Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
C
cpdt
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
research
cpdt
Commits
e4004e1a
Commit
e4004e1a
authored
Dec 09, 2010
by
Adam Chlipala
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Spelling errors found preparing JFR paper
parent
9864c6c0
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
7 additions
and
7 deletions
+7
-7
DataStruct.v
src/DataStruct.v
+1
-1
Equality.v
src/Equality.v
+2
-2
MoreDep.v
src/MoreDep.v
+4
-4
No files found.
src/DataStruct.v
View file @
e4004e1a
...
...
@@ -783,7 +783,7 @@ Fixpoint cfold t (e : exp' t) : exp' t :=
end
.
(
*
begin
thide
*
)
(
**
To
prove
our
final
correctness
theorem
,
it
is
useful
to
know
that
[
cfoldCond
]
preserves
expression
meanings
.
This
lemma
formalizes
that
property
.
The
proof
is
a
standard
mostly
-
automated
one
,
with
the
only
wrinkle
being
a
guided
instantation
of
the
quantifiers
in
the
induction
hypothesis
.
*
)
(
**
To
prove
our
final
correctness
theorem
,
it
is
useful
to
know
that
[
cfoldCond
]
preserves
expression
meanings
.
This
lemma
formalizes
that
property
.
The
proof
is
a
standard
mostly
-
automated
one
,
with
the
only
wrinkle
being
a
guided
instant
i
ation
of
the
quantifiers
in
the
induction
hypothesis
.
*
)
Lemma
cfoldCond_correct
:
forall
t
(
default
:
exp
'
t
)
n
(
tests
:
ffin
n
->
exp
'
Bool
)
(
bodies
:
ffin
n
->
exp
'
t
)
,
...
...
src/Equality.v
View file @
e4004e1a
...
...
@@ -80,7 +80,7 @@ Theorem reduce_me : pred' 1 = 0.
]]
The
final
reduction
rule
is
zeta
,
which
replaces
a
[
let
]
expression
by
its
body
with
the
appropriate
term
subsituted
.
*
)
The
final
reduction
rule
is
zeta
,
which
replaces
a
[
let
]
expression
by
its
body
with
the
appropriate
term
subs
t
ituted
.
*
)
cbv
zeta
.
(
**
[[
...
...
@@ -297,7 +297,7 @@ The term "refl_equal x'" has type "x' = x'" while it is expected to have type
]]
The
type
error
comes
from
our
[
return
]
annotation
.
In
that
annotation
,
the
[
as
]
-
bound
variable
[
pf
'
]
has
type
[
x
=
x
'
]
,
refering
to
the
[
in
]
-
bound
variable
[
x
'
]
.
To
do
a
dependent
[
match
]
,
we
%
\
textit
{%
#
<
i
>
#
must
#
</
i
>
#
%}%
choose
a
fresh
name
for
the
second
argument
of
[
eq
]
.
We
are
just
as
constrained
to
use
the
%
``
%
#
"#real#"
#
%
''
%
value
[
x
]
for
the
first
argument
.
Thus
,
within
the
[
return
]
clause
,
the
proof
we
are
matching
on
%
\
textit
{%
#
<
i
>
#
must
#
</
i
>
#
%}%
equate
two
non
-
matching
terms
,
which
makes
it
impossible
to
equate
that
proof
with
reflexivity
.
The
type
error
comes
from
our
[
return
]
annotation
.
In
that
annotation
,
the
[
as
]
-
bound
variable
[
pf
'
]
has
type
[
x
=
x
'
]
,
refer
r
ing
to
the
[
in
]
-
bound
variable
[
x
'
]
.
To
do
a
dependent
[
match
]
,
we
%
\
textit
{%
#
<
i
>
#
must
#
</
i
>
#
%}%
choose
a
fresh
name
for
the
second
argument
of
[
eq
]
.
We
are
just
as
constrained
to
use
the
%
``
%
#
"#real#"
#
%
''
%
value
[
x
]
for
the
first
argument
.
Thus
,
within
the
[
return
]
clause
,
the
proof
we
are
matching
on
%
\
textit
{%
#
<
i
>
#
must
#
</
i
>
#
%}%
equate
two
non
-
matching
terms
,
which
makes
it
impossible
to
equate
that
proof
with
reflexivity
.
Nonetheless
,
it
turns
out
that
,
with
one
catch
,
we
%
\
textit
{%
#
<
i
>
#
can
#
</
i
>
#
%}%
prove
this
lemma
.
*
)
...
...
src/MoreDep.v
View file @
e4004e1a
...
...
@@ -164,7 +164,7 @@ End ilist.
(
**
*
A
Tagless
Interpreter
*
)
(
**
A
favorite
example
for
motivating
the
power
of
functional
programming
is
implementation
of
a
simple
expression
language
interpreter
.
In
ML
and
Haskell
,
such
interpreters
are
often
implemented
using
an
algebraic
datatype
of
values
,
where
at
many
points
it
is
checked
that
a
value
was
built
with
the
right
constructor
of
the
value
type
.
With
dependent
types
,
we
can
implement
a
%
\
textit
{%
#
<
i
>
#
tagless
#
</
i
>
#
%}%
interpreter
that
both
removes
this
source
of
runtime
ineffiency
and
gives
us
more
confidence
that
our
implementation
is
correct
.
*
)
(
**
A
favorite
example
for
motivating
the
power
of
functional
programming
is
implementation
of
a
simple
expression
language
interpreter
.
In
ML
and
Haskell
,
such
interpreters
are
often
implemented
using
an
algebraic
datatype
of
values
,
where
at
many
points
it
is
checked
that
a
value
was
built
with
the
right
constructor
of
the
value
type
.
