afp-mirror
/
Featherweight_OCL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Import of Featherweight OCL release afp-Featherweight_OCL-2014-01-16 (Isabelle 2013-2).

This commit is contained in:
Achim D. Brucker 2016-08-10 11:04:45 +01:00
parent 3093cb19c3
commit 70a24eef96
25 changed files with 13882 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1519
OCL_core.thy Normal file
View File

File diff suppressed because it is too large Load Diff

3172
OCL_lib.thy Normal file
View File

File diff suppressed because it is too large Load Diff

57
OCL_main.thy Normal file
View File

@ -0,0 +1,57 @@
(*****************************************************************************
* Featherweight-OCL --- A Formal Semantics for UML-OCL Version OCL 2.4
* for the OMG Standard.
* http://www.brucker.ch/projects/hol-testgen/
*
* OCL_main.thy ---
* This file is part of HOL-TestGen.
*
* Copyright (c) 2012-2013 Université Paris-Sud, France
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
******************************************************************************)
theory OCL_main
imports OCL_lib OCL_state OCL_tools
begin
end

1054
OCL_state.thy Normal file
View File

File diff suppressed because it is too large Load Diff

46
OCL_tools.thy Normal file
View File

@ -0,0 +1,46 @@
(*****************************************************************************
* Featherweight-OCL --- A Formal Semantics for UML-OCL Version OCL 2.4
* for the OMG Standard.
* http://www.brucker.ch/projects/hol-testgen/
*
* OCL_tools.thy ---
* This file is part of HOL-TestGen.
*
* Copyright (c) 2012 Université Paris-Sud, France
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
******************************************************************************)
theory OCL_tools
imports OCL_core
begin
end

24
ROOT Normal file
View File

@ -0,0 +1,24 @@
chapter AFP
session Featherweight_OCL (AFP) = HOL +
description {* Featherweight-OCL *}
options [document = pdf, document_variants="document:outline=/proof,/ML"]
theories
"OCL_main"
"examples/Employee_AnalysisModel_OCLPart"
"examples/Employee_DesignModel_OCLPart"
files
"document/conclusion.tex"
"document/formalization.tex"
"document/hol-ocl-isar.sty"
"document/introduction.tex"
"document/lstisar.sty"
"document/prooftree.sty"
"document/root.bib"
"document/root.tex"
"document/figures/AbstractSimpleChair.pdf"
"document/figures/jedit.png"
"document/figures/pdf.png"
"document/figures/person.png"
"document/figures/pre-post.pdf"

9
config Normal file
View File

@ -0,0 +1,9 @@
# -*- shell-script -*-
# Get email when automated build fails. May be empty.
# values: "email1 email2 .. emailn"
NOTIFY="brucker@spamfence.net wolff@lri.fr frederic.tuong@lri.fr"
# Participate in frequent (nightly) build (only for small submissions)
# values: "yes" "no"
FREQUENT="yes"

187
document/conclusion.tex Normal file
View File

@ -0,0 +1,187 @@
\part{Conclusion}
\chapter{Conclusion}
\section{Lessons Learned and Contributions}
We provided a typed and type-safe shallow embedding of the core of
UML~\cite{omg:uml-infrastructure:2011,omg:uml-superstructure:2011} and
OCL~\cite{omg:ocl:2012}. Shallow embedding means that types of OCL
were injectively, \ie, mapped by the embedding one-to-one to types in
Isabelle/HOL~\cite{nipkow.ea:isabelle:2002}. We followed the usual
methodology to build up the theory uniquely by conservative extensions
of all operators in a denotational style and to derive logical and
algebraic (execution) rules from them; thus, we can guarantee the
logical consistency of the library and instances of the class model
construction, \ie, closed-world object-oriented datatype theories, as
long as it follows the described methodology.\footnote{Our two
examples of \inlineisar+Employee_DesignModel+ (see
\autoref{ex:employee-design}) sketch how this construction can
be captured by an automated process.} Moreover, all derived
execution rules are by construction type-safe (which would be an
issue, if we had chosen to use an object universe construction in
Zermelo-Fraenkel set theory as an alternative approach to subtyping.).
In more detail, our theory gives answers and concrete solutions to a
number of open major issues for the UML/OCL standardization:
\begin{enumerate}
\item the role of the two exception elements \inlineisar+invalid+ and
\inlineisar+null+, the former usually assuming strict evaluation
while the latter ruled by non-strict evaluation.
\item the functioning of the resulting four-valued logic, together
with safe rules (for example \inlineisar+foundation9+ --
\inlineisar+foundation12+ in \autoref{sec:localVal}) that allow a
reduction to two-valued reasoning as required for many automated
provers. The resulting logic still enjoys the rules of a strong
Kleene Logic in the spirit of the Amsterdam
Manifesto~\cite{cook.ea::amsterdam:2002}.
\item the complicated life resulting from the two necessary
equalities: the standard's ``strict weak referential equality'' as
default (written \inlineisar+_ \<doteq> _+ throughout this document) and
the strong equality (written \inlineisar+_ \<triangleq> _+), which
follows the logical Leibniz principle that ``equals can be replaced
by equals.'' Which is not necessarily the case if
\inlineisar+invalid+ or objects of different states are involved.
\item a type-safe representation of objects and a clarification of the
old idea of a one-to-one correspondence between object
representations and object-id's, which became a state invariant.
\item a simple concept of state-framing via the novel operator
\inlineocl+_->oclIsModifiedOnly()+ and its consequences for strong
and weak equality.
\item a semantic view on subtyping clarifying the role of static and
dynamic type (aka \emph{apparent} and \emph{actual} type in Java
terminology), and its consequences for casts, dynamic type-tests,
and static types.
\item a semantic view on path expressions, that clarify the role of
\inlineisar+invalid+ and \inlineisar+null+ as well as the tricky
issues related to de-referentiation in pre- and post state.
\item an optional extension of the OCL semantics by \emph{infinite}
sets that provide means to represent ``the set of potential objects
or values'' to state properties over them (this will be an important
feature if OCL is intended to become a full-blown code annotation
language in the spirit of JML~\cite{levens.ea:jml:2007} for semi-automated code verification,
and has been considered desirable in the Aachen
Meeting~\cite{brucker.ea:summary-aachen:2013}).
\end{enumerate}
Moreover, we managed to make our theory in large parts executable,
which allowed us to include mechanically checked
\inlineisar+value+-statements that capture numerous corner-cases
relevant for OCL implementors. Among many minor issues, we thus
pin-pointed the behavior of \inlineocl+null+ in collections as well
as in casts and the desired \inlineocl+isKindOf+-semantics of
\inlineocl+allInstances()+.
\section{Lessons Learned}
While our paper and pencil arguments, given
in~\cite{brucker.ea:ocl-null:2009}, turned out to be essentially
correct, there had also been a lesson to be learned: If the logic is
not defined as a Kleene-Logic, having a structure similar to a
complete partial order (CPO), reasoning becomes complicated: several
important algebraic laws break down which makes reasoning in OCL
inherent messy and a semantically clean compilation of OCL formulae to
a two-valued presentation, that is amenable to animators like
KodKod~\cite{torlak.ea:kodkod:2007} or SMT-solvers like
Z3~\cite{moura.ea:z3:2008} completely impractical. Concretely, if the
expression \inlineocl{not(null)} is defined \inlineocl{invalid} (as is
the case in the present standard~\cite{omg:ocl:2012}), than standard
involution does not hold, \ie, \inlineocl{not(not(A))} = \inlineocl{A}
does not hold universally. Similarly, if \inlineocl{null and null} is
\inlineocl{invalid}, then not even idempotence \inlineocl{X and X} =
\inlineocl{X} holds. We strongly argue in favor of a lattice-like
organization, where \inlineocl{null} represents ``more information''
than \inlineocl{invalid} and the logical operators are monotone with
respect to this semantical ``information ordering.''
A similar experience with prior paper and pencil arguments was our
investigation of the object-oriented data-models, in particular
path-expressions ~\cite{DBLP:conf/models/BruckerLTW13}. The final
presentation is again essentially correct, but the technical details
concerning exception handling lead finally to a continuation-passing
style of the (in future generated) definitions for accessors, casts
and tests. Apparently, OCL semantics (as many other ``real''
programming and specification languages) is meanwhile too complex to
be treated by informal arguments solely.
Featherweight OCL makes several minor deviations from the standard and
showed how the previous constructions can be made correct and
consistent, and the DNF-normalization as well as $\delta$-closure laws
(necessary for a transition into a two-valued presentation of OCL
specifications ready for interpretation in SMT solvers
(see~\cite{brucker.ea:ocl-testing:2010} for details)) are valid in
Featherweight OCL.
\section{Conclusion and Future Work}
Featherweight OCL concentrates on formalizing the semantics of a core
subset of OCL in general and in particular on formalizing the
consequences of a four-valued logic (\ie, OCL versions that support,
besides the truth values \inlineocl{true} and \inlineocl{false} also
the two exception values \inlineocl{invalid} and \inlineocl{null}).
In the following, we outline the necessary steps for turning
Featherweight OCL into a fully fledged tool for OCL, \eg, similar to
\holocl as well as for supporting test case generation similar to
{HOL}-TestGen~\cite{brucker.ea:hol-testgen:2009}. There are
essentially five extensions necessary:
\begin{itemize}
\item extension of the library to support all OCL data types, \eg,
\inlineocl{OrderedSet(T)} or \inlineocl{Sequence(T)}. This
formalization of the OCL standard library can be used for checking
the consistency of the formal semantics (known as ``Annex A'') with
the informal and semi-formal requirements in the normative part of
the OCL standard.
\item development of a compiler that compiles a textual or CASE
tool representation (\eg, using XMI or the textual syntax of
the USE tool~\cite{richters:precise:2002}) of class
models. Such compiler could also generate the necessary casts when
converting standard OCL to Featherweight OCL as well as providing
``normalizations'' such as converting multiplicities of class
attributes to into OCL class invariants.
\item a setup for translating Featherweight OCL into a two-valued
representation as described
in~\cite{brucker.ea:ocl-testing:2010}. As, in real-world scenarios,
large parts of {UML}/{OCL} specifications are defined (\eg,
from the default multiplicity \inlineocl{1} of an attributes
\inlineocl{x}, we can directly infer that for all valid states
\inlineocl{x} is neither \inlineocl{invalid} nor \inlineocl{null}),
such a translation enables an efficient test case generation
approach.
\item a setup in Featherweight OCL of the Nitpick
animator~\cite{blanchette.ea:nitpick:2010}. It remains to be shown
that the standard, Kodkod~\cite{torlak.ea:kodkod:2007} based
animator in Isabelle can give a similar quality of animation as the
OCLexec Tool~\cite{krieger.ea:generative:2010}
\item a code-generator setup for Featherweight OCL for Isabelle's
code generator. For example, the Isabelle code generator supports
the generation of F\#, which would allow to use {OCL}
specifications for testing arbitrary .net-based applications.
\end{itemize}
The first two extensions are sufficient to provide a formal proof
environment for OCL 2.5 similar to \holocl while the remaining
extensions are geared towards increasing the degree of proof
automation and usability as well as providing a tool-supported test
methodology for {UML}/{OCL}.
Our work shows that developing a machine-checked formal semantics of
recent {OCL} standards still reveals significant
inconsistencies---even though this type of research is not new. In
fact, we started our work already with the 1.x series of {OCL}. The
reasons for this ongoing consistency problems of {OCL} standard are
manifold. For example, the consequences of adding an additional
exception value to OCL 2.2 are widespread across the whole language
and many of them are also quite subtle. Here, a machine-checked formal
semantics is of great value, as one is forced to formalize all details
and subtleties. Moreover, the standardization process of the {OMG},
in which standards (\eg, the {UML} infrastructure and the {OCL}
standard) that need to be aligned closely are developed quite
independently, are prone to ad-hoc changes that attempt to align these
standards. And, even worse, updating a standard document by voting on
the acceptance (or rejection) of isolated text changes does not help
either. Here, a tool for the editor of the standard that helps to
check the consistency of the whole standard after each and every
modifications can be of great value as well.
%%% Local Variables:
%%% mode: latex
%%% TeX-master: "root"

83
document/figures/AbstractSimpleChair.mp Normal file
View File

@ -0,0 +1,83 @@
input metafun;
boolean cmykcolors;
cmykcolors := false;
input latexmp;
setupLaTeXMP(
% preamblefile="preamble"
class="scrbook"
,options="10pt"
,fontencoding="T1"
,inputencoding="latin1"
,packages=("babel[ngerman,USenglish]"
&",lmodern,hol-ocl-isar")
,preamble=("\renewcommand\familydefault{\ttdefault}")
,mode=normal
% ,multicolor=enable
);
boolean metauml_defaultLaTeX;
metauml_defaultLaTeX := true;
input metauml;
color MaroonFifty;
MaroonFifty := cmyk(0.00, 0.435, 0.34, 0.16);
beginfig(1)
%% Role Hierarchie
AbstractClass.Role("Role")()();
Class.Hearer("Hearer")()();
Class.Speaker("Speaker")()();
Class.Chair("Chair")()();
Class.CoChair("CoCair")()();
topToBottom(30)(Role, Hearer, Speaker);
topToBottom(30)(CoChair, Chair);
leftToRight(25)(Hearer, CoChair);
drawObjects(Role, Hearer, Speaker);
drawObjects(CoChair, Chair);
link(inheritance)(Hearer.n -- Role.s);
link(inheritance)(Speaker.n -- Hearer.s);
link(inheritance)(CoChair.w -- Hearer.e);
link(inheritance)(Chair.n -- CoChair.s);
Class.Person("Person")("+name:String")();
Class.Participant("Participant")()();
Participant.n = Person.e + (Role.w - Person.e)/2 + (0,-30);
leftToRight(100)(Person, Role);
topToBottom(47)(Person, Session);
Class.Session("Session")("+name:String")
(
%"+invite(p:Person):OclVoid",
"+findRole(p:Person):Role");
drawObjects(Person, Session,Participant);
% AssocClass
link(association) (Person.e -- Role.w);
item(iAssoc)("person")(obj.sw = Person.e);
item(iAssoc)("0..*")(obj.nw = Person.e);
%
item(iAssoc)("role")(obj.se = Role.w);
item(iAssoc)("0..*")(obj.ne = Role.w);
item(iAssoc)("0..*")(obj.ne = Participant.w);
link(dashedLink)(Participant.n -- (Person.e+(Role.w-Person.e)/2));
path p;
p = fullcircle scaled 6bp shifted (Person.e+(Role.w-Person.e)/2);
fill p withcolor white;
draw p;
%%%
link(association) (pathManhattanX(Participant.w,(Session.n+(-10,0))));
item(iAssoc)("session")(obj.sw = Session.n+(-10,0));
item(iAssoc)("0..1")(obj.se = Session.n+(-10,0));
endfig;
end

BIN
document/figures/AbstractSimpleChair.pdf Normal file
View File

Binary file not shown.

BIN
document/figures/jedit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
document/figures/pdf.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
document/figures/person.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
document/figures/pre-post.pdf Normal file
View File

Binary file not shown.

