%

 \begin{isabellebody}%

 \def\isabellecontext{Program}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \isatagtheory

 \isacommand{theory}\isamarkupfalse%

 \ Program\isanewline

 \isakeyword{imports}\ Introduction\isanewline

 \isakeyword{begin}%

 \endisatagtheory

 {\isafoldtheory}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \isamarkupsection{Turning Theories into Programs \label{sec:program}%

 }

 \isamarkuptrue%

 %

 \isamarkupsubsection{The \isa{Isabelle{\isacharslash}HOL} default setup%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 We have already seen how by default equations stemming from

   \hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}/\hyperlink{command.primrec}{\mbox{\isa{\isacommand{primrec}}}}/\hyperlink{command.fun}{\mbox{\isa{\isacommand{fun}}}}

   statements are used for code generation.  This default behaviour

   can be changed, e.g. by providing different defining equations.

   All kinds of customisation shown in this section is \emph{safe}

   in the sense that the user does not have to worry about

   correctness -- all programs generatable that way are partially

   correct.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isamarkupsubsection{Selecting code equations%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Coming back to our introductory example, we

   could provide an alternative defining equations for \isa{dequeue}

   explicitly:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}dequeue\ {\isacharparenleft}Queue\ xs\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\ {\isacharequal}\isanewline

 \ \ \ \ \ {\isacharparenleft}if\ xs\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}\ then\ {\isacharparenleft}None{\isacharcomma}\ Queue\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\isanewline

 \ \ \ \ \ \ \ else\ dequeue\ {\isacharparenleft}Queue\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharparenleft}rev\ xs{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}dequeue\ {\isacharparenleft}Queue\ xs\ {\isacharparenleft}y\ {\isacharhash}\ ys{\isacharparenright}{\isacharparenright}\ {\isacharequal}\isanewline

 \ \ \ \ \ {\isacharparenleft}Some\ y{\isacharcomma}\ Queue\ xs\ ys{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}cases\ xs{\isacharcomma}\ simp{\isacharunderscore}all{\isacharparenright}\ {\isacharparenleft}cases\ {\isachardoublequoteopen}rev\ xs{\isachardoublequoteclose}{\isacharcomma}\ simp{\isacharunderscore}all{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent The annotation \isa{{\isacharbrackleft}code{\isacharbrackright}} is an \isa{Isar}

   \isa{attribute} which states that the given theorems should be

   considered as defining equations for a \isa{fun} statement --

   the corresponding constant is determined syntactically.  The resulting code:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}dequeue ::~forall a. Queue a -> (Maybe a, Queue a);\\

 \hspace*{0pt}dequeue (Queue xs (y :~ys)) = (Just y, Queue xs ys);\\

 \hspace*{0pt}dequeue (Queue xs []) =\\

 \hspace*{0pt} ~(if nulla xs then (Nothing, Queue [] [])\\

 \hspace*{0pt} ~~~else dequeue (Queue [] (rev xs)));%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent You may note that the equality test \isa{xs\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}} has been

   replaced by the predicate \isa{null\ xs}.  This is due to the default

   setup in the \qn{preprocessor} to be discussed further below (\secref{sec:preproc}).

   Changing the default constructor set of datatypes is also

   possible but rarely desired in practice.  See \secref{sec:datatypes} for an example.

   As told in \secref{sec:concept}, code generation is based

   on a structured collection of code theorems.

   For explorative purpose, this collection

   may be inspected using the \hyperlink{command.code-thms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}} command:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{code{\isacharunderscore}thms}\isamarkupfalse%

 \ dequeue%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent prints a table with \emph{all} defining equations

   for \isa{dequeue}, including

   \emph{all} defining equations those equations depend

   on recursively.

   Similarly, the \hyperlink{command.code-deps}{\mbox{\isa{\isacommand{code{\isacharunderscore}deps}}}} command shows a graph

   visualising dependencies between defining equations.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isamarkupsubsection{\isa{class} and \isa{instantiation}%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Concerning type classes and code generation, let us examine an example

   from abstract algebra:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{class}\isamarkupfalse%

 \ semigroup\ {\isacharequal}\ type\ {\isacharplus}\isanewline

 \ \ \isakeyword{fixes}\ mult\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequoteclose}\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequoteopen}{\isasymotimes}{\isachardoublequoteclose}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isanewline

 \ \ \isakeyword{assumes}\ assoc{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}x\ {\isasymotimes}\ y{\isacharparenright}\ {\isasymotimes}\ z\ {\isacharequal}\ x\ {\isasymotimes}\ {\isacharparenleft}y\ {\isasymotimes}\ z{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{class}\isamarkupfalse%

 \ monoid\ {\isacharequal}\ semigroup\ {\isacharplus}\isanewline

 \ \ \isakeyword{fixes}\ neutral\ {\isacharcolon}{\isacharcolon}\ {\isacharprime}a\ {\isacharparenleft}{\isachardoublequoteopen}{\isasymone}{\isachardoublequoteclose}{\isacharparenright}\isanewline

 \ \ \isakeyword{assumes}\ neutl{\isacharcolon}\ {\isachardoublequoteopen}{\isasymone}\ {\isasymotimes}\ x\ {\isacharequal}\ x{\isachardoublequoteclose}\isanewline

 \ \ \ \ \isakeyword{and}\ neutr{\isacharcolon}\ {\isachardoublequoteopen}x\ {\isasymotimes}\ {\isasymone}\ {\isacharequal}\ x{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{instantiation}\isamarkupfalse%

 \ nat\ {\isacharcolon}{\isacharcolon}\ monoid\isanewline

 \isakeyword{begin}\isanewline

 \isanewline

 \isacommand{primrec}\isamarkupfalse%

 \ mult{\isacharunderscore}nat\ \isakeyword{where}\isanewline

 \ \ \ \ {\isachardoublequoteopen}{\isadigit{0}}\ {\isasymotimes}\ n\ {\isacharequal}\ {\isacharparenleft}{\isadigit{0}}{\isasymColon}nat{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isacharbar}\ {\isachardoublequoteopen}Suc\ m\ {\isasymotimes}\ n\ {\isacharequal}\ n\ {\isacharplus}\ m\ {\isasymotimes}\ n{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{definition}\isamarkupfalse%

 \ neutral{\isacharunderscore}nat\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}{\isasymone}\ {\isacharequal}\ Suc\ {\isadigit{0}}{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{lemma}\isamarkupfalse%

 \ add{\isacharunderscore}mult{\isacharunderscore}distrib{\isacharcolon}\isanewline

 \ \ \isakeyword{fixes}\ n\ m\ q\ {\isacharcolon}{\isacharcolon}\ nat\isanewline

 \ \ \isakeyword{shows}\ {\isachardoublequoteopen}{\isacharparenleft}n\ {\isacharplus}\ m{\isacharparenright}\ {\isasymotimes}\ q\ {\isacharequal}\ n\ {\isasymotimes}\ q\ {\isacharplus}\ m\ {\isasymotimes}\ q{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}induct\ n{\isacharparenright}\ simp{\isacharunderscore}all\isanewline

 \isanewline

 \isacommand{instance}\isamarkupfalse%

 \ \isacommand{proof}\isamarkupfalse%

 \isanewline

 \ \ \isacommand{fix}\isamarkupfalse%

 \ m\ n\ q\ {\isacharcolon}{\isacharcolon}\ nat\isanewline

 \ \ \isacommand{show}\isamarkupfalse%

 \ {\isachardoublequoteopen}m\ {\isasymotimes}\ n\ {\isasymotimes}\ q\ {\isacharequal}\ m\ {\isasymotimes}\ {\isacharparenleft}n\ {\isasymotimes}\ q{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}induct\ m{\isacharparenright}\ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ add{\isacharunderscore}mult{\isacharunderscore}distrib{\isacharparenright}\isanewline

 \ \ \isacommand{show}\isamarkupfalse%

 \ {\isachardoublequoteopen}{\isasymone}\ {\isasymotimes}\ n\ {\isacharequal}\ n{\isachardoublequoteclose}\isanewline

 \ \ \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp\ add{\isacharcolon}\ neutral{\isacharunderscore}nat{\isacharunderscore}def{\isacharparenright}\isanewline

 \ \ \isacommand{show}\isamarkupfalse%

 \ {\isachardoublequoteopen}m\ {\isasymotimes}\ {\isasymone}\ {\isacharequal}\ m{\isachardoublequoteclose}\isanewline

 \ \ \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}induct\ m{\isacharparenright}\ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ neutral{\isacharunderscore}nat{\isacharunderscore}def{\isacharparenright}\isanewline

 \isacommand{qed}\isamarkupfalse%

 \isanewline

 \isanewline

 \isacommand{end}\isamarkupfalse%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent We define the natural operation of the natural numbers

   on monoids:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{primrec}\isamarkupfalse%

 \ {\isacharparenleft}\isakeyword{in}\ monoid{\isacharparenright}\ pow\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ \ \ {\isachardoublequoteopen}pow\ {\isadigit{0}}\ a\ {\isacharequal}\ {\isasymone}{\isachardoublequoteclose}\isanewline

 \ \ {\isacharbar}\ {\isachardoublequoteopen}pow\ {\isacharparenleft}Suc\ n{\isacharparenright}\ a\ {\isacharequal}\ a\ {\isasymotimes}\ pow\ n\ a{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent This we use to define the discrete exponentiation function:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{definition}\isamarkupfalse%

 \ bexp\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}bexp\ n\ {\isacharequal}\ pow\ n\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ {\isadigit{0}}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent The corresponding code:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}module Example where {\char123}\\

 \hspace*{0pt}\\

 \hspace*{0pt}\\

 \hspace*{0pt}data Nat = Suc Nat | Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}class Semigroup a where {\char123}\\

 \hspace*{0pt} ~mult ::~a -> a -> a;\\

 \hspace*{0pt}{\char125};\\

 \hspace*{0pt}\\

 \hspace*{0pt}class (Semigroup a) => Monoid a where {\char123}\\

 \hspace*{0pt} ~neutral ::~a;\\

 \hspace*{0pt}{\char125};\\

 \hspace*{0pt}\\

 \hspace*{0pt}pow ::~forall a. (Monoid a) => Nat -> a -> a;\\

 \hspace*{0pt}pow Zero{\char95}nat a = neutral;\\

 \hspace*{0pt}pow (Suc n) a = mult a (pow n a);\\

 \hspace*{0pt}\\

 \hspace*{0pt}plus{\char95}nat ::~Nat -> Nat -> Nat;\\

 \hspace*{0pt}plus{\char95}nat (Suc m) n = plus{\char95}nat m (Suc n);\\

 \hspace*{0pt}plus{\char95}nat Zero{\char95}nat n = n;\\

 \hspace*{0pt}\\

 \hspace*{0pt}neutral{\char95}nat ::~Nat;\\

 \hspace*{0pt}neutral{\char95}nat = Suc Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}mult{\char95}nat ::~Nat -> Nat -> Nat;\\

 \hspace*{0pt}mult{\char95}nat Zero{\char95}nat n = Zero{\char95}nat;\\

 \hspace*{0pt}mult{\char95}nat (Suc m) n = plus{\char95}nat n (mult{\char95}nat m n);\\

 \hspace*{0pt}\\

 \hspace*{0pt}instance Semigroup Nat where {\char123}\\

 \hspace*{0pt} ~mult = mult{\char95}nat;\\

 \hspace*{0pt}{\char125};\\

 \hspace*{0pt}\\

 \hspace*{0pt}instance Monoid Nat where {\char123}\\

 \hspace*{0pt} ~neutral = neutral{\char95}nat;\\

 \hspace*{0pt}{\char125};\\

 \hspace*{0pt}\\

 \hspace*{0pt}bexp ::~Nat -> Nat;\\

 \hspace*{0pt}bexp n = pow n (Suc (Suc Zero{\char95}nat));\\

 \hspace*{0pt}\\

 \hspace*{0pt}{\char125}%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent This is a convenient place to show how explicit dictionary construction

   manifests in generated code (here, the same example in \isa{SML}):%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}structure Example = \\

 \hspace*{0pt}struct\\

 \hspace*{0pt}\\

 \hspace*{0pt}datatype nat = Suc of nat | Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a semigroup = {\char123}mult :~'a -> 'a -> 'a{\char125};\\

 \hspace*{0pt}fun mult (A{\char95}:'a semigroup) = {\char35}mult A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a monoid = {\char123}Program{\char95}{\char95}semigroup{\char95}monoid :~'a semigroup, neutral :~'a{\char125};\\

 \hspace*{0pt}fun semigroup{\char95}monoid (A{\char95}:'a monoid) = {\char35}Program{\char95}{\char95}semigroup{\char95}monoid A{\char95};\\

 \hspace*{0pt}fun neutral (A{\char95}:'a monoid) = {\char35}neutral A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun pow A{\char95}~Zero{\char95}nat a = neutral A{\char95}\\

 \hspace*{0pt} ~| pow A{\char95}~(Suc n) a = mult (semigroup{\char95}monoid A{\char95}) a (pow A{\char95}~n a);\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun plus{\char95}nat (Suc m) n = plus{\char95}nat m (Suc n)\\

 \hspace*{0pt} ~| plus{\char95}nat Zero{\char95}nat n = n;\\

 \hspace*{0pt}\\

 \hspace*{0pt}val neutral{\char95}nat :~nat = Suc Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun mult{\char95}nat Zero{\char95}nat n = Zero{\char95}nat\\

 \hspace*{0pt} ~| mult{\char95}nat (Suc m) n = plus{\char95}nat n (mult{\char95}nat m n);\\

 \hspace*{0pt}\\

 \hspace*{0pt}val semigroup{\char95}nat = {\char123}mult = mult{\char95}nat{\char125}~:~nat semigroup;\\

 \hspace*{0pt}\\

 \hspace*{0pt}val monoid{\char95}nat =\\

 \hspace*{0pt} ~{\char123}Program{\char95}{\char95}semigroup{\char95}monoid = semigroup{\char95}nat, neutral = neutral{\char95}nat{\char125}~:\\

 \hspace*{0pt} ~nat monoid;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun bexp n = pow monoid{\char95}nat n (Suc (Suc Zero{\char95}nat));\\

 \hspace*{0pt}\\

 \hspace*{0pt}end; (*struct Example*)%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Note the parameters with trailing underscore (\verb|A_|)

     which are the dictionary parameters.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isamarkupsubsection{The preprocessor \label{sec:preproc}%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Before selected function theorems are turned into abstract

   code, a chain of definitional transformation steps is carried

   out: \emph{preprocessing}.  In essence, the preprocessor

   consists of two components: a \emph{simpset} and \emph{function transformers}.

   The \emph{simpset} allows to employ the full generality of the Isabelle

   simplifier.  Due to the interpretation of theorems

   as defining equations, rewrites are applied to the right

   hand side and the arguments of the left hand side of an

   equation, but never to the constant heading the left hand side.

   An important special case are \emph{inline theorems} which may be

   declared and undeclared using the

   \emph{code inline} or \emph{code inline del} attribute respectively.

   Some common applications:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \begin{itemize}

 %

 \begin{isamarkuptext}%

 \item replacing non-executable constructs by executable ones:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}x\ {\isasymin}\ set\ xs\ {\isasymlongleftrightarrow}\ x\ mem\ xs{\isachardoublequoteclose}\ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}induct\ xs{\isacharparenright}\ simp{\isacharunderscore}all%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \item eliminating superfluous constants:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharequal}\ Suc\ {\isadigit{0}}{\isachardoublequoteclose}\ \isacommand{by}\isamarkupfalse%

 \ simp%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \item replacing executable but inconvenient constructs:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}code\ inline{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}xs\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}\ {\isasymlongleftrightarrow}\ List{\isachardot}null\ xs{\isachardoublequoteclose}\ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}induct\ xs{\isacharparenright}\ simp{\isacharunderscore}all%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \end{itemize}

 %

 \begin{isamarkuptext}%

 \noindent \emph{Function transformers} provide a very general interface,

   transforming a list of function theorems to another

   list of function theorems, provided that neither the heading

   constant nor its type change.  The \isa{{\isadigit{0}}} / \isa{Suc}

   pattern elimination implemented in

   theory \isa{Efficient{\isacharunderscore}Nat} (see \secref{eff_nat}) uses this

   interface.

   \noindent The current setup of the preprocessor may be inspected using

   the \hyperlink{command.print-codesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}} command.

   \hyperlink{command.code-thms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}} provides a convenient

   mechanism to inspect the impact of a preprocessor setup

   on defining equations.

   \begin{warn}

     The attribute \emph{code unfold}

     associated with the \isa{SML\ code\ generator} also applies to

     the \isa{generic\ code\ generator}:

     \emph{code unfold} implies \emph{code inline}.

   \end{warn}%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isamarkupsubsection{Datatypes \label{sec:datatypes}%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Conceptually, any datatype is spanned by a set of

   \emph{constructors} of type \isa{{\isasymtau}\ {\isacharequal}\ {\isasymdots}\ {\isasymRightarrow}\ {\isasymkappa}\ {\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymdots}\ {\isasymalpha}\isactrlisub n}

   where \isa{{\isacharbraceleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub n{\isacharbraceright}} is exactly the set of \emph{all}

   type variables in \isa{{\isasymtau}}.  The HOL datatype package

   by default registers any new datatype in the table

   of datatypes, which may be inspected using

   the \hyperlink{command.print-codesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}} command.

