762 respects. @{text I} can have any number of arguments and each rule can have |
762 respects. @{text I} can have any number of arguments and each rule can have |
763 additional premises not involving @{text I}, so-called \concept{side |
763 additional premises not involving @{text I}, so-called \concept{side |
764 conditions}. In rule inductions, these side-conditions appear as additional |
764 conditions}. In rule inductions, these side-conditions appear as additional |
765 assumptions. The \isacom{for} clause seen in the definition of the reflexive |
765 assumptions. The \isacom{for} clause seen in the definition of the reflexive |
766 transitive closure merely simplifies the form of the induction rule. |
766 transitive closure merely simplifies the form of the induction rule. |
|
767 |
|
768 \ifsem |
|
769 \subsection{Exercises} |
|
770 |
|
771 \begin{exercise} |
|
772 Consider the stack machine from \autoref{sec:aexp_comp}. |
|
773 A \concept{stack underflow} occurs when executing an instruction |
|
774 on a stack containing too few values, e.g., executing an @{text ADD} |
|
775 instruction on a stack of size less than two. Define an inductive predicate |
|
776 @{text "ok :: nat \<Rightarrow> instr list \<Rightarrow> nat \<Rightarrow> bool"} |
|
777 such that @{text "ok n is n'"} means that with any initial stack of length |
|
778 @{text n} the instructions @{text "is"} can be executed |
|
779 without stack underflow and that the final stack has length @{text n'}. |
|
780 Prove that @{text ok} correctly computes the final stack size |
|
781 @{prop[display] "\<lbrakk>ok n is n'; length stk = n\<rbrakk> \<Longrightarrow> length (exec is s stk) = n'"} |
|
782 and that instruction sequences generated by @{text comp} |
|
783 cannot cause stack underflow: \ @{text "ok n (comp a) ?"} \ for |
|
784 some suitable value of @{text "?"}. |
|
785 \end{exercise} |
|
786 \fi |
767 *} |
787 *} |
768 (*<*) |
788 (*<*) |
769 end |
789 end |
770 (*>*) |
790 (*>*) |