv\, -" by (auto simp: valid_def validE_R_def validE_def split_def) lemma hoare_vcg_imp_liftE: @@ -294,7 +295,7 @@ lemma set_shrink_proof: assumes x: "\x. \\s. x \ S s\ f \\rv s. x \ S s\" shows "\\s. \S'. S' \ S s \ P S'\ - f + f \\rv s. P (S s)\" apply (clarsimp simp: valid_def) apply (drule spec, erule mp) @@ -378,7 +379,7 @@ lemma valid_return_unit: lemma hoare_weak_lift_imp_conj: "\ \Q\ m \Q'\; \R\ m \R'\ \ - \ \\s. (P \ Q s) \ R s\ m \\rv s. (P \ Q' rv s) \ R' rv s\" + \ \\s. (P \ Q s) \ R s\ m \\rv s. (P \ Q' rv s) \ R' rv s\" apply (rule hoare_vcg_conj_lift) apply (rule hoare_weak_lift_imp) apply assumption+ @@ -403,9 +404,10 @@ lemma hoare_vcg_disj_lift_R: lemmas throwError_validE_R = throwError_wp [where E="\\", folded validE_R_def] lemma valid_case_option_post_wp: - "(\x. \P x\ f \\rv. Q x\) \ - \\s. case ep of Some x \ P x s | _ \ True\ - f \\rv s. case ep of Some x \ Q x s | _ \ True\" + "\\x. \P x\ f \\rv. Q x\\ \ + \\s. case ep of Some x \ P x s | _ \ True\ + f + \\rv s. case ep of Some x \ Q x s | _ \ True\" by (cases ep, simp_all add: hoare_vcg_prop) lemma P_bool_lift: @@ -485,13 +487,13 @@ lemma hoare_ex_pre: (* safe, unlike hoare_vcg_ex_lift *) by (fastforce simp: valid_def) lemma hoare_ex_pre_conj: - "(\x. \\s. P x s \ P' s\ f \Q\) - \ \\s. (\x. P x s) \ P' s\ f \Q\" + "\\x. \\s. P x s \ P' s\ f \Q\\ + \ \\s. (\x. P x s) \ P' s\ f \Q\" by (fastforce simp: valid_def) lemma hoare_conj_lift_inv: "\\P\ f \Q\; \\s. P' s \ I s\ f \\rv. I\; - \s. P s \ P' s\ + \s. P s \ P' s\ \ \\s. P s \ I s\ f \\rv s. Q rv s \ I s\" by (fastforce simp: valid_def) @@ -518,7 +520,7 @@ lemma validE_R_sp: lemma valid_set_take_helper: "\P\ f \\rv s. \x \ set (xs rv s). Q x rv s\ - \ \P\ f \\rv s. \x \ set (take (n rv s) (xs rv s)). Q x rv s\" + \ \P\ f \\rv s. \x \ set (take (n rv s) (xs rv s)). Q x rv s\" apply (erule hoare_strengthen_post) apply (clarsimp dest!: in_set_takeD) done @@ -556,7 +558,7 @@ lemma hoare_vcg_imp_lift_R: lemma hoare_disj_division: "\ P \ Q; P \ \R\ f \S\; Q \ \T\ f \S\ \ - \ \\s. (P \ R s) \ (Q \ T s)\ f \S\" + \ \\s. (P \ R s) \ (Q \ T s)\ f \S\" apply safe apply (rule hoare_pre_imp) prefer 2 @@ -573,8 +575,8 @@ lemma hoare_grab_asm: by (cases G, simp+) lemma hoare_grab_asm2: - "(P' \ \\s. P s \ R s\ f \Q\) - \ \\s. P s \ P' \ R s\ f \Q\" + "\P' \ \\s. P s \ R s\ f \Q\\ + \ \\s. P s \ P' \ R s\ f \Q\" by (fastforce simp: valid_def) lemma hoare_grab_exs: @@ -589,8 +591,8 @@ lemma hoare_prop_E: "\\rv. P\ f -,\\rv s by (rule hoare_pre, wp, simp) lemma hoare_vcg_conj_lift_R: - "\ \P\ f \Q\,-; \R\ f \S\,- \ \ - \\s. P s \ R s\ f \\rv s. Q rv s \ S rv s\,-" + "\ \P\ f \Q\,-; \R\ f \S\,- \ + \ \\s. P s \ R s\ f \\rv s. Q rv s \ S rv s\,-" apply (simp add: validE_R_def validE_def) apply (drule(1) hoare_vcg_conj_lift) apply (erule hoare_strengthen_post) @@ -640,7 +642,7 @@ lemma other_hoare_in_monad_post: lemma weak_if_wp: "\ \P\ f \Q\; \P'\ f \Q'\ \ \ - \P and P'\ f \\r. if C r then Q r else Q' r\" + \P and P'\ f \\r. if C r then Q r else Q' r\" by (auto simp add: valid_def split_def) lemma weak_if_wp': @@ -666,7 +668,7 @@ lemma validE_R_abstract_rv: lemma validE_cases_valid: "\P\ f \\rv s. Q (Inr rv) s\,\\rv s. Q (Inl rv) s\ - \ \P\ f \Q\" + \ \P\ f \Q\" apply (simp add: validE_def) apply (erule hoare_strengthen_post) apply (simp split: sum.split_asm) @@ -691,12 +693,10 @@ lemma hoare_gen_asm_conj: "(P \ \P'\ f \Q\) \ \\s. P' s \ P\ f \Q\" by (fastforce simp: valid_def) - lemma hoare_add_K: "\P\ f \Q\ \ \\s. P s \ I\ f \\rv s. Q rv s \ I\" by (fastforce simp: valid_def) - lemma valid_rv_lift: "\P'\ f \\rv s. rv \ Q rv s\ \ \\s. P \ P' s\ f \\rv s. rv \ P \ Q rv s\" by (fastforce simp: valid_def) @@ -707,20 +707,19 @@ lemma valid_imp_ex: lemma valid_rv_split: "\\P\ f \\rv s. rv \ Q s\; \P\ f \\rv s. \rv \ Q' s\\ - \ - \P\ f \\rv s. if rv then Q s else Q' s\" + \ \P\ f \\rv s. if rv then Q s else Q' s\" by (fastforce simp: valid_def) lemma hoare_rv_split: "\\P\ f \\rv s. rv \ (Q rv s)\; \P\ f \\rv s. (\rv) \ (Q rv s)\\ - \ \P\ f \Q\" + \ \P\ f \Q\" apply (clarsimp simp: valid_def) apply (case_tac a, fastforce+) done -lemma combine_validE: "\ \ P \ x \ Q \,\ E \; - \ P' \ x \ Q' \,\ E' \ \ \ - \ P and P' \ x \ \r. (Q r) and (Q' r) \,\\r. (E r) and (E' r) \" +lemma combine_validE: + "\ \ P \ x \ Q \,\ E \; \ P' \ x \ Q' \,\ E' \ \ + \ \ P and P' \ x \ \r. (Q r) and (Q' r) \,\\r. (E r) and (E' r) \" apply (clarsimp simp: validE_def valid_def split: sum.splits) apply (erule allE, erule (1) impE)+ apply (drule (1) bspec)+ diff --git a/lib/Monads/trace/Trace_No_Throw.thy b/lib/Monads/trace/Trace_No_Throw.thy index edaa66800bf..f5174f1ecd7 100644 --- a/lib/Monads/trace/Trace_No_Throw.thy +++ b/lib/Monads/trace/Trace_No_Throw.thy @@ -31,6 +31,8 @@ lemma no_throw_def': by (clarsimp simp: no_throw_def validE_def2 split_def split: sum.splits) +subsection \no_throw rules\ + lemma no_throw_returnOk[simp]: "no_throw P (returnOk a)" unfolding no_throw_def