   In some cases, it may be convenient to alter or

   extend this table;  as an example, we will develop an alternative

   representation of natural numbers as binary digits, whose

   size does increase logarithmically with its value, not linear

   \footnote{Indeed, the \hyperlink{theory.Efficient-Nat}{\mbox{\isa{Efficient{\isacharunderscore}Nat}}} theory (see \ref{eff_nat})

     does something similar}.  First, the digit representation:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{definition}\isamarkupfalse%

 \ Dig{\isadigit{0}}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ n\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ n{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{definition}\isamarkupfalse%

 \ \ Dig{\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ n\ {\isacharequal}\ Suc\ {\isacharparenleft}{\isadigit{2}}\ {\isacharasterisk}\ n{\isacharparenright}{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent We will use these two \qt{digits} to represent natural numbers

   in binary digits, e.g.:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ {\isadigit{4}}{\isadigit{2}}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{4}}{\isadigit{2}}\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}Dig{\isadigit{1}}\ {\isacharparenleft}Dig{\isadigit{0}}\ {\isacharparenleft}Dig{\isadigit{1}}\ {\isacharparenleft}Dig{\isadigit{0}}\ {\isadigit{1}}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp\ add{\isacharcolon}\ Dig{\isadigit{0}}{\isacharunderscore}def\ Dig{\isadigit{1}}{\isacharunderscore}def{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Of course we also have to provide proper code equations for

   the operations, e.g. \isa{op\ {\isacharplus}}:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ plus{\isacharunderscore}Dig\ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}{\isadigit{0}}\ {\isacharplus}\ n\ {\isacharequal}\ n{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}m\ {\isacharplus}\ {\isadigit{0}}\ {\isacharequal}\ m{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ n{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ {\isadigit{1}}\ {\isacharequal}\ Dig{\isadigit{1}}\ m{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}{\isadigit{1}}\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}n\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ {\isadigit{1}}\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{0}}\ m\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ Dig{\isadigit{0}}\ n\ {\isacharequal}\ Dig{\isadigit{1}}\ {\isacharparenleft}m\ {\isacharplus}\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}Dig{\isadigit{1}}\ m\ {\isacharplus}\ Dig{\isadigit{1}}\ n\ {\isacharequal}\ Dig{\isadigit{0}}\ {\isacharparenleft}m\ {\isacharplus}\ n\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ Dig{\isadigit{0}}{\isacharunderscore}def\ Dig{\isadigit{1}}{\isacharunderscore}def{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent We then instruct the code generator to view \isa{{\isadigit{0}}},

   \isa{{\isadigit{1}}}, \isa{Dig{\isadigit{0}}} and \isa{Dig{\isadigit{1}}} as

   datatype constructors:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{code{\isacharunderscore}datatype}\isamarkupfalse%

 \ {\isachardoublequoteopen}{\isadigit{0}}{\isasymColon}nat{\isachardoublequoteclose}\ {\isachardoublequoteopen}{\isadigit{1}}{\isasymColon}nat{\isachardoublequoteclose}\ Dig{\isadigit{0}}\ Dig{\isadigit{1}}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent For the former constructor \isa{Suc}, we provide a code

   equation and remove some parts of the default code generator setup

   which are an obstacle here:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ Suc{\isacharunderscore}Dig\ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}Suc\ n\ {\isacharequal}\ n\ {\isacharplus}\ {\isadigit{1}}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ simp\isanewline

 \isanewline

 \isacommand{declare}\isamarkupfalse%

 \ One{\isacharunderscore}nat{\isacharunderscore}def\ {\isacharbrackleft}code\ inline\ del{\isacharbrackright}\isanewline

 \isacommand{declare}\isamarkupfalse%

 \ add{\isacharunderscore}Suc{\isacharunderscore}shift\ {\isacharbrackleft}code\ del{\isacharbrackright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent This yields the following code:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}structure Example = \\

 \hspace*{0pt}struct\\

 \hspace*{0pt}\\

 \hspace*{0pt}datatype nat = Dig1 of nat | Dig0 of nat | One{\char95}nat | Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun plus{\char95}nat (Dig1 m) (Dig1 n) = Dig0 (plus{\char95}nat (plus{\char95}nat m n) One{\char95}nat)\\

 \hspace*{0pt} ~| plus{\char95}nat (Dig1 m) (Dig0 n) = Dig1 (plus{\char95}nat m n)\\

 \hspace*{0pt} ~| plus{\char95}nat (Dig0 m) (Dig1 n) = Dig1 (plus{\char95}nat m n)\\

 \hspace*{0pt} ~| plus{\char95}nat (Dig0 m) (Dig0 n) = Dig0 (plus{\char95}nat m n)\\

 \hspace*{0pt} ~| plus{\char95}nat (Dig1 m) One{\char95}nat = Dig0 (plus{\char95}nat m One{\char95}nat)\\

 \hspace*{0pt} ~| plus{\char95}nat One{\char95}nat (Dig1 n) = Dig0 (plus{\char95}nat n One{\char95}nat)\\

 \hspace*{0pt} ~| plus{\char95}nat (Dig0 m) One{\char95}nat = Dig1 m\\

 \hspace*{0pt} ~| plus{\char95}nat One{\char95}nat (Dig0 n) = Dig1 n\\

 \hspace*{0pt} ~| plus{\char95}nat m Zero{\char95}nat = m\\

 \hspace*{0pt} ~| plus{\char95}nat Zero{\char95}nat n = n;\\

 \hspace*{0pt}\\

 \hspace*{0pt}end; (*struct Example*)%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent From this example, it can be easily glimpsed that using own constructor sets

   is a little delicate since it changes the set of valid patterns for values

   of that type.  Without going into much detail, here some practical hints:

   \begin{itemize}

     \item When changing the constructor set for datatypes, take care to

       provide an alternative for the \isa{case} combinator (e.g.~by replacing

       it using the preprocessor).

     \item Values in the target language need not to be normalised -- different

       values in the target language may represent the same value in the

       logic (e.g. \isa{Dig{\isadigit{1}}\ {\isadigit{0}}\ {\isacharequal}\ {\isadigit{1}}}).

     \item Usually, a good methodology to deal with the subtleties of pattern

       matching is to see the type as an abstract type: provide a set

       of operations which operate on the concrete representation of the type,

       and derive further operations by combinations of these primitive ones,

       without relying on a particular representation.

   \end{itemize}%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadeliminvisible

 %

 \endisadeliminvisible

 %

 \isataginvisible

 \isacommand{code{\isacharunderscore}datatype}\isamarkupfalse%

 \ {\isachardoublequoteopen}{\isadigit{0}}{\isacharcolon}{\isacharcolon}nat{\isachardoublequoteclose}\ Suc\isanewline

 \isacommand{declare}\isamarkupfalse%

 \ plus{\isacharunderscore}Dig\ {\isacharbrackleft}code\ del{\isacharbrackright}\isanewline

 \isacommand{declare}\isamarkupfalse%

 \ One{\isacharunderscore}nat{\isacharunderscore}def\ {\isacharbrackleft}code\ inline{\isacharbrackright}\isanewline

 \isacommand{declare}\isamarkupfalse%

 \ add{\isacharunderscore}Suc{\isacharunderscore}shift\ {\isacharbrackleft}code{\isacharbrackright}\ \isanewline

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{0}}\ {\isacharplus}\ n\ {\isacharequal}\ {\isacharparenleft}n\ {\isasymColon}\ nat{\isacharparenright}{\isachardoublequoteclose}\ \isacommand{by}\isamarkupfalse%

 \ simp%

 \endisataginvisible

 {\isafoldinvisible}%

 %

 \isadeliminvisible

 %

 \endisadeliminvisible

 %

 \isamarkupsubsection{Equality and wellsortedness%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Surely you have already noticed how equality is treated

   by the code generator:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{primrec}\isamarkupfalse%

 \ collect{\isacharunderscore}duplicates\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}collect{\isacharunderscore}duplicates\ xs\ ys\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ xs{\isachardoublequoteclose}\isanewline

 \ \ {\isacharbar}\ {\isachardoublequoteopen}collect{\isacharunderscore}duplicates\ xs\ ys\ {\isacharparenleft}z{\isacharhash}zs{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}if\ z\ {\isasymin}\ set\ xs\isanewline

 \ \ \ \ \ \ then\ if\ z\ {\isasymin}\ set\ ys\isanewline

 \ \ \ \ \ \ \ \ then\ collect{\isacharunderscore}duplicates\ xs\ ys\ zs\isanewline

 \ \ \ \ \ \ \ \ else\ collect{\isacharunderscore}duplicates\ xs\ {\isacharparenleft}z{\isacharhash}ys{\isacharparenright}\ zs\isanewline

 \ \ \ \ \ \ else\ collect{\isacharunderscore}duplicates\ {\isacharparenleft}z{\isacharhash}xs{\isacharparenright}\ {\isacharparenleft}z{\isacharhash}ys{\isacharparenright}\ zs{\isacharparenright}{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent The membership test during preprocessing is rewritten,

   resulting in \isa{op\ mem}, which itself

   performs an explicit equality check.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}structure Example = \\

 \hspace*{0pt}struct\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a eq = {\char123}eq :~'a -> 'a -> bool{\char125};\\

 \hspace*{0pt}fun eq (A{\char95}:'a eq) = {\char35}eq A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun eqop A{\char95}~a b = eq A{\char95}~a b;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun member A{\char95}~x [] = false\\

 \hspace*{0pt} ~| member A{\char95}~x (y ::~ys) = eqop A{\char95}~x y orelse member A{\char95}~x ys;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun collect{\char95}duplicates A{\char95}~xs ys [] = xs\\

 \hspace*{0pt} ~| collect{\char95}duplicates A{\char95}~xs ys (z ::~zs) =\\

 \hspace*{0pt} ~~~(if member A{\char95}~z xs\\

 \hspace*{0pt} ~~~~~then (if member A{\char95}~z ys then collect{\char95}duplicates A{\char95}~xs ys zs\\

 \hspace*{0pt} ~~~~~~~~~~~~else collect{\char95}duplicates A{\char95}~xs (z ::~ys) zs)\\

 \hspace*{0pt} ~~~~~else collect{\char95}duplicates A{\char95}~(z ::~xs) (z ::~ys) zs);\\

 \hspace*{0pt}\\

 \hspace*{0pt}end; (*struct Example*)%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Obviously, polymorphic equality is implemented the Haskell

   way using a type class.  How is this achieved?  HOL introduces

   an explicit class \isa{eq} with a corresponding operation

   \isa{eq{\isacharunderscore}class{\isachardot}eq} such that \isa{eq{\isacharunderscore}class{\isachardot}eq\ {\isacharequal}\ op\ {\isacharequal}}.

   The preprocessing framework does the rest by propagating the

   \isa{eq} constraints through all dependent defining equations.

   For datatypes, instances of \isa{eq} are implicitly derived

   when possible.  For other types, you may instantiate \isa{eq}

   manually like any other type class.

