Theory Calculus_of_Programming

chapter ‹Calculus of Programming›

theory Calculus_of_Programming
  imports Spec_Framework IDE_CP_Reasoning1
  abbrevs "<state>" = "𝗌𝗍𝖺𝗍𝖾"
      and "<results>" = "𝗋𝖾𝗌𝗎𝗅𝗍𝗌"
      and "<in>" = "𝗂𝗇"
      and "<is>" = "𝗂𝗌"
begin

section ‹Implementing CoP Sequent›

text ‹CoP sequent ‹P | S |- Q› for ‹S = (C⇩1,v⇩1); ⋯ ; (C⇩n,v⇩n)› is implemented as
\begin{align*}
& ‹𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s⇩0 [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 P›, \\
& ‹Code s⇩0 s⇩1 C⇩1 v⇩1,›         \\
&     \qquad ‹⋯›                 \\
& ‹Code s⇩i⇩-⇩1 s⇩i C⇩i v⇩i,›       \\
&     \qquad ‹⋯›                 \\
& ‹Code s⇩n⇩-⇩1 s⇩n C⇩n v⇩n›        \\
‹⊢› \;&\; ‹𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s⇩n [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 Q›
\end{align*}
where ‹s⇩0› denotes the initial state before execution and ‹s⇩i, v⇩i› denote
respectively the intermediate state after executing procedure ‹C⇩i› and
the return value of ‹C⇩i›.
Sequence ‹{s⇩i}⇩n› therefore links execution of each procedure.
‹R› is the frame variable.

[C]-modality ‹[C]{Q}{E}› is implemented by ‹𝗉𝖾𝗇𝖽𝗂𝗇𝗀 C 𝗈𝗇 s⇩n [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 Q 𝗍𝗁𝗋𝗈𝗐𝗌 E›.

›

text ‹
In addition, besides programming of procedures,
the system is extended to deduce view shift and transformation of abstraction by programming.

The programming deduction of view shift is also realized using similar structures
(‹CurrentConstruction›). Thus we reuse the infrastructures and
give two modes ‹programming_mode› and ‹view_shift_mode› to differentiate the two modes.
›

consts programming_mode :: mode
       view_shift_mode  :: mode

definition CurrentConstruction :: " mode ⇒ resource ⇒ assn ⇒ assn ⇒ bool "
  where "CurrentConstruction mode s R S ⟷ s ⊨ INTERP_SPEC (S * R)"

abbreviation Programming_CurrentConstruction ("(2𝖼𝗎𝗋𝗋𝖾𝗇𝗍 _ [_] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇/ _)" [1000,1000,11] 10)
  where ‹Programming_CurrentConstruction ≡ CurrentConstruction programming_mode›

abbreviation View_Shift_CurrentConstruction ("(2𝗏𝗂𝖾𝗐 _ [_] 𝗂𝗌/ _)" [1000,1000,11] 10)
  where ‹View_Shift_CurrentConstruction ≡ CurrentConstruction view_shift_mode›

consts Programming_CurrentConstruction_syntax :: ‹assn ⇒ bool› ("(2𝖼𝗎𝗋𝗋𝖾𝗇𝗍 𝗌𝗍𝖺𝗍𝖾:/ (‹consistent=true›_))" [11] 10)
consts View_Shift_CurrentConstruction_syntax :: ‹assn ⇒ bool› ("(2𝖼𝗎𝗋𝗋𝖾𝗇𝗍 𝗏𝗂𝖾𝗐:/ _)" [11] 10)

definition PendingConstruction :: " 'ret proc
                                  ⇒ resource
                                  ⇒ assn
                                  ⇒ ('ret φarg ⇒ assn)
                                  ⇒ (ABNM ⇒ assn)
                                  ⇒ bool "
    ("𝗉𝖾𝗇𝖽𝗂𝗇𝗀 _ 𝗈𝗇 _ [_]/ 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 _/ 𝗍𝗁𝗋𝗈𝗐𝗌 _" [1000,1000,1000,11,11] 10)
    where "PendingConstruction f s R S E ⟷
              BI_lift (f s) ≤ LooseState (λret. INTERP_SPEC (S ret * R)) (λex. INTERP_SPEC (E ex * R))"

consts PendingConstruction_syntax :: ‹'ret proc ⇒ ('ret φarg ⇒ assn) ⇒ (ABNM ⇒ assn) ⇒ bool›
  ("𝗉𝖾𝗇𝖽𝗂𝗇𝗀 𝗉𝗋𝗈𝖼 _/ 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 _/ 𝗍𝗁𝗋𝗈𝗐𝗌 _" [1000,11,11] 10)

translations
  "𝖼𝗎𝗋𝗋𝖾𝗇𝗍 𝗌𝗍𝖺𝗍𝖾: S" <= "CONST Programming_CurrentConstruction s R S"
  "𝖼𝗎𝗋𝗋𝖾𝗇𝗍 𝗏𝗂𝖾𝗐: S" <= "CONST View_Shift_CurrentConstruction s R S"
  "𝗉𝖾𝗇𝖽𝗂𝗇𝗀 𝗉𝗋𝗈𝖼 f 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 S 𝗍𝗁𝗋𝗈𝗐𝗌 E" <= "CONST PendingConstruction f s R S E"

definition ‹Code s s' f ret ⟷ Success ret s' ∈ f s›

lemma CurrentConstruction_D: "CurrentConstruction mode s H T ⟹ Satisfiable T"
  unfolding CurrentConstruction_def Satisfiable_def
  by (clarsimp simp add: INTERP_SPEC set_mult_expn, blast)

definition ToA_Construction :: ‹'a ⇒ 'a BI ⇒ bool› ("𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇'(_') 𝗂𝗌/ _" [11,11] 10)
  where ‹ToA_Construction = (⊨)›


subsection ‹Reasoning Configuration›

subsubsection ‹Simplification›

φreasoner_ML φprogramming_simps (‹𝗌𝗂𝗆𝗉𝗅𝗂𝖿𝗒[programming_mode] _ : _›) =
  ‹fn (_, (ctxt,sequent)) => Seq.make (fn () =>
    let val lev = Config.get ctxt Phi_Reasoner.auto_level
     in if lev <= 0
     then SOME ((ctxt, @{thm' Simplify_I} RS sequent), Seq.empty)
     else sequent
        |> PLPR_Simplifier.simplifier (K Seq.empty) (equip_Phi_Programming_Simp lev) {fix_vars=false} ctxt
        |> Seq.map (pair ctxt)
        |> Seq.pull
    end)›

section ‹Rules for Constructing Programs›

subsection ‹Construct Procedure›

lemma φapply_proc:
  "(𝖼𝗎𝗋𝗋𝖾𝗇𝗍 blk [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 S)
⟹ 𝗉𝗋𝗈𝖼 f ⦃ S ⟼ T ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹(𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E)"
  unfolding φProcedure_def CurrentConstruction_def PendingConstruction_def bind_def Satisfaction_def
  by (simp add: mult.commute)

lemma
  ‹ (∃s' x. Code s  s'  f x ∧ Code s' s'' (g x) y)
⟷ Code s  s'' (f ⤜ g) y›
  unfolding Code_def bind_def
  apply (rule; clarsimp)
  apply blast
  by (case_tac x; clarsimp; blast)


(*Hint: because
𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 U 𝗍𝗁𝗋𝗈𝗐𝗌 E1 ⟶
  Invalid ∉ f s ∧ (∀v s'. Abnormal v s' ∈ f s ⟶ s' ∈ INTERP_SPEC (R ❟ E v))*)

lemma φassemble_proc:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E1
⟹ (⋀s' ret. Code s s' f ret ⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (g ret) 𝗈𝗇 s' [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 U 𝗍𝗁𝗋𝗈𝗐𝗌 E2)
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (f ⤜ g) 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 U 𝗍𝗁𝗋𝗈𝗐𝗌 E1 + E2›
  unfolding CurrentConstruction_def PendingConstruction_def bind_def less_eq_BI_iff Code_def
  apply clarsimp subgoal for s s'
  by (cases s; simp; cases s'; simp add: split_comp_All ring_distribs plus_fun) .




