1 % |
|
2 \begin{isabellebody}% |
|
3 \def\isabellecontext{Codegen}% |
|
4 % |
|
5 \isadelimtheory |
|
6 \isanewline |
|
7 \isanewline |
|
8 % |
|
9 \endisadelimtheory |
|
10 % |
|
11 \isatagtheory |
|
12 % |
|
13 \endisatagtheory |
|
14 {\isafoldtheory}% |
|
15 % |
|
16 \isadelimtheory |
|
17 % |
|
18 \endisadelimtheory |
|
19 % |
|
20 \isadelimML |
|
21 % |
|
22 \endisadelimML |
|
23 % |
|
24 \isatagML |
|
25 % |
|
26 \endisatagML |
|
27 {\isafoldML}% |
|
28 % |
|
29 \isadelimML |
|
30 % |
|
31 \endisadelimML |
|
32 % |
|
33 \isamarkupchapter{Code generation from Isabelle theories% |
|
34 } |
|
35 \isamarkuptrue% |
|
36 % |
|
37 \isamarkupsection{Introduction% |
|
38 } |
|
39 \isamarkuptrue% |
|
40 % |
|
41 \isamarkupsubsection{Motivation% |
|
42 } |
|
43 \isamarkuptrue% |
|
44 % |
|
45 \begin{isamarkuptext}% |
|
46 Executing formal specifications as programs is a well-established |
|
47 topic in the theorem proving community. With increasing |
|
48 application of theorem proving systems in the area of |
|
49 software development and verification, its relevance manifests |
|
50 for running test cases and rapid prototyping. In logical |
|
51 calculi like constructive type theory, |
|
52 a notion of executability is implicit due to the nature |
|
53 of the calculus. In contrast, specifications in Isabelle |
|
54 can be highly non-executable. In order to bridge |
|
55 the gap between logic and executable specifications, |
|
56 an explicit non-trivial transformation has to be applied: |
|
57 code generation. |
|
58 |
|
59 This tutorial introduces a generic code generator for the |
|
60 Isabelle system \cite{isa-tutorial}. |
|
61 Generic in the sense that the |
|
62 \qn{target language} for which code shall ultimately be |
|
63 generated is not fixed but may be an arbitrary state-of-the-art |
|
64 functional programming language (currently, the implementation |
|
65 supports SML \cite{SML}, OCaml \cite{OCaml} and Haskell |
|
66 \cite{haskell-revised-report}). |
|
67 We aim to provide a |
|
68 versatile environment |
|
69 suitable for software development and verification, |
|
70 structuring the process |
|
71 of code generation into a small set of orthogonal principles |
|
72 while achieving a big coverage of application areas |
|
73 with maximum flexibility. |
|
74 |
|
75 Conceptually the code generator framework is part |
|
76 of Isabelle's \isa{Pure} meta logic; the object logic |
|
77 \isa{HOL} which is an extension of \isa{Pure} |
|
78 already comes with a reasonable framework setup and thus provides |
|
79 a good working horse for raising code-generation-driven |
|
80 applications. So, we assume some familiarity and experience |
|
81 with the ingredients of the \isa{HOL} \emph{Main} theory |
|
82 (see also \cite{isa-tutorial}).% |
|
83 \end{isamarkuptext}% |
|
84 \isamarkuptrue% |
|
85 % |
|
86 \isamarkupsubsection{Overview% |
|
87 } |
|
88 \isamarkuptrue% |
|
89 % |
|
90 \begin{isamarkuptext}% |
|
91 The code generator aims to be usable with no further ado |
|
92 in most cases while allowing for detailed customization. |
|
93 This manifests in the structure of this tutorial: |
|
94 we start with a generic example \secref{sec:example} |
|
95 and introduce code generation concepts \secref{sec:concept}. |
|
96 Section |
|
97 \secref{sec:basics} explains how to use the framework naively, |
|
98 presuming a reasonable default setup. Then, section |
|
99 \secref{sec:advanced} deals with advanced topics, |
|
100 introducing further aspects of the code generator framework |
|
101 in a motivation-driven manner. Last, section \secref{sec:ml} |
|
102 introduces the framework's internal programming interfaces. |
|
103 |
|
104 \begin{warn} |
|
105 Ultimately, the code generator which this tutorial deals with |
|
106 is supposed to replace the already established code generator |
|
107 by Stefan Berghofer \cite{Berghofer-Nipkow:2002}. |
|
108 So, for the moment, there are two distinct code generators |
|
109 in Isabelle. |
|
110 Also note that while the framework itself is |
|
111 object-logic independent, only \isa{HOL} provides a reasonable |
|
112 framework setup. |
|
113 \end{warn}% |
|
114 \end{isamarkuptext}% |
|
115 \isamarkuptrue% |
|
116 % |
|
117 \isamarkupsection{An example: a simple theory of search trees \label{sec:example}% |
|
118 } |
|
119 \isamarkuptrue% |
|
120 % |
|
121 \begin{isamarkuptext}% |
|
122 When writing executable specifications using \isa{HOL}, |
|
123 it is convenient to use |
|
124 three existing packages: the datatype package for defining |
|
125 datatypes, the function package for (recursive) functions, |
|
126 and the class package for overloaded definitions. |
|
127 |
|
128 We develope a small theory of search trees; trees are represented |
|
129 as a datatype with key type \isa{{\isacharprime}a} and value type \isa{{\isacharprime}b}:% |
|
130 \end{isamarkuptext}% |
|
131 \isamarkuptrue% |
|
132 \isacommand{datatype}\isamarkupfalse% |
|
133 \ {\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree\ {\isacharequal}\ Leaf\ {\isachardoublequoteopen}{\isacharprime}a{\isasymColon}linorder{\isachardoublequoteclose}\ {\isacharprime}b\isanewline |
|
134 \ \ {\isacharbar}\ Branch\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree{\isachardoublequoteclose}\ {\isachardoublequoteopen}{\isacharprime}a{\isachardoublequoteclose}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree{\isachardoublequoteclose}% |
|
135 \begin{isamarkuptext}% |
|
136 \noindent Note that we have constrained the type of keys |
|
137 to the class of total orders, \isa{linorder}. |
|
138 |
|
139 We define \isa{find} and \isa{update} functions:% |
|
140 \end{isamarkuptext}% |
|
141 \isamarkuptrue% |
|
142 \isacommand{primrec}\isamarkupfalse% |
|
143 \isanewline |
|
144 \ \ find\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}a{\isasymColon}linorder{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}b\ option{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
145 \ \ {\isachardoublequoteopen}find\ {\isacharparenleft}Leaf\ key\ val{\isacharparenright}\ it\ {\isacharequal}\ {\isacharparenleft}if\ it\ {\isacharequal}\ key\ then\ Some\ val\ else\ None{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
146 \ \ {\isacharbar}\ {\isachardoublequoteopen}find\ {\isacharparenleft}Branch\ t{\isadigit{1}}\ key\ t{\isadigit{2}}{\isacharparenright}\ it\ {\isacharequal}\ {\isacharparenleft}if\ it\ {\isasymle}\ key\ then\ find\ t{\isadigit{1}}\ it\ else\ find\ t{\isadigit{2}}\ it{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
147 \isanewline |
|
148 \isacommand{fun}\isamarkupfalse% |
|
149 \isanewline |
|
150 \ \ update\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a{\isasymColon}linorder\ {\isasymtimes}\ {\isacharprime}b\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ searchtree{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
151 \ \ {\isachardoublequoteopen}update\ {\isacharparenleft}it{\isacharcomma}\ entry{\isacharparenright}\ {\isacharparenleft}Leaf\ key\ val{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}\isanewline |
|
152 \ \ \ \ if\ it\ {\isacharequal}\ key\ then\ Leaf\ key\ entry\isanewline |
|
153 \ \ \ \ \ \ else\ if\ it\ {\isasymle}\ key\isanewline |
|
154 \ \ \ \ \ \ then\ Branch\ {\isacharparenleft}Leaf\ it\ entry{\isacharparenright}\ it\ {\isacharparenleft}Leaf\ key\ val{\isacharparenright}\isanewline |
|
155 \ \ \ \ \ \ else\ Branch\ {\isacharparenleft}Leaf\ key\ val{\isacharparenright}\ it\ {\isacharparenleft}Leaf\ it\ entry{\isacharparenright}\isanewline |
|
156 \ \ \ {\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
157 \ \ {\isacharbar}\ {\isachardoublequoteopen}update\ {\isacharparenleft}it{\isacharcomma}\ entry{\isacharparenright}\ {\isacharparenleft}Branch\ t{\isadigit{1}}\ key\ t{\isadigit{2}}{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}\isanewline |
|
158 \ \ \ \ if\ it\ {\isasymle}\ key\isanewline |
|
159 \ \ \ \ \ \ then\ {\isacharparenleft}Branch\ {\isacharparenleft}update\ {\isacharparenleft}it{\isacharcomma}\ entry{\isacharparenright}\ t{\isadigit{1}}{\isacharparenright}\ key\ t{\isadigit{2}}{\isacharparenright}\isanewline |
|
160 \ \ \ \ \ \ else\ {\isacharparenleft}Branch\ t{\isadigit{1}}\ key\ {\isacharparenleft}update\ {\isacharparenleft}it{\isacharcomma}\ entry{\isacharparenright}\ t{\isadigit{2}}{\isacharparenright}{\isacharparenright}\isanewline |
|
161 \ \ \ {\isacharparenright}{\isachardoublequoteclose}% |
|
162 \begin{isamarkuptext}% |
|
163 \noindent For testing purpose, we define a small example |
|
164 using natural numbers \isa{nat} (which are a \isa{linorder}) |
|
165 as keys and list of nats as values:% |
|
166 \end{isamarkuptext}% |
|
167 \isamarkuptrue% |
|
168 \isacommand{definition}\isamarkupfalse% |
|
169 \isanewline |
|
170 \ \ example\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}nat{\isacharcomma}\ nat\ list{\isacharparenright}\ searchtree{\isachardoublequoteclose}\isanewline |
|
171 \isakeyword{where}\isanewline |
|
172 \ \ {\isachardoublequoteopen}example\ {\isacharequal}\ update\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isacharcomma}\ {\isacharbrackleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharbrackright}{\isacharparenright}\ {\isacharparenleft}update\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharparenright}{\isacharcomma}\ {\isacharbrackleft}Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharparenright}{\isacharbrackright}{\isacharparenright}\isanewline |
|
173 \ \ \ \ {\isacharparenleft}update\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ {\isacharbrackleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharbrackright}{\isacharparenright}\ {\isacharparenleft}Leaf\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}% |
|
174 \begin{isamarkuptext}% |
|
175 \noindent Then we generate code% |
|
176 \end{isamarkuptext}% |
|
177 \isamarkuptrue% |
|
178 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
179 \ example\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}tree{\isachardot}ML{\isachardoublequoteclose}% |
|
180 \begin{isamarkuptext}% |
|
181 \noindent which looks like: |
|
182 \lstsml{Thy/examples/tree.ML}% |
|
183 \end{isamarkuptext}% |
|
184 \isamarkuptrue% |
|
185 % |
|
186 \isamarkupsection{Code generation concepts and process \label{sec:concept}% |
|
187 } |
|
188 \isamarkuptrue% |
|
189 % |
|
190 \begin{isamarkuptext}% |
|
191 \begin{figure}[h] |
|
192 \centering |
|
193 \includegraphics[width=0.7\textwidth]{codegen_process} |
|
194 \caption{code generator -- processing overview} |
|
195 \label{fig:process} |
|
196 \end{figure} |
|
197 |
|
198 The code generator employs a notion of executability |
|
199 for three foundational executable ingredients known |
|
200 from functional programming: |
|
201 \emph{defining equations}, \emph{datatypes}, and |
|
202 \emph{type classes}. A defining equation as a first approximation |
|
203 is a theorem of the form \isa{f\ t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}\ {\isasymdots}\ t\isactrlisub n\ {\isasymequiv}\ t} |
|
204 (an equation headed by a constant \isa{f} with arguments |
|
205 \isa{t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}\ {\isasymdots}\ t\isactrlisub n} and right hand side \isa{t}). |
|
206 Code generation aims to turn defining equations |
|
207 into a functional program by running through |
|
208 a process (see figure \ref{fig:process}): |
|
209 |
|
210 \begin{itemize} |
|
211 |
|
212 \item Out of the vast collection of theorems proven in a |
|
213 \qn{theory}, a reasonable subset modeling |
|
214 defining equations is \qn{selected}. |
|
215 |
|
216 \item On those selected theorems, certain |
|
217 transformations are carried out |
|
218 (\qn{preprocessing}). Their purpose is to turn theorems |
|
219 representing non- or badly executable |
|
220 specifications into equivalent but executable counterparts. |
|
221 The result is a structured collection of \qn{code theorems}. |
|
222 |
|
223 \item These \qn{code theorems} then are \qn{translated} |
|
224 into an Haskell-like intermediate |
|
225 language. |
|
226 |
|
227 \item Finally, out of the intermediate language the final |
|
228 code in the desired \qn{target language} is \qn{serialized}. |
|
229 |
|
230 \end{itemize} |
|
231 |
|
232 From these steps, only the two last are carried out |
|
233 outside the logic; by keeping this layer as |
|
234 thin as possible, the amount of code to trust is |
|
235 kept to a minimum.% |
|
236 \end{isamarkuptext}% |
|
237 \isamarkuptrue% |
|
238 % |
|
239 \isamarkupsection{Basics \label{sec:basics}% |
|
240 } |
|
241 \isamarkuptrue% |
|
242 % |
|
243 \isamarkupsubsection{Invoking the code generator% |
|
244 } |
|
245 \isamarkuptrue% |
|
246 % |
|
247 \begin{isamarkuptext}% |
|
248 Thanks to a reasonable setup of the \isa{HOL} theories, in |
|
249 most cases code generation proceeds without further ado:% |
|
250 \end{isamarkuptext}% |
|
251 \isamarkuptrue% |
|
252 \isacommand{primrec}\isamarkupfalse% |
|
253 \isanewline |
|
254 \ \ fac\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
255 \ \ \ \ {\isachardoublequoteopen}fac\ {\isadigit{0}}\ {\isacharequal}\ {\isadigit{1}}{\isachardoublequoteclose}\isanewline |
|
256 \ \ {\isacharbar}\ {\isachardoublequoteopen}fac\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharequal}\ Suc\ n\ {\isacharasterisk}\ fac\ n{\isachardoublequoteclose}% |
|
257 \begin{isamarkuptext}% |
|
258 \noindent This executable specification is now turned to SML code:% |
|
259 \end{isamarkuptext}% |
|
260 \isamarkuptrue% |
|
261 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
262 \ fac\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}fac{\isachardot}ML{\isachardoublequoteclose}% |
|
263 \begin{isamarkuptext}% |
|
264 \noindent The \isa{{\isasymEXPORTCODE}} command takes a space-separated list of |
|
265 constants together with \qn{serialization directives} |
|
266 These start with a \qn{target language} |
|
267 identifier, followed by a file specification |
|
268 where to write the generated code to. |
|
269 |
|
270 Internally, the defining equations for all selected |
|
271 constants are taken, including any transitively required |
|
272 constants, datatypes and classes, resulting in the following |
|
273 code: |
|
274 |
|
275 \lstsml{Thy/examples/fac.ML} |
|
276 |
|
277 The code generator will complain when a required |
|
278 ingredient does not provide a executable counterpart, |
|
279 e.g.~generating code |
|
280 for constants not yielding |
|
281 a defining equation (e.g.~the Hilbert choice |
|
282 operation \isa{SOME}):% |
|
283 \end{isamarkuptext}% |
|
284 \isamarkuptrue% |
|
285 % |
|
286 \isadelimML |
|
287 % |
|
288 \endisadelimML |
|
289 % |
|
290 \isatagML |
|
291 % |
|
292 \endisatagML |
|
293 {\isafoldML}% |
|
294 % |
|
295 \isadelimML |
|
296 % |
|
297 \endisadelimML |
|
298 \isacommand{definition}\isamarkupfalse% |
|
299 \isanewline |
|
300 \ \ pick{\isacharunderscore}some\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
301 \ \ {\isachardoublequoteopen}pick{\isacharunderscore}some\ xs\ {\isacharequal}\ {\isacharparenleft}SOME\ x{\isachardot}\ x\ {\isasymin}\ set\ xs{\isacharparenright}{\isachardoublequoteclose}% |
|
302 \isadelimML |
|
303 % |
|
304 \endisadelimML |
|
305 % |
|
306 \isatagML |
|
307 % |
|
308 \endisatagML |
|
309 {\isafoldML}% |
|
310 % |
|
311 \isadelimML |
|
312 % |
|
313 \endisadelimML |
|
314 \isanewline |
|
315 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
316 \ pick{\isacharunderscore}some\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}fail{\isacharunderscore}const{\isachardot}ML{\isachardoublequoteclose}% |
|
317 \begin{isamarkuptext}% |
|
318 \noindent will fail.% |
|
319 \end{isamarkuptext}% |
|
320 \isamarkuptrue% |
|
321 % |
|
322 \isamarkupsubsection{Theorem selection% |
|
323 } |
|
324 \isamarkuptrue% |
|
325 % |
|
326 \begin{isamarkuptext}% |
|
327 The list of all defining equations in a theory may be inspected |
|
328 using the \isa{{\isasymPRINTCODESETUP}} command:% |
|
329 \end{isamarkuptext}% |
|
330 \isamarkuptrue% |
|
331 \isacommand{print{\isacharunderscore}codesetup}\isamarkupfalse% |
|
332 % |
|
333 \begin{isamarkuptext}% |
|
334 \noindent which displays a table of constant with corresponding |
|
335 defining equations (the additional stuff displayed |
|
336 shall not bother us for the moment). |
|
337 |
|
338 The typical \isa{HOL} tools are already set up in a way that |
|
339 function definitions introduced by \isa{{\isasymDEFINITION}}, |
|
340 \isa{{\isasymPRIMREC}}, \isa{{\isasymFUN}}, |
|
341 \isa{{\isasymFUNCTION}}, \isa{{\isasymCONSTDEFS}}, |
|
342 \isa{{\isasymRECDEF}} are implicitly propagated |
|
343 to this defining equation table. Specific theorems may be |
|
344 selected using an attribute: \emph{code func}. As example, |
|
345 a weight selector function:% |
|
346 \end{isamarkuptext}% |
|
347 \isamarkuptrue% |
|
348 \isacommand{primrec}\isamarkupfalse% |
|
349 \isanewline |
|
350 \ \ pick\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}nat\ {\isasymtimes}\ {\isacharprime}a{\isacharparenright}\ list\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
351 \ \ {\isachardoublequoteopen}pick\ {\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ n\ {\isacharequal}\ {\isacharparenleft}let\ {\isacharparenleft}k{\isacharcomma}\ v{\isacharparenright}\ {\isacharequal}\ x\ in\isanewline |
|
352 \ \ \ \ if\ n\ {\isacharless}\ k\ then\ v\ else\ pick\ xs\ {\isacharparenleft}n\ {\isacharminus}\ k{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}% |
|
353 \begin{isamarkuptext}% |
|
354 \noindent We want to eliminate the explicit destruction |
|
355 of \isa{x} to \isa{{\isacharparenleft}k{\isacharcomma}\ v{\isacharparenright}}:% |
|
356 \end{isamarkuptext}% |
|
357 \isamarkuptrue% |
|
358 \isacommand{lemma}\isamarkupfalse% |
|
359 \ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
360 \ \ {\isachardoublequoteopen}pick\ {\isacharparenleft}{\isacharparenleft}k{\isacharcomma}\ v{\isacharparenright}{\isacharhash}xs{\isacharparenright}\ n\ {\isacharequal}\ {\isacharparenleft}if\ n\ {\isacharless}\ k\ then\ v\ else\ pick\ xs\ {\isacharparenleft}n\ {\isacharminus}\ k{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
361 % |
|
362 \isadelimproof |
|
363 \ \ % |
|
364 \endisadelimproof |
|
365 % |
|
366 \isatagproof |
|
367 \isacommand{by}\isamarkupfalse% |
|
368 \ simp% |
|
369 \endisatagproof |
|
370 {\isafoldproof}% |
|
371 % |
|
372 \isadelimproof |
|
373 \isanewline |
|
374 % |
|
375 \endisadelimproof |
|
376 \isanewline |
|
377 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
378 \ pick\ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}pick{\isadigit{1}}{\isachardot}ML{\isachardoublequoteclose}% |
|
379 \begin{isamarkuptext}% |
|
380 \noindent This theorem now is used for generating code: |
|
381 |
|
382 \lstsml{Thy/examples/pick1.ML} |
|
383 |
|
384 \noindent The policy is that \emph{default equations} stemming from |
|
385 \isa{{\isasymDEFINITION}}, |
|
386 \isa{{\isasymPRIMREC}}, \isa{{\isasymFUN}}, |
|
387 \isa{{\isasymFUNCTION}}, \isa{{\isasymCONSTDEFS}}, |
|
388 \isa{{\isasymRECDEF}} statements are discarded as soon as an |
|
389 equation is explicitly selected by means of \emph{code func}. |
|
390 Further applications of \emph{code func} add theorems incrementally, |
|
391 but syntactic redundancies are implicitly dropped. For example, |
|
392 using a modified version of the \isa{fac} function |
|
393 as defining equation, the then redundant (since |
|
394 syntactically subsumed) original defining equations |
|
395 are dropped. |
|
396 |
|
397 \begin{warn} |
|
398 The attributes \emph{code} and \emph{code del} |
|
399 associated with the existing code generator also apply to |
|
400 the new one: \emph{code} implies \emph{code func}, |
|
401 and \emph{code del} implies \emph{code func del}. |
|
402 \end{warn}% |
|
403 \end{isamarkuptext}% |
|
404 \isamarkuptrue% |
|
405 % |
|
406 \isamarkupsubsection{Type classes% |
|
407 } |
|
408 \isamarkuptrue% |
|
409 % |
|
410 \begin{isamarkuptext}% |
|
411 Type classes enter the game via the Isar class package. |
|