   Though this \isa{eq} class is designed to get rarely in

   the way, a subtlety

   enters the stage when definitions of overloaded constants

   are dependent on operational equality.  For example, let

   us define a lexicographic ordering on tuples

   (also see theory \hyperlink{theory.Product-ord}{\mbox{\isa{Product{\isacharunderscore}ord}}}):%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{instantiation}\isamarkupfalse%

 \ {\isachardoublequoteopen}{\isacharasterisk}{\isachardoublequoteclose}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}order{\isacharcomma}\ order{\isacharparenright}\ order\isanewline

 \isakeyword{begin}\isanewline

 \isanewline

 \isacommand{definition}\isamarkupfalse%

 \ {\isacharbrackleft}code\ del{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}x\ {\isasymle}\ y\ {\isasymlongleftrightarrow}\ fst\ x\ {\isacharless}\ fst\ y\ {\isasymor}\ fst\ x\ {\isacharequal}\ fst\ y\ {\isasymand}\ snd\ x\ {\isasymle}\ snd\ y{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{definition}\isamarkupfalse%

 \ {\isacharbrackleft}code\ del{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}x\ {\isacharless}\ y\ {\isasymlongleftrightarrow}\ fst\ x\ {\isacharless}\ fst\ y\ {\isasymor}\ fst\ x\ {\isacharequal}\ fst\ y\ {\isasymand}\ snd\ x\ {\isacharless}\ snd\ y{\isachardoublequoteclose}\isanewline

 \isanewline

 \isacommand{instance}\isamarkupfalse%

 \ \isacommand{proof}\isamarkupfalse%

 \isanewline

 \isacommand{qed}\isamarkupfalse%

 \ {\isacharparenleft}auto\ simp{\isacharcolon}\ less{\isacharunderscore}eq{\isacharunderscore}prod{\isacharunderscore}def\ less{\isacharunderscore}prod{\isacharunderscore}def\ intro{\isacharcolon}\ order{\isacharunderscore}less{\isacharunderscore}trans{\isacharparenright}\isanewline

 \isanewline

 \isacommand{end}\isamarkupfalse%

 \isanewline

 \isanewline

 \isacommand{lemma}\isamarkupfalse%

 \ order{\isacharunderscore}prod\ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}order{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}order{\isacharparenright}\ {\isacharless}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline

 \ \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isacharless}\ y{\isadigit{2}}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}order{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}order{\isacharparenright}\ {\isasymle}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline

 \ \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isasymle}\ y{\isadigit{2}}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ less{\isacharunderscore}prod{\isacharunderscore}def\ less{\isacharunderscore}eq{\isacharunderscore}prod{\isacharunderscore}def{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Then code generation will fail.  Why?  The definition

   of \isa{op\ {\isasymle}} depends on equality on both arguments,

   which are polymorphic and impose an additional \isa{eq}

   class constraint, which the preprocessor does not propagate

   (for technical reasons).

   The solution is to add \isa{eq} explicitly to the first sort arguments in the

   code theorems:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ order{\isacharunderscore}prod{\isacharunderscore}code\ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}{\isacharbraceleft}order{\isacharcomma}\ eq{\isacharbraceright}{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}order{\isacharparenright}\ {\isacharless}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline

 \ \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isacharless}\ y{\isadigit{2}}{\isachardoublequoteclose}\isanewline

 \ \ {\isachardoublequoteopen}{\isacharparenleft}x{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}a{\isasymColon}{\isacharbraceleft}order{\isacharcomma}\ eq{\isacharbraceright}{\isacharcomma}\ y{\isadigit{1}}\ {\isasymColon}\ {\isacharprime}b{\isasymColon}order{\isacharparenright}\ {\isasymle}\ {\isacharparenleft}x{\isadigit{2}}{\isacharcomma}\ y{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline

 \ \ \ \ \ x{\isadigit{1}}\ {\isacharless}\ x{\isadigit{2}}\ {\isasymor}\ x{\isadigit{1}}\ {\isacharequal}\ x{\isadigit{2}}\ {\isasymand}\ y{\isadigit{1}}\ {\isasymle}\ y{\isadigit{2}}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ less{\isacharunderscore}prod{\isacharunderscore}def\ less{\isacharunderscore}eq{\isacharunderscore}prod{\isacharunderscore}def{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Then code generation succeeds:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}structure Example = \\

 \hspace*{0pt}struct\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a eq = {\char123}eq :~'a -> 'a -> bool{\char125};\\

 \hspace*{0pt}fun eq (A{\char95}:'a eq) = {\char35}eq A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a ord = {\char123}less{\char95}eq :~'a -> 'a -> bool, less :~'a -> 'a -> bool{\char125};\\

 \hspace*{0pt}fun less{\char95}eq (A{\char95}:'a ord) = {\char35}less{\char95}eq A{\char95};\\

 \hspace*{0pt}fun less (A{\char95}:'a ord) = {\char35}less A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun eqop A{\char95}~a b = eq A{\char95}~a b;\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a preorder = {\char123}Orderings{\char95}{\char95}ord{\char95}preorder :~'a ord{\char125};\\

 \hspace*{0pt}fun ord{\char95}preorder (A{\char95}:'a preorder) = {\char35}Orderings{\char95}{\char95}ord{\char95}preorder A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}type 'a order = {\char123}Orderings{\char95}{\char95}preorder{\char95}order :~'a preorder{\char125};\\

 \hspace*{0pt}fun preorder{\char95}order (A{\char95}:'a order) = {\char35}Orderings{\char95}{\char95}preorder{\char95}order A{\char95};\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun less{\char95}eqa (A1{\char95}, A2{\char95}) B{\char95}~(x1, y1) (x2, y2) =\\

 \hspace*{0pt} ~less ((ord{\char95}preorder o preorder{\char95}order) A2{\char95}) x1 x2 orelse\\

 \hspace*{0pt} ~~~eqop A1{\char95}~x1 x2 andalso\\

 \hspace*{0pt} ~~~~~less{\char95}eq ((ord{\char95}preorder o preorder{\char95}order) B{\char95}) y1 y2\\

 \hspace*{0pt} ~| less{\char95}eqa (A1{\char95}, A2{\char95}) B{\char95}~(x1, y1) (x2, y2) =\\

 \hspace*{0pt} ~~~less ((ord{\char95}preorder o preorder{\char95}order) A2{\char95}) x1 x2 orelse\\

 \hspace*{0pt} ~~~~~eqop A1{\char95}~x1 x2 andalso\\

 \hspace*{0pt} ~~~~~~~less{\char95}eq ((ord{\char95}preorder o preorder{\char95}order) B{\char95}) y1 y2;\\

 \hspace*{0pt}\\

 \hspace*{0pt}end; (*struct Example*)%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 In some cases, the automatically derived defining equations

   for equality on a particular type may not be appropriate.