With
dependent
types
,
we
can
implement
a
%
\
textit
{%
#
<
i
>
#
tagless
#
</
i
>
#
%}%
interpreter
that
both
removes
this
source
of
runtime
ineffi
ci
ency
and
gives
us
more
confidence
that
our
implementation
is
correct
.
*
)
Inductive
type
:
Set
:=
|
Nat
:
type
...
...
@@ -584,7 +584,7 @@ Section insert.
|
Black
=>
{
c
'
:
color
&
rbtree
c
'
n
}
end
.
(
**
That
is
,
inserting
into
a
tree
with
root
color
[
c
]
and
black
depth
[
n
]
,
the
variety
of
tree
we
get
out
depends
on
[
c
]
.
If
we
started
with
a
red
root
,
then
we
get
back
a
possibly
-
invalid
tree
of
depth
[
n
]
.
If
we
started
with
a
black
root
,
we
get
back
a
valid
tree
of
depth
[
n
]
with
a
root
node
of
an
arbitary
color
.
(
**
That
is
,
inserting
into
a
tree
with
root
color
[
c
]
and
black
depth
[
n
]
,
the
variety
of
tree
we
get
out
depends
on
[
c
]
.
If
we
started
with
a
red
root
,
then
we
get
back
a
possibly
-
invalid
tree
of
depth
[
n
]
.
If
we
started
with
a
black
root
,
we
get
back
a
valid
tree
of
depth
[
n
]
with
a
root
node
of
an
arbit
r
ary
color
.
Here
is
the
definition
of
[
ins
]
.
Again
,
we
do
not
want
to
dwell
on
the
functional
details
.
*
)
...
...
@@ -609,7 +609,7 @@ Section insert.
end
(
ins
b
)
end
.
(
**
The
one
new
trick
is
a
variation
of
the
convoy
pattern
.
In
each
of
the
last
two
pattern
matches
,
we
want
to
take
advantage
of
the
typing
connection
between
the
trees
[
a
]
and
[
b
]
.
We
might
naively
apply
the
convoy
pattern
directly
on
[
a
]
in
the
first
[
match
]
and
on
[
b
]
in
the
second
.
This
satis
i
fies
the
type
checker
per
se
,
but
it
does
not
satisfy
the
termination
checker
.
Inside
each
[
match
]
,
we
would
be
calling
[
ins
]
recursively
on
a
locally
-
bound
variable
.
The
termination
checker
is
not
smart
enough
to
trace
the
dataflow
into
that
variable
,
so
the
checker
does
not
know
that
this
recursive
argument
is
smaller
than
the
original
argument
.
We
make
this
fact
clearer
by
applying
the
convoy
pattern
on
%
\
textit
{%
#
<
i
>
#
the
result
of
a
recursive
call
#
</
i
>
#
%}%,
rather
than
just
on
that
call
'
s
argument
.
(
**
The
one
new
trick
is
a
variation
of
the
convoy
pattern
.
In
each
of
the
last
two
pattern
matches
,
we
want
to
take
advantage
of
the
typing
connection
between
the
trees
[
a
]
and
[
b
]
.
We
might
naively
apply
the
convoy
pattern
directly
on
[
a
]
in
the
first
[
match
]
and
on
[
b
]
in
the
second
.
This
satisfies
the
type
checker
per
se
,
but
it
does
not
satisfy
the
termination
checker
.
Inside
each
[
match
]
,
we
would
be
calling
[
ins
]
recursively
on
a
locally
-
bound
variable
.
The
termination
checker
is
not
smart
enough
to
trace
the
dataflow
into
that
variable
,
so
the
checker
does
not
know
that
this
recursive
argument
is
smaller
than
the
original
argument
.
We
make
this
fact
clearer
by
applying
the
convoy
pattern
on
%
\
textit
{%
#
<
i
>
#
the
result
of
a
recursive
call
#
</
i
>
#
%}%,
rather
than
just
on
that
call
'
s
argument
.
Finally
,
we
are
in
the
home
stretch
of
our
effort
to
define
[
insert
]
.
We
just
need
a
few
more
definitions
of
non
-
recursive
functions
.
First
,
we
need
to
give
the
final
characterization
of
[
insert
]
'
s
return
type
.
Inserting
into
a
red
-
rooted
tree
gives
a
black
-
rooted
tree
where
black
depth
has
increased
,
and
inserting
into
a
black
-
rooted
tree
gives
a
tree
where
black
depth
has
stayed
the
same
and
where
the
root
is
an
arbitrary
color
.
*
)
...
...
@@ -797,7 +797,7 @@ Inductive regexp : (string -> Prop) -> Type :=
|
Star
:
forall
P
(
r
:
regexp
P
)
,
regexp
(
star
P
)
.
(
**
Many
theorems
about
strings
are
useful
for
implementing
a
certified
regexp
matcher
,
and
few
of
them
are
in
the
[
Strings
]
library
.
The
book
source
includes
statements
,
proofs
,
and
hint
commands
for
a
handful
of
such
omitt
t
ed
theorems
.
Since
they
are
orthogonal
to
our
use
of
dependent
types
,
we
hide
them
in
the
rendered
versions
of
this
book
.
*
)
(
**
Many
theorems
about
strings
are
useful
for
implementing
a
certified
regexp
matcher
,
and
few
of
them
are
in
the
[
Strings
]
library
.
The
book
source
includes
statements
,
proofs
,
and
hint
commands
for
a
handful
of
such
omitted
theorems
.
Since
they
are
orthogonal
to
our
use
of
dependent
types
,
we
hide
them
in
the
rendered
versions
of
this
book
.
*
)
(
*
begin
hide
*
)
Open
Scope
specif_scope
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment