Theory Slicing.Postdomination
section ‹Postdomination›
theory Postdomination imports CFGExit begin
subsection ‹Standard Postdomination›
locale Postdomination = CFGExit sourcenode targetnode kind valid_edge Entry Exit
for sourcenode :: "'edge ⇒ 'node" and targetnode :: "'edge ⇒ 'node"
and kind :: "'edge ⇒ 'state edge_kind" and valid_edge :: "'edge ⇒ bool"
and Entry :: "'node" ("'('_Entry'_')") and Exit :: "'node" ("'('_Exit'_')") +
assumes Entry_path:"valid_node n ⟹ ∃as. (_Entry_) -as→* n"
and Exit_path:"valid_node n ⟹ ∃as. n -as→* (_Exit_)"
begin
definition postdominate :: "'node ⇒ 'node ⇒ bool" ("_ postdominates _" [51,0])
where postdominate_def:"n' postdominates n ≡
(valid_node n ∧ valid_node n' ∧
((∀as. n -as→* (_Exit_) ⟶ n' ∈ set (sourcenodes as))))"
lemma postdominate_implies_path:
assumes "n' postdominates n" obtains as where "n -as→* n'"
proof(atomize_elim)
from ‹n' postdominates n› have "valid_node n"
and all:"∀as. n -as→* (_Exit_) ⟶ n' ∈ set(sourcenodes as)"
by(auto simp:postdominate_def)
from ‹valid_node n› obtain as where "n -as→* (_Exit_)" by(auto dest:Exit_path)
with all have "n' ∈ set(sourcenodes as)" by simp
then obtain ns ns' where "sourcenodes as = ns@n'#ns'" by(auto dest:split_list)
then obtain as' a as'' where "sourcenodes as' = ns"
and "sourcenode a = n'" and "as = as'@a#as''"
by(fastforce elim:map_append_append_maps simp:sourcenodes_def)
from ‹n -as→* (_Exit_)› ‹as = as'@a#as''› have "n -as'→* sourcenode a"
by(fastforce dest:path_split)
with ‹sourcenode a = n'› show "∃as. n -as→* n'" by blast
qed
lemma postdominate_refl:
assumes valid:"valid_node n" and notExit:"n ≠ (_Exit_)"
shows "n postdominates n"
using valid
proof(induct rule:valid_node_cases)
case Entry
{ fix as assume path:"(_Entry_) -as→* (_Exit_)"
hence notempty:"as ≠ []"
apply - apply(erule path.cases)
by (drule sym,simp,drule Exit_noteq_Entry,auto)
with path have "hd (sourcenodes as) = (_Entry_)"
by(fastforce intro:path_sourcenode)
with notempty have "(_Entry_) ∈ set (sourcenodes as)"
by(fastforce intro:hd_in_set simp:sourcenodes_def) }
with Entry show ?thesis by(simp add:postdominate_def)
next
case Exit
with notExit have False by simp
thus ?thesis by simp
next
case inner
show ?thesis
proof(cases "∃as. n -as→* (_Exit_)")
case True
{ fix as' assume path':"n -as'→* (_Exit_)"
with inner have notempty:"as' ≠ []"
by(cases as',auto elim!:path.cases simp:inner_node_def)
with path' inner have hd:"hd (sourcenodes as') = n"
by -(rule path_sourcenode)
from notempty have "sourcenodes as' ≠ []" by(simp add:sourcenodes_def)
with hd[THEN sym] have "n ∈ set (sourcenodes as')" by simp }
hence "∀as. n -as→* (_Exit_) ⟶ n ∈ set (sourcenodes as)" by simp
with True inner show ?thesis by(simp add:postdominate_def inner_is_valid)
next
case False
with inner show ?thesis by(simp add:postdominate_def inner_is_valid)
qed
qed
lemma postdominate_trans:
assumes pd1:"n'' postdominates n" and pd2:"n' postdominates n''"
shows "n' postdominates n"
proof -
from pd1 pd2 have valid:"valid_node n" and valid':"valid_node n'"
by(simp_all add:postdominate_def)
{ fix as assume path:"n -as→* (_Exit_)"
with pd1 have "n'' ∈ set (sourcenodes as)" by(simp add:postdominate_def)
then obtain ns' ns'' where "sourcenodes as = ns'@n''#ns''"