   As example, watch the following datatype representing

   monomorphic parametric types (where type constructors

   are referred to by natural numbers):%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{datatype}\isamarkupfalse%

 \ monotype\ {\isacharequal}\ Mono\ nat\ {\isachardoublequoteopen}monotype\ list{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \begin{isamarkuptext}%

 \noindent Then code generation for SML would fail with a message

   that the generated code contains illegal mutual dependencies:

   the theorem \isa{eq{\isacharunderscore}class{\isachardot}eq\ {\isacharparenleft}Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}{\isacharparenright}\ {\isacharparenleft}Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}{\isacharparenright}\ {\isasymequiv}\ eq{\isacharunderscore}class{\isachardot}eq\ tyco{\isadigit{1}}\ tyco{\isadigit{2}}\ {\isasymand}\ eq{\isacharunderscore}class{\isachardot}eq\ typargs{\isadigit{1}}\ typargs{\isadigit{2}}} already requires the

   instance \isa{monotype\ {\isasymColon}\ eq}, which itself requires

   \isa{eq{\isacharunderscore}class{\isachardot}eq\ {\isacharparenleft}Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}{\isacharparenright}\ {\isacharparenleft}Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}{\isacharparenright}\ {\isasymequiv}\ eq{\isacharunderscore}class{\isachardot}eq\ tyco{\isadigit{1}}\ tyco{\isadigit{2}}\ {\isasymand}\ eq{\isacharunderscore}class{\isachardot}eq\ typargs{\isadigit{1}}\ typargs{\isadigit{2}}};  Haskell has no problem with mutually

   recursive \isa{instance} and \isa{function} definitions,

   but the SML serialiser does not support this.

   In such cases, you have to provide your own equality equations

   involving auxiliary constants.  In our case,

   \isa{list{\isacharunderscore}all{\isadigit{2}}} can do the job:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{lemma}\isamarkupfalse%

 \ monotype{\isacharunderscore}eq{\isacharunderscore}list{\isacharunderscore}all{\isadigit{2}}\ {\isacharbrackleft}code{\isacharbrackright}{\isacharcolon}\isanewline

 \ \ {\isachardoublequoteopen}eq{\isacharunderscore}class{\isachardot}eq\ {\isacharparenleft}Mono\ tyco{\isadigit{1}}\ typargs{\isadigit{1}}{\isacharparenright}\ {\isacharparenleft}Mono\ tyco{\isadigit{2}}\ typargs{\isadigit{2}}{\isacharparenright}\ {\isasymlongleftrightarrow}\isanewline

 \ \ \ \ \ eq{\isacharunderscore}class{\isachardot}eq\ tyco{\isadigit{1}}\ tyco{\isadigit{2}}\ {\isasymand}\ list{\isacharunderscore}all{\isadigit{2}}\ eq{\isacharunderscore}class{\isachardot}eq\ typargs{\isadigit{1}}\ typargs{\isadigit{2}}{\isachardoublequoteclose}\isanewline

 \ \ \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}simp\ add{\isacharcolon}\ eq\ list{\isacharunderscore}all{\isadigit{2}}{\isacharunderscore}eq\ {\isacharbrackleft}symmetric{\isacharbrackright}{\isacharparenright}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent does not depend on instance \isa{monotype\ {\isasymColon}\ eq}:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}structure Example = \\

 \hspace*{0pt}struct\\

 \hspace*{0pt}\\

 \hspace*{0pt}datatype nat = Suc of nat | Zero{\char95}nat;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun null [] = true\\

 \hspace*{0pt} ~| null (x ::~xs) = false;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun eq{\char95}nat (Suc a) Zero{\char95}nat = false\\

 \hspace*{0pt} ~| eq{\char95}nat Zero{\char95}nat (Suc a) = false\\

 \hspace*{0pt} ~| eq{\char95}nat (Suc nat) (Suc nat') = eq{\char95}nat nat nat'\\

 \hspace*{0pt} ~| eq{\char95}nat Zero{\char95}nat Zero{\char95}nat = true;\\

 \hspace*{0pt}\\

 \hspace*{0pt}datatype monotype = Mono of nat * monotype list;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun list{\char95}all2 p (x ::~xs) (y ::~ys) = p x y andalso list{\char95}all2 p xs ys\\

 \hspace*{0pt} ~| list{\char95}all2 p xs [] = null xs\\

 \hspace*{0pt} ~| list{\char95}all2 p [] ys = null ys;\\

 \hspace*{0pt}\\

 \hspace*{0pt}fun eq{\char95}monotype (Mono (tyco1, typargs1)) (Mono (tyco2, typargs2)) =\\

 \hspace*{0pt} ~eq{\char95}nat tyco1 tyco2 andalso list{\char95}all2 eq{\char95}monotype typargs1 typargs2;\\

 \hspace*{0pt}\\

 \hspace*{0pt}end; (*struct Example*)%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isamarkupsubsection{Explicit partiality%

 }

 \isamarkuptrue%

 %

 \begin{isamarkuptext}%

 Partiality usually enters the game by partial patterns, as

   in the following example, again for amortised queues:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{fun}\isamarkupfalse%

