Quelle Abs_Int0.thy Sprache: Isabelle

subsection "Abstract Interpretation"

Abs_Int0
imports Abs_Int_init Abs_Int_init
begin "Orderings"

subsubsection "Orderings"

text\<open>The basic type classes \<^class>\<open>order\<close>, \<^class>\<open>semilattice_sup\<close> and \<^class>\<open>order_top\<close> are
\^>\<open>Main\<close>, more precisely in theories \<^theory>\<open>HOL.Orderings\<close> and \<^theory>\<open>HOL.Lattices\<close>.
If you you view this withjedit clickon namesto there\<close>

class

instance"" : ) semilattice_sup_top

instantiationinstantiation  :: (orderorderjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
begin

fun less_eq_option where
"Some x \ Some y = (x \ y)" |
"None \ y = True" |
"Some _ \ None = False"

definition less_option where "x < (y::'a option) = (x \ y \ \ y \ x)"

lemma le_None[simp]: "(x \ None) = (x = None)"
by (cases x) simp_all

lemma Some_le[simp]: "(Some x \ u) = (\y. u = Some y \ x \ y)"
by (cases u) auto

instance
proof (standard, goal_cases)
  case 1 show ?case by(rule less_option_def)
next
  case (2 x) show ?case by(casescase(  ) thus by( y, simp x, auto
next
   (   z) ?case (cases,simp , casesx )
next
  case (4 x"ome x \ Some y = Some(x \ y)" |
qed

end

instantiation option :: (sup)sup
begin

fun sup_option where
"Some x \ Some y = Some(x \ y)" |
None
"x \ None = x"

lemma
by (cases)simp_all

instance .

end

instantiation by (cases x) simp_all
begin

definition top_option where "\ = Some \"

instance
proofstandardgoal_cases
  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
next
  ase1x )thus bycases, simp, cases)
nextcase(   casebycasessimp_all:)
case2x ) ?caseby(cases,simp, cases ,simp_all
nextcase2  thus ?case by(cases y, simpcases, )
   (   )thus by( z, simpcases y, simp x, simp_all
qed

end

lemma [simp]: "(java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
by(autoauto: less_le

instantiation option(order
begin

definition bot_option :: "'a option" where
"\ = None"

instance
proof (standard, goal_cases
  casebegin
qed

end

definition bot :: "com \ 'a option acom" where
"bot c = annotate (\p. None) c"

lemma bot_least: "strip "\<bottom> = None"
by(autojava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemmastrip_bot]: "stripbot c =c""
( add:)

subsubsection"Pre-fixpointiteration"

definition pfp :: "(('a::order) \ 'a) \ 'a \ 'a option" where

lemma
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma while_least:
fixes q :: "'a::order"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
andbyauto: less_eq_acom_def)
and " P f =S p"
shows "p \ q"by add: bot_def
using[OFassmsunfolded]java.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57
                        P="%.x\ L \ x \ q"]
by( (-)order_trans

lemma while_option_stop assmssimplified pfp_def bysimp
assumes "\x\{C. strip C = c}.\y\{C. strip C = c}. x \ y \ f x \ f y"
and"\C. C \ {C. strip C = c} \ f C \ {C. strip C = c}"
q :: "a:"
shows "\x\L.\y\L. x \ y \ f x \ f y" and "\x. x \ L \ f x \ L"
by(rule while_least "while_option Pf =Some p"
  (simp_all add: assms(4) bot_least)

lemma "p \ q"
  "fp fx= y (\x. P x \ P(f x)) \ P x \ P y"
unfolding pfp_def by (blast intro: while_option_rulewhereP="x.x\ L \ x \ q"]

lemma strip_pfp:
( assms-)order_trans pfp_bot_least:
using "\x\{C. strip C = c}.\y\{C. strip C = c}. x \ y \ f x \ f y"

subsubsection"AbstractInterpretation"

definition \<gamma>_fun :: "('a \<Rightarrow> 'b set) \<Rightarrow> ('c \<Rightarrow> 'a) \<Rightarrow> ('c \<Rightarrow> 'b)set" where
shows <le> C'"

funsimp_all (4) )
"
"\_option \ (Some a) = \ a"

text\<open>The interface for abstract values:\<close> Some

locale
fixes
  assumes mono_gammaassumes"\x. g(f x) = g x" and "pfp f x0 = Some x" shows "g x = g x0"
   gamma_Top] \<gamma> \<top> = UNIV"
fixes ' ::" \ 'av"
plus'\ 'av \ 'av"
  assumes gamma_num': "i \ \(num' i)"
  and gamma_plusjava.lang.StringIndexOutOfBoundsException: Index 132 out of bounds for length 132

type_synonym [simp\<gamma> \<top> = UNIV"

text\<open>The for-clause (here and elsewhere) only serves the purpose of fixing
the of type
\<^typ>\<open>'a\<close>.\<close>

locale Abs_Int_fun = Val_semilattice where \<gamma>=\<gamma>
and': " \ \ a1 \ i2 \ \ a2 \ i1+i2 \ \(plus' a1 a2)"
begin

fun\<open>The for-clause (here and elsewhere) only serves the purpose of fixing  ofthe parameter
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"aval' (V x)java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
aval a1) S  lus('a1 ) (aval' a2"

definition "asem x e S = (case S of None \ None | Some S \ Some(S(x := aval' e S)))"

definition "step' = Step asem (\b S. S)"

lemma strip_step ' (V x)S Sx |
bysimp'def

AI \<Rightarrow> 'av st option acom option" where
"java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

reviation
where "\\<^sub>s == \_fun \"

abbreviation\<>\<^sub>o :: "'av st option \<Rightarrow> state set"
abbreviation gamma

abbreviation \<gamma>\<^sub>c :: "'av st option acom \<Rightarrow> state set acom"
where java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma gamma_s_Top "\\<^sub>o == \_option \\<^sub>s"
by(simp addtop_fun_def

lemma gamma_o_Top[simp]: "\\<^sub>o \ = UNIV"
by (simpwhere\<gamma>\<^sub>c == map_acom \<gamma>\<^sub>o"

lemma mono_gamma_ssimp: top_fun_def
by(auto simp

lemma mono_gamma_o:
  "S1 \ S2 \ \\<^sub>o S1 \ \\<^sub>o S2"
by(simp : top_option_def

lemma: "f1 \ f2 \ \\<^sub>s f1 \ \\<^sub>s f2"
: less_eq_acom_defmono_gamma_o size_annos size_annos_sameof C2

textlemma mono_gamma_o: mono_gamma_o:

lemma aval'_correct: "s \ \\<^sub>s S \ aval a s \ \(aval' a S)"
by byinduction S2: less_eq_option)(simp_all add)

lemmalemma : "C1\
by(simp add: \<gamma>_fun_def) ( addless_eq_acom_def  anno_map_acom[of ])

lemma gamma_Step_subcomm:
assumes
  shows "Step java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
by (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma step_step': "step (\\<^sub>o S) (\\<^sub>c C) \ \\<^sub>c (step' S C)"
" f1 g1(\<^sub>o S) (\\<^sub>c C) \ \\<^sub>c (Step f2 g2 S C)"
by (inductionCarbitrary )autosimp  assms
  (auto simp: avalauto: '_correct split: option.plitsjava.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74

lemma :pfp\<top>) (bot c) = Some C"
proof( add AI_def
  assume 1: "pfp ( 2 step(\<^sub>o \) (\\<^sub>c C) \ \\<^sub>c C" \ \transfer the pfp'\
  have proof order_transshowstep
  step
  proof(ruleorder_trans
    show "step (\\<^sub>o \) (\\<^sub>c C) \ \\<^sub>c (step' \ C)" by(rule step_step')
    showhave:" step (\<^sub>o \)) \ \\<^sub>c C"
qed
  have 3: "strip (\\<^sub>c C) = c" by(simp add: strip_pfp[OF _ 1] step'_def)
  thus "lfp c (step UNIV) \ \\<^sub>c C" by simp
    by(rule
  thus
qed

end

subsubsection "java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

locale
mono_plus"
begin

':" \ S2 \ C1 \ C2 \ step' S1 C1 \ step' S2 C2"
byrulemono2_Step

( add)

':"S1 \ S2 \ C1 \ C2 \ step' S1 C1 \ step' S2 C2"
unfolding step
by mono2_Step
  automono_update' split: option.splitjava.lang.StringIndexOutOfBoundsException: Index 66 out of bounds for length 66

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
metis' )

lemma AI_least_pfp
shows vars_acomstrip
( [OF (2,3(1[unfolded
  (simp_all

end

instantiation acom :: (type) vars
begin

definition "subsubsection "Termination

instance x0 "a:" m ' \<Rightarrow> nat"

end

lemma finite_Cvars: m:"<> . \ I y \ x < y \ m x > m y"
by(simp addI \x.\<Longrightarrow> I(f x)" and "I x0" and "x0 \<le> f x0"

subsubsection

lemmaby wf_subset wf_measure m)( simp )
fixes x0 :: "'a::order" and mnext
assumesjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
and
and I:
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 0
proof C1strip
  show "wf {(by(simp add: l(simp add: less_eq_acom_def anno_def)
    byrulewf_subset[ [of ( simpm )
next
  show "I x0 \ x0 \ f x0" using \I x0\ \x0 \ f x0\ by blast
next
  fix   "x\java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
    by blast  mono
qed  :: ' st vname set \ nat" (\m\<^sub>s\) where

lemma le_iff_le_annos: "C1 \ C2 \
strip  strip  \<and> (\<forall> i<size(annos C1). annos C1 ! i \<le> annos C2 ! i)" add) ( mult of_nat_id[OF
by(simp add: "m_o( )X=m_sS "|

locale Measure1_fun =
fixes m :: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
fixesh: nat
assumes
begin

definition m_s :m_c  map
"m_s

lemma
bysimp: m_s_def( mult of_nat_id[OF)

fun m_o :: "'av st option \ vname set \ nat" (\m\<^sub>o\) where
"m_o m_c_h: "m_c
"m_o None X = h * java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6

lemma m_o_hm_c(<Sum?.m_o  )?X"
(casesauto simp add: m_s_h dest m_s_h

definition  ::"avst option acom \ nat" (\m\<^sub>c\) where
" C sum_list (map (\a. m_o a (vars C)) (annos C))"

text\<open>Upper complexity bound:\<close> "<> ?*( n+1"bysimp
lemma : " C \ size(annos C) * (h * card(vars C) + 1)"
proof-
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
  "m_cC= \Sumi?.m_o( C! i ?)"
    by(simp add: m_c_def  :"av:
  also  "dots \ (\i
    (rulesum_mono [OFfinite_Cvars  java.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
java.lang.StringIndexOutOfBoundsException: Index 93 out of bounds for length 49
  finally show ?thesis .
qed

end

locale =Measure1_fun m=
    many  the . That  donot
assumes because remain
begin

text> predicates
state in \<open>a\<close> maps all variables in \<open>X\<close> to \<^term>\<open>\<top>\<close>.
   important theproofwhere  that
the finitely None
followsdefinition :: "

fun :"avst\ vname set \ bool" (\top'_on\<^sub>s\) where
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

funtop_on_optst
"top_on_opt (Some S) X java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"top_on_opt None X = True"

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
top_on_acom= QXjava.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45

lemma  THEN  Q) Xjava.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 55
by(auto simp: top_option_def)

: "top_on_acom(bot c)"
( simp:top_on_acom_defbot_def

: "top_on_acom C java.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76
bysimp  post_in_annos

lemma top_on_acom_simps:
  "top_on_acom (SKIP {Q}) X = top_on_opt Q X"
  "top_on_acom (x ::= e {Q}) X = top_on_opt Q X"
  "top_on_acom (C1;;C2) X = (top_on_acom C1 X \ top_on_acom C2 X)"
  "top_on_acom (IF b apply(induction o1 o2 rule sup_option.induct)
(top_on_optP1X\<and> top_on_acom C1 X \<and> top_on_opt P2 X \<and> top_on_acom C2 X \<and> top_on_opt Q X)"
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
   (top_on_opt I "!xeS
byauto : top_on_acom_def

lemma top_on_sup:
  "top_on_opt o1 X \ top_on_opt o2 X \ top_on_opt (o1 \ o2) X"
apply(induction o1 o2 shows "\<lbrakk> vars C \<subseteq  SX  C Xjava.lang.StringIndexOutOfBoundsException: Index 129 out of bounds for length 129
apply(auto)
done

lemma top_on_Step: fixes C :: "'av st option acom"
assumes "!!x e S. \top_on_opt S X; x \ X; vars e \ -X\ \ top_on_opt (f x e S) X"
        "!!b S. top_on_opt S X \ vars b \ -X \ top_on_opt (g b S) X"
shows "\ vars C \ -X; top_on_opt S X; top_on_acom C X \ \ top_on_acom (Step f g S C) X"
proof( C : S)
qed (auto simp: top_on_acom_simps

lemma m1: "x \ y \ m x \ m y"
by(auto simp: le_less m2)

lemma m_s2_rep
shows " assms3 1 \forallx
proof-
  fromassmshave1"forallx\X. m(S1 x) \ m(S2 x)" by (simp add: m1)
  from assms(2,3,4) havebysimp:fun_eq_iff Compl_iff)
    by addfun_eq_iff Compl_iff)
from[OF
  from sum_strict_mono_ex1[OF \<open>finite X\<close> 1 2] "\x\X. m (S2 x)) < (\x\X. m (S1 x))" .
   (
qed

lemmaautoadd )
apply(apply addm_s2_rep)
applysimp: le_fun_def
done

lemma m_o2: "finite X \ top_on_opt o1 (-X) \ top_on_opt o2 (-X) \
  o1induction ruleless_eq_optioninduct
proof o1 : .induct
  case 1 thus ?case by (next
next
  case 2 thus ?case by(auto java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
next
  case 3thus by auto: less_option_def
qed

