| | Who Cites while? |
|
| while | Def (M |= x,tr.P(x;tr) while Q(x;tr))
== (M |= x,x',tr,tr'.P(x;tr)   Q(x;tr) Q(x';tr') P(x';tr')) |
| | | Thm*  M:sm{i:l}(), P,Q:(M.state  (M.action List)Prop). (M |= x,tr.P(x,tr) while Q(x,tr))  Prop |
|
| tla |
Def (M |= x,x',tr,tr'.R(x;x';tr;tr'))
== x,x':M.state, tr:M.action List, a:M.action.
(M -tr- > x) M.trans(x,a,x') R(x;x';tr;tr @ [a]) |
| | | Thm* M:sm{i:l}(), R:(M.stateM.state(M.action List)(M.action List)Prop).
(M |= x,x',tr,tr'.R(x,x',tr,tr')) Prop |
|
| append |
Def as @ bs == Case of as; nil  bs ; a.as' [a / (as' @ bs)] (recursive) |
| | |
Thm* T:Type, as,bs:T List. (as @ bs) T List |
|
| reachable_via |
Def (M -tr- > s) ==  s0:M.state. M.init(s0) & trace_reachable(M;s0;tr;s) |
| | | Thm* M:sm{i:l}(), s:M.state, tr:M.action List. (M -tr- > s) Prop |
|
| trace_reachable |
Def trace_reachable(M;s;l;s')
== Case of l
nil s = s' M.state
a.l' x:M.state. M.trans(s,a,x) & trace_reachable(M;x;l';s')
(recursive) |
| | |
Thm* M:sm{i:l}(), l:M.action List, s,s':M.state.
trace_reachable(M;s;l;s') Prop |
|
| sm_trans |
Def t.trans == 2of(2of(2of(t))) |
| | |
Thm* M:sm{i:l}(). M.trans M.stateM.actionM.stateProp |
|
| sm_action |
Def M.action == ( M.da) |
| | | Thm* M:sm{i:l}(). M.action Type |
|
| sm_state |
Def M.state == {M.ds} |
| | | Thm* M:sm{i:l}(). M.state Type |
|
| sm_init |
Def t.init == 1of(2of(2of(t))) |
| | |
Thm* M:sm{i:l}(). M.init M.stateProp |
|
| sm_ds |
Def t.ds == 1of(2of(t)) |
| | |
Thm* t:sm{i:l}(). t.ds Decl |
|
| pi2 |
Def 2of(t) == t.2 |
| | |
Thm* A:Type, B:(AType), p:(a:A B(a)). 2of(p) B(1of(p)) |
|
| sm_da |
Def t.da == 1of(t) |
| | |
Thm* t:sm{i:l}(). t.da Decl |
|
| sigma |
Def (d) == l:Labeldecl_type(d;l) |
| | | Thm* d:Decl. (d) Type |
|
| record |
Def {d} == l:Labeldecl_type(d;l) |
| | | Thm* d:Decl. {d} Type |
|
| pi1 |
Def 1of(t) == t.1 |
| | | Thm* A:Type, B:(AType), p:(a:AB(a)). 1of(p) A |
|
| decl_type |
Def decl_type(d;x) == d(x) |
| | | Thm* dec:Decl, x:Label. decl_type(dec;x) Type |
|
| lbl |
Def Label == {p:Pattern|  ground_ptn(p) } |
| | | Thm* Label Type |
|
| ground_ptn |
Def ground_ptn(p)
== Case(p)
Case ptn_var(v) = >
false
Case ptn_pr( < x, y > ) = >
ground_ptn(x) ground_ptn(y)
Default = > true
(recursive) |
| | |
Thm* p:Pattern. ground_ptn(p)  |
|
| assert |
Def b == if b True else False fi |
| | | Thm* b:. b Prop |
|
| ptn |
Def Pattern == rec(T.ptn_con(T)) |
| | |
Thm* Pattern Type |
|
| case_default |
Def Default = > body(value,value) == body |
|
| band |
Def pq == if p q else false fi |
| | | Thm* p,q:. (pq) |
|
| case_lbl_pair |
Def Case ptn_pr( < x, y > ) = > body(x;y) cont(x1,z)
== InjCase(x1; _. cont(z,z); x2.
InjCase(x2; _. cont(z,z); x2@0. InjCase(x2@0; _. cont(z,z); x2@1. x2@1/x3,x2@2. body(x3;x2@2)))) |
|
| case_ptn_var |
Def Case ptn_var(x) = > body(x) cont(x1,z)
== ( x1.inr(x2) = >
(x1.inr(x2) = >
(x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)])
cont
(hd(x1)
,z))
([x2 / tl(x1)])
cont
(hd(x1)
,z))
([x1]) |
|
| case |
Def Case(value) body == body(value,value) |
|
| ptn_con |
Def ptn_con(T) == Atom+ +Atom+(TT) |
| | | Thm* T:Type. ptn_con(T) Type |
|
| hd |
Def hd(l) == Case of l; nil "?" ; h.t h |
| | |
Thm* A:Type, l:A List. ||l|| 1 hd(l) A |
| | |
Thm* A:Type, l:A List . hd(l) A |
|
| tl |
Def tl(l) == Case of l; nil nil ; h.t t |
| | |
Thm* A:Type, l:A List. tl(l) A List |
|
| case_inl |
Def inl(x) = > body(x) cont(value,contvalue)
== InjCase(value; x. body(x); _. cont(contvalue,contvalue)) |
|
| case_inr |
Def inr(x) = > body(x) cont(value,contvalue)
== InjCase(value; _. cont(contvalue,contvalue); x. body(x)) |
