isabelle: src/HOL/Imperative_HOL/Overview.thy@3e4bb6e7c3ca (annotated)

39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	1	(* Title: HOL/Imperative_HOL/Overview.thy
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	2	Author: Florian Haftmann, TU Muenchen
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	3	*)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	4
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	5	(<)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	6	theory Overview
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	7	imports Imperative_HOL LaTeXsugar
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	8	begin
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	9
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	10	(* type constraints with spacing *)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	11	setup {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	12	let
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	13	val typ = Simple_Syntax.read_typ;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	14	val typeT = Syntax.typeT;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	15	val spropT = Syntax.spropT;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	16	in
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	17	Sign.del_modesyntax_i (Symbol.xsymbolsN, false) [
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	18	("_constrain", typ "logic => type => logic", Mixfix ("_\<Colon>_", [4, 0], 3)),
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	19	("_constrain", [spropT, typeT] ---> spropT, Mixfix ("_\<Colon>_", [4, 0], 3))]
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	20	#> Sign.add_modesyntax_i (Symbol.xsymbolsN, false) [
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	21	("_constrain", typ "logic => type => logic", Mixfix ("_ \<Colon> _", [4, 0], 3)),
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	22	("_constrain", [spropT, typeT] ---> spropT, Mixfix ("_ \<Colon> _", [4, 0], 3))]
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	23	end
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	24	}(>*)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	25
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	26	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	27	@{text "Imperative HOL"} is a leightweight framework for reasoning
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	28	about imperative data structures in @{text "Isabelle/HOL"}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	29	\cite{Nipkow-et-al:2002:tutorial}. Its basic ideas are described in
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	30	\cite{Bulwahn-et-al:2008:imp_HOL}. However their concrete
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	31	realisation has changed since, due to both extensions and
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	32	refinements. Therefore this overview wants to present the framework
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	33	\qt{as it is} by now. It focusses on the user-view, less on matters
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	34	of constructions. For details study of the theory sources is
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	35	encouraged.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	36	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	37
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	38
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	39	section {* A polymorphic heap inside a monad *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	40
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	41	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	42	Heaps (@{type heap}) can be populated by values of class @{class
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	43	heap}; HOL's default types are already instantiated to class @{class
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	44	heap}.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	45
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	46	The heap is wrapped up in a monad @{typ "'a Heap"} by means of the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	47	following specification:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	48
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	49	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	50	@{datatype Heap}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	51	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	52
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	53	Unwrapping of this monad type happens through
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	54
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	55	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	56	@{term_type execute} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	57	@{thm execute.simps [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	58	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	59
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	60	This allows for equational reasoning about monadic expressions; the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	61	fact collection @{text execute_simps} contains appropriate rewrites
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	62	for all fundamental operations.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	63
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	64	Primitive fine-granular control over heaps is available through rule
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	65	@{text Heap_cases}:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	66
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	67	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	68	@{thm [break] Heap_cases [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	69	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	70
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	71	Monadic expression involve the usual combinators:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	72
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	73	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	74	@{term_type return} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	75	@{term_type bind} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	76	@{term_type raise}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	77	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	78
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	79	This is also associated with nice monad do-syntax. The @{typ
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	80	string} argument to @{const raise} is just a codified comment.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	81
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	82	Among a couple of generic combinators the following is helpful for
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	83	establishing invariants:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	84
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	85	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	86	@{term_type assert} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	87	@{thm assert_def [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	88	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	89	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	90
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	91
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	92	section {* Relational reasoning about @{type Heap} expressions *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	93
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	94	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	95	To establish correctness of imperative programs, predicate
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	96
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	97	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	98	@{term_type crel}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	99	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	100
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	101	provides a simple relational calculus. Primitive rules are @{text
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	102	crelI} and @{text crelE}, rules appropriate for reasoning about
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	103	imperative operation are available in the @{text crel_intros} and
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	104	@{text crel_elims} fact collections.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	105
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	106	Often non-failure of imperative computations does not depend
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	107	on the heap at all; reasoning then can be easier using predicate
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	108
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	109	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	110	@{term_type success}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	111	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	112
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	113	Introduction rules for @{const success} are available in the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	114	@{text success_intro} fact collection.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	115
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	116	@{const execute}, @{const crel}, @{const success} and @{const bind}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	117	are related by rules @{text execute_bind_success}, @{text
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	118	success_bind_executeI}, @{text success_bind_crelI}, @{text
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	119	crel_bindI}, @{text crel_bindE} and @{text execute_bind_eq_SomeI}.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	120	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	121
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	122
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	123	section {* Monadic data structures *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	124
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	125	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	126	The operations for monadic data structures (arrays and references)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	127	come in two flavours:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	128
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	129	\begin{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	130
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	131	\item Operations on the bare heap; their number is kept minimal
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	132	to facilitate proving.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	133
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	134	\item Operations on the heap wrapped up in a monad; these are designed
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	135	for executing.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	136
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	137	\end{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	138
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	139	Provided proof rules are such that they reduce monad operations to
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	140	operations on bare heaps.
39717 e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	141
e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	142	Note that HOL equality coincides with reference equality and may be
e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	143	used as primitive executable operation.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	144	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	145
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	146	subsection {* Arrays *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	147
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	148	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	149	Heap operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	150
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	151	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	152	@{term_type Array.alloc} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	153	@{term_type Array.present} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	154	@{term_type Array.get} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	155	@{term_type Array.set} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	156	@{term_type Array.length} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	157	@{term_type Array.update} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	158	@{term_type Array.noteq}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	159	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	160
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	161	Monad operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	162
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	163	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	164	@{term_type Array.new} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	165	@{term_type Array.of_list} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	166	@{term_type Array.make} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	167	@{term_type Array.len} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	168	@{term_type Array.nth} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	169	@{term_type Array.upd} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	170	@{term_type Array.map_entry} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	171	@{term_type Array.swap} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	172	@{term_type Array.freeze}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	173	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	174	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	175
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	176	subsection {* References *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	177
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	178	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	179	Heap operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	180
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	181	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	182	@{term_type Ref.alloc} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	183	@{term_type Ref.present} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	184	@{term_type Ref.get} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	185	@{term_type Ref.set} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	186	@{term_type Ref.noteq}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	187	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	188
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	189	Monad operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	190
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	191	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	192	@{term_type Ref.ref} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	193	@{term_type Ref.lookup} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	194	@{term_type Ref.update} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	195	@{term_type Ref.change}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	196	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	197	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	198
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	199
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	200	section {* Code generation *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	201
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	202	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	203	Imperative HOL sets up the code generator in a way that imperative
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	204	operations are mapped to suitable counterparts in the target
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	205	language. For @{text Haskell}, a suitable @{text ST} monad is used;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	206	for @{text SML}, @{text Ocaml} and @{text Scala} unit values ensure
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	207	that the evaluation order is the same as you would expect from the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	208	original monadic expressions. These units may look cumbersome; the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	209	target language variants @{text SML_imp}, @{text Ocaml_imp} and
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	210	@{text Scala_imp} make some effort to optimize some of them away.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	211	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	212
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	213
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	214	section {* Some hints for using the framework *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	215
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	216	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	217	Of course a framework itself does not by itself indicate how to make
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	218	best use of it. Here some hints drawn from prior experiences with
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	219	Imperative HOL:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	220
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	221	\begin{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	222
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	223	\item Proofs on bare heaps should be strictly separated from those
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	224	for monadic expressions. The first capture the essence, while the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	225	latter just describe a certain wrapping-up.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	226
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	227	\item A good methodology is to gradually improve an imperative
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	228	program from a functional one. In the extreme case this means
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	229	that an original functional program is decomposed into suitable
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	230	operations with exactly one corresponding imperative operation.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	231	Having shown suitable correspondence lemmas between those, the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	232	correctness prove of the whole imperative program simply
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	233	consists of composing those.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	234
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	235	\item Whether one should prefer equational reasoning (fact
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	236	collection @{text execute_simps} or relational reasoning (fact
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	237	collections @{text crel_intros} and @{text crel_elims}) depends
23bdf736d84f tuned text haftmann parents: 39307 diff changeset	238	on the problems to solve. For complex expressions or
23bdf736d84f tuned text haftmann parents: 39307 diff changeset	239	expressions involving binders, the relation style usually is
23bdf736d84f tuned text haftmann parents: 39307 diff changeset	240	superior but requires more proof text.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	241
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	242	\item Note that you can extend the fact collections of Imperative
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	243	HOL yourself whenever appropriate.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	244
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	245	\end{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	246	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	247
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	248	end

author	wenzelm
	Wed, 03 Nov 2010 21:53:56 +0100
changeset 40335	3e4bb6e7c3ca
parent 39717	e9bec0b43449
child 40358	b6ed3364753d
permissions	-rw-r--r--