Theory HOL.Random

(* Author: Florian Haftmann, TU Muenchen *)

section ‹A HOL random engine›

theory Random
imports List Groups_List Code_Numeral
begin

subsection ‹Auxiliary functions›

fun log :: "natural  natural  natural" where
  "log b i = (if b  1  i < b then 1 else 1 + log b (i div b))"

definition inc_shift :: "natural  natural  natural" where
  "inc_shift v k = (if v = k then 1 else k + 1)"

definition minus_shift :: "natural  natural  natural  natural" where
  "minus_shift r k l = (if k < l then r + k - l else k - l)"


subsection ‹Random seeds›

type_synonym seed = "natural × natural"

primrec "next" :: "seed  natural × seed" where
  "next (v, w) = (let
     k =  v div 53668;
     v' = minus_shift 2147483563 ((v mod 53668) * 40014) (k * 12211);
     l =  w div 52774;
     w' = minus_shift 2147483399 ((w mod 52774) * 40692) (l * 3791);
     z =  minus_shift 2147483562 v' (w' + 1) + 1
   in (z, (v', w')))"

definition split_seed :: "seed  seed × seed" where
  "split_seed s = (let
     (v, w) = s;
     (v', w') = snd (next s);
     v'' = inc_shift 2147483562 v;
     w'' = inc_shift 2147483398 w
   in ((v'', w'), (v', w'')))"


subsection ‹Base selectors›

context
  includes state_combinator_syntax
begin

fun iterate :: "natural  ('b  'a  'b × 'a)  'b  'a  'b × 'a" where
  "iterate k f x = (if k = 0 then Pair x else f x ∘→ iterate (k - 1) f)"

definition range :: "natural  seed  natural × seed" where
  "range k = iterate (log 2147483561 k)
      (λl. next ∘→ (λv. Pair (v + l * 2147483561))) 1
    ∘→ (λv. Pair (v mod k))"

lemma range:
  "k > 0  fst (range k s) < k"
  by (simp add: range_def split_def less_natural_def del: log.simps iterate.simps)

definition select :: "'a list  seed  'a × seed" where
  "select xs = range (natural_of_nat (length xs))
    ∘→ (λk. Pair (nth xs (nat_of_natural k)))"
     
lemma select:
  assumes "xs  []"
  shows "fst (select xs s)  set xs"
proof -
  from assms have "natural_of_nat (length xs) > 0" by (simp add: less_natural_def)
  with range have
    "fst (range (natural_of_nat (length xs)) s) < natural_of_nat (length xs)" by best
  then have
    "nat_of_natural (fst (range (natural_of_nat (length xs)) s)) < length xs" by (simp add: less_natural_def)
  then show ?thesis
    by (simp add: split_beta select_def)
qed

primrec pick :: "(natural × 'a) list  natural  'a" where
  "pick (x # xs) i = (if i < fst x then snd x else pick xs (i - fst x))"

lemma pick_member:
  "i < sum_list (map fst xs)  pick xs i  set (map snd xs)"
  by (induct xs arbitrary: i) (simp_all add: less_natural_def)

lemma pick_drop_zero:
  "pick (filter (λ(k, _). k > 0) xs) = pick xs"
  by (induct xs) (auto simp add: fun_eq_iff less_natural_def minus_natural_def)

lemma pick_same:
  "l < length xs  Random.pick (map (Pair 1) xs) (natural_of_nat l) = nth xs l"
proof (induct xs arbitrary: l)
  case Nil then show ?case by simp
next
  case (Cons x xs) then show ?case by (cases l) (simp_all add: less_natural_def)
qed

definition select_weight :: "(natural × 'a) list  seed  'a × seed" where
  "select_weight xs = range (sum_list (map fst xs))
   ∘→ (λk. Pair (pick xs k))"

lemma select_weight_member:
  assumes "0 < sum_list (map fst xs)"
  shows "fst (select_weight xs s)  set (map snd xs)"
proof -
  from range assms
    have "fst (range (sum_list (map fst xs)) s) < sum_list (map fst xs)" .
  with pick_member
    have "pick xs (fst (range (sum_list (map fst xs)) s))  set (map snd xs)" .
  then show ?thesis by (simp add: select_weight_def scomp_def split_def) 
qed

lemma select_weight_cons_zero:
  "select_weight ((0, x) # xs) = select_weight xs"
  by (simp add: select_weight_def less_natural_def)

lemma select_weight_drop_zero:
  "select_weight (filter (λ(k, _). k > 0) xs) = select_weight xs"
proof -
  have "sum_list (map fst [(k, _)xs . 0 < k]) = sum_list (map fst xs)"
    by (induct xs) (auto simp add: less_natural_def natural_eq_iff)
  then show ?thesis by (simp only: select_weight_def pick_drop_zero)
qed

lemma select_weight_select:
  assumes "xs  []"
  shows "select_weight (map (Pair 1) xs) = select xs"
proof -
  have less: "s. fst (range (natural_of_nat (length xs)) s) < natural_of_nat (length xs)"
    using assms by (intro range) (simp add: less_natural_def)
  moreover have "sum_list (map fst (map (Pair 1) xs)) = natural_of_nat (length xs)"
    by (induct xs) simp_all
  ultimately show ?thesis
    by (auto simp add: select_weight_def select_def scomp_def split_def
      fun_eq_iff pick_same [symmetric] less_natural_def)
qed

end


subsection ML› interface›

code_reflect Random_Engine
  functions range select select_weight

ML structure Random_Engine =
struct

open Random_Engine;

type seed = Code_Numeral.natural * Code_Numeral.natural;

local

val seed = Unsynchronized.ref 
  (let
    val now = Time.toMilliseconds (Time.now ());
    val (q, s1) = IntInf.divMod (now, 2147483562);
    val s2 = q mod 2147483398;
  in apply2 Code_Numeral.natural_of_integer (s1 + 1, s2 + 1) end);

in

fun next_seed () =
  let
    val (seed1, seed') = @{code split_seed} (! seed)
    val _ = seed := seed'
  in
    seed1
  end

fun run f =
  let
    val (x, seed') = f (! seed);
    val _ = seed := seed'
  in x end;

end;

end;

hide_type (open) seed
hide_const (open) inc_shift minus_shift log "next" split_seed
  iterate range select pick select_weight
hide_fact (open) range_def

end