by(auto dest:split_list)
then obtain as' as'' a
where as'':"sourcenodes as'' = ns''" and as:"as=as'@a#as''"
and source:"sourcenode a = n''"
by(fastforce elim:map_append_append_maps simp:sourcenodes_def)
from as path have "n -as'@a#as''→* (_Exit_)" by simp
with source have path':"n'' -a#as''→* (_Exit_)"
by(fastforce dest:path_split_second)
with pd2 have "n' ∈ set(sourcenodes (a#as''))"
by(auto simp:postdominate_def)
with as have "n' ∈ set(sourcenodes as)" by(auto simp:sourcenodes_def) }
with valid valid' show ?thesis by(simp add:postdominate_def)
qed
lemma postdominate_antisym:
assumes pd1:"n' postdominates n" and pd2:"n postdominates n'"
shows "n = n'"
proof -
from pd1 have valid:"valid_node n" and valid':"valid_node n'"
by(auto simp:postdominate_def)
from valid obtain as where path1:"n -as→* (_Exit_)" by(fastforce dest:Exit_path)
from valid' obtain as' where path2:"n' -as'→* (_Exit_)" by(fastforce dest:Exit_path)
from pd1 path1 have "∃nx ∈ set(sourcenodes as). nx = n'"
by(simp add:postdominate_def)
then obtain ns ns' where sources:"sourcenodes as = ns@n'#ns'"
and all:"∀nx ∈ set ns'. nx ≠ n'"
by(fastforce elim!: rightmost_element_property)
from sources obtain asx a asx' where ns':"ns' = sourcenodes asx'"
and as:"as = asx@a#asx'" and source:"sourcenode a = n'"
by(fastforce elim:map_append_append_maps simp:sourcenodes_def)
from path1 as have "n -asx@a#asx'→* (_Exit_)" by simp
with source have "n' -a#asx'→* (_Exit_)" by(fastforce dest:path_split_second)
with pd2 have "n ∈ set(sourcenodes (a#asx'))" by(simp add:postdominate_def)
with source have "n = n' ∨ n ∈ set(sourcenodes asx')" by(simp add:sourcenodes_def)
thus ?thesis
proof
assume "n = n'" thus ?thesis .
next
assume "n ∈ set(sourcenodes asx')"
then obtain nsx' nsx'' where "sourcenodes asx' = nsx'@n#nsx''"
by(auto dest:split_list)
then obtain asi asi' a' where asx':"asx' = asi@a'#asi'"
and source':"sourcenode a' = n"
by(fastforce elim:map_append_append_maps simp:sourcenodes_def)
with path1 as have "n -(asx@a#asi)@a'#asi'→* (_Exit_)" by simp
with source' have "n -a'#asi'→* (_Exit_)" by(fastforce dest:path_split_second)
with pd1 have "n' ∈ set(sourcenodes (a'#asi'))" by(auto simp:postdominate_def)
with source' have "n' = n ∨ n' ∈ set(sourcenodes asi')"
by(simp add:sourcenodes_def)
thus ?thesis
proof
assume "n' = n" thus ?thesis by(rule sym)
next
assume "n' ∈ set(sourcenodes asi')"
with asx' ns' have "n' ∈ set ns'" by(simp add:sourcenodes_def)
with all have False by blast
thus ?thesis by simp
qed
qed
qed
lemma postdominate_path_branch:
assumes "n -as→* n''" and "n' postdominates n''" and "¬ n' postdominates n"
obtains a as' as'' where "as = as'@a#as''" and "valid_edge a"
and "¬ n' postdominates (sourcenode a)" and "n' postdominates (targetnode a)"
proof(atomize_elim)
from assms
show "∃as' a as''. as = as'@a#as'' ∧ valid_edge a ∧
¬ n' postdominates (sourcenode a) ∧ n' postdominates (targetnode a)"
proof(induct rule:path.induct)
case (Cons_path n'' as nx a n)
note IH = ‹⟦n' postdominates nx; ¬ n' postdominates n''⟧
⟹ ∃as' a as''. as = as'@a#as'' ∧ valid_edge a ∧
¬ n' postdominates sourcenode a ∧ n' postdominates targetnode a›
show ?case
proof(cases "n' postdominates n''")
case True
with ‹¬ n' postdominates n› ‹sourcenode a = n› ‹targetnode a = n''›
‹valid_edge a›
show ?thesis by blast
next
case False
from IH[OF ‹n' postdominates nx› this] show ?thesis
by clarsimp(rule_tac x="a#as'" in exI,clarsimp)
qed
qed simp
qed
lemma Exit_no_postdominator:
"(_Exit_) postdominates n ⟹ False"
by(fastforce dest:Exit_path simp:postdominate_def)
lemma postdominate_path_targetnode:
assumes "n' postdominates n" and "n -as→* n''" and "n' ∉ set(sourcenodes as)"
shows "n' postdominates n''"
proof -
from ‹n' postdominates n› have "valid_node n" and "valid_node n'"
and all:"∀as''. n -as''→* (_Exit_) ⟶ n' ∈ set(sourcenodes as'')"
by(simp_all add:postdominate_def)
from ‹n -as→* n''› have "valid_node n''" by(fastforce dest:path_valid_node)
have "∀as''. n'' -as''→* (_Exit_) ⟶ n' ∈ set(sourcenodes as'')"
proof(rule ccontr)
assume "¬ (∀as''. n'' -as''→* (_Exit_) ⟶ n' ∈ set (sourcenodes as''))"
then obtain as'' where "n'' -as''→* (_Exit_)"
and "n' ∉ set (sourcenodes as'')" by blast
from ‹n -as→* n''› ‹n'' -as''→* (_Exit_)› have "n -as@as''→* (_Exit_)"
by(rule path_Append)
with ‹n' ∉ set(sourcenodes as)› ‹n' ∉ set (sourcenodes as'')›
have "n' ∉ set (sourcenodes (as@as''))"
by(simp add:sourcenodes_def)
with ‹n -as@as''→* (_Exit_)› ‹n' postdominates n› show False
by(simp add:postdominate_def)
qed
with ‹valid_node n'› ‹valid_node n''› show ?thesis by(simp add:postdominate_def)
qed
lemma not_postdominate_source_not_postdominate_target:
assumes "¬ n postdominates (sourcenode a)" and "valid_node n" and "valid_edge a"
obtains ax where "sourcenode a = sourcenode ax" and "valid_edge ax"
and "¬ n postdominates targetnode ax"
proof(atomize_elim)
show "∃ax. sourcenode a = sourcenode ax ∧ valid_edge ax ∧
¬ n postdominates targetnode ax"
proof -
from assms obtain asx
where "sourcenode a -asx→* (_Exit_)"
and "n ∉ set(sourcenodes asx)" by(auto simp:postdominate_def)
from ‹sourcenode a -asx→* (_Exit_)› ‹valid_edge a›
obtain ax asx' where [simp]:"asx = ax#asx'"
apply - apply(erule path.cases)
apply(drule_tac s="(_Exit_)" in sym)
apply simp
apply(drule Exit_source)
by simp_all
with ‹sourcenode a -asx→* (_Exit_)› have "sourcenode a -[]@ax#asx'→* (_Exit_)"
by simp
hence "valid_edge ax" and "sourcenode a = sourcenode ax"
and "targetnode ax -asx'→* (_Exit_)"
by(fastforce dest:path_split)+
with ‹n ∉ set(sourcenodes asx)› have "¬ n postdominates targetnode ax"
by(fastforce simp:postdominate_def sourcenodes_def)
with ‹sourcenode a = sourcenode ax› ‹valid_edge ax› show ?thesis by blast
qed
qed
lemma inner_node_Entry_edge:
assumes "inner_node n"
obtains a where "valid_edge a" and "inner_node (targetnode a)"
and "sourcenode a = (_Entry_)"
proof(atomize_elim)
from ‹inner_node n› have "valid_node n" by(rule inner_is_valid)
then obtain as where "(_Entry_) -as→* n" by(fastforce dest:Entry_path)
show "∃a. valid_edge a ∧ inner_node (targetnode a) ∧ sourcenode a = (_Entry_)"
proof(cases "as = []")
case True
with ‹inner_node n› ‹(_Entry_) -as→* n› have False
by(fastforce simp:inner_node_def)
thus ?thesis by simp
next
case False
with ‹(_Entry_) -as→* n› obtain a' as' where "as = a'#as'"
and "(_Entry_) = sourcenode a'" and "valid_edge a'"
and "targetnode a' -as'→* n"
by -(erule path_split_Cons)
from ‹valid_edge a'› have "valid_node (targetnode a')" by simp
thus ?thesis
proof(cases "targetnode a'" rule:valid_node_cases)
case Entry
from ‹valid_edge a'› this have False by(rule Entry_target)
thus ?thesis by simp
next
case Exit
with ‹targetnode a' -as'→* n› ‹inner_node n›
have False by simp (drule path_Exit_source,auto simp:inner_node_def)
thus ?thesis by simp
next
case inner
with ‹valid_edge a'› ‹(_Entry_) = sourcenode a'› show ?thesis by simp blast
qed
qed
qed
lemma inner_node_Exit_edge:
assumes "inner_node n"
obtains a where "valid_edge a" and "inner_node (sourcenode a)"
and "targetnode a = (_Exit_)"
proof(atomize_elim)
from ‹inner_node n› have "valid_node n" by(rule inner_is_valid)
then obtain as where "n -as→* (_Exit_)" by(fastforce dest:Exit_path)
show "∃a. valid_edge a ∧ inner_node (sourcenode a) ∧ targetnode a = (_Exit_)"
proof(cases "as = []")
case True
with ‹inner_node n› ‹n -as→* (_Exit_)› have False by fastforce
thus ?thesis by simp
next
case False
with ‹n -as→* (_Exit_)› obtain a' as' where "as = as'@[a']"
and "n -as'→* sourcenode a'" and "valid_edge a'"
and "(_Exit_) = targetnode a'" by -(erule path_split_snoc)
from ‹valid_edge a'› have "valid_node (sourcenode a')" by simp
thus ?thesis
proof(cases "sourcenode a'" rule:valid_node_cases)
case Entry
with ‹n -as'→* sourcenode a'› ‹inner_node n›
have False by simp (drule path_Entry_target,auto simp:inner_node_def)
thus ?thesis by simp
next
case Exit
from ‹valid_edge a'› this have False by(rule Exit_source)
thus ?thesis by simp
next
case inner
with ‹valid_edge a'› ‹(_Exit_) = targetnode a'› show ?thesis by simp blast
qed
qed
qed
end
subsection ‹Strong Postdomination›
locale StrongPostdomination =
Postdomination sourcenode targetnode kind valid_edge Entry Exit
for sourcenode :: "'edge ⇒ 'node" and targetnode :: "'edge ⇒ 'node"
and kind :: "'edge ⇒ 'state edge_kind" and valid_edge :: "'edge ⇒ bool"
and Entry :: "'node" ("'('_Entry'_')") and Exit :: "'node" ("'('_Exit'_')") +
assumes successor_set_finite: "valid_node n ⟹
finite {n'. ∃a'. valid_edge a' ∧ sourcenode a' = n ∧ targetnode a' = n'}"
begin
definition strong_postdominate :: "'node ⇒ 'node ⇒ bool"
("_ strongly-postdominates _" [51,0])
where strong_postdominate_def:"n' strongly-postdominates n ≡
(n' postdominates n ∧
(∃k ≥ 1. ∀as nx. n -as→* nx ∧
length as ≥ k ⟶ n' ∈ set(sourcenodes as)))"
lemma strong_postdominate_prop_smaller_path:
assumes all:"∀as nx. n -as→* nx ∧ length as ≥ k ⟶ n' ∈ set(sourcenodes as)"
and "n -as→* n''" and "length as ≥ k"
obtains as' as'' where "n -as'→* n'" and "length as' < k" and "n' -as''→* n''"
and "as = as'@as''"
proof(atomize_elim)
show "∃as' as''. n -as'→* n' ∧ length as' < k ∧ n' -as''→* n'' ∧ as = as'@as''"
proof(rule ccontr)
assume "¬ (∃as' as''. n -as'→* n' ∧ length as' < k ∧ n' -as''→* n'' ∧
as = as'@as'')"
hence all':"∀as' as''. n -as'→* n' ∧ n' -as''→* n'' ∧ as = as'@as''
⟶ length as' ≥ k" by fastforce
from all ‹n -as→* n''› ‹length as ≥ k› have "∃nx ∈ set(sourcenodes as). nx = n'"
by fastforce
then obtain ns ns' where "sourcenodes as = ns@n'#ns'"
and "∀nx ∈ set ns. nx ≠ n'"
by(fastforce elim!:split_list_first_propE)
then obtain asx a asx' where [simp]:"ns = sourcenodes asx"
and [simp]:"as = asx@a#asx'" and "sourcenode a = n'"
by(fastforce elim:map_append_append_maps simp:sourcenodes_def)
from ‹n -as→* n''› have "n -asx@a#asx'→* n''" by simp
with ‹sourcenode a = n'› have "n -asx→* n'" and "valid_edge a"
and "targetnode a -asx'→* n''" by(fastforce dest:path_split)+
with ‹sourcenode a = n'› have "n' -a#asx'→* n''" by(fastforce intro:Cons_path)
with ‹n -asx→* n'› all' have "length asx ≥ k" by simp
with ‹n -asx→* n'› all have "n' ∈ set(sourcenodes asx)" by fastforce
with ‹∀nx ∈ set ns. nx ≠ n'› show False by fastforce
qed
qed
lemma strong_postdominate_refl:
assumes "valid_node n" and "n ≠ (_Exit_)"
shows "n strongly-postdominates n"
proof -
from assms have "n postdominates n" by(rule postdominate_refl)
{ fix as nx assume "n -as→* nx" and "length as ≥ 1"
then obtain a' as' where [simp]:"as = a'#as'" by(cases as) auto
with ‹n -as→* nx› have "n -[]@a'#as'→* nx" by simp
hence "n = sourcenode a'" by(fastforce dest:path_split)
hence "n ∈ set(sourcenodes as)" by(simp add:sourcenodes_def) }
hence "∀as nx. n -as→* nx ∧ length as ≥ 1 ⟶ n ∈ set(sourcenodes as)"
by auto
hence "∃k ≥ 1. ∀as nx. n -as→* nx ∧ length as ≥ k ⟶ n ∈ set(sourcenodes as)"
by blast
with ‹n postdominates n› show ?thesis by(simp add:strong_postdominate_def)
qed
lemma strong_postdominate_trans:
assumes "n'' strongly-postdominates n" and "n' strongly-postdominates n''"
shows "n' strongly-postdominates n"
proof -
from ‹n'' strongly-postdominates n› have "n'' postdominates n"
and paths1:"∃k ≥ 1. ∀as nx. n -as→* nx ∧ length as ≥ k
⟶ n'' ∈ set(sourcenodes as)"
by(auto simp only:strong_postdominate_def)
from paths1 obtain k1
where all1:"∀as nx. n -as→* nx ∧ length as ≥ k1 ⟶ n'' ∈ set(sourcenodes as)"
and "k1 ≥ 1" by blast
from ‹n' strongly-postdominates n''› have "n' postdominates n''"
and paths2:"∃k ≥ 1. ∀as nx. n'' -as→* nx ∧ length as ≥ k
⟶ n' ∈ set(sourcenodes as)"
by(auto simp only:strong_postdominate_def)
from paths2 obtain k2
where all2:"∀as nx. n'' -as→* nx ∧ length as ≥ k2 ⟶ n' ∈ set(sourcenodes as)"
and "k2 ≥ 1" by blast
from ‹n'' postdominates n› ‹n' postdominates n''›
have "n' postdominates n" by(rule postdominate_trans)
{ fix as nx assume "n -as→* nx" and "length as ≥ k1 + k2"
hence "length as ≥ k1" by fastforce
with ‹n -as→* nx› all1 obtain asx asx' where "n -asx→* n''"
and "length asx < k1" and "n'' -asx'→* nx"
and [simp]:"as = asx@asx'" by -(erule strong_postdominate_prop_smaller_path)
with ‹length as ≥ k1 + k2› have "length asx' ≥ k2" by fastforce
with ‹n'' -asx'→* nx› all2 have "n' ∈ set(sourcenodes asx')" by fastforce
hence "n' ∈ set(sourcenodes as)" by(simp add:sourcenodes_def) }
with ‹k1 ≥ 1› ‹k2 ≥ 1› have "∃k ≥ 1. ∀as nx. n -as→* nx ∧ length as ≥ k
⟶ n' ∈ set(sourcenodes as)"
by(rule_tac x="k1 + k2" in exI,auto)
with ‹n' postdominates n› show ?thesis by(simp add:strong_postdominate_def)
qed
lemma strong_postdominate_antisym:
"⟦n' strongly-postdominates n; n strongly-postdominates n'⟧ ⟹ n = n'"
by(fastforce intro:postdominate_antisym simp:strong_postdominate_def)
lemma strong_postdominate_path_branch:
assumes "n -as→* n''" and "n' strongly-postdominates n''"
and "¬ n' strongly-postdominates n"
obtains a as' as'' where "as = as'@a#as''" and "valid_edge a"