34
document/formalization.tex Normal file
View File

@ -0,0 +1,34 @@
\part{A Proposal for Formal Semantics of OCL 2.5}
% \input{session}
\input{OCL_core.tex}
\input{OCL_lib.tex}
\input{OCL_state.tex}
\input{OCL_tools.tex}
\input{OCL_main.tex}
\renewcommand{\isamarkupheader}[1]{\section{#1}}
\renewcommand{\isamarkupsection}[1]{\subsection{#1}}
\renewcommand{\isamarkupsubsection}[1]{\subsubsection{#1}}
\renewcommand{\isamarkupsubsubsection}[1]{\paragraph{#1}}
\renewcommand{\isamarkupsect}[1]{\subsection{#1}}
\renewcommand{\isamarkupsubsect}[1]{\paragraph{#1}}
\renewcommand{\isamarkupsubsubsect}[1]{\paragraph{#1}}
\part{Examples}
\chapter{The Employee Analysis Model}
\label{ex:employee-analysis}
\input{Employee_AnalysisModel_UMLPart.tex}
\input{Employee_AnalysisModel_OCLPart.tex}
\chapter{The Employee Design Model}
\label{ex:employee-design}
\input{Employee_DesignModel_UMLPart.tex}
\input{Employee_DesignModel_OCLPart.tex}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: "root"
%%% End:

996
document/hol-ocl-isar.sty Normal file
View File

@ -0,0 +1,996 @@
\NeedsTeXFormat{LaTeX2e}\relax
\ProvidesClass{hol-ocl-isar}[2007/05/24 Achim D. Brucker ($Rev: 9004 $)]
\RequirePackage{ifthen}
%
\newboolean{holocl@nocolor}
\setboolean{holocl@nocolor}{false}
\DeclareOption{nocolor}{\setboolean{holocl@nocolor}{true}}
%
\newboolean{isar@mnsymbol}
\setboolean{isar@mnsymbol}{false}
\DeclareOption{mnsymbol}{\setboolean{isar@mnsymbol}{true}}
\newboolean{isar@isasymonly}
\setboolean{isar@isasymonly}{false}
\DeclareOption{isasymonly}{\setboolean{isar@isasymonly}{true}}
\newboolean{holocl@scf}
\DeclareOption{scf}{\setboolean{holocl@scf}{true}}
\newboolean{holocl@nocolortable}
\DeclareOption{nocolortable}{\setboolean{holocl@nocolortable}{true}}
\newboolean{holocl@noaclist}
\DeclareOption{noaclist}{\setboolean{holocl@noaclist}{true}}
\ProcessOptions\relax
\ifthenelse{\boolean{isar@mnsymbol}}{%
}{%
\RequirePackage{amsmath}
\RequirePackage{amssymb}
\RequirePackage{stmaryrd}
\newcommand{\lsem}{\llbracket}
\newcommand{\rsem}{\rrbracket}
}
\usepackage{isabellesym}
\renewcommand{\isasymrbrakk}{\isamath{\mathclose{\rsem}}}
\renewcommand{\isasymlbrakk}{\isamath{\mathopen{\lsem}}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% begin: old hol-ocl-ng style
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage{xspace}
%\usepackage{euscript}
\ifthenelse{\boolean{isar@mnsymbol}}{%
}{
\usepackage{mathrsfs}
}
%\IfFileExists{marginnote.sty}{\usepackage{marginnote}}{}
\usepackage{marginnote}
\RequirePackage[final]{listings}
%%
\newcommand{\ap}{\:}
%%
%% 1.1) Define package options
%% =========================
%% 2) Color Definitions
%% ======================
%%%%%%%%%%%%%%%%%
% color setup
\ifthenelse{\boolean{holocl@nocolor}}{%
\ifthenelse{\boolean{holocl@nocolortable}}{%
\usepackage[gray,hyperref,dvipsnames]{xcolor}
}{%
\usepackage[gray,hyperref,table,dvipsnames]{xcolor}
}
}{%
\ifthenelse{\boolean{holocl@nocolortable}}{%
\usepackage[hyperref,dvipsnames,fixpdftex]{xcolor}
}{%
\usepackage[hyperref,table,dvipsnames,fixpdftex]{xcolor}
}
}
\newcommand{\nc@colorlet}[2]{
\ifthenelse{\boolean{holocl@nocolor}}{%
\colorlet{#1}{Black}
}{%
\colorlet{#1}{#2}
}}
%
% MathOCl expressions
\nc@colorlet{MathOclColor} {Magenta}
\newcommand{\MathOclColorName}{\textcolor{MathOclColor}{magenta}\xspace}
%
% intermediate HOL-OCL expressions, e.g., lifting
\nc@colorlet{HolOclColor} {OliveGreen} %{ForestGreen} % {OliveGreen}
\newcommand{\HolOclColorName}{\textcolor{HolOclColor}{green}\xspace}
%
\nc@colorlet{OclColor} {Magenta}
\newcommand{\OclColorName}{\textcolor{OclColor}{magenta}\xspace}
%
% Color for stuff not yet supported (mainly used in the syntax table)
\nc@colorlet{UnsupportedColor}{gray!75}
\newcommand{\UnsupportedColorName}{\textcolor{UnsupportedColor}{gray}\xspace}
% Color for extension (mainly used in the syntax table)
\nc@colorlet{ExtensionColor}{ForestGreen}
\newcommand{\ExtensionColorName}{\textcolor{ExtensionColor}{green}\xspace}
%
% OCL Keywords in \inlineocl{...} and \begin{ocl} ... \end{ocl}
\nc@colorlet{OclKeywordColor} {MidnightBlue}
\newcommand{\OclKeywordColorName}{\textcolor{OclKeywordColor}{blue}\xspace}
%
% SML Keywords in \inlinesml{...} and \begin{sml}...\end{sml}
\nc@colorlet{SmlKeywordColor} {MidnightBlue}
\newcommand{\SmlKeywordColorName}{\textcolor{SmlKeywordColor}{blue}\xspace}
%
% Java Keywords in \inlinejava{...} and \begin{java}...\end{java}
\nc@colorlet{JavaKeywordColor} {MidnightBlue}
\newcommand{\JavaKeywordColorName}{\textcolor{JavaKeywordColor}{blue}\xspace}
%
% color for sections and boldface text
\nc@colorlet{SectionColor} {MidnightBlue}
\newcommand{\SectionColorName}{\textcolor{SectionColor}{blue}\xspace}
%
% color for HOL-OCL and Isabelle theories. To be consistent with the
% generated output, this should be the same as "SectionColor"
\nc@colorlet{HolOclThyColor} {SectionColor}
\newcommand{\HolOclThyColorName}{\SectionColorName}
%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% 3) Defining environments and commands
%% =====================================
%%
%% 3.1) HOL-OCL contact information
%% --------------------------------
\newcommand{\HolOclEmail}{\href{mailto:hol-ocl@brucker.ch}{hol-ocl@brucker.ch}}
\newcommand{\HolOclWebsite}{\url{http://www.brucker.ch/research/hol-ocl/}}
\newcommand{\HolOclLogo}{}
\newcommand{\holocl}{HOL-OCL\xspace}
%%
%% 3.2) Environments for plain SML and OCL code
%% --------------------------------------------
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newcommand{\theory}[1]{\texttt{#1}}%
\newcommand{\tactic}[1]{\texttt{#1}}%
\newcommand{\simpset}[1]{\texttt{#1}}%
}{%
\newcommand{\theory}[1]{\textsf{#1}}%
\newcommand{\tactic}[1]{\textsf{#1}}%
\newcommand{\simpset}[1]{\textsf{#1}}%
}
\newcommand{\oclfont}{\ttfamily}
\newcommand{\mathocl}{\mathtt}
\newcommand{\smlfont}{\ttfamily}
\newcommand{\javafont}{\ttfamily}
\newcommand{\holoclthyfont}{\rmfamily}
\ifthenelse{\boolean{holocl@nocolor}}{%
\newcommand{\oclkeywordstyle}{\bfseries}
\newcommand{\javakeywordstyle}{\bfseries}
\newcommand{\smlkeywordstyle}{\bfseries}
\newcommand{\holoclthykeywordstyle}{\bfseries}
}{%
\newcommand{\oclkeywordstyle}{\color{OclKeywordColor}\relax}
\newcommand{\javakeywordstyle}{\color{JavaKeywordColor}\relax}
\newcommand{\smlkeywordstyle}{\color{SmlKeywordColor}\relax}
\newcommand{\holoclthykeywordstyle}{\color{HolOclThyColor}\relax}
}
\lstloadlanguages{OCL,ML,Java}
\lstdefinestyle{sml}{basicstyle=\smlfont,%
commentstyle=\itshape,%
keywordstyle=\smlkeywordstyle,%
ndkeywordstyle=\smlkeywordstyle,%
language=ML}%
\lstdefinestyle{displaysml}{style=sml,%
floatplacement={tbp},captionpos=b,style=sml,framexleftmargin=10pt,%
numbers=left,numberstyle=\tiny,stepnumber=5,basicstyle=\small\smlfont,%
backgroundcolor=\color{black!3},frame=lines,%xleftmargin=-8pt,xrightmargin=-8pt%
}
\lstdefinestyle{ocl}{basicstyle=\oclfont,%
commentstyle=\itshape,%
keywordstyle=\oclkeywordstyle,%
ndkeywordstyle=\oclkeywordstyle,%
morekeywords={package,endpackage,%
context,pre,inv,post,init,def,body,derive,%
measurement},%
mathescape=true,
sensitive=t,%
morecomment=[l]--,%
morestring=[d]'%
}%
\lstdefinestyle{java}{language=Java,
basicstyle=\javafont,%
commentstyle=\itshape,%
keywordstyle=\javakeywordstyle,%
ndkeywordstyle=\javakeywordstyle,%
}%
\lstdefinestyle{displayjava}{style=java,
floatplacement={tbp},captionpos=b,framexleftmargin=10pt,
basicstyle=\small\javafont,backgroundcolor=\color{black!3},frame=lines}%
\lstdefinestyle{displayocl}{style=ocl,
%floatplacement={tbp},captionpos=b,framexleftmargin=10pt,
floatplacement={tbp},captionpos=b,
basicstyle=\small\oclfont,backgroundcolor=\color{black!3},frame=lines}%
\lstdefinestyle{holocl}{basicstyle=\holoclthyfont,%
commentstyle=\itshape,%
keywordstyle=\holoclthykeywordstyle,%
ndkeywordstyle=\holoclthykeywordstyle,%
language=,
mathescape=true,
classoffset=0,%
morekeywords={shows,assumes,proof,next,qed,case,po,lemma,apply,discharged,analyze_consistency,done,theory,end,imports,begin,refine,generate_po_liskov,import_model,load_xmi},%
}%
\lstdefinestyle{displayholocl}{style=holocl,
floatplacement={tbp},captionpos=b,
basicstyle=\small\holoclthyfont,backgroundcolor=\color{black!3},frame=lines}%
\lstnewenvironment{ocl}[1][]{\lstset{style=displayocl,#1}}{}%
\lstnewenvironment{xuse}[1][]{\lstset{style=displayocl,morekeywords={method,class,end,begin,var,attributes,constraints},#1}}{}%
\lstnewenvironment{java}[1][]{\lstset{style=displayjava,#1}}{}%
\lstnewenvironment{sml}[1][]{\lstset{style=displaysml,#1}}{}
\lstnewenvironment{lstholocl}[1][]{\lstset{style=displayholocl,columns=fullflexible,#1}}{}%
\def\inlinejava{\lstinline[style=java,columns=fullflexible]}%
\def\inlinesml{\lstinline[style=sml,columns=fullflexible]}%
\def\inlineocl{\lstinline[style=ocl,columns=fullflexible]}%
\def\inlineholocl{\lstinline[style=holocl,columns=fullflexible]}%
%%
%% 3.3) Environments for citing ``the'' standard
%% ------------------------------------------
% \newsavebox{\oclpage}%
% \newenvironment{oclspecification}[1]%
% {\savebox{\oclpage}{\small #1}\begin{quote}}%
% {{\small\mbox{}\\\mbox{}\hfill (Object Constraint Language
% Specification~\cite{omg:ocl:2003}, %
% page \usebox{\oclpage})}\end{quote}}
\newsavebox{\oclpage}%
\newenvironment{oclspecification}[2][omg:ocl:2003]
{\sbox\oclpage{\emph{\small(\OCL Specification~\cite{#1}, %
page #2)}}%
% \begin{quote}}
\begin{addmargin}[2em]{0pt}%
\begin{minipage}{\linewidth}%
\vspace{.6\baselineskip}
\rule{\linewidth}{.5pt}}
{\hspace*{\fill}\nolinebreak[1]%
\quad\hspace*{\fill}%
\finalhyphendemerits=0%
\usebox{\oclpage}\\%a
\rule[.25\baselineskip]{\linewidth}{.5pt}%
\vspace{.6\baselineskip}
\end{minipage}%
\end{addmargin}
}
%\end{quote}}
%%
%% 3.4) V, Val, and VAL
%% --------------------
\newcommand{\V}[2]{\ensuremath{V_{#1}({#2})}}
\newcommand{\Val}[2]{\ensuremath{V_{#1}({#2})}}
\newcommand{\VAL}[2]{\ensuremath{\mathit{{Val}}_{#1}({#2})}}
%%
%% 3.5) Models
%% -----------
%\newcommand{\modelsT}{\mathop{\vDash_{\mathsf{t}}}}
%\newcommand{\modelsF}{\mathop{\vDash_{\mathsf{f}}}}
%\newcommand{\modelsU}{\mathop{\vDash_{\mathsf{u}}}}
\newcommand{\modelsT}{\mathop{\isasymMathOclValid_{\isasymMathOclTrue}}}
\newcommand{\modelsF}{\mathop{\isasymMathOclValid_{\isasymMathOclFalse}}}
\newcommand{\modelsU}{\mathop{\isasymMathOclValid_{\isasymMathOclUndefined}}}
%%
%% 3.6) Class Diagrams, Universes, etc
%% -----------------------------------
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newcommand{\universe}[1]{\ensuremath{\text{\textsw{#1}}}} % for universes
\newcommand{\domain}[1]{\ensuremath{\text{\textsw{#1}}}} % for domain
}{%
\newcommand{\universe}[1]{\ensuremath{\mathscr{#1}}} % for universes
\newcommand{\domain}[1]{\ensuremath{\mathscr{#1}}} % for domain
}
\newcommand{\cdiagram}[1]{\ensuremath{\EuScript{#1}}} % for class diagram
\newcommand{\typeset}[1]{\mathfrak{#1}}
\newcommand{\AT}{\typeset{A}}
\newcommand{\VT}{\typeset{V}}
\newcommand{\tagTypes}{\typeset{T}}
\newcommand{\Tref}{\typeset{T}_\text{ref}}
\newcommand{\Tnonref}{\typeset{T}_\text{nonref}}
\newcommand{\UTref}{\typeset{U}_\text{ref}}
\newcommand{\UTnonref}{\typeset{U}_\text{nonref}}
\newcommand{\UTx}{\typeset{U}_\text{x}}
\newcommand{\CTref}{\typeset{U}_\text{ref}}
\newcommand{\CTnonref}{\typeset{U}_\text{nonref}}
\newcommand{\CTx}{\typeset{U}_\text{x}}
%%
%% 3.6) Type Lifting
%% -----------------
\newcommand{\tconvR}[1]{\ensuremath{\widehat{#1}}}
\newcommand{\tconvU}[1]{\ensuremath{\widetilde{#1}}}
\newcommand{\tconvE}[1]{\ensuremath{\overline{#1}}}
%%
%% 3.7) Isabelle specific stuff
%% ----------------------------
\newcommand{\Forall}{\isasymAnd}
\newcommand{\Exists}{\isasymOr}
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newcommand{\meta}[1]{\ensuremath{?\mkern-2mu#1}}%
}{%
\newcommand{\meta}[1]{\ensuremath{?\!#1}}%
}
\newcommand{\Implies}{\isasymLongrightarrow}
\renewcommand{\implies}{\isasymrightarrow}
\newcommand{\hilbert}{\isasymsome}
\newcommand{\thm}[1]{``$\mathrm{#1}$''}
%%
%% 3.8) HOL-OCL shortcuts
%% ----------------------
%\newcommand{\up}[1]{\ensuremath{#1_{\!\bot}}}
\newcommand{\up}[1]{\ensuremath{#1_{\mkern-5mu\lower.2ex\hbox{$\bot$}}}}
\newcommand{\lift}[1]{\ensuremath{\isasymHolOclLiftLeft #1\isasymHolOclLiftRight}}
\newcommand{\drop}[1]{\ensuremath{\isasymHolOclDropLeft #1\isasymHolOclDropRight}}
\DeclareMathOperator{\liftOp}{lift}
%%
%% 3.9) semantics
%% --------------
\newcommand{\lsemantics}{\lsem}
\newcommand{\rsemantics}{\rsem}
\newcommand{\biglsemantics}{\bigl\lsem}
\newcommand{\bigrsemantics}{\bigr\rsem}
\newcommand{\bigglsemantics}{\biggl\lsem}
\newcommand{\biggrsemantics}{\biggr\rsem}
\newcommand{\semantics}[1]{\lsem #1 \rsem}
%%
%% 3.10) Index generation and references
%% ----------------------