lemma φaccept_proc:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ Code s s' f ret
⟹ 𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s' [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T ret›
  unfolding PendingConstruction_def bind_def less_eq_BI_iff CurrentConstruction_def Code_def
  by blast

lemma φaccept_proc_optimize_return_v:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (Return v) 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ 𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T v›
  unfolding PendingConstruction_def bind_def less_eq_BI_iff CurrentConstruction_def Return_def det_lift_def
  by simp


(* lemma φaccept_proc: ― ‹Depreciated!›
  " 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E1
⟹ (⋀s' ret. 𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s' [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T ret ⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (g ret) 𝗈𝗇 s' [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 U 𝗍𝗁𝗋𝗈𝗐𝗌 E2)
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (f ⤜ g) 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 U 𝗍𝗁𝗋𝗈𝗐𝗌 E1 + E2"
  unfolding CurrentConstruction_def PendingConstruction_def bind_def subset_iff plus_fun_def
  apply clarsimp subgoal for s' s'' by (cases s'; simp; cases s''; simp add: ring_distribs; blast) .*)

(*
lemma φreturn_when_unreachable:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 (λ_. T) 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (f ⪢ Return (φarg undefined)) 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 (λ_. T) 𝗍𝗁𝗋𝗈𝗐𝗌 E›
  for f :: ‹unreachable proc›
  unfolding CurrentConstruction_def PendingConstruction_def bind_def Return_def det_lift_def subset_iff
  apply clarsimp subgoal for s' s'' by (cases s'; simp; cases s''; simp add: ring_distribs; blast) .
*)
lemma φreturn_additional_unit:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (f ⤜ (λv. Return (φV_pair v φV_none))) 𝗈𝗇 s [R]
        𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 (λret. T (φV_fst ret)) 𝗍𝗁𝗋𝗈𝗐𝗌 E›
  unfolding CurrentConstruction_def PendingConstruction_def bind_def Return_def φV_pair_def
    φV_fst_def φV_snd_def det_lift_def less_eq_BI_iff
  apply clarsimp subgoal for s' s'' by (cases s'; simp; cases s''; simp add: ring_distribs; blast) .

lemma φreturn:
  " 𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T'
⟹ T' = T ret
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 (Return ret) 𝗈𝗇 s [R] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 0"
  unfolding CurrentConstruction_def PendingConstruction_def bind_def Return_def det_lift_def less_eq_BI_iff
  by simp+

lemma φreassemble_proc_final:
  "(⋀s H. 𝖼𝗎𝗋𝗋𝖾𝗇𝗍 s [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 S ⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 g 𝗈𝗇 s [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E)
⟹ 𝗉𝗋𝗈𝖼 g ⦃ S ⟼ T ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E"
  unfolding CurrentConstruction_def PendingConstruction_def φProcedure_def bind_def split_paired_all
  by (simp add: mult.commute)

lemma "φ__Return_rule__":
  ‹ X 𝗌𝗁𝗂𝖿𝗍𝗌 Y 𝗐𝗂𝗍𝗁 Any
⟹ 𝗉𝗋𝗈𝖼 Return φV_none ⦃ X ⟼ λ_::unit φarg. Y ⦄›
  unfolding φProcedure_def Return_def View_Shift_def less_eq_BI_iff det_lift_def
  by clarsimp

subsection ‹Construct View Shift›

lemma φmake_view_shift:
  ‹ (⋀s R. 𝗏𝗂𝖾𝗐 s [R] 𝗂𝗌 S ⟹ (𝗏𝗂𝖾𝗐 s [R] 𝗂𝗌 S' 𝗌𝗎𝖻𝗃 P))
⟹ S 𝗌𝗁𝗂𝖿𝗍𝗌 S' 𝗐𝗂𝗍𝗁 P›
  unfolding CurrentConstruction_def View_Shift_def
  by (simp add: INTERP_SPEC_subj)


subsection ‹Construct Implication›

lemma "φmake_implication":
  ‹(⋀x. 𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 S ⟹ 𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T 𝗌𝗎𝖻𝗃 P) ⟹ S 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 T 𝗐𝗂𝗍𝗁 P›
  unfolding Transformation_def ToA_Construction_def
  by simp

subsection ‹Cast›

lemma φapply_view_shift:
  " CurrentConstruction mode blk R S
⟹ S 𝗌𝗁𝗂𝖿𝗍𝗌 S' 𝗐𝗂𝗍𝗁 P
⟹ (CurrentConstruction mode blk R S') ∧ P"
  unfolding CurrentConstruction_def View_Shift_def
  by (simp_all add: split_paired_all)

lemmas φapply_implication = φapply_view_shift[OF _ view_shift_by_implication]

lemma φapply_view_shift_pending:
  " PendingConstruction f blk H T E
⟹ (⋀x. T x 𝗌𝗁𝗂𝖿𝗍𝗌 T' x 𝗐𝗂𝗍𝗁 P)
⟹ PendingConstruction f blk H T' E"
  unfolding PendingConstruction_def View_Shift_def
  by (clarsimp simp add: LooseState_expn' less_eq_BI_iff split_comp_All)

lemma φapply_view_shift_pending_E:
  " PendingConstruction f blk H T E
⟹ (⋀x. E x 𝗌𝗁𝗂𝖿𝗍𝗌 E' x 𝗐𝗂𝗍𝗁 P)
⟹ PendingConstruction f blk H T E'"
  unfolding PendingConstruction_def View_Shift_def
  by (clarsimp simp add: LooseState_expn' less_eq_BI_iff split_comp_All)

lemmas φapply_implication_pending =
  φapply_view_shift_pending[OF _ view_shift_by_implication]

lemmas φapply_implication_pending_E =
  φapply_view_shift_pending_E[OF _ view_shift_by_implication]

lemma φex_quantify_E:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 (E ret)
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 (λe. ExBI (λx. E x e))›
  using φapply_implication_pending_E[OF _ ExBI_transformation_I[OF transformation_refl]] .

lemma φapply_implication_impl:
  ‹ 𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(s) 𝗂𝗌 S
⟹ S 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 S' 𝗐𝗂𝗍𝗁 P
⟹(𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(s) 𝗂𝗌 S') ∧ P›
  unfolding ToA_Construction_def Transformation_def by blast

lemma "_φcast_internal_rule_":
  " CurrentConstruction mode blk H T
⟹ T 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 T' 𝗐𝗂𝗍𝗁 Any
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ CurrentConstruction mode blk H T'"
  unfolding Action_Tag_def
  using φapply_implication by blast


lemma "_φcast_internal_rule_'":
  " 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ (⋀v. T v 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 T' v 𝗐𝗂𝗍𝗁 Any)
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T' 𝗍𝗁𝗋𝗈𝗐𝗌 E"
  unfolding Action_Tag_def
  using φapply_implication_pending by blast

lemma "_φcast_exception_":
  " 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ (⋀v. E v 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 E' v)
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E'"
  unfolding Action_Tag_def
  using φapply_implication_pending_E by blast

lemma "_φcast_exception_rule_":
  " 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ (⋀v. E v 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 E' v)
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 T 𝗍𝗁𝗋𝗈𝗐𝗌 E'"
  using "_φcast_exception_" .

