| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] | 
avram ThinksThe definitions in the standard silly library pertaining to the
basic properties of the operator can provide a good intuitive
illustration of how computations are performed by avram.  This
task is approached in the guise of a few trivial correctness proofs
about them. Conveniently, as an infeasibly small language, silly
is an ideal candidate for analysis by formal methods.
Technically the semantic function [[…]] has not been defined on
identifiers, but we can easily extend it to them by stipulating that the
meaning of an identifier x is the meaning of the program
main = x when linked with a library containing the
declaration of x, where main is an identifier
not appearing elsewhere in the library.
With this idea in mind, the following “theorems” can be stated,
all of which have a similar proof. The variables x and y
stand for any tree, and the variable f stands for any tree other
than nil.
[[identity]] x = x
[[left]] (x,y) = x
[[right]] (x,y) = y
[[meta]] (f,x) = f (f,x)
[[constant_nil]] x = nil
Replacing each identifier with its defining expression directly demonstrates a logical equivalence between the relevant theorem and one of the basic operator properties postulated in A Minimal Set of Properties.
For more of a challenge, it is possible to prove the next theorem.
For non-nil f and g,
([[couple]] (f,g)) x =
(f x,g x)
The proof is a routine calculation. Beware of the distinction between
the mathematical nil and the silly identifier nil.
Something to observe about this proof is that it might just as well have
been done automatically. Every step is either the substitution of an
identifier or a pattern match against existing theorems and properties
of the operator. Another thing to note is that the use of identifiers
and previously established theorems helps to make the proof human
readable, but is not a logical necessity. An equivalent proof could have
been expressed entirely in terms of the properties of the operator. If
one envisions a proof like this being performed blindly and
mechanically, without the running commentary or other amenities, that
would not be a bad way of thinking about what takes place when
avram executes virtual code.
Three more theorems have similar proofs. For non-nil
trees p, f and g, and any trees
x and k:
([[compose]] (f,g)) x = f g x
([[constant]] k) x = k
([[conditional]] (p,(f,g)) x =
f x if
p x  is non-nil,
but g x if p x = nil
The proofs of these theorems are routine calculations analogous to the proof of T6. Here is a proof of theorem T7 for good measure.
by substitution of compose with its definition in the standard library
| = ( | 
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] | 
 
  This document was generated on December 10, 2012 using texi2html 1.82.