2

Given I have a very simple definition for code generation. It is only defined for certain cases and throws a runtime exception otherwise.

definition "blubb a = (if P a then True else undefined)"

Now I want to show blubb correct. The case in which the exception is thrown should be ignored (from my point of view, not the mathematical point of view). However, I end up with a subgoal that assumes that some arbitrary value X is undefined. The following lemma is more or less equivalent to the subgoal. I want to show False as I want to ignore the case in which the exception is thrown (i.e., undefined is returned).

lemma "X = undefined ⟹ False"

This is not provable.

  try

Nitpick found a counterexample for card 'a = 1:
 Free variable:
  X = a1

What is the best way to show correctness of functions that might throw exceptions or deal with undefined? This relates to this question.

Community
  • 1
  • 1
corny
  • 7,824
  • 3
  • 14
  • 20
  • What exactly do you mean by showing `blubb` correct? For me that would just be `P a ==> blubb`, which is trivial with the given definition. – chris Mar 20 '13 at 02:41
  • `blubb` is just an example. For example, `blubb a` could be an efficient algorithm to calculate `distinct a` faster than the default implementation, but is just defined for sorted lists (bad example) .... – corny Mar 20 '13 at 13:11

1 Answers1

2

undefined is a constant in Isabelle which you don't know anything about. In particular, you can not in general prove that X ≠ undefined.

If you want to write functions that are only valid for certain inputs, you might consider using the 'a option type, as follows:

definition "blubb a ≡ (if P a then Some True else None)"

and then in your proofs assume that blubb a is defined as follows:

lemma "∃x. blubb a = Some x ⟹ Q (blubb a)"
  ...

or simply:

lemma "a ∈ dom blubb ⟹ Q (blubb a)"
  ...

The value of blubb a can then be extracted using the (blubb a).

davidg
  • 5,868
  • 2
  • 33
  • 51
  • There are cases where it is possible to show that something **is** equal to `undefined`. E.g., above `~ P a ==> blubb a = undefined` would work. Showing that some `X` is **not** equal to `undefined` will never work (since `undefined` is an arbitrary inhabitant of the type of `X`, and thus **could** indeed be `X`; this kind of construction works, since every type in `HOL` is inhabited). – chris Mar 20 '13 at 02:48
  • 1
    What if I'm really interested in the code generation and do not want an option type but an exception thrown instead of `None`? – corny Mar 20 '13 at 13:13
  • Why not just get the value of the option in your code? That would throw an exception if it is `None`. – Martin Ring Jan 13 '14 at 15:39