\newcommand{\emphI}[1]{\emph{#1}\index{#1}}
\newcommand{\autonameref}[1]{\autoref{#1} ``\nameref{#1}''}
\newcommand{\vautoref}[1]{\autoref{#1}\vpageref{#1}}
\newcommand{\vautonameref}[1]{\autoref{#1} ``\nameref{#1}''}
\newcommand{\definitionautrefname}{definition}
% \newcommand{\vautonameref}[1]{\autonameref{#1}\vpageref{#1}}
%%
%% 3.11) Syntax diagrams and tables
%% --------------------------------
\newcommand{\literal}{\mathtt}
\newcommand{\unsupported}[1]{\textcolor{UnsupportedColor}{#1}}
\newcommand{\extension}[1]{\textcolor{ExtensionColor}{#1}}
%%
%% 3.12) Typographic styles for Datatypes, etc
%% -------------------------------------------
%% 3.12.1 HOL Type Constructors
%% ----------------------------
\newcommand{\HolBin}[0]{\ensuremath{\mathrm{bin}}}
\newcommand{\HolNum}[0]{\ensuremath{\mathrm{num}}}
\newcommand{\HolBoolean}[0]{\ensuremath{\mathrm{bool}}}
\newcommand{\HolString}[0]{\ensuremath{\mathrm{string}}}
\newcommand{\HolInteger}[0]{\ensuremath{\mathrm{int}}}
\newcommand{\HolNat}[0]{\ensuremath{\mathrm{nat}}}
\newcommand{\HolReal}[0]{\ensuremath{\mathrm{real}}}
\newcommand{\HolSet}[1]{#1\ap\ensuremath{\mathrm{set}}}
\newcommand{\HolList}[1]{#1\ap\ensuremath{\mathrm{list}}}
%\newcommand{\HolOrderedSet}[1]{#1~\ensuremath{\mathrm{orderedset}}}
\newcommand{\HolMultiset}[1]{#1\ap\ensuremath{\mathrm{multiset}}}
\newcommand{\classType}[2]{#1\ap\ensuremath{\mathrm{#2}}}
\newcommand{\HolMkSet}[1]{\operatorname{set} #1}
%% 3.12.2 Lifted HOL Type Constructors
%% ----------------------------
\newcommand{\HolBooleanUp}[0]{\ensuremath{\up{\mathrm{bool}}}}
\newcommand{\HolStringUp}[0]{\ensuremath{up{\mathrm{string}}}}
\newcommand{\HolIntegerUp}[0]{\ensuremath{\up{\mathrm{int}}}}
\newcommand{\HolRealUp}[0]{\ensuremath{\up{\mathrm{real}}}}
\newcommand{\HolSetUp}[1]{#1\ap\ensuremath{\up{\mathrm{set}}}}
\newcommand{\HolListUp}[1]{#1\ap\ensuremath{\up{\mathrm{list}}}}
%\newcommand{\HolOrderedSetUp}[1]{#1\ap\ensuremath{\up{\mathrm{OrderedSet}}}}
\newcommand{\HolMultisetUp}[1]{#1\ap\ensuremath{\up{\mathrm{multiset}}}}
%% 3.12.3 HOL-OCL Type Constructors
%% --------------------------------
\newcommand{\HolOclBoolean}{\ensuremath{\mathtt{Boolean}}}
\newcommand{\HolOclString}{\ensuremath{\mathtt{String}}}
\newcommand{\HolOclInteger}{\ensuremath{\mathtt{Integer}}}
\newcommand{\HolOclReal}{\ensuremath{\mathtt{Real}}}
\newcommand{\HolOclSet}[1]{#1\ap\ensuremath{\mathtt{Set}}}
\newcommand{\HolOclOclAny}[1]{#1\ap\ensuremath{\mathtt{OclAny}}}
\newcommand{\HolOclSequence}[1]{#1\ap\ensuremath{\mathtt{Sequence}}}
\newcommand{\HolOclOrderedSet}[1]{#1\ap\ensuremath{\mathtt{OrderedSet}}}
\newcommand{\HolOclBag}[1]{#1\ap\ensuremath{\mathtt{Bag}}}
\newcommand{\OclBoolean}[1][\tau]{\ensuremath{\mathtt{Boolean}_{#1}}}
\newcommand{\OclString}[1][\tau]{\ensuremath{\mathtt{String}_{#1}}}
\newcommand{\OclInteger}[1][\tau]{\ensuremath{\mathtt{Integer}_{#1}}}
\newcommand{\OclReal}[1][\tau]{\ensuremath{\mathtt{Real}_{#1}}}
\newcommand{\OclSet}[2][\tau]{#2\ap\ensuremath{\mathtt{Set}_{#1}}}
\newcommand{\OclSequence}[2][\tau]{#2\ap\ensuremath{\mathtt{Sequence}_{#1}}}
\newcommand{\OclOrderedSet}[2][\tau]{#2\ap\ensuremath{\mathtt{OrderedSet}_{#1}}}
\newcommand{\OclBag}[2][\tau]{#2\ap\ensuremath{\mathtt{Bag}_{#1}}}
\newcommand{\OclOclAny}[2][\tau]{#2\ap\ensuremath{\mathtt{OclAny}_{#1}}}
\newcommand{\HolTrue}{\mathrm{true}}
\newcommand{\HolFalse}{\mathrm{false}}
\newcommand{\HolUnit}{\mathrm{unit}}
\newcommand{\HolUndef}{\isasymbottom}
\newcommand{\HolWfrec}{\operatorname{wfrec}}
\newcommand{\OclTrue}{\isasymMathOclTrue}
\newcommand{\OclFalse}{\isasymMathOclFalse}
\newcommand{\OclUndef}{\isasymMathOclUndefined}
%% 3.12.x misc stuff
%% -----------------
\newcommand{\oid}{\mathrm{oid}}
\newcommand{\ofType}{\mathbin{\isasymColon}}
\newcommand{\defeq}{\mathrel{\mathop:}=}
\DeclareMathOperator{\HolInl}{Inl}
\DeclareMathOperator{\HolNumberOf}{numberOf}
\newcommand{\self}{\mathit{self}}
\newcommand{\result}{\mathit{result}}
\newcommand{\op}{\mathit{op}}
\newcommand{\SemCom}{\mathit{SemCom}}
\DeclareMathOperator{\HolInr}{Inr}
\DeclareMathOperator{\HolFst}{fst}
\DeclareMathOperator{\HolSnd}{snd}
\DeclareMathOperator{\HolOptionCase}{OptionCase}
\DeclareMathOperator{\HolUpCase}{upCase}
\DeclareMathOperator{\HolSumCase}{sumCase}
\DeclareMathOperator{\HolOf}{of}
\DeclareMathOperator{\HolCase}{case}
\DeclareMathOperator{\HolIf}{if}
\DeclareMathOperator{\HolLet}{let}
\DeclareMathOperator{\HolIn}{in}
\DeclareMathOperator{\HolThen}{then}
\DeclareMathOperator{\HolElse}{else}
\DeclareMathOperator{\HolHilbert}{\mathop{\varepsilon}}
\DeclareMathOperator{\HolSome}{Some}
\DeclareMathOperator{\HolNone}{None}
\DeclareMathOperator{\HolArbitrary}{arbitrary}
\DeclareMathOperator{\HolOclStrictify}{\HolOcl{strictify}}
\DeclareMathOperator{\HolOclIsStrict}{isStrict}
\DeclareMathOperator{\HolOclCp}{\HolOcl{cp}}
\DeclareMathOperator{\HolOclDEF}{def} % DEF
\DeclareMathOperator{\HolOclSem}{Sem}
\DeclareMathOperator{\HolOclSmash}{\HolOcl{smash}}
\DeclareMathOperator{\HolOclInvoke}{\HolOcl{invoke}}
\DeclareMathOperator{\HolOclInvokeS}{\HolOcl{invokeS}}
\DeclareMathOperator{\HolOclUnion}{\HolOcl{union}}
\DeclareMathOperator{\HolOclLeast}{Least}
\DeclareMathOperator{\HolOclChoose}{\HolOcl{Choose}}
\DeclareMathOperator{\HolOclCall}{\HolOcl{Call}}
\DeclareMathOperator{\HolOclOidOf}{\HolOcl{OidOf}}
\DeclareMathOperator{\HolOclIsModifiedOnly}{\HolOcl{oclIsModifiedOnly}}
\DeclareMathOperator{\HolOclPre}{pre}
\DeclareMathOperator{\HolOclPost}{post}
\DeclareMathOperator{\HolOclTab}{OpTab}
\DeclareMathOperator{\HolDom}{dom}
\DeclareMathOperator{\HolRan}{ran}
\newcommand{\Abs}[1]{\operatorname{\HolOcl{Abs_{#1}}}}
\newcommand{\Rep}[1]{\operatorname{\HolOcl{Rep_{#1}}}}
\DeclareMathOperator{\HolAbsSet}{\HolOcl{Abs_{Set}}}
\DeclareMathOperator{\HolRepSet}{\HolOcl{Rep_{Set}}}
\DeclareMathOperator{\HolAbsSequence}{\HolOcl{Abs_{Sequence}}}
\DeclareMathOperator{\HolRepSequence}{\HolOcl{Rep_{Sequence}}}
\DeclareMathOperator{\HolUp}{up}
\newcommand{\HolIfThen}[3]{\HolIf #1 \HolThen #2 \HolElse #3}
\newcommand{\OclIfThen}[3]{\isasymMathOclIf #1 \isasymMathOclThen #2 \isasymMathOclElse #3 \isasymMathOclEndif}
%%%%
\newcommand{\Lam}[2]{\mathop{\lambda} #1\spot #2}
\let\llambda\lambda%
\renewcommand{\lambda}{\mathop{\llambda}}
\newcommand{\img}{\mathrel{^\backprime}}
\DeclareMathOperator{\base}{base}
\DeclareMathOperator{\HolOclBase}{\base}
\newcommand{\down}{\mathrm{down}}
\newcommand{\BT}{\typeset{B}}
\newcommand{\HolOclSt}[1]{#1\ap\ensuremath{\mathrm{St}}}
%%
%%
%%
\newcommand{\OCLglitch}[2][]{%
\ifthenelse{\equal{#1}{noentry}}%
{}{%
\ifthenelse{\equal{#1}{}}%
{%
\addcontentsline{gli}{glitch}{#2}%
}{%
\addcontentsline{gli}{glitch}{#1}%
}}%
\mbox{}\marginnote[\small\slshape\raggedleft\hspace{0pt}\mbox{}%
\scalebox{.2}{\includegraphics{figures/warning}}\mbox{}\\#2]%
{\small\raggedright\slshape\hspace{0pt}\mbox{}\scalebox{.2}{\includegraphics{figures/warning}}\mbox{}\\#2}}
\newcommand\listofglitches
{\chapter*{List of Glitches}%
\addcontentsline{toc}{chapter}{List of Glitches}\@starttoc{gli}}
\newcommand\l@glitch[2]{\par\noindent#1,~\textit{#2}\par}
%%%
\newcommand{\OCLextension}[2][]{%
\ifthenelse{\equal{#1}{noentry}}%
{}{%
\ifthenelse{\equal{#1}{}}%
{%
\addcontentsline{ext}{extension}{#2}%
}{%
\addcontentsline{ext}{extension}{#1}%
}}%
\mbox{}\marginnote[\small\slshape\raggedleft\hspace{0pt}\mbox{}%
\scalebox{.2}{\includegraphics{figures/danger}}\mbox{}\\#2]%
{\small\slshape\raggedright\hspace{0pt}\mbox{}\scalebox{.2}{\includegraphics{figures/danger}}\mbox{}\\#2}}
\newcommand\listofextensions
{\chapter*{List of Extensions}%
\addcontentsline{toc}{chapter}{List of Extensions}\@starttoc{ext}}
\newcommand\l@extension[2]{\par\noindent#1,~\textit{#2}\par}
%%
%%%
%%%
\newcommand{\spot}{.\;}
\newcommand{\DevelopmentSpot}{\textcolor{black!95}{\bullet}\;}
\newcommand{\template}[1]{\langle #1\rangle}
\DeclareMathOperator{\Bot}{\mathrm{bot}}
\newcommand{\bottom}{\bot}
\newcommand{\getT}{\operatorname{\mathit{getT}}}
\newcommand{\mkType}[2][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{mk_\text{#2}}}%
{\operatorname{mk_\text{#2}^{(#1)}}}%
}
\newcommand{\isType}[2][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{isType_\text{#2}}}%
{\operatorname{isType_\text{#2}^{(#1)}}}%
}
\newcommand{\isKind}[2][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{isKind_\text{#2}}}%
{\operatorname{isKind_\text{#2}^{(#1)}}}%
}
\newcommand{\isUnivType}[2][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{isUniv_\text{#2}}}%
{\operatorname{isUniv_\text{#2}^{(#1)}}}%
}
\newcommand{\getType}[2][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{get_\text{#2}}}%
{\operatorname{get_\text{#2}^{(#1)}}}%
}
% \newcommand{\typeCast}[2]{\operatorname{#1\_2\_#2}}
\newcommand{\typeCast}[3][]{%
\ifthenelse{\equal{#1}{}}%
{\operatorname{#2_\text{[#3]}}}%
{\operatorname{#2_\text{[#3]}^{(#1)}}}%
}
\newcommand{\getAttrib}[3][]{%
\ifthenelse{\equal{#1}{}}%
{#2\operatorname{\!.#3}}%
{#2\operatorname{\!.#3}^{(#1)}}%
}
\newcommand{\setAttrib}[4][]{%
\ifthenelse{\equal{#1}{}}%
{#2\operatorname{\!.set_{#3}}\ap \mathit{#4}}%
{#2\operatorname{\!.set_{#3}^{(#1)}}\ap \mathit{#4}}%
}
\newcommand{\newAttrib}[4][]{%
\ifthenelse{\equal{#1}{}}%
{#2\operatorname{.new_{#3}}\ap \mathit{#4}}%
{#2\operatorname{.new_{#3}^{(#1)}}\ap \mathit{#4}}%
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% end: old hol-ocl-ng style
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\newcommand{\MathOclStyle}[1]{\color{MathOclColor}#1}
\newcommand{\HolOclStyle}[1]{\color{HolOclColor} #1}
\newcommand{\OclStyle}[1]{\upshape\ttfamily\color{OclColor} #1}
\newcommand{\MathOcl}[1]{{\MathOclStyle{#1}}}
\newcommand{\HolOcl}[1]{{\HolOclStyle #1}}
\newcommand{\Ocl}[1]{\text{\OclStyle{#1}}}
\newcommand{\newMathOcl}[3]{\expandafter\def\csname isasymMathOcl#1\endcsname{\ensuremath{#2{\MathOcl{#3}}}}}
\newcommand{\newOcl}[3]{\expandafter\def\csname isasymOcl#1\endcsname{\ensuremath{\operatorname{\Ocl{#3}}}}}
\newcommand{\newHolOcl}[3]{\expandafter\def\csname isasymHolOcl#1\endcsname{\ensuremath{#2{\HolOcl{#3}}}}}
\newcommand{\aarrow}{\!-\!>}
\newcommand{\oP}{\mathopen\MathOcl{\mathtt{(}}}
\newcommand{\cP}{\mathopen\MathOcl{\mathtt{)}}}
\newcommand{\OclArg}[1]{\oP #1\cP}
\newcommand{\OclSpot}{\mathopen\MathOcl{\spot}}
\newcommand{\OclMid}{\mathop\MathOcl{\mid}}
\renewcommand{\isasymbullet}{\ensuremath{\OclSpot}}
% ; ******************************
%; * Lifting *
%; ******************************
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newHolOcl{LiftLeft}{\mathopen}{\llcorner}
\newHolOcl{LiftRight}{\mathclose}{\lrcorner}
\newHolOcl{DropLeft}{\mathopen}{\ulcorner}
\newHolOcl{DropRight}{\mathclose}{\urcorner}
}{
\newHolOcl{LiftLeft}{\mathopen}
{\leavevmode\lower.6ex\hbox{$\llcorner$}\kern-.20em}
\newHolOcl{LiftRight}{\mathclose}
{\leavevmode\kern-.20em\lower.6ex\hbox{$\lrcorner$}}
\newHolOcl{DropLeft}{\mathopen}
{\leavevmode\lower-.2ex\hbox{$\ulcorner$}\kern-.18em}
\newHolOcl{DropRight}{\mathclose}
{\leavevmode\kern-.18em\lower-.2ex\hbox{$\urcorner$}}
}
% \newHolOcl{DropLeft}{\mathopen}{\ulcorner}
% \newHolOcl{DropRight}{\mathclose}{\urcorner}
%; ******************************
%; * OclAny *
%; ******************************
% \newcommand{\isasymMathOclAny}{}
\newOcl{IsNew}{\mathbin}{.oclIsNew()}
\newMathOcl{IsNew}{\mathbin}{\isasymOclIsNew}
\newOcl{AsType}{\mathbin}{.oclAsType}
\newMathOcl{AsType}{\mathbin}{\isasymOclAsType}
\newOcl{IsTypeOf}{\mathbin}{.oclIsTypeOf}
\newMathOcl{IsTypeOf}{\mathbin}{\isasymOclIsTypeOf}
\newOcl{IsType}{\mathbin}{.oclIsTypeOf}
\newMathOcl{IsType}{\mathbin}{\isasymOclIsType}
\newOcl{IsKindOf}{\mathbin}{.oclIsKindOf}
\newMathOcl{IsKindOf}{\mathbin}{\isasymOclIsKindOf}
% \newOcl{AllInstances}{\mathbin}{.AllInstances()}
