header {* \isaheader{Labels} *}
theory Labels imports Com begin
text {* Labels describe a mapping from the inner node label
to the matching command *}
inductive labels :: "cmd => nat => cmd => bool"
where
Labels_Base:
"labels c 0 c"
| Labels_LAss:
"labels (V:=e) 1 Skip"
| Labels_Seq1:
"labels c⇣1 l c ==> labels (c⇣1;;c⇣2) l (c;;c⇣2)"
| Labels_Seq2:
"labels c⇣2 l c ==> labels (c⇣1;;c⇣2) (l + #:c⇣1) c"
| Labels_CondTrue:
"labels c⇣1 l c ==> labels (if (b) c⇣1 else c⇣2) (l + 1) c"
| Labels_CondFalse:
"labels c⇣2 l c ==> labels (if (b) c⇣1 else c⇣2) (l + #:c⇣1 + 1) c"
| Labels_WhileBody:
"labels c' l c ==> labels (while(b) c') (l + 2) (c;;while(b) c')"
| Labels_WhileExit:
"labels (while(b) c') 1 Skip"
lemma label_less_num_inner_nodes:
"labels c l c' ==> l < #:c"
proof(induct c arbitrary:l c')
case Skip
from `labels Skip l c'` show ?case by(fastforce elim:labels.cases)
next
case (LAss V e)
from `labels (V:=e) l c'` show ?case by(fastforce elim:labels.cases)
next
case (Seq c⇣1 c⇣2)
note IH1 = `!!l c'. labels c⇣1 l c' ==> l < #:c⇣1`
note IH2 = `!!l c'. labels c⇣2 l c' ==> l < #:c⇣2`
from `labels (c⇣1;;c⇣2) l c'` IH1 IH2 show ?case
by simp(erule labels.cases,auto,force)
next
case (Cond b c⇣1 c⇣2)
note IH1 = `!!l c'. labels c⇣1 l c' ==> l < #:c⇣1`
note IH2 = `!!l c'. labels c⇣2 l c' ==> l < #:c⇣2`
from `labels (if (b) c⇣1 else c⇣2) l c'` IH1 IH2 show ?case
by simp(erule labels.cases,auto,force)
next
case (While b c)
note IH = `!!l c'. labels c l c' ==> l < #:c`
from `labels (while (b) c) l c'` IH show ?case
by simp(erule labels.cases,fastforce+)
qed
declare One_nat_def [simp del]
lemma less_num_inner_nodes_label:
"l < #:c ==> ∃c'. labels c l c'"
proof(induct c arbitrary:l)
case Skip
from `l < #:Skip` have "l = 0" by simp
thus ?case by(fastforce intro:Labels_Base)
next
case (LAss V e)
from `l < #:(V:=e)` have "l = 0 ∨ l = 1" by auto
thus ?case by(auto intro:Labels_Base Labels_LAss)
next
case (Seq c⇣1 c⇣2)
note IH1 = `!!l. l < #:c⇣1 ==> ∃c'. labels c⇣1 l c'`
note IH2 = `!!l. l < #:c⇣2 ==> ∃c'. labels c⇣2 l c'`
show ?case
proof(cases "l < #:c⇣1")
case True
from IH1[OF this] obtain c' where "labels c⇣1 l c'" by auto
hence "labels (c⇣1;;c⇣2) l (c';;c⇣2)" by(fastforce intro:Labels_Seq1)
thus ?thesis by auto
next
case False
hence "#:c⇣1 ≤ l" by simp
then obtain l' where "l = l' + #:c⇣1" and "l' = l - #:c⇣1" by simp
from `l = l' + #:c⇣1` `l < #:c⇣1;;c⇣2` have "l' < #:c⇣2" by simp
from IH2[OF this] obtain c' where "labels c⇣2 l' c'" by auto
with `l = l' + #:c⇣1` have "labels (c⇣1;;c⇣2) l c'" by(fastforce intro:Labels_Seq2)
thus ?thesis by auto
qed
next
case (Cond b c⇣1 c⇣2)
note IH1 = `!!l. l < #:c⇣1 ==> ∃c'. labels c⇣1 l c'`
note IH2 = `!!l. l < #:c⇣2 ==> ∃c'. labels c⇣2 l c'`
show ?case
proof(cases "l = 0")
case True
thus ?thesis by(fastforce intro:Labels_Base)
next
case False
hence "0 < l" by simp
then obtain l' where "l = l' + 1" and "l' = l - 1" by simp
thus ?thesis
proof(cases "l' < #:c⇣1")
case True
from IH1[OF this] obtain c' where "labels c⇣1 l' c'" by auto
with `l = l' + 1` have "labels (if (b) c⇣1 else c⇣2) l c'"
by(fastforce dest:Labels_CondTrue)
thus ?thesis by auto
next
case False
hence "#:c⇣1 ≤ l'" by simp
then obtain l'' where "l' = l'' + #:c⇣1" and "l'' = l' - #:c⇣1" by simp
from `l' = l'' + #:c⇣1` `l = l' + 1` `l < #:if (b) c⇣1 else c⇣2`
have "l'' < #:c⇣2" by simp
from IH2[OF this] obtain c' where "labels c⇣2 l'' c'" by auto
with `l' = l'' + #:c⇣1` `l = l' + 1` have "labels (if (b) c⇣1 else c⇣2) l c'"
by(fastforce dest:Labels_CondFalse)
thus ?thesis by auto
qed
qed
next
case (While b c')
note IH = `!!l. l < #:c' ==> ∃c''. labels c' l c''`
show ?case
proof(cases "l < 1")
case True
hence "l = 0" by simp
thus ?thesis by(fastforce intro:Labels_Base)
next
case False
show ?thesis
proof(cases "l < 2")
case True
with `¬ l < 1` have "l = 1" by simp
thus ?thesis by(fastforce intro:Labels_WhileExit)
next
case False
with `¬ l < 1` have "2 ≤ l" by simp
then obtain l' where "l = l' + 2" and "l' = l - 2"
by(simp del:add_2_eq_Suc')
from `l = l' + 2` `l < #:while (b) c'` have "l' < #:c'" by simp
from IH[OF this] obtain c'' where "labels c' l' c''" by auto
with `l = l' + 2` have "labels (while (b) c') l (c'';;while (b) c')"
by(fastforce dest:Labels_WhileBody)
thus ?thesis by auto
qed
qed
qed
lemma labels_det:
"labels c l c'==> (!!c''. labels c l c''==> c' = c'')"
proof(induct rule: labels.induct)
case (Labels_Base c c'')
from `labels c 0 c''` obtain l where "labels c l c''" and "l = 0" by auto
thus ?case by(induct rule: labels.induct,auto)
next
case (Labels_Seq1 c⇣1 l c c⇣2)
note IH = `!!c''. labels c⇣1 l c'' ==> c = c''`
from `labels c⇣1 l c` have "l < #:c⇣1" by(fastforce intro:label_less_num_inner_nodes)
with `labels (c⇣1;;c⇣2) l c''` obtain cx where "c'' = cx;;c⇣2 ∧ labels c⇣1 l cx"
by(fastforce elim:labels.cases intro:Labels_Base)
hence [simp]:"c'' = cx;;c⇣2" and "labels c⇣1 l cx" by simp_all
from IH[OF `labels c⇣1 l cx`] show ?case by simp
next
case (Labels_Seq2 c⇣2 l c c⇣1)
note IH = `!!c''. labels c⇣2 l c'' ==> c = c''`
from `labels (c⇣1;;c⇣2) (l + #:c⇣1) c''` `labels c⇣2 l c` have "labels c⇣2 l c''"
by(auto elim:labels.cases dest:label_less_num_inner_nodes)
from IH[OF this] show ?case .
next
case (Labels_CondTrue c⇣1 l c b c⇣2)
note IH = `!!c''. labels c⇣1 l c'' ==> c = c''`
from `labels (if (b) c⇣1 else c⇣2) (l + 1) c''` `labels c⇣1 l c` have "labels c⇣1 l c''"
by(fastforce elim:labels.cases dest:label_less_num_inner_nodes)
from IH[OF this] show ?case .
next
case (Labels_CondFalse c⇣2 l c b c⇣1)
note IH = `!!c''. labels c⇣2 l c'' ==> c = c''`
from `labels (if (b) c⇣1 else c⇣2) (l + #:c⇣1 + 1) c''` `labels c⇣2 l c`
have "labels c⇣2 l c''"
by(fastforce elim:labels.cases dest:label_less_num_inner_nodes)
from IH[OF this] show ?case .
next
case (Labels_WhileBody c' l c b)
note IH = `!!c''. labels c' l c'' ==> c = c''`
from `labels (while (b) c') (l + 2) c''` `labels c' l c`
obtain cx where "c'' = cx;;while (b) c' ∧ labels c' l cx"
by -(erule labels.cases,auto)
hence [simp]:"c'' = cx;;while (b) c'" and "labels c' l cx" by simp_all
from IH[OF `labels c' l cx`] show ?case by simp
qed (fastforce elim:labels.cases)+
end