-
Notifications
You must be signed in to change notification settings - Fork 87
/
Copy pathBatchedQueueScript.sml
91 lines (73 loc) · 2.06 KB
/
BatchedQueueScript.sml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
(*
This is an example of applying the translator to the Batched Queue
algorithm from Chris Okasaki's book.
*)
open HolKernel Parse boolLib bossLib; val _ = new_theory "BatchedQueue";
open listTheory arithmeticTheory ml_translatorLib ListProgTheory;
val _ = translation_extends "ListProg";
(* implementation *)
Datatype:
queue = QUEUE ('a list) ('a list)
End
Definition empty_def:
empty = QUEUE [] []
End
val r = translate empty_def;
Definition is_empty_def:
(is_empty (QUEUE [] xs) = T) /\
(is_empty _ = F)
End
val r = translate is_empty_def;
Definition checkf_def:
(checkf (QUEUE [] xs) = QUEUE (REVERSE xs) []) /\
(checkf q = q)
End
val r = translate checkf_def;
Definition snoc_def:
snoc (QUEUE f r) x = checkf (QUEUE f (x::r))
End
val r = translate snoc_def;
Definition head_def:
head (QUEUE (x::f) r) = x
End
val r = translate head_def;
Definition tail_def:
tail (QUEUE (x::f) r) = checkf (QUEUE f r)
End
val r = translate tail_def;
(* verification proof *)
Definition queue_inv_def:
queue_inv q (QUEUE xs ys) <=>
(q = xs ++ REVERSE ys) /\ ((xs = []) ==> (ys = []))
End
Triviality empty_thm:
!xs. queue_inv xs empty = (xs = [])
Proof
EVAL_TAC THEN SIMP_TAC std_ss []
QED
Triviality is_empty_thm:
!q xs. queue_inv xs q ==> (is_empty q = (xs = []))
Proof
Cases THEN Cases_on `l` THEN EVAL_TAC THEN SRW_TAC [] [REV_DEF]
QED
Triviality snoc_thm:
!q xs x. queue_inv xs q ==> queue_inv (xs ++ [x]) (snoc q x)
Proof
Cases THEN Cases_on `l` THEN FULL_SIMP_TAC (srw_ss())
[queue_inv_def,snoc_def,REVERSE_DEF,checkf_def,APPEND]
QED
Triviality head_thm:
!q x xs. queue_inv (x::xs) q ==> (head q = x)
Proof
Cases THEN Cases_on `l` THEN FULL_SIMP_TAC (srw_ss())
[queue_inv_def,head_def,REVERSE_DEF,checkf_def,APPEND]
THEN REPEAT STRIP_TAC THEN FULL_SIMP_TAC (srw_ss()) []
QED
Triviality tail_thm:
!q x xs. queue_inv (x::xs) q ==> queue_inv xs (tail q)
Proof
Cases THEN Cases_on `l` THEN EVAL_TAC THEN SRW_TAC [] []
THEN TRY (Cases_on `t`) THEN EVAL_TAC
THEN FULL_SIMP_TAC (srw_ss()) [REVERSE_DEF,REV_DEF]
QED
val _ = export_theory();