and "¬ n' strongly-postdominates (sourcenode a)"
and "n' strongly-postdominates (targetnode a)"
proof(atomize_elim)
from assms
show "∃as' a as''. as = as'@a#as'' ∧ valid_edge a ∧
¬ n' strongly-postdominates (sourcenode a) ∧
n' strongly-postdominates (targetnode a)"
proof(induct rule:path.induct)
case (Cons_path n'' as nx a n)
note IH = ‹⟦n' strongly-postdominates nx; ¬ n' strongly-postdominates n''⟧
⟹ ∃as' a as''. as = as'@a#as'' ∧ valid_edge a ∧
¬ n' strongly-postdominates sourcenode a ∧
n' strongly-postdominates targetnode a›
show ?case
proof(cases "n' strongly-postdominates n''")
case True
with ‹¬ n' strongly-postdominates n› ‹sourcenode a = n› ‹targetnode a = n''›
‹valid_edge a›
show ?thesis by blast
next
case False
from IH[OF ‹n' strongly-postdominates nx› this] show ?thesis
by clarsimp(rule_tac x="a#as'" in exI,clarsimp)
qed
qed simp
qed
lemma Exit_no_strong_postdominator:
"⟦(_Exit_) strongly-postdominates n; n -as→* (_Exit_)⟧ ⟹ False"
by(fastforce intro:Exit_no_postdominator path_valid_node simp:strong_postdominate_def)
lemma strong_postdominate_path_targetnode:
assumes "n' strongly-postdominates n" and "n -as→* n''"
and "n' ∉ set(sourcenodes as)"
shows "n' strongly-postdominates n''"
proof -
from ‹n' strongly-postdominates n› have "n' postdominates n"
and "∃k ≥ 1. ∀as nx. n -as→* nx ∧ length as ≥ k
⟶ n' ∈ set(sourcenodes as)"
by(auto simp only:strong_postdominate_def)
then obtain k where "k ≥ 1"
and paths:"∀as nx. n -as→* nx ∧ length as ≥ k
⟶ n' ∈ set(sourcenodes as)" by auto
from ‹n' postdominates n› ‹n -as→* n''› ‹n' ∉ set(sourcenodes as)›
have "n' postdominates n''"
by(rule postdominate_path_targetnode)
{ fix as' nx assume "n'' -as'→* nx" and "length as' ≥ k"
with ‹n -as→* n''› have "n -as@as'→* nx" and "length (as@as') ≥ k"
by(auto intro:path_Append)
with paths have "n' ∈ set(sourcenodes (as@as'))" by fastforce
with ‹n' ∉ set(sourcenodes as)› have "n' ∈ set(sourcenodes as')"
by(fastforce simp:sourcenodes_def) }
with ‹k ≥ 1› have "∃k ≥ 1. ∀as' nx. n'' -as'→* nx ∧ length as' ≥ k
⟶ n' ∈ set(sourcenodes as')" by auto
with ‹n' postdominates n''› show ?thesis by(simp add:strong_postdominate_def)
qed
lemma not_strong_postdominate_successor_set:
assumes "¬ n strongly-postdominates (sourcenode a)" and "valid_node n"
and "valid_edge a"
and all:"∀nx ∈ N. ∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
targetnode a' = nx ∧ n strongly-postdominates nx"
obtains a' where "valid_edge a'" and "sourcenode a' = sourcenode a"
and "targetnode a' ∉ N"
proof(atomize_elim)
show "∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧ targetnode a' ∉ N"
proof(cases "n postdominates (sourcenode a)")
case False
with ‹valid_edge a› ‹valid_node n›
obtain a' where [simp]:"sourcenode a = sourcenode a'"
and "valid_edge a'" and "¬ n postdominates targetnode a'"
by -(erule not_postdominate_source_not_postdominate_target)
with all have "targetnode a' ∉ N" by(auto simp:strong_postdominate_def)
with ‹valid_edge a'› show ?thesis by simp blast
next
case True
let ?M = "{n'. ∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
targetnode a' = n'}"
let ?M' = "{n'. ∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
targetnode a' = n' ∧ n strongly-postdominates n'}"
