Mercurial Mercurial > wneuper > isa / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | bz2 | gz | help
example for executable choice
authorhaftmann
Wed, 17 Feb 2010 11:21:47 +0100
changeset 351648e3b8b5f1e96
parent 35163 2e0966d6f951
child 35165 58b9503a7f9a
example for executable choice
src/HOL/ex/Execute_Choice.thy file | annotate | diff | comparison | revisions 
     1.1 --- a/src/HOL/ex/Execute_Choice.thy	Wed Feb 17 10:43:20 2010 +0100
     1.2 +++ b/src/HOL/ex/Execute_Choice.thy	Wed Feb 17 11:21:47 2010 +0100
     1.3 @@ -6,9 +6,18 @@
     1.4  imports Main AssocList
     1.5  begin
     1.6  
     1.7 -definition valuesum :: "('a, 'b :: comm_monoid_add) mapping \<Rightarrow> 'b" where
     1.8 +text {*
     1.9 +  A trivial example:
    1.10 +*}
    1.11 +
    1.12 +definition valuesum :: "('a, 'b :: ab_group_add) mapping \<Rightarrow> 'b" where
    1.13    "valuesum m = (\<Sum>k \<in> Mapping.keys m. the (Mapping.lookup m k))"
    1.14  
    1.15 +text {*
    1.16 +  Not that instead of defining @{term valuesum} with choice, we define it
    1.17 +  directly and derive a description involving choice afterwards:
    1.18 +*}
    1.19 +
    1.20  lemma valuesum_rec:
    1.21    assumes fin: "finite (dom (Mapping.lookup m))"
    1.22    shows "valuesum m = (if Mapping.is_empty m then 0 else
    1.23 @@ -35,30 +44,59 @@
    1.24    then show ?thesis by (simp add: keys_def valuesum_def is_empty_def)
    1.25  qed
    1.26  
    1.27 +text {*
    1.28 +  In the context of the else-branch we can show that the exact choice is
    1.29 +  irrelvant; in practice, finding this point where choice becomes irrelevant is the
    1.30 +  most difficult thing!
    1.31 +*}
    1.32 +
    1.33 +lemma valuesum_choice:
    1.34 +  "finite (Mapping.keys M) \<Longrightarrow> x \<in> Mapping.keys M \<Longrightarrow> y \<in> Mapping.keys M \<Longrightarrow>
    1.35 +    the (Mapping.lookup M x) + valuesum (Mapping.delete x M) =
    1.36 +    the (Mapping.lookup M y) + valuesum (Mapping.delete y M)"
    1.37 +  by (simp add: valuesum_def keys_def setsum_diff)
    1.38 +
    1.39 +text {*
    1.40 +  Given @{text valuesum_rec} as initial description, we stepwise refine it to something executable;
    1.41 +  first, we formally insert the constructor @{term AList} and split the one equation into two,
    1.42 +  where the second one provides the necessary context:
    1.43 +*}
    1.44 +
    1.45  lemma valuesum_rec_AList:
    1.46 -  "valuesum (AList []) = 0"
    1.47 -  "valuesum (AList (x # xs)) = (let l = (SOME l. l \<in> Mapping.keys (AList (x # xs))) in
    1.48 +  shows [code]: "valuesum (AList []) = 0"
    1.49 +  and "valuesum (AList (x # xs)) = (let l = (SOME l. l \<in> Mapping.keys (AList (x # xs))) in
    1.50      the (Mapping.lookup (AList (x # xs)) l) + valuesum (Mapping.delete l (AList (x # xs))))"
    1.51    by (simp_all add: valuesum_rec finite_dom_map_of is_empty_AList)
    1.52  
    1.53 -axioms
    1.54 -  FIXME: "x \<in> A \<Longrightarrow> y \<in> A \<Longrightarrow> C x = C y"
    1.55 +text {*
    1.56 +  As a side effect the precondition disappears (but note this has nothing to do with choice!).
    1.57 +  The first equation deals with the uncritical empty case and can already be used for code generation.
    1.58  
    1.59 -lemma aux: "(SOME l. l \<in> Mapping.keys (AList (x # xs))) = fst (hd (x # xs))"
    1.60 -proof (rule FIXME)
    1.61 -  show "fst (hd (x # xs)) \<in> Mapping.keys (AList (x # xs))"
    1.62 -    by (simp add: keys_AList)
    1.63 -  show "(SOME l. l \<in> Mapping.keys (AList (x # xs))) \<in> Mapping.keys (AList (x # xs))"
    1.64 -    apply (rule someI) apply (simp add: keys_AList) apply auto
    1.65 -    done
    1.66 -qed
    1.67 +  Using @{text valuesum_choice}, we are able to prove an executable version of @{term valuesum}:
    1.68 +*}
    1.69  
    1.70  lemma valuesum_rec_exec [code]:
    1.71 -  "valuesum (AList []) = 0"
    1.72    "valuesum (AList (x # xs)) = (let l = fst (hd (x # xs)) in
    1.73      the (Mapping.lookup (AList (x # xs)) l) + valuesum (Mapping.delete l (AList (x # xs))))"
    1.74 -  by (simp_all add: valuesum_rec_AList aux)
    1.75 +proof -
    1.76 +  let ?M = "AList (x # xs)"
    1.77 +  let ?l1 = "(SOME l. l \<in> Mapping.keys ?M)"
    1.78 +  let ?l2 = "fst (hd (x # xs))"
    1.79 +  have "finite (Mapping.keys ?M)" by (simp add: keys_AList)
    1.80 +  moreover have "?l1 \<in> Mapping.keys ?M"
    1.81 +    by (rule someI) (auto simp add: keys_AList)
    1.82 +  moreover have "?l2 \<in> Mapping.keys ?M"
    1.83 +    by (simp add: keys_AList)
    1.84 +  ultimately have "the (Mapping.lookup ?M ?l1) + valuesum (Mapping.delete ?l1 ?M) =
    1.85 +    the (Mapping.lookup ?M ?l2) + valuesum (Mapping.delete ?l2 ?M)"
    1.86 +    by (rule valuesum_choice)
    1.87 +  then show ?thesis by (simp add: valuesum_rec_AList)
    1.88 +qed
    1.89 +  
    1.90 +text {*
    1.91 +  See how it works:
    1.92 +*}
    1.93  
    1.94 -value "valuesum (AList [(''abc'', (42::nat)), (''def'', 1705)])"
    1.95 +value "valuesum (AList [(''abc'', (42::int)), (''def'', 1705)])"
    1.96  
    1.97  end
wneuper/isa