(* Time-stamp: The Grail Hume Processor, formalised as Isabelle theory file. This version is used in D17 as program logic Variant: - quantifying over function names, not arbitrary expressions, in CallVar - collecting pre-conds for CallVar in preUnderApp and preExactApp - using an undefined tickExp function (see ResAlg), param over syntax and ResConst Major change: . redefined PConInd and CostrInd, so that aux lemmas env_env_notin and ConstrInd_h_same can be proven (see VdmDerived.thy) *) header {* GRUMPY *} (*<*) theory GRUMPY = Basics + Grail + ResAlg: (*>*) text {* GRUMPY is a VM at a higher level than HAM, more akin to the JVM-subset used in Grail without the method/o-o stuff. The point of this VM is to have a more convenient basis for doing reasoning, while still being able to prove exact resource bounds. The semantics for Hume could be phrased directly in terms of GRUMPY, then showing equivalence btw HAM and GRUMPY or as translation function as used in Trans.thy (not finished, yet). *} subsection {* Function parameters, arguments and frames *} text {* Formal parameters of functions and actual arguments of functions are bound via these 2 relations *} types ParamType = "VarName list" types ArgType = "VarName list" text {* In the paper I just use function update over vectors; check if we can use this in the Isabelle theory, too. *} consts FrameInd :: "(ParamType \ ArgType \ Env \ Env) set" inductive FrameInd intros FrameInd_NIL: "([],[],E,emptyEnv):FrameInd" FrameInd_CONS: "\ (ps,as,E,E'):FrameInd; E''=fun_upd E' x (E y) \ \ (x # ps, y # as, E,E''):FrameInd" consts FrameIndHO :: "(ParamType \ (Ref list) \ Env \ Env) set" inductive FrameIndHO intros FrameIndHO_NIL: "([],[],E,emptyEnv):FrameIndHO" FrameIndHO_CONS: "\ (ps,rs,E,E'):FrameIndHO; E''=fun_upd E' x (R r) \ \ (x # ps, r # rs, E,E''):FrameIndHO" syntax bindArgs_ :: "[ParamType, ArgType, Env, Env] \ bool" ("_ <=| _ . _ = _ ") translations "ps <=| as . E = E'" == "(ps,as,E,E') : FrameInd" consts PConInd :: "(VarName list \ Ref list \ Env \ Env) set" inductive PConInd intros PConInd_NIL: "([], [], E, E):PConInd" PConInd_CONS: "\ (xs,rs,E,E'):PConInd; E''=fun_upd E' x (R r) \ \ (x # xs, r # rs, E, E''):PConInd" consts ConstrInd :: "(VarName list \ Ref list \ Env \ Heap \ Heap) set" inductive ConstrInd intros ConstrInd_NIL: "([], [], E, h, h):ConstrInd" ConstrInd_CONS: "\ (xs,rs,E,h,h):ConstrInd; (R r) = E x \ \ (x # xs, r # rs, E, h, h):ConstrInd" text {* A table matching function name to list of parameter types and the body *} types FunTable = "FunName \ (ParamType \ Exp)" consts funTab :: FunTable subsection {* GRUMPY Semantics *} text {* Big-step operational semantics, for patterns and for expressions. In a pattern, we have the location against which we are matching as additional argumetn. *} consts semmatch :: "(Env \ Heap \ Pattern \ Locn \ Env \ HoVal) set" -- {* operational semantics *} syntax semmatch_ :: "[Env, Heap, Pattern, Locn, Env, HoVal] \ bool" ("MATCH _, _ \ _ @ _ \ '(_, _ ')") translations "MATCH E, h \ e @ l \ (E',v)" == "(E,h,e,l,E',v) : semmatch" consts semexpn :: "(Env \ Heap \ Exp \ nat \ HoVal \ Heap \ Rescomp) set" -- {* operational semantics *} syntax semexpn_ :: "[Env, Heap, Exp, nat, HoVal, Heap, Rescomp] \ bool" (" _, _ \ _ \_ '(_ , _, _ ')") translations "E, h \ e \n (v,h',p)" == "(E,h,e,n,v,h',p) : semexpn" (* NB: Underapp only works on CallVar; need to assign the funid to a var first, if it's underapplied *) inductive semmatch intros (* Patterns *) semPVal: "\ fmap_lookup h l = Some w \ \ MATCH E, h \ (PVal w) @ l \ (E,R (Ref l))" semPValFail: "\ \ (fmap_lookup h l = Some w) \ \ MATCH E, h \ (PVal w) @ l \ (E,\)" semPVar: "MATCH E, h \ (PVar x) @ l \ (E(x:=(R (Ref l))),R (Ref l))" semPWild: "MATCH E, h \ (PWild i) @ l \ (E, R (Ref l))" semPCon: "\ \ rs . fmap_lookup h l = Some (C c rs) \ (vs, rs, E, E'):PConInd \ \ MATCH E, h \ (PCon c vs) @ l \ (E',R (Ref l))" semPConFail: "\ \ ( \ rs . fmap_lookup h l = Some (C c rs) ) \ \ MATCH E, h \ (PCon c vs) @ l \ (E,\)" inductive semexpn intros (* Expessions *) semValue: "E, h \ (ValueExp v) \1 (v, h, tickExp (ValueExp v) RCUndef)" semVar: "\ E x = v \ \ E, h \ (VarExp x) \1 (v,h,tickExp (VarExp x) RCUndef)" semConstr: "\ l = freshloc (fmap_dom h) ; (xs,rs,E,h,h'):ConstrInd; h'' = fmap_upd h' l (C c rs) \ \ E, h \ (ConstrExp c xs) \1 (R (Ref l),h'',tickExp (ConstrExp c xs) RCUndef)" semPrimBin: "\ i = E x ; j = E y ; v = f i j \ \ E, h \ (PrimBin f x y) \1 (v,h,tickExp (PrimBin f x y) RCUndef)" semRPrimBin: "\ R (Ref lx) = E x ; R (Ref ly) = E y ; fmap_lookup h lx = Some vx ; fmap_lookup h ly = Some vy ; v = f vx vy \ \ E, h \ (RPrimBin f x y) \1 (v,h,tickExp (RPrimBin f x y) RCUndef)" semIfTrue: "\ E x = B True ; E, h \ e1 \n (v, h',p')\ \ E, h \ (IfExp x e1 e2) \(Suc n) (v, h', p'\tickExp (IfExp x e1 e2) RCUndef)" semIfFalse: "\ E x = B False ; E, h \ e2 \n (v, h',p')\ \ E, h \ (IfExp x e1 e2) \(Suc n) (v, h', p'\tickExp (IfExp x e1 e2) RCUndef)" semLet: "\ E, h \ e1 \m (v,h',p'); E(x:=v), h' \ e2 \n (v'', h'',p'') \ \ E, h \ (LetExp x e1 e2) \(m+n) (v'', h'', p'\p''\tickExp (LetExp x e1 e2) RCUndef)" semCallFun: "\ ((fst (funTab f)), xs, E, E'):FrameInd ; E', h \ (snd (funTab f)) \n (v, h',p) \ \ E, h \ (CallFunExp f xs) \(Suc n) (v, h', p\tickExp (CallFunExp f xs) RCUndef)" semCallVarExact: "\ R (Ref (l::nat)) = E x ; Some (X f i rs) = fmap_lookup h l ; (as,e)=(funTab f); i+(length xs)=(length (fst (funTab f))); (fst (funTab f), rs@(map (\ x . theRef (E x)) xs), E, E'):FrameIndHO ; E', h \ snd (funTab f) \n (v, h',p) \ \ E, h \ (CallVarExp x xs) \(Suc n) (v, h', p\tickExp (CallVarExp x xs) RCUndef)" semCallVarUnderApp: "\ R (Ref (l::nat)) = E x ; Some (X f i rs) = fmap_lookup h l ; (as,e)=(funTab f); i+(length xs)<(length as); l' = freshloc (fmap_dom h); h' = fmap_upd h l' (X f (i+(length xs)) (rs@map (\ x . theRef (E x)) xs)) \ \ E, h \ (CallVarExp x xs) \1 (R (Ref l'), h', tickExp (CallVarExp x xs) RCUndef)" semCaseOneTrue: "\ R (Ref (l::nat)) = E x ; MATCH E, h \ b @ l \ (Ej, vj); vj\\ ; Ej, h \ e \n (v, h',p') \ \ E, h \ (CaseOneExp x b e e') \(n+1) (v, h', p'\tickExp (CaseOneExp x b e e') RCUndef)" semCaseOneFalse: "\ R (Ref (l::nat)) = E x ; MATCH E, h \ b @ l \ (Ej, vj); vj=\ ; E, h \ e' \n (v, h',p') \ \ E, h \ (CaseOneExp x b e e') \(n+1) (v, h', p'\tickExp (CaseOneExp x b e e') RCUndef)" (* tickExp (CaseOneExp x b e e') E h p')" *) text {* Assumes 0-cost pattern matching; needs to be refined! *} subsection {* Basic properties *} text {*We also provide elimination lemmas for the inductively defined relation*} inductive_cases semmatch_cases: "MATCH E, h \ PVal i @ l \ (E,v)" "MATCH E, h \ PVar x @ l \ (E,v)" "MATCH E, h \ PWild i @ l \ (E,v)" "MATCH E, h \ PCon c vs @ l \ (E,v)" inductive_cases semexpn_cases: "E, h \ (ValueExp i) \n (v,h',p')" "E, h \ (VarExp x) \n (v,h',p')" "E, h \ (PrimBin f x y) \n (v,h',p')" "E, h \ (RPrimBin f x y) \n (v,h',p')" "E, h \ (ConstrExp c x) \n (v,h',p')" "E, h \ (IfExp x e2 e3) \n (v,h',p')" "E, h \ (LetExp x e1 e2) \n (v,h',p')" "E, h \ (CallFunExp f xs) \n (v,h',p')" "E, h \ (CallVarExp x xs) \n (v,h',p')" "E, h \ (CaseOneExp x b e e') \n (v,h',p')" lemma no_zero_height_derivsAux: "\ E h h' v p'. E, h \ e \0 (v,h',p') \ False" apply (clarify) apply (induct e) apply (simp_all)? apply (elim semexpn_cases, insert Zero_not_Suc, fastsimp)+ apply (insert Suc_not_Zero, fastsimp) apply (elim semexpn_cases, insert Zero_not_Suc, fastsimp)+ apply (insert Zero_not_Suc, fastsimp) apply (elim semexpn_cases) apply simp apply (erule semexpn.cases) apply simp_all done text {* Operational semantics without height index *} constdefs semexp :: "[Env, Heap, Exp, HoVal, Heap, Rescomp] \ bool" (" _, _ \ _ \ '(_ , _, _ ')") "E, h \ e \ (v,h',p) \ (\ n. (E, h \ e \n (v,h',p)))" text {* The main rules, that show new language features, are semCallV.. and semCase. In semCallV we distinguish between exact-, under and over-app, and we need a closure as value for the function variable. Either a new closure with the additional value is built (underapp) or the body is executed (exactapp). This doesn't reflect the closure-chains as used in the HAM. But maybe these can be accounted for just in the cost. In semCase we go over all branches, require that branches 1..j-1 do not match, and execute the body of the j-th (ie. matching) branch. Costs are more complicated here, but the Hume Op Sem D spells this out in mpre detail anyway. *} subsection {* Program Logic *} text {* Again a VDM style program logic, using a shallow embedding into Isabelle/HOL. Partial correctness. We could later adapt the termination logic and bring it into this project, since there is no stand-alone publication on this material so far. *} types Assertion = "Env \ Heap \ Heap \ HoVal \ Rescomp \ bool" types Context = "(Exp \ Assertion) set" (* types PattContext = "(Pattern \ VarName \ Assertion) set" *) consts vdm :: "(Context \ Exp \ Assertion) set" -- {* VDM-style program logic *} syntax vdm_ :: "[Context, Exp, Assertion] \ bool" (" _ \ _ : _") translations "G \ e : P" == "(G,e,P) : vdm" consts vdmpat :: "(Context \ Pattern \ VarName \ Assertion) set" syntax vdmpat_ :: "[Context, Pattern, VarName, Assertion] \ bool" ("MATCH _ \ _ @ _ : _") translations "MATCH G \ p @ x : A" == "(G,p,x,A) : vdmpat" text {* Note: vdmpat is UNUSED; the vdm rules sempat directly *} inductive vdmpat intros (* Patterns *) vdmPVal: "MATCH G \ (PVal v) @ x : \ E h hh v p. (\ l. R (Ref l) = E x \ fmap_lookup h l = Some v)" vdmPVar: "MATCH G \ (PVar y) @ x : \ E h hh v p. E x = E y" vdmPWild: "MATCH G \ (PWild i) @ x : \ E h hh v p. h = hh" vdmPCon: "MATCH G \ (PCon c ys) @ x : \ E h hh v p. (\ l rs. R (Ref l) = E x \ fmap_lookup h l = Some (C c rs) \ (\ (i::nat). i<(length rs) \ E (nth ys i) = R (nth rs i)))" text {* aux defs used in vdmCallVar *} (* this is \ in the paper *) constdefs preUnderApp :: "Env \ Heap \ Heap \ HoVal \ VarName \ (VarName list) \ bool" "preUnderApp \ \ E h hh v x xs. (\ l l' f i rs. ((E x)=(R (Ref l)) \ (fmap_lookup h l)=(Some (X f i rs)) \ i+(length xs)<(length (fst (funTab f))) \ l'=freshloc (fmap_dom h) \ v=R (Ref l') \ hh=fmap_upd h l' (X f (i+(length xs)) (rs@map (\ x . theRef (E x)) xs))))" (* this is \ in the paper *) constdefs preExactApp :: "Env \ Heap \ Heap \ HoVal \ FunName \ (Ref list) \ VarName \ (VarName list) \ bool" "preExactApp \ \ E' h hh v f rs x xs. (\ l i . ((E' x)=(R (Ref l)) \ (fmap_lookup h l)=(Some (X f i rs)) \ (i+(length xs)=length (fst (funTab f)))))" inductive vdm intros (* Expessions *) vdmValue: "G \ ValueExp w : \ E h hh v p. (v=w \ h=hh \ p=tickExp (ValueExp w) RCUndef)" vdmVar: "G \ VarExp x : \ E h hh v p. (v=E x \ h=hh \ p=tickExp (VarExp x) RCUndef)" vdmConstr: "G \ ConstrExp c xs : \ E h hh v p. (\ l rs h'. l = freshloc (fmap_dom h) \ (xs,rs,E,h,h'):ConstrInd \ v=R (Ref l) \ hh = fmap_upd h' l (C c rs) \ p=tickExp (ConstrExp c xs) RCUndef)" vdmPrimBin: "G \ PrimBin f x y : \ E h hh v p. (\ i j. E x = i \ E y = j \ v = f i j \ h=hh \ p=tickExp (PrimBin f x y) RCUndef)" vdmRPrimBin: "G \ RPrimBin f x y : \ E h hh v p. (\ lx ly vx vy. R (Ref lx) = E x \ R (Ref ly) = E y \ fmap_lookup h lx = Some vx \ fmap_lookup h ly = Some vy \ v = f vx vy \ h=hh \ p=tickExp (RPrimBin f x y) RCUndef)" vdmIf: "\ G \ e1 : P1 ; G \ e2 : P2 \ \ G \ (IfExp x e1 e2) : \ E h hh v p. (((E x=B True \ (\ p'. P1 E h hh v p' \ p=(p'\tickExp (IfExp x e1 e2) RCUndef))) \ (E x=B False \ (\ p'. P2 E h hh v p' \ p=(p'\tickExp (IfExp x e1 e2) RCUndef)))))" vdmLet: "\ G \ e1 : P1 ; G \ e2 : P2 \ \ G \ LetExp x e1 e2 : \ E h hh v p. \ v' h' p' p''. ((P1 E h h' v' p') \ (P2 (fun_upd E x v') h' hh v p'') \ (p=(p'\p''\tickExp (LetExp x e1 e2) RCUndef)))" vdmCallFun: "\ insert (CallFunExp f xs , P) G \ snd (funTab f) : \ E h hh v p. (\ E'. (fst (funTab f),xs,E',E):FrameInd \ (P E' h hh v (p\tickExp (CallFunExp f xs) RCUndef))) \ \ G \ CallFunExp f xs : P" vdmCallVar: "\ (\ E h hh v . preUnderApp E h hh v x xs \ P E h hh v (tickExp (CallVarExp x xs) RCUndef)); (\ f. insert (CallVarExp x xs, P) G \ snd (funTab f) : (\ E h hh v p. (\ E'. (\ rs. preExactApp E' h hh v f rs x xs \ (fst (funTab f), rs@(map (\ x . theRef (E' x)) xs), E', E):FrameIndHO) \ P E' h hh v (p\tickExp (CallVarExp x xs) RCUndef)) )) \ \ G \ CallVarExp x xs : P" vdmCaseOne: "\ G \ e : P ; G \ e' : P' \ \ G \ CaseOneExp x b e e' : (\ E h hh v p . \ (l::Locn). R (Ref l) = E x \ (\ E' v'. MATCH E, h \ b @ l \ (E',v') \ ((v'=\ \ (\ p'. P' E h hh v p' \ p=(p'\tickExp (CaseOneExp x b e e') RCUndef))) \ (v'\\ \ (\ p'. P E' h hh v p' \ p=(p'\tickExp (CaseOneExp x b e e') RCUndef))))))" vdmAx: "\ (e,P):G \ \ G \ e :P" vdmConseq: "\ \ E h h' v p. P E h h' v p \ Q E h h' v p ; G \ e : P \ \ G \ e : Q" (* lemma bonzo_13: "\