# HG changeset patch # User blanchet # Date 1452081871 -3600 # Node ID fd18b51bdc550dff2c2f2e13d19bb838ade7918b # Parent 73fde830ddae05c6d31ed2d20abd404cc3edc970 updated docs diff -r 73fde830ddae -r fd18b51bdc55 src/Doc/Datatypes/Datatypes.thy --- a/src/Doc/Datatypes/Datatypes.thy Wed Jan 06 13:04:31 2016 +0100 +++ b/src/Doc/Datatypes/Datatypes.thy Wed Jan 06 13:04:31 2016 +0100 @@ -14,34 +14,35 @@ Setup "~~/src/HOL/Library/BNF_Axiomatization" "~~/src/HOL/Library/Cardinal_Notations" + "~~/src/HOL/Library/Countable" "~~/src/HOL/Library/FSet" "~~/src/HOL/Library/Simps_Case_Conv" begin -section {* Introduction - \label{sec:introduction} *} - -text {* +section \ Introduction + \label{sec:introduction} \ + +text \ The 2013 edition of Isabelle introduced a definitional package for freely generated datatypes and codatatypes. This package replaces the earlier implementation due to Berghofer and Wenzel @{cite "Berghofer-Wenzel:1999:TPHOL"}. Perhaps the main advantage of the new package is that it supports recursion through a large class of non-datatypes, such as finite sets: -*} +\ datatype 'a tree\<^sub>f\<^sub>s = Node\<^sub>f\<^sub>s (lbl\<^sub>f\<^sub>s: 'a) (sub\<^sub>f\<^sub>s: "'a tree\<^sub>f\<^sub>s fset") -text {* +text \ \noindent Another strong point is the support for local definitions: -*} +\ context linorder begin datatype flag = Less | Eq | Greater end -text {* +text \ \noindent Furthermore, the package provides a lot of convenience, including automatically generated discriminators, selectors, and relators as well as a wealth of @@ -51,7 +52,7 @@ datatypes, or \emph{codatatypes}, which allow infinite values. For example, the following command introduces the type of lazy lists, which comprises both finite and infinite values: -*} +\ (*<*) locale early @@ -59,18 +60,18 @@ (*>*) codatatype (*<*)(in early) (*>*)'a llist = LNil | LCons 'a "'a llist" -text {* +text \ \noindent Mixed inductive--coinductive recursion is possible via nesting. Compare the following four Rose tree examples: -*} +\ datatype (*<*)(in early) (*>*)'a tree\<^sub>f\<^sub>f = Node\<^sub>f\<^sub>f 'a "'a tree\<^sub>f\<^sub>f list" datatype (*<*)(in early) (*>*)'a tree\<^sub>f\<^sub>i = Node\<^sub>f\<^sub>i 'a "'a tree\<^sub>f\<^sub>i llist" codatatype (*<*)(in early) (*>*)'a tree\<^sub>i\<^sub>f = Node\<^sub>i\<^sub>f 'a "'a tree\<^sub>i\<^sub>f list" codatatype (*<*)(in early) (*>*)'a tree\<^sub>i\<^sub>i = Node\<^sub>i\<^sub>i 'a "'a tree\<^sub>i\<^sub>i llist" -text {* +text \ The first two tree types allow only paths of finite length, whereas the last two allow infinite paths. Orthogonally, the nodes in the first and third types have finitely many direct subtrees, whereas those of the second and fourth may have @@ -143,45 +144,45 @@ Comments and bug reports concerning either the package or this tutorial should be directed to the first author at \authoremaili{} or to the \texttt{cl-isabelle-users} mailing list. -*} - - -section {* Defining Datatypes - \label{sec:defining-datatypes} *} - -text {* +\ + + +section \ Defining Datatypes + \label{sec:defining-datatypes} \ + +text \ Datatypes can be specified using the @{command datatype} command. -*} - - -subsection {* Introductory Examples - \label{ssec:datatype-introductory-examples} *} - -text {* +\ + + +subsection \ Introductory Examples + \label{ssec:datatype-introductory-examples} \ + +text \ Datatypes are illustrated through concrete examples featuring different flavors of recursion. More examples can be found in the directory @{file "~~/src/HOL/Datatype_Examples"} -*} - - -subsubsection {* Nonrecursive Types - \label{sssec:datatype-nonrecursive-types} *} - -text {* +\ + + +subsubsection \ Nonrecursive Types + \label{sssec:datatype-nonrecursive-types} \ + +text \ Datatypes are introduced by specifying the desired names and argument types for their constructors. \emph{Enumeration} types are the simplest form of datatype. All their constructors are nullary: -*} +\ datatype trool = Truue | Faalse | Perhaaps -text {* +text \ \noindent @{const Truue}, @{const Faalse}, and @{const Perhaaps} have the type @{typ trool}. Polymorphic types are possible, such as the following option type, modeled after its homologue from the @{theory Option} theory: -*} +\ (*<*) hide_const None Some map_option @@ -189,68 +190,68 @@ (*>*) datatype 'a option = None | Some 'a -text {* +text \ \noindent The constructors are @{text "None :: 'a option"} and @{text "Some :: 'a \ 'a option"}. The next example has three type parameters: -*} +\ datatype ('a, 'b, 'c) triple = Triple 'a 'b 'c -text {* +text \ \noindent The constructor is @{text "Triple :: 'a \ 'b \ 'c \ ('a, 'b, 'c) triple"}. Unlike in Standard ML, curried constructors are supported. The uncurried variant is also possible: -*} +\ datatype ('a, 'b, 'c) triple\<^sub>u = Triple\<^sub>u "'a * 'b * 'c" -text {* +text \ \noindent Occurrences of nonatomic types on the right-hand side of the equal sign must be enclosed in double quotes, as is customary in Isabelle. -*} - - -subsubsection {* Simple Recursion - \label{sssec:datatype-simple-recursion} *} - -text {* +\ + + +subsubsection \ Simple Recursion + \label{sssec:datatype-simple-recursion} \ + +text \ Natural numbers are the simplest example of a recursive type: -*} +\ datatype nat = Zero | Succ nat -text {* +text \ \noindent Lists were shown in the introduction. Terminated lists are a variant that stores a value of type @{typ 'b} at the very end: -*} +\ datatype (*<*)(in early) (*>*)('a, 'b) tlist = TNil 'b | TCons 'a "('a, 'b) tlist" -subsubsection {* Mutual Recursion - \label{sssec:datatype-mutual-recursion} *} - -text {* +subsubsection \ Mutual Recursion + \label{sssec:datatype-mutual-recursion} \ + +text \ \emph{Mutually recursive} types are introduced simultaneously and may refer to each other. The example below introduces a pair of types for even and odd natural numbers: -*} +\ datatype even_nat = Even_Zero | Even_Succ odd_nat and odd_nat = Odd_Succ even_nat -text {* +text \ \noindent Arithmetic expressions are defined via terms, terms via factors, and factors via expressions: -*} +\ datatype ('a, 'b) exp = Term "('a, 'b) trm" | Sum "('a, 'b) trm" "('a, 'b) exp" @@ -260,53 +261,53 @@ Const 'a | Var 'b | Expr "('a, 'b) exp" -subsubsection {* Nested Recursion - \label{sssec:datatype-nested-recursion} *} - -text {* +subsubsection \ Nested Recursion + \label{sssec:datatype-nested-recursion} \ + +text \ \emph{Nested recursion} occurs when recursive occurrences of a type appear under a type constructor. The introduction showed some examples of trees with nesting through lists. A more complex example, that reuses our @{type option} type, follows: -*} +\ datatype 'a btree = BNode 'a "'a btree option" "'a btree option" -text {* +text \ \noindent Not all nestings are admissible. For example, this command will fail: -*} +\ datatype 'a wrong = W1 | W2 (*<*)'a typ (*>*)"'a wrong \ 'a" -text {* +text \ \noindent The issue is that the function arrow @{text "\"} allows recursion only through its right-hand side. This issue is inherited by polymorphic datatypes defined in terms of~@{text "\"}: -*} +\ datatype ('a, 'b) fun_copy = Fun "'a \ 'b" datatype 'a also_wrong = W1 | W2 (*<*)'a typ (*>*)"('a also_wrong, 'a) fun_copy" -text {* +text \ \noindent The following definition of @{typ 'a}-branching trees is legal: -*} +\ datatype 'a ftree = FTLeaf 'a | FTNode "'a \ 'a ftree" -text {* +text \ \noindent And so is the definition of hereditarily finite sets: -*} +\ datatype hfset = HFSet "hfset fset" -text {* +text \ \noindent In general, type constructors @{text "('a\<^sub>1, \, 'a\<^sub>m) t"} allow recursion on a subset of their type arguments @{text 'a\<^sub>1}, \ldots, @@ -322,23 +323,23 @@ register arbitrary type constructors as BNFs. Here is another example that fails: -*} +\ datatype 'a pow_list = PNil 'a (*<*)'a datatype 'a pow_list' = PNil' 'a (*>*)| PCons "('a * 'a) pow_list" -text {* +text \ \noindent This attempted definition features a different flavor of nesting, where the recursive call in the type specification occurs around (rather than inside) another type constructor. -*} - - -subsubsection {* Auxiliary Constants - \label{sssec:datatype-auxiliary-constants} *} - -text {* +\ + + +subsubsection \ Auxiliary Constants + \label{sssec:datatype-auxiliary-constants} \ + +text \ The @{command datatype} command introduces various constants in addition to the constructors. With each datatype are associated set functions, a map function, a relator, discriminators, and selectors, all of which can be given @@ -346,7 +347,7 @@ @{text tl}, @{text set}, @{text map}, and @{text list_all2} override the default names @{text is_Nil}, @{text un_Cons1}, @{text un_Cons2}, @{text set_list}, @{text map_list}, and @{text rel_list}: -*} +\ (*<*) no_translations @@ -372,7 +373,7 @@ where "tl Nil = Nil" -text {* +text \ \noindent The types of the constants that appear in the specification are listed below. @@ -423,14 +424,14 @@ The usual mixfix syntax annotations are available for both types and constructors. For example: -*} +\ (*<*) end (*>*) datatype ('a, 'b) prod (infixr "*" 20) = Pair 'a 'b -text {* \blankline *} +text \ \blankline \ datatype (set: 'a) list = null: Nil ("[]") @@ -439,27 +440,27 @@ map: map rel: list_all2 -text {* +text \ \noindent Incidentally, this is how the traditional syntax can be set up: -*} +\ syntax "_list" :: "args \ 'a list" ("[(_)]") -text {* \blankline *} +text \ \blankline \ translations "[x, xs]" == "x # [xs]" "[x]" == "x # []" -subsection {* Command Syntax - \label{ssec:datatype-command-syntax} *} - -subsubsection {* \keyw{datatype} - \label{sssec:datatype-new} *} - -text {* +subsection \ Command Syntax + \label{ssec:datatype-command-syntax} \ + +subsubsection \ \keyw{datatype} + \label{sssec:datatype-new} \ + +text \ \begin{matharray}{rcl} @{command_def "datatype"} & : & @{text "local_theory \ local_theory"} \end{matharray} @@ -564,13 +565,13 @@ arguments to several constructors as long as the arguments share the same type. If selectors are enabled (cf.\ the @{text "discs_sels"} option) but no name is supplied, the default name is @{text un_C\<^sub>ji}. -*} - - -subsubsection {* \keyw{datatype_compat} - \label{sssec:datatype-compat} *} - -text {* +\ + + +subsubsection \ \keyw{datatype_compat} + \label{sssec:datatype-compat} \ + +text \ \begin{matharray}{rcl} @{command_def "datatype_compat"} & : & @{text "local_theory \ local_theory"} \end{matharray} @@ -584,15 +585,15 @@ \noindent The @{command datatype_compat} command registers new-style datatypes as old-style datatypes and invokes the old-style plugins. For example: -*} +\ datatype_compat even_nat odd_nat -text {* \blankline *} - - ML {* Old_Datatype_Data.get_info @{theory} @{type_name even_nat} *} - -text {* +text \ \blankline \ + + ML \ Old_Datatype_Data.get_info @{theory} @{type_name even_nat} \ + +text \ The syntactic entity \synt{name} denotes an identifier @{cite "isabelle-isar-ref"}. The command is sometimes useful when migrating from the old datatype package to @@ -614,13 +615,13 @@ \item All types through which recursion takes place must be new-style datatypes or the function type. \end{itemize} -*} - - -subsection {* Generated Constants - \label{ssec:datatype-generated-constants} *} - -text {* +\ + + +subsection \ Generated Constants + \label{ssec:datatype-generated-constants} \ + +text \ Given a datatype @{text "('a\<^sub>1, \, 'a\<^sub>m) t"} with $m$ live type variables and $n$ constructors @{text "t.C\<^sub>1"}, \ldots, @{text "t.C\<^sub>n"}, the following auxiliary constants are introduced: @@ -657,13 +658,13 @@ (Section~\ref{sec:selecting-plugins}). The case combinator, discriminators, and selectors are collectively called \emph{destructors}. The prefix ``@{text "t."}'' is an optional component of the names and is normally hidden. -*} - - -subsection {* Generated Theorems - \label{ssec:datatype-generated-theorems} *} - -text {* +\ + + +subsection \ Generated Theorems + \label{ssec:datatype-generated-theorems} \ + +text \ The characteristic theorems generated by @{command datatype} are grouped in three broad categories: @@ -690,27 +691,27 @@ (Section~\ref{sec:selecting-plugins}), but normally excludes low-level theorems that reveal internal constructions. To make these accessible, add the line -*} +\ declare [[bnf_note_all]] (*<*) declare [[bnf_note_all = false]] (*>*) -text {* +text \ \noindent to the top of the theory file. -*} - - -subsubsection {* Free Constructor Theorems - \label{sssec:free-constructor-theorems} *} +\ + + +subsubsection \ Free Constructor Theorems + \label{sssec:free-constructor-theorems} \ (*<*) consts nonnull :: 'a (*>*) -text {* +text \ The free constructor theorems are partitioned in three subgroups. The first subgroup of properties is concerned with the constructors. They are listed below for @{typ "'a list"}: @@ -844,13 +845,13 @@ In addition, equational versions of @{text t.disc} are registered with the @{text "[code]"} attribute. The @{text "[code]"} attribute is set by the @{text code} plugin (Section~\ref{ssec:code-generator}). -*} - - -subsubsection {* Functorial Theorems - \label{sssec:functorial-theorems} *} - -text {* +\ + + +subsubsection \ Functorial Theorems + \label{sssec:functorial-theorems} \ + +text \ The functorial theorems are generated for type constructors with at least one live type argument (e.g., @{typ "'a list"}). They are partitioned in two subgroups. The first subgroup consists of properties involving the @@ -1037,13 +1038,13 @@ \end{description} \end{indentblock} -*} - - -subsubsection {* Inductive Theorems - \label{sssec:inductive-theorems} *} - -text {* +\ + + +subsubsection \ Inductive Theorems + \label{sssec:inductive-theorems} \ + +text \ The inductive theorems are as follows: \begin{indentblock} @@ -1090,17 +1091,33 @@ \end{description} \end{indentblock} -*} - - -subsection {* Compatibility Issues - \label{ssec:datatype-compatibility-issues} *} - -text {* -The command @{command datatype} has been designed to be highly compatible -with the old command (which is now called \keyw{old_datatype}), to ease -migration. There are nonetheless a few incompatibilities that may arise when -porting: +\ + + +subsection \ Proof Method + \label{ssec:datatype-proof-method} \ + +subsubsection \ \textit{countable_datatype} + \label{sssec:datatype-compat} \ + +text \ +The theory @{file "~~/src/HOL/Library/Countable.thy"} provides a +proof method called @{text countable_datatype} that can be used to prove the +countability of many datatypes, building on the countability of the types +appearing in their definitions and of any type arguments. For example: +\ + + instance list :: (countable) countable + by countable_datatype + + +subsection \ Compatibility Issues + \label{ssec:datatype-compatibility-issues} \ + +text \ +The command @{command datatype} has been designed to be highly compatible with +the old command, to ease migration. There are nonetheless a few +incompatibilities that may arise when porting: \begin{itemize} \setlength{\itemsep}{0pt} @@ -1132,14 +1149,14 @@ \item \emph{The @{const size} function has a slightly different definition.} The new function returns @{text 1} instead of @{text 0} for some nonrecursive constructors. This departure from the old behavior made it possible to implement -@{const size} in terms of the generic function @{text "t.size_t"}. -Moreover, the new function considers nested occurrences of a value, in the nested +@{const size} in terms of the generic function @{text "t.size_t"}. Moreover, +the new function considers nested occurrences of a value, in the nested recursive case. The old behavior can be obtained by disabling the @{text size} plugin (Section~\ref{sec:selecting-plugins}) and instantiating the @{text size} type class manually. \item \emph{The internal constructions are completely different.} Proof texts -that unfold the definition of constants introduced by \keyw{old_datatype} will +that unfold the definition of constants introduced by the old command will be difficult to port. \item \emph{Some constants and theorems have different names.} @@ -1147,9 +1164,9 @@ the alias @{text t.inducts} for @{text t.induct} is no longer generated. For $m > 1$ mutually recursive datatypes, @{text "rec_t\<^sub>1_\_t\<^sub>m_i"} has been renamed -@{text "rec_t\<^sub>i"} for each @{text "i \ {1, \, t}"}, +@{text "rec_t\<^sub>i"} for each @{text "i \ {1, \, m}"}, @{text "t\<^sub>1_\_t\<^sub>m.inducts(i)"} has been renamed -@{text "t\<^sub>i.induct"} for each @{text "i \ {1, \, t}"}, and the +@{text "t\<^sub>i.induct"} for each @{text "i \ {1, \, m}"}, and the collection @{text "t\<^sub>1_\_t\<^sub>m.size"} (generated by the @{text size} plugin, Section~\ref{ssec:size}) has been divided into @{text "t\<^sub>1.size"}, \ldots, @{text "t\<^sub>m.size"}. @@ -1163,90 +1180,91 @@ @{text "[of \]"} syntax. \end{itemize} -In the other direction, there is currently no way to register old-style -datatypes as new-style datatypes. If the goal is to define new-style datatypes -with nested recursion through old-style datatypes, the old-style -datatypes can be registered as a BNF -(Section~\ref{sec:registering-bounded-natural-functors}). If the goal is +The old command is still available as \keyw{old_datatype} in theory +@{file "~~/src/HOL/Library/Old_Datatype.thy"}. However, there is no general +way to register old-style datatypes as new-style datatypes. If the objective +is to define new-style datatypes with nested recursion through old-style +datatypes, the old-style datatypes can be registered as a BNF +(Section~\ref{sec:registering-bounded-natural-functors}). If the objective is to derive discriminators and selectors, this can be achieved using @{command free_constructors} (Section~\ref{sec:deriving-destructors-and-theorems-for-free-constructors}). -*} - - -section {* Defining Primitively Recursive Functions - \label{sec:defining-primitively-recursive-functions} *} - -text {* +\ + + +section \ Defining Primitively Recursive Functions + \label{sec:defining-primitively-recursive-functions} \ + +text \ Recursive functions over datatypes can be specified using the @{command primrec} command, which supports primitive recursion, or using the more general \keyw{fun}, \keyw{function}, and \keyw{partial_function} commands. In this tutorial, the focus is on @{command primrec}; \keyw{fun} and \keyw{function} are described in a separate tutorial @{cite "isabelle-function"}. -*} - - -subsection {* Introductory Examples - \label{ssec:primrec-introductory-examples} *} - -text {* +\ + + +subsection \ Introductory Examples + \label{ssec:primrec-introductory-examples} \ + +text \ Primitive recursion is illustrated through concrete examples based on the datatypes defined in Section~\ref{ssec:datatype-introductory-examples}. More examples can be found in the directory @{file "~~/src/HOL/Datatype_Examples"}. -*} - - -subsubsection {* Nonrecursive Types - \label{sssec:primrec-nonrecursive-types} *} - -text {* +\ + + +subsubsection \ Nonrecursive Types + \label{sssec:primrec-nonrecursive-types} \ + +text \ Primitive recursion removes one layer of constructors on the left-hand side in each equation. For example: -*} +\ primrec (nonexhaustive) bool_of_trool :: "trool \ bool" where - "bool_of_trool Faalse \ False" | - "bool_of_trool Truue \ True" - -text {* \blankline *} + "bool_of_trool Faalse \ False" + | "bool_of_trool Truue \ True" + +text \ \blankline \ primrec the_list :: "'a option \ 'a list" where - "the_list None = []" | - "the_list (Some a) = [a]" - -text {* \blankline *} + "the_list None = []" + | "the_list (Some a) = [a]" + +text \ \blankline \ primrec the_default :: "'a \ 'a option \ 'a" where - "the_default d None = d" | - "the_default _ (Some a) = a" - -text {* \blankline *} + "the_default d None = d" + | "the_default _ (Some a) = a" + +text \ \blankline \ primrec mirrror :: "('a, 'b, 'c) triple \ ('c, 'b, 'a) triple" where "mirrror (Triple a b c) = Triple c b a" -text {* +text \ \noindent The equations can be specified in any order, and it is acceptable to leave out some cases, which are then unspecified. Pattern matching on the left-hand side is restricted to a single datatype, which must correspond to the same argument in all equations. -*} - - -subsubsection {* Simple Recursion - \label{sssec:primrec-simple-recursion} *} - -text {* +\ + + +subsubsection \ Simple Recursion + \label{sssec:primrec-simple-recursion} \ + +text \ For simple recursive types, recursive calls on a constructor argument are allowed on the right-hand side: -*} +\ primrec replicate :: "nat \ 'a \ 'a list" where - "replicate Zero _ = []" | - "replicate (Succ n) x = x # replicate n x" - -text {* \blankline *} + "replicate Zero _ = []" + | "replicate (Succ n) x = x # replicate n x" + +text \ \blankline \ primrec (nonexhaustive) at :: "'a list \ nat \ 'a" where "at (x # xs) j = @@ -1254,91 +1272,91 @@ Zero \ x | Succ j' \ at xs j')" -text {* \blankline *} +text \ \blankline \ primrec (*<*)(in early) (transfer) (*>*)tfold :: "('a \ 'b \ 'b) \ ('a, 'b) tlist \ 'b" where - "tfold _ (TNil y) = y" | - "tfold f (TCons x xs) = f x (tfold f xs)" - -text {* + "tfold _ (TNil y) = y" + | "tfold f (TCons x xs) = f x (tfold f xs)" + +text \ \noindent Pattern matching is only available for the argument on which the recursion takes place. Fortunately, it is easy to generate pattern-maching equations using the -\keyw{simps_of_case} command provided by the theory +@{command simps_of_case} command provided by the theory @{file "~~/src/HOL/Library/Simps_Case_Conv.thy"}. -*} - - simps_of_case at_simps: at.simps - -text {* -This generates the lemma collection @{thm [source] at_simps}: +\ + + simps_of_case at_simps_alt: at.simps + +text \ +This generates the lemma collection @{thm [source] at_simps_alt}: % -\[@{thm at_simps(1)[no_vars]} - \qquad @{thm at_simps(2)[no_vars]}\] +\[@{thm at_simps_alt(1)[no_vars]} + \qquad @{thm at_simps_alt(2)[no_vars]}\] % The next example is defined using \keyw{fun} to escape the syntactic restrictions imposed on primitively recursive functions: -*} +\ fun at_least_two :: "nat \ bool" where - "at_least_two (Succ (Succ _)) \ True" | - "at_least_two _ \ False" - - -subsubsection {* Mutual Recursion - \label{sssec:primrec-mutual-recursion} *} - -text {* + "at_least_two (Succ (Succ _)) \ True" + | "at_least_two _ \ False" + + +subsubsection \ Mutual Recursion + \label{sssec:primrec-mutual-recursion} \ + +text \ The syntax for mutually recursive functions over mutually recursive datatypes is straightforward: -*} +\ primrec nat_of_even_nat :: "even_nat \ nat" and nat_of_odd_nat :: "odd_nat \ nat" where - "nat_of_even_nat Even_Zero = Zero" | - "nat_of_even_nat (Even_Succ n) = Succ (nat_of_odd_nat n)" | - "nat_of_odd_nat (Odd_Succ n) = Succ (nat_of_even_nat n)" - -text {* \blankline *} + "nat_of_even_nat Even_Zero = Zero" + | "nat_of_even_nat (Even_Succ n) = Succ (nat_of_odd_nat n)" + | "nat_of_odd_nat (Odd_Succ n) = Succ (nat_of_even_nat n)" + +text \ \blankline \ primrec eval\<^sub>e :: "('a \ int) \ ('b \ int) \ ('a, 'b) exp \ int" and eval\<^sub>t :: "('a \ int) \ ('b \ int) \ ('a, 'b) trm \ int" and eval\<^sub>f :: "('a \ int) \ ('b \ int) \ ('a, 'b) fct \ int" where - "eval\<^sub>e \ \ (Term t) = eval\<^sub>t \ \ t" | - "eval\<^sub>e \ \ (Sum t e) = eval\<^sub>t \ \ t + eval\<^sub>e \ \ e" | - "eval\<^sub>t \ \ (Factor f) = eval\<^sub>f \ \ f" | - "eval\<^sub>t \ \ (Prod f t) = eval\<^sub>f \ \ f + eval\<^sub>t \ \ t" | - "eval\<^sub>f \ _ (Const a) = \ a" | - "eval\<^sub>f _ \ (Var b) = \ b" | - "eval\<^sub>f \ \ (Expr e) = eval\<^sub>e \ \ e" - -text {* + "eval\<^sub>e \ \ (Term t) = eval\<^sub>t \ \ t" + | "eval\<^sub>e \ \ (Sum t e) = eval\<^sub>t \ \ t + eval\<^sub>e \ \ e" + | "eval\<^sub>t \ \ (Factor f) = eval\<^sub>f \ \ f" + | "eval\<^sub>t \ \ (Prod f t) = eval\<^sub>f \ \ f + eval\<^sub>t \ \ t" + | "eval\<^sub>f \ _ (Const a) = \ a" + | "eval\<^sub>f _ \ (Var b) = \ b" + | "eval\<^sub>f \ \ (Expr e) = eval\<^sub>e \ \ e" + +text \ \noindent Mutual recursion is possible within a single type, using \keyw{fun}: -*} +\ fun even :: "nat \ bool" and odd :: "nat \ bool" where - "even Zero = True" | - "even (Succ n) = odd n" | - "odd Zero = False" | - "odd (Succ n) = even n" - - -subsubsection {* Nested Recursion - \label{sssec:primrec-nested-recursion} *} - -text {* + "even Zero = True" + | "even (Succ n) = odd n" + | "odd Zero = False" + | "odd (Succ n) = even n" + + +subsubsection \ Nested Recursion + \label{sssec:primrec-nested-recursion} \ + +text \ In a departure from the old datatype package, nested recursion is normally handled via the map functions of the nesting type constructors. For example, recursive calls are lifted to lists using @{const map}: -*} +\ (*<*) datatype 'a tree\<^sub>f\<^sub>f = Node\<^sub>f\<^sub>f (lbl\<^sub>f\<^sub>f: 'a) (sub\<^sub>f\<^sub>f: "'a tree\<^sub>f\<^sub>f list") @@ -1349,86 +1367,86 @@ [] \ a | j # js' \ at (map (\t. at\<^sub>f\<^sub>f t js') ts) j)" -text {* +text \ \noindent The next example features recursion through the @{text option} type. Although @{text option} is not a new-style datatype, it is registered as a BNF with the map function @{const map_option}: -*} +\ primrec (*<*)(in early) (*>*)sum_btree :: "('a::{zero,plus}) btree \ 'a" where "sum_btree (BNode a lt rt) = a + the_default 0 (map_option sum_btree lt) + the_default 0 (map_option sum_btree rt)" -text {* +text \ \noindent The same principle applies for arbitrary type constructors through which recursion is possible. Notably, the map function for the function type (@{text \}) is simply composition (@{text "op \"}): -*} +\ primrec (*<*)(in early) (*>*)relabel_ft :: "('a \ 'a) \ 'a ftree \ 'a ftree" where - "relabel_ft f (FTLeaf x) = FTLeaf (f x)" | - "relabel_ft f (FTNode g) = FTNode (relabel_ft f \ g)" - -text {* + "relabel_ft f (FTLeaf x) = FTLeaf (f x)" + | "relabel_ft f (FTNode g) = FTNode (relabel_ft f \ g)" + +text \ \noindent For convenience, recursion through functions can also be expressed using $\lambda$-abstractions and function application rather than through composition. For example: -*} +\ primrec relabel_ft :: "('a \ 'a) \ 'a ftree \ 'a ftree" where - "relabel_ft f (FTLeaf x) = FTLeaf (f x)" | - "relabel_ft f (FTNode g) = FTNode (\x. relabel_ft f (g x))" - -text {* \blankline *} + "relabel_ft f (FTLeaf x) = FTLeaf (f x)" + | "relabel_ft f (FTNode g) = FTNode (\x. relabel_ft f (g x))" + +text \ \blankline \ primrec (nonexhaustive) subtree_ft :: "'a \ 'a ftree \ 'a ftree" where "subtree_ft x (FTNode g) = g x" -text {* +text \ \noindent For recursion through curried $n$-ary functions, $n$ applications of @{term "op \"} are necessary. The examples below illustrate the case where $n = 2$: -*} +\ datatype 'a ftree2 = FTLeaf2 'a | FTNode2 "'a \ 'a \ 'a ftree2" -text {* \blankline *} +text \ \blankline \ primrec (*<*)(in early) (*>*)relabel_ft2 :: "('a \ 'a) \ 'a ftree2 \ 'a ftree2" where - "relabel_ft2 f (FTLeaf2 x) = FTLeaf2 (f x)" | - "relabel_ft2 f (FTNode2 g) = FTNode2 (op \ (op \ (relabel_ft2 f)) g)" - -text {* \blankline *} + "relabel_ft2 f (FTLeaf2 x) = FTLeaf2 (f x)" + | "relabel_ft2 f (FTNode2 g) = FTNode2 (op \ (op \ (relabel_ft2 f)) g)" + +text \ \blankline \ primrec relabel_ft2 :: "('a \ 'a) \ 'a ftree2 \ 'a ftree2" where - "relabel_ft2 f (FTLeaf2 x) = FTLeaf2 (f x)" | - "relabel_ft2 f (FTNode2 g) = FTNode2 (\x y. relabel_ft2 f (g x y))" - -text {* \blankline *} + "relabel_ft2 f (FTLeaf2 x) = FTLeaf2 (f x)" + | "relabel_ft2 f (FTNode2 g) = FTNode2 (\x y. relabel_ft2 f (g x y))" + +text \ \blankline \ primrec (nonexhaustive) subtree_ft2 :: "'a \ 'a \ 'a ftree2 \ 'a ftree2" where "subtree_ft2 x y (FTNode2 g) = g x y" -subsubsection {* Nested-as-Mutual Recursion - \label{sssec:primrec-nested-as-mutual-recursion} *} +subsubsection \ Nested-as-Mutual Recursion + \label{sssec:primrec-nested-as-mutual-recursion} \ (*<*) locale n2m begin (*>*) -text {* +text \ For compatibility with the old package, but also because it is sometimes convenient in its own right, it is possible to treat nested recursive datatypes as mutually recursive ones if the recursion takes place though new-style datatypes. For example: -*} +\ primrec (nonexhaustive) at\<^sub>f\<^sub>f :: "'a tree\<^sub>f\<^sub>f \ nat list \ 'a" and @@ -1437,13 +1455,13 @@ "at\<^sub>f\<^sub>f (Node\<^sub>f\<^sub>f a ts) js = (case js of [] \ a - | j # js' \ ats\<^sub>f\<^sub>f ts j js')" | - "ats\<^sub>f\<^sub>f (t # ts) j = + | j # js' \ ats\<^sub>f\<^sub>f ts j js')" + | "ats\<^sub>f\<^sub>f (t # ts) j = (case j of Zero \ at\<^sub>f\<^sub>f t | Succ j' \ ats\<^sub>f\<^sub>f ts j')" -text {* +text \ \noindent Appropriate induction rules are generated as @{thm [source] at\<^sub>f\<^sub>f.induct}, @@ -1453,18 +1471,18 @@ and are kept in a cache to speed up subsequent definitions. Here is a second example: -*} +\ primrec sum_btree :: "('a::{zero,plus}) btree \ 'a" and sum_btree_option :: "'a btree option \ 'a" where "sum_btree (BNode a lt rt) = - a + sum_btree_option lt + sum_btree_option rt" | - "sum_btree_option None = 0" | - "sum_btree_option (Some t) = sum_btree t" - -text {* + a + sum_btree_option lt + sum_btree_option rt" + | "sum_btree_option None = 0" + | "sum_btree_option (Some t) = sum_btree t" + +text \ % * can pretend a nested type is mutually recursive (if purely inductive) % * avoids the higher-order map % * e.g. @@ -1491,19 +1509,19 @@ % % * impact on automation unclear % -*} +\ (*<*) end (*>*) -subsection {* Command Syntax - \label{ssec:primrec-command-syntax} *} - -subsubsection {* \keyw{primrec} - \label{sssec:primrec-new} *} - -text {* +subsection \ Command Syntax + \label{ssec:primrec-command-syntax} \ + +subsubsection \ \keyw{primrec} + \label{sssec:primrec-new} \ + +text \ \begin{matharray}{rcl} @{command_def "primrec"} & : & @{text "local_theory \ local_theory"} \end{matharray} @@ -1551,18 +1569,18 @@ %%% TODO: elaborate on format of the equations %%% TODO: elaborate on mutual and nested-to-mutual -*} - - -subsection {* Generated Theorems - \label{ssec:primrec-generated-theorems} *} +\ + + +subsection \ Generated Theorems + \label{ssec:primrec-generated-theorems} \ (*<*) context early begin (*>*) -text {* +text \ The @{command primrec} command generates the following properties (listed for @{const tfold}): @@ -1593,17 +1611,17 @@ \end{description} \end{indentblock} -*} +\ (*<*) end (*>*) -subsection {* Recursive Default Values for Selectors - \label{ssec:primrec-recursive-default-values-for-selectors} *} - -text {* +subsection \ Recursive Default Values for Selectors + \label{ssec:primrec-recursive-default-values-for-selectors} \ + +text \ A datatype selector @{text un_D} can have a default value for each constructor on which it is not otherwise specified. Occasionally, it is useful to have the default value be defined recursively. This leads to a chicken-and-egg @@ -1637,14 +1655,14 @@ \noindent The following example illustrates this procedure: -*} +\ (*<*) hide_const termi (*>*) consts termi\<^sub>0 :: 'a -text {* \blankline *} +text \ \blankline \ datatype ('a, 'b) tlist = TNil (termi: 'b) @@ -1653,26 +1671,26 @@ "ttl (TNil y) = TNil y" | "termi (TCons _ xs) = termi\<^sub>0 xs" -text {* \blankline *} +text \ \blankline \ overloading termi\<^sub>0 \ "termi\<^sub>0 :: ('a, 'b) tlist \ 'b" begin primrec termi\<^sub>0 :: "('a, 'b) tlist \ 'b" where - "termi\<^sub>0 (TNil y) = y" | - "termi\<^sub>0 (TCons x xs) = termi\<^sub>0 xs" + "termi\<^sub>0 (TNil y) = y" + | "termi\<^sub>0 (TCons x xs) = termi\<^sub>0 xs" end -text {* \blankline *} +text \ \blankline \ lemma termi_TCons[simp]: "termi (TCons x xs) = termi xs" by (cases xs) auto -subsection {* Compatibility Issues - \label{ssec:primrec-compatibility-issues} *} - -text {* +subsection \ Compatibility Issues + \label{ssec:primrec-compatibility-issues} \ + +text \ The command @{command primrec}'s behavior on new-style datatypes has been designed to be highly compatible with that for old-style datatypes, to ease migration. There is nonetheless at least one incompatibility that may arise when @@ -1686,34 +1704,34 @@ @{text "f\<^sub>1_\_f\<^sub>m.simps"} has been broken down into separate subcollections @{text "f\<^sub>i.simps"}. \end{itemize} -*} - - -section {* Defining Codatatypes - \label{sec:defining-codatatypes} *} - -text {* +\ + + +section \ Defining Codatatypes + \label{sec:defining-codatatypes} \ + +text \ Codatatypes can be specified using the @{command codatatype} command. The command is first illustrated through concrete examples featuring different flavors of corecursion. More examples can be found in the directory @{file "~~/src/HOL/Datatype_Examples"}. The \emph{Archive of Formal Proofs} also includes some useful codatatypes, notably for lazy lists @{cite "lochbihler-2010"}. -*} - - -subsection {* Introductory Examples - \label{ssec:codatatype-introductory-examples} *} - -subsubsection {* Simple Corecursion - \label{sssec:codatatype-simple-corecursion} *} - -text {* +\ + + +subsection \ Introductory Examples + \label{ssec:codatatype-introductory-examples} \ + +subsubsection \ Simple Corecursion + \label{sssec:codatatype-simple-corecursion} \ + +text \ Non-corecursive codatatypes coincide with the corresponding datatypes, so they are rarely used in practice. \emph{Corecursive codatatypes} have the same syntax as recursive datatypes, except for the command name. For example, here is the definition of lazy lists: -*} +\ codatatype (lset: 'a) llist = lnull: LNil @@ -1724,12 +1742,12 @@ where "ltl LNil = LNil" -text {* +text \ \noindent Lazy lists can be infinite, such as @{text "LCons 0 (LCons 0 (\))"} and @{text "LCons 0 (LCons 1 (LCons 2 (\)))"}. Here is a related type, that of infinite streams: -*} +\ codatatype (sset: 'a) stream = SCons (shd: 'a) (stl: "'a stream") @@ -1737,22 +1755,22 @@ map: smap rel: stream_all2 -text {* +text \ \noindent Another interesting type that can be defined as a codatatype is that of the extended natural numbers: -*} +\ codatatype enat = EZero | ESucc enat -text {* +text \ \noindent This type has exactly one infinite element, @{text "ESucc (ESucc (ESucc (\)))"}, that represents $\infty$. In addition, it has finite values of the form @{text "ESucc (\ (ESucc EZero)\)"}. Here is an example with many constructors: -*} +\ codatatype 'a process = Fail @@ -1760,51 +1778,51 @@ | Action (prefix: 'a) (cont: "'a process") | Choice (left: "'a process") (right: "'a process") -text {* +text \ \noindent Notice that the @{const cont} selector is associated with both @{const Skip} and @{const Action}. -*} - - -subsubsection {* Mutual Corecursion - \label{sssec:codatatype-mutual-corecursion} *} - -text {* +\ + + +subsubsection \ Mutual Corecursion + \label{sssec:codatatype-mutual-corecursion} \ + +text \ \noindent The example below introduces a pair of \emph{mutually corecursive} types: -*} +\ codatatype even_enat = Even_EZero | Even_ESucc odd_enat and odd_enat = Odd_ESucc even_enat -subsubsection {* Nested Corecursion - \label{sssec:codatatype-nested-corecursion} *} - -text {* +subsubsection \ Nested Corecursion + \label{sssec:codatatype-nested-corecursion} \ + +text \ \noindent The next examples feature \emph{nested corecursion}: -*} +\ codatatype 'a tree\<^sub>i\<^sub>i = Node\<^sub>i\<^sub>i (lbl\<^sub>i\<^sub>i: 'a) (sub\<^sub>i\<^sub>i: "'a tree\<^sub>i\<^sub>i llist") -text {* \blankline *} +text \ \blankline \ codatatype 'a tree\<^sub>i\<^sub>s = Node\<^sub>i\<^sub>s (lbl\<^sub>i\<^sub>s: 'a) (sub\<^sub>i\<^sub>s: "'a tree\<^sub>i\<^sub>s fset") -text {* \blankline *} +text \ \blankline \ codatatype 'a sm = SM (accept: bool) (trans: "'a \ 'a sm") -subsection {* Command Syntax - \label{ssec:codatatype-command-syntax} *} - -subsubsection {* \keyw{codatatype} - \label{sssec:codatatype} *} - -text {* +subsection \ Command Syntax + \label{ssec:codatatype-command-syntax} \ + +subsubsection \ \keyw{codatatype} + \label{sssec:codatatype} \ + +text \ \begin{matharray}{rcl} @{command_def "codatatype"} & : & @{text "local_theory \ local_theory"} \end{matharray} @@ -1820,13 +1838,13 @@ (Section~\ref{ssec:datatype-command-syntax}). The @{text "discs_sels"} option is superfluous because discriminators and selectors are always generated for codatatypes. -*} - - -subsection {* Generated Constants - \label{ssec:codatatype-generated-constants} *} - -text {* +\ + + +subsection \ Generated Constants + \label{ssec:codatatype-generated-constants} \ + +text \ Given a codatatype @{text "('a\<^sub>1, \, 'a\<^sub>m) t"} with $m > 0$ live type variables and $n$ constructors @{text "t.C\<^sub>1"}, \ldots, @{text "t.C\<^sub>n"}, the same auxiliary constants are generated as for @@ -1839,13 +1857,13 @@ Corecursor: & @{text t.corec_t} \end{tabular} -*} - - -subsection {* Generated Theorems - \label{ssec:codatatype-generated-theorems} *} - -text {* +\ + + +subsection \ Generated Theorems + \label{ssec:codatatype-generated-theorems} \ + +text \ The characteristic theorems generated by @{command codatatype} are grouped in three broad categories: @@ -1866,13 +1884,13 @@ \noindent The first two categories are exactly as for datatypes. -*} - - -subsubsection {* Coinductive Theorems - \label{sssec:coinductive-theorems} *} - -text {* +\ + + +subsubsection \ Coinductive Theorems + \label{sssec:coinductive-theorems} \ + +text \ The coinductive theorems are listed below for @{typ "'a llist"}: \begin{indentblock} @@ -1958,13 +1976,13 @@ \end{description} \end{indentblock} -*} - - -section {* Defining Primitively Corecursive Functions - \label{sec:defining-primitively-corecursive-functions} *} - -text {* +\ + + +section \ Defining Primitively Corecursive Functions + \label{sec:defining-primitively-corecursive-functions} \ + +text \ Corecursive functions can be specified using the @{command primcorec} and \keyw{prim\-corec\-ursive} commands, which support primitive corecursion. Other approaches include the more general \keyw{partial_function} command, the @@ -2007,40 +2025,40 @@ %%% TODO: partial_function? E.g. for defining tail recursive function on lazy %%% lists (cf. terminal0 in TLList.thy) -*} - - -subsection {* Introductory Examples - \label{ssec:primcorec-introductory-examples} *} - -text {* +\ + + +subsection \ Introductory Examples + \label{ssec:primcorec-introductory-examples} \ + +text \ Primitive corecursion is illustrated through concrete examples based on the codatatypes defined in Section~\ref{ssec:codatatype-introductory-examples}. More examples can be found in the directory @{file "~~/src/HOL/Datatype_Examples"}. The code view is favored in the examples below. Sections \ref{ssec:primrec-constructor-view} and \ref{ssec:primrec-destructor-view} present the same examples expressed using the constructor and destructor views. -*} - - -subsubsection {* Simple Corecursion - \label{sssec:primcorec-simple-corecursion} *} - -text {* +\ + + +subsubsection \ Simple Corecursion + \label{sssec:primcorec-simple-corecursion} \ + +text \ Following the code view, corecursive calls are allowed on the right-hand side as long as they occur under a constructor, which itself appears either directly to the right of the equal sign or in a conditional expression: -*} +\ primcorec (*<*)(transfer) (*>*)literate :: "('a \ 'a) \ 'a \ 'a llist" where "literate g x = LCons x (literate g (g x))" -text {* \blankline *} +text \ \blankline \ primcorec siterate :: "('a \ 'a) \ 'a \ 'a stream" where "siterate g x = SCons x (siterate g (g x))" -text {* +text \ \noindent The constructor ensures that progress is made---i.e., the function is \emph{productive}. The above functions compute the infinite lazy list or stream @@ -2052,55 +2070,53 @@ Corecursive functions construct codatatype values, but nothing prevents them from also consuming such values. The following function drops every second element in a stream: -*} +\ primcorec every_snd :: "'a stream \ 'a stream" where "every_snd s = SCons (shd s) (stl (stl s))" -text {* +text \ \noindent Constructs such as @{text "let"}--@{text "in"}, @{text "if"}--@{text "then"}--@{text "else"}, and @{text "case"}--@{text "of"} may appear around constructors that guard corecursive calls: -*} - - primcorec lappend :: "'a llist \ 'a llist \ 'a llist" where - "lappend xs ys = +\ + + primcorec lapp :: "'a llist \ 'a llist \ 'a llist" where + "lapp xs ys = (case xs of LNil \ ys - | LCons x xs' \ LCons x (lappend xs' ys))" - -text {* + | LCons x xs' \ LCons x (lapp xs' ys))" + +text \ \noindent Pattern matching is not supported by @{command primcorec}. Fortunately, it is -easy to generate pattern-maching equations using the \keyw{simps_of_case} +easy to generate pattern-maching equations using the @{command simps_of_case} command provided by the theory @{file "~~/src/HOL/Library/Simps_Case_Conv.thy"}. -*} - - simps_of_case lappend_simps: lappend.code - -text {* -This generates the lemma collection @{thm [source] lappend_simps}: +\ + + simps_of_case lapp_simps: lapp.code + +text \ +This generates the lemma collection @{thm [source] lapp_simps}: % -\begin{gather*% -} - @{thm lappend_simps(1)[no_vars]} \\ - @{thm lappend_simps(2)[no_vars]} -\end{gather*% -} +\begin{gather*} + @{thm lapp_simps(1)[no_vars]} \\ + @{thm lapp_simps(2)[no_vars]} +\end{gather*} % Corecursion is useful to specify not only functions but also infinite objects: -*} +\ primcorec infty :: enat where "infty = ESucc infty" -text {* +text \ \noindent The example below constructs a pseudorandom process value. It takes a stream of actions (@{text s}), a pseudorandom function generator (@{text f}), and a pseudorandom seed (@{text n}): -*} +\ (*<*) context early @@ -2123,50 +2139,50 @@ end (*>*) -text {* +text \ \noindent The main disadvantage of the code view is that the conditions are tested sequentially. This is visible in the generated theorems. The constructor and destructor views offer nonsequential alternatives. -*} - - -subsubsection {* Mutual Corecursion - \label{sssec:primcorec-mutual-corecursion} *} - -text {* +\ + + +subsubsection \ Mutual Corecursion + \label{sssec:primcorec-mutual-corecursion} \ + +text \ The syntax for mutually corecursive functions over mutually corecursive datatypes is unsurprising: -*} +\ primcorec even_infty :: even_enat and odd_infty :: odd_enat where - "even_infty = Even_ESucc odd_infty" | - "odd_infty = Odd_ESucc even_infty" - - -subsubsection {* Nested Corecursion - \label{sssec:primcorec-nested-corecursion} *} - -text {* + "even_infty = Even_ESucc odd_infty" + | "odd_infty = Odd_ESucc even_infty" + + +subsubsection \ Nested Corecursion + \label{sssec:primcorec-nested-corecursion} \ + +text \ The next pair of examples generalize the @{const literate} and @{const siterate} functions (Section~\ref{sssec:primcorec-nested-corecursion}) to possibly infinite trees in which subnodes are organized either as a lazy list (@{text tree\<^sub>i\<^sub>i}) or as a finite set (@{text tree\<^sub>i\<^sub>s}). They rely on the map functions of the nesting type constructors to lift the corecursive calls: -*} +\ primcorec iterate\<^sub>i\<^sub>i :: "('a \ 'a llist) \ 'a \ 'a tree\<^sub>i\<^sub>i" where "iterate\<^sub>i\<^sub>i g x = Node\<^sub>i\<^sub>i x (lmap (iterate\<^sub>i\<^sub>i g) (g x))" -text {* \blankline *} +text \ \blankline \ primcorec iterate\<^sub>i\<^sub>s :: "('a \ 'a fset) \ 'a \ 'a tree\<^sub>i\<^sub>s" where "iterate\<^sub>i\<^sub>s g x = Node\<^sub>i\<^sub>s x (fimage (iterate\<^sub>i\<^sub>s g) (g x))" -text {* +text \ \noindent Both examples follow the usual format for constructor arguments associated with nested recursive occurrences of the datatype. Consider @@ -2176,79 +2192,79 @@ This format may sometimes feel artificial. The following function constructs a tree with a single, infinite branch from a stream: -*} +\ primcorec tree\<^sub>i\<^sub>i_of_stream :: "'a stream \ 'a tree\<^sub>i\<^sub>i" where "tree\<^sub>i\<^sub>i_of_stream s = Node\<^sub>i\<^sub>i (shd s) (lmap tree\<^sub>i\<^sub>i_of_stream (LCons (stl s) LNil))" -text {* +text \ \noindent A more natural syntax, also supported by Isabelle, is to move corecursive calls under constructors: -*} +\ primcorec (*<*)(in late) (*>*)tree\<^sub>i\<^sub>i_of_stream :: "'a stream \ 'a tree\<^sub>i\<^sub>i" where "tree\<^sub>i\<^sub>i_of_stream s = Node\<^sub>i\<^sub>i (shd s) (LCons (tree\<^sub>i\<^sub>i_of_stream (stl s)) LNil)" -text {* +text \ The next example illustrates corecursion through functions, which is a bit special. Deterministic finite automata (DFAs) are traditionally defined as 5-tuples @{text "(Q, \, \, q\<^sub>0, F)"}, where @{text Q} is a finite set of states, @{text \} is a finite alphabet, @{text \} is a transition function, @{text q\<^sub>0} is an initial state, and @{text F} is a set of final states. The following function translates a DFA into a state machine: -*} +\ primcorec (*<*)(in early) (*>*)sm_of_dfa :: "('q \ 'a \ 'q) \ 'q set \ 'q \ 'a sm" where "sm_of_dfa \ F q = SM (q \ F) (sm_of_dfa \ F \ \ q)" -text {* +text \ \noindent The map function for the function type (@{text \}) is composition (@{text "op \"}). For convenience, corecursion through functions can also be expressed using $\lambda$-abstractions and function application rather than through composition. For example: -*} +\ primcorec sm_of_dfa :: "('q \ 'a \ 'q) \ 'q set \ 'q \ 'a sm" where "sm_of_dfa \ F q = SM (q \ F) (\a. sm_of_dfa \ F (\ q a))" -text {* \blankline *} +text \ \blankline \ primcorec empty_sm :: "'a sm" where "empty_sm = SM False (\_. empty_sm)" -text {* \blankline *} +text \ \blankline \ primcorec not_sm :: "'a sm \ 'a sm" where "not_sm M = SM (\ accept M) (\a. not_sm (trans M a))" -text {* \blankline *} +text \ \blankline \ primcorec or_sm :: "'a sm \ 'a sm \ 'a sm" where "or_sm M N = SM (accept M \ accept N) (\a. or_sm (trans M a) (trans N a))" -text {* +text \ \noindent For recursion through curried $n$-ary functions, $n$ applications of @{term "op \"} are necessary. The examples below illustrate the case where $n = 2$: -*} +\ codatatype ('a, 'b) sm2 = SM2 (accept2: bool) (trans2: "'a \ 'b \ ('a, 'b) sm2") -text {* \blankline *} +text \ \blankline \ primcorec (*<*)(in early) (*>*)sm2_of_dfa :: "('q \ 'a \ 'b \ 'q) \ 'q set \ 'q \ ('a, 'b) sm2" where "sm2_of_dfa \ F q = SM2 (q \ F) (op \ (op \ (sm2_of_dfa \ F)) (\ q))" -text {* \blankline *} +text \ \blankline \ primcorec sm2_of_dfa :: "('q \ 'a \ 'b \ 'q) \ 'q set \ 'q \ ('a, 'b) sm2" @@ -2256,15 +2272,15 @@ "sm2_of_dfa \ F q = SM2 (q \ F) (\a b. sm2_of_dfa \ F (\ q a b))" -subsubsection {* Nested-as-Mutual Corecursion - \label{sssec:primcorec-nested-as-mutual-corecursion} *} - -text {* +subsubsection \ Nested-as-Mutual Corecursion + \label{sssec:primcorec-nested-as-mutual-corecursion} \ + +text \ Just as it is possible to recurse over nested recursive datatypes as if they were mutually recursive (Section~\ref{sssec:primrec-nested-as-mutual-recursion}), it is possible to pretend that nested codatatypes are mutually corecursive. For example: -*} +\ (*<*) context late @@ -2274,13 +2290,13 @@ iterate\<^sub>i\<^sub>i :: "('a \ 'a llist) \ 'a \ 'a tree\<^sub>i\<^sub>i" and iterates\<^sub>i\<^sub>i :: "('a \ 'a llist) \ 'a llist \ 'a tree\<^sub>i\<^sub>i llist" where - "iterate\<^sub>i\<^sub>i g x = Node\<^sub>i\<^sub>i x (iterates\<^sub>i\<^sub>i g (g x))" | - "iterates\<^sub>i\<^sub>i g xs = + "iterate\<^sub>i\<^sub>i g x = Node\<^sub>i\<^sub>i x (iterates\<^sub>i\<^sub>i g (g x))" + | "iterates\<^sub>i\<^sub>i g xs = (case xs of LNil \ LNil | LCons x xs' \ LCons (iterate\<^sub>i\<^sub>i g x) (iterates\<^sub>i\<^sub>i g xs'))" -text {* +text \ \noindent Coinduction rules are generated as @{thm [source] iterate\<^sub>i\<^sub>i.coinduct}, @@ -2289,36 +2305,36 @@ and analogously for @{text coinduct_strong}. These rules and the underlying corecursors are generated on a per-need basis and are kept in a cache to speed up subsequent definitions. -*} +\ (*<*) end (*>*) -subsubsection {* Constructor View - \label{ssec:primrec-constructor-view} *} +subsubsection \ Constructor View + \label{ssec:primrec-constructor-view} \ (*<*) locale ctr_view begin (*>*) -text {* +text \ The constructor view is similar to the code view, but there is one separate conditional equation per constructor rather than a single unconditional equation. Examples that rely on a single constructor, such as @{const literate} and @{const siterate}, are identical in both styles. Here is an example where there is a difference: -*} - - primcorec lappend :: "'a llist \ 'a llist \ 'a llist" where - "lnull xs \ lnull ys \ lappend xs ys = LNil" | - "_ \ lappend xs ys = LCons (lhd (if lnull xs then ys else xs)) - (if xs = LNil then ltl ys else lappend (ltl xs) ys)" - -text {* +\ + + primcorec lapp :: "'a llist \ 'a llist \ 'a llist" where + "lnull xs \ lnull ys \ lapp xs ys = LNil" + | "_ \ lapp xs ys = LCons (lhd (if lnull xs then ys else xs)) + (if xs = LNil then ltl ys else lapp (ltl xs) ys)" + +text \ \noindent With the constructor view, we must distinguish between the @{const LNil} and the @{const LCons} case. The condition for @{const LCons} is @@ -2327,31 +2343,31 @@ For this example, the constructor view is slightly more involved than the code equation. Recall the code view version presented in Section~\ref{sssec:primcorec-simple-corecursion}. -% TODO: \[{thm code_view.lappend.code}\] +% TODO: \[{thm code_view.lapp.code}\] The constructor view requires us to analyze the second argument (@{term ys}). The code equation generated from the constructor view also suffers from this. -% TODO: \[{thm lappend.code}\] +% TODO: \[{thm lapp.code}\] In contrast, the next example is arguably more naturally expressed in the constructor view: -*} +\ primcorec random_process :: "'a stream \ (int \ int) \ int \ 'a process" where - "n mod 4 = 0 \ random_process s f n = Fail" | - "n mod 4 = 1 \ - random_process s f n = Skip (random_process s f (f n))" | - "n mod 4 = 2 \ - random_process s f n = Action (shd s) (random_process (stl s) f (f n))" | - "n mod 4 = 3 \ + "n mod 4 = 0 \ random_process s f n = Fail" + | "n mod 4 = 1 \ + random_process s f n = Skip (random_process s f (f n))" + | "n mod 4 = 2 \ + random_process s f n = Action (shd s) (random_process (stl s) f (f n))" + | "n mod 4 = 3 \ random_process s f n = Choice (random_process (every_snd s) f (f n)) (random_process (every_snd (stl s)) f (f n))" (*<*) end (*>*) -text {* +text \ \noindent Since there is no sequentiality, we can apply the equation for @{const Choice} without having first to discharge @{term "n mod (4::int) \ 0"}, @@ -2364,42 +2380,42 @@ enable the @{text "sequential"} option. This pushes the problem to the users of the generated properties. %Here are more examples to conclude: -*} - - -subsubsection {* Destructor View - \label{ssec:primrec-destructor-view} *} +\ + + +subsubsection \ Destructor View + \label{ssec:primrec-destructor-view} \ (*<*) locale dtr_view begin (*>*) -text {* +text \ The destructor view is in many respects dual to the constructor view. Conditions determine which constructor to choose, and these conditions are interpreted sequentially or not depending on the @{text "sequential"} option. Consider the following examples: -*} +\ primcorec literate :: "('a \ 'a) \ 'a \ 'a llist" where - "\ lnull (literate _ x)" | - "lhd (literate _ x) = x" | - "ltl (literate g x) = literate g (g x)" - -text {* \blankline *} + "\ lnull (literate _ x)" + | "lhd (literate _ x) = x" + | "ltl (literate g x) = literate g (g x)" + +text \ \blankline \ primcorec siterate :: "('a \ 'a) \ 'a \ 'a stream" where - "shd (siterate _ x) = x" | - "stl (siterate g x) = siterate g (g x)" - -text {* \blankline *} + "shd (siterate _ x) = x" + | "stl (siterate g x) = siterate g (g x)" + +text \ \blankline \ primcorec every_snd :: "'a stream \ 'a stream" where - "shd (every_snd s) = shd s" | - "stl (every_snd s) = stl (stl s)" - -text {* + "shd (every_snd s) = shd s" + | "stl (every_snd s) = stl (stl s)" + +text \ \noindent The first formula in the @{const literate} specification indicates which constructor to choose. For @{const siterate} and @{const every_snd}, no such @@ -2410,19 +2426,19 @@ The next example shows how to specify functions that rely on more than one constructor: -*} - - primcorec lappend :: "'a llist \ 'a llist \ 'a llist" where - "lnull xs \ lnull ys \ lnull (lappend xs ys)" | - "lhd (lappend xs ys) = lhd (if lnull xs then ys else xs)" | - "ltl (lappend xs ys) = (if xs = LNil then ltl ys else lappend (ltl xs) ys)" - -text {* +\ + + primcorec lapp :: "'a llist \ 'a llist \ 'a llist" where + "lnull xs \ lnull ys \ lnull (lapp xs ys)" + | "lhd (lapp xs ys) = lhd (if lnull xs then ys else xs)" + | "ltl (lapp xs ys) = (if xs = LNil then ltl ys else lapp (ltl xs) ys)" + +text \ \noindent For a codatatype with $n$ constructors, it is sufficient to specify $n - 1$ discriminator formulas. The command will then assume that the remaining constructor should be taken otherwise. This can be made explicit by adding -*} +\ (*<*) end @@ -2430,67 +2446,67 @@ locale dtr_view2 begin - primcorec lappend :: "'a llist \ 'a llist \ 'a llist" where - "lnull xs \ lnull ys \ lnull (lappend xs ys)" | - "lhd (lappend xs ys) = lhd (if lnull xs then ys else xs)" | - "ltl (lappend xs ys) = (if xs = LNil then ltl ys else lappend (ltl xs) ys)" | + primcorec lapp :: "'a llist \ 'a llist \ 'a llist" where + "lnull xs \ lnull ys \ lnull (lapp xs ys)" + | "lhd (lapp xs ys) = lhd (if lnull xs then ys else xs)" + | "ltl (lapp xs ys) = (if xs = LNil then ltl ys else lapp (ltl xs) ys)" | (*>*) - "_ \ \ lnull (lappend xs ys)" - -text {* + "_ \ \ lnull (lapp xs ys)" + +text \ \noindent to the specification. The generated selector theorems are conditional. The next example illustrates how to cope with selectors defined for several constructors: -*} +\ primcorec random_process :: "'a stream \ (int \ int) \ int \ 'a process" where - "n mod 4 = 0 \ random_process s f n = Fail" | - "n mod 4 = 1 \ is_Skip (random_process s f n)" | - "n mod 4 = 2 \ is_Action (random_process s f n)" | - "n mod 4 = 3 \ is_Choice (random_process s f n)" | - "cont (random_process s f n) = random_process s f (f n)" of Skip | - "prefix (random_process s f n) = shd s" | - "cont (random_process s f n) = random_process (stl s) f (f n)" of Action | - "left (random_process s f n) = random_process (every_snd s) f (f n)" | - "right (random_process s f n) = random_process (every_snd (stl s)) f (f n)" - -text {* + "n mod 4 = 0 \ random_process s f n = Fail" + | "n mod 4 = 1 \ is_Skip (random_process s f n)" + | "n mod 4 = 2 \ is_Action (random_process s f n)" + | "n mod 4 = 3 \ is_Choice (random_process s f n)" + | "cont (random_process s f n) = random_process s f (f n)" of Skip + | "prefix (random_process s f n) = shd s" + | "cont (random_process s f n) = random_process (stl s) f (f n)" of Action + | "left (random_process s f n) = random_process (every_snd s) f (f n)" + | "right (random_process s f n) = random_process (every_snd (stl s)) f (f n)" + +text \ \noindent Using the @{text "of"} keyword, different equations are specified for @{const cont} depending on which constructor is selected. Here are more examples to conclude: -*} +\ primcorec even_infty :: even_enat and odd_infty :: odd_enat where - "even_infty \ Even_EZero" | - "un_Even_ESucc even_infty = odd_infty" | - "un_Odd_ESucc odd_infty = even_infty" - -text {* \blankline *} + "even_infty \ Even_EZero" + | "un_Even_ESucc even_infty = odd_infty" + | "un_Odd_ESucc odd_infty = even_infty" + +text \ \blankline \ primcorec iterate\<^sub>i\<^sub>i :: "('a \ 'a llist) \ 'a \ 'a tree\<^sub>i\<^sub>i" where - "lbl\<^sub>i\<^sub>i (iterate\<^sub>i\<^sub>i g x) = x" | - "sub\<^sub>i\<^sub>i (iterate\<^sub>i\<^sub>i g x) = lmap (iterate\<^sub>i\<^sub>i g) (g x)" + "lbl\<^sub>i\<^sub>i (iterate\<^sub>i\<^sub>i g x) = x" + | "sub\<^sub>i\<^sub>i (iterate\<^sub>i\<^sub>i g x) = lmap (iterate\<^sub>i\<^sub>i g) (g x)" (*<*) end (*>*) -subsection {* Command Syntax - \label{ssec:primcorec-command-syntax} *} - -subsubsection {* \keyw{primcorec} and \keyw{primcorecursive} - \label{sssec:primcorecursive-and-primcorec} *} - -text {* +subsection \ Command Syntax + \label{ssec:primcorec-command-syntax} \ + +subsubsection \ \keyw{primcorec} and \keyw{primcorecursive} + \label{sssec:primcorecursive-and-primcorec} \ + +text \ \begin{matharray}{rcl} @{command_def "primcorec"} & : & @{text "local_theory \ local_theory"} \\ @{command_def "primcorecursive"} & : & @{text "local_theory \ proof(prove)"} @@ -2548,13 +2564,13 @@ %%% TODO: elaborate on format of the propositions %%% TODO: elaborate on mutual and nested-to-mutual -*} - - -subsection {* Generated Theorems - \label{ssec:primcorec-generated-theorems} *} - -text {* +\ + + +subsection \ Generated Theorems + \label{ssec:primcorec-generated-theorems} \ + +text \ The @{command primcorec} and @{command primcorecursive} commands generate the following properties (listed for @{const literate}): @@ -2645,34 +2661,34 @@ \end{description} \end{indentblock} -*} +\ (* -subsection {* Recursive Default Values for Selectors - \label{ssec:primcorec-recursive-default-values-for-selectors} *} - -text {* +subsection \ Recursive Default Values for Selectors + \label{ssec:primcorec-recursive-default-values-for-selectors} \ + +text \ partial_function to the rescue -*} +\ *) -section {* Registering Bounded Natural Functors - \label{sec:registering-bounded-natural-functors} *} - -text {* +section \ Registering Bounded Natural Functors + \label{sec:registering-bounded-natural-functors} \ + +text \ The (co)datatype package can be set up to allow nested recursion through arbitrary type constructors, as long as they adhere to the BNF requirements and are registered as BNFs. It is also possible to declare a BNF abstractly without specifying its internal structure. -*} - - -subsection {* Bounded Natural Functors - \label{ssec:bounded-natural-functors} *} - -text {* +\ + + +subsection \ Bounded Natural Functors + \label{ssec:bounded-natural-functors} \ + +text \ Bounded natural functors (BNFs) are a semantic criterion for where (co)re\-cur\-sion may appear on the right-hand side of an equation @{cite "traytel-et-al-2012" and "blanchette-et-al-2015-wit"}. @@ -2695,13 +2711,13 @@ Given an $n$-ary BNF, the $n$ type variables associated with set functions, and on which the map function acts, are \emph{live}; any other variables are \emph{dead}. Nested (co)recursion can only take place through live variables. -*} - - -subsection {* Introductory Examples - \label{ssec:bnf-introductory-examples} *} - -text {* +\ + + +subsection \ Introductory Examples + \label{ssec:bnf-introductory-examples} \ + +text \ The example below shows how to register a type as a BNF using the @{command bnf} command. Some of the proof obligations are best viewed with the theory @{file "~~/src/HOL/Library/Cardinal_Notations.thy"} imported. @@ -2709,28 +2725,28 @@ The type is simply a copy of the function space @{typ "'d \ 'a"}, where @{typ 'a} is live and @{typ 'd} is dead. We introduce it together with its map function, set function, and relator. -*} +\ typedef ('d, 'a) fn = "UNIV :: ('d \ 'a) set" by simp -text {* \blankline *} +text \ \blankline \ setup_lifting type_definition_fn -text {* \blankline *} +text \ \blankline \ lift_definition map_fn :: "('a \ 'b) \ ('d, 'a) fn \ ('d, 'b) fn" is "op \" . lift_definition set_fn :: "('d, 'a) fn \ 'a set" is range . -text {* \blankline *} +text \ \blankline \ lift_definition rel_fn :: "('a \ 'b \ bool) \ ('d, 'a) fn \ ('d, 'b) fn \ bool" is "rel_fun (op =)" . -text {* \blankline *} +text \ \blankline \ bnf "('d, 'a) fn" map: map_fn @@ -2785,12 +2801,12 @@ by auto (force, metis prod.collapse) qed -text {* \blankline *} +text \ \blankline \ print_theorems print_bnfs -text {* +text \ \noindent Using \keyw{print_theorems} and @{command print_bnfs}, we can contemplate and show the world what we have achieved. @@ -2798,6 +2814,7 @@ This particular example does not need any nonemptiness witness, because the one generated by default is good enough, but in general this would be necessary. See @{file "~~/src/HOL/Basic_BNFs.thy"}, +@{file "~~/src/HOL/Library/Countable_Set_Type.thy"}, @{file "~~/src/HOL/Library/FSet.thy"}, and @{file "~~/src/HOL/Library/Multiset.thy"} for further examples of BNF registration, some of which feature custom witnesses. @@ -2806,7 +2823,7 @@ type can be done uniformly. This is the task of the @{command lift_bnf} command. Using @{command lift_bnf}, the above registration of @{typ "('d, 'a) fn"} as a BNF becomes much shorter: -*} +\ (*<*) context early @@ -2818,12 +2835,12 @@ end (*>*) -text {* +text \ For type copies (@{command typedef}s with @{term UNIV} as the representing set), the proof obligations are so simple that they can be discharged automatically, yielding another command, @{command copy_bnf}, which does not emit any proof obligations: -*} +\ (*<*) context late @@ -2834,33 +2851,33 @@ end (*>*) -text {* +text \ Since record schemas are type copies, @{command copy_bnf} can be used to register them as BNFs: -*} +\ record 'a point = xval :: 'a yval :: 'a -text {* \blankline *} +text \ \blankline \ copy_bnf ('a, 'z) point_ext -text {* +text \ In the general case, the proof obligations generated by @{command lift_bnf} are simpler than the acual BNF properties. In particular, no cardinality reasoning is required. Consider the following type of nonempty lists: -*} +\ typedef 'a nonempty_list = "{xs :: 'a list. xs \ []}" by auto -text {* +text \ The @{command lift_bnf} command requires us to prove that the set of nonempty lists is closed under the map function and the zip function. The latter only occurs implicitly in the goal, in form of the variable @{term "zs :: ('a \ 'b) list"}. -*} +\ lift_bnf (*<*)(no_warn_wits) (*>*)'a nonempty_list proof - @@ -2875,7 +2892,7 @@ by (cases zs (*<*)rule: list.exhaust(*>*)) auto qed -text {* +text \ The next example declares a BNF axiomatically. This can be convenient for reasoning abstractly about an arbitrary BNF. The @{command bnf_axiomatization} command below introduces a type @{text "('a, 'b, 'c) F"}, three set constants, @@ -2883,24 +2900,24 @@ @{typ 'a}. The type @{text "'a \ ('a, 'b, 'c) F"} of the witness can be read as an implication: Given a witness for @{typ 'a}, we can construct a witness for @{text "('a, 'b, 'c) F"}. The BNF properties are postulated as axioms. -*} +\ bnf_axiomatization (setA: 'a, setB: 'b, setC: 'c) F [wits: "'a \ ('a, 'b, 'c) F"] -text {* \blankline *} +text \ \blankline \ print_theorems print_bnfs -subsection {* Command Syntax - \label{ssec:bnf-command-syntax} *} - -subsubsection {* \keyw{bnf} - \label{sssec:bnf} *} - -text {* +subsection \ Command Syntax + \label{ssec:bnf-command-syntax} \ + +subsubsection \ \keyw{bnf} + \label{sssec:bnf} \ + +text \ \begin{matharray}{rcl} @{command_def "bnf"} & : & @{text "local_theory \ proof(prove)"} \end{matharray} @@ -2928,12 +2945,12 @@ (@{text only}) or disabled (@{text del}). By default, all plugins are enabled. %%% TODO: elaborate on proof obligations -*} - -subsubsection {* \keyw{lift_bnf} - \label{sssec:lift-bnf} *} - -text {* +\ + +subsubsection \ \keyw{lift_bnf} + \label{sssec:lift-bnf} \ + +text \ \begin{matharray}{rcl} @{command_def "lift_bnf"} & : & @{text "local_theory \ proof(prove)"} \end{matharray} @@ -2941,7 +2958,7 @@ @{rail \ @@{command lift_bnf} target? lb_options? \ @{syntax tyargs} name wit_terms? \ - ('via' @{syntax thmref})? @{syntax map_rel}? + ('via' thmref)? @{syntax map_rel}? ; @{syntax_def lb_options}: '(' ((@{syntax plugins} | 'no_warn_wits') + ',') ')' ; @@ -2964,19 +2981,19 @@ witnesses. The command warns about witness types that are present in the raw type's BNF but not supplied by the user. The warning can be disabled by specifying the @{text no_warn_wits} option. -*} - -subsubsection {* \keyw{copy_bnf} - \label{sssec:copy-bnf} *} - -text {* +\ + +subsubsection \ \keyw{copy_bnf} + \label{sssec:copy-bnf} \ + +text \ \begin{matharray}{rcl} @{command_def "copy_bnf"} & : & @{text "local_theory \ local_theory"} \end{matharray} @{rail \ @@{command copy_bnf} target? ('(' @{syntax plugins} ')')? \ - @{syntax tyargs} name ('via' @{syntax thmref})? @{syntax map_rel}? + @{syntax tyargs} name ('via' thmref)? @{syntax map_rel}? \} \medskip @@ -2985,12 +3002,12 @@ for type copies (@{command typedef}s with @{term UNIV} as the representing set), without requiring the user to discharge any proof obligations or provide nonemptiness witnesses. -*} - -subsubsection {* \keyw{bnf_axiomatization} - \label{sssec:bnf-axiomatization} *} - -text {* +\ + +subsubsection \ \keyw{bnf_axiomatization} + \label{sssec:bnf-axiomatization} \ + +text \ \begin{matharray}{rcl} @{command_def "bnf_axiomatization"} & : & @{text "local_theory \ local_theory"} \end{matharray} @@ -3029,13 +3046,13 @@ because there exist BNFs of arbitrary large arities. Applications must import the @{file "~~/src/HOL/Library/BNF_Axiomatization.thy"} theory to use this functionality. -*} - - -subsubsection {* \keyw{print_bnfs} - \label{sssec:print-bnfs} *} - -text {* +\ + + +subsubsection \ \keyw{print_bnfs} + \label{sssec:print-bnfs} \ + +text \ \begin{matharray}{rcl} @{command_def "print_bnfs"} & : & @{text "local_theory \"} \end{matharray} @@ -3043,13 +3060,13 @@ @{rail \ @@{command print_bnfs} \} -*} - - -section {* Deriving Destructors and Theorems for Free Constructors - \label{sec:deriving-destructors-and-theorems-for-free-constructors} *} - -text {* +\ + + +section \ Deriving Destructors and Theorems for Free Constructors + \label{sec:deriving-destructors-and-theorems-for-free-constructors} \ + +text \ The derivation of convenience theorems for types equipped with free constructors, as performed internally by @{command datatype} and @{command codatatype}, is available as a stand-alone command called @{command free_constructors}. @@ -3060,22 +3077,22 @@ % * @{command free_constructors} % * @{text plugins}, @{text discs_sels} % * hack to have both co and nonco view via locale (cf. ext nats) -*} +\ (* -subsection {* Introductory Example - \label{ssec:ctors-introductory-example} *} +subsection \ Introductory Example + \label{ssec:ctors-introductory-example} \ *) -subsection {* Command Syntax - \label{ssec:ctors-command-syntax} *} - -subsubsection {* \keyw{free_constructors} - \label{sssec:free-constructors} *} - -text {* +subsection \ Command Syntax + \label{ssec:ctors-command-syntax} \ + +subsubsection \ \keyw{free_constructors} + \label{sssec:free-constructors} \ + +text \ \begin{matharray}{rcl} @{command_def "free_constructors"} & : & @{text "local_theory \ proof(prove)"} \end{matharray} @@ -3110,23 +3127,102 @@ For bootstrapping reasons, the generally useful @{text "[fundef_cong]"} attribute is not set on the generated @{text case_cong} theorem. It can be added manually using \keyw{declare}. -*} +\ + + +subsubsection \ \keyw{simps_of_case} + \label{sssec:simps-of-case} \ + +text \ +\begin{matharray}{rcl} + @{command_def "simps_of_case"} & : & @{text "local_theory \ local_theory"} +\end{matharray} + +@{rail \ + @@{command simps_of_case} target? (name ':')? \ + (thmref + ) (@'splits' ':' (thmref + ))? +\} + +\medskip + +\noindent +The @{command simps_of_case} command provided by theory +@{file "~~/src/HOL/Library/Simps_Case_Conv.thy"} converts a single equation with +a complex case expression on the right-hand side into a set of pattern-matching +equations. For example, +\ + +(*<*) + context late + begin +(*>*) + simps_of_case lapp_simps: lapp.code + +text \ +\noindent +translates @{thm lapp.code[no_vars]} into +% +\begin{gather*} + @{thm lapp_simps(1)[no_vars]} \\ + @{thm lapp_simps(2)[no_vars]} +\end{gather*} +\ + + +subsubsection \ \keyw{case_of_simps} + \label{sssec:case-of-simps} \ + +text \ +\begin{matharray}{rcl} + @{command_def "case_of_simps"} & : & @{text "local_theory \ local_theory"} +\end{matharray} + +@{rail \ + @@{command case_of_simps} target? (name ':')? \ + (thmref + ) +\} + +\medskip + +\noindent +The \keyw{case_of_simps} command provided by theory +@{file "~~/src/HOL/Library/Simps_Case_Conv.thy"} converts a set of +pattern-matching equations into single equation with a complex case expression +on the right-hand side (cf.\ @{command simps_of_case}). For example, +\ + + case_of_simps lapp_case: lapp_simps + +text \ +\noindent +translates +% +\begin{gather*} + @{thm lapp_simps(1)[no_vars]} \\ + @{thm lapp_simps(2)[no_vars]} +\end{gather*} +% +into @{thm lapp_case[no_vars]}. +\ +(*<*) + end +(*>*) (* -section {* Using the Standard ML Interface - \label{sec:using-the-standard-ml-interface} *} - -text {* +section \ Using the Standard ML Interface + \label{sec:using-the-standard-ml-interface} \ + +text \ The package's programmatic interface. -*} +\ *) -section {* Selecting Plugins - \label{sec:selecting-plugins} *} - -text {* +section \ Selecting Plugins + \label{sec:selecting-plugins} \ + +text \ Plugins extend the (co)datatype package to interoperate with other Isabelle packages and tools, such as the code generator, Transfer, Lifting, and Quickcheck. They can be enabled or disabled individually using the @@ -3134,20 +3230,20 @@ @{command primrec}, @{command codatatype}, @{command primcorec}, @{command primcorecursive}, @{command bnf}, @{command bnf_axiomatization}, and @{command free_constructors}. For example: -*} +\ datatype (plugins del: code "quickcheck") color = Red | Black -text {* +text \ Beyond the standard plugins, the \emph{Archive of Formal Proofs} includes a \keyw{derive} command that derives class instances of datatypes @{cite "sternagel-thiemann-2015"}. -*} - -subsection {* Code Generator - \label{ssec:code-generator} *} - -text {* +\ + +subsection \ Code Generator + \label{ssec:code-generator} \ + +text \ The \hthm{code} plugin registers freely generated types, including (co)datatypes, and (co)recursive functions for code generation. No distinction is made between datatypes and codatatypes. This means that for target languages @@ -3178,13 +3274,13 @@ documented in Sections \ref{ssec:datatype-generated-theorems}, \ref{ssec:primrec-generated-theorems}, \ref{ssec:codatatype-generated-theorems}, and~\ref{ssec:primcorec-generated-theorems}. -*} - - -subsection {* Size - \label{ssec:size} *} - -text {* +\ + + +subsection \ Size + \label{ssec:size} \ + +text \ For each datatype @{text t}, the \hthm{size} plugin generates a generic size function @{text "t.size_t"} as well as a specific instance @{text "size :: t \ nat"} belonging to the @{text size} type class. The @@ -3228,13 +3324,13 @@ the ML function @{ML BNF_LFP_Size.register_size} or @{ML BNF_LFP_Size.register_size_global}. See theory @{file "~~/src/HOL/Library/Multiset.thy"} for an example. -*} - - -subsection {* Transfer - \label{ssec:transfer} *} - -text {* +\ + + +subsection \ Transfer + \label{ssec:transfer} \ + +text \ For each (co)datatype with live type arguments and each manually registered BNF, the \hthm{transfer} plugin generates a predicator @{text "t.pred_t"} and properties that guide the Transfer tool. @@ -3295,13 +3391,13 @@ the plugin implements the generation of the @{text "f.transfer"} property, conditioned by the @{text transfer} option, and sets the @{text "[transfer_rule]"} attribute on these. -*} - - -subsection {* Lifting - \label{ssec:lifting} *} - -text {* +\ + + +subsection \ Lifting + \label{ssec:lifting} \ + +text \ For each (co)datatype and each manually registered BNF with at least one live type argument \emph{and no dead type arguments}, the \hthm{lifting} plugin generates properties and attributes that guide the Lifting tool. @@ -3321,13 +3417,13 @@ variant of the @{text t.rel_eq_onp} property generated by the @{text lifting} plugin, the @{text "[relator_mono]"} attribute on @{text t.rel_mono}, and the @{text "[relator_distr]"} attribute on @{text t.rel_compp}. -*} - - -subsection {* Quickcheck - \label{ssec:quickcheck} *} - -text {* +\ + + +subsection \ Quickcheck + \label{ssec:quickcheck} \ + +text \ The integration of datatypes with Quickcheck is accomplished by the \hthm{quick\-check} plugin. It combines a number of subplugins that instantiate specific type classes. The subplugins can be enabled or disabled individually. @@ -3340,24 +3436,24 @@ \hthm{quickcheck_full_exhaustive} \\ \hthm{quickcheck_narrowing} \end{indentblock} -*} - - -subsection {* Program Extraction - \label{ssec:program-extraction} *} - -text {* +\ + + +subsection \ Program Extraction + \label{ssec:program-extraction} \ + +text \ The \hthm{extraction} plugin provides realizers for induction and case analysis, to enable program extraction from proofs involving datatypes. This functionality is only available with full proof objects, i.e., with the \emph{HOL-Proofs} session. -*} - - -section {* Known Bugs and Limitations - \label{sec:known-bugs-and-limitations} *} - -text {* +\ + + +section \ Known Bugs and Limitations + \label{sec:known-bugs-and-limitations} \ + +text \ This section lists the known bugs and limitations in the (co)datatype package at the time of this writing. Many of them are expected to be addressed in future releases. @@ -3398,10 +3494,10 @@ slightly different ordering of the premises than the old package.} \end{enumerate} -*} - - -text {* +\ + + +text \ \section*{Acknowledgment} Tobias Nipkow and Makarius Wenzel encouraged us to implement the new @@ -3410,12 +3506,14 @@ suggested major simplifications to the internal constructions. Ond\v{r}ej Kun\v{c}ar implemented the @{text transfer} and @{text lifting} plugins. Christian Sternagel and Ren\'e Thiemann ported the \keyw{derive} command -from the \emph{Archive of Formal Proofs} to the new datatypes. Florian Haftmann -and Christian Urban provided general advice on Isabelle and package writing. -Stefan Milius and Lutz Schr\"oder found an elegant proof that eliminated one of -the BNF proof obligations. Mamoun Filali-Amine, Gerwin Klein, Andreas -Lochbihler, Tobias Nipkow, and Christian Sternagel suggested many textual -improvements to this tutorial. -*} +from the \emph{Archive of Formal Proofs} to the new datatypes. Gerwin Klein and +Lars Noschinski implemented the @{command simps_of_case} and @{command +case_of_simps} commands. Florian Haftmann, Christian Urban, and Makarius +Wenzel provided general advice on Isabelle and package writing. Stefan Milius +and Lutz Schr\"oder found an elegant proof that eliminated one of the BNF +proof obligations. Mamoun Filali-Amine, Gerwin Klein, Andreas Lochbihler, +Tobias Nipkow, and Christian Sternagel suggested many textual improvements to +this tutorial. +\ end