Datatype Rules: Difference between revisions

From Event-B
Jump to navigationJump to search
imported>Nicolas
imported>Nicolas
Line 55: Line 55:
      
      
The resulting proof step is
The resulting proof step is
  <math>\frac{ d=\operatorname{north} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{north}) \neq x \mapsto y  \qquad  d=east \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{east}) \neq x \mapsto y \qquad  d=south \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{south}) \neq x \mapsto y \qquad  d=west \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{west}) \neq x \mapsto y }{  \;\;\vdash\;\; \operatorname{move}(x \mapsto y \mapsto d) \neq x \mapsto y }</math>
  <math>\frac{ d=\operatorname{north} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{north}) \neq x \mapsto y  \qquad  d=\operatorname{east} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{east}) \neq x \mapsto y \qquad  d=\operatorname{south} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{south}) \neq x \mapsto y \qquad  d=\operatorname{west} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{west}) \neq x \mapsto y }{  \;\;\vdash\;\; \operatorname{move}(x \mapsto y \mapsto d) \neq x \mapsto y }</math>


further simplifications depend on the existence of rules about move and the various directions.
further simplifications depend on the existence of rules about move and the various directions.

Revision as of 16:49, 6 September 2010

Datatype rules may seem a bit difficult to understand at first sight. Here are a few examples intended to make them clearer.

Datatypes used

The rules will be applied to the following datatypes:

Directions:

direction ::=
    north
  | east
  | south
  | west

Let us have a function

\operatorname{move} \in \Z \cprod \Z \cprod \operatorname{direction} \tfun \Z \cprod \Z 

first two arguments are a start position, third is a direction, result is the end position.


Lists:

list(T) ::=
    nil
  | cons( head : T, tail : list(T) )

Let us have a predicate

\operatorname{member}(T, list(T))

meaning that the first argument is a member of the list.


Trees:

tree(T) ::=
  empty
| node( left : tree(T), value : T, right : tree(T) )


Let us have a function

\operatorname{height} \in \operatorname{Tree} \tfun \N defining the height of a tree

Distinct Case

The rule states

\frac{\textbf{H}, x=c_1(p_{11}, \ldots, p_{1k}) \;\;\vdash \;\; \textbf{G} \qquad \ldots \qquad \textbf{H}, x=c_n(p_{n1}, \ldots, p_{nl}) \;\;\vdash \;\; \textbf{G} }{ \textbf{H} \;\;\vdash\;\; \textbf{G} }


Application to directions

Starting from goal

\forall x,y,d \qdot \operatorname{move}(x \mapsto y \mapsto d) \neq x \mapsto y

we can free variables x,y,d then apply Distinct Case:

The resulting proof step is

\frac{ d=\operatorname{north} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{north}) \neq x \mapsto y  \qquad  d=\operatorname{east} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{east}) \neq x \mapsto y \qquad  d=\operatorname{south} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{south}) \neq x \mapsto y \qquad  d=\operatorname{west} \;\vdash \; \operatorname{move}(x \mapsto y \mapsto \operatorname{west}) \neq x \mapsto y }{  \;\;\vdash\;\; \operatorname{move}(x \mapsto y \mapsto d) \neq x \mapsto y }

further simplifications depend on the existence of rules about move and the various directions.

Application to lists

TODO

!l oftype list(\Z). #x. member(x,l) & (!y. member(y,l) => y <= x)

evidence that nil list has been forgotten in the predicate

Application to trees

TODO

!l,v,r. t = node(l,v,r) => height(l) < height(t)

Induction

TODO