src/HOL/ex/Quickcheck_Generators.thy
author wenzelm
Sun Mar 08 17:26:14 2009 +0100 (2009-03-08)
changeset 30364 577edc39b501
parent 30280 eb98b49ef835
child 30945 0418e9bffbba
permissions -rw-r--r--
moved basic algebra of long names from structure NameSpace to Long_Name;
haftmann@29132
     1
(* Author: Florian Haftmann, TU Muenchen *)
haftmann@26265
     2
haftmann@29808
     3
header {* Experimental counterexample generators *}
haftmann@26265
     4
haftmann@29808
     5
theory Quickcheck_Generators
haftmann@29808
     6
imports Quickcheck State_Monad
haftmann@26265
     7
begin
haftmann@26265
     8
haftmann@29808
     9
subsection {* Type @{typ "'a \<Rightarrow> 'b"} *}
haftmann@26267
    10
haftmann@26267
    11
ML {*
haftmann@26267
    12
structure Random_Engine =
haftmann@26267
    13
struct
haftmann@26267
    14
haftmann@26267
    15
open Random_Engine;
haftmann@26267
    16
haftmann@26325
    17
fun random_fun (T1 : typ) (T2 : typ) (eq : 'a -> 'a -> bool) (term_of : 'a -> term)
haftmann@26325
    18
    (random : Random_Engine.seed -> ('b * (unit -> term)) * Random_Engine.seed)
haftmann@26267
    19
    (random_split : Random_Engine.seed -> Random_Engine.seed * Random_Engine.seed)
haftmann@26267
    20
    (seed : Random_Engine.seed) =
haftmann@26267
    21
  let
haftmann@26267
    22
    val (seed', seed'') = random_split seed;
haftmann@28524
    23
    val state = ref (seed', [], Const (@{const_name undefined}, T1 --> T2));
haftmann@26325
    24
    val fun_upd = Const (@{const_name fun_upd},
haftmann@26325
    25
      (T1 --> T2) --> T1 --> T2 --> T1 --> T2);
haftmann@26267
    26
    fun random_fun' x =
haftmann@26267
    27
      let
haftmann@26325
    28
        val (seed, fun_map, f_t) = ! state;
haftmann@26267
    29
      in case AList.lookup (uncurry eq) fun_map x
haftmann@26267
    30
       of SOME y => y
haftmann@26267
    31
        | NONE => let
haftmann@26325
    32
              val t1 = term_of x;
haftmann@26325
    33
              val ((y, t2), seed') = random seed;
haftmann@26325
    34
              val fun_map' = (x, y) :: fun_map;
haftmann@26325
    35
              val f_t' = fun_upd $ f_t $ t1 $ t2 ();
haftmann@26325
    36
              val _ = state := (seed', fun_map', f_t');
haftmann@26267
    37
            in y end
haftmann@26267
    38
      end;
haftmann@26325
    39
    fun term_fun' () = #3 (! state);
haftmann@26325
    40
  in ((random_fun', term_fun'), seed'') end;
haftmann@26267
    41
haftmann@26267
    42
end
haftmann@26267
    43
*}
haftmann@26267
    44
haftmann@26267
    45
axiomatization
haftmann@28335
    46
  random_fun_aux :: "typerep \<Rightarrow> typerep \<Rightarrow> ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> term)
haftmann@26325
    47
    \<Rightarrow> (seed \<Rightarrow> ('b \<times> (unit \<Rightarrow> term)) \<times> seed) \<Rightarrow> (seed \<Rightarrow> seed \<times> seed)
haftmann@26325
    48
    \<Rightarrow> seed \<Rightarrow> (('a \<Rightarrow> 'b) \<times> (unit \<Rightarrow> term)) \<times> seed"
haftmann@26267
    49
haftmann@26267
    50
code_const random_fun_aux (SML "Random'_Engine.random'_fun")
haftmann@26267
    51
haftmann@26325
    52
instantiation "fun" :: ("{eq, term_of}", "{type, random}") random
haftmann@26267
    53
begin
haftmann@26267
    54
haftmann@26325
    55
definition random_fun :: "index \<Rightarrow> seed \<Rightarrow> (('a \<Rightarrow> 'b) \<times> (unit \<Rightarrow> term)) \<times> seed" where
haftmann@28335
    56
  "random n = random_fun_aux TYPEREP('a) TYPEREP('b) (op =) Code_Eval.term_of (random n) split_seed"
haftmann@26267
    57
haftmann@26267
    58
instance ..
haftmann@26267
    59
haftmann@26267
    60
end
haftmann@26267
    61
haftmann@26267
    62
code_reserved SML Random_Engine
haftmann@26265
    63
haftmann@29808
    64
haftmann@29808
    65
subsection {* Datatypes *}
haftmann@29132
    66
haftmann@29132
    67
definition
haftmann@29132
    68
  collapse :: "('a \<Rightarrow> ('a \<Rightarrow> 'b \<times> 'a) \<times> 'a) \<Rightarrow> 'a \<Rightarrow> 'b \<times> 'a" where
haftmann@29132
    69
  "collapse f = (do g \<leftarrow> f; g done)"
haftmann@29132
    70
haftmann@29132
    71
ML {*
haftmann@29132
    72
structure StateMonad =
haftmann@29132
    73
struct
haftmann@29132
    74
haftmann@29132
    75
fun liftT T sT = sT --> HOLogic.mk_prodT (T, sT);
haftmann@29132
    76
fun liftT' sT = sT --> sT;
haftmann@29132
    77
haftmann@29132
    78
fun return T sT x = Const (@{const_name return}, T --> liftT T sT) $ x;
haftmann@29132
    79
haftmann@29132
    80
fun scomp T1 T2 sT f g = Const (@{const_name scomp},
haftmann@29132
    81
  liftT T1 sT --> (T1 --> liftT T2 sT) --> liftT T2 sT) $ f $ g;
haftmann@29132
    82
haftmann@29132
    83
end;
haftmann@29132
    84
*}
haftmann@29132
    85
haftmann@29132
    86
lemma random'_if:
haftmann@29132
    87
  fixes random' :: "index \<Rightarrow> index \<Rightarrow> seed \<Rightarrow> ('a \<times> (unit \<Rightarrow> term)) \<times> seed"
haftmann@29132
    88
  assumes "random' 0 j = (\<lambda>s. undefined)"
haftmann@29132
    89
    and "\<And>i. random' (Suc_index i) j = rhs2 i"
haftmann@29132
    90
  shows "random' i j s = (if i = 0 then undefined else rhs2 (i - 1) s)"
haftmann@29132
    91
  by (cases i rule: index.exhaust) (insert assms, simp_all)
haftmann@29132
    92
haftmann@29132
    93
setup {*
haftmann@29132
    94
let
haftmann@29132
    95
  exception REC of string;
haftmann@29132
    96
  exception TYP of string;
haftmann@29132
    97
  fun mk_collapse thy ty = Sign.mk_const thy
haftmann@29132
    98
    (@{const_name collapse}, [@{typ seed}, ty]);
haftmann@29132
    99
  fun term_ty ty = HOLogic.mk_prodT (ty, @{typ "unit \<Rightarrow> term"});
haftmann@29132
   100
  fun mk_split thy ty ty' = Sign.mk_const thy
haftmann@29132
   101
    (@{const_name split}, [ty, @{typ "unit \<Rightarrow> term"}, StateMonad.liftT (term_ty ty') @{typ seed}]);
haftmann@29132
   102
  fun mk_scomp_split thy ty ty' t t' =
haftmann@29132
   103
    StateMonad.scomp (term_ty ty) (term_ty ty') @{typ seed} t
haftmann@29132
   104
      (mk_split thy ty ty' $ Abs ("", ty, Abs ("", @{typ "unit \<Rightarrow> term"}, t')))
haftmann@29132
   105
  fun mk_cons thy this_ty (c, args) =
haftmann@29132
   106
    let
haftmann@29132
   107
      val tys = map (fst o fst) args;
haftmann@29132
   108
      val c_ty = tys ---> this_ty;
haftmann@29132
   109
      val c = Const (c, tys ---> this_ty);
haftmann@29132
   110
      val t_indices = map (curry ( op * ) 2) (length tys - 1 downto 0);
haftmann@29132
   111
      val c_indices = map (curry ( op + ) 1) t_indices;
haftmann@29132
   112
      val c_t = list_comb (c, map Bound c_indices);
haftmann@29132
   113
      val t_t = Abs ("", @{typ unit}, Eval.mk_term Free Typerep.typerep
haftmann@29132
   114
        (list_comb (c, map (fn k => Bound (k + 1)) t_indices))
haftmann@29132
   115
        |> map_aterms (fn t as Bound _ => t $ @{term "()"} | t => t));
haftmann@29132
   116
      val return = StateMonad.return (term_ty this_ty) @{typ seed}
haftmann@29132
   117
        (HOLogic.mk_prod (c_t, t_t));
haftmann@29132
   118
      val t = fold_rev (fn ((ty, _), random) =>
haftmann@29132
   119
        mk_scomp_split thy ty this_ty random)
haftmann@29132
   120
          args return;
haftmann@29132
   121
      val is_rec = exists (snd o fst) args;
haftmann@29132
   122
    in (is_rec, t) end;