% \newMathOcl{AllInstances}{\mathbin}{\isasymOclAllInstances}
%; ******************************
%; * OCL Boolean *
%; ******************************
\newMathOcl{Valid}{\mathrel}{\vDash}
\newOcl{Valid}{\mathrel}{Valid}
\newOcl{LocalValid}{\mathrel}{OclValid}
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newMathOcl{True}{\mathord}{\mathocl{t}}
\newOcl{True}{\mathord}{true}
\newMathOcl{False}{\mathord}{\mathocl{f}}
\newOcl{False}{\mathord}{false}
}
{%
\newMathOcl{True}{\mathord}{\mathocl{T}}
\newOcl{True}{\mathord}{true}
\newMathOcl{False}{\mathord}{\mathocl{F}}
\newOcl{False}{\mathord}{false}
}
\newMathOcl{Not}{\mathop}{\lnot}
\newOcl{Not}{\mathop}{not\ap}
\newMathOcl{And}{\mathbin}{\wedge}
\newOcl{And}{\mathbin}{\ap and}
\newMathOcl{Or}{\mathbin}{\vee}
\newOcl{Or}{\mathbini}{\ap or \ap}
\newMathOcl{Xor}{\mathbin}{\oplus}
\newOcl{Xor}{\mathbin}{\ap xor\ap}
\newMathOcl{Sand}{\mathbin}{\dot{\wedge}}
\newOcl{Sand}{\mathbin}{\ap sand\ap}
\newMathOcl{Sor}{\mathbin}{\dot{\vee}}
\newOcl{Sor}{\mathbini}{\ap sor\ap}
\newMathOcl{Sxor}{\mathbin}{\dot{\oplus}}
\newOcl{Sxor}{\mathbin}{\ap sxor\ap}
\newMathOcl{If}{\mathop}{\mathocl{if}}
\newOcl{If}{\mathopen}{if}
\newMathOcl{Then}{\mathop}{\mathocl{then}}
\newOcl{Then}{\mathbin}{then}
\newMathOcl{Else}{\mathop}{\mathocl{else}}
\newOcl{Else}{\mathbin}{else}
\newMathOcl{Endif}{\mathop}{\mathocl{endif}}
\newOcl{Endif}{\mathclose}{endif}
\newMathOcl{Let}{\mathop}{\mathocl{let}}
\newOcl{Let}{\mathopen}{let}
\newMathOcl{In}{\mathop}{\mathocl{in}}
\newOcl{In}{\mathopen}{in}
\newMathOcl{End}{\mathop}{\mathocl{end}}
\newOcl{End}{\mathopen}{end}
\newMathOcl{Implies}{\mathbin}{\longrightarrow}
\newOcl{Implies}{\mathbin}{\ap implies\ap}
\newMathOcl{Simplies}{\mathbin}{\dot{\longrightarrow}}
\newOcl{Simplies}{\mathbin}{\ap simplies\ap}
\newMathOcl{VImplies}{\mathbin}{\stackrel{1}{\longrightarrow}}
\newOcl{VImplies}{\mathbin}{\ap implies1\ap}
\newMathOcl{VVImplies}{\mathbin}{\stackrel{2}{\longrightarrow}}
\newOcl{VVImplies}{\mathbin}{\ap implies2\ap}
\newMathOcl{IsDefined}{\mathop}{\partial}
\newOcl{IsDefined}{\mathop}{.IsDefined()}
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newMathOcl{IsUndefined}{\mathop}{\not\partial}%
}{%
\newMathOcl{IsUndefined}{\mathop}{\not\!\partial}%
}
\newOcl{IsUndefined}{\mathop}{.oclIsUndefined()}
%; ******************************
%; * OCL Real and Integer *
%; ******************************
\newOcl{Less}{\mathrel}{\ensuremath{<}}
\newMathOcl{Less}{\mathrel}{\isasymOclLess}
\newOcl{Le}{\mathrel}{\ensuremath{<=}}
\newMathOcl{Le}{\mathrel}{\leq}
\newOcl{Greater}{\mathrel}{\ensuremath{>}}
\newMathOcl{Greater}{\mathrel}{\isasymOclGreater}
\newOcl{Ge}{\mathrel}{\ensuremath{>=}}
\newMathOcl{Ge}{\mathrel}{\geq}
\newOcl{Abs}{\mathbin}{.abs()}
\newMathOcl{AbsLeft}{\mathopen}{\lvert}
\newMathOcl{AbsRight}{\mathclose}{\rvert}
\newMathOcl{Min}{\mathop}{\mathrm{min}}
\newOcl{Min}{\mathrel}{.min}
\newMathOcl{Max}{\mathop}{\mathrm{max}}
\newOcl{Max}{\mathrel}{.max}
\newMathOcl{Mod}{\mathop}{\mathrm{mod}}
\newOcl{Mod}{\mathrel}{.mod}
\newMathOcl{Div}{\mathop}{\mathrm{div}}
\newOcl{Div}{\mathrel}{.div}
\newOcl{Floor}{\mathbin}{.floor()}
\newMathOcl{FloorLeft}{\mathopen}{\lfloor}
\newMathOcl{FloorRight}{\mathclose}{\rfloor}
\newOcl{Round}{\mathbin}{.round()}
\newMathOcl{RoundLeft}{\mathopen}{\lceil}
\newMathOcl{RoundRight}{\mathclose}{\rceil}
%; ******************************
%; * OclUndefined *
%; ******************************
\newMathOcl{Undefined}{\mathord}{\bot}
\newOcl{Undefined}{\mathord}{OclUndefined}
%; ******************************
%; * OCL String *
%; ******************************
\newMathOcl{Concat}{\mathbin}{^\frown}
\newOcl{Concat}{\mathbin}{.concat}
\newOcl{Substring}{\mathop}{.substring}
\newMathOcl{Substring}{\mathop}{\isasymOclSubstring}
\newOcl{ToInteger}{\mathop}{.toInteger()}
\newMathOcl{ToInteger}{\mathop}{\isasymOclToInteger}
\newOcl{ToReal}{\mathop}{.toReal()}
\newMathOcl{ToReal}{\mathop}{\isasymOclToReal}
\newOcl{ToUpper}{\mathop}{.toUpper()}
\newMathOcl{ToUpper}{\mathop}{\isasymOclToUpper}
\newOcl{ToLower}{\mathop}{.toLowert()}
\newMathOcl{ToLower}{\mathop}{\isasymOclToLower}
%; ******************************
%; * OCL Collection *
%; ******************************
\newMathOcl{MtSet}{\mathord}{\emptyset}
\newOcl{MtSet}{\mathord}{\{\}}
\newMathOcl{MtSequence}{\mathord}{[]}
\newOcl{MtSequence}{\mathord}{[]}
\newMathOcl{MtBag}{\mathord}{\Lbag\Rbag}
\newOcl{MtBag}{\mathord}{Bag\{\}}
\newMathOcl{MtOrderedSet}{\mathord}{\langle\rangle}
\newOcl{MtOrderedSet}{\mathord}{OrderedSet\{\}}
\newOcl{Size}{\mathbin}{\aarrow size()}
\newMathOcl{SizeLeft}{\mathopen}{\lVert}
\newMathOcl{SizeRight}{\mathclose}{\rVert}
\newMathOcl{Includes}{\mathbin}{\in}
\newOcl{Includes}{\mathbin}{\aarrow includes}
\newMathOcl{Excludes}{\mathbin}{\not\in}%\nin}
\newOcl{Excludes}{\mathbin}{\aarrow excludes}
\newOcl{Flatten}{\mathbin}{\aarrow flatten}
\newMathOcl{FlattenLeft}{\mathbin}{\llceil}
\newMathOcl{FlattenRight}{\mathbin}{\rrceil}
\newOcl{Sum}{\mathbin}{\aarrow sum}
\newMathOcl{Sum}{\mathbin}{\isasymOclSum}
\newOcl{AsSet}{\mathop}{\aarrow asSet()}
\newMathOcl{AsSet}{\mathop}{\isasymOclAsSet}
\newOcl{AsSequence}{\mathop}{\aarrow asSequence()}
\newMathOcl{AsSequence}{\mathop}{\isasymOclAsSequence}
\newOcl{AsBag}{\mathbin}{\aarrow asBag()}
\newMathOcl{AsBag}{\mathop}{\isasymOclAsBag}
\newOcl{AsOrderedSet}{\mathbin}{\aarrow asOrderedSet()}
\newMathOcl{AsOrderedSet}{\mathbin}{\isasymOclAsOrderedSet}
\newMathOcl{ForAll}{\mathop}{\forall}
\newOcl{ForAll}{\mathbin}{\aarrow forall}
\newMathOcl{Exists}{\mathop}{\exists}
\newOcl{Exists}{\mathbin}{\aarrow exists}
\newOcl{Select}{\mathop}{\aarrow select}
\newcommand{\isasymMathOclSelectRight}{\ensuremath{\mathopen{\MathOcl{\rrparenthesis}}}}
\newcommand{\isasymMathOclSelectLeft}{\ensuremath{\mathclose{\MathOcl{\llparenthesis}}}}
\newOcl{Reject}{\mathop}{\aarrow reject}
\newcommand{\isasymMathOclRejectRight}{\ensuremath{\mathopen{\MathOcl{\llparenthesis}}}}
\newcommand{\isasymMathOclRejectLeft}{\ensuremath{\mathclose{\MathOcl{\rrparenthesis}}}}
\newOcl{Collect}{\mathbin}{\aarrow collect}
% \newMathOcl{Collect}{\mathop}{\isasymOclCollect}
\newcommand{\isasymMathOclCollectRight}{\ensuremath{\mathopen{\MathOcl{|\!\}}}}}
\newcommand{\isasymMathOclCollectLeft}{\ensuremath{\mathclose{\MathOcl{\{\!|}}}}
\newOcl{CollectNested}{\mathbin}{\aarrow collectNested}
\newcommand{\isasymMathOclCollectNestedRight}{\ensuremath{\mathopen{\MathOcl{|\!\}\!\}}}}}
\newcommand{\isasymMathOclCollectNestedLeft}{\ensuremath{\mathclose{\MathOcl{\{\!\{\!|}}}}
\newOcl{Iterate}{\mathbin}{\aarrow iterate}
\newMathOcl{Iterate}{\mathop}{\isasymOclIterate}
\newOcl{IsUnique}{\mathbin}{\aarrow isUnique}
\newMathOcl{IsUnique}{\mathbin}{\isasymOclIsUnique}
\newOcl{One}{\mathbin}{\aarrow one}
\newMathOcl{One}{\mathop}{\isasymOclOne}
\newOcl{Any}{\mathbin}{\aarrow any}
\newMathOcl{Any}{\mathop}{\isasymOclAny}
\newOcl{Count}{\mathbin}{\aarrow count}
\newMathOcl{Count}{\mathop}{\isasymOclCount}
\newOcl{IncludesAll}{\mathbin}{\aarrow includesAll}
\newMathOcl{IncludesAll}{\mathop}{\subseteq}
\newOcl{ExcludesAll}{\mathbin}{\aarrow excludesAll}
\newMathOcl{ExcludesAll}{\mathop}{\supset\kern-0.5em\subset}
\newOcl{IsEmpty}{\mathbin}{\aarrow isEmpty()}
\newMathOcl{IsEmpty}{\mathop}{\emptyset \isasymMathOclStrictEq}
\newOcl{NotEmpty}{\mathbin}{\aarrow notEmpty()}
\newMathOcl{NotEmpty}{\mathop}{\emptyset \isasymMathOclStrictNotEq}
\newOcl{SortedBy}{\mathbin}{\aarrow sortedBy}
\newMathOcl{SortedBy}{\mathbin}{\isasymOclSortedBy}
\newOcl{Sum}{\mathbin}{\aarrow sum()}
\newMathOcl{Sum}{\mathop}{\isasymOclSum}
\newOcl{Product}{\mathbin}{\aarrow product}
\newMathOcl{Product}{\mathop}{\times}
\newOcl{Including}{\mathbin}{\aarrow including}
\newMathOcl{Including}{\mathop}{\operatorname{insert}}
\newOcl{Excluding}{\mathbin}{\aarrow excluding}
\newMathOcl{Excluding}{\mathop}{\isasymOclExcluding}
\newMathOcl{SymmetricDifference}{\mathbin}{\ominus}
\newOcl{SymmetricDifference}{\mathbin}{\aarrow symmetricDiffernce}
\newMathOcl{Union}{\mathbin}{\cup}
\newOcl{Union}{\mathbin}{\aarrow union}
\newMathOcl{Intersection}{\mathbin}{\cap}
\newOcl{Intersection}{\mathbin}{\aarrow intersection}
\newMathOcl{Complement}{\mathop}{^{-1}}
\newOcl{Complement}{\mathop}{\aarrow complement()}
\newMathOcl{At}{\mathop}{\natural}
\newOcl{At}{\mathop}{\aarrow at}
\newMathOcl{First}{\mathop}{\natural 1}
\newOcl{First}{\mathop}{\aarrow first()}
\newMathOcl{Last}{\mathop}{\natural \$}
\newOcl{Last}{\mathop}{\aarrow last()}
\newOcl{IndexOf}{\mathbin}{\aarrow indexOf}
\newMathOcl{IndexOf}{\mathop}{\natural ?}
\newOcl{InsertAt}{\mathbin}{\aarrow insertAt}
\newMathOcl{InsertAt}{\mathop}{\isasymOclInsertAt}
\newOcl{SubOrderedSet}{\mathbin}{\aarrow subOrderedSet}
\newMathOcl{SubOrderedSet}{\mathop}{\isasymOclSubOrderedSet}
\newOcl{SubSequence}{\mathbin}{\aarrow subSequence}
\newMathOcl{SubSequence}{\mathop}{\isasymOclSubSequence}
%; ******************************
%; * OCL Set *
%; ******************************
%; ******************************
%; * OCL OrderedSet *
%; ******************************
\newMathOcl{Prepend}{\mathop}{\#}
\newOcl{Prepend}{\mathop}{\aarrow prepend}
\newMathOcl{Append}{\mathop}{@}
\newOcl{Append}{\mathop}{\aarrow append}
%; ******************************
%; * OCL Bag *
%; ******************************
%; ******************************
%; * OCL Sequence *
%; ******************************
%; ******************************
%; * OCL Logic *
%; ******************************
\newOcl{StrictEq}{\mathrel}{==}
\newMathOcl{StrictEq}{\mathrel}{\doteq}
\newOcl{StrongEq}{\mathrel}{=}
\newMathOcl{StrongEq}{\mathrel}{\triangleq}
\newOcl{StrongNotEq}{\mathrel}{\not=}
\newMathOcl{StrongNotEq}{\mathrel}{\not\triangleq}
\newOcl{StrictNotEq}{\mathrel}{<>}
\newMathOcl{StrictNotEq}{\mathrel}{\not\doteq}
\newOcl{StrictValueEq}{\mathrel}{\ensuremath{\sim==}}
\newMathOcl{StrictValueEq}{\mathrel}{\dot{\simeq}}
\newOcl{StrongValueEq}{\mathrel}{\ensuremath{\sim=}}
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newMathOcl{StrongValueEq}{\mathrel}{\stackrel{\smalltriangleup}{\simeq}}%
}{%
\newMathOcl{StrongValueEq}{\mathrel}{\stackrel{\vartriangle}{\simeq}}%
}
\newOcl{StrictDeepValueEq}{\mathrel}{\ensuremath{\sim==\sim}}
\newMathOcl{StrictDeepValueEq}{\mathrel}{\dot{\approxeq}}
\newOcl{StrongDeepValueEq}{\mathrel}{\ensuremath{\sim=\sim}}
\ifthenelse{\boolean{isar@mnsymbol}}{%
\newMathOcl{StrongDeepValueEq}{\mathrel}{\stackrel{\smalltriangleup}{\approxeq}}%
}{%
\newMathOcl{StrongDeepValueEq}{\mathrel}{\stackrel{\vartriangle}{\approxeq}}%
}
%\newOcl{RefEq}{\mathrel}{~=}
% \newMathOcl{RefEq}{\mathrel}{\simeq}
%; ******************************
%; * OCL State *
%; ******************************
% \newMathOcl{IsTypeOf}{}
% \newMathOcl{Iny/sNew}{}
% \newMathOcl{IsKind}{}
% \newMathOcl{AsType}{}
% \newMathOcl{InState}{}
% \newMathOcl{AllInstances}{}
% \newMathOcl{MethodCall}{}
% \newMathOcl{FeatureCall}{}
\newOcl{IsModifiedOnly}{\mathbin}{\aarrow oclIsModifiedOnly()}
\newMathOcl{IsModifiedOnly}{\mathbin}{\isasymOclIsModifiedOnly}
\newOcl{AllInstances}{\mathbin}{.allInstances()}
\newMathOcl{AllInstances}{\mathbin}{\isasymOclAllInstances}
\newOcl{KindSetOf}{\mathbin}{::kindSetOf()}
\newMathOcl{KindSetOf}{\mathbin}{\isasymOclKindSetOf}
\newOcl{TypeSetOf}{\mathbin}{::typeSetOf()}
\newMathOcl{TypeSetOf}{\mathbin}{\isasymOclTypeSetOf}
\newOcl{AllInstancesATpre}{\mathbin}{.allInstances@pre()}
\newMathOcl{AllInstancesATpre}{\mathbin}{\isasymOclAllInstancesATpre}
\newOcl{ATpre}{\mathbin}{@pre}
\newMathOcl{ATpre}{\mathbin}{\isasymOclATpre}
%%% undefining commands that should never be used directly:
%\let\llcorner\@undefined
%%%
\newcommand{\HolOclWfrec}{\mathop\MathOcl{\operatorname{Wfrec}}}
\endinput

1490
document/introduction.tex Normal file
View File

File diff suppressed because it is too large Load Diff

423
document/lstisar.sty Normal file
View File

@ -0,0 +1,423 @@
\definecolor{OliveGreen} {cmyk}{0.64,0,0.95,0.40}
\definecolor{BrickRed} {cmyk}{0,0.89,0.94,0.28}
\definecolor{Blue} {cmyk}{1,1,0,0}
\definecolor{CornflowerBlue}{cmyk}{0.65,0.13,0,0}
\newcommand{\subscr}[1]{\ensuremath{_{\mbox{#1}}}}
\newcommand{\supscr}[1]{\ensuremath{^{\mbox{#1}}}}
\lstdefinestyle{ISAR}{language=,%
basicstyle=\rmfamily,%
showspaces=false,%
showlines=false,
columns=flexible,%
morecomment=[s]{(*}{*)},%
morecomment=[s]{\{*}{*\}},%
morestring=*[b]",%
showstringspaces=false,
moredelim=*[is][\subscr]{\\<^bsub>}{\\<^esub>},%
moredelim=*[is][\supscr]{\\<^bsup>}{\\<^esup>},%
literate={%
%{\\<ZZ>}{\ensuremath{\mathfrak{Z}}}1%requires eufrak
%{\\<zz>}{\ensuremath{\mathfrak{z}}}1%requires eufrak
{\\<zeta>}{\ensuremath{\zeta}}1%
%{\\<z>}{\ensuremath{\mathrm{z}}}1%
%{\\<Z>}{\ensuremath{\mathcal{Z}}}1%
%{\\<YY>}{\ensuremath{\mathfrak{Y}}}1%requires eufrak
%{\\<yy>}{\ensuremath{\mathfrak{y}}}1%requires eufrak
%{\\<y>}{\ensuremath{\mathrm{y}}}1%
%{\\<Y>}{\ensuremath{\mathcal{Y}}}1%
%{\\<yen>}{\mbox{\yen}}1%requires amssymb,%
%{\\<XX>}{\ensuremath{\mathfrak{X}}}1%requires eufrak
%{\\<xx>}{\ensuremath{\mathfrak{x}}}1%requires eufrak
{\\<Xi>}{\ensuremath{\Xi}}1%
{\\<xi>}{\ensuremath{\xi}}1%
%{\\<x>}{\ensuremath{\mathrm{x}}}1%
%{\\<X>}{\ensuremath{\mathcal{X}}}1%
%{\\<WW>}{\ensuremath{\mathfrak{W}}}1%requires eufrak
%{\\<ww>}{\ensuremath{\mathfrak{w}}}1%requires eufrak
{\\<wrong>}{\ensuremath{\wr}}1%
{\\<wp>}{\ensuremath{\wp}}1%
%{\\<w>}{\ensuremath{\mathrm{w}}}1%
%{\\<W>}{\ensuremath{\mathcal{W}}}1%
%{\\<VV>}{\ensuremath{\mathfrak{V}}}1%requires eufrak
%{\\<vv>}{\ensuremath{\mathfrak{v}}}1%requires eufrak
%{\\<v>}{\ensuremath{\mathrm{v}}}1%
%{\\<V>}{\ensuremath{\mathcal{V}}}1%
%{\\<UU>}{\ensuremath{\mathfrak{U}}}1%requires eufrak
%{\\<uu>}{\ensuremath{\mathfrak{u}}}1%requires eufrak
{\\<Upsilon>}{\ensuremath{\Upsilon}}1%
{\\<upsilon>}{\ensuremath{\upsilon}}1%
{\\<uplus>}{\ensuremath{\uplus}}1%
{\\<Uplus>}{\ensuremath{\biguplus\,}}1%
{\\<Up>}{\ensuremath{\Uparrow}}1%
{\\<up>}{\ensuremath{\uparrow}}1%
{\\<Updown>}{\ensuremath{\Updownarrow}}1%
{\\<updown>}{\ensuremath{\updownarrow}}1%
{\\<unrhd>}{\ensuremath{\unrhd}}1%
{\\<^sub>}{\textsubscript}0%
{\\<unlhd>}{\ensuremath{\unlhd}}1%
{\\<union>}{\ensuremath{\cup}}1%
{\\<Union>}{\ensuremath{\bigcup\,}}1%
%{\\<u>}{\ensuremath{\mathrm{u}}}1%
%{\\<U>}{\ensuremath{\mathcal{U}}}1%
{\\<twosuperior>}{\ensuremath{\mathtwosuperior}}1%requires latin1,%
{\\<turnstile>}{\ensuremath{\vdash}}1%
{\\<Turnstile>}{\ensuremath{\models}}1%
{\\<models>}{\ensuremath{\models}}1%
{\\<tturnstile>}{\ensuremath{\vdash\!\!\!\vdash}}1%
{\\<TTurnstile>}{\ensuremath{\mid\!\models}}1%
%{\\<TT>}{\ensuremath{\mathfrak{T}}}1%requires eufrak
%{\\<tt>}{\ensuremath{\mathfrak{t}}}1%requires eufrak
{\\<triangleright>}{\ensuremath{\triangleright}}1%
{\\<triangleq>}{\ensuremath{\triangleq}}1%requires amssymb,%
{\\<triangleleft>}{\ensuremath{\triangleleft}}1%
{\\<triangle>}{\ensuremath{\triangle}}1%
{\\<top>}{\ensuremath{\top}}1%
{\\<times>}{\ensuremath{\times}}1%
{\\<threesuperior>}{\ensuremath{\maththreesuperior}}1%requires latin1,%
{\\<threequarters>}{\mbox{\rm\textthreequarters}}1%requires latin1,%
{\\<theta>}{\ensuremath{\vartheta}}1%
{\\<Theta>}{\ensuremath{\Theta}}1%
%{\\<t>}{\ensuremath{\mathrm{t}}}1%
%{\\<T>}{\ensuremath{\mathcal{T}}}1%
{\\<tau>}{\ensuremath{\tau}}1%
{\\<surd>}{\ensuremath{\surd}}1%
{\\<supseteq>}{\ensuremath{\supseteq}}1%
{\\<supset>}{\ensuremath{\supset}}1%
{\\<Sum>}{\ensuremath{\sum\,}}1%
{\\<succeq>}{\ensuremath{\succeq}}1%
{\\<succ>}{\ensuremath{\succ}}1%
{\\<subseteq>}{\ensuremath{\subseteq}}1%
{\\<subset>}{\ensuremath{\subset}}1%
{\\<struct>}{\ensuremath{\diamond}}1%
{\\<stileturn>}{\ensuremath{\dashv}}1%
{\\<star>}{\ensuremath{\star}}1%
%{\\<SS>}{\ensuremath{\mathfrak{S}}}1%requires eufrak
%{\\<ss>}{\ensuremath{\mathfrak{s}}}1%requires eufrak
%{\\<squnion>}{\ensuremath{\sqcup}}1%
%{\\<Squnion>}{\ensuremath{\bigsqcup\,}}1%
%{\\<sqsupseteq>}{\ensuremath{\sqsupseteq}}1%
%{\\<sqsupset>}{\ensuremath{\sqsupset}}1%requires amssym,%
%{\\<sqsubseteq>}{\ensuremath{\sqsubseteq}}1%
{\\<sqsubset>}{\ensuremath{\sqsubset}}1%
%{\\<sqinter>}{\ensuremath{\sqcap}}1%
%{\\<Sqinter>}{\ensuremath{\bigsqcap\,}}1%requires masmath,%
%{\\<spadesuit>}{\ensuremath{\spadesuit}}1%
%{\\<spacespace>}{\ensuremath{~~}}1%
%{\\<smile>}{\ensuremath{\smile}}1%
{\\<simeq>}{\ensuremath{\simeq}}1%
{\\<sim>}{\ensuremath{\sim}}1%
{\\<Sigma>}{\ensuremath{\Sigma}}1%
{\\<sigma>}{\ensuremath{\sigma}}1%
{\\<sharp>}{\ensuremath{\sharp}}1%
%{\\<s>}{\ensuremath{\mathrm{s}}}1%
%{\\<S>}{\ensuremath{\mathcal{S}}}1%
{\\<section>}{\mbox{\rm\S}}1%
%{\\<RR>}{\ensuremath{\mathfrak{R}}}1%requires eufrak
%{\\<rr>}{\ensuremath{\mathfrak{r}}}1%requires eufrak
{\\<rparr>}{\ensuremath{\mathclose{\mid\mkern-3mu)}}}1%
{\\<rightleftharpoons>}{\ensuremath{\rightleftharpoons}}2%
{\\<rightharpoonup>}{\ensuremath{\rightharpoonup}}2%
%{\\<rightharpoondown>}{\ensuremath{\rightharpoondown}}1%
{\\<Rightarrow>}{\ensuremath{\Rightarrow}}2%
{\\<rightarrow>}{\ensuremath{\rightarrow}}2%
{\\<restriction>}{\ensuremath{\restriction}}2%
{\\<rho>}{\ensuremath{\varrho}}1%
%{\\<rhd>}{\ensuremath{\rhd}}1%
{\\<rfloor>}{\ensuremath{\rfloor}}1%
%{\\<r>}{\ensuremath{\mathrm{r}}}1%
%{\\<R>}{\ensuremath{\mathcal{R}}}1%
%{\\<registered>}{\mbox{\rm\textregistered}}1%
%{\\<Re>}{\ensuremath{\Re}}1%
%{\\<real>}{\ensuremath{\mathrm{I}\mkern-3.8mu\mathrm{R}}}1%
{\\<rceil>}{\ensuremath{\rceil}}1%
{\\<rbrakk>}{\ensuremath{\mathclose{\rbrack\mkern-3mu\rbrack}}}1%
{\\<rbrace>}{\ensuremath{\mathclose{\mid\mkern-4.5mu\rbrace}}}1%
%{\\<rat>}{\ensuremath{\mathrm{Q}\mkern-16mu{\phantom{\mathrm{t}}\vrule}\mkern10mu}}1%
{\\<rangle>}{\ensuremath{\rangle}}1%
%{\\<questiondown>}{\mbox{\rm\textquestiondown}}1%
%{\\<QQ>}{\ensuremath{\mathfrak{Q}}}1%requires eufrak
%{\\<qq>}{\ensuremath{\mathfrak{q}}}1%requires eufrak
%{\\<q>}{\ensuremath{\mathrm{q}}}1%
%{\\<Q>}{\ensuremath{\mathcal{Q}}}1%
{\\<Psi>}{\ensuremath{\Psi}}1%
{\\<psi>}{\ensuremath{\psi}}1%
{\\<propto>}{\ensuremath{\propto}}1%
{\\<Prod>}{\ensuremath{\prod\,}}1%
{\\<preceq>}{\ensuremath{\preceq}}1%
{\\<prec>}{\ensuremath{\prec}}1%
%{\\<PP>}{\ensuremath{\mathfrak{P}}}1%requires eufrak
%{\\<pp>}{\ensuremath{\mathfrak{p}}}1%requires eufrak
%{\\<pounds>}{\ensuremath{\pounds}}1%
{\\<plusminus>}{\ensuremath{\pm}}1%
{\\<Pi>}{\ensuremath{\Pi}}1%
{\\<pi>}{\ensuremath{\pi}}1%
{\\<phi>}{\ensuremath{\varphi}}1%
{\\<Phi>}{\ensuremath{\Phi}}1%
%{\\<p>}{\ensuremath{\mathrm{p}}}1%
%{\\<P>}{\ensuremath{\mathcal{P}}}1%
{\\<partial>}{\ensuremath{\partial}}1%
{\\<parallel>}{\ensuremath{\parallel}}1%
{\\<paragraph>}{\mbox{\rm\P}}1%
{\\<otimes>}{\ensuremath{\otimes}}1%
{\\<Otimes>}{\ensuremath{\bigotimes\,}}1%
%{\\<oslash>}{\ensuremath{\oslash}}1%
{\\<or>}{\ensuremath{\vee}}1%
{\\<Or>}{\ensuremath{\bigvee}}1%
%{\\<ordmasculine>}{\mbox{\rm\textordmasculine}}1%
%{\\<ordfeminine>}{\mbox{\rm\textordfeminine}}1%
{\\<oplus>}{\ensuremath{\oplus}}1%
{\\<Oplus>}{\ensuremath{\bigoplus\,}}1%
%{\\<OO>}{\ensuremath{\mathfrak{O}}}1%requires eufrak
%{\\<oo>}{\ensuremath{\mathfrak{o}}}1%requires eufrak
%{\\<onesuperior>}{\ensuremath{\mathonesuperior}}1%requires latin1,%
%{\\<onequarter>}{\mbox{\rm\textonequarter}}1%requires latin1,%
%{\\<onehalf>}{\mbox{\rm\textonehalf}}1%requires latin1,%
{\\<ominus>}{\ensuremath{\ominus}}1%
%{\\<Omega>}{\ensuremath{\Omega}}1%
%{\\<omega>}{\ensuremath{\omega}}1%
%{\\<ointegral>}{\ensuremath{\oint\,}}1%
%{\\<o>}{\ensuremath{\mathrm{o}}}1%
%{\\<O>}{\ensuremath{\mathcal{O}}}1%
{\\<odot>}{\ensuremath{\odot}}1%
{\\<Odot>}{\ensuremath{\bigodot\,}}1%
{\\<nu>}{\ensuremath{\nu}}1%
{\\<notin>}{\ensuremath{\notin}}1%
{\\<noteq>}{\ensuremath{\neq}}1%
{\\<not>}{\ensuremath{\neg}}1%
%{\\<NN>}{\ensuremath{\mathfrak{N}}}1%requires eufrak
%{\\<nn>}{\ensuremath{\mathfrak{n}}}1%requires eufrak
%{\\<n>}{\ensuremath{\mathrm{n}}}1%
%{\\<N>}{\ensuremath{\mathcal{N}}}1%
%{\\<natural>}{\ensuremath{\natural}}1%
{\\<nat>}{\ensuremath{\mathrm{I}\mkern-3.8mu\mathrm{N}}}1%
{\\<nabla>}{\ensuremath{\nabla}}1%
{\\<mu>}{\ensuremath{\mu}}1%
%{\\<MM>}{\ensuremath{\mathfrak{M}}}1%requires eufrak
%{\\<mm>}{\ensuremath{\mathfrak{m}}}1%requires eufrak
{\\<minusplus>}{\ensuremath{\mp}}1%
{\\<Midarrow>}{\ensuremath{\Relbar}}1%
{\\<midarrow>}{\ensuremath{\relbar}}1%
{\\<mho>}{\ensuremath{\mho}}1%requires amssym,%
%{\\<m>}{\ensuremath{\mathrm{m}}}1%
%{\\<M>}{\ensuremath{\mathcal{M}}}1%
{\\<mapsto>}{\ensuremath{\mapsto}}1%
{\\<lparr>}{\ensuremath{\mathopen{(\mkern-3mu\mid}}}1%
%{\\<lozenge>}{\ensuremath{\lozenge}}1%requires amssym,%
{\\<Longrightarrow>}{\ensuremath{\Longrightarrow}}3%
{\\<longrightarrow>}{\ensuremath{\longrightarrow}}3%
{\\<implies>}{\ensuremath{\longrightarrow}}4%
{\\<longmapsto>}{\ensuremath{\longmapsto}}3%
{\\<Longleftrightarrow>}{\ensuremath{\Longleftrightarrow}}3%
{\\<longleftrightarrow>}{\ensuremath{\longleftrightarrow}}3%
{\\<Longleftarrow>}{\ensuremath{\Longleftarrow}}3%
{\\<longleftarrow>}{\ensuremath{\longleftarrow}}3%
{\\<lless>}{\ensuremath{\ll}}1%
%{\\<LL>}{\ensuremath{\mathfrak{L}}}1%requires eufrak
%{\\<ll>}{\ensuremath{\mathfrak{l}}}1%requires eufrak
%{\\<lhd>}{\ensuremath{\lhd}}1%
{\\<lfloor>}{\ensuremath{\lfloor}}1%
{\\<lesssim>}{\ensuremath{\lesssim}}1%requires amssymb,%
%{\\<lessapprox>}{\ensuremath{\lessapprox}}1%requires amssymb,%
%{\\<l>}{\ensuremath{\mathrm{l}}}1%
%{\\<L>}{\ensuremath{\mathcal{L}}}1%
{\\<Leftrightarrow>}{\ensuremath{\Leftrightarrow}}1%
{\\<leftrightarrow>}{\ensuremath{\leftrightarrow}}1%
%{\\<leftharpoonup>}{\ensuremath{\leftharpoonup}}1%
%{\\<leftharpoondown>}{\ensuremath{\leftharpoondown}}1%
{\\<Leftarrow>}{\ensuremath{\Leftarrow}}1%
{\\<leftarrow>}{\ensuremath{\leftarrow}}1%
{\\<le>}{\ensuremath{\le}}1%
{\\<leadsto>}{\ensuremath{\leadsto}}2%requires amssym,%
{\\<lceil>}{\ensuremath{\lceil}}1%
{\\<lbrakk>}{\ensuremath{\mathopen{\lbrack\mkern-3mu\lbrack}}}1%
{\\<lbrace>}{\ensuremath{\mathopen{\lbrace\mkern-4.5mu\mid}}}1%
{\\<langle>}{\ensuremath{\langle}}1%
{\\<Lambda>}{\ensuremath{\Lambda}}1%
{\\<lambda>}{\ensuremath{\lambda}}1%
%{\\<KK>}{\ensuremath{\mathfrak{K}}}1%requires eufrak
%{\\<kk>}{\ensuremath{\mathfrak{k}}}1%requires eufrak
%{\\<k>}{\ensuremath{\mathrm{k}}}1%
%{\\<K>}{\ensuremath{\mathcal{K}}}1%
{\\<kappa>}{\ensuremath{\kappa}}1%
{\\<Join>}{\ensuremath{\Join}}1%requires amssym,%
%{\\<JJ>}{\ensuremath{\mathfrak{J}}}1%requires eufrak
%{\\<jj>}{\ensuremath{\mathfrak{j}}}1%requires eufrak
%{\\<j>}{\ensuremath{\mathrm{j}}}1%
%{\\<J>}{\ensuremath{\mathcal{J}}}1%
{ISABELLE}{\$ISABELLE}8%
{\\<iota>}{\ensuremath{\iota}}1%
{\\<inverse>}{\ensuremath{{}^{-1}}}1%
{\\<inter>}{\ensuremath{\cap}}1%
{\\<Inter>}{\ensuremath{\bigcap\,}}1%
{\\<int>}{\ensuremath{\mathsf{Z}\mkern-7.5mu\mathsf{Z}}}1%
{\\<integral>}{\ensuremath{\int\,}}1%
{\\<infinity>}{\ensuremath{\infty}}1%
{\\<in>}{\ensuremath{\in}}1%
{\\<index>}{\mbox{\i}}1%
%{\\<Im>}{\ensuremath{\Im}}1%
%{\\<II>}{\ensuremath{\mathfrak{I}}}1%requires eufrak
%{\\<ii>}{\ensuremath{\mathfrak{i}}}1%requires eufrak
%{\\<i>}{\ensuremath{\mathrm{i}}}1%
%{\\<I>}{\ensuremath{\mathcal{I}}}1%
%{\\<hyphen>}{\mbox{\rm-}}1%
%{\\<hungarumlaut>}{\mbox{\H\relax}}1%
{\\<hookrightarrow>}{\ensuremath{\hookrightarrow}}1%
{\\<hookleftarrow>}{\ensuremath{\hookleftarrow}}1%
%{\\<HH>}{\ensuremath{\mathfrak{H}}}1%requires eufrak
%{\\<hh>}{\ensuremath{\mathfrak{h}}}1%requires eufrak
%{\\<h>}{\ensuremath{\mathrm{h}}}1%
%{\\<H>}{\ensuremath{\mathcal{H}}}1%
%{\\<heartsuit>}{\ensuremath{\heartsuit}}1%
%{\\<guillemotright>}{\mbox{\frqq}}1%requires babel ,%
%{\\<guillemotleft>}{\mbox{\flqq}}1%requires babel ,%
{\\<greatersim>}{\ensuremath{\gtrsim}}1%requires amssymb,%
{\\<greaterapprox>}{\ensuremath{\gtrapprox}}1%requires amssymb,%
{\\<ggreater>}{\ensuremath{\gg}}1%
%{\\<GG>}{\ensuremath{\mathfrak{G}}}1%requires eufrak
%{\\<gg>}{\ensuremath{\mathfrak{g}}}1%requires eufrak
%{\\<g>}{\ensuremath{\mathrm{g}}}1%
%{\\<G>}{\ensuremath{\mathcal{G}}}1%
{\\<ge>}{\ensuremath{\ge}}1%
{\\<Gamma>}{\ensuremath{\Gamma}}1%
{\\<gamma>}{\ensuremath{\gamma}}1%
{\\<frown>}{\ensuremath{\frown}}1%
{\\<forall>}{\ensuremath{\forall\,}}1%
{\\<Forall>}{\ensuremath{\bigwedge\,}}1%
{\\<flat>}{\ensuremath{\flat}}1%
%{\\<FF>}{\ensuremath{\mathfrak{F}}}1%requires eufrak
%{\\<ff>}{\ensuremath{\mathfrak{f}}}1%requires eufrak
%{\\<f>}{\ensuremath{\mathrm{f}}}1%
%{\\<F>}{\ensuremath{\mathcal{F}}}1%
{\\<exists>}{\ensuremath{\exists\,}}1%
%{\\<exclamdown>}{\mbox{\rm\textexclamdown}}1%
%{\\<euro>}{\mbox{\textgreek{\euro}}}1%requires greek babel,%
%{\\<eta>}{\ensuremath{\eta}}1%
{\\<equiv>}{\ensuremath{\equiv}}1%
{\\<epsilon>}{\ensuremath{\varepsilon}}1%
{\\<emptyset>}{\ensuremath{\emptyset}}1%
%{\\<e>}{\ensuremath{\mathrm{e}}}1%
%{\\<E>}{\ensuremath{\mathcal{E}}}1%
%{\\<EE>}{\ensuremath{\mathfrak{E}}}1%requires eufrak
%{\\<ee>}{\ensuremath{\mathfrak{e}}}1%requires eufrak
{\\<Down>}{\ensuremath{\Downarrow}}1%
{\\<down>}{\ensuremath{\downarrow}}1%
{\\<dots>}{\ensuremath{\dots}}1%
{\\<doteq>}{\ensuremath{\doteq}}1%
{\\<div>}{\ensuremath{\div}}1%
{\\<dieresis>}{\mbox{\"\relax}}1%
%{\\<diamondsuit>}{\ensuremath{\diamondsuit}}1%
{\\<diamond>}{\ensuremath{\Diamond}}1%requires amssym,%
%{\\<d>}{\ensuremath{\mathrm{d}}}1%
%{\\<D>}{\ensuremath{\mathcal{D}}}1%
%{\\<Delta>}{\ensuremath{\Delta}}1%
{\\<delta>}{\ensuremath{\delta}}1%
{\\<degree>}{\mbox{\rm\textdegree}}1%requires latin1,%
%{\\<DD>}{\ensuremath{\mathfrak{D}}}1%requires eufrak
%{\\<dd>}{\ensuremath{\mathfrak{d}}}1%requires eufrak
{\\<ddagger>}{\ensuremath{\ddagger}}1%
{\\<dagger>}{\ensuremath{\dagger}}1%
%{\\<currency>}{\mbox{\textcurrency}}1%requires textcomp,%
%{\\<copyright>}{\mbox{\rm\copyright}}1%
{\\<Coprod>}{\ensuremath{\coprod\,}}1%
{\\<cong>}{\ensuremath{\cong}}1%
%{\\<complex>}{\ensuremath{\mathrm{C}\mkern-15mu{\phantom{\mathrm{t}}\vrule}\mkern9mu}}1%
{\\<Colon>}{\ensuremath{\mathrel{::}}}1%
{\\<clubsuit>}{\ensuremath{\clubsuit}}1%
{\\<circ>}{\ensuremath{\circ}}1%
{\\<chi>}{\ensuremath{\chi}}1%
%{\\<cent>}{\mbox{\textcent}}1%requires textcomp,%
%{\\<c>}{\ensuremath{\mathrm{c}}}1%
%{\\<C>}{\ensuremath{\mathcal{C}}}1%
{\\<cedilla>}{\mbox{\c\relax}}1%
{\\<cdots>}{\ensuremath{\cdots}}1%
{\\<vdots>}{\ensuremath{\vdots}}1%
{\\<cdot>}{\ensuremath{\cdot}}1%
%{\\<CC>}{\ensuremath{\mathfrak{C}}}1%requires eufrak
%{\\<cc>}{\ensuremath{\mathfrak{c}}}1%requires eufrak
{\\<bullet}{\boldmath\ensuremath{\mathchoice{\displaystyle{\cdot}}{\textstyle{\cdot}}{\scriptstyle{\bullet}>}{\scriptscriptstyle{\bullet}}}}1%
{\\<box>}{\ensuremath{\Box}}1%requires amssym,%
%{\\<bowtie>}{\ensuremath{\bowtie}}1%
{\\<bottom>}{\ensuremath{\bot}}1%
%{\\<bool>}{\ensuremath{\mathrm{I}\mkern-3.8mu\mathrm{B}}}1%
{\\<beta>}{\ensuremath{\beta}}1%
%{\\<b>}{\ensuremath{\mathrm{b}}}1%
%{\\<B>}{\ensuremath{\mathcal{B}}}1%
%{\\<BB>}{\ensuremath{\mathfrak{B}}}1%requires eufrak
%{\\<bb>}{\ensuremath{\mathfrak{b}}}1%requires eufrak
{\\<bar>}{\ensuremath{\mid}}1%
%{\\<asymp>}{\ensuremath{\asymp}}1%
{\\<approx>}{\ensuremath{\approx}}1%
{\\<angle>}{\ensuremath{\angle}}1%
{\\<and>}{\ensuremath{\wedge}}1%
{\\<And>}{\ensuremath{\bigwedge}}1%
%{\\<amalg>}{\ensuremath{\amalg}}1%
{\\<alpha>}{\ensuremath{\alpha}}1%
{\\<aleph>}{\ensuremath{\aleph}}1%
%{\\<a>}{\ensuremath{\mathrm{a}}}1%
%{\\<A>}{\ensuremath{\mathcal{A}}}1%
%{\\<acute>}{\mbox{\'\relax}}1%
{\\<AA>}{\ensuremath{\mathfrak{A}}}1%requires eufrak
%{\\<aa>}{\ensuremath{\mathfrak{a}}}1%requires eufrak
{`}{$`$}1%
{``}{$``$}1%
% non-standard:
% {\\<evalc>}{$\underset{c}{\longrightarrow}$}1%
{\\<evalc>}{\raisebox{-.8ex}{$\overrightarrow{\enspace{\mbox{\scriptsize $c$}}\enspace}$}}3%
{<n>}{$n$}1%
{IF}{$\mathtt{IF}$}4%
{THEN}{$\mathtt{THEN}$}5%
{PUT}{$\mathtt{PUT}$}3%
{ELSE}{$\mathtt{ELSE}$}5%
{DO}{$\mathtt{DO}$}3%
{WHILE}{$\mathtt{WHILE}$}7%
{AWHILE}{$\mathtt{AWHILE}$}8%
{ASSERT}{$\mathtt{ASSERT}$}8%
{STOP}{$\mathtt{STOP}$}5%
{SKIP}{$\mathtt{SKIP}$}5%
{\\<subn>}{$_n$}1%
{<rel>}{$\mathit{rule}$}3%
{<rule>}{$\mathit{rule}$}4%
{<rules>}{$\mathit{rules}$}5%
{<term>}{$\mathit{term}$}4%
{<term1>}{$\mathit{term}_1$}4%
{<termn>}{$\mathit{term}_n$}4%
{<function>}{$\mathit{function}$}9%
{<name>}{$\mathit{name}$}4%
{<namen>}{$\mathit{name}_n$}4%
{<name1>}{$\mathit{name}_1$}4%
{<a1>}{$a_1$}1%
{<x1>}{$x_1$}1%
{<an>}{$a_n$}1%
{<xn>}{$x_n$}1%
{<C>}{$C$}1%
},%
classoffset=0,%
keywordstyle=\textbf,%
morekeywords={theory,end,imports,begin},%
classoffset=1,%
keywordstyle=\textbf,%
morekeywords={text,txt,finally,next,also,with,moreover,ultimately,thus,prefer,defer,declare,apply,of,OF,THEN,intros,in,fix,assume,from,this,show,have,and,note,let,hence,where,using},% then, and
classoffset=2,%
keywordstyle=\color{Blue}\textbf,%
morekeywords={axclass,class,instance,recdef,primrec,constdefs,consts_code,types_code,consts,axioms,syntax,typedecl,arities,types,translations,inductive,typedef,datatype,record,instance,defs,specification,proof,test_spec,lemmas,lemma,assumes,shows,definition,fun,function,theorem,case},%
classoffset=3,%
keywordstyle=\color{BrickRed}\textbf,%
morekeywords={oops,sorry},%
classoffset=4,%
keywordstyle=\color{OliveGreen}\textbf,%
morekeywords={store_test_thm,qed,done,by},%
classoffset=5,%
keywordstyle=\textsl,%
morekeywords={frule,subst,erule,drule,rule,rule_tac,case_tac,insert,rotate_tac,unfold,fold,assumption,drule_tac},%
classoffset=6,%
keywordstyle=\color{Blue}\textbf,%
morekeywords={binder,infixl},%
classoffset=6,%
keywordstyle=\color{CornflowerBlue}\textbf,%
morekeywords={thm,export_test_data,generate_test_script,generate_code,gen_test_script,gen_test_data,quickcheck,testgen_params,quickcheck_params},%
}
\lstnewenvironment{isar}[1][]{\lstset{style=ISAR,#1}}{}
\lstnewenvironment{smallisar}[1][]{\lstset{style=ISAR,basicstyle=\small\sffamily,#1}}{}
\def\inlineisar{\lstinline[style=ISAR,breaklines=true,mathescape,breakatwhitespace=true]}

347
document/prooftree.sty Normal file
View File

@ -0,0 +1,347 @@
\message{<Paul Taylor's Proof Trees, 2 August 1996>}
%% Build proof tree for Natural Deduction, Sequent Calculus, etc.
%% WITH SHORTENING OF PROOF RULES!
%% Paul Taylor, begun 10 Oct 1989
%% *** THIS IS ONLY A PRELIMINARY VERSION AND THINGS MAY CHANGE! ***
%%
%% 2 Aug 1996: fixed \mscount and \proofdotnumber
%%
%% \prooftree
%% hyp1 produces:
%% hyp2
%% hyp3 hyp1 hyp2 hyp3
%% \justifies -------------------- rulename
%% concl concl
%% \thickness=0.08em
%% \shiftright 2em
%% \using
%% rulename
%% \endprooftree
%%
%% where the hypotheses may be similar structures or just formulae.
%%
%% To get a vertical string of dots instead of the proof rule, do
%%
%% \prooftree which produces:
%% [hyp]
%% \using [hyp]
%% name .
%% \proofdotseparation=1.2ex .name
%% \proofdotnumber=4 .
%% \leadsto .
%% concl concl
%% \endprooftree
%%
%% Within a prooftree, \[ and \] may be used instead of \prooftree and
%% \endprooftree; this is not permitted at the outer level because it
%% conflicts with LaTeX. Also,
%% \Justifies
%% produces a double line. In LaTeX you can use \begin{prooftree} and
%% \end{prootree} at the outer level (however this will not work for the inner
%% levels, but in any case why would you want to be so verbose?).
%%
%% All of of the keywords except \prooftree and \endprooftree are optional
%% and may appear in any order. They may also be combined in \newcommand's
%% eg "\def\Cut{\using\sf cut\thickness.08em\justifies}" with the abbreviation
%% "\prooftree hyp1 hyp2 \Cut \concl \endprooftree". This is recommended and
%% some standard abbreviations will be found at the end of this file.
%%
%% \thickness specifies the breadth of the rule in any units, although
%% font-relative units such as "ex" or "em" are preferable.
%% It may optionally be followed by "=".
%% \proofrulebreadth=.08em or \setlength\proofrulebreadth{.08em} may also be
%% used either in place of \thickness or globally; the default is 0.04em.
%% \proofdotseparation and \proofdotnumber control the size of the
%% string of dots
%%
%% If proof trees and formulae are mixed, some explicit spacing is needed,
%% but don't put anything to the left of the left-most (or the right of
%% the right-most) hypothesis, or put it in braces, because this will cause
%% the indentation to be lost.
%%
%% By default the conclusion is centered wrt the left-most and right-most
%% immediate hypotheses (not their proofs); \shiftright or \shiftleft moves
%% it relative to this position. (Not sure about this specification or how
%% it should affect spreading of proof tree.)
%
% global assignments to dimensions seem to have the effect of stretching
% diagrams horizontally.
%
%%==========================================================================
\def\introrule{{\cal I}}\def\elimrule{{\cal E}}%%
\def\andintro{\using{\land}\introrule\justifies}%%
\def\impelim{\using{\Rightarrow}\elimrule\justifies}%%
\def\allintro{\using{\forall}\introrule\justifies}%%
\def\allelim{\using{\forall}\elimrule\justifies}%%
\def\falseelim{\using{\bot}\elimrule\justifies}%%
\def\existsintro{\using{\exists}\introrule\justifies}%%
%% #1 is meant to be 1 or 2 for the first or second formula
\def\andelim#1{\using{\land}#1\elimrule\justifies}%%
\def\orintro#1{\using{\lor}#1\introrule\justifies}%%
%% #1 is meant to be a label corresponding to the discharged hypothesis/es
\def\impintro#1{\using{\Rightarrow}\introrule_{#1}\justifies}%%
\def\orelim#1{\using{\lor}\elimrule_{#1}\justifies}%%
\def\existselim#1{\using{\exists}\elimrule_{#1}\justifies}
%%==========================================================================
\newdimen\proofrulebreadth \proofrulebreadth=.05em
\newdimen\proofdotseparation \proofdotseparation=1.25ex
\newdimen\proofrulebaseline \proofrulebaseline=2ex
\newcount\proofdotnumber \proofdotnumber=3
\let\then\relax
\def\hfi{\hskip0pt plus.0001fil}
\mathchardef\squigto="3A3B
%
% flag where we are
\newif\ifinsideprooftree\insideprooftreefalse
\newif\ifonleftofproofrule\onleftofproofrulefalse
\newif\ifproofdots\proofdotsfalse
\newif\ifdoubleproof\doubleprooffalse
\let\wereinproofbit\relax
%
% dimensions and boxes of bits
\newdimen\shortenproofleft
\newdimen\shortenproofright
\newdimen\proofbelowshift
\newbox\proofabove
\newbox\proofbelow
\newbox\proofrulename
%
% miscellaneous commands for setting values
\def\shiftproofbelow{\let\next\relax\afterassignment\setshiftproofbelow\dimen0 }
\def\shiftproofbelowneg{\def\next{\multiply\dimen0 by-1 }%
\afterassignment\setshiftproofbelow\dimen0 }
\def\setshiftproofbelow{\next\proofbelowshift=\dimen0 }
\def\setproofrulebreadth{\proofrulebreadth}
%=============================================================================
\def\prooftree{% NESTED ZERO (\ifonleftofproofrule)
%
% first find out whether we're at the left-hand end of a proof rule
\ifnum \lastpenalty=1
\then \unpenalty
\else \onleftofproofrulefalse
\fi
%
% some space on left (except if we're on left, and no infinity for outermost)
\ifonleftofproofrule
\else \ifinsideprooftree
\then \hskip.5em plus1fil
\fi
\fi
%
% begin our proof tree environment
\bgroup% NESTED ONE (\proofbelow, \proofrulename, \proofabove,
% \shortenproofleft, \shortenproofright, \proofrulebreadth)
\setbox\proofbelow=\hbox{}\setbox\proofrulename=\hbox{}%
\let\justifies\proofover\let\leadsto\proofoverdots\let\Justifies\proofoverdbl
\let\using\proofusing\let\[\prooftree
\ifinsideprooftree\let\]\endprooftree\fi
\proofdotsfalse\doubleprooffalse
\let\thickness\setproofrulebreadth
\let\shiftright\shiftproofbelow \let\shift\shiftproofbelow
\let\shiftleft\shiftproofbelowneg
\let\ifwasinsideprooftree\ifinsideprooftree
\insideprooftreetrue
%
% now begin to set the top of the rule (definitions local to it)
\setbox\proofabove=\hbox\bgroup$\displaystyle % NESTED TWO
\let\wereinproofbit\prooftree
%
% these local variables will be copied out:
\shortenproofleft=0pt \shortenproofright=0pt \proofbelowshift=0pt
%
% flags to enable inner proof tree to detect if on left:
\onleftofproofruletrue\penalty1
}
%=============================================================================
% end whatever box and copy crucial values out of it
\def\eproofbit{% NESTED TWO
%
% various hacks applicable to hypothesis list
\ifx \wereinproofbit\prooftree
\then \ifcase \lastpenalty
\then \shortenproofright=0pt % 0: some other object, no indentation
\or \unpenalty\hfil % 1: empty hypotheses, just glue
\or \unpenalty\unskip % 2: just had a tree, remove glue
\else \shortenproofright=0pt % eh?
\fi
\fi
%
% pass out crucial values from scope
\global\dimen0=\shortenproofleft
\global\dimen1=\shortenproofright
\global\dimen2=\proofrulebreadth
\global\dimen3=\proofbelowshift
\global\dimen4=\proofdotseparation
\global\count255=\proofdotnumber
%
% end the box
$\egroup % NESTED ONE
%
% restore the values
\shortenproofleft=\dimen0
\shortenproofright=\dimen1
\proofrulebreadth=\dimen2
\proofbelowshift=\dimen3
\proofdotseparation=\dimen4
\proofdotnumber=\count255
}
%=============================================================================
\def\proofover{% NESTED TWO
\eproofbit % NESTED ONE
\setbox\proofbelow=\hbox\bgroup % NESTED TWO
\let\wereinproofbit\proofover
$\displaystyle
}%
%
%=============================================================================
\def\proofoverdbl{% NESTED TWO
\eproofbit % NESTED ONE
\doubleprooftrue
\setbox\proofbelow=\hbox\bgroup % NESTED TWO
\let\wereinproofbit\proofoverdbl
$\displaystyle
}%
%
%=============================================================================
\def\proofoverdots{% NESTED TWO
\eproofbit % NESTED ONE
\proofdotstrue
\setbox\proofbelow=\hbox\bgroup % NESTED TWO
\let\wereinproofbit\proofoverdots
$\displaystyle
}%
%
%=============================================================================
\def\proofusing{% NESTED TWO
\eproofbit % NESTED ONE
\setbox\proofrulename=\hbox\bgroup % NESTED TWO
\let\wereinproofbit\proofusing
\kern0.3em$
}
%=============================================================================
\def\endprooftree{% NESTED TWO
\eproofbit % NESTED ONE
% \dimen0 = length of proof rule
% \dimen1 = indentation of conclusion wrt rule
% \dimen2 = new \shortenproofleft, ie indentation of conclusion
% \dimen3 = new \shortenproofright, ie
% space on right of conclusion to end of tree
% \dimen4 = space on right of conclusion below rule
\dimen5 =0pt% spread of hypotheses
% \dimen6, \dimen7 = height & depth of rule
%
% length of rule needed by proof above
\dimen0=\wd\proofabove \advance\dimen0-\shortenproofleft
\advance\dimen0-\shortenproofright
%
% amount of spare space below
\dimen1=.5\dimen0 \advance\dimen1-.5\wd\proofbelow
\dimen4=\dimen1
\advance\dimen1\proofbelowshift \advance\dimen4-\proofbelowshift
%
% conclusion sticks out to left of immediate hypotheses
\ifdim \dimen1<0pt
\then \advance\shortenproofleft\dimen1
\advance\dimen0-\dimen1
\dimen1=0pt
% now it sticks out to left of tree!
\ifdim \shortenproofleft<0pt
\then \setbox\proofabove=\hbox{%
\kern-\shortenproofleft\unhbox\proofabove}%
\shortenproofleft=0pt
\fi
\fi
%
% and to the right
\ifdim \dimen4<0pt
\then \advance\shortenproofright\dimen4
\advance\dimen0-\dimen4
\dimen4=0pt
\fi
%
% make sure enough space for label
\ifdim \shortenproofright<\wd\proofrulename
\then \shortenproofright=\wd\proofrulename
\fi
%
% calculate new indentations
\dimen2=\shortenproofleft \advance\dimen2 by\dimen1
\dimen3=\shortenproofright\advance\dimen3 by\dimen4
%
% make the rule or dots, with name attached
\ifproofdots
\then
\dimen6=\shortenproofleft \advance\dimen6 .5\dimen0
\setbox1=\vbox to\proofdotseparation{\vss\hbox{$\cdot$}\vss}%
\setbox0=\hbox{%
\advance\dimen6-.5\wd1
\kern\dimen6
$\vcenter to\proofdotnumber\proofdotseparation
{\leaders\box1\vfill}$%
\unhbox\proofrulename}%
\else \dimen6=\fontdimen22\the\textfont2 % height of maths axis
\dimen7=\dimen6
\advance\dimen6by.5\proofrulebreadth
\advance\dimen7by-.5\proofrulebreadth
\setbox0=\hbox{%
\kern\shortenproofleft
\ifdoubleproof
\then \hbox to\dimen0{%
$\mathsurround0pt\mathord=\mkern-6mu%
\cleaders\hbox{$\mkern-2mu=\mkern-2mu$}\hfill
\mkern-6mu\mathord=$}%
\else \vrule height\dimen6 depth-\dimen7 width\dimen0
\fi
\unhbox\proofrulename}%
\ht0=\dimen6 \dp0=-\dimen7
\fi
%
% set up to centre outermost tree only
\let\doll\relax
\ifwasinsideprooftree
\then \let\VBOX\vbox
\else \ifmmode\else$\let\doll=$\fi
\let\VBOX\vcenter
\fi
% this \vbox or \vcenter is the actual output:
\VBOX {\baselineskip\proofrulebaseline \lineskip.2ex
\expandafter\lineskiplimit\ifproofdots0ex\else-0.6ex\fi
\hbox spread\dimen5 {\hfi\unhbox\proofabove\hfi}%
\hbox{\box0}%
\hbox {\kern\dimen2 \box\proofbelow}}\doll%
%
% pass new indentations out of scope
\global\dimen2=\dimen2
\global\dimen3=\dimen3
\egroup % NESTED ZERO
\ifonleftofproofrule
\then \shortenproofleft=\dimen2
\fi
\shortenproofright=\dimen3
%
% some space on right and flag we've just made a tree
\onleftofproofrulefalse
\ifinsideprooftree
\then \hskip.5em plus 1fil \penalty2
\fi
}
%==========================================================================
% IDEAS
% 1. Specification of \shiftright and how to spread trees.
% 2. Spacing command \m which causes 1em+1fil spacing, over-riding
% exisiting space on sides of trees and not affecting the
% detection of being on the left or right.
% 3. Hack using \@currenvir to detect LaTeX environment; have to
% use \aftergroup to pass \shortenproofleft/right out.
% 4. (Pie in the sky) detect how much trees can be "tucked in"
% 5. Discharged hypotheses (diagonal lines).