lemma "_φcast_implication_":
  ‹ 𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 S
⟹ S 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 T 𝗐𝗂𝗍𝗁 Any
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ 𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T›
  unfolding ToA_Construction_def Action_Tag_def Transformation_def by blast

lemma "_φcast_proc_return_internal_rule_":
  " 𝗉𝗋𝗈𝖼 f ⦃ X ⟼ Y ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ (⋀v. Y v 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 Y' v 𝗐𝗂𝗍𝗁 Any)
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ 𝗉𝗋𝗈𝖼 f ⦃ X ⟼ Y' ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E"
  unfolding Action_Tag_def
  using φCONSEQ view_shift_by_implication view_shift_refl by blast

lemma "_φcast_proc_exception_internal_rule_":
  " 𝗉𝗋𝗈𝖼 f ⦃ X ⟼ Y ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ (⋀e. E e 𝗍𝗋𝖺𝗇𝗌𝖿𝗈𝗋𝗆𝗌 E' e 𝗐𝗂𝗍𝗁 Any)
⟹ 𝗋Success
⟹ 𝗈𝖻𝗅𝗂𝗀𝖺𝗍𝗂𝗈𝗇 True
⟹ 𝗉𝗋𝗈𝖼 f ⦃ X ⟼ Y ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 E'"
  unfolding Action_Tag_def
  using φCONSEQ view_shift_by_implication view_shift_refl by blast


subsection ‹Finalization Rewrites›

text ‹Rules showing the obtained procedure is identical to the desired goal
  in the end of the construction.›

ML ‹structure Proc_Monad_SS = Simpset(
  val initial_ss = Simpset_Configure.Minimal_SS
  val binding = SOME \<^binding>‹procedure_simps›
  val comment = "declare the rules for simplifying procedure monad."
  val attribute = NONE
  val post_merging = I
)›

setup ‹Context.theory_map (Proc_Monad_SS.map (
  Simplifier.add_cong @{thm' mk_symbol_cong}
))›

consts procedure_ss :: mode

lemmas [procedure_simps] =
            proc_bind_SKIP proc_bind_SKIP'
            proc_bind_assoc proc_bind_return_none φV_simps

φreasoner_ML procedure_equivalence 1200 (‹Premise procedure_ss ?P›)
  = ‹Phi_Reasoners.wrap (PLPR_Simplifier.simplifier_by_ss' (K Seq.empty) Proc_Monad_SS.get' {fix_vars=false}) o snd›

φreasoner_ML procedure_ss 1000 (‹Simplify procedure_ss ?x ?y›)
  = ‹Phi_Reasoners.wrap (PLPR_Simplifier.simplifier_by_ss' (K Seq.empty) Proc_Monad_SS.get' {fix_vars=true}) o snd›

subsection ‹Misc›

paragraph ‹Inhabitance›

lemma ToA_Construction_Satisfiable_rule:
  ‹𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 S ⟹ Satisfiable S›
  unfolding ToA_Construction_def Satisfiable_def by blast

lemma CurrentConstruction_Satisfiable_rule:
  "CurrentConstruction mode s H T ⟹ Satisfiable T"
  using CurrentConstruction_D by blast


paragraph ‹Fact Store›

lemma [φprogramming_simps]:
  "CurrentConstruction mode s H (T 𝗌𝗎𝖻𝗃 P) ⟷ (CurrentConstruction mode s H T) ∧ P"
  unfolding CurrentConstruction_def
  by (simp_all add: INTERP_SPEC_subj split_paired_all)

lemma [φprogramming_simps]:
  "(CurrentConstruction mode s H T ∧ B) ∧ C ⟷ (CurrentConstruction mode s H T) ∧ (B ∧ C)"
  by simp

lemma [φprogramming_simps]:
  ‹(𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T 𝗌𝗎𝖻𝗃 P) ⟷ (𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T) ∧ P›
  unfolding ToA_Construction_def by simp

lemma [φprogramming_simps]:
  ‹((𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T) ∧ B) ∧ C ⟷ (𝖺𝖻𝗌𝗍𝗋𝖺𝖼𝗍𝗂𝗈𝗇(x) 𝗂𝗌 T) ∧ (B ∧ C)›
  by simp

paragraph ‹Fixing Existentially Quantified Variable›

lemma φExTyp_strip:
  "(CurrentConstruction mode p H (∃*c. T c)) ≡ (∃c. CurrentConstruction mode p H (T c))"
  unfolding CurrentConstruction_def atomize_eq
  by (simp_all add: INTERP_SPEC_ex split_paired_all)

lemma φExTyp_strip_imp:
  ‹ToA_Construction s (∃*c. T c) ≡ (∃c. ToA_Construction s (T c))›
  unfolding ToA_Construction_def by simp

paragraph ‹Introducing Existential Quantification›

lemma introduce_Ex:
  ‹CurrentConstruction mode blk H (S x) ⟹ CurrentConstruction mode blk H (ExBI S)›
  using φapply_implication[OF _ ExBI_transformation_I[OF transformation_refl], THEN conjunct1] .

lemma introduce_Ex_subj:
  ‹CurrentConstruction mode blk H (S x 𝗌𝗎𝖻𝗃 Q) ⟹ CurrentConstruction mode blk H (ExBI S 𝗌𝗎𝖻𝗃 Q)›
  by (metis Subjection_True Subjection_cong introduce_Ex)

lemma introduce_Ex_pending:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 (λv. Q x v) 𝗍𝗁𝗋𝗈𝗐𝗌 E
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 (λv. ∃*x. Q x v) 𝗍𝗁𝗋𝗈𝗐𝗌 E›
  using φapply_implication_pending[OF _ ExBI_transformation_I[OF transformation_refl]] .

lemma introduce_Ex_pending_E:
  ‹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 Q 𝗍𝗁𝗋𝗈𝗐𝗌 (λv. E x v)
⟹ 𝗉𝖾𝗇𝖽𝗂𝗇𝗀 f 𝗈𝗇 blk [H] 𝗋𝖾𝗌𝗎𝗅𝗍𝗌 𝗂𝗇 Q 𝗍𝗁𝗋𝗈𝗐𝗌 (λv. ∃*x. E x v)›
  using φapply_implication_pending_E[OF _ ExBI_transformation_I[OF transformation_refl]] .

lemma introduce_Ex_ToA:
  ‹ ToA_Construction s (S x)
⟹ ToA_Construction s (ExBI S) ›
  using φExTyp_strip_imp by fastforce

lemma introduce_Ex_ToA_subj:
  ‹ ToA_Construction s (S x 𝗌𝗎𝖻𝗃 Q)
⟹ ToA_Construction s (ExBI S 𝗌𝗎𝖻𝗃 Q) ›
  by (metis (full_types) Subjection_Flase Subjection_True introduce_Ex_ToA)

lemma introduce_Ex_ToA_subj_P:
  ‹ ToA_Construction s (X 𝗌𝗎𝖻𝗃 S x)
⟹ ToA_Construction s (X 𝗌𝗎𝖻𝗃 Ex S) ›
  by (metis Subjection_expn ToA_Construction_def)
  


paragraph ‹Return›


lemma φM_Success[intro!]: (*deprecated?*)
  ‹ v ⊨ (y ⦂ T)
⟹ 𝗉𝗋𝗈𝖼 Return (φarg v) ⦃ X ⟼ λu. y ⦂ Val u T❟ X ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 Any ›
  unfolding φProcedure_def det_lift_def Return_def
  by (clarsimp simp add: Val_def φType_def less_eq_BI_iff)

lemma φM_Success_P:
  ‹ v ⊨ (y ⦂ T)
⟹ P (φarg v)
⟹ 𝗉𝗋𝗈𝖼 Return (φarg v) ⦃ X ⟼ λu. y ⦂ Val u T❟ X 𝗌𝗎𝖻𝗃 P u ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 Any ›
  unfolding φProcedure_def det_lift_def Return_def
  by (clarsimp simp add: Val_def φType_def INTERP_SPEC_subj less_eq_BI_iff)

declare φM_Success[where X=1, simplified, intro!]

lemma φM_Success'[intro!]:
  ‹ 𝗉𝗋𝗈𝖼 Return vs ⦃ X vs ⟼ X ⦄ 𝗍𝗁𝗋𝗈𝗐𝗌 Any ›
  unfolding Return_def φProcedure_def det_lift_def less_eq_BI_iff by clarsimp

hide_const (open) Code

end