haftmann@29132
   123
  fun mk_conss thy ty [] = NONE
haftmann@29132
   124
    | mk_conss thy ty [(_, t)] = SOME t
haftmann@29132
   125
    | mk_conss thy ty ts = SOME (mk_collapse thy (term_ty ty) $
haftmann@29132
   126
          (Sign.mk_const thy (@{const_name select}, [StateMonad.liftT (term_ty ty) @{typ seed}]) $
haftmann@29132
   127
            HOLogic.mk_list (StateMonad.liftT (term_ty ty) @{typ seed}) (map snd ts)));
haftmann@29132
   128
  fun mk_clauses thy ty (tyco, (ts_rec, ts_atom)) = 
haftmann@29132
   129
    let
haftmann@29132
   130
      val SOME t_atom = mk_conss thy ty ts_atom;
haftmann@29132
   131
    in case mk_conss thy ty ts_rec
haftmann@29132
   132
     of SOME t_rec => mk_collapse thy (term_ty ty) $
haftmann@29132
   133
          (Sign.mk_const thy (@{const_name select_default}, [StateMonad.liftT (term_ty ty) @{typ seed}]) $
haftmann@29132
   134
             @{term "i\<Colon>index"} $ t_rec $ t_atom)
haftmann@29132
   135
      | NONE => t_atom
haftmann@29132
   136
    end;
haftmann@29132
   137
  fun mk_random_eqs thy vs tycos =
haftmann@29132
   138
    let
haftmann@29132
   139
      val this_ty = Type (hd tycos, map TFree vs);
haftmann@29132
   140
      val this_ty' = StateMonad.liftT (term_ty this_ty) @{typ seed};
wenzelm@30364
   141
      val random_name = Long_Name.base_name @{const_name random};
haftmann@29132
   142
      val random'_name = random_name ^ "_" ^ Class.type_name (hd tycos) ^ "'";
haftmann@29132
   143
      fun random ty = Sign.mk_const thy (@{const_name random}, [ty]);
haftmann@29132
   144
      val random' = Free (random'_name,
haftmann@29132
   145
        @{typ index} --> @{typ index} --> this_ty');
haftmann@29132
   146
      fun atom ty = if Sign.of_sort thy (ty, @{sort random})
haftmann@29132
   147
        then ((ty, false), random ty $ @{term "j\<Colon>index"})
haftmann@29132
   148
        else raise TYP
haftmann@29132
   149
          ("Will not generate random elements for type(s) " ^ quote (hd tycos));
haftmann@29132
   150
      fun dtyp tyco = ((this_ty, true), random' $ @{term "i\<Colon>index"} $ @{term "j\<Colon>index"});
haftmann@29132
   151
      fun rtyp tyco tys = raise REC
haftmann@29132
   152
        ("Will not generate random elements for mutual recursive type " ^ quote (hd tycos));
haftmann@29132
   153
      val rhss = DatatypePackage.construction_interpretation thy
haftmann@29132
   154
            { atom = atom, dtyp = dtyp, rtyp = rtyp } vs tycos
haftmann@29132
   155
        |> (map o apsnd o map) (mk_cons thy this_ty) 
haftmann@29132
   156
        |> (map o apsnd) (List.partition fst)
haftmann@29132
   157
        |> map (mk_clauses thy this_ty)
haftmann@29132
   158
      val eqss = map ((apsnd o map) (HOLogic.mk_Trueprop o HOLogic.mk_eq) o (fn rhs => ((this_ty, random'), [
haftmann@29132
   159
          (random' $ @{term "0\<Colon>index"} $ @{term "j\<Colon>index"}, Abs ("s", @{typ seed},
haftmann@29132
   160
            Const (@{const_name undefined}, HOLogic.mk_prodT (term_ty this_ty, @{typ seed})))),
haftmann@29132
   161
          (random' $ @{term "Suc_index i"} $ @{term "j\<Colon>index"}, rhs)
haftmann@29132
   162
        ]))) rhss;
haftmann@29132
   163
    in eqss end;
haftmann@29132
   164
  fun random_inst [tyco] thy =
haftmann@29132
   165
        let
haftmann@29132
   166
          val (raw_vs, _) = DatatypePackage.the_datatype_spec thy tyco;
haftmann@29132
   167
          val vs = (map o apsnd)
haftmann@29132
   168
            (curry (Sorts.inter_sort (Sign.classes_of thy)) @{sort random}) raw_vs;
haftmann@29132
   169
          val ((this_ty, random'), eqs') = singleton (mk_random_eqs thy vs) tyco;
haftmann@29132
   170
          val eq = (HOLogic.mk_Trueprop o HOLogic.mk_eq)
haftmann@29132
   171