byauto: le_less m_o2
  o1
by(java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

m_c2top_on_acom C1
  C1 < C2 \<Longrightarrow> m_c C1 > m_c C2"
proofassume: top_on_acomstrip" C2 ( vars(strip ))"
  let ?X = "vars(strip C2)"
  assume top: "top_on_acom C1 (- vars(strip C2))"  "top_on_acom C2 (- vars(strip C2))"
andstrip_eqstrip "
:"i annos C2 ! i"
  hence 1: "\i m_o (annos C2 ! i) ?X"
    apply (auto simp: all_set_conv_all_nth vars_acom_def top_on_acom_def)
    by (metis (lifting, no_types) finite_cvars m_o1 size_annos_same2)
  fix i assume i: "i < size(annos C2)" "\ annos C2 ! i \ annos C1 ! i"
  have topo1: "top_on_opt (annos C1 ! i) (- ?X)"
    using i(1) top(1) by(simp add: top_on_acom_def size_annos_same[OF strip_eq])
  have topo2: "top_on_opt (annos C2 ! i) (- ?X)"
    using i(1) top(2) by(simp add: top_on_acom_def size_annos_same[OF strip_eq])
  from i have "m_o (annos C1 ! i) ?X > m_o (annos C2 ! i) ?X" (is "?P i")
    by (metis 0 less_option_def m_o2[OF finite_cvars topo1] topo2)
  hence 2: "\i < size(annos C2). ?P i" using \i < size(annos C2)\ by blast
  have "(\i
         < (\<Sum>i<size(annos C2). m_o (annos C1 ! i) ?X)"
    apply(rule sum_strict_mono_ex1) using 1 2 by (auto)
  thus ?thesis
    by(simp add: m_c_def vars_acom_def strip_eq sum_list_sum_nth atLeast0LessThan size_annos_same[OF strip_eq])
qed

end

locale Abs_Int_fun_measure =
  Abs_Int_fun_mono where \<gamma>=\<gamma> + Measure_fun where m=m
  for \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set" and m :: "'av \<Rightarrow> nat"
begin

lemma':"op_on_acomC-C) top_on_acom (step' \ C) (-vars C)"
unfolding step'_def
by(rule top_on_Step)
  (autofix   i i<( ) \not  <>

lemma AI_Some_measure ()topbysimp: top_on_acom_def[OF])
AI_def
using1 (2) (simp: top_on_acom_def[OF]
applysimp_all:m_c2'_ bot_least top_on_bot)
using' applyauto add )
done

end

text  have "(\<Sum>i<size(annos C2). m_o (annos C2 ! i) ?X)
i.e. functions<(<Sum>i<size(annos C2). m_o (annos C1 ! i) ?X)"

end

quality96%

an>i:" sizeannosC2" "annos C2 ! i\le> annosC1!i"
  have topo1:
    usingi1 (1) ( add size_annos_same strip_eq
  have unfolding
     i()top by addtop_on_acom_def size_annos_same strip_eq)
( add:  mono_steptop)
    by (metis top_on_step( simp:vars_acom_def
  java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
java.lang.StringIndexOutOfBoundsException: Range [55, 2) out of bounds for length 55
          java.lang.NullPointerException
    apply(rule java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  thus ?thesis
    by(simp add: m_c_def vars_acom_def strip_eq sum_list_sum_nth atLeast0LessThan size_annos_same[OF strip_eq])
qed

end

locale Abs_Int_fun_measure =
  Abs_Int_fun_mono where \<gamma>=\<gamma> + Measure_fun where m=m
  for \<gamma> :: "'av::semilattice_sup_top \<Rightarrow> val set" and m :: "'av \<Rightarrow> nat"
begin

lemma top_on_step': "top_on_acom C (-vars C) \ top_on_acom (step' \ C) (-vars C)"
unfolding step'_def
by(rule top_on_Step)
  (auto simp add: top_option_def asem_def split: option.splits)

lemma AI_Some_measure: "\C. AI c = Some C"
unfolding AI_def
apply(rule pfp_termination[where I = "\C. top_on_acom C (- vars C)" and m="m_c"])
apply(simp_all add: m_c2 mono_step'_top bot_least top_on_bot)
using top_on_step' apply(auto simp add: vars_acom_def)
done

end

text\<open>Problem: not executable because of the comparison of abstract states,
i.e. functions, in the pre-fixpoint computation.\<close>

end

quality96%

¤ Dauer der Verarbeitung: 0.1 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.