src/HOLCF/ex/hoare.txt
author haftmann
Fri, 24 Apr 2009 17:45:16 +0200
changeset 30972 5b65835ccc92
parent 896 56b9c2626e81
child 35174 e15040ae75d7
permissions -rw-r--r--
some experiements towards user interface for predicate compiler
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
896
56b9c2626e81 ID for the file
regensbu
parents: 244
diff changeset
     1
(* $Id$ *)
56b9c2626e81 ID for the file
regensbu
parents: 244
diff changeset
     2
244
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     3
Proves about loops and tail-recursive functions
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     4
===============================================
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     5
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     6
Problem A
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     7
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     8
P = while B1       do S od
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
     9
Q = while B1 or B2 do S od
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    10
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    11
Prove P;Q = Q    (provided B1, B2 have no side effects)
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    12
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    13
------
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    14
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    15
Looking at the denotational semantics of while, we get
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    16
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    17
Problem B
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    18
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    19
[|B1|]:State->Bool
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    20
[|B2|]:State->Bool
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    21
[|S |]:State->State
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    22
f     :State->State
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    23
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    24
p = fix LAM f.LAM x. if [| B1 |] x                  then f([| S |] x) else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    25
q = fix LAM f.LAM x. if [| B1 |] x orelse [|b2 |] x then f([| S |] x) else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    26
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    27
Prove q o p = q          rsp.       ALL x.q(p(x))=q(x)
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    28
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    29
Remark: 1. Bool is the three-valued domain {UU,FF,TT} since tests B1 and B2 may
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    30
           not terminate.
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    31
        2. orelse is the sequential or like in ML
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    32
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    33
----------
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    34
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    35
If we abstract over the structure of stores we get
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    36
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    37
Problem C
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    38
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    39
b1:'a -> Bool
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    40
b2:'a -> Bool
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    41
g :'a ->'a
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    42
h :'a ->'a
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    43
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    44
p = fix LAM h.LAM x. if b1(x)              then h(g(x)) else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    45
q = fix LAM h.LAM x. if b1(x) orelse b2(x) then h(g(x)) else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    46
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    47
where g is an abstraction of [| S |]
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    48
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    49
Prove q o p = q 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    50
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    51
Remark: there are no restrictions wrt. definedness or strictness for any of 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    52
        the involved functions.
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    53
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    54
----------
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    55
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    56
In a functional programming language the problem reads as follows:
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    57
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    58
p(x) = if b1(x) 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    59
         then p(g(x))
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    60
         else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    61
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    62
q(x) = if b1(x) orelse b2(x) 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    63
         then q(g(x))
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    64
         else x fi
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    65
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    66
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    67
Prove:  q o p = q
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    68
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    69
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    70
-------------
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    71
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    72
In you like to test the problem in ML (bad guy) you have to introduce 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    73
formal parameters for b1,b2 and g.
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    74
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    75
fun p b1 g x = if b1(x) 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    76
         then p b1 g (g(x))
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    77
         else x;
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    78
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    79
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    80
fun q b1 b2 g x = if b1(x) orelse b2(x) 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    81
         then q b1 b2 g (g(x))
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    82
         else x;
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    83
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    84
Prove: for all b1 b2 g . 
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    85
            (q b1 b2 g) o (p b1 g) = (q b1 b2 g)
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    86
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    87
===========
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    88
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    89
It took 4 person-days to formulate and prove the problem C in the
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    90
Isabelle logic HOLCF. The formalisation was done by conservative extension and
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    91
all proof principles where derived from pure HOLCF.
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    92
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    93
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    94
    
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    95
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    96
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    97
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    98
929fc2c63bd0 HOLCF examples
nipkow
parents:
diff changeset
    99