author  haftmann 
Wed, 17 Feb 2010 09:48:53 +0100  
a draft for an example how to turn specifications involving choice executable
1 
(* Author: Florian Haftmann, TU Muenchen *) 
2 

3 
header {* A simple cookbook example how to eliminate choice in programs. *} 
4 

5 
theory Execute_Choice 
6 
imports Main AssocList 
7 
begin 
8 

9 
definition valuesum :: "('a, 'b :: comm_monoid_add) mapping \<Rightarrow> 'b" where 
10 
"valuesum m = (\<Sum>k \<in> Mapping.keys m. the (Mapping.lookup m k))" 
11 

12 
lemma valuesum_rec: 
13 
assumes fin: "finite (dom (Mapping.lookup m))" 
14 
shows "valuesum m = (if Mapping.is_empty m then 0 else 
15 
let l = (SOME l. l \<in> Mapping.keys m) in the (Mapping.lookup m l) + valuesum (Mapping.delete l m))" 
16 
proof (cases "Mapping.is_empty m") 
17 
case True then show ?thesis by (simp add: is_empty_def keys_def valuesum_def) 
18 
next 
19 
case False 
20 
then have l: "\<exists>l. l \<in> dom (Mapping.lookup m)" by (auto simp add: is_empty_def expand_fun_eq mem_def) 
21 
then have "(let l = SOME l. l \<in> dom (Mapping.lookup m) in 
22 
the (Mapping.lookup m l) + (\<Sum>k \<in> dom (Mapping.lookup m)  {l}. the (Mapping.lookup m k))) = 
23 
(\<Sum>k \<in> dom (Mapping.lookup m). the (Mapping.lookup m k))" 
24 
proof (rule someI2_ex) 
25 
fix l 
26 
note fin 
27 
moreover assume "l \<in> dom (Mapping.lookup m)" 
28 
moreover obtain A where "A = dom (Mapping.lookup m)  {l}" by simp 
29 
ultimately have "dom (Mapping.lookup m) = insert l A" and "finite A" and "l \<notin> A" by auto 
30 
then show "(let l = l 
31 
in the (Mapping.lookup m l) + (\<Sum>k \<in> dom (Mapping.lookup m)  {l}. the (Mapping.lookup m k))) = 
32 
(\<Sum>k \<in> dom (Mapping.lookup m). the (Mapping.lookup m k))" 
33 
by simp 
34 
qed 
35 
then show ?thesis by (simp add: keys_def valuesum_def is_empty_def) 
36 
qed 
37 

38 
lemma valuesum_rec_AList: 
39 
"valuesum (AList []) = 0" 
40 
"valuesum (AList (x # xs)) = (let l = (SOME l. l \<in> Mapping.keys (AList (x # xs))) in 
41 
the (Mapping.lookup (AList (x # xs)) l) + valuesum (Mapping.delete l (AList (x # xs))))" 
42 
by (simp_all add: valuesum_rec finite_dom_map_of is_empty_AList) 
43 

44 
axioms 
45 
FIXME: "x \<in> A \<Longrightarrow> y \<in> A \<Longrightarrow> C x = C y" 
46 

47 
lemma aux: "(SOME l. l \<in> Mapping.keys (AList (x # xs))) = fst (hd (x # xs))" 
48 
proof (rule FIXME) 
49 
show "fst (hd (x # xs)) \<in> Mapping.keys (AList (x # xs))" 
50 
by (simp add: keys_AList) 
51 
show "(SOME l. l \<in> Mapping.keys (AList (x # xs))) \<in> Mapping.keys (AList (x # xs))" 
52 
apply (rule someI) apply (simp add: keys_AList) apply auto 
53 
done 
54 
qed 
55 

56 
lemma valuesum_rec_exec [code]: 
57 
"valuesum (AList []) = 0" 
58 
"valuesum (AList (x # xs)) = (let l = fst (hd (x # xs)) in 
59 
the (Mapping.lookup (AList (x # xs)) l) + valuesum (Mapping.delete l (AList (x # xs))))" 
60 
by (simp_all add: valuesum_rec_AList aux) 
61 

62 
value "valuesum (AList [(''abc'', (42::nat)), (''def'', 1705)])" 
63 

64 
end 