Theory RDR

section ‹Recoverable Data Types›

theory RDR
imports Main Sequences
begin

subsection ‹The pre-RDR locale contains definitions later used in the RDR locale 
  to state the properties of RDRs›

locale pre_RDR = Sequences +
  fixes δ::"'a  ('b × 'c)  'a" (infix "" 65)
  and γ::"'a  ('b × 'c)  'd"
  and bot::'a ("")
begin

fun exec::"'a  ('b×'c)list  'a" (infix "" 65) where 
  "exec s Nil = s"
| "exec s (rs#r) = (exec s rs)  r"

definition less_eq (infix "" 50) where
  "less_eq s s'   rs . s' = (srs)"

definition less (infix "" 50) where
  "less s s'  less_eq s s'  s  s'"

definition is_lb where
  "is_lb s s1 s2  s  s2  s  s1"

definition is_glb where
  "is_glb s s1 s2  is_lb s s1 s2  ( s' . is_lb s' s1 s2  s'  s)"
  
definition contains where
  "contains s r   rs . r  set rs  s = (  rs)"

definition inf  (infix "" 65) where
  "inf s1 s2  THE s . is_glb s s1 s2"

subsection ‹Useful Lemmas in the pre-RDR locale›

lemma exec_cons: 
  "s  (rs # r)= (s  rs)  r" by simp

lemma exec_append: 
  "(s  rs)  rs'  = s  (rs@rs')"
proof (induct rs')
  show "(s  rs)  []  = s  (rs@[])" by simp
next
  fix rs' r
  assume ih:"(s  rs)  rs'  = s  (rs@rs')"
  thus "(s  rs)  (rs'#r)  = s  (rs @ (rs'#r))"
    by (metis append_Cons exec_cons)
qed

lemma trans:
  assumes "s1  s2" and "s2  s3"
  shows "s1  s3" using assms
    by (auto simp add:less_eq_def, metis exec_append)

lemma contains_star:
  fixes s r rs
  assumes "contains s r"
  shows "contains (s  rs) r"
proof (induct rs)
  case Nil
  show "contains (s  []) r" using assms by auto
next
  case (Cons r' rs)
  with this obtain rs' where 1:"s  rs =   rs'" and 2:"r  set rs'" 
    by (auto simp add:contains_def)
  have 3:"s  (rs#r') = (rs'#r')" using 1 by fastforce
  show "contains (s  (rs#r')) r" using 2 3 
    by (auto simp add:contains_def) (metis exec_cons rev_subsetD set_subset_Cons)
qed

lemma preceq_star: "s  (rs#r)  s'  s  rs  s'"
by (metis pre_RDR.exec.simps(1) pre_RDR.exec.simps(2) pre_RDR.less_eq_def trans)

end

subsection ‹The RDR locale›

locale RDR = pre_RDR +
  assumes idem1:"contains s r  s  r = s"
  and idem2:" s r r' . fst r  fst r'  γ s r = γ ((s  r)  r') r"
  and antisym:" s1 s2 . s1  s2  s2  s1  s1 = s2"
  and glb_exists:" s1 s2 .  s . is_glb s s1 s2"
  and consistency:"s1 s2 s3 rs . s1  s2  s2  s3  s3 = s1  rs 
      rs' rs'' . s2 = s1  rs'  s3 = s2  rs'' 
       set rs'  set rs  set rs''  set rs"
  and bot:" s .   s"
begin

lemma inf_glb:"is_glb (s1  s2) s1 s2"
proof -
  { fix s s'
    assume "is_glb s s1 s2" and "is_glb s' s1 s2"
    hence "s = s'" using antisym by (auto simp add:is_glb_def is_lb_def) }
    from this and glb_exists show ?thesis
      by (auto simp add:inf_def, metis (lifting) theI')
qed

sublocale ordering less_eq less
proof
  fix s
  show "s  s"
  by (metis exec.simps(1) less_eq_def)
next
  fix s s'
  show "s  s' = (s  s'  s  s')" 
  by (auto simp add:less_def)
next
  fix s s'
  assume "s  s'" and "s'  s"
  thus "s = s'"
  using antisym by auto
next
  fix s1 s2 s3
  assume "s1  s2" and "s2  s3"
  thus "s1  s3"
  using trans by blast
qed

sublocale semilattice_set inf
proof
  fix s
  show "s  s = s" 
    using inf_glb
    by (metis antisym is_glb_def is_lb_def refl) 
next
  fix s1 s2
  show "s1  s2 = (s2  s1)"
    using inf_glb 
    by (smt antisym is_glb_def pre_RDR.is_lb_def)
next
  fix s1 s2 s3
  show "(s1  s2)  s3 = (s1  (s2  s3))"
    using inf_glb 
    by(auto simp add:is_glb_def is_lb_def, smt antisym trans)
qed

sublocale semilattice_order_set inf less_eq less
proof 
  fix s s'
  show "s  s' = (s = s  s')"
  by (metis antisym idem inf_glb pre_RDR.is_glb_def pre_RDR.is_lb_def)
next
  fix s s'
  show "s  s' = (s = s  s'  s  s')"
  by (metis inf_glb local.antisym local.refl pre_RDR.is_glb_def pre_RDR.is_lb_def pre_RDR.less_def)
qed

notation F (" _" [99])

subsection ‹Some useful lemmas›

lemma idem_star: 
fixes r s rs
assumes "contains s r"
shows "s  rs = s  (filter (λ x . x  r) rs)"
proof (induct rs)
  case Nil
  show "s  [] = s  (filter (λ x . x  r) [])" 
    using assms by auto
next
  case (Cons r' rs)
  have 1:"contains (s  rs) r" using assms and contains_star by auto
  show "s  (rs#r') = s  (filter (λ x . x  r) (rs#r'))"
  proof (cases "r' = r")
    case True
    hence "s  (rs#r') = s  rs" using idem1 1 by auto
    thus ?thesis using Cons by simp
  next
    case False
    thus ?thesis using Cons by auto
  qed
qed

lemma idem_star2: 
  fixes s rs' 
  shows " rs' . s  rs = s  rs'  set rs'  set rs 
     ( r  set rs' . ¬ contains s r)"
proof (induct rs)
  case Nil
  thus " rs' . s  [] = s  rs'  set rs'  set [] 
     ( r  set rs' . ¬ contains s r)" by force
next
  case (Cons r rs)
  obtain rs' where 1:"s  rs = s  rs'" and 2:"set rs'  set rs"
  and 3:" r  set rs' . ¬ contains s r" using Cons(1) by blast
  show " rs' . s  (rs#r) = s  rs'  set rs'  set (rs#r)
     ( r  set rs' . ¬ contains s r)"
  proof (cases "contains s r")
    case True
    have "s(rs#r) = srs'"
    proof -
      have "s  (rs#r) = srs" using True
        by (metis contains_star exec_cons idem1)
      moreover
      have "s  (rs'#r) = srs'" using True
        by (metis contains_star exec_cons idem1) 
      ultimately show ?thesis using 1 by simp
    qed
    moreover have "set rs'  set (rs#r)" using 2 
      by (simp, metis subset_insertI2) 
    moreover have " r  set rs' . ¬ contains s r" 
      using 3 by assumption
    ultimately show ?thesis by blast
  next
    case False
    have "s(rs#r) = s(rs'#r)" using 1 by simp
    moreover
    have "set (rs'#r)  set (rs#r)" using 2 by auto
    moreover have " r  set (rs'#r) . ¬ contains s r" 
      using 3 False by auto
    ultimately show ?thesis by blast
  qed 
qed

lemma idem2_star:
assumes "contains s r" 
and " r' . r'  set rs  fst r'  fst r"
shows "γ s r = γ (s  rs) r" using assms
proof (induct rs)  
  case Nil
  show "γ s r = γ (s  []) r" by simp
next
  case (Cons r' rs)
  thus "γ s r = γ (s  (rs#r')) r"
    using assms by auto
      (metis contains_star fst_conv idem1 idem2 prod.exhaust) 
qed

lemma glb_common:
fixes s1 s2 s rs1 rs2
assumes "s1 = s  rs1" and "s2 = s  rs2"
shows " rs . s1  s2 = s  rs  set rs  set rs1  set rs2"
proof -
  have 1:"s  s1" and 2:"s  s2" using assms by (auto simp add:less_eq_def)
  hence 3:"s  s1  s2" by (metis inf_glb is_lb_def pre_RDR.is_glb_def)
  have 4:"s1  s2  s1" by (metis cobounded1) 
  show ?thesis using 3 4 assms(1) and consistency by blast
qed

lemma glb_common_set:
fixes ss s0 rset
assumes "finite ss"  and "ss  {}"
and " s . s  ss   rs . s = s0  rs  set rs  rset"
shows " rs .  ss = s0  rs  set rs  rset"
using assms
proof (induct ss rule:finite_ne_induct)
  case (singleton s)
  obtain rs where "s = s0  rs  set rs  rset" using singleton by force
  moreover have " {s} = s" using singleton by auto
  ultimately show " rs .  {s} = s0  rs  set rs  rset" by blast
next
  case (insert s ss)
  have 1:" s' . s'  ss   rs . s' = s0  rs  set rs  rset"
    using insert(5) by force
  obtain rs where 2:" ss = s0  rs" and 3:"set rs  rset" 
    using insert(4) 1 by blast
  obtain rs' where 4:"s = s0  rs'"and 5:"set rs'  rset"
    using insert(5) by blast
  have 6:" (insert s ss) = s  ( ss)"
    by (metis insert.hyps(1-3) insert_not_elem) 
  obtain rs'' where 7:" (insert s ss) = s0  rs''" 
    and 8:"set rs''  set rs'  set rs"
    using glb_common 2 4 6 by force
  have 9:"set rs''  rset" using 3 5 8 by blast
  show " rs .  (insert s ss) = s0  rs  set rs  rset"
    using 7 9 by blast
qed

end 

end