isabelle: src/HOL/Imperative_HOL/Overview.thy@69439c9defec (annotated)

39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	1	(* Title: HOL/Imperative_HOL/Overview.thy
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	2	Author: Florian Haftmann, TU Muenchen
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	3	*)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	4
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	5	(<)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	6	theory Overview
41413 64cd30d6b0b8 explicit file specifications -- avoid secondary load path; wenzelm parents: 40671 diff changeset	7	imports Imperative_HOL "~~/src/HOL/Library/LaTeXsugar"
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	8	begin
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	9
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	10	(* type constraints with spacing *)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	11	setup {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	12	let
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	13	val typ = Simple_Syntax.read_typ;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	14	in
42293 6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	15	Sign.del_modesyntax_i (Symbol.xsymbolsN, false)
6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	16	[("_constrain", typ "logic => type => logic", Mixfix ("_\<Colon>_", [4, 0], 3)),
6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	17	("_constrain", typ "prop' => type => prop'", Mixfix ("_\<Colon>_", [4, 0], 3))] #>
6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	18	Sign.add_modesyntax_i (Symbol.xsymbolsN, false)
6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	19	[("_constrain", typ "logic => type => logic", Mixfix ("_ \<Colon> _", [4, 0], 3)),
6cca0343ea48 renamed sprop "prop#" to "prop'" -- proper identifier; wenzelm parents: 42288 diff changeset	20	("_constrain", typ "prop' => type => prop'", Mixfix ("_ \<Colon> _", [4, 0], 3))]
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	21	end
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	22	}(>*)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	23
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	24	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	25	@{text "Imperative HOL"} is a leightweight framework for reasoning
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	26	about imperative data structures in @{text "Isabelle/HOL"}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	27	\cite{Nipkow-et-al:2002:tutorial}. Its basic ideas are described in
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	28	\cite{Bulwahn-et-al:2008:imp_HOL}. However their concrete
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	29	realisation has changed since, due to both extensions and
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	30	refinements. Therefore this overview wants to present the framework
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	31	\qt{as it is} by now. It focusses on the user-view, less on matters
40358 b6ed3364753d added note on countable types haftmann parents: 39717 diff changeset	32	of construction. For details study of the theory sources is
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	33	encouraged.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	34	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	35
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	36
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	37	section {* A polymorphic heap inside a monad *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	38
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	39	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	40	Heaps (@{type heap}) can be populated by values of class @{class
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	41	heap}; HOL's default types are already instantiated to class @{class
40358 b6ed3364753d added note on countable types haftmann parents: 39717 diff changeset	42	heap}. Class @{class heap} is a subclass of @{class countable}; see
b6ed3364753d added note on countable types haftmann parents: 39717 diff changeset	43	theory @{text Countable} for ways to instantiate types as @{class countable}.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	44
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	45	The heap is wrapped up in a monad @{typ "'a Heap"} by means of the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	46	following specification:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	47
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	48	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	49	@{datatype Heap}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	50	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	51
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	52	Unwrapping of this monad type happens through
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	53
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	54	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	55	@{term_type execute} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	56	@{thm execute.simps [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	57	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	58
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	59	This allows for equational reasoning about monadic expressions; the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	60	fact collection @{text execute_simps} contains appropriate rewrites
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	61	for all fundamental operations.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	62
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	63	Primitive fine-granular control over heaps is available through rule
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	64	@{text Heap_cases}:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	65
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	66	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	67	@{thm [break] Heap_cases [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	68	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	69
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	70	Monadic expression involve the usual combinators:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	71
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	72	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	73	@{term_type return} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	74	@{term_type bind} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	75	@{term_type raise}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	76	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	77
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	78	This is also associated with nice monad do-syntax. The @{typ
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	79	string} argument to @{const raise} is just a codified comment.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	80
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	81	Among a couple of generic combinators the following is helpful for
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	82	establishing invariants:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	83
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	84	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	85	@{term_type assert} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	86	@{thm assert_def [no_vars]}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	87	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	88	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	89
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	90
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	91	section {* Relational reasoning about @{type Heap} expressions *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	92
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	93	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	94	To establish correctness of imperative programs, predicate
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	95
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	96	\begin{quote}
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	97	@{term_type effect}
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	98	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	99
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	100	provides a simple relational calculus. Primitive rules are @{text
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	101	effectI} and @{text effectE}, rules appropriate for reasoning about
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	102	imperative operations are available in the @{text effect_intros} and
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	103	@{text effect_elims} fact collections.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	104
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	105	Often non-failure of imperative computations does not depend
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	106	on the heap at all; reasoning then can be easier using predicate
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	107
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	108	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	109	@{term_type success}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	110	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	111
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	112	Introduction rules for @{const success} are available in the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	113	@{text success_intro} fact collection.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	114
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	115	@{const execute}, @{const effect}, @{const success} and @{const bind}
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	116	are related by rules @{text execute_bind_success}, @{text
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	117	success_bind_executeI}, @{text success_bind_effectI}, @{text
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	118	effect_bindI}, @{text effect_bindE} and @{text execute_bind_eq_SomeI}.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	119	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	120
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	121
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	122	section {* Monadic data structures *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	123
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	124	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	125	The operations for monadic data structures (arrays and references)
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	126	come in two flavours:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	127
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	128	\begin{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	129
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	130	\item Operations on the bare heap; their number is kept minimal
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	131	to facilitate proving.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	132
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	133	\item Operations on the heap wrapped up in a monad; these are designed
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	134	for executing.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	135
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	136	\end{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	137
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	138	Provided proof rules are such that they reduce monad operations to
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	139	operations on bare heaps.
39717 e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	140
e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	141	Note that HOL equality coincides with reference equality and may be
e9bec0b43449 added hint on reference equality haftmann parents: 39610 diff changeset	142	used as primitive executable operation.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	143	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	144
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	145	subsection {* Arrays *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	146
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	147	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	148	Heap operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	149
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	150	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	151	@{term_type Array.alloc} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	152	@{term_type Array.present} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	153	@{term_type Array.get} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	154	@{term_type Array.set} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	155	@{term_type Array.length} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	156	@{term_type Array.update} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	157	@{term_type Array.noteq}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	158	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	159
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	160	Monad operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	161
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	162	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	163	@{term_type Array.new} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	164	@{term_type Array.of_list} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	165	@{term_type Array.make} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	166	@{term_type Array.len} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	167	@{term_type Array.nth} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	168	@{term_type Array.upd} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	169	@{term_type Array.map_entry} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	170	@{term_type Array.swap} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	171	@{term_type Array.freeze}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	172	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	173	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	174
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	175	subsection {* References *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	176
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	177	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	178	Heap operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	179
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	180	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	181	@{term_type Ref.alloc} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	182	@{term_type Ref.present} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	183	@{term_type Ref.get} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	184	@{term_type Ref.set} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	185	@{term_type Ref.noteq}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	186	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	187
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	188	Monad operations:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	189
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	190	\begin{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	191	@{term_type Ref.ref} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	192	@{term_type Ref.lookup} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	193	@{term_type Ref.update} \\
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	194	@{term_type Ref.change}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	195	\end{quote}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	196	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	197
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	198
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	199	section {* Code generation *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	200
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	201	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	202	Imperative HOL sets up the code generator in a way that imperative
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	203	operations are mapped to suitable counterparts in the target
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	204	language. For @{text Haskell}, a suitable @{text ST} monad is used;
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	205	for @{text SML}, @{text Ocaml} and @{text Scala} unit values ensure
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	206	that the evaluation order is the same as you would expect from the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	207	original monadic expressions. These units may look cumbersome; the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	208	target language variants @{text SML_imp}, @{text Ocaml_imp} and
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	209	@{text Scala_imp} make some effort to optimize some of them away.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	210	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	211
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	212
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	213	section {* Some hints for using the framework *}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	214
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	215	text {*
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	216	Of course a framework itself does not by itself indicate how to make
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	217	best use of it. Here some hints drawn from prior experiences with
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	218	Imperative HOL:
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	219
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	220	\begin{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	221
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	222	\item Proofs on bare heaps should be strictly separated from those
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	223	for monadic expressions. The first capture the essence, while the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	224	latter just describe a certain wrapping-up.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	225
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	226	\item A good methodology is to gradually improve an imperative
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	227	program from a functional one. In the extreme case this means
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	228	that an original functional program is decomposed into suitable
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	229	operations with exactly one corresponding imperative operation.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	230	Having shown suitable correspondence lemmas between those, the
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	231	correctness prove of the whole imperative program simply
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	232	consists of composing those.
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	233
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	234	\item Whether one should prefer equational reasoning (fact
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	235	collection @{text execute_simps} or relational reasoning (fact
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 40358 diff changeset	236	collections @{text effect_intros} and @{text effect_elims}) depends
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	237	on the problems to solve. For complex expressions or
23bdf736d84f tuned text haftmann parents: 39307 diff changeset	238	expressions involving binders, the relation style usually is
23bdf736d84f tuned text haftmann parents: 39307 diff changeset	239	superior but requires more proof text.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	240
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	241	\item Note that you can extend the fact collections of Imperative
39610 23bdf736d84f tuned text haftmann parents: 39307 diff changeset	242	HOL yourself whenever appropriate.
39307 8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	243
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	244	\end{itemize}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	245	*}
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	246
8d42d668b5b0 added Imperative HOL overview haftmann parents: diff changeset	247	end

author	wenzelm
	Thu, 10 Jan 2013 15:45:27 +0100
changeset 50805	69439c9defec
parent 42293	6cca0343ea48
child 56239	17df7145a871
permissions	-rw-r--r--