let ?N' = "(λn'. SOME i. i ≥ 1 ∧
(∀as nx. n' -as→* nx ∧ length as ≥ i
⟶ n ∈ set(sourcenodes as))) ` N"
obtain k where [simp]:"k = Max ?N'" by simp
have eq:"{x ∈ ?M. (λn'. n strongly-postdominates n') x} = ?M'" by auto
from ‹valid_edge a› have "finite ?M" by(simp add:successor_set_finite)
hence "finite {x ∈ ?M. (λn'. n strongly-postdominates n') x}" by fastforce
with eq have "finite ?M'" by simp
from all have "N ⊆ ?M'" by auto
with ‹finite ?M'› have "finite N" by(auto intro:finite_subset)
hence "finite ?N'" by fastforce
show ?thesis
proof(rule ccontr)
assume "¬ (∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
targetnode a' ∉ N)"
hence allImp:"∀a'. valid_edge a' ∧ sourcenode a' = sourcenode a
⟶ targetnode a' ∈ N" by blast
from True ‹¬ n strongly-postdominates (sourcenode a)›
have allPaths:"∀k ≥ 1. ∃as nx. sourcenode a -as→* nx ∧ length as ≥ k
∧ n ∉ set(sourcenodes as)" by(auto simp:strong_postdominate_def)
then obtain as nx where "sourcenode a -as→* nx"
and "length as ≥ k + 1" and "n ∉ set(sourcenodes as)"
by (erule_tac x="k + 1" in allE) auto
then obtain ax as' where [simp]:"as = ax#as'" and "valid_edge ax"
and "sourcenode ax = sourcenode a" and "targetnode ax -as'→* nx"
by -(erule path.cases,auto)
with allImp have "targetnode ax ∈ N" by fastforce
with all have "n strongly-postdominates (targetnode ax)"
by auto
then obtain k' where k':"k' = (SOME i. i ≥ 1 ∧
(∀as nx. targetnode ax -as→* nx ∧ length as ≥ i
⟶ n ∈ set(sourcenodes as)))" by simp
with ‹n strongly-postdominates (targetnode ax)›
have "k' ≥ 1 ∧ (∀as nx. targetnode ax -as→* nx ∧ length as ≥ k'
⟶ n ∈ set(sourcenodes as))"
by(auto elim!:someI_ex simp:strong_postdominate_def)
hence "k' ≥ 1"
and spdAll:"∀as nx. targetnode ax -as→* nx ∧ length as ≥ k'
⟶ n ∈ set(sourcenodes as)"
by simp_all
from ‹targetnode ax ∈ N› k' have "k' ∈ ?N'" by blast
with ‹targetnode ax ∈ N› have "?N' ≠ {}" by auto
with ‹k' ∈ ?N'› have "k' ≤ Max ?N'" using ‹finite ?N'› by(fastforce intro:Max_ge)
hence "k' ≤ k" by simp
with ‹targetnode ax -as'→* nx› ‹length as ≥ k + 1› spdAll
have "n ∈ set(sourcenodes as')"
by fastforce
with ‹n ∉ set(sourcenodes as)› show False by(simp add:sourcenodes_def)
qed
qed
qed
lemma not_strong_postdominate_predecessor_successor:
assumes "¬ n strongly-postdominates (sourcenode a)"
and "valid_node n" and "valid_edge a"
obtains a' where "valid_edge a'" and "sourcenode a' = sourcenode a"
and "¬ n strongly-postdominates (targetnode a')"
proof(atomize_elim)
show "∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
¬ n strongly-postdominates (targetnode a')"
proof(rule ccontr)
assume "¬ (∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
¬ n strongly-postdominates targetnode a')"
hence all:"∀a'. valid_edge a' ∧ sourcenode a' = sourcenode a ⟶
n strongly-postdominates (targetnode a')" by auto
let ?N = "{n'. ∃a'. sourcenode a' = sourcenode a ∧ valid_edge a' ∧
targetnode a' = n'}"
from all have "∀nx ∈ ?N. ∃a'. valid_edge a' ∧ sourcenode a' = sourcenode a ∧
targetnode a' = nx ∧ n strongly-postdominates nx"
by auto
with assms obtain a' where "valid_edge a'"
and "sourcenode a' = sourcenode a" and "targetnode a' ∉ ?N"
by(erule not_strong_postdominate_successor_set)
thus False by auto
qed
qed
end
end