Skip to content

C
cpdt
Commit 55ffec41 authored by Adam Chlipala's avatar Adam Chlipala
Browse files
Options

Commentary on cond example

parent 3a9f31ab
Show whitespace changes
Inline Side-by-side
Showing with 38 additions and 19 deletions
src/DataStruct.v
View file @ 55ffec41
...@@ -575,25 +575,31 @@ Qed. ...@@ -575,25 +575,31 @@ Qed.
(** ** Another Interpreter Example *) (** ** Another Interpreter Example *)
Inductive type' : Type := (** We develop another example of variable-arity constructors, in the form of optimization of a small expression language with a construct like Scheme's %\texttt{%#<tt>#cond#</tt>#%}%. Each of our conditional expressions takes a list of pairs of boolean tests and bodies. The value of the conditional comes from the body of the first test in the list to evaluate to [true]. To simplify the interpreter we will write, we force each conditional to include a final, default case. *)
| Nat' : type'
| Bool' : type'. Inductive type' : Type := Nat | Bool.
Inductive exp' : type' -> Type := Inductive exp' : type' -> Type :=
| NConst : nat -> exp' Nat' | NConst : nat -> exp' Nat
| Plus : exp' Nat' -> exp' Nat' -> exp' Nat' | Plus : exp' Nat -> exp' Nat -> exp' Nat
| Eq : exp' Nat' -> exp' Nat' -> exp' Bool' | Eq : exp' Nat -> exp' Nat -> exp' Bool
| BConst : bool -> exp' Bool' | BConst : bool -> exp' Bool
| Cond : forall n t, (findex n -> exp' Bool') | Cond : forall n t, (findex n -> exp' Bool)
-> (findex n -> exp' t) -> exp' t -> exp' t. -> (findex n -> exp' t) -> exp' t -> exp' t.
(** A [Cond] is parameterized by a natural [n], which tells us how many cases this conditional has. The test expressions are represented with a function of type [findex n -> exp' Bool], and the bodies are represented with a function of type [findex n -> exp' t], where [t] is the overall type. The final [exp' t] argument is the default case.
We start implementing our interpreter with a standard type denotation function. *)
Definition type'Denote (t : type') : Set := Definition type'Denote (t : type') : Set :=
match t with match t with
| Nat' => nat | Nat => nat
| Bool' => bool | Bool => bool
end. end.
(** To implement the expression interpreter, it is useful to have the following function that implements the functionality of [Cond] without involving any syntax. *)
Section cond. Section cond.
Variable A : Set. Variable A : Set.
Variable default : A. Variable default : A.
...@@ -612,6 +618,8 @@ End cond. ...@@ -612,6 +618,8 @@ End cond.
Implicit Arguments cond [A n]. Implicit Arguments cond [A n].
(** Now the expression interpreter is straightforward to write. *)
Fixpoint exp'Denote t (e : exp' t) {struct e} : type'Denote t := Fixpoint exp'Denote t (e : exp' t) {struct e} : type'Denote t :=
match e in exp' t return type'Denote t with match e in exp' t return type'Denote t with
| NConst n => | NConst n =>
...@@ -630,12 +638,15 @@ Fixpoint exp'Denote t (e : exp' t) {struct e} : type'Denote t := ...@@ -630,12 +638,15 @@ Fixpoint exp'Denote t (e : exp' t) {struct e} : type'Denote t :=
(fun idx => exp'Denote (bodies idx)) (fun idx => exp'Denote (bodies idx))
end. end.
(** We will implement a constant-folding function that optimizes conditionals, removing cases with known-[false] tests and cases that come after known-[true] tests. A function [cfoldCond] implements the heart of this logic. The convoy pattern is used again near the end of the implementation. *)
Section cfoldCond. Section cfoldCond.
Variable t : type'. Variable t : type'.
Variable default : exp' t. Variable default : exp' t.
Fixpoint cfoldCond (n : nat) : (findex n -> exp' Bool') -> (findex n -> exp' t) -> exp' t := Fixpoint cfoldCond (n : nat)
match n return (findex n -> exp' Bool') -> (findex n -> exp' t) -> exp' t with : (findex n -> exp' Bool) -> (findex n -> exp' t) -> exp' t :=
match n return (findex n -> exp' Bool) -> (findex n -> exp' t) -> exp' t with
| O => fun _ _ => default | O => fun _ _ => default
| S n' => fun tests bodies => | S n' => fun tests bodies =>
match tests None with match tests None with
...@@ -647,12 +658,12 @@ Section cfoldCond. ...@@ -647,12 +658,12 @@ Section cfoldCond.
let e := cfoldCond n' let e := cfoldCond n'
(fun idx => tests (Some idx)) (fun idx => tests (Some idx))
(fun idx => bodies (Some idx)) in (fun idx => bodies (Some idx)) in
match e in exp' t return exp' Bool' -> exp' t -> exp' t with match e in exp' t return exp' t -> exp' t with
| Cond n _ tests' bodies' default' => fun test body => | Cond n _ tests' bodies' default' => fun body =>
Cond Cond
(S n) (S n)
(fun idx => match idx with (fun idx => match idx with
| None => test | None => tests None
| Some idx => tests' idx | Some idx => tests' idx
end) end)
(fun idx => match idx with (fun idx => match idx with
...@@ -660,19 +671,21 @@ Section cfoldCond. ...@@ -660,19 +671,21 @@ Section cfoldCond.
| Some idx => bodies' idx | Some idx => bodies' idx
end) end)
default' default'
| e => fun test body => | e => fun body =>
Cond Cond
1 1
(fun _ => test) (fun _ => tests None)
(fun _ => body) (fun _ => body)
e e
end (tests None) (bodies None) end (bodies None)
end end
end. end.
End cfoldCond. End cfoldCond.
Implicit Arguments cfoldCond [t n]. Implicit Arguments cfoldCond [t n].
(** Like for the interpreters, most of the action was in this helper function, and [cfold] itself is easy to write. *)
Fixpoint cfold t (e : exp' t) {struct e} : exp' t := Fixpoint cfold t (e : exp' t) {struct e} : exp' t :=
match e in exp' t return exp' t with match e in exp' t return exp' t with
| NConst n => NConst n | NConst n => NConst n
...@@ -699,8 +712,10 @@ Fixpoint cfold t (e : exp' t) {struct e} : exp' t := ...@@ -699,8 +712,10 @@ Fixpoint cfold t (e : exp' t) {struct e} : exp' t :=
(fun idx => cfold (bodies idx)) (fun idx => cfold (bodies idx))
end. end.
(** To prove our final correctness theorem, it is useful to know that [cfoldCond] preserves expression meanings. This lemma formalizes that property. The proof is a standard mostly-automated one, with the only wrinkle being a guided instantation of the quantifiers in the induction hypothesis. *)
Lemma cfoldCond_correct : forall t (default : exp' t) Lemma cfoldCond_correct : forall t (default : exp' t)
n (tests : findex n -> exp' Bool') (bodies : findex n -> exp' t), n (tests : findex n -> exp' Bool) (bodies : findex n -> exp' t),
exp'Denote (cfoldCond default tests bodies) exp'Denote (cfoldCond default tests bodies)
= exp'Denote (Cond n tests bodies default). = exp'Denote (Cond n tests bodies default).
induction n; crush; induction n; crush;
...@@ -721,6 +736,8 @@ Lemma cfoldCond_correct : forall t (default : exp' t) ...@@ -721,6 +736,8 @@ Lemma cfoldCond_correct : forall t (default : exp' t)
end; crush). end; crush).
Qed. Qed.
(** It is also useful to know that the result of a call to [cond] is not changed by substituting new tests and bodies functions, so long as the new functions have the same input-output behavior as the old. It turns out that, in Coq, it is not possible to prove in general that functions related in this way are equal. We treat this issue with our discussion of axioms in a later chapter. For now, it suffices to prove that the particular function [cond] is %\textit{%#<i>#extensional#</i>#%}%; that is, it is unaffected by substitution of functions with input-output equivalents. *)
Lemma cond_ext : forall (A : Set) (default : A) n (tests tests' : findex n -> bool) Lemma cond_ext : forall (A : Set) (default : A) n (tests tests' : findex n -> bool)
(bodies bodies' : findex n -> A), (bodies bodies' : findex n -> A),
(forall idx, tests idx = tests' idx) (forall idx, tests idx = tests' idx)
...@@ -733,6 +750,8 @@ Lemma cond_ext : forall (A : Set) (default : A) n (tests tests' : findex n -> bo ...@@ -733,6 +750,8 @@ Lemma cond_ext : forall (A : Set) (default : A) n (tests tests' : findex n -> bo
end; crush. end; crush.
Qed. Qed.
(** Now the final theorem is easy to prove. We add our two lemmas as hints and perform standard automation with pattern-matching of subterms to destruct. *)
Theorem cfold_correct : forall t (e : exp' t), Theorem cfold_correct : forall t (e : exp' t),
exp'Denote (cfold e) = exp'Denote e. exp'Denote (cfold e) = exp'Denote e.
Hint Rewrite cfoldCond_correct : cpdt. Hint Rewrite cfoldCond_correct : cpdt.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment