214 |
214 |
215 subsection "Merging two lists" |
215 subsection "Merging two lists" |
216 |
216 |
217 text"This is still a bit rough, especially the proof." |
217 text"This is still a bit rough, especially the proof." |
218 |
218 |
219 definition cor :: "bool \<Rightarrow> bool \<Rightarrow> bool" where |
219 definition cor :: "bool \<Rightarrow> bool \<Rightarrow> bool" |
220 "cor P Q == if P then True else Q" |
220 where "cor P Q \<longleftrightarrow> (if P then True else Q)" |
221 |
221 |
222 definition cand :: "bool \<Rightarrow> bool \<Rightarrow> bool" where |
222 definition cand :: "bool \<Rightarrow> bool \<Rightarrow> bool" |
223 "cand P Q == if P then Q else False" |
223 where "cand P Q \<longleftrightarrow> (if P then Q else False)" |
224 |
224 |
225 fun merge :: "'a list * 'a list * ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a list" where |
225 fun merge :: "'a list * 'a list * ('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a list" |
226 "merge(x#xs,y#ys,f) = (if f x y then x # merge(xs,y#ys,f) |
226 where |
227 else y # merge(x#xs,ys,f))" | |
227 "merge(x#xs,y#ys,f) = (if f x y then x # merge(xs,y#ys,f) |
228 "merge(x#xs,[],f) = x # merge(xs,[],f)" | |
228 else y # merge(x#xs,ys,f))" |
229 "merge([],y#ys,f) = y # merge([],ys,f)" | |
229 | "merge(x#xs,[],f) = x # merge(xs,[],f)" |
230 "merge([],[],f) = []" |
230 | "merge([],y#ys,f) = y # merge([],ys,f)" |
|
231 | "merge([],[],f) = []" |
231 |
232 |
232 text{* Simplifies the proof a little: *} |
233 text{* Simplifies the proof a little: *} |
233 |
234 |
234 lemma [simp]: "({} = insert a A \<inter> B) = (a \<notin> B & {} = A \<inter> B)" |
235 lemma [simp]: "({} = insert a A \<inter> B) = (a \<notin> B & {} = A \<inter> B)" |
235 by blast |
236 by blast |
334 |
335 |
335 Now we try a functional version of the abstraction relation @{term |
336 Now we try a functional version of the abstraction relation @{term |
336 Path}. Since the result is not that convincing, we do not prove any of |
337 Path}. Since the result is not that convincing, we do not prove any of |
337 the lemmas.*} |
338 the lemmas.*} |
338 |
339 |
339 consts ispath:: "('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow> 'a ref \<Rightarrow> bool" |
340 axiomatization |
340 path:: "('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow> 'a ref \<Rightarrow> 'a list" |
341 ispath :: "('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow> 'a ref \<Rightarrow> bool" and |
|
342 path :: "('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow> 'a ref \<Rightarrow> 'a list" |
341 |
343 |
342 text"First some basic lemmas:" |
344 text"First some basic lemmas:" |
343 |
345 |
344 lemma [simp]: "ispath f p p" |
346 lemma [simp]: "ispath f p p" |
345 by (rule unproven) |
347 by (rule unproven) |
477 done |
479 done |
478 |
480 |
479 |
481 |
480 subsection "Storage allocation" |
482 subsection "Storage allocation" |
481 |
483 |
482 definition new :: "'a set \<Rightarrow> 'a" where |
484 definition new :: "'a set \<Rightarrow> 'a" |
483 "new A == SOME a. a \<notin> A" |
485 where "new A = (SOME a. a \<notin> A)" |
484 |
486 |
485 |
487 |
486 lemma new_notin: |
488 lemma new_notin: |
487 "\<lbrakk> ~finite(UNIV::'a set); finite(A::'a set); B \<subseteq> A \<rbrakk> \<Longrightarrow> new (A) \<notin> B" |
489 "\<lbrakk> ~finite(UNIV::'a set); finite(A::'a set); B \<subseteq> A \<rbrakk> \<Longrightarrow> new (A) \<notin> B" |
488 apply(unfold new_def) |
490 apply(unfold new_def) |