1384
document/root.bib Normal file
View File

File diff suppressed because it is too large Load Diff

157
document/root.tex Normal file
View File

@ -0,0 +1,157 @@
\documentclass[11pt,a4paper,openright,twoside,abstracton]{scrreprt}
\usepackage{fixltx2e}
\usepackage{isabelle,isabellesym}
\usepackage[nocolortable, noaclist]{hol-ocl-isar}
\usepackage{booktabs}
\usepackage{graphicx}
\usepackage{amssymb}
\usepackage[numbers, sort&compress, sectionbib]{natbib}
\usepackage[caption=false]{subfig}
\usepackage{lstisar}
\usepackage{tabu}
\usepackage[]{mathtools}
\usepackage{prooftree}
\usepackage{aeguill}
\usepackage[pdfpagelabels, pageanchor=false, plainpages=false]{hyperref}
% \usepackage[draft]{fixme}
% MathOCl expressions
\colorlet{MathOclColor}{Black}
\colorlet{HolOclColor}{Black}
\colorlet{OclColor}{Black}
%
\sloppy
\uchyph=0
\graphicspath{{data/},{figures/}}
\allowdisplaybreaks
\renewcommand{\HolTrue}{\mathrm{true}}
\renewcommand{\HolFalse}{\mathrm{false}}
\newcommand{\ptmi}[1]{\using{\mi{#1}}}
\newcommand{\Lemma}[1]{{\color{BrickRed}%
\mathbf{\operatorname{lemma}}}~\text{#1:}\quad}
\newcommand{\done}{{\color{OliveGreen}\operatorname{done}}}
\newcommand{\apply}[1]{{\holoclthykeywordstyle%
\operatorname{apply}}(\text{#1})}
\newcommand{\fun} {{\holoclthykeywordstyle\operatorname{fun}}}
\newcommand{\definitionS} {{\holoclthykeywordstyle\operatorname{definition}}}
\newcommand{\where} {{\holoclthykeywordstyle\operatorname{where}}}
\newcommand{\datatype} {{\holoclthykeywordstyle\operatorname{datatype}}}
\newcommand{\types} {{\holoclthykeywordstyle\operatorname{types}}}
\newcommand{\pglabel}[1]{\text{#1}}
\renewcommand{\isasymOclUndefined}{\ensuremath{\mathtt{invalid}}}
\newcommand{\isasymOclNull}{\ensuremath{\mathtt{null}}}
\newcommand{\isasymOclInvalid}{\isasymOclUndefined}
\DeclareMathOperator{\inv}{inv}
\newcommand{\Null}[1]{{\ensuremath{\mathtt{null}_\text{{#1}}}}}
\newcommand{\testgen}{HOL-TestGen\xspace}
\newcommand{\HolOption}{\mathrm{option}}
\newcommand{\ran}{\mathrm{ran}}
\newcommand{\dom}{\mathrm{dom}}
\newcommand{\typedef}{\mathrm{typedef}}
\newcommand{\mi}[1]{\,\text{#1}}
\newcommand{\state}[1]{\ifthenelse{\equal{}{#1}}%
{\operatorname{state}}%
{\operatorname{\mathit{state}}(#1)}%
}
\newcommand{\mocl}[1]{\text{\inlineocl{#1}}}
\DeclareMathOperator{\TCnull}{null}
\DeclareMathOperator{\HolNull}{null}
\DeclareMathOperator{\HolBot}{bot}
% urls in roman style, theory text in math-similar italics
\urlstyle{rm}
\isabellestyle{it}
\newcommand{\ie}{i.\,e.\xspace}
\newcommand{\eg}{e.\,g.\xspace}
\renewcommand{\isamarkupheader}[1]{\chapter{#1}}
\renewcommand{\isamarkupsection}[1]{\section{#1}}
\renewcommand{\isamarkupsubsection}[1]{\subsection{#1}}
\renewcommand{\isamarkupsubsubsection}[1]{\subsubsection{#1}}
\renewcommand{\isamarkupsect}[1]{\section{#1}}
\renewcommand{\isamarkupsubsect}[1]{\susubsection{#1}}
\renewcommand{\isamarkupsubsubsect}[1]{\subsubsection{#1}}
\begin{document}
\renewcommand{\subsubsectionautorefname}{Section}
\renewcommand{\subsectionautorefname}{Section}
\renewcommand{\sectionautorefname}{Section}
\renewcommand{\chapterautorefname}{Chapter}
\newcommand{\subtableautorefname}{\tableautorefname}
\newcommand{\subfigureautorefname}{\figureautorefname}
\title{Featherweight OCL}
\subtitle{A Proposal for a Machine-Checked Formal Semantics for OCL 2.5}
\author{%
\href{http://www.brucker.ch/}{Achim D. Brucker}\footnotemark[1]
\and
\href{https://www.lri.fr/~tuong/}{Fr\'ed\'eric Tuong}\footnotemark[3]
\and
\href{https://www.lri.fr/~wolff/}{Burkhart Wolff}\footnotemark[2]}
\publishers{%
\footnotemark[1]~SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe,
Germany \texorpdfstring{\\}{} \href{mailto:"Achim D. Brucker"
<achim.brucker@sap.com>}{achim.brucker@sap.com}\\[2em]
%
\footnotemark[3]~Univ. Paris-Sud, IRT SystemX, 8 av.~de la Vauve, \\
91120 Palaiseau, France\\
frederic.tuong@\{u-psud, irt-systemx\}.fr\\[2em]
%
\footnotemark[2]~Univ. Paris-Sud, Laboratoire LRI, UMR8623, 91405 Orsay, France\\
CNRS, 91405 Orsay, France\texorpdfstring{\\}{}
\href{mailto:"Burkhart Wolff" <burkhart.wolff@lri.fr>}{burkhart.wolff@lri.fr}
}
\maketitle
\begin{abstract}
The Unified Modeling Language (UML) is one of the few modeling
languages that is widely used in industry. While UML is mostly known
as diagrammatic modeling language (\eg, visualizing class models),
it is complemented by a textual language, called Object Constraint
Language (OCL). OCL is a textual annotation language, based on a
three-valued logic, that turns UML into a formal language.
Unfortunately the semantics of this specification language, captured
in the ``Annex A'' of the OCL standard, leads to different
interpretations of corner cases. Many of these corner cases had
been subject to formal analysis since more than ten years.
The situation complicated when with version 2.3 the OCL was aligned
with the latest version of UML: this led to the extension of the
three-valued logic by a second exception element, called
\inlineocl{null}. While the first exception element
\inlineocl{invalid} has a strict semantics, \inlineocl{null} has a
non strict semantic interpretation. These semantic difficulties lead
to remarkable confusion for implementors of OCL compilers and
interpreters.
In this paper, we provide a formalization of the core of OCL in
HOL\@. It provides denotational definitions, a logical calculus and
operational rules that allow for the execution of OCL expressions by
a mixture of term rewriting and code compilation. Our formalization
reveals several inconsistencies and contradictions in the current
version of the OCL standard. They reflect a challenge to define and
implement OCL tools in a uniform manner. Overall, this document is
intended to provide the basis for a machine-checked text ``Annex A''
of the OCL standard targeting at tool implementors.
\end{abstract}
\tableofcontents
\include{introduction}
\include{formalization}
\include{conclusion}
\bibliographystyle{abbrvnat}
\bibliography{root}
\end{document}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: t
%%% End:
% LocalWords: implementors denotational OCL UML

143
examples/Employee_AnalysisModel_OCLPart.thy Normal file
View File

@ -0,0 +1,143 @@
(*****************************************************************************
* Featherweight-OCL --- A Formal Semantics for UML-OCL Version OCL 2.4
* for the OMG Standard.
* http://www.brucker.ch/projects/hol-testgen/
*
* Employee_DesignModel_OCLPart.thy --- OCL Contracts and an Example.
* This file is part of HOL-TestGen.
*
* Copyright (c) 2012-2013 Université Paris-Sud, France
* 2013 IRT SystemX, France
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
******************************************************************************)
header{* The Employee Analysis Model (OCL) *}
theory
Employee_AnalysisModel_OCLPart
imports
Employee_AnalysisModel_UMLPart
begin
text {* \label{ex:employee-analysis:ocl} *}
section{* Standard State Infrastructure *}
text{* Ideally, these definitions are automatically generated from the class model. *}
section{* Invariant *}
text{* These recursive predicates can be defined conservatively
by greatest fix-point
constructions---automatically. See~\cite{brucker.ea:hol-ocl-book:2006,brucker:interactive:2007}
for details. For the purpose of this example, we state them as axioms
here. *}
axiomatization inv_Person :: "Person \<Rightