1 % |
|
2 \begin{isabellebody}% |
|
3 \def\isabellecontext{Inductive{\isaliteral{5F}{\isacharunderscore}}Predicate}% |
|
4 % |
|
5 \isadelimtheory |
|
6 % |
|
7 \endisadelimtheory |
|
8 % |
|
9 \isatagtheory |
|
10 \isacommand{theory}\isamarkupfalse% |
|
11 \ Inductive{\isaliteral{5F}{\isacharunderscore}}Predicate\isanewline |
|
12 \isakeyword{imports}\ Setup\isanewline |
|
13 \isakeyword{begin}\isanewline |
|
14 % |
|
15 \endisatagtheory |
|
16 {\isafoldtheory}% |
|
17 % |
|
18 \isadelimtheory |
|
19 % |
|
20 \endisadelimtheory |
|
21 % |
|
22 \isadeliminvisible |
|
23 % |
|
24 \endisadeliminvisible |
|
25 % |
|
26 \isataginvisible |
|
27 % |
|
28 \endisataginvisible |
|
29 {\isafoldinvisible}% |
|
30 % |
|
31 \isadeliminvisible |
|
32 % |
|
33 \endisadeliminvisible |
|
34 % |
|
35 \isamarkupsection{Inductive Predicates \label{sec:inductive}% |
|
36 } |
|
37 \isamarkuptrue% |
|
38 % |
|
39 \begin{isamarkuptext}% |
|
40 The \isa{predicate\ compiler} is an extension of the code generator |
|
41 which turns inductive specifications into equational ones, from |
|
42 which in turn executable code can be generated. The mechanisms of |
|
43 this compiler are described in detail in |
|
44 \cite{Berghofer-Bulwahn-Haftmann:2009:TPHOL}. |
|
45 |
|
46 Consider the simple predicate \isa{append} given by these two |
|
47 introduction rules:% |
|
48 \end{isamarkuptext}% |
|
49 \isamarkuptrue% |
|
50 % |
|
51 \isadelimquote |
|
52 % |
|
53 \endisadelimquote |
|
54 % |
|
55 \isatagquote |
|
56 % |
|
57 \begin{isamarkuptext}% |
|
58 \isa{append\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ ys\ ys} \\ |
|
59 \isa{append\ xs\ ys\ zs\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ append\ {\isaliteral{28}{\isacharparenleft}}x\ {\isaliteral{23}{\isacharhash}}\ xs{\isaliteral{29}{\isacharparenright}}\ ys\ {\isaliteral{28}{\isacharparenleft}}x\ {\isaliteral{23}{\isacharhash}}\ zs{\isaliteral{29}{\isacharparenright}}}% |
|
60 \end{isamarkuptext}% |
|
61 \isamarkuptrue% |
|
62 % |
|
63 \endisatagquote |
|
64 {\isafoldquote}% |
|
65 % |
|
66 \isadelimquote |
|
67 % |
|
68 \endisadelimquote |
|
69 % |
|
70 \begin{isamarkuptext}% |
|
71 \noindent To invoke the compiler, simply use \indexdef{}{command}{code\_pred}\hypertarget{command.code-pred}{\hyperlink{command.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}}}:% |
|
72 \end{isamarkuptext}% |
|
73 \isamarkuptrue% |
|
74 % |
|
75 \isadelimquote |
|
76 % |
|
77 \endisadelimquote |
|
78 % |
|
79 \isatagquote |
|
80 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}\isamarkupfalse% |
|
81 \ append\ \isacommand{{\isaliteral{2E}{\isachardot}}}\isamarkupfalse% |
|
82 % |
|
83 \endisatagquote |
|
84 {\isafoldquote}% |
|
85 % |
|
86 \isadelimquote |
|
87 % |
|
88 \endisadelimquote |
|
89 % |
|
90 \begin{isamarkuptext}% |
|
91 \noindent The \hyperlink{command.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}} command takes the name of the |
|
92 inductive predicate and then you put a period to discharge a trivial |
|
93 correctness proof. The compiler infers possible modes for the |
|
94 predicate and produces the derived code equations. Modes annotate |
|
95 which (parts of the) arguments are to be taken as input, and which |
|
96 output. Modes are similar to types, but use the notation \isa{i} |
|
97 for input and \isa{o} for output. |
|
98 |
|
99 For \isa{append}, the compiler can infer the following modes: |
|
100 \begin{itemize} |
|
101 \item \isa{i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} |
|
102 \item \isa{i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} |
|
103 \item \isa{o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} |
|
104 \end{itemize} |
|
105 You can compute sets of predicates using \indexdef{}{command}{values}\hypertarget{command.values}{\hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}}}:% |
|
106 \end{isamarkuptext}% |
|
107 \isamarkuptrue% |
|
108 % |
|
109 \isadelimquote |
|
110 % |
|
111 \endisadelimquote |
|
112 % |
|
113 \isatagquote |
|
114 \isacommand{values}\isamarkupfalse% |
|
115 \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}zs{\isaliteral{2E}{\isachardot}}\ append\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{1}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}{\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}{\isadigit{3}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{4}}{\isaliteral{2C}{\isacharcomma}}{\isadigit{5}}{\isaliteral{5D}{\isacharbrackright}}\ zs{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}% |
|
116 \endisatagquote |
|
117 {\isafoldquote}% |
|
118 % |
|
119 \isadelimquote |
|
120 % |
|
121 \endisadelimquote |
|
122 % |
|
123 \begin{isamarkuptext}% |
|
124 \noindent outputs \isa{{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{5B}{\isacharbrackleft}}{\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{4}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{5}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{7D}{\isacharbraceright}}}, and% |
|
125 \end{isamarkuptext}% |
|
126 \isamarkuptrue% |
|
127 % |
|
128 \isadelimquote |
|
129 % |
|
130 \endisadelimquote |
|
131 % |
|
132 \isatagquote |
|
133 \isacommand{values}\isamarkupfalse% |
|
134 \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}xs{\isaliteral{2C}{\isacharcomma}}\ ys{\isaliteral{29}{\isacharparenright}}{\isaliteral{2E}{\isachardot}}\ append\ xs\ ys\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{2}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}{\isadigit{3}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}% |
|
135 \endisatagquote |
|
136 {\isafoldquote}% |
|
137 % |
|
138 \isadelimquote |
|
139 % |
|
140 \endisadelimquote |
|
141 % |
|
142 \begin{isamarkuptext}% |
|
143 \noindent outputs \isa{{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5B}{\isacharbrackleft}}{\isadigit{2}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{3}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5B}{\isacharbrackleft}}{\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{7D}{\isacharbraceright}}}.% |
|
144 \end{isamarkuptext}% |
|
145 \isamarkuptrue% |
|
146 % |
|
147 \begin{isamarkuptext}% |
|
148 \noindent If you are only interested in the first elements of the |
|
149 set comprehension (with respect to a depth-first search on the |
|
150 introduction rules), you can pass an argument to \hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}} |
|
151 to specify the number of elements you want:% |
|
152 \end{isamarkuptext}% |
|
153 \isamarkuptrue% |
|
154 % |
|
155 \isadelimquote |
|
156 % |
|
157 \endisadelimquote |
|
158 % |
|
159 \isatagquote |
|
160 \isacommand{values}\isamarkupfalse% |
|
161 \ {\isadigit{1}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}xs{\isaliteral{2C}{\isacharcomma}}\ ys{\isaliteral{29}{\isacharparenright}}{\isaliteral{2E}{\isachardot}}\ append\ xs\ ys\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{1}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{4}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
162 \isacommand{values}\isamarkupfalse% |
|
163 \ {\isadigit{3}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}xs{\isaliteral{2C}{\isacharcomma}}\ ys{\isaliteral{29}{\isacharparenright}}{\isaliteral{2E}{\isachardot}}\ append\ xs\ ys\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{1}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{4}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}% |
|
164 \endisatagquote |
|
165 {\isafoldquote}% |
|
166 % |
|
167 \isadelimquote |
|
168 % |
|
169 \endisadelimquote |
|
170 % |
|
171 \begin{isamarkuptext}% |
|
172 \noindent The \hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}} command can only compute set |
|
173 comprehensions for which a mode has been inferred. |
|
174 |
|
175 The code equations for a predicate are made available as theorems with |
|
176 the suffix \isa{equation}, and can be inspected with:% |
|
177 \end{isamarkuptext}% |
|
178 \isamarkuptrue% |
|
179 % |
|
180 \isadelimquote |
|
181 % |
|
182 \endisadelimquote |
|
183 % |
|
184 \isatagquote |
|
185 \isacommand{thm}\isamarkupfalse% |
|
186 \ append{\isaliteral{2E}{\isachardot}}equation% |
|
187 \endisatagquote |
|
188 {\isafoldquote}% |
|
189 % |
|
190 \isadelimquote |
|
191 % |
|
192 \endisadelimquote |
|
193 % |
|
194 \begin{isamarkuptext}% |
|
195 \noindent More advanced options are described in the following subsections.% |
|
196 \end{isamarkuptext}% |
|
197 \isamarkuptrue% |
|
198 % |
|
199 \isamarkupsubsection{Alternative names for functions% |
|
200 } |
|
201 \isamarkuptrue% |
|
202 % |
|
203 \begin{isamarkuptext}% |
|
204 By default, the functions generated from a predicate are named after |
|
205 the predicate with the mode mangled into the name (e.g., \isa{append{\isaliteral{5F}{\isacharunderscore}}i{\isaliteral{5F}{\isacharunderscore}}i{\isaliteral{5F}{\isacharunderscore}}o}). You can specify your own names as follows:% |
|
206 \end{isamarkuptext}% |
|
207 \isamarkuptrue% |
|
208 % |
|
209 \isadelimquote |
|
210 % |
|
211 \endisadelimquote |
|
212 % |
|
213 \isatagquote |
|
214 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}\isamarkupfalse% |
|
215 \ {\isaliteral{28}{\isacharparenleft}}modes{\isaliteral{3A}{\isacharcolon}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool\ as\ concat{\isaliteral{2C}{\isacharcomma}}\isanewline |
|
216 \ \ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool\ as\ split{\isaliteral{2C}{\isacharcomma}}\isanewline |
|
217 \ \ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool\ as\ suffix{\isaliteral{29}{\isacharparenright}}\ append\ \isacommand{{\isaliteral{2E}{\isachardot}}}\isamarkupfalse% |
|
218 % |
|
219 \endisatagquote |
|
220 {\isafoldquote}% |
|
221 % |
|
222 \isadelimquote |
|
223 % |
|
224 \endisadelimquote |
|
225 % |
|
226 \isamarkupsubsection{Alternative introduction rules% |
|
227 } |
|
228 \isamarkuptrue% |
|
229 % |
|
230 \begin{isamarkuptext}% |
|
231 Sometimes the introduction rules of an predicate are not executable |
|
232 because they contain non-executable constants or specific modes |
|
233 could not be inferred. It is also possible that the introduction |
|
234 rules yield a function that loops forever due to the execution in a |
|
235 depth-first search manner. Therefore, you can declare alternative |
|
236 introduction rules for predicates with the attribute \hyperlink{attribute.code-pred-intro}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}pred{\isaliteral{5F}{\isacharunderscore}}intro}}}. For example, the transitive closure is defined |
|
237 by:% |
|
238 \end{isamarkuptext}% |
|
239 \isamarkuptrue% |
|
240 % |
|
241 \isadelimquote |
|
242 % |
|
243 \endisadelimquote |
|
244 % |
|
245 \isatagquote |
|
246 % |
|
247 \begin{isamarkuptext}% |
|
248 \isa{{\isaliteral{22}{\isachardoublequote}}r\ a\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ tranclp\ r\ a\ b{\isaliteral{22}{\isachardoublequote}}}\\ |
|
249 \isa{{\isaliteral{22}{\isachardoublequote}}tranclp\ r\ a\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ b\ c\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ tranclp\ r\ a\ c{\isaliteral{22}{\isachardoublequote}}}% |
|
250 \end{isamarkuptext}% |
|
251 \isamarkuptrue% |
|
252 % |
|
253 \endisatagquote |
|
254 {\isafoldquote}% |
|
255 % |
|
256 \isadelimquote |
|
257 % |
|
258 \endisadelimquote |
|
259 % |
|
260 \begin{isamarkuptext}% |
|
261 \noindent These rules do not suit well for executing the transitive |
|
262 closure with the mode \isa{{\isaliteral{28}{\isacharparenleft}}i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}, as |
|
263 the second rule will cause an infinite loop in the recursive call. |
|
264 This can be avoided using the following alternative rules which are |
|
265 declared to the predicate compiler by the attribute \hyperlink{attribute.code-pred-intro}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}pred{\isaliteral{5F}{\isacharunderscore}}intro}}}:% |
|
266 \end{isamarkuptext}% |
|
267 \isamarkuptrue% |
|
268 % |
|
269 \isadelimquote |
|
270 % |
|
271 \endisadelimquote |
|
272 % |
|
273 \isatagquote |
|
274 \isacommand{lemma}\isamarkupfalse% |
|
275 \ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5F}{\isacharunderscore}}pred{\isaliteral{5F}{\isacharunderscore}}intro{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\isanewline |
|
276 \ \ {\isaliteral{22}{\isachardoublequoteopen}}r\ a\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ tranclp\ r\ a\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
277 \ \ {\isaliteral{22}{\isachardoublequoteopen}}r\ a\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ tranclp\ r\ b\ c\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ tranclp\ r\ a\ c{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
278 \isacommand{by}\isamarkupfalse% |
|
279 \ auto% |
|
280 \endisatagquote |
|
281 {\isafoldquote}% |
|
282 % |
|
283 \isadelimquote |
|
284 % |
|
285 \endisadelimquote |
|
286 % |
|
287 \begin{isamarkuptext}% |
|
288 \noindent After declaring all alternative rules for the transitive |
|
289 closure, you invoke \hyperlink{command.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}} as usual. As you have |
|
290 declared alternative rules for the predicate, you are urged to prove |
|
291 that these introduction rules are complete, i.e., that you can |
|
292 derive an elimination rule for the alternative rules:% |
|
293 \end{isamarkuptext}% |
|
294 \isamarkuptrue% |
|
295 % |
|
296 \isadelimquote |
|
297 % |
|
298 \endisadelimquote |
|
299 % |
|
300 \isatagquote |
|
301 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}\isamarkupfalse% |
|
302 \ tranclp\isanewline |
|
303 \isacommand{proof}\isamarkupfalse% |
|
304 \ {\isaliteral{2D}{\isacharminus}}\isanewline |
|
305 \ \ \isacommand{case}\isamarkupfalse% |
|
306 \ tranclp\isanewline |
|
307 \ \ \isacommand{from}\isamarkupfalse% |
|
308 \ this\ converse{\isaliteral{5F}{\isacharunderscore}}tranclpE\ {\isaliteral{5B}{\isacharbrackleft}}OF\ tranclp{\isaliteral{2E}{\isachardot}}prems{\isaliteral{5D}{\isacharbrackright}}\ \isacommand{show}\isamarkupfalse% |
|
309 \ thesis\ \isacommand{by}\isamarkupfalse% |
|
310 \ metis\isanewline |
|
311 \isacommand{qed}\isamarkupfalse% |
|
312 % |
|
313 \endisatagquote |
|
314 {\isafoldquote}% |
|
315 % |
|
316 \isadelimquote |
|
317 % |
|
318 \endisadelimquote |
|
319 % |
|
320 \begin{isamarkuptext}% |
|
321 \noindent Alternative rules can also be used for constants that have |
|
322 not been defined inductively. For example, the lexicographic order |
|
323 which is defined as:% |
|
324 \end{isamarkuptext}% |
|
325 \isamarkuptrue% |
|
326 % |
|
327 \isadelimquote |
|
328 % |
|
329 \endisadelimquote |
|
330 % |
|
331 \isatagquote |
|
332 % |
|
333 \begin{isamarkuptext}% |
|
334 \begin{isabelle}% |
|
335 lexordp\ r\ {\isaliteral{3F}{\isacharquery}}xs\ {\isaliteral{3F}{\isacharquery}}ys\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\isanewline |
|
336 {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6578697374733E}{\isasymexists}}a\ v{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}ys\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{3F}{\isacharquery}}xs\ {\isaliteral{40}{\isacharat}}\ a\ {\isaliteral{23}{\isacharhash}}\ v\ {\isaliteral{5C3C6F723E}{\isasymor}}\isanewline |
|
337 \isaindent{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6578697374733E}{\isasymexists}}a\ v{\isaliteral{2E}{\isachardot}}\ }{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6578697374733E}{\isasymexists}}u\ a\ b\ v\ w{\isaliteral{2E}{\isachardot}}\ r\ a\ b\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}xs\ {\isaliteral{3D}{\isacharequal}}\ u\ {\isaliteral{40}{\isacharat}}\ a\ {\isaliteral{23}{\isacharhash}}\ v\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}ys\ {\isaliteral{3D}{\isacharequal}}\ u\ {\isaliteral{40}{\isacharat}}\ b\ {\isaliteral{23}{\isacharhash}}\ w{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}% |
|
338 \end{isabelle}% |
|
339 \end{isamarkuptext}% |
|
340 \isamarkuptrue% |
|
341 % |
|
342 \endisatagquote |
|
343 {\isafoldquote}% |
|
344 % |
|
345 \isadelimquote |
|
346 % |
|
347 \endisadelimquote |
|
348 % |
|
349 \begin{isamarkuptext}% |
|
350 \noindent To make it executable, you can derive the following two |
|
351 rules and prove the elimination rule:% |
|
352 \end{isamarkuptext}% |
|
353 \isamarkuptrue% |
|
354 % |
|
355 \isadelimquote |
|
356 % |
|
357 \endisadelimquote |
|
358 % |
|
359 \isatagquote |
|
360 \isacommand{lemma}\isamarkupfalse% |
|
361 \ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5F}{\isacharunderscore}}pred{\isaliteral{5F}{\isacharunderscore}}intro{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\isanewline |
|
362 \ \ {\isaliteral{22}{\isachardoublequoteopen}}append\ xs\ {\isaliteral{28}{\isacharparenleft}}a\ {\isaliteral{23}{\isacharhash}}\ v{\isaliteral{29}{\isacharparenright}}\ ys\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ lexordp\ r\ xs\ ys{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
363 \isacommand{lemma}\isamarkupfalse% |
|
364 \ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5F}{\isacharunderscore}}pred{\isaliteral{5F}{\isacharunderscore}}intro{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\isanewline |
|
365 \ \ {\isaliteral{22}{\isachardoublequoteopen}}append\ u\ {\isaliteral{28}{\isacharparenleft}}a\ {\isaliteral{23}{\isacharhash}}\ v{\isaliteral{29}{\isacharparenright}}\ xs\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ append\ u\ {\isaliteral{28}{\isacharparenleft}}b\ {\isaliteral{23}{\isacharhash}}\ w{\isaliteral{29}{\isacharparenright}}\ ys\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ a\ b\isanewline |
|
366 \ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ lexordp\ r\ xs\ ys{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
367 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}\isamarkupfalse% |
|
368 \ lexordp% |
|
369 \endisatagquote |
|
370 {\isafoldquote}% |
|
371 % |
|
372 \isadelimquote |
|
373 % |
|
374 \endisadelimquote |
|
375 % |
|
376 \isamarkupsubsection{Options for values% |
|
377 } |
|
378 \isamarkuptrue% |
|
379 % |
|
380 \begin{isamarkuptext}% |
|
381 In the presence of higher-order predicates, multiple modes for some |
|
382 predicate could be inferred that are not disambiguated by the |
|
383 pattern of the set comprehension. To disambiguate the modes for the |
|
384 arguments of a predicate, you can state the modes explicitly in the |
|
385 \hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}} command. Consider the simple predicate \isa{succ}:% |
|
386 \end{isamarkuptext}% |
|
387 \isamarkuptrue% |
|
388 % |
|
389 \isadelimquote |
|
390 % |
|
391 \endisadelimquote |
|
392 % |
|
393 \isatagquote |
|
394 \isacommand{inductive}\isamarkupfalse% |
|
395 \ succ\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline |
|
396 \ \ {\isaliteral{22}{\isachardoublequoteopen}}succ\ {\isadigit{0}}\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
397 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}succ\ x\ y\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ succ\ {\isaliteral{28}{\isacharparenleft}}Suc\ x{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}Suc\ y{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline |
|
398 \isanewline |
|
399 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}\isamarkupfalse% |
|
400 \ succ\ \isacommand{{\isaliteral{2E}{\isachardot}}}\isamarkupfalse% |
|
401 % |
|
402 \endisatagquote |
|
403 {\isafoldquote}% |
|
404 % |
|
405 \isadelimquote |
|
406 % |
|
407 \endisadelimquote |
|
408 % |
|
409 \begin{isamarkuptext}% |
|
410 \noindent For this, the predicate compiler can infer modes \isa{o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}, \isa{i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}, \isa{o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} and |
|
411 \isa{i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}. The invocation of \hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}} |
|
412 \isa{{\isaliteral{7B}{\isacharbraceleft}}n{\isaliteral{2E}{\isachardot}}\ tranclp\ succ\ {\isadigit{1}}{\isadigit{0}}\ n{\isaliteral{7D}{\isacharbraceright}}} loops, as multiple modes for the |
|
413 predicate \isa{succ} are possible and here the first mode \isa{o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} is chosen. To choose another mode for the argument, |
|
414 you can declare the mode for the argument between the \hyperlink{command.values}{\mbox{\isa{\isacommand{values}}}} and the number of elements.% |
|
415 \end{isamarkuptext}% |
|
416 \isamarkuptrue% |
|
417 % |
|
418 \isadelimquote |
|
419 % |
|
420 \endisadelimquote |
|
421 % |
|
422 \isatagquote |
|
423 \isacommand{values}\isamarkupfalse% |
|
424 \ {\isaliteral{5B}{\isacharbrackleft}}mode{\isaliteral{3A}{\isacharcolon}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{5D}{\isacharbrackright}}\ {\isadigit{1}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}n{\isaliteral{2E}{\isachardot}}\ tranclp\ succ\ {\isadigit{1}}{\isadigit{0}}\ n{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}\ \isanewline |
|
425 \isacommand{values}\isamarkupfalse% |
|
426 \ {\isaliteral{5B}{\isacharbrackleft}}mode{\isaliteral{3A}{\isacharcolon}}\ o\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{5D}{\isacharbrackright}}\ {\isadigit{1}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}n{\isaliteral{2E}{\isachardot}}\ tranclp\ succ\ n\ {\isadigit{1}}{\isadigit{0}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}% |
|
427 \endisatagquote |
|
428 {\isafoldquote}% |
|
429 % |
|
430 \isadelimquote |
|
431 % |
|
432 \endisadelimquote |
|
433 % |
|
434 \isamarkupsubsection{Embedding into functional code within Isabelle/HOL% |
|
435 } |
|
436 \isamarkuptrue% |
|
437 % |
|
438 \begin{isamarkuptext}% |
|
439 To embed the computation of an inductive predicate into functions |
|
440 that are defined in Isabelle/HOL, you have a number of options: |
|
441 |
|
442 \begin{itemize} |
|
443 |
|
444 \item You want to use the first-order predicate with the mode |
|
445 where all arguments are input. Then you can use the predicate directly, e.g. |
|
446 |
|
447 \begin{quote} |
|
448 \isa{valid{\isaliteral{5F}{\isacharunderscore}}suffix\ ys\ zs\ {\isaliteral{3D}{\isacharequal}}} \\ |
|
449 \isa{{\isaliteral{28}{\isacharparenleft}}if\ append\ {\isaliteral{5B}{\isacharbrackleft}}Suc\ {\isadigit{0}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{2}}{\isaliteral{5D}{\isacharbrackright}}\ ys\ zs\ then\ Some\ ys\ else\ None{\isaliteral{29}{\isacharparenright}}} |
|
450 \end{quote} |
|
451 |
|
452 \item If you know that the execution returns only one value (it is |
|
453 deterministic), then you can use the combinator \isa{Predicate{\isaliteral{2E}{\isachardot}}the}, e.g., a functional concatenation of lists is |
|
454 defined with |
|
455 |
|
456 \begin{quote} |
|
457 \isa{functional{\isaliteral{5F}{\isacharunderscore}}concat\ xs\ ys\ {\isaliteral{3D}{\isacharequal}}\ Predicate{\isaliteral{2E}{\isachardot}}the\ {\isaliteral{28}{\isacharparenleft}}append{\isaliteral{5F}{\isacharunderscore}}i{\isaliteral{5F}{\isacharunderscore}}i{\isaliteral{5F}{\isacharunderscore}}o\ xs\ ys{\isaliteral{29}{\isacharparenright}}} |
|
458 \end{quote} |
|
459 |
|
460 Note that if the evaluation does not return a unique value, it |
|
461 raises a run-time error \isa{not{\isaliteral{5F}{\isacharunderscore}}unique}. |
|
462 |
|
463 \end{itemize}% |
|
464 \end{isamarkuptext}% |
|
465 \isamarkuptrue% |
|
466 % |
|
467 \isamarkupsubsection{Further Examples% |
|
468 } |
|
469 \isamarkuptrue% |
|
470 % |
|
471 \begin{isamarkuptext}% |
|
472 Further examples for compiling inductive predicates can be found in |
|
473 the \isa{HOL{\isaliteral{2F}{\isacharslash}}ex{\isaliteral{2F}{\isacharslash}}Predicate{\isaliteral{5F}{\isacharunderscore}}Compile{\isaliteral{5F}{\isacharunderscore}}ex{\isaliteral{2E}{\isachardot}}thy} theory file. There are |
|
474 also some examples in the Archive of Formal Proofs, notably in the |
|
475 \isa{POPLmark{\isaliteral{2D}{\isacharminus}}deBruijn} and the \isa{FeatherweightJava} |
|
476 sessions.% |
|
477 \end{isamarkuptext}% |
|
478 \isamarkuptrue% |
|
479 % |
|
480 \isadelimtheory |
|
481 % |
|
482 \endisadelimtheory |
|
483 % |
|
484 \isatagtheory |
|
485 \isacommand{end}\isamarkupfalse% |
|
486 % |
|
487 \endisatagtheory |
|
488 {\isafoldtheory}% |
|
489 % |
|
490 \isadelimtheory |
|
491 % |
|
492 \endisadelimtheory |
|
493 \isanewline |
|
494 \isanewline |
|
495 \end{isabellebody}% |
|
496 %%% Local Variables: |
|
497 %%% mode: latex |
|
498 %%% TeX-master: "root" |
|
499 %%% End: |
|