            (Sign.mk_const thy (@{const_name random}, [this_ty]) $ @{term "i\<Colon>index"},
haftmann@29132
   172
               random' $ @{term "i\<Colon>index"} $ @{term "i\<Colon>index"})
haftmann@29132
   173
          val del_func = Attrib.internal (fn _ => Thm.declaration_attribute
haftmann@29132
   174
            (fn thm => Context.mapping (Code.del_eqn thm) I));
haftmann@29132
   175
          fun add_code simps lthy =
haftmann@29132
   176
            let
haftmann@29132
   177
              val thy = ProofContext.theory_of lthy;
haftmann@29132
   178
              val thm = @{thm random'_if}
haftmann@29132
   179
                |> Drule.instantiate' [SOME (Thm.ctyp_of thy this_ty)] [SOME (Thm.cterm_of thy random')]
haftmann@29132
   180
                |> (fn thm => thm OF simps)
haftmann@29132
   181
                |> singleton (ProofContext.export lthy (ProofContext.init thy));
haftmann@29132
   182
              val c = (fst o dest_Const o fst o strip_comb o fst
haftmann@29132
   183
                o HOLogic.dest_eq o HOLogic.dest_Trueprop o Thm.prop_of) thm;
haftmann@29132
   184
            in
haftmann@29132
   185
              lthy
haftmann@29132
   186
              |> LocalTheory.theory (Code.del_eqns c
haftmann@29579
   187
                   #> PureThy.add_thm ((Binding.name (fst (dest_Free random') ^ "_code"), thm), [Thm.kind_internal])
haftmann@29132
   188
                   #-> Code.add_eqn)
haftmann@29132
   189
            end;
haftmann@29132
   190
        in
haftmann@29132
   191
          thy
haftmann@29132
   192
          |> TheoryTarget.instantiation ([tyco], vs, @{sort random})
haftmann@29132
   193
          |> PrimrecPackage.add_primrec
haftmann@29132
   194
               [(Binding.name (fst (dest_Free random')), SOME (snd (dest_Free random')), NoSyn)]
haftmann@29132
   195
                 (map (fn eq => ((Binding.empty, [del_func]), eq)) eqs')
haftmann@29132
   196
          |-> add_code
haftmann@29132
   197
          |> `(fn lthy => Syntax.check_term lthy eq)
haftmann@29132
   198
          |-> (fn eq => Specification.definition (NONE, (Attrib.empty_binding, eq)))
haftmann@29132
   199
          |> snd
haftmann@29132
   200
          |> Class.prove_instantiation_instance (K (Class.intro_classes_tac []))
haftmann@29132
   201
          |> LocalTheory.exit_global
haftmann@29132
   202
        end
haftmann@29132
   203
    | random_inst tycos thy = raise REC
haftmann@29132
   204
        ("Will not generate random elements for mutual recursive type(s) " ^ commas (map quote tycos));
haftmann@29132
   205
  fun add_random_inst tycos thy = random_inst tycos thy
haftmann@29132
   206
     handle REC msg => (warning msg; thy)
haftmann@29132
   207
          | TYP msg => (warning msg; thy)
haftmann@29132
   208
in DatatypePackage.interpretation add_random_inst end
haftmann@29132
   209
*}
haftmann@29132
   210
haftmann@29808
   211
haftmann@29808
   212
subsection {* Type @{typ int} *}
haftmann@29132
   213
haftmann@29132
   214
instantiation int :: random
haftmann@29132
   215
begin
haftmann@29132
   216
haftmann@29132
   217
definition
haftmann@29132
   218
  "random n = (do
haftmann@29132
   219
     (b, _) \<leftarrow> random n;
haftmann@29132
   220
     (m, t) \<leftarrow> random n;
haftmann@29132
   221
     return (if b then (int m, \<lambda>u. Code_Eval.App (Code_Eval.Const (STR ''Int.int'') TYPEREP(nat \<Rightarrow> int)) (t ()))
haftmann@29132
   222
       else (- int m, \<lambda>u. Code_Eval.App (Code_Eval.Const (STR ''HOL.uminus_class.uminus'') TYPEREP(int \<Rightarrow> int))
haftmann@29132
   223
         (Code_Eval.App (Code_Eval.Const (STR ''Int.int'') TYPEREP(nat \<Rightarrow> int)) (t ()))))
haftmann@29132
   224
   done)"
haftmann@29132
   225
haftmann@29132
   226
instance ..