412 For a short introduction how to use it, see \cite{isabelle-classes}; |
|
413 here we just illustrate its impact on code generation. |
|
414 |
|
415 In a target language, type classes may be represented |
|
416 natively (as in the case of Haskell). For languages |
|
417 like SML, they are implemented using \emph{dictionaries}. |
|
418 Our following example specifies a class \qt{null}, |
|
419 assigning to each of its inhabitants a \qt{null} value:% |
|
420 \end{isamarkuptext}% |
|
421 \isamarkuptrue% |
|
422 \isacommand{class}\isamarkupfalse% |
|
423 \ null\ {\isacharequal}\ type\ {\isacharplus}\isanewline |
|
424 \ \ \isakeyword{fixes}\ null\ {\isacharcolon}{\isacharcolon}\ {\isacharprime}a\isanewline |
|
425 \isanewline |
|
426 \isacommand{primrec}\isamarkupfalse% |
|
427 \isanewline |
|
428 \ \ head\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a{\isasymColon}null\ list\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
429 \ \ {\isachardoublequoteopen}head\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ null{\isachardoublequoteclose}\isanewline |
|
430 \ \ {\isacharbar}\ {\isachardoublequoteopen}head\ {\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ {\isacharequal}\ x{\isachardoublequoteclose}% |
|
431 \begin{isamarkuptext}% |
|
432 \noindent We provide some instances for our \isa{null}:% |
|
433 \end{isamarkuptext}% |
|
434 \isamarkuptrue% |
|
435 \isacommand{instantiation}\isamarkupfalse% |
|
436 \ option\ \isakeyword{and}\ list\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}type{\isacharparenright}\ null\isanewline |
|
437 \isakeyword{begin}\isanewline |
|
438 \isanewline |
|
439 \isacommand{definition}\isamarkupfalse% |
|
440 \isanewline |
|
441 \ \ {\isachardoublequoteopen}null\ {\isacharequal}\ None{\isachardoublequoteclose}\isanewline |
|
442 \isanewline |
|
443 \isacommand{definition}\isamarkupfalse% |
|
444 \isanewline |
|
445 \ \ {\isachardoublequoteopen}null\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}{\isachardoublequoteclose}\isanewline |
|
446 \isanewline |
|
447 \isacommand{instance}\isamarkupfalse% |
|
448 % |
|
449 \isadelimproof |
|
450 \ % |
|
451 \endisadelimproof |
|
452 % |
|
453 \isatagproof |
|
454 \isacommand{{\isachardot}{\isachardot}}\isamarkupfalse% |
|
455 % |
|
456 \endisatagproof |
|
457 {\isafoldproof}% |
|
458 % |
|
459 \isadelimproof |
|
460 % |
|
461 \endisadelimproof |
|
462 \isanewline |
|
463 \isanewline |
|
464 \isacommand{end}\isamarkupfalse% |
|
465 % |
|
466 \begin{isamarkuptext}% |
|
467 \noindent Constructing a dummy example:% |
|
468 \end{isamarkuptext}% |
|
469 \isamarkuptrue% |
|
470 \isacommand{definition}\isamarkupfalse% |
|
471 \isanewline |
|
472 \ \ {\isachardoublequoteopen}dummy\ {\isacharequal}\ head\ {\isacharbrackleft}Some\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ None{\isacharbrackright}{\isachardoublequoteclose}% |
|
473 \begin{isamarkuptext}% |
|
474 Type classes offer a suitable occasion to introduce |
|
475 the Haskell serializer. Its usage is almost the same |
|
476 as SML, but, in accordance with conventions |
|
477 some Haskell systems enforce, each module ends |
|
478 up in a single file. The module hierarchy is reflected in |
|
479 the file system, with root directory given as file specification.% |
|
480 \end{isamarkuptext}% |
|
481 \isamarkuptrue% |
|
482 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
483 \ dummy\ \isakeyword{in}\ Haskell\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}{\isachardoublequoteclose}% |
|
484 \begin{isamarkuptext}% |
|
485 \lsthaskell{Thy/examples/Codegen.hs} |
|
486 \noindent (we have left out all other modules). |
|
487 |
|
488 \medskip |
|
489 |
|
490 The whole code in SML with explicit dictionary passing:% |
|
491 \end{isamarkuptext}% |
|
492 \isamarkuptrue% |
|
493 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
494 \ dummy\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}class{\isachardot}ML{\isachardoublequoteclose}% |
|
495 \begin{isamarkuptext}% |
|
496 \lstsml{Thy/examples/class.ML} |
|
497 |
|
498 \medskip |
|
499 |
|
500 \noindent or in OCaml:% |
|
501 \end{isamarkuptext}% |
|
502 \isamarkuptrue% |
|
503 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
504 \ dummy\ \isakeyword{in}\ OCaml\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}class{\isachardot}ocaml{\isachardoublequoteclose}% |
|
505 \begin{isamarkuptext}% |
|
506 \lstsml{Thy/examples/class.ocaml} |
|
507 |
|
508 \medskip The explicit association of constants |
|
509 to classes can be inspected using the \isa{{\isasymPRINTCLASSES}} |
|
510 command.% |
|
511 \end{isamarkuptext}% |
|
512 \isamarkuptrue% |
|
513 % |
|
514 \isamarkupsection{Recipes and advanced topics \label{sec:advanced}% |
|
515 } |
|
516 \isamarkuptrue% |
|
517 % |
|
518 \begin{isamarkuptext}% |
|
519 In this tutorial, we do not attempt to give an exhaustive |
|
520 description of the code generator framework; instead, |
|
521 we cast a light on advanced topics by introducing |
|
522 them together with practically motivated examples. Concerning |
|
523 further reading, see |
|
524 |
|
525 \begin{itemize} |
|
526 |
|
527 \item the Isabelle/Isar Reference Manual \cite{isabelle-isar-ref} |
|
528 for exhaustive syntax diagrams. |
|
529 \item or \cite{Haftmann-Nipkow:2007:codegen} which deals with foundational issues |
|
530 of the code generator framework. |
|
531 |
|
532 \end{itemize}% |
|
533 \end{isamarkuptext}% |
|
534 \isamarkuptrue% |
|
535 % |
|
536 \isamarkupsubsection{Library theories \label{sec:library}% |
|
537 } |
|
538 \isamarkuptrue% |
|
539 % |
|
540 \begin{isamarkuptext}% |
|
541 The \isa{HOL} \isa{Main} theory already provides a code |
|
542 generator setup |
|
543 which should be suitable for most applications. Common extensions |
|
544 and modifications are available by certain theories of the \isa{HOL} |
|
545 library; beside being useful in applications, they may serve |
|
546 as a tutorial for customizing the code generator setup. |
|
547 |
|
548 \begin{description} |
|
549 |
|
550 \item[\isa{Code{\isacharunderscore}Integer}] represents \isa{HOL} integers by big |
|
551 integer literals in target languages. |
|
552 \item[\isa{Code{\isacharunderscore}Char}] represents \isa{HOL} characters by |
|
553 character literals in target languages. |
|
554 \item[\isa{Code{\isacharunderscore}Char{\isacharunderscore}chr}] like \isa{Code{\isacharunderscore}Char}, |
|
555 but also offers treatment of character codes; includes |
|
556 \isa{Code{\isacharunderscore}Integer}. |
|
557 \item[\isa{Efficient{\isacharunderscore}Nat}] \label{eff_nat} implements natural numbers by integers, |
|
558 which in general will result in higher efficency; pattern |
|
559 matching with \isa{{\isadigit{0}}} / \isa{Suc} |
|
560 is eliminated; includes \isa{Code{\isacharunderscore}Integer}. |
|
561 \item[\isa{Code{\isacharunderscore}Index}] provides an additional datatype |
|
562 \isa{index} which is mapped to target-language built-in integers. |
|
563 Useful for code setups which involve e.g. indexing of |
|
564 target-language arrays. |
|
565 \item[\isa{Code{\isacharunderscore}Message}] provides an additional datatype |
|
566 \isa{message{\isacharunderscore}string} which is isomorphic to strings; |
|
567 \isa{message{\isacharunderscore}string}s are mapped to target-language strings. |
|
568 Useful for code setups which involve e.g. printing (error) messages. |
|
569 |
|
570 \end{description} |
|
571 |
|
572 \begin{warn} |
|
573 When importing any of these theories, they should form the last |
|
574 items in an import list. Since these theories adapt the |
|
575 code generator setup in a non-conservative fashion, |
|
576 strange effects may occur otherwise. |
|
577 \end{warn}% |
|
578 \end{isamarkuptext}% |
|
579 \isamarkuptrue% |
|
580 % |
|
581 \isamarkupsubsection{Preprocessing% |
|
582 } |
|
583 \isamarkuptrue% |
|
584 % |
|
585 \begin{isamarkuptext}% |
|
586 Before selected function theorems are turned into abstract |
|
587 code, a chain of definitional transformation steps is carried |
|
588 out: \emph{preprocessing}. In essence, the preprocessor |
|
589 consists of two components: a \emph{simpset} and \emph{function transformers}. |
|
590 |
|
591 The \emph{simpset} allows to employ the full generality of the Isabelle |
|
592 simplifier. Due to the interpretation of theorems |
|
593 as defining equations, rewrites are applied to the right |
|
594 hand side and the arguments of the left hand side of an |
|
595 equation, but never to the constant heading the left hand side. |
|
596 An important special case are \emph{inline theorems} which may be |
|
597 declared an undeclared using the |
|
598 \emph{code inline} or \emph{code inline del} attribute respectively. |
|
599 Some common applications:% |
|
600 \end{isamarkuptext}% |
|
601 \isamarkuptrue% |
|
602 % |
|
603 \begin{itemize} |
|
604 % |
|
605 \begin{isamarkuptext}% |
|
606 \item replacing non-executable constructs by executable ones:% |
|
607 \end{isamarkuptext}% |
|
608 \isamarkuptrue% |
|
609 \ \ \isacommand{lemma}\isamarkupfalse% |
|
610 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline |
|
611 \ \ \ \ {\isachardoublequoteopen}x\ {\isasymin}\ set\ xs\ {\isasymlongleftrightarrow}\ x\ mem\ xs{\isachardoublequoteclose}% |
|
612 \isadelimproof |
|
613 \ % |
|
614 \endisadelimproof |
|
615 % |
|
616 \isatagproof |
|
617 \isacommand{by}\isamarkupfalse% |
|
618 \ {\isacharparenleft}induct\ xs{\isacharparenright}\ simp{\isacharunderscore}all% |
|
619 \endisatagproof |
|
620 {\isafoldproof}% |
|
621 % |
|
622 \isadelimproof |
|
623 % |
|
624 \endisadelimproof |
|
625 % |
|
626 \begin{isamarkuptext}% |
|
627 \item eliminating superfluous constants:% |
|
628 \end{isamarkuptext}% |
|
629 \isamarkuptrue% |
|
630 \ \ \isacommand{lemma}\isamarkupfalse% |
|
631 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline |
|
632 \ \ \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharequal}\ Suc\ {\isadigit{0}}{\isachardoublequoteclose}% |
|
633 \isadelimproof |
|
634 \ % |
|
635 \endisadelimproof |
|
636 % |
|
637 \isatagproof |
|
638 \isacommand{by}\isamarkupfalse% |
|
639 \ simp% |
|
640 \endisatagproof |
|
641 {\isafoldproof}% |
|
642 % |
|
643 \isadelimproof |
|
644 % |
|
645 \endisadelimproof |
|
646 % |
|
647 \begin{isamarkuptext}% |
|
648 \item replacing executable but inconvenient constructs:% |
|
649 \end{isamarkuptext}% |
|
650 \isamarkuptrue% |
|
651 \ \ \isacommand{lemma}\isamarkupfalse% |
|
652 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline |
|
653 \ \ \ \ {\isachardoublequoteopen}xs\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}\ {\isasymlongleftrightarrow}\ List{\isachardot}null\ xs{\isachardoublequoteclose}% |
|
654 \isadelimproof |
|
655 \ % |
|
656 \endisadelimproof |
|
657 % |
|
658 \isatagproof |
|
659 \isacommand{by}\isamarkupfalse% |
|
660 \ {\isacharparenleft}induct\ xs{\isacharparenright}\ simp{\isacharunderscore}all% |
|
661 \endisatagproof |
|
662 {\isafoldproof}% |
|
663 % |
|
664 \isadelimproof |
|
665 % |
|
666 \endisadelimproof |
|
667 % |
|
668 \end{itemize} |
|
669 % |
|
670 \begin{isamarkuptext}% |
|
671 \emph{Function transformers} provide a very general interface, |
|
672 transforming a list of function theorems to another |
|
673 list of function theorems, provided that neither the heading |
|
674 constant nor its type change. The \isa{{\isadigit{0}}} / \isa{Suc} |
|
675 pattern elimination implemented in |
|
676 theory \isa{Efficient{\isacharunderscore}Nat} (see \secref{eff_nat}) uses this |
|
677 interface. |
|
678 |
|
679 \noindent The current setup of the preprocessor may be inspected using |
|
680 the \isa{{\isasymPRINTCODESETUP}} command. |
|
681 |
|
682 \begin{warn} |
|
683 The attribute \emph{code unfold} |
|
684 associated with the existing code generator also applies to |
|
685 the new one: \emph{code unfold} implies \emph{code inline}. |
|
686 \end{warn}% |
|
687 \end{isamarkuptext}% |
|
688 \isamarkuptrue% |
|
689 % |
|
690 \isamarkupsubsection{Concerning operational equality% |
|
691 } |
|
692 \isamarkuptrue% |
|
693 % |
|
694 \begin{isamarkuptext}% |
|
695 Surely you have already noticed how equality is treated |
|
696 by the code generator:% |
|
697 \end{isamarkuptext}% |
|
698 \isamarkuptrue% |
|
699 \isacommand{primrec}\isamarkupfalse% |
|
700 \isanewline |
|
701 \ \ collect{\isacharunderscore}duplicates\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
702 \ \ \ \ {\isachardoublequoteopen}collect{\isacharunderscore}duplicates\ xs\ ys\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ xs{\isachardoublequoteclose}\isanewline |
|
703 \ \ {\isacharbar}\ {\isachardoublequoteopen}collect{\isacharunderscore}duplicates\ xs\ ys\ {\isacharparenleft}z{\isacharhash}zs{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}if\ z\ {\isasymin}\ set\ xs\isanewline |
|
704 \ \ \ \ \ \ then\ if\ z\ {\isasymin}\ set\ ys\isanewline |
|
705 \ \ \ \ \ \ \ \ then\ collect{\isacharunderscore}duplicates\ xs\ ys\ zs\isanewline |
|
706 \ \ \ \ \ \ \ \ else\ collect{\isacharunderscore}duplicates\ xs\ {\isacharparenleft}z{\isacharhash}ys{\isacharparenright}\ zs\isanewline |
|
707 \ \ \ \ \ \ else\ collect{\isacharunderscore}duplicates\ {\isacharparenleft}z{\isacharhash}xs{\isacharparenright}\ {\isacharparenleft}z{\isacharhash}ys{\isacharparenright}\ zs{\isacharparenright}{\isachardoublequoteclose}% |
|
708 \begin{isamarkuptext}% |
|
709 The membership test during preprocessing is rewritten, |
|
710 resulting in \isa{op\ mem}, which itself |
|
711 performs an explicit equality check.% |
|
712 \end{isamarkuptext}% |
|
713 \isamarkuptrue% |
|
714 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
715 \ collect{\isacharunderscore}duplicates\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}collect{\isacharunderscore}duplicates{\isachardot}ML{\isachardoublequoteclose}% |
|
716 \begin{isamarkuptext}% |
|
717 \lstsml{Thy/examples/collect_duplicates.ML}% |
|
718 \end{isamarkuptext}% |
|
719 \isamarkuptrue% |
|
720 % |
|
721 \begin{isamarkuptext}% |
|
722 Obviously, polymorphic equality is implemented the Haskell |
|
723 way using a type class. How is this achieved? HOL introduces |
|
724 an explicit class \isa{eq} with a corresponding operation |
|
725 \isa{eq{\isacharunderscore}class{\isachardot}eq} such that \isa{eq{\isacharunderscore}class{\isachardot}eq\ x\ y\ {\isacharequal}\ {\isacharparenleft}x\ {\isacharequal}\ y{\isacharparenright}}. |
|
726 The preprocessing framework does the rest. |
|
727 For datatypes, instances of \isa{eq} are implicitly derived |
|
728 when possible. For other types, you may instantiate \isa{eq} |
|
729 manually like any other type class. |
|
730 |
|
731 Though this \isa{eq} class is designed to get rarely in |
|
732 the way, a subtlety |
|
733 enters the stage when definitions of overloaded constants |
|
734 are dependent on operational equality. For example, let |
|
735 us define a lexicographic ordering on tuples:% |
|
736 \end{isamarkuptext}% |
|
737 \isamarkuptrue% |
|
738 \isacommand{instantiation}\isamarkupfalse% |
|
739 \ {\isacharasterisk}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}ord{\isacharcomma}\ ord{\isacharparenright}\ ord\isanewline |
|
740 \isakeyword{begin}\isanewline |
|
741 \isanewline |
|
742 \isacommand{definition}\isamarkupfalse% |
|
743 \isanewline |
|
744 \ \ {\isacharbrackleft}code\ func\ del{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}p{\isadigit{1}}\ {\isacharless}\ p{\isadigit{2}}\ {\isasymlongleftrightarrow}\ {\isacharparenleft}let\ {\isacharparenleft}x{\isadigit{1}}{\isacharcomma}\ y{\isadigit{1}}{\isacharparenright}\ {\isacharequal}\ p{\isadigit{1}}{\isacharsemicolon}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isacharequal}\ p{\isadigit{2}}\ in\isanewline |
|
745 \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isacharless}\ y{\isadigit{2}}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
746 \isanewline |
|
747 \isacommand{definition}\isamarkupfalse% |
|
748 \isanewline |
|
749 \ \ {\isacharbrackleft}code\ func\ del{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}p{\isadigit{1}}\ {\isasymle}\ p{\isadigit{2}}\ {\isasymlongleftrightarrow}\ {\isacharparenleft}let\ {\isacharparenleft}x{\isadigit{1}}{\isacharcomma}\ y{\isadigit{1}}{\isacharparenright}\ {\isacharequal}\ p{\isadigit{1}}{\isacharsemicolon}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isacharequal}\ p{\isadigit{2}}\ in\isanewline |
|
750 \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isasymle}\ y{\isadigit{2}}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
751 \isanewline |
|
752 \isacommand{instance}\isamarkupfalse% |
|
753 % |
|
754 \isadelimproof |
|
755 \ % |
|
756 \endisadelimproof |
|
757 % |
|
758 \isatagproof |
|
759 \isacommand{{\isachardot}{\isachardot}}\isamarkupfalse% |
|
760 % |
|
761 \endisatagproof |
|
762 {\isafoldproof}% |
|
763 % |
|
764 \isadelimproof |
|
765 % |
|
766 \endisadelimproof |
|
767 \isanewline |
|
768 \isanewline |
|
769 \isacommand{end}\isamarkupfalse% |
|
770 \isanewline |
|
771 \isanewline |
|
772 \isacommand{lemma}\isamarkupfalse% |
|
773 \ ord{\isacharunderscore}prod\ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
774 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}ord{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}ord{\isacharparenright}\ {\isacharless}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isacharless}\ y{\isadigit{2}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
775 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}ord{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}ord{\isacharparenright}\ {\isasymle}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isasymle}\ y{\isadigit{2}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
776 % |
|
777 \isadelimproof |
|
778 \ \ % |
|
779 \endisadelimproof |
|
780 % |
|
781 \isatagproof |
|
782 \isacommand{unfolding}\isamarkupfalse% |
|
783 \ less{\isacharunderscore}prod{\isacharunderscore}def\ less{\isacharunderscore}eq{\isacharunderscore}prod{\isacharunderscore}def\ \isacommand{by}\isamarkupfalse% |
|
784 \ simp{\isacharunderscore}all% |
|
785 \endisatagproof |
|
786 {\isafoldproof}% |
|
787 % |
|
788 \isadelimproof |
|
789 % |
|
790 \endisadelimproof |
|
791 % |
|
792 \begin{isamarkuptext}% |
|
793 Then code generation will fail. Why? The definition |
|
794 of \isa{op\ {\isasymle}} depends on equality on both arguments, |
|
795 which are polymorphic and impose an additional \isa{eq} |
|
796 class constraint, thus violating the type discipline |
|
797 for class operations. |
|
798 |
|
799 The solution is to add \isa{eq} explicitly to the first sort arguments in the |
|
800 code theorems:% |
|
801 \end{isamarkuptext}% |
|
802 \isamarkuptrue% |
|
803 \isacommand{lemma}\isamarkupfalse% |
|
804 \ ord{\isacharunderscore}prod{\isacharunderscore}code\ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
805 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}{\isacharbraceleft}ord{\isacharcomma}\ eq{\isacharbraceright}{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}ord{\isacharparenright}\ {\isacharless}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline |
|
806 \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isacharless}\ y{\isadigit{2}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
807 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}{\isacharbraceleft}ord{\isacharcomma}\ eq{\isacharbraceright}{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}ord{\isacharparenright}\ {\isasymle}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline |
|
808 \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ {\isacharparenleft}x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isasymle}\ y{\isadigit{2}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
809 % |
|
810 \isadelimproof |
|
811 \ \ % |
|
812 \endisadelimproof |
|
813 % |
|
814 \isatagproof |
|
815 \isacommand{unfolding}\isamarkupfalse% |
|
816 \ ord{\isacharunderscore}prod\ \isacommand{by}\isamarkupfalse% |
|
817 \ rule{\isacharplus}% |
|
818 \endisatagproof |
|
819 {\isafoldproof}% |
|
820 % |
|
821 \isadelimproof |
|
822 % |
|
823 \endisadelimproof |
|
824 % |
|
825 \begin{isamarkuptext}% |
|
826 \noindent Then code generation succeeds:% |
|
827 \end{isamarkuptext}% |
|
828 \isamarkuptrue% |
|
829 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
830 \ {\isachardoublequoteopen}op\ {\isasymle}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}{\isacharbraceleft}eq{\isacharcomma}\ ord{\isacharbraceright}\ {\isasymtimes}\ {\isacharprime}b{\isasymColon}ord\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymtimes}\ {\isacharprime}b\ {\isasymRightarrow}\ bool{\isachardoublequoteclose}\isanewline |
|
831 \ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}lexicographic{\isachardot}ML{\isachardoublequoteclose}% |
|
832 \begin{isamarkuptext}% |
|
833 \lstsml{Thy/examples/lexicographic.ML}% |
|
834 \end{isamarkuptext}% |
|
835 \isamarkuptrue% |
|
836 % |
|
837 \begin{isamarkuptext}% |
|
838 In general, code theorems for overloaded constants may have more |
|
839 restrictive sort constraints than the underlying instance relation |
|
840 between class and type constructor as long as the whole system of |
|
841 constraints is coregular; code theorems violating coregularity |
|
842 are rejected immediately. Consequently, it might be necessary |
|
843 to delete disturbing theorems in the code theorem table, |
|
844 as we have done here with the original definitions \isa{less{\isacharunderscore}prod{\isacharunderscore}def} |
|
845 and \isa{less{\isacharunderscore}eq{\isacharunderscore}prod{\isacharunderscore}def}. |
|
846 |
|
847 In some cases, the automatically derived defining equations |
|
848 for equality on a particular type may not be appropriate. |
|
849 As example, watch the following datatype representing |
|
850 monomorphic parametric types (where type constructors |
|
851 are referred to by natural numbers):% |
|
852 \end{isamarkuptext}% |
|
853 \isamarkuptrue% |
|
854 \isacommand{datatype}\isamarkupfalse% |
|
855 \ monotype\ {\isacharequal}\ Mono\ nat\ {\isachardoublequoteopen}monotype\ list{\isachardoublequoteclose}% |
|
856 \isadelimproof |
|
857 % |
|
858 \endisadelimproof |
|
859 % |
|
860 \isatagproof |
|
861 % |
|
862 \endisatagproof |
|
863 {\isafoldproof}% |
|
864 % |
|
865 \isadelimproof |
|
866 % |
|
867 \endisadelimproof |
|
868 % |
|
869 \begin{isamarkuptext}% |
|
870 Then code generation for SML would fail with a message |
|
871 that the generated code conains illegal mutual dependencies: |
|
872 the theorem \isa{Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}\ {\isacharequal}\ Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}\ {\isasymequiv}\ tyco{\isadigit{1}}\ {\isacharequal}\ tyco{\isadigit{2}}\ {\isasymand}\ typargs{\isadigit{1}}\ {\isacharequal}\ typargs{\isadigit{2}}} already requires the |
|
873 instance \isa{monotype\ {\isasymColon}\ eq}, which itself requires |
|
874 \isa{Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}\ {\isacharequal}\ Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}\ {\isasymequiv}\ tyco{\isadigit{1}}\ {\isacharequal}\ tyco{\isadigit{2}}\ {\isasymand}\ typargs{\isadigit{1}}\ {\isacharequal}\ typargs{\isadigit{2}}}; Haskell has no problem with mutually |
|
875 recursive \isa{instance} and \isa{function} definitions, |
|
876 but the SML serializer does not support this. |
|
877 |
|
878 In such cases, you have to provide you own equality equations |
|
879 involving auxiliary constants. In our case, |
|
880 \isa{list{\isacharunderscore}all{\isadigit{2}}} can do the job:% |
|
881 \end{isamarkuptext}% |
|
882 \isamarkuptrue% |
|
883 \isacommand{lemma}\isamarkupfalse% |
|
884 \ monotype{\isacharunderscore}eq{\isacharunderscore}list{\isacharunderscore}all{\isadigit{2}}\ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
885 \ \ {\isachardoublequoteopen}Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}\ {\isacharequal}\ Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}\ {\isasymlongleftrightarrow}\isanewline |
|
886 \ \ \ \ \ tyco{\isadigit{1}}\ {\isacharequal}\ tyco{\isadigit{2}}\ {\isasymand}\ list{\isacharunderscore}all{\isadigit{2}}\ {\isacharparenleft}op\ {\isacharequal}{\isacharparenright}\ typargs{\isadigit{1}}\ typargs{\isadigit{2}}{\isachardoublequoteclose}\isanewline |
|
887 % |
|
888 \isadelimproof |
|
889 \ \ % |
|
890 \endisadelimproof |
|
891 % |
|
892 \isatagproof |
|
893 \isacommand{by}\isamarkupfalse% |
|
894 \ {\isacharparenleft}simp\ add{\isacharcolon}\ list{\isacharunderscore}all{\isadigit{2}}{\isacharunderscore}eq\ {\isacharbrackleft}symmetric{\isacharbrackright}{\isacharparenright}% |
|
895 \endisatagproof |
|
896 {\isafoldproof}% |
|
897 % |
|
898 \isadelimproof |
|
899 % |
|
900 \endisadelimproof |
|
901 % |
|
902 \begin{isamarkuptext}% |
|
903 does not depend on instance \isa{monotype\ {\isasymColon}\ eq}:% |
|
904 \end{isamarkuptext}% |
|
905 \isamarkuptrue% |
|
906 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
907 \ {\isachardoublequoteopen}op\ {\isacharequal}\ {\isacharcolon}{\isacharcolon}\ monotype\ {\isasymRightarrow}\ monotype\ {\isasymRightarrow}\ bool{\isachardoublequoteclose}\isanewline |
|
908 \ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}monotype{\isachardot}ML{\isachardoublequoteclose}% |
|
909 \begin{isamarkuptext}% |
|
910 \lstsml{Thy/examples/monotype.ML}% |
|
911 \end{isamarkuptext}% |
|
912 \isamarkuptrue% |
|
913 % |
|
914 \isamarkupsubsection{Programs as sets of theorems% |
|
915 } |
|
916 \isamarkuptrue% |
|
917 % |
|
918 \begin{isamarkuptext}% |
|
919 As told in \secref{sec:concept}, code generation is based |
|
920 on a structured collection of code theorems. |
|
921 For explorative purpose, this collection |
|
922 may be inspected using the \isa{{\isasymCODETHMS}} command:% |
|
923 \end{isamarkuptext}% |
|
924 \isamarkuptrue% |
|
925 \isacommand{code{\isacharunderscore}thms}\isamarkupfalse% |
|
926 \ {\isachardoublequoteopen}op\ mod\ {\isacharcolon}{\isacharcolon}\ nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}% |
|
927 \begin{isamarkuptext}% |
|
928 \noindent prints a table with \emph{all} defining equations |
|
929 for \isa{op\ mod}, including |
|
930 \emph{all} defining equations those equations depend |
|
931 on recursivly. \isa{{\isasymCODETHMS}} provides a convenient |
|
932 mechanism to inspect the impact of a preprocessor setup |
|
933 on defining equations. |
|
934 |
|
935 Similarly, the \isa{{\isasymCODEDEPS}} command shows a graph |
|
936 visualizing dependencies between defining equations.% |
|
937 \end{isamarkuptext}% |
|
938 \isamarkuptrue% |
|
939 % |
|
940 \isamarkupsubsection{Constructor sets for datatypes% |
|
941 } |
|
942 \isamarkuptrue% |
|
943 % |
|
944 \begin{isamarkuptext}% |
|
945 Conceptually, any datatype is spanned by a set of |
|
946 \emph{constructors} of type \isa{{\isasymtau}\ {\isacharequal}\ {\isasymdots}\ {\isasymRightarrow}\ {\isasymkappa}\ {\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymdots}\ {\isasymalpha}\isactrlisub n} |
|
947 where \isa{{\isacharbraceleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub n{\isacharbraceright}} is excactly the set of \emph{all} |
|
948 type variables in \isa{{\isasymtau}}. The HOL datatype package |
|
949 by default registers any new datatype in the table |
|
950 of datatypes, which may be inspected using |
|
951 the \isa{{\isasymPRINTCODESETUP}} command. |
|
952 |
|
953 In some cases, it may be convenient to alter or |
|
954 extend this table; as an example, we will develope an alternative |
|
955 representation of natural numbers as binary digits, whose |
|
956 size does increase logarithmically with its value, not linear |
|
957 \footnote{Indeed, the \isa{Efficient{\isacharunderscore}Nat} theory (see \ref{eff_nat}) |
|
958 does something similar}. First, the digit representation:% |
|
959 \end{isamarkuptext}% |
|
960 \isamarkuptrue% |
|
961 \isacommand{definition}\isamarkupfalse% |
|
962 \ Dig{\isadigit{0}}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
963 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ n\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ n{\isachardoublequoteclose}\isanewline |
|
964 \isanewline |
|
965 \isacommand{definition}\isamarkupfalse% |
|
966 \ Dig{\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
967 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ n\ {\isacharequal}\ Suc\ {\isacharparenleft}{\isadigit{2}}\ {\isacharasterisk}\ n{\isacharparenright}{\isachardoublequoteclose}% |
|
968 \begin{isamarkuptext}% |
|
969 \noindent We will use these two ">digits"< to represent natural numbers |
|
970 in binary digits, e.g.:% |
|
971 \end{isamarkuptext}% |
|
972 \isamarkuptrue% |
|
973 \isacommand{lemma}\isamarkupfalse% |
|
974 \ {\isadigit{4}}{\isadigit{2}}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{4}}{\isadigit{2}}\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}Dig{\isadigit{1}}\ {\isacharparenleft}Dig{\isadigit{0}}\ {\isacharparenleft}Dig{\isadigit{1}}\ {\isacharparenleft}Dig{\isadigit{0}}\ {\isadigit{1}}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
975 % |
|
976 \isadelimproof |
|
977 \ \ % |
|
978 \endisadelimproof |
|
979 % |
|
980 \isatagproof |
|
981 \isacommand{by}\isamarkupfalse% |
|
982 \ {\isacharparenleft}simp\ add{\isacharcolon}\ Dig{\isadigit{0}}{\isacharunderscore}def\ Dig{\isadigit{1}}{\isacharunderscore}def{\isacharparenright}% |
|
983 \endisatagproof |
|
984 {\isafoldproof}% |
|
985 % |
|
986 \isadelimproof |
|
987 % |
|
988 \endisadelimproof |
|
989 % |
|
990 \begin{isamarkuptext}% |
|
991 \noindent Of course we also have to provide proper code equations for |
|
992 the operations, e.g. \isa{op\ {\isacharplus}}:% |
|
993 \end{isamarkuptext}% |
|
994 \isamarkuptrue% |
|
995 \isacommand{lemma}\isamarkupfalse% |
|
996 \ plus{\isacharunderscore}Dig\ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
997 \ \ {\isachardoublequoteopen}{\isadigit{0}}\ {\isacharplus}\ n\ {\isacharequal}\ n{\isachardoublequoteclose}\isanewline |
|
998 \ \ {\isachardoublequoteopen}m\ {\isacharplus}\ {\isadigit{0}}\ {\isacharequal}\ m{\isachardoublequoteclose}\isanewline |
|
999 \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ n{\isachardoublequoteclose}\isanewline |
|
1000 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ {\isadigit{1}}\ {\isacharequal}\ Dig{\isadigit{1}}\ m{\isachardoublequoteclose}\isanewline |
|
1001 \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}n\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1002 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ {\isadigit{1}}\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1003 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1004 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1005 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1006 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ n\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
1007 % |
|
1008 \isadelimproof |
|
1009 \ \ % |
|
1010 \endisadelimproof |
|
1011 % |
|
1012 \isatagproof |
|
1013 \isacommand{by}\isamarkupfalse% |
|
1014 \ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ Dig{\isadigit{0}}{\isacharunderscore}def\ Dig{\isadigit{1}}{\isacharunderscore}def{\isacharparenright}% |
|
1015 \endisatagproof |
|
1016 {\isafoldproof}% |
|
1017 % |
|
1018 \isadelimproof |
|
1019 % |
|
1020 \endisadelimproof |
|
1021 % |
|
1022 \begin{isamarkuptext}% |
|
1023 \noindent We then instruct the code generator to view \isa{{\isadigit{0}}}, |
|
1024 \isa{{\isadigit{1}}}, \isa{Dig{\isadigit{0}}} and \isa{Dig{\isadigit{1}}} as |
|
1025 datatype constructors:% |
|
1026 \end{isamarkuptext}% |
|
1027 \isamarkuptrue% |
|
1028 \isacommand{code{\isacharunderscore}datatype}\isamarkupfalse% |
|
1029 \ {\isachardoublequoteopen}{\isadigit{0}}{\isasymColon}nat{\isachardoublequoteclose}\ {\isachardoublequoteopen}{\isadigit{1}}{\isasymColon}nat{\isachardoublequoteclose}\ Dig{\isadigit{0}}\ Dig{\isadigit{1}}% |
|
1030 \begin{isamarkuptext}% |
|
1031 \noindent For the former constructor \isa{Suc}, we provide a code |
|
1032 equation and remove some parts of the default code generator setup |
|
1033 which are an obstacle here:% |
|
1034 \end{isamarkuptext}% |
|
1035 \isamarkuptrue% |
|
1036 \isacommand{lemma}\isamarkupfalse% |
|
1037 \ Suc{\isacharunderscore}Dig\ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\isanewline |
|
1038 \ \ {\isachardoublequoteopen}Suc\ n\ {\isacharequal}\ n\ {\isacharplus}\ {\isadigit{1}}{\isachardoublequoteclose}\isanewline |
|
1039 % |
|
1040 \isadelimproof |
|
1041 \ \ % |
|
1042 \endisadelimproof |
|
1043 % |
|
1044 \isatagproof |
|
1045 \isacommand{by}\isamarkupfalse% |
|
1046 \ simp% |
|
1047 \endisatagproof |
|
1048 {\isafoldproof}% |
|
1049 % |
|
1050 \isadelimproof |
|
1051 \isanewline |
|
1052 % |
|
1053 \endisadelimproof |
|
1054 \isanewline |
|
1055 \isacommand{declare}\isamarkupfalse% |
|
1056 \ One{\isacharunderscore}nat{\isacharunderscore}def\ {\isacharbrackleft}code\ inline\ del{\isacharbrackright}\isanewline |
|
1057 \isacommand{declare}\isamarkupfalse% |
|
1058 \ add{\isacharunderscore}Suc{\isacharunderscore}shift\ {\isacharbrackleft}code\ func\ del{\isacharbrackright}% |
|
1059 \begin{isamarkuptext}% |
|
1060 \noindent This yields the following code:% |
|
1061 \end{isamarkuptext}% |
|
1062 \isamarkuptrue% |
|
1063 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
1064 \ {\isachardoublequoteopen}op\ {\isacharplus}\ {\isasymColon}\ nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}nat{\isacharunderscore}binary{\isachardot}ML{\isachardoublequoteclose}% |
|
1065 \begin{isamarkuptext}% |
|
1066 \lstsml{Thy/examples/nat_binary.ML}% |
|
1067 \end{isamarkuptext}% |
|
1068 \isamarkuptrue% |
|
1069 % |
|
1070 \begin{isamarkuptext}% |
|
1071 \medskip |
|
1072 |
|
1073 From this example, it can be easily glimpsed that using own constructor sets |
|
1074 is a little delicate since it changes the set of valid patterns for values |
|
1075 of that type. Without going into much detail, here some practical hints: |
|
1076 |
|
1077 \begin{itemize} |
|
1078 \item When changing the constuctor set for datatypes, take care to |
|
1079 provide an alternative for the \isa{case} combinator (e.g. by replacing |
|
1080 it using the preprocessor). |
|
1081 \item Values in the target language need not to be normalized -- different |
|
1082 values in the target language may represent the same value in the |
|
1083 logic (e.g. \isa{Dig{\isadigit{1}}\ {\isadigit{0}}\ {\isacharequal}\ {\isadigit{1}}}). |
|
1084 \item Usually, a good methodology to deal with the subleties of pattern |
|
1085 matching is to see the type as an abstract type: provide a set |
|
1086 of operations which operate on the concrete representation of the type, |
|
1087 and derive further operations by combinations of these primitive ones, |
|
1088 without relying on a particular representation. |
|
1089 \end{itemize}% |
|
1090 \end{isamarkuptext}% |
|
1091 \isamarkuptrue% |
|
1092 % |
|
1093 \isadeliminvisible |
|
1094 % |
|
1095 \endisadeliminvisible |
|
1096 % |
|
1097 \isataginvisible |
|
1098 \isacommand{code{\isacharunderscore}datatype}\isamarkupfalse% |
|
1099 \ {\isachardoublequoteopen}{\isadigit{0}}{\isacharcolon}{\isacharcolon}nat{\isachardoublequoteclose}\ Suc\isanewline |
|
1100 \isacommand{declare}\isamarkupfalse% |
|
1101 \ plus{\isacharunderscore}Dig\ {\isacharbrackleft}code\ func\ del{\isacharbrackright}\isanewline |
|
1102 \isacommand{declare}\isamarkupfalse% |
|
1103 \ One{\isacharunderscore}nat{\isacharunderscore}def\ {\isacharbrackleft}code\ inline{\isacharbrackright}\isanewline |
|
1104 \isacommand{declare}\isamarkupfalse% |
|
1105 \ add{\isacharunderscore}Suc{\isacharunderscore}shift\ {\isacharbrackleft}code\ func{\isacharbrackright}\ \isanewline |
|
1106 \isacommand{lemma}\isamarkupfalse% |
|
1107 \ {\isacharbrackleft}code\ func{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{0}}\ {\isacharplus}\ n\ {\isacharequal}\ {\isacharparenleft}n\ {\isasymColon}\ nat{\isacharparenright}{\isachardoublequoteclose}\ \isacommand{by}\isamarkupfalse% |
|
1108 \ simp% |
|
1109 \endisataginvisible |
|
1110 {\isafoldinvisible}% |
|
1111 % |
|
1112 \isadeliminvisible |
|
1113 % |
|
1114 \endisadeliminvisible |
|
1115 % |
|
1116 \isamarkupsubsection{Customizing serialization% |
|
1117 } |
|
1118 \isamarkuptrue% |
|
1119 % |
|
1120 \isamarkupsubsubsection{Basics% |
|
1121 } |
|
1122 \isamarkuptrue% |
|
1123 % |
|
1124 \begin{isamarkuptext}% |
|
1125 Consider the following function and its corresponding |
|
1126 SML code:% |
|
1127 \end{isamarkuptext}% |
|
1128 \isamarkuptrue% |
|
1129 \isacommand{primrec}\isamarkupfalse% |
|
1130 \isanewline |
|
1131 \ \ in{\isacharunderscore}interval\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymtimes}\ nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ bool{\isachardoublequoteclose}\ \isakeyword{where}\isanewline |
|
1132 \ \ {\isachardoublequoteopen}in{\isacharunderscore}interval\ {\isacharparenleft}k{\isacharcomma}\ l{\isacharparenright}\ n\ {\isasymlongleftrightarrow}\ k\ {\isasymle}\ n\ {\isasymand}\ n\ {\isasymle}\ l{\isachardoublequoteclose}% |
|
1133 \isadelimtt |
|
1134 % |
|
1135 \endisadelimtt |
|
1136 % |
|
1137 \isatagtt |
|
1138 % |
|
1139 \endisatagtt |
|
1140 {\isafoldtt}% |
|
1141 % |
|
1142 \isadelimtt |
|
1143 % |
|
1144 \endisadelimtt |
|
1145 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
1146 \ in{\isacharunderscore}interval\ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}bool{\isacharunderscore}literal{\isachardot}ML{\isachardoublequoteclose}% |
|
1147 \begin{isamarkuptext}% |
|
1148 \lstsml{Thy/examples/bool_literal.ML} |
|
1149 |
|
1150 \noindent Though this is correct code, it is a little bit unsatisfactory: |
|
1151 boolean values and operators are materialized as distinguished |
|
1152 entities with have nothing to do with the SML-builtin notion |
|
1153 of \qt{bool}. This results in less readable code; |
|
1154 additionally, eager evaluation may cause programs to |
|
1155 loop or break which would perfectly terminate when |
|
1156 the existing SML \qt{bool} would be used. To map |
|
1157 the HOL \qt{bool} on SML \qt{bool}, we may use |
|
1158 \qn{custom serializations}:% |
|
1159 \end{isamarkuptext}% |
|
1160 \isamarkuptrue% |
|
1161 % |
|
1162 \isadelimtt |
|
1163 % |
|
1164 \endisadelimtt |
|
1165 % |
|
1166 \isatagtt |
|
1167 \isacommand{code{\isacharunderscore}type}\isamarkupfalse% |
|
1168 \ bool\isanewline |
|
1169 \ \ {\isacharparenleft}SML\ {\isachardoublequoteopen}bool{\isachardoublequoteclose}{\isacharparenright}\isanewline |
|
1170 \isacommand{code{\isacharunderscore}const}\isamarkupfalse% |
|
1171 \ True\ \isakeyword{and}\ False\ \isakeyword{and}\ {\isachardoublequoteopen}op\ {\isasymand}{\isachardoublequoteclose}\isanewline |
|
1172 \ \ {\isacharparenleft}SML\ {\isachardoublequoteopen}true{\isachardoublequoteclose}\ \isakeyword{and}\ {\isachardoublequoteopen}false{\isachardoublequoteclose}\ \isakeyword{and}\ {\isachardoublequoteopen}{\isacharunderscore}\ andalso\ {\isacharunderscore}{\isachardoublequoteclose}{\isacharparenright}% |
|
1173 \endisatagtt |
|
1174 {\isafoldtt}% |
|
1175 % |
|
1176 \isadelimtt |
|
1177 % |
|
1178 \endisadelimtt |
|
1179 % |
|
1180 \begin{isamarkuptext}% |
|
1181 The \isa{{\isasymCODETYPE}} commad takes a type constructor |
|
1182 as arguments together with a list of custom serializations. |
|
1183 Each custom serialization starts with a target language |
|
1184 identifier followed by an expression, which during |
|
1185 code serialization is inserted whenever the type constructor |
|
1186 would occur. For constants, \isa{{\isasymCODECONST}} implements |
|
1187 the corresponding mechanism. Each ``\verb|_|'' in |
|
1188 a serialization expression is treated as a placeholder |
|
1189 for the type constructor's (the constant's) arguments.% |
|
1190 \end{isamarkuptext}% |
|
1191 \isamarkuptrue% |
|
1192 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
1193 \ in{\isacharunderscore}interval\ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}bool{\isacharunderscore}mlbool{\isachardot}ML{\isachardoublequoteclose}% |
|
1194 \begin{isamarkuptext}% |
|
1195 \lstsml{Thy/examples/bool_mlbool.ML} |
|
1196 |
|
1197 \noindent This still is not perfect: the parentheses |
|
1198 around the \qt{andalso} expression are superfluous. |
|
1199 Though the serializer |
|
1200 by no means attempts to imitate the rich Isabelle syntax |
|
1201 framework, it provides some common idioms, notably |
|
1202 associative infixes with precedences which may be used here:% |
|
1203 \end{isamarkuptext}% |
|
1204 \isamarkuptrue% |
|
1205 % |
|
1206 \isadelimtt |
|
1207 % |
|
1208 \endisadelimtt |
|
1209 % |
|
1210 \isatagtt |
|
1211 \isacommand{code{\isacharunderscore}const}\isamarkupfalse% |
|
1212 \ {\isachardoublequoteopen}op\ {\isasymand}{\isachardoublequoteclose}\isanewline |
|
1213 \ \ {\isacharparenleft}SML\ \isakeyword{infixl}\ {\isadigit{1}}\ {\isachardoublequoteopen}andalso{\isachardoublequoteclose}{\isacharparenright}% |
|
1214 \endisatagtt |
|
1215 {\isafoldtt}% |
|
1216 % |
|
1217 \isadelimtt |
|
1218 % |
|
1219 \endisadelimtt |
|
1220 \isanewline |
|
1221 \isanewline |
|
1222 \isacommand{export{\isacharunderscore}code}\isamarkupfalse% |
|
1223 \ in{\isacharunderscore}interval\ \ \isakeyword{in}\ SML\ \isakeyword{file}\ {\isachardoublequoteopen}examples{\isacharslash}bool{\isacharunderscore}infix{\isachardot}ML{\isachardoublequoteclose}% |
|
1224 \begin{isamarkuptext}% |
|
1225 \lstsml{Thy/examples/bool_infix.ML} |
|
1226 |
|
1227 \medskip |
|
1228 |
|
1229 Next, we try to map HOL pairs to SML pairs, using the |
|
1230 infix ``\verb|*|'' type constructor and parentheses:% |
|
1231 \end{isamarkuptext}% |
|
1232 \isamarkuptrue% |
|
1233 % |
|
1234 \isadelimtt |
|
1235 % |
|
1236 \endisadelimtt |
|
1237 % |
|
1238 \isatagtt |
|
1239 \isacommand{code{\isacharunderscore}type}\isamarkupfalse% |
|
1240 \ {\isacharasterisk}\isanewline |
|
1241 \ \ {\isacharparenleft}SML\ \isakeyword{infix}\ {\isadigit{2}}\ {\isachardoublequoteopen}{\isacharasterisk}{\isachardoublequoteclose}{\isacharparenright}\isanewline |
|
1242 \isacommand{code{\isacharunderscore}const}\isamarkupfalse% |
|
1243 \ Pair\isanewline |
|
1244 \ \ {\isacharparenleft}SML\ {\isachardoublequoteopen}{\isacharbang}{\isacharparenleft}{\isacharparenleft}{\isacharunderscore}{\isacharparenright}{\isacharcomma}{\isacharslash}\ {\isacharparenleft}{\isacharunderscore}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}{\isacharparenright}% |
|
1245 \endisatagtt |
|
1246 {\isafoldtt}% |
|
1247 % |
|
1248 \isadelimtt |
|
1249 % |
|
1250 \endisadelimtt |
|
1251 % |
|
1252 \begin{isamarkuptext}% |
|
1253 The initial bang ``\verb|!|'' tells the serializer to never put |
|
1254 parentheses around the whole expression (they are already present), |
|
1255 while the parentheses around argument place holders |
|
1256 tell not to put parentheses around the arguments. |
|
1257 The slash ``\verb|/|'' (followed by arbitrary white space) |
|
1258 inserts a space which may be used as a break if necessary |
|
1259 during pretty printing. |
|
1260 |
|
1261 These examples give a glimpse what mechanisms |
|
1262 custom serializations provide; however their usage |
|
1263 requires careful thinking in order not to introduce |
|
1264 inconsistencies -- or, in other words: |
|
1265 custom serializations are completely axiomatic. |
|
1266 |
|
1267 A further noteworthy details is that any special |
|
1268 character in a custom serialization may be quoted |
|
1269 using ``\verb|'|''; thus, in |
|
1270 ``\verb|fn '_ => _|'' the first |
|
1271 ``\verb|_|'' is a proper underscore while the |
|
1272 second ``\verb|_|'' is a placeholder. |
|
1273 |
|
1274 The HOL theories provide further |
|
1275 examples for custom serializations.% |
|
1276 \end{isamarkuptext}% |
|
1277 \isamarkuptrue% |
|
1278 % |
|
1279 \isamarkupsubsubsection{Haskell serialization% |
|
1280 } |
|
1281 \isamarkuptrue% |
|
1282 % |
|
1283 \begin{isamarkuptext}% |
|
1284 For convenience, the default |
|
1285 HOL setup for Haskell maps the \isa{eq} class to |
|
1286 its counterpart in Haskell, giving custom serializations |
|
1287 for the class (\isa{{\isasymCODECLASS}}) and its operation:% |
|
1288 \end{isamarkuptext}% |
|
1289 \isamarkuptrue% |
|
1290 % |
|
1291 \isadelimtt |
|
1292 % |
|
1293 \endisadelimtt |
|
1294 % |
|
1295 \isatagtt |
|
1296 \isacommand{code{\isacharunderscore}class}\isamarkupfalse% |
|
1297 \ eq\isanewline |
|
1298 \ \ {\isacharparenleft}Haskell\ {\isachardoublequoteopen}Eq{\isachardoublequoteclose}\ \isakeyword{where}\ {\isachardoublequoteopen}op\ {\isacharequal}{\isachardoublequoteclose}\ {\isasymequiv}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharequal}{\isacharequal}{\isacharparenright}{\isachardoublequoteclose}{\isacharparenright}\isanewline |
|
1299 \isanewline |
|
1300 \isacommand{code{\isacharunderscore}const}\isamarkupfalse% |
|
1301 \ {\isachardoublequoteopen}op\ {\isacharequal}{\isachardoublequoteclose}\isanewline |
|
1302 \ \ {\isacharparenleft}Haskell\ \isakeyword{infixl}\ {\isadigit{4}}\ {\isachardoublequoteopen}{\isacharequal}{\isacharequal}{\isachardoublequoteclose}{\isacharparenright}% |
|
1303 \endisatagtt |
|
1304 {\isafoldtt}% |
|
1305 % |
|
1306 \isadelimtt |
|
1307 % |
|
1308 \endisadelimtt |
|
1309 % |
|
1310 \begin{isamarkuptext}% |
|
1311 A problem now occurs whenever a type which |
|
1312 is an instance of \isa{eq} in HOL is mapped |
|
1313 on a Haskell-builtin type which is also an instance |
|
1314 of Haskell \isa{Eq}:% |
|
1315 \end{isamarkuptext}% |
|
1316 \isamarkuptrue% |
|
1317 \isacommand{typedecl}\isamarkupfalse% |
|
1318 \ bar\isanewline |
|
1319 \isanewline |
|
1320 \isacommand{instantiation}\isamarkupfalse% |
|
1321 \ bar\ {\isacharcolon}{\isacharcolon}\ eq\isanewline |
|
1322 \isakeyword{begin}\isanewline |
|
1323 \isanewline |
|
1324 \isacommand{definition}\isamarkupfalse% |
|
1325 \ {\isachardoublequoteopen}eq{\isacharunderscore}class{\isachardot}eq\ {\isacharparenleft}x{\isasymColon}bar{\isacharparenright}\ y\ {\isasymlongleftrightarrow}\ x\ {\isacharequal}\ y{\isachardoublequoteclose}\isanewline |
|
1326 \isanewline |
|
1327 \isacommand{instance}\isamarkupfalse% |
|
1328 % |
|
1329 \isadelimproof |
|
1330 \ % |
|
1331 \endisadelimproof |
|
1332 % |
|
1333 \isatagproof |
|
1334 \isacommand{by}\isamarkupfalse% |
|
1335 \ default\ {\isacharparenleft}simp\ add{\isacharcolon}\ eq{\isacharunderscore}bar{\isacharunderscore}def{\isacharparenright}% |
|
1336 \endisatagproof |
|
1337 {\isafoldproof}% |
|
1338 % |
|
1339 \isadelimproof |
|
1340 % |
|
1341 \endisadelimproof |
|
1342 \isanewline |
|
1343 \isanewline |
|
1344 \isacommand{end}\isamarkupfalse% |
|
1345 \isanewline |
|
1346 % |
|
1347 \isadelimtt |
|
1348 \isanewline |
|
1349 % |
|
1350 \endisadelimtt |
|
1351 % |
|
1352 \isatagtt |
|
1353 \isacommand{code{\isacharunderscore}type}\isamarkupfalse% |
|
1354 \ bar\isanewline |
|
1355 \ \ {\isacharparenleft}Haskell\ {\isachardoublequoteopen}Integer{\isachardoublequoteclose}{\isacharparenright}% |
|
1356 \endisatagtt |
|
1357 {\isafoldtt}% |
|
1358 % |
|
1359 \isadelimtt |
|
1360 % |
|
1361 \endisadelimtt |
|
1362 % |
|
1363 \begin{isamarkuptext}% |
|
1364 The code generator would produce |
|
1365 an additional instance, which of course is rejected. |
|
1366 To suppress this additional instance, use |
|
1367 \isa{{\isasymCODEINSTANCE}}:% |
|
1368 \end{isamarkuptext}% |
|
1369 \isamarkuptrue% |
|
1370 % |
|
1371 \isadelimtt |
|
1372 % |
|
1373 \endisadelimtt |
|
1374 % |
|
1375 \isatagtt |
|
1376 \isacommand{code{\isacharunderscore}instance}\isamarkupfalse% |
|
1377 \ bar\ {\isacharcolon}{\isacharcolon}\ eq\isanewline |
|
1378 \ \ {\isacharparenleft}Haskell\ {\isacharminus}{\isacharparenright}% |
|
1379 \endisatagtt |
|
1380 {\isafoldtt}% |
|
1381 % |
|
1382 \isadelimtt |
|
1383 % |
|
1384 \endisadelimtt |
|
1385 % |
|
1386 \isamarkupsubsubsection{Pretty printing% |
|
1387 } |
|
1388 \isamarkuptrue% |
|
1389 % |
|
1390 \begin{isamarkuptext}% |
|
1391 The serializer provides ML interfaces to set up |
|
1392 pretty serializations for expressions like lists, numerals |
|
1393 and characters; these are |
|
1394 monolithic stubs and should only be used with the |
|
1395 theories introduced in \secref{sec:library}.% |
|
1396 \end{isamarkuptext}% |
|
1397 \isamarkuptrue% |
|
1398 % |
|
1399 \isamarkupsubsection{Cyclic module dependencies% |
|
1400 } |
|
1401 \isamarkuptrue% |
|
1402 % |
|
1403 \begin{isamarkuptext}% |
|
1404 Sometimes the awkward situation occurs that dependencies |
|
1405 between definitions introduce cyclic dependencies |
|
1406 between modules, which in the Haskell world leaves |
|
1407 you to the mercy of the Haskell implementation you are using, |
|
1408 while for SML code generation is not possible. |
|
1409 |
|
1410 A solution is to declare module names explicitly. |
|
1411 Let use assume the three cyclically dependent |
|
1412 modules are named \emph{A}, \emph{B} and \emph{C}. |
|
1413 Then, by stating% |
|
1414 \end{isamarkuptext}% |
|
1415 \isamarkuptrue% |
|
1416 \isacommand{code{\isacharunderscore}modulename}\isamarkupfalse% |
|
1417 \ SML\isanewline |
|
1418 \ \ A\ ABC\isanewline |
|
1419 \ \ B\ ABC\isanewline |
|
1420 \ \ C\ ABC% |
|
1421 \begin{isamarkuptext}% |
|
1422 we explicitly map all those modules on \emph{ABC}, |
|
1423 resulting in an ad-hoc merge of this three modules |
|
1424 at serialization time.% |
|
1425 \end{isamarkuptext}% |
|
1426 \isamarkuptrue% |
|
1427 % |
|
1428 \isamarkupsubsection{Incremental code generation% |
|
1429 } |
|
1430 \isamarkuptrue% |
|
1431 % |
|
1432 \begin{isamarkuptext}% |
|
1433 Code generation is \emph{incremental}: theorems |
|
1434 and abstract intermediate code are cached and extended on demand. |
|
1435 The cache may be partially or fully dropped if the underlying |
|
1436 executable content of the theory changes. |
|
1437 Implementation of caching is supposed to transparently |
|
1438 hid away the details from the user. Anyway, caching |
|
1439 reaches the surface by using a slightly more general form |
|
1440 of the \isa{{\isasymCODETHMS}}, \isa{{\isasymCODEDEPS}} |
|
1441 and \isa{{\isasymEXPORTCODE}} commands: the list of constants |
|
1442 may be omitted. Then, all constants with code theorems |
|
1443 in the current cache are referred to.% |
|
1444 \end{isamarkuptext}% |
|
1445 \isamarkuptrue% |
|
1446 % |
|
1447 \isamarkupsection{ML interfaces \label{sec:ml}% |
|
1448 } |
|
1449 \isamarkuptrue% |
|
1450 % |
|
1451 \begin{isamarkuptext}% |
|
1452 Since the code generator framework not only aims to provide |
|
1453 a nice Isar interface but also to form a base for |
|
1454 code-generation-based applications, here a short |
|
1455 description of the most important ML interfaces.% |
|
1456 \end{isamarkuptext}% |
|
1457 \isamarkuptrue% |
|
1458 % |
|
1459 \isamarkupsubsection{Executable theory content: \isa{Code}% |
|
1460 } |
|
1461 \isamarkuptrue% |
|
1462 % |
|
1463 \begin{isamarkuptext}% |
|
1464 This Pure module implements the core notions of |
|
1465 executable content of a theory.% |
|
1466 \end{isamarkuptext}% |
|
1467 \isamarkuptrue% |
|
1468 % |
|
1469 \isamarkupsubsubsection{Managing executable content% |
|
1470 } |
|
1471 \isamarkuptrue% |
|
1472 % |
|
1473 \isadelimmlref |
|
1474 % |
|
1475 \endisadelimmlref |
|
1476 % |
|
1477 \isatagmlref |
|
1478 % |
|
1479 \begin{isamarkuptext}% |
|
1480 \begin{mldecls} |
|
1481 \indexml{Code.add\_func}\verb|Code.add_func: thm -> theory -> theory| \\ |
|
1482 \indexml{Code.del\_func}\verb|Code.del_func: thm -> theory -> theory| \\ |
|
1483 \indexml{Code.add\_funcl}\verb|Code.add_funcl: string * thm list Susp.T -> theory -> theory| \\ |
|
1484 \indexml{Code.map\_pre}\verb|Code.map_pre: (MetaSimplifier.simpset -> MetaSimplifier.simpset) -> theory -> theory| \\ |
|
1485 \indexml{Code.map\_post}\verb|Code.map_post: (MetaSimplifier.simpset -> MetaSimplifier.simpset) -> theory -> theory| \\ |
|
1486 \indexml{Code.add\_functrans}\verb|Code.add_functrans: string * (theory -> thm list -> thm list option)|\isasep\isanewline% |
|
1487 \verb| -> theory -> theory| \\ |
|
1488 \indexml{Code.del\_functrans}\verb|Code.del_functrans: string -> theory -> theory| \\ |
|
1489 \indexml{Code.add\_datatype}\verb|Code.add_datatype: (string * typ) list -> theory -> theory| \\ |
|
1490 \indexml{Code.get\_datatype}\verb|Code.get_datatype: theory -> string|\isasep\isanewline% |
|
1491 \verb| -> (string * sort) list * (string * typ list) list| \\ |
|
1492 \indexml{Code.get\_datatype\_of\_constr}\verb|Code.get_datatype_of_constr: theory -> string -> string option| |
|
1493 \end{mldecls} |
|
1494 |
|
1495 \begin{description} |
|
1496 |
|
1497 \item \verb|Code.add_func|~\isa{thm}~\isa{thy} adds function |
|
1498 theorem \isa{thm} to executable content. |
|
1499 |
|
1500 \item \verb|Code.del_func|~\isa{thm}~\isa{thy} removes function |
|
1501 theorem \isa{thm} from executable content, if present. |
|
1502 |
|
1503 \item \verb|Code.add_funcl|~\isa{{\isacharparenleft}const{\isacharcomma}\ lthms{\isacharparenright}}~\isa{thy} adds |
|
1504 suspended defining equations \isa{lthms} for constant |
|
1505 \isa{const} to executable content. |
|
1506 |
|
1507 \item \verb|Code.map_pre|~\isa{f}~\isa{thy} changes |
|
1508 the preprocessor simpset. |
|
1509 |
|
1510 \item \verb|Code.add_functrans|~\isa{{\isacharparenleft}name{\isacharcomma}\ f{\isacharparenright}}~\isa{thy} adds |
|
1511 function transformer \isa{f} (named \isa{name}) to executable content; |
|
1512 \isa{f} is a transformer of the defining equations belonging |
|
1513 to a certain function definition, depending on the |
|
1514 current theory context. Returning \isa{NONE} indicates that no |
|
1515 transformation took place; otherwise, the whole process will be iterated |
|
1516 with the new defining equations. |
|
1517 |
|
1518 \item \verb|Code.del_functrans|~\isa{name}~\isa{thy} removes |
|
1519 function transformer named \isa{name} from executable content. |
|
1520 |
|
1521 \item \verb|Code.add_datatype|~\isa{cs}~\isa{thy} adds |
|
1522 a datatype to executable content, with generation |
|
1523 set \isa{cs}. |
|
1524 |
|
1525 \item \verb|Code.get_datatype_of_constr|~\isa{thy}~\isa{const} |
|
1526 returns type constructor corresponding to |
|
1527 constructor \isa{const}; returns \isa{NONE} |
|
1528 if \isa{const} is no constructor. |
|
1529 |
|
1530 \end{description}% |
|
1531 \end{isamarkuptext}% |
|
1532 \isamarkuptrue% |
|
1533 % |
|
1534 \endisatagmlref |
|
1535 {\isafoldmlref}% |
|
1536 % |
|
1537 \isadelimmlref |
|
1538 % |
|
1539 \endisadelimmlref |
|
1540 % |
|
1541 \isamarkupsubsection{Auxiliary% |
|
1542 } |
|
1543 \isamarkuptrue% |
|
1544 % |
|
1545 \isadelimmlref |
|
1546 % |
|
1547 \endisadelimmlref |
|
1548 % |
|
1549 \isatagmlref |
|
1550 % |
|
1551 \begin{isamarkuptext}% |
|
1552 \begin{mldecls} |
|
1553 \indexml{Code\_Unit.read\_const}\verb|Code_Unit.read_const: theory -> string -> string| \\ |
|
1554 \indexml{Code\_Unit.head\_func}\verb|Code_Unit.head_func: thm -> string * ((string * sort) list * typ)| \\ |
|
1555 \indexml{Code\_Unit.rewrite\_func}\verb|Code_Unit.rewrite_func: MetaSimplifier.simpset -> thm -> thm| \\ |
|
1556 \end{mldecls} |
|
1557 |
|
1558 \begin{description} |
|
1559 |
|
1560 \item \verb|Code_Unit.read_const|~\isa{thy}~\isa{s} |
|
1561 reads a constant as a concrete term expression \isa{s}. |
|
1562 |
|
1563 \item \verb|Code_Unit.head_func|~\isa{thm} |
|
1564 extracts the constant and its type from a defining equation \isa{thm}. |
|
1565 |
|
1566 \item \verb|Code_Unit.rewrite_func|~\isa{ss}~\isa{thm} |
|
1567 rewrites a defining equation \isa{thm} with a simpset \isa{ss}; |
|
1568 only arguments and right hand side are rewritten, |
|
1569 not the head of the defining equation. |
|
1570 |
|
1571 \end{description}% |
|
1572 \end{isamarkuptext}% |
|
1573 \isamarkuptrue% |
|
1574 % |
|
1575 \endisatagmlref |
|
1576 {\isafoldmlref}% |
|
1577 % |
|
1578 \isadelimmlref |
|
1579 % |
|
1580 \endisadelimmlref |
|
1581 % |
|
1582 \isamarkupsubsection{Implementing code generator applications% |
|
1583 } |
|
1584 \isamarkuptrue% |
|
1585 % |
|
1586 \begin{isamarkuptext}% |
|
1587 Implementing code generator applications on top |
|
1588 of the framework set out so far usually not only |
|
1589 involves using those primitive interfaces |
|
1590 but also storing code-dependent data and various |
|
1591 other things. |
|
1592 |
|
1593 \begin{warn} |
|
1594 Some interfaces discussed here have not reached |
|
1595 a final state yet. |
|
1596 Changes likely to occur in future. |
|
1597 \end{warn}% |
|
1598 \end{isamarkuptext}% |
|
1599 \isamarkuptrue% |
|
1600 % |
|
1601 \isamarkupsubsubsection{Data depending on the theory's executable content% |
|
1602 } |
|
1603 \isamarkuptrue% |
|
1604 % |
|
1605 \begin{isamarkuptext}% |
|
1606 Due to incrementality of code generation, changes in the |
|
1607 theory's executable content have to be propagated in a |
|
1608 certain fashion. Additionally, such changes may occur |
|
1609 not only during theory extension but also during theory |
|
1610 merge, which is a little bit nasty from an implementation |
|
1611 point of view. The framework provides a solution |
|
1612 to this technical challenge by providing a functorial |
|
1613 data slot \verb|CodeDataFun|; on instantiation |
|
1614 of this functor, the following types and operations |
|
1615 are required: |
|
1616 |
|
1617 \medskip |
|
1618 \begin{tabular}{l} |
|
1619 \isa{type\ T} \\ |
|
1620 \isa{val\ empty{\isacharcolon}\ T} \\ |
|
1621 \isa{val\ merge{\isacharcolon}\ Pretty{\isachardot}pp\ {\isasymrightarrow}\ T\ {\isacharasterisk}\ T\ {\isasymrightarrow}\ T} \\ |
|
1622 \isa{val\ purge{\isacharcolon}\ theory\ option\ {\isasymrightarrow}\ CodeUnit{\isachardot}const\ list\ option\ {\isasymrightarrow}\ T\ {\isasymrightarrow}\ T} |
|
1623 \end{tabular} |
|
1624 |
|
1625 \begin{description} |
|
1626 |
|
1627 \item \isa{T} the type of data to store. |
|
1628 |
|
1629 \item \isa{empty} initial (empty) data. |
|
1630 |
|
1631 \item \isa{merge} merging two data slots. |
|
1632 |
|
1633 \item \isa{purge}~\isa{thy}~\isa{consts} propagates changes in executable content; |
|
1634 if possible, the current theory context is handed over |
|
1635 as argument \isa{thy} (if there is no current theory context (e.g.~during |
|
1636 theory merge, \verb|NONE|); \isa{consts} indicates the kind |
|
1637 of change: \verb|NONE| stands for a fundamental change |
|
1638 which invalidates any existing code, \isa{SOME\ consts} |
|
1639 hints that executable content for constants \isa{consts} |
|
1640 has changed. |
|
1641 |
|
1642 \end{description} |
|
1643 |
|
1644 An instance of \verb|CodeDataFun| provides the following |
|
1645 interface: |
|
1646 |
|
1647 \medskip |
|
1648 \begin{tabular}{l} |
|
1649 \isa{get{\isacharcolon}\ theory\ {\isasymrightarrow}\ T} \\ |
|
1650 \isa{change{\isacharcolon}\ theory\ {\isasymrightarrow}\ {\isacharparenleft}T\ {\isasymrightarrow}\ T{\isacharparenright}\ {\isasymrightarrow}\ T} \\ |
|
1651 \isa{change{\isacharunderscore}yield{\isacharcolon}\ theory\ {\isasymrightarrow}\ {\isacharparenleft}T\ {\isasymrightarrow}\ {\isacharprime}a\ {\isacharasterisk}\ T{\isacharparenright}\ {\isasymrightarrow}\ {\isacharprime}a\ {\isacharasterisk}\ T} |
|
1652 \end{tabular} |
|
1653 |
|
1654 \begin{description} |
|
1655 |
|
1656 \item \isa{get} retrieval of the current data. |
|
1657 |
|
1658 \item \isa{change} update of current data (cached!) |
|
1659 by giving a continuation. |
|
1660 |
|
1661 \item \isa{change{\isacharunderscore}yield} update with side result. |
|
1662 |
|
1663 \end{description}% |
|
1664 \end{isamarkuptext}% |
|
1665 \isamarkuptrue% |
|
1666 % |
|
1667 \begin{isamarkuptext}% |
|
1668 \emph{Happy proving, happy hacking!}% |
|
1669 \end{isamarkuptext}% |
|
1670 \isamarkuptrue% |
|
1671 % |
|
1672 \isadelimtheory |
|
1673 % |
|
1674 \endisadelimtheory |
|
1675 % |
|
1676 \isatagtheory |
|
1677 \isacommand{end}\isamarkupfalse% |
|
1678 % |
|
1679 \endisatagtheory |
|
1680 {\isafoldtheory}% |
|
1681 % |
|
1682 \isadelimtheory |
|
1683 % |
|
1684 \endisadelimtheory |
|
1685 \isanewline |
|
1686 \end{isabellebody}% |
|
1687 %%% Local Variables: |
|
1688 %%% mode: latex |
|
1689 %%% TeX-master: "root" |
|
1690 %%% End: |
|