diff --git a/thys/Dominance_CHK/Listn.thy b/thys/Dominance_CHK/Listn.thy deleted file mode 100755 --- a/thys/Dominance_CHK/Listn.thy +++ /dev/null @@ -1,145 +0,0 @@ -(* Title: HOL/MicroJava/BV/Listn.thy - Author: Tobias Nipkow - Copyright 2000 TUM - -Lists of a fixed length. -*) - -text \Most definitions and lemmas in this theory are extracted from Jinja \cite{Listn-AFP}. - Two lemmas "acc\_le\_listI" and "Cons\_less\_Conss" in the original Listn.thy are proved in the 'Dom\_kildall\_Property.thy'.\ - -section \Fixed Length Lists\ - -theory Listn -imports Semilat -begin - -definition list :: "nat \ 'a set \ 'a list set" -where - "list n A = {xs. size xs = n \ set xs \ A}" - -definition le :: "'a ord \ ('a list)ord" -where - "le r = list_all2 (\x y. x \\<^sub>r y)" - -abbreviation - lesublist :: "'a list \ 'a ord \ 'a list \ bool" ("(_ /[\\<^bsub>_\<^esub>] _)" [50, 0, 51] 50) where - "x [\\<^bsub>r\<^esub>] y == x <=_(Listn.le r) y" - -abbreviation - lesssublist :: "'a list \ 'a ord \ 'a list \ bool" ("(_ /[\\<^bsub>_\<^esub>] _)" [50, 0, 51] 50) where - "x [\\<^bsub>r\<^esub>] y == x <_(Listn.le r) y" - -(*<*) -notation (ASCII) - lesublist ("(_ /[<=_] _)" [50, 0, 51] 50) and - lesssublist ("(_ /[<_] _)" [50, 0, 51] 50) - -abbreviation (input) - lesublist2 :: "'a list \ 'a ord \ 'a list \ bool" ("(_ /[\\<^sub>_] _)" [50, 0, 51] 50) where - "x [\\<^sub>r] y == x [\\<^bsub>r\<^esub>] y" - -abbreviation (input) - lesssublist2 :: "'a list \ 'a ord \ 'a list \ bool" ("(_ /[\\<^sub>_] _)" [50, 0, 51] 50) where - "x [\\<^sub>r] y == x [\\<^bsub>r\<^esub>] y" -(*>*) - -abbreviation - plussublist :: "'a list \ ('a \ 'b \ 'c) \ 'b list \ 'c list" - ("(_ /[\\<^bsub>_\<^esub>] _)" [65, 0, 66] 65) where - "x [\\<^bsub>f\<^esub>] y == x \\<^bsub>map2 f\<^esub> y" - -(*<*) -notation (ASCII) - plussublist ("(_ /[+_] _)" [65, 0, 66] 65) - -abbreviation (input) - plussublist2 :: "'a list \ ('a \ 'b \ 'c) \ 'b list \ 'c list" - ("(_ /[\\<^sub>_] _)" [65, 0, 66] 65) where - "x [\\<^sub>f] y == x [\\<^bsub>f\<^esub>] y" -(*>*) - -definition sl :: "nat \ 'a sl \ 'a list sl" -where - "sl n = (\(A,r,f). (list n A, le r, map2 f))" - -lemmas [simp] = set_update_subsetI - -lemma unfold_lesub_list: "xs [\\<^bsub>r\<^esub>] ys = Listn.le r xs ys" -(*<*) by (simp add: lesub_def) (*>*) - -lemma le_listD: "\ xs [\\<^bsub>r\<^esub>] ys; p < size xs \ \ xs!p \\<^sub>r ys!p" -(*<*) -by (simp add: Listn.le_def lesub_def list_all2_nthD) -(*>*) - -lemma lesub_list_impl_same_size [simp]: "xs [\\<^bsub>r\<^esub>] ys \ size ys = size xs" -(*<*) -apply (unfold Listn.le_def lesub_def) -apply (simp add: list_all2_lengthD) -done -(*>*) - -lemma lesssub_lengthD: "xs [\\<^sub>r] ys \ size ys = size xs" -(*<*) -apply (unfold lesssub_def) -apply auto \ \use lemma: lesub_list_impl_same_size \ -done - -lemma listI: "\ size xs = n; set xs \ A \ \ xs \ list n A" -(*<*) -apply (unfold list_def) -apply blast -done -(*>*) - -(* FIXME: remove simp *) -lemma listE_length [simp]: "xs \ list n A \ size xs = n" -(*<*) -apply (unfold list_def) -apply blast -done -(*>*) - - -lemma listE_set [simp]: "xs \ list n A \ set xs \ A" -(*<*) -apply (unfold list_def) -apply blast -done -(*>*) - - -lemma in_list_Suc_iff: - "(xs \ list (Suc n) A) = (\y\A. \ys \ list n A. xs = y#ys)" -(*<*) -apply (unfold list_def) -apply (case_tac "xs") -apply auto -done - -lemma nth_in [rule_format, simp]: - "\i n. size xs = n \ set xs \ A \ i < n \ (xs!i) \ A" -(*<*) -apply (induct "xs") - apply simp -apply (simp add: nth_Cons split: nat.split) -done - - -lemma listt_update_in_list [simp, intro!]: - "\ xs \ list n A; x\A \ \ xs[i := x] \ list n A" -(*<*) -apply (unfold list_def) -apply simp -done -(*>*) - - -lemma Cons_le_Cons [iff]: "x#xs [\\<^bsub>r\<^esub>] y#ys = (x \\<^sub>r y \ xs [\\<^bsub>r\<^esub>] ys)" -(*<*) - by (simp add: lesub_def Listn.le_def) - - - -end diff --git a/thys/Dominance_CHK/Semilat.thy b/thys/Dominance_CHK/Semilat.thy deleted file mode 100755 --- a/thys/Dominance_CHK/Semilat.thy +++ /dev/null @@ -1,164 +0,0 @@ - -(* Title: HOL/MicroJava/BV/Semilat.thy - Author: Tobias Nipkow - Copyright 2000 TUM - -Semilattices. -*) - -section \Semilattices\ - -theory Semilat -imports Main -begin - -text \Most definitions are lemmas in this theory are extracted from Jinja \cite{Semilat-AFP}, - 'order r' is redefined to 'order r A', so related lemmas are also modified. \ - -type_synonym 'a ord = "'a \ 'a \ bool" -type_synonym 'a binop = "'a \ 'a \ 'a" -type_synonym 'a sl = "'a set \ 'a ord \ 'a binop" - -definition lesub :: "'a \ 'a ord \ 'a \ bool" - where "lesub x r y \ r x y" - -definition lesssub :: "'a \ 'a ord \ 'a \ bool" - where "lesssub x r y \ lesub x r y \ x \ y" - -definition plussub :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" - where "plussub x f y = f x y" - -notation (ASCII) - "lesub" ("(_ /<='__ _)" [50, 1000, 51] 50) and - "lesssub" ("(_ /<'__ _)" [50, 1000, 51] 50) and - "plussub" ("(_ /+'__ _)" [65, 1000, 66] 65) - -notation - "lesub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and - "lesssub" ("(_ /\\<^bsub>_\<^esub> _)" [50, 0, 51] 50) and - "plussub" ("(_ /\\<^bsub>_\<^esub> _)" [65, 0, 66] 65) - - -(* allow \ instead of \..\ *) -abbreviation (input) - lesub1 :: "'a \ 'a ord \ 'a \ bool" ("(_ /\\<^sub>_ _)" [50, 1000, 51] 50) - where "x \\<^sub>r y == x \\<^bsub>r\<^esub> y" - -abbreviation (input) - lesssub1 :: "'a \ 'a ord \ 'a \ bool" ("(_ /\\<^sub>_ _)" [50, 1000, 51] 50) - where "x \\<^sub>r y == x \\<^bsub>r\<^esub> y" - -abbreviation (input) - plussub1 :: "'a \ ('a \ 'b \ 'c) \ 'b \ 'c" ("(_ /\\<^sub>_ _)" [65, 1000, 66] 65) - where "x \\<^sub>f y == x \\<^bsub>f\<^esub> y" - -definition ord :: "('a \ 'a) set \ 'a ord" -where - "ord r = (\x y. (x,y) \ r)" - -definition order :: "'a ord \ 'a set \ bool" -where - "order r A \ (\x\A. x \\<^sub>r x) \ (\x\A. \y\A. x \\<^sub>r y \ y \\<^sub>r x \ x=y) \ (\x\A. \y\A. \z\A. x \\<^sub>r y \ y \\<^sub>r z \ x \\<^sub>r z)" - -definition top :: "'a ord \ 'a \ 'a set \ bool" -where - "top r T A \ (\x\A. x \\<^sub>r T)" - -definition acc :: "'a ord \ bool" -where - "acc r \ wf {(y,x). x \\<^sub>r y }" - -definition closed :: "'a set \ 'a binop \ bool" -where - "closed A f \ (\x\A. \y\A. x \\<^sub>f y \ A)" - -definition semilat :: "'a sl \ bool" -where - "semilat = (\(A,r,f). order r A \ closed A f \ - (\x\A. \y\A. x \\<^sub>r x \\<^sub>f y) \ - (\x\A. \y\A. y \\<^sub>r x \\<^sub>f y) \ - (\x\A. \y\A. \z\A. x \\<^sub>r z \ y \\<^sub>r z \ x \\<^sub>f y \\<^sub>r z))" - -definition is_ub :: "('a \ 'a) set \ 'a \ 'a \ 'a \ bool" -where - "is_ub r x y u \ (x,u)\r \ (y,u)\r" - -definition is_lub :: "('a \ 'a) set \ 'a \ 'a \ 'a \ bool" -where - "is_lub r x y u \ is_ub r x y u \ (\z. is_ub r x y z \ (u,z)\r)" - -definition some_lub :: "('a \ 'a) set \ 'a \ 'a \ 'a" -where - "some_lub r x y = (SOME z. is_lub r x y z)" - -lemma closedD: "\ closed A f; x\A; y\A \ \ x \\<^sub>f y \ A" - (*<*) by (unfold closed_def) blast (*>*) - - -lemma order_trans: "\ order r A; x \\<^sub>r y; y \\<^sub>r z \ \ x \ A \ y \ A \ z \ A \ x \\<^sub>r z" - (*<*) by (unfold order_def) blast (*>*) - -lemma order_antisym: "\ order r A; x \\<^sub>r y; y \\<^sub>r x \ \ x \ A \ y \ A \ x = y" - (*<*) by (unfold order_def) ( simp (no_asm_simp)) (*>*) - -lemma order_refl [simp, intro]: "order r A \ x \ A \ x \\<^sub>r x" - (*<*) by (unfold order_def) (simp (no_asm_simp)) (*>*) - -locale Semilat = - fixes A :: "'a set" - fixes r :: "'a ord" - fixes f :: "'a binop" - assumes semilat: "semilat (A, r, f)" - -lemma semilat_Def: -"semilat(A,r,f) \ order r A \ closed A f \ - (\x\A. \y\A. x \\<^sub>r x \\<^sub>f y) \ - (\x\A. \y\A. y \\<^sub>r x \\<^sub>f y) \ - (\x\A. \y\A. \z\A. x \\<^sub>r z \ y \\<^sub>r z \ x \\<^sub>f y \\<^sub>r z)" - (*<*) by (unfold semilat_def) clarsimp (*>*) - -lemma (in Semilat) orderI [simp, intro]: "order r A" - (*<*) using semilat by (simp add: semilat_Def) (*>*) - -lemma (in Semilat) refl_r [intro, simp]: "x \ A \ x \\<^sub>r x" by auto - -lemma (in Semilat) antisym_r [intro?]: "\ x \\<^sub>r y; y \\<^sub>r x \ \ x\A \y\A \x = y" - (*<*) by (rule order_antisym) auto (*>*) - -lemma (in Semilat) lub [simp, intro?]: - "\ x \\<^sub>r z; y \\<^sub>r z; x \ A; y \ A; z \ A \ \ x \\<^sub>f y \\<^sub>r z" - (*<*) by (insert semilat) (unfold semilat_Def, simp) (*>*) - -lemma (in Semilat) ub2 [simp, intro?]: "\ x \ A; y \ A \ \ y \\<^sub>r x \\<^sub>f y" - (*<*) by (insert semilat) (unfold semilat_Def, simp) (*>*) - -lemma (in Semilat) closedI [simp, intro]: "closed A f" - (*<*) using semilat by (simp add: semilat_Def) (*>*) - -lemma (in Semilat) closed_f [simp, intro]: "\x \ A; y \ A\ \ x \\<^sub>f y \ A" - (*<*) by (simp add: closedD [OF closedI]) (*>*) - -lemma (in Semilat) ub1 [simp, intro?]: "\ x \ A; y \ A \ \ x \\<^sub>r x \\<^sub>f y" - (*<*) by (insert semilat) (unfold semilat_Def, simp) (*>*) - -lemma (in Semilat) le_iff_plus_unchanged: - assumes "x \ A" and "y \ A" - shows "x \\<^sub>r y \ x \\<^sub>f y = y" (is "?P \ ?Q") -(*<*) -proof - assume ?P - with assms show ?Q by (blast intro: antisym_r lub ub2) -next - assume ?Q - then have "y = x \\<^bsub>f\<^esub> y" by simp - moreover from assms have "x \\<^bsub>r\<^esub> x \\<^bsub>f\<^esub> y" by simp - ultimately show ?P by simp -qed - -lemma (in Semilat) plus_le_conv : - "\ x \ A; y \ A; z \ A \ \ (x \\<^sub>f y \\<^sub>r z) = (x \\<^sub>r z \ y \\<^sub>r z)" - (*<*) by (blast intro: ub1 ub2 lub order_trans) (*>*) - - -end - diff --git a/thys/Jinja/DFA/Kildall.thy b/thys/Jinja/DFA/Kildall.thy deleted file mode 100644 --- a/thys/Jinja/DFA/Kildall.thy +++ /dev/null @@ -1,513 +0,0 @@ -(* Title: HOL/MicroJava/BV/Kildall.thy - Author: Tobias Nipkow, Gerwin Klein - Copyright 2000 TUM - -Kildall's algorithm. -*) - -section \Kildall's Algorithm \label{sec:Kildall}\ - -theory Kildall -imports SemilatAlg -begin - - - -primrec propa :: "'s binop \ (nat \ 's) list \ 's list \ nat set \ 's list * nat set" -where - "propa f [] \s w = (\s,w)" -| "propa f (q'#qs) \s w = (let (q,\) = q'; - u = \ \\<^bsub>f\<^esub> \s!q; - w' = (if u = \s!q then w else insert q w) - in propa f qs (\s[q := u]) w')" - -definition iter :: "'s binop \ 's step_type \ - 's list \ nat set \ 's list \ nat set" -where - "iter f step \s w = - while (\(\s,w). w \ {}) - (\(\s,w). let p = SOME p. p \ w - in propa f (step p (\s!p)) \s (w-{p})) - (\s,w)" - -definition unstables :: "'s ord \ 's step_type \ 's list \ nat set" -where - "unstables r step \s = {p. p < size \s \ \stable r step \s p}" - -definition kildall :: "'s ord \ 's binop \ 's step_type \ 's list \ 's list" -where - "kildall r f step \s = fst(iter f step \s (unstables r step \s))" - -primrec merges :: "'s binop \ (nat \ 's) list \ 's list \ 's list" -where - "merges f [] \s = \s" -| "merges f (p'#ps) \s = (let (p,\) = p' in merges f ps (\s[p := \ \\<^bsub>f\<^esub> \s!p]))" - - -lemmas [simp] = Let_def Semilat.le_iff_plus_unchanged [OF Semilat.intro, symmetric] - - -lemma (in Semilat) nth_merges: - "\ss. \p < length ss; ss \ list n A; \(p,t)\set ps. p t\A \ \ - (merges f ps ss)!p = map snd [(p',t') \ ps. p'=p] \\<^bsub>f\<^esub> ss!p" - (is "\ss. \_; _; ?steptype ps\ \ ?P ss ps") -(*<*) -proof (induct ps) - show "\ss. ?P ss []" by simp - - fix ss p' ps' - assume ss: "ss \ list n A" - assume l: "p < length ss" - assume "?steptype (p'#ps')" - then obtain a b where - p': "p'=(a,b)" and ab: "aA" and ps': "?steptype ps'" - by (cases p') auto - assume "\ss. p< length ss \ ss \ list n A \ ?steptype ps' \ ?P ss ps'" - hence IH: "\ss. ss \ list n A \ p < length ss \ ?P ss ps'" using ps' by iprover - - from ss ab - have "ss[a := b \\<^bsub>f\<^esub> ss!a] \ list n A" by (simp add: closedD) - moreover - with l have "p < length (ss[a := b \\<^bsub>f\<^esub> ss!a])" by simp - ultimately - have "?P (ss[a := b \\<^bsub>f\<^esub> ss!a]) ps'" by (rule IH) - with p' l - show "?P ss (p'#ps')" by simp -qed -(*>*) - - -(** merges **) - -lemma length_merges [simp]: - "\ss. size(merges f ps ss) = size ss" -(*<*) by (induct ps, auto) (*>*) - -lemma (in Semilat) merges_preserves_type_lemma: -shows "\xs. xs \ list n A \ (\(p,x) \ set ps. p x\A) - \ merges f ps xs \ list n A" -(*<*) -apply (insert closedI) -apply (unfold closed_def) -apply (induct ps) - apply simp -apply clarsimp -done -(*>*) - -lemma (in Semilat) merges_preserves_type [simp]: - "\ xs \ list n A; \(p,x) \ set ps. p x\A \ - \ merges f ps xs \ list n A" -by (simp add: merges_preserves_type_lemma) - -lemma (in Semilat) merges_incr_lemma: - "\xs. xs \ list n A \ (\(p,x)\set ps. p x \ A) \ xs [\\<^bsub>r\<^esub>] merges f ps xs" -(*<*) -apply (induct ps) - apply simp -apply simp -apply clarify -apply (rule order_trans) - apply simp - apply (erule list_update_incr) - apply simp - apply simp -apply (blast intro!: listE_set intro: closedD listE_length [THEN nth_in]) -done -(*>*) - -lemma (in Semilat) merges_incr: - "\ xs \ list n A; \(p,x)\set ps. p x \ A \ - \ xs [\\<^bsub>r\<^esub>] merges f ps xs" - by (simp add: merges_incr_lemma) - - -lemma (in Semilat) merges_same_conv [rule_format]: - "(\xs. xs \ list n A \ (\(p,x)\set ps. p x\A) \ - (merges f ps xs = xs) = (\(p,x)\set ps. x \\<^bsub>r\<^esub> xs!p))" -(*<*) - apply (induct_tac ps) - apply simp - apply clarsimp - apply (rename_tac p x ps xs) - apply (rule iffI) - apply (rule context_conjI) - apply (subgoal_tac "xs[p := x \\<^bsub>f\<^esub> xs!p] [\\<^bsub>r\<^esub>] xs") - apply (force dest!: le_listD simp add: nth_list_update) - apply (erule subst, rule merges_incr) - apply (blast intro!: listE_set intro: closedD listE_length [THEN nth_in]) - apply clarify - apply (rule conjI) - apply simp - apply (blast dest: boundedD) - apply blast - apply clarify - apply (erule allE) - apply (erule impE) - apply assumption - apply (drule bspec) - apply assumption - apply (simp add: le_iff_plus_unchanged [THEN iffD1] list_update_same_conv [THEN iffD2]) - apply blast - apply clarify - apply (simp add: le_iff_plus_unchanged [THEN iffD1] list_update_same_conv [THEN iffD2]) - done -(*>*) - - -lemma (in Semilat) list_update_le_listI [rule_format]: - "set xs \ A \ set ys \ A \ xs [\\<^bsub>r\<^esub>] ys \ p < size xs \ - x \\<^bsub>r\<^esub> ys!p \ x\A \ xs[p := x \\<^bsub>f\<^esub> xs!p] [\\<^bsub>r\<^esub>] ys" -(*<*) - apply (insert semilat) - apply (simp only: Listn.le_def lesub_def semilat_def) - apply (simp add: list_all2_conv_all_nth nth_list_update) - done -(*>*) - -lemma (in Semilat) merges_pres_le_ub: - assumes "set ts \ A" "set ss \ A" - "\(p,t)\set ps. t \\<^bsub>r\<^esub> ts!p \ t \ A \ p < size ts" "ss [\\<^bsub>r\<^esub>] ts" - shows "merges f ps ss [\\<^bsub>r\<^esub>] ts" -(*<*) -proof - - { fix t ts ps - have - "\qs. \set ts \ A; \(p,t)\set ps. t \\<^bsub>r\<^esub> ts!p \ t \ A \ p< size ts \ \ - set qs \ set ps \ - (\ss. set ss \ A \ ss [\\<^bsub>r\<^esub>] ts \ merges f qs ss [\\<^bsub>r\<^esub>] ts)" - apply (induct_tac qs) - apply simp - apply (simp (no_asm_simp)) - apply clarify - apply simp - apply (erule allE, erule impE, erule_tac [2] mp) - apply (drule bspec, assumption) - apply (simp add: closedD) - apply (drule bspec, assumption) - apply (simp add: list_update_le_listI) - done - } note this [dest] - from assms show ?thesis by blast -qed -(*>*) - - -(** propa **) - -lemma decomp_propa: - "\ss w. (\(q,t)\set qs. q < size ss) \ - propa f qs ss w = - (merges f qs ss, {q. \t.(q,t)\set qs \ t \\<^bsub>f\<^esub> ss!q \ ss!q} \ w)" -(*<*) - apply (induct qs) - apply simp - apply (simp (no_asm)) - apply clarify - apply simp - apply (rule conjI) - apply blast - apply (simp add: nth_list_update) - apply blast - done -(*>*) - -(** iter **) - -lemma (in Semilat) stable_pres_lemma: -shows "\pres_type step n A; bounded step n; - ss \ list n A; p \ w; \q\w. q < n; - \q. q < n \ q \ w \ stable r step ss q; q < n; - \s'. (q,s') \ set (step p (ss!p)) \ s' \\<^bsub>f\<^esub> ss!q = ss!q; - q \ w \ q = p \ - \ stable r step (merges f (step p (ss!p)) ss) q" -(*<*) - apply (unfold stable_def) - apply (subgoal_tac "\s'. (q,s') \ set (step p (ss!p)) \ s' : A") - prefer 2 - apply clarify - apply (erule pres_typeD) - prefer 3 apply assumption - apply (rule listE_nth_in) - apply assumption - apply simp - apply simp - apply simp - apply clarify - apply (subst nth_merges) - apply simp - apply (blast dest: boundedD) - apply assumption - apply clarify - apply (rule conjI) - apply (blast dest: boundedD) - apply (erule pres_typeD) - prefer 3 apply assumption - apply simp - apply simp -apply(subgoal_tac "q < length ss") -prefer 2 apply simp - apply (frule nth_merges [of q _ _ "step p (ss!p)"]) (* fixme: why does method subst not work?? *) -apply assumption - apply clarify - apply (rule conjI) - apply (blast dest: boundedD) - apply (erule pres_typeD) - prefer 3 apply assumption - apply simp - apply simp - apply (drule_tac P = "\x. (a, b) \ set (step q x)" in subst) - apply assumption - - apply (simp add: plusplus_empty) - apply (cases "q \ w") - apply simp - apply (rule ub1') - apply (rule Semilat.intro) - apply (rule semilat) - apply clarify - apply (rule pres_typeD) - apply assumption - prefer 3 apply assumption - apply (blast intro: listE_nth_in dest: boundedD) - apply (blast intro: pres_typeD dest: boundedD) - apply (blast intro: listE_nth_in dest: boundedD) - apply assumption - - apply simp - apply (erule allE, erule impE, assumption, erule impE, assumption) - apply (rule order_trans) - apply simp - defer - apply (rule pp_ub2)(* - apply assumption*) - apply simp - apply clarify - apply simp - apply (rule pres_typeD) - apply assumption - prefer 3 apply assumption - apply (blast intro: listE_nth_in dest: boundedD) - apply (blast intro: pres_typeD dest: boundedD) - apply (blast intro: listE_nth_in dest: boundedD) - apply blast - done -(*>*) - - -lemma (in Semilat) merges_bounded_lemma: - "\ mono r step n A; bounded step n; - \(p',s') \ set (step p (ss!p)). s' \ A; ss \ list n A; ts \ list n A; p < n; - ss [\\<^sub>r] ts; \p. p < n \ stable r step ts p \ - \ merges f (step p (ss!p)) ss [\\<^sub>r] ts" -(*<*) - apply (unfold stable_def) - apply (rule merges_pres_le_ub) - apply simp - apply simp - prefer 2 apply assumption - - apply clarsimp - apply (drule boundedD, assumption+) - apply (erule allE, erule impE, assumption) - apply (drule bspec, assumption) - apply simp - - apply (drule monoD [of _ _ _ _ p "ss!p" "ts!p"]) - apply assumption - apply simp - apply (simp add: le_listD) - - apply (drule lesub_step_typeD, assumption) - apply clarify - apply (drule bspec, assumption) - apply simp - apply (blast intro: order_trans) - done -(*>*) - -lemma termination_lemma: assumes "Semilat A r f" -shows "\ ss \ list n A; \(q,t)\set qs. q t\A; p\w \ \ - ss [\\<^sub>r] merges f qs ss \ - merges f qs ss = ss \ {q. \t. (q,t)\set qs \ t \\<^bsub>f\<^esub> ss!q \ ss!q} \ (w-{p}) \ w" -(*<*) (is "PROP ?P") -proof - - interpret Semilat A r f by fact - show "PROP ?P" - apply(insert semilat) - apply (unfold lesssub_def) - apply (simp (no_asm_simp) add: merges_incr) - apply (rule impI) - apply (rule merges_same_conv [THEN iffD1, elim_format]) - apply assumption+ - defer - apply (rule sym, assumption) - defer apply simp - apply (subgoal_tac "\q t. \((q, t) \ set qs \ t \\<^bsub>f\<^esub> ss ! q \ ss ! q)") - apply (blast intro!: psubsetI elim: equalityE) - apply clarsimp - apply (drule bspec, assumption) - apply (drule bspec, assumption) - apply clarsimp - done -qed -(*>*) - -lemma iter_properties[rule_format]: assumes "Semilat A r f" -shows "\ acc r; pres_type step n A; mono r step n A; - bounded step n; \p\w0. p < n; ss0 \ list n A; - \p w0 \ stable r step ss0 p \ \ - iter f step ss0 w0 = (ss',w') - \ - ss' \ list n A \ stables r step ss' \ ss0 [\\<^sub>r] ss' \ - (\ts\list n A. ss0 [\\<^sub>r] ts \ stables r step ts \ ss' [\\<^sub>r] ts)" -(*<*) (is "PROP ?P") -proof - - interpret Semilat A r f by fact - show "PROP ?P" - apply(insert semilat) - apply (unfold iter_def stables_def) - apply (rule_tac P = "\(ss,w). - ss \ list n A \ (\p w \ stable r step ss p) \ ss0 [\\<^sub>r] ss \ - (\ts\list n A. ss0 [\\<^sub>r] ts \ stables r step ts \ ss [\\<^sub>r] ts) \ - (\p\w. p < n)" and - r = "{(ss',ss) . ss [\\<^sub>r] ss'} <*lex*> finite_psubset" - in while_rule) - - \ \Invariant holds initially:\ - apply (simp add:stables_def) - - \ \Invariant is preserved:\ - apply(simp add: stables_def split_paired_all) - apply(rename_tac ss w) - apply(subgoal_tac "(SOME p. p \ w) \ w") - prefer 2 apply (fast intro: someI) - apply(subgoal_tac "\(q,t) \ set (step (SOME p. p \ w) (ss ! (SOME p. p \ w))). q < length ss \ t \ A") - prefer 2 - apply clarify - apply (rule conjI) - apply(clarsimp, blast dest!: boundedD) - apply (erule pres_typeD) - prefer 3 - apply assumption - apply (erule listE_nth_in) - apply blast - apply blast - apply (subst decomp_propa) - apply blast - apply simp - apply (rule conjI) - apply (rule merges_preserves_type) - apply blast - apply clarify - apply (rule conjI) - apply(clarsimp, blast dest!: boundedD) - apply (erule pres_typeD) - prefer 3 - apply assumption - apply (erule listE_nth_in) - apply blast - apply blast - apply (rule conjI) - apply clarify - apply (blast intro!: stable_pres_lemma) - apply (rule conjI) - apply (blast intro!: merges_incr intro: le_list_trans) - apply (rule conjI) - apply clarsimp - apply (blast intro!: merges_bounded_lemma) - apply (blast dest!: boundedD) - - - \ \Postcondition holds upon termination:\ - apply(clarsimp simp add: stables_def split_paired_all) - - \ \Well-foundedness of the termination relation:\ - apply (rule wf_lex_prod) - apply (insert orderI [THEN acc_le_listI]) - apply (simp only: acc_def lesssub_def) - apply (rule wf_finite_psubset) - - \ \Loop decreases along termination relation:\ - apply(simp add: stables_def split_paired_all) - apply(rename_tac ss w) - apply(subgoal_tac "(SOME p. p \ w) \ w") - prefer 2 apply (fast intro: someI) - apply(subgoal_tac "\(q,t) \ set (step (SOME p. p \ w) (ss ! (SOME p. p \ w))). q < length ss \ t \ A") - prefer 2 - apply clarify - apply (rule conjI) - apply(clarsimp, blast dest!: boundedD) - apply (erule pres_typeD) - prefer 3 - apply assumption - apply (erule listE_nth_in) - apply blast - apply blast - apply (subst decomp_propa) - apply blast - apply clarify - apply (simp del: listE_length - add: lex_prod_def finite_psubset_def - bounded_nat_set_is_finite) - apply (rule termination_lemma) - apply (rule assms) - apply assumption+ - defer - apply assumption - apply clarsimp - done -qed -(*>*) - - -lemma kildall_properties: assumes "Semilat A r f" -shows "\ acc r; pres_type step n A; mono r step n A; - bounded step n; ss0 \ list n A \ \ - kildall r f step ss0 \ list n A \ - stables r step (kildall r f step ss0) \ - ss0 [\\<^sub>r] kildall r f step ss0 \ - (\ts\list n A. ss0 [\\<^sub>r] ts \ stables r step ts \ - kildall r f step ss0 [\\<^sub>r] ts)" -(*<*) (is "PROP ?P") -proof - - interpret Semilat A r f by fact - show "PROP ?P" - apply (unfold kildall_def) - apply(case_tac "iter f step ss0 (unstables r step ss0)") - apply(simp) - apply (rule iter_properties) - apply (simp_all add: unstables_def stable_def) - apply (rule Semilat.intro) - apply (rule semilat) - done -qed - - -lemma is_bcv_kildall: assumes "Semilat A r f" -shows "\ acc r; top r T; pres_type step n A; bounded step n; mono r step n A \ - \ is_bcv r T step n A (kildall r f step)" (is "PROP ?P") -proof - - interpret Semilat A r f by fact - show "PROP ?P" - apply(unfold is_bcv_def wt_step_def) - apply(insert \Semilat A r f\ semilat kildall_properties[of A]) - apply(simp add:stables_def) - apply clarify - apply(subgoal_tac "kildall r f step \s\<^sub>0 \ list n A") - prefer 2 apply (simp(no_asm_simp)) - apply (rule iffI) - apply (rule_tac x = "kildall r f step \s\<^sub>0" in bexI) - apply (rule conjI) - apply (blast) - apply (simp (no_asm_simp)) - apply(assumption) - apply clarify - apply(subgoal_tac "kildall r f step \s\<^sub>0!p <=_r \s!p") - apply simp - apply (blast intro!: le_listD less_lengthI) - done -qed -(*>*) - -end diff --git a/thys/Jinja/DFA/Kildall_1.thy b/thys/Jinja/DFA/Kildall_1.thy new file mode 100644 --- /dev/null +++ b/thys/Jinja/DFA/Kildall_1.thy @@ -0,0 +1,143 @@ +(* Title: HOL/MicroJava/BV/Kildall.thy + Author: Tobias Nipkow, Gerwin Klein + Copyright 2000 TUM + +Kildall's algorithm. +*) + +section \Kildall's Algorithm \label{sec:Kildall}\ + +theory Kildall_1 +imports SemilatAlg +begin + + + + + + + + + + + + + + + + + + + + + + + + + + + + +primrec merges :: "'s binop \ (nat \ 's) list \ 's list \ 's list" +where + "merges f [] \s = \s" +| "merges f (p'#ps) \s = (let (p,\) = p' in merges f ps (\s[p := \ \\<^bsub>f\<^esub> \s!p]))" + + +lemmas [simp] = Let_def Semilat.le_iff_plus_unchanged [OF Semilat.intro, symmetric] + + +lemma (in Semilat) nth_merges: + "\ss. \p < length ss; ss \ list n A; \(p,t)\set ps. p t\A \ \ + (merges f ps ss)!p = map snd [(p',t') \ ps. p'=p] \\<^bsub>f\<^esub> ss!p" + (is "\ss. \_; _; ?steptype ps\ \ ?P ss ps") +(*<*) +proof (induct ps) + show "\ss. ?P ss []" by simp + + fix ss p' ps' + assume ss: "ss \ list n A" + assume l: "p < length ss" + assume "?steptype (p'#ps')" + then obtain a b where + p': "p'=(a,b)" and ab: "aA" and ps': "?steptype ps'" + by (cases p') auto + assume "\ss. p< length ss \ ss \ list n A \ ?steptype ps' \ ?P ss ps'" + hence IH: "\ss. ss \ list n A \ p < length ss \ ?P ss ps'" using ps' by iprover + + from ss ab + have "ss[a := b \\<^bsub>f\<^esub> ss!a] \ list n A" by (simp add: closedD) + moreover + with l have "p < length (ss[a := b \\<^bsub>f\<^esub> ss!a])" by simp + ultimately + have "?P (ss[a := b \\<^bsub>f\<^esub> ss!a]) ps'" by (rule IH) + with p' l + show "?P ss (p'#ps')" by simp +qed +(*>*) + + +(** merges **) + +lemma length_merges [simp]: + "\ss. size(merges f ps ss) = size ss" +(*<*) by (induct ps, auto) (*>*) + +lemma (in Semilat) merges_preserves_type_lemma: +shows "\xs. xs \ list n A \ (\(p,x) \ set ps. p x\A) + \ merges f ps xs \ list n A" +(*<*) +apply (insert closedI) +apply (unfold closed_def) +apply (induct ps) + apply simp +apply clarsimp +done +(*>*) + +lemma (in Semilat) merges_preserves_type [simp]: + "\ xs \ list n A; \(p,x) \ set ps. p x\A \ + \ merges f ps xs \ list n A" +by (simp add: merges_preserves_type_lemma) + +lemma (in Semilat) list_update_le_listI [rule_format]: + "set xs \ A \ set ys \ A \ xs [\\<^bsub>r\<^esub>] ys \ p < size xs \ + x \\<^bsub>r\<^esub> ys!p \ x\A \ xs[p := x \\<^bsub>f\<^esub> xs!p] [\\<^bsub>r\<^esub>] ys" +(*<*) + apply (insert semilat) + apply (simp only: Listn.le_def lesub_def semilat_def) + apply (simp add: list_all2_conv_all_nth nth_list_update) + done +(*>*) + +lemma (in Semilat) merges_pres_le_ub: + assumes "set ts \ A" "set ss \ A" + "\(p,t)\set ps. t \\<^bsub>r\<^esub> ts!p \ t \ A \ p < size ts" "ss [\\<^bsub>r\<^esub>] ts" + shows "merges f ps ss [\\<^bsub>r\<^esub>] ts" +(*<*) +proof - + { fix t ts ps + have + "\qs. \set ts \ A; \(p,t)\set ps. t \\<^bsub>r\<^esub> ts!p \ t \ A \ p< size ts \ \ + set qs \ set ps \ + (\ss. set ss \ A \ ss [\\<^bsub>r\<^esub>] ts \ merges f qs ss [\\<^bsub>r\<^esub>] ts)" + apply (induct_tac qs) + apply simp + apply (simp (no_asm_simp)) + apply clarify + apply simp + apply (erule allE, erule impE, erule_tac [2] mp) + apply (drule bspec, assumption) + apply (simp add: closedD) + apply (drule bspec, assumption) + apply (simp add: list_update_le_listI) + done + } note this [dest] + from assms show ?thesis by blast +qed +(*>*) + + + + +end diff --git a/thys/Jinja/DFA/Kildall_2.thy b/thys/Jinja/DFA/Kildall_2.thy new file mode 100644 --- /dev/null +++ b/thys/Jinja/DFA/Kildall_2.thy @@ -0,0 +1,288 @@ +(* Title: HOL/MicroJava/BV/Kildall.thy + Author: Tobias Nipkow, Gerwin Klein + Copyright 2000 TUM + +Kildall's algorithm. +*) + +section \Kildall's Algorithm \label{sec:Kildall}\ + +theory Kildall_2 +imports SemilatAlg Kildall_1 +begin + + + +primrec propa :: "'s binop \ (nat \ 's) list \ 's list \ nat set \ 's list * nat set" +where + "propa f [] \s w = (\s,w)" +| "propa f (q'#qs) \s w = (let (q,\) = q'; + u = \ \\<^bsub>f\<^esub> \s!q; + w' = (if u = \s!q then w else insert q w) + in propa f qs (\s[q := u]) w')" + +definition iter :: "'s binop \ 's step_type \ + 's list \ nat set \ 's list \ nat set" +where + "iter f step \s w = + while (\(\s,w). w \ {}) + (\(\s,w). let p = SOME p. p \ w + in propa f (step p (\s!p)) \s (w-{p})) + (\s,w)" + +definition unstables :: "'s ord \ 's step_type \ 's list \ nat set" +where + "unstables r step \s = {p. p < size \s \ \stable r step \s p}" + +definition kildall :: "'s ord \ 's binop \ 's step_type \ 's list \ 's list" +where + "kildall r f step \s = fst(iter f step \s (unstables r step \s))" + + +(** propa **) +lemma (in Semilat) merges_incr_lemma: + "\xs. xs \ list n A \ (\(p,x)\set ps. p x \ A) \ xs [\\<^bsub>r\<^esub>] merges f ps xs" + apply (induct ps) + apply simp + apply(insert orderI) + apply (fastforce intro:le_list_refl') + apply simp + apply clarify + apply (rule order_trans) + defer + apply (erule list_update_incr) + apply simp+ + done + +(*>*) + +lemma (in Semilat) merges_incr: + "\ xs \ list n A; \(p,x)\set ps. p x \ A \ + \ xs [\\<^bsub>r\<^esub>] merges f ps xs" + by (simp add: merges_incr_lemma) + + +lemma (in Semilat) merges_same_conv [rule_format]: + "(\xs. xs \ list n A \ (\(p,x)\set ps. p x\A) \ + (merges f ps xs = xs) = (\(p,x)\set ps. x \\<^bsub>r\<^esub> xs!p))" +(*<*) + apply (induct_tac ps) + apply simp + apply clarsimp + apply (rename_tac p x ps xs) + apply (rule iffI) + apply (rule context_conjI) + apply (subgoal_tac "xs[p := x \\<^bsub>f\<^esub> xs!p] [\\<^bsub>r\<^esub>] xs") + apply (fastforce dest!: le_listD) \\apply (force dest!: le_listD simp add: nth_list_update) \ + apply (erule subst, rule merges_incr) + apply (blast intro!: listE_set intro: closedD listE_length [THEN nth_in]) + apply clarify + apply (rule conjI) + apply simp + apply (blast dest: boundedD) + apply blast + apply clarify + apply (erule allE) + apply (erule impE) + apply assumption + apply (drule bspec) + apply assumption + apply (simp add: le_iff_plus_unchanged [THEN iffD1] list_update_same_conv [THEN iffD2]) + apply blast + apply clarify + apply (simp add: le_iff_plus_unchanged [THEN iffD1] list_update_same_conv [THEN iffD2]) + done +(*>*) + +lemma decomp_propa: + "\ss w. (\(q,t)\set qs. q < size ss) \ + propa f qs ss w = + (merges f qs ss, {q. \t.(q,t)\set qs \ t \\<^bsub>f\<^esub> ss!q \ ss!q} \ w)" +(*<*) + apply (induct qs) + apply simp + apply (simp (no_asm)) + apply clarify + apply simp + apply (rule conjI) + apply blast + apply (simp add: nth_list_update) + apply blast + done +(*>*) + +lemma (in Semilat) stable_pres_lemma: +shows "\pres_type step n A; bounded step n; + ss \ list n A; p \ w; \q\w. q < n; + \q. q < n \ q \ w \ stable r step ss q; q < n; + \s'. (q,s') \ set (step p (ss!p)) \ s' \\<^bsub>f\<^esub> ss!q = ss!q; + q \ w \ q = p \ + \ stable r step (merges f (step p (ss!p)) ss) q" +(*<*) + apply (unfold stable_def) + apply (subgoal_tac "\s'. (q,s') \ set (step p (ss!p)) \ s' : A") + prefer 2 + apply clarify + apply (erule pres_typeD) + prefer 3 apply assumption + apply (rule listE_nth_in) + apply assumption + apply simp + apply simp + apply simp + apply clarify + apply (subst nth_merges) + apply simp + apply (blast dest: boundedD) + apply assumption + apply clarify + apply (rule conjI) + apply (blast dest: boundedD) + apply (erule pres_typeD) + prefer 3 apply assumption + apply simp + apply simp +apply(subgoal_tac "q < length ss") +prefer 2 apply simp + apply (frule nth_merges [of q _ _ "step p (ss!p)"]) (* fixme: why does method subst not work?? *) +apply assumption + apply clarify + apply (rule conjI) + apply (blast dest: boundedD) + apply (erule pres_typeD) + prefer 3 apply assumption + apply simp + apply simp + apply (drule_tac P = "\x. (a, b) \ set (step q x)" in subst) + apply assumption + + apply (simp add: plusplus_empty) + apply (cases "q \ w") + apply simp + apply (rule ub1') + apply (rule Semilat.intro) + apply (rule semilat) + apply clarify + apply (rule pres_typeD) + apply assumption + prefer 3 apply assumption + apply (blast intro: listE_nth_in dest: boundedD) + apply (blast intro: pres_typeD dest: boundedD) + apply (blast intro: listE_nth_in dest: boundedD) + apply assumption + + apply simp + apply (erule allE, erule impE, assumption, erule impE, assumption) + apply (rule order_trans) + apply fastforce + defer + apply (rule pp_ub2) + apply simp + apply clarify + apply simp + apply (rule pres_typeD) + apply assumption + prefer 3 + apply assumption + apply (blast intro: listE_nth_in) + apply (blast) + apply (blast intro: listE_nth_in dest: boundedD) + prefer 4 + apply fastforce + apply (blast intro: listE_nth_in dest: pres_typeD) + apply (blast intro: listE_nth_in dest: boundedD) + apply(subgoal_tac "\(q,t) \ set (step p (ss!p)). q < n \ t \ A") + + apply (subgoal_tac "merges f (step p (ss!p)) ss \ list n A") + defer + apply (blast dest:merges_preserves_type) + defer + apply (subgoal_tac "a < n") + defer + apply (blast intro: listE_nth_in boundedD ) + defer + apply (subgoal_tac "merges f (step p (ss ! p)) ss ! a = + map snd (filter (\(p', t'). p' = a) (step p (ss ! p))) \\<^bsub>f\<^esub> ss ! a") + apply (fastforce dest: listE_nth_in ) (* slow *) + apply (subgoal_tac "a < length ss") + apply (fastforce dest:nth_merges) + apply simp + apply (intro strip) + apply auto + defer + apply (auto intro:boundedD) + apply (fastforce intro: listE_nth_in dest:pres_typeD) + done +(*>*) + + +lemma (in Semilat) merges_bounded_lemma: + "\ mono r step n A; bounded step n; pres_type step n A; + \(p',s') \ set (step p (ss!p)). s' \ A; ss \ list n A; ts \ list n A; p < n; + ss [\\<^sub>r] ts; \p. p < n \ stable r step ts p \ + \ merges f (step p (ss!p)) ss [\\<^sub>r] ts" +(*<*) + apply (unfold stable_def) + apply (rule merges_pres_le_ub) + apply simp + apply simp + prefer 2 apply assumption + + apply clarsimp + apply (drule boundedD, assumption+) + apply (erule allE, erule impE, assumption) + apply (drule bspec, assumption) + apply simp + + apply (drule monoD [of _ _ _ _ p "ss!p" "ts!p"]) + apply assumption + apply simp + apply (simp add: le_listD) + + apply (drule lesub_step_typeD, assumption) + apply clarify + apply (drule bspec, assumption) + apply simp + + apply (rule order_trans) + apply fastforce + apply simp + apply simp + apply simp + apply (auto intro:boundedD) + + apply (blast intro: listE_nth_in dest:pres_typeD) + done +(*>*) + + + +(** iter **) +lemma termination_lemma: assumes "Semilat A r f" +shows "\ ss \ list n A; \(q,t)\set qs. q t\A; p\w \ \ + ss [\\<^sub>r] merges f qs ss \ + merges f qs ss = ss \ {q. \t. (q,t)\set qs \ t \\<^bsub>f\<^esub> ss!q \ ss!q} \ (w-{p}) \ w" +(*<*) (is "PROP ?P") +proof - + interpret Semilat A r f by fact + show "PROP ?P" + apply(insert semilat) + apply (unfold lesssub_def) + apply (simp (no_asm_simp) add: merges_incr) + apply (rule impI) + apply (rule merges_same_conv [THEN iffD1, elim_format]) + apply assumption+ + defer + apply (rule sym, assumption) + defer apply simp + apply (subgoal_tac "\q t. \((q, t) \ set qs \ t \\<^bsub>f\<^esub> ss ! q \ ss ! q)") + apply (blast intro!: psubsetI elim: equalityE) + apply clarsimp + apply (drule bspec, assumption) + apply (drule bspec, assumption) + apply clarsimp + done +qed +(*>*) + +end diff --git a/thys/Jinja/DFA/Typing_Framework.thy b/thys/Jinja/DFA/Typing_Framework.thy deleted file mode 100644 --- a/thys/Jinja/DFA/Typing_Framework.thy +++ /dev/null @@ -1,33 +0,0 @@ -(* Title: HOL/MicroJava/BV/Typing_Framework.thy - Author: Tobias Nipkow - Copyright 2000 TUM -*) - -section \Typing and Dataflow Analysis Framework\ - -theory Typing_Framework imports Semilattices begin - -text \ - The relationship between dataflow analysis and a welltyped-instruction predicate. -\ -type_synonym - 's step_type = "nat \ 's \ (nat \ 's) list" - -definition stable :: "'s ord \ 's step_type \ 's list \ nat \ bool" -where - "stable r step \s p \ (\(q,\) \ set (step p (\s!p)). \ \\<^sub>r \s!q)" - -definition stables :: "'s ord \ 's step_type \ 's list \ bool" -where - "stables r step \s \ (\p < size \s. stable r step \s p)" - -definition wt_step :: "'s ord \ 's \ 's step_type \ 's list \ bool" -where - "wt_step r T step \s \ (\ps. \s!p \ T \ stable r step \s p)" - -definition is_bcv :: "'s ord \ 's \ 's step_type \ nat \ 's set \ ('s list \ 's list) \ bool" -where - "is_bcv r T step n A bcv \ (\\s\<^sub>0 \ list n A. - (\ps\<^sub>0)!p \ T) = (\\s \ list n A. \s\<^sub>0 [\\<^sub>r] \s \ wt_step r T step \s))" - -end diff --git a/thys/Jinja/DFA/Typing_Framework_1.thy b/thys/Jinja/DFA/Typing_Framework_1.thy new file mode 100644 --- /dev/null +++ b/thys/Jinja/DFA/Typing_Framework_1.thy @@ -0,0 +1,28 @@ +(* Title: HOL/MicroJava/BV/Typing_Framework.thy + Author: Tobias Nipkow + Copyright 2000 TUM +*) + +section \Typing and Dataflow Analysis Framework\ + +theory Typing_Framework_1 imports Semilattices begin + +text \ + The relationship between dataflow analysis and a welltyped-instruction predicate. +\ +type_synonym + 's step_type = "nat \ 's \ (nat \ 's) list" + +definition stable :: "'s ord \ 's step_type \ 's list \ nat \ bool" +where + "stable r step \s p \ (\(q,\) \ set (step p (\s!p)). \ \\<^sub>r \s!q)" + +definition stables :: "'s ord \ 's step_type \ 's list \ bool" +where + "stables r step \s \ (\p < size \s. stable r step \s p)" + +definition wt_step :: "'s ord \ 's \ 's step_type \ 's list \ bool" +where + "wt_step r T step \s \ (\ps. \s!p \ T \ stable r step \s p)" + +end diff --git a/thys/Jinja/DFA/Typing_Framework_2.thy b/thys/Jinja/DFA/Typing_Framework_2.thy new file mode 100644 --- /dev/null +++ b/thys/Jinja/DFA/Typing_Framework_2.thy @@ -0,0 +1,19 @@ +(* Title: HOL/MicroJava/BV/Typing_Framework.thy + Author: Tobias Nipkow + Copyright 2000 TUM +*) + +section \Typing and Dataflow Analysis Framework\ + +theory Typing_Framework_2 imports Typing_Framework_1 begin + +text \ + The relationship between dataflow analysis and a welltyped-instruction predicate. +\ + +definition is_bcv :: "'s ord \ 's \ 's step_type \ nat \ 's set \ ('s list \ 's list) \ bool" +where + "is_bcv r T step n A bcv \ (\\s\<^sub>0 \ list n A. + (\ps\<^sub>0)!p \ T) = (\\s \ list n A. \s\<^sub>0 [\\<^sub>r] \s \ wt_step r T step \s))" + +end