haftmann@29132
   227
haftmann@29132
   228
end
haftmann@29132
   229
haftmann@26265
   230
haftmann@26267
   231
subsection {* Examples *}
haftmann@26267
   232
haftmann@28315
   233
theorem "map g (map f xs) = map (g o f) xs"
haftmann@28315
   234
  quickcheck [generator = code]
haftmann@28315
   235
  by (induct xs) simp_all
haftmann@26325
   236
haftmann@28315
   237
theorem "map g (map f xs) = map (f o g) xs"
haftmann@28315
   238
  quickcheck [generator = code]
haftmann@28315
   239
  oops
haftmann@28315
   240
haftmann@28315
   241
theorem "rev (xs @ ys) = rev ys @ rev xs"
haftmann@28315
   242
  quickcheck [generator = code]
haftmann@28315
   243
  by simp
haftmann@26265
   244
haftmann@28315
   245
theorem "rev (xs @ ys) = rev xs @ rev ys"
haftmann@28315
   246
  quickcheck [generator = code]
haftmann@28315
   247
  oops
haftmann@28315
   248
haftmann@28315
   249
theorem "rev (rev xs) = xs"
haftmann@28315
   250
  quickcheck [generator = code]
haftmann@28315
   251
  by simp
haftmann@28315
   252
haftmann@28315
   253
theorem "rev xs = xs"
haftmann@28315
   254
  quickcheck [generator = code]
haftmann@28315
   255
  oops
haftmann@28315
   256
haftmann@28315
   257
primrec app :: "('a \<Rightarrow> 'a) list \<Rightarrow> 'a \<Rightarrow> 'a" where
haftmann@28315
   258
  "app [] x = x"
haftmann@28315
   259
  | "app (f # fs) x = app fs (f x)"
haftmann@26265
   260
haftmann@28315
   261
lemma "app (fs @ gs) x = app gs (app fs x)"
haftmann@28315
   262
  quickcheck [generator = code]
haftmann@28315
   263
  by (induct fs arbitrary: x) simp_all
haftmann@28315
   264
haftmann@28315
   265
lemma "app (fs @ gs) x = app fs (app gs x)"
haftmann@28315
   266
  quickcheck [generator = code]
haftmann@28315
   267
  oops
haftmann@28315
   268
haftmann@28315
   269
primrec occurs :: "'a \<Rightarrow> 'a list \<Rightarrow> nat" where
haftmann@28315
   270
  "occurs a [] = 0"
haftmann@28315
   271
  | "occurs a (x#xs) = (if (x=a) then Suc(occurs a xs) else occurs a xs)"
haftmann@26265
   272
haftmann@28315
   273
primrec del1 :: "'a \<Rightarrow> 'a list \<Rightarrow> 'a list" where
haftmann@28315
   274
  "del1 a [] = []"
haftmann@28315
   275
  | "del1 a (x#xs) = (if (x=a) then xs else (x#del1 a xs))"
haftmann@28315
   276
haftmann@28315
   277
lemma "Suc (occurs a (del1 a xs)) = occurs a xs"
haftmann@28315
   278
  -- {* Wrong. Precondition needed.*}
haftmann@28315
   279
  quickcheck [generator = code]
haftmann@28315
   280
  oops
haftmann@26265
   281
haftmann@28315
   282
lemma "xs ~= [] \<longrightarrow> Suc (occurs a (del1 a xs)) = occurs a xs"
haftmann@28315
   283
  quickcheck [generator = code]
haftmann@28315
   284
    -- {* Also wrong.*}
haftmann@28315
   285
  oops
haftmann@28315
   286
haftmann@28315
   287
lemma "0 < occurs a xs \<longrightarrow> Suc (occurs a (del1 a xs)) = occurs a xs"
haftmann@28315
   288
  quickcheck [generator = code]
haftmann@28315
   289
  by (induct xs) auto
haftmann@26265
   290
haftmann@28315
   291
primrec replace :: "'a \<Rightarrow> 'a \<Rightarrow> 'a list \<Rightarrow> 'a list" where
haftmann@28315
   292
  "replace a b [] = []"
haftmann@28315
   293
  | "replace a b (x#xs) = (if (x=a) then (b#(replace a b xs)) 
haftmann@28315
   294
                            else (x#(replace a b xs)))"
haftmann@28315
   295
haftmann@28315
   296
lemma "occurs a xs = occurs b (replace a b xs)"
haftmann@28315
   297
  quickcheck [generator = code]
haftmann@28315
   298
  -- {* Wrong. Precondition needed.*}
haftmann@28315
   299
  oops
haftmann@28315
   300
haftmann@28315
   301
lemma "occurs b xs = 0 \<or> a=b \<longrightarrow> occurs a xs = occurs b (replace a b xs)"
haftmann@28315
   302
  quickcheck [generator = code]
haftmann@28315
   303
  by (induct xs) simp_all
haftmann@28315
   304
haftmann@28315
   305
haftmann@28315
   306
subsection {* Trees *}
haftmann@28315
   307
haftmann@28315
   308
datatype 'a tree = Twig |  Leaf 'a | Branch "'a tree" "'a tree"
haftmann@28315
   309
haftmann@28315
   310
primrec leaves :: "'a tree \<Rightarrow> 'a list" where
haftmann@28315
   311
  "leaves Twig = []"
haftmann@28315
   312
  | "leaves (Leaf a) = [a]"
haftmann@28315
   313
  | "leaves (Branch l r) = (leaves l) @ (leaves r)"
haftmann@28315
   314
haftmann@28315
   315
primrec plant :: "'a list \<Rightarrow> 'a tree" where
haftmann@28315
   316
  "plant [] = Twig "
haftmann@28315
   317
  | "plant (x#xs) = Branch (Leaf x) (plant xs)"
haftmann@26265
   318
haftmann@28315
   319
primrec mirror :: "'a tree \<Rightarrow> 'a tree" where
haftmann@28315
   320
  "mirror (Twig) = Twig "
haftmann@28315
   321
  | "mirror (Leaf a) = Leaf a "
haftmann@28315
   322
  | "mirror (Branch l r) = Branch (mirror r) (mirror l)"
haftmann@26265
   323
haftmann@28315
   324
theorem "plant (rev (leaves xt)) = mirror xt"
haftmann@28315
   325
  quickcheck [generator = code]
haftmann@28315
   326
    --{* Wrong! *} 
haftmann@28315
   327
  oops
haftmann@28315
   328
haftmann@28315
   329
theorem "plant (leaves xt @ leaves yt) = Branch xt yt"
haftmann@28315
   330
  quickcheck [generator = code]
haftmann@28315
   331
    --{* Wrong! *} 
haftmann@28315
   332
  oops
haftmann@28315
   333
haftmann@28315
   334
datatype 'a ntree = Tip "'a" | Node "'a" "'a ntree" "'a ntree"
haftmann@26265
   335
haftmann@28315
   336
primrec inOrder :: "'a ntree \<Rightarrow> 'a list" where
haftmann@28315
   337
  "inOrder (Tip a)= [a]"
haftmann@28315
   338
  | "inOrder (Node f x y) = (inOrder x)@[f]@(inOrder y)"
haftmann@28315
   339
haftmann@28315
   340
primrec root :: "'a ntree \<Rightarrow> 'a" where
haftmann@28315
   341
  "root (Tip a) = a"
haftmann@28315
   342
  | "root (Node f x y) = f"
haftmann@26265
   343
haftmann@28315
   344
theorem "hd (inOrder xt) = root xt"
haftmann@28315
   345
  quickcheck [generator = code]
haftmann@28315
   346
    --{* Wrong! *} 
haftmann@28315
   347
  oops
haftmann@26325
   348
haftmann@28315
   349
lemma "int (f k) = k"
haftmann@28315
   350
  quickcheck [generator = code]
haftmann@28315
   351
  oops
haftmann@26325
   352
haftmann@26265
   353
end