 \ strict{\isacharunderscore}dequeue\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ queue\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymtimes}\ {\isacharprime}a\ queue{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}strict{\isacharunderscore}dequeue\ {\isacharparenleft}Queue\ xs\ {\isacharparenleft}y\ {\isacharhash}\ ys{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}y{\isacharcomma}\ Queue\ xs\ ys{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isacharbar}\ {\isachardoublequoteopen}strict{\isacharunderscore}dequeue\ {\isacharparenleft}Queue\ xs\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\ {\isacharequal}\isanewline

 \ \ \ \ \ \ {\isacharparenleft}case\ rev\ xs\ of\ y\ {\isacharhash}\ ys\ {\isasymRightarrow}\ {\isacharparenleft}y{\isacharcomma}\ Queue\ {\isacharbrackleft}{\isacharbrackright}\ ys{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent In the corresponding code, there is no equation

   for the pattern \isa{Queue\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharbrackleft}{\isacharbrackright}}:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}strict{\char95}dequeue ::~forall a. Queue a -> (a, Queue a);\\

 \hspace*{0pt}strict{\char95}dequeue (Queue xs (y :~ys)) = (y, Queue xs ys);\\

 \hspace*{0pt}strict{\char95}dequeue (Queue xs []) =\\

 \hspace*{0pt} ~let {\char123}\\

 \hspace*{0pt} ~~~(y :~ys) = rev xs;\\

 \hspace*{0pt} ~{\char125}~in (y, Queue [] ys);%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent In some cases it is desirable to have this

   pseudo-\qt{partiality} more explicitly, e.g.~as follows:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{axiomatization}\isamarkupfalse%

 \ empty{\isacharunderscore}queue\ {\isacharcolon}{\isacharcolon}\ {\isacharprime}a\isanewline

 \isanewline

 \isacommand{function}\isamarkupfalse%

 \ strict{\isacharunderscore}dequeue{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ queue\ {\isasymRightarrow}\ {\isacharprime}a\ {\isasymtimes}\ {\isacharprime}a\ queue{\isachardoublequoteclose}\ \isakeyword{where}\isanewline

 \ \ {\isachardoublequoteopen}strict{\isacharunderscore}dequeue{\isacharprime}\ {\isacharparenleft}Queue\ xs\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}if\ xs\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}\ then\ empty{\isacharunderscore}queue\isanewline

 \ \ \ \ \ else\ strict{\isacharunderscore}dequeue{\isacharprime}\ {\isacharparenleft}Queue\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharparenleft}rev\ xs{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \ \ {\isacharbar}\ {\isachardoublequoteopen}strict{\isacharunderscore}dequeue{\isacharprime}\ {\isacharparenleft}Queue\ xs\ {\isacharparenleft}y\ {\isacharhash}\ ys{\isacharparenright}{\isacharparenright}\ {\isacharequal}\isanewline

 \ \ \ \ \ \ \ {\isacharparenleft}y{\isacharcomma}\ Queue\ xs\ ys{\isacharparenright}{\isachardoublequoteclose}\isanewline

 \isacommand{by}\isamarkupfalse%

 \ pat{\isacharunderscore}completeness\ auto\isanewline

 \isanewline

 \isacommand{termination}\isamarkupfalse%

 \ strict{\isacharunderscore}dequeue{\isacharprime}\isanewline

 \isacommand{by}\isamarkupfalse%

 \ {\isacharparenleft}relation\ {\isachardoublequoteopen}measure\ {\isacharparenleft}{\isasymlambda}q{\isacharcolon}{\isacharcolon}{\isacharprime}a\ queue{\isachardot}\ case\ q\ of\ Queue\ xs\ ys\ {\isasymRightarrow}\ length\ xs{\isacharparenright}{\isachardoublequoteclose}{\isacharparenright}\ simp{\isacharunderscore}all%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent For technical reasons the definition of

   \isa{strict{\isacharunderscore}dequeue{\isacharprime}} is more involved since it requires

   a manual termination proof.  Apart from that observe that

   on the right hand side of its first equation the constant

   \isa{empty{\isacharunderscore}queue} occurs which is unspecified.

   Normally, if constants without any defining equations occur in

   a program, the code generator complains (since in most cases

   this is not what the user expects).  But such constants can also

   be thought of as function definitions with no equations which

   always fail, since there is never a successful pattern match

   on the left hand side.  In order to categorise a constant into

   that category explicitly, use \hyperlink{command.code-abort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}}:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 \isacommand{code{\isacharunderscore}abort}\isamarkupfalse%

 \ empty{\isacharunderscore}queue%

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent Then the code generator will just insert an error or

   exception at the appropriate position:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \isatagquote

 %

 \begin{isamarkuptext}%

 \isaverbatim%

 \noindent%

 \hspace*{0pt}empty{\char95}queue ::~forall a. a;\\

 \hspace*{0pt}empty{\char95}queue = error {\char34}empty{\char95}queue{\char34};\\

 \hspace*{0pt}\\

 \hspace*{0pt}strict{\char95}dequeue' ::~forall a. Queue a -> (a, Queue a);\\

 \hspace*{0pt}strict{\char95}dequeue' (Queue xs []) =\\

 \hspace*{0pt} ~(if nulla xs then empty{\char95}queue else strict{\char95}dequeue' (Queue [] (rev xs)));\\

 \hspace*{0pt}strict{\char95}dequeue' (Queue xs (y :~ys)) = (y, Queue xs ys);%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \endisatagquote

 {\isafoldquote}%

 %

 \isadelimquote

 %

 \endisadelimquote

 %

 \begin{isamarkuptext}%

 \noindent This feature however is rarely needed in practice.

   Note also that the \isa{HOL} default setup already declares

   \isa{undefined} as \hyperlink{command.code-abort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}}, which is most

   likely to be used in such situations.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \isatagtheory

 \isacommand{end}\isamarkupfalse%

 %

 \endisatagtheory

 {\isafoldtheory}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 \isanewline

 \ \end{isabellebody}%

 %%% Local Variables:

 %%% mode: latex

 %%% TeX-master: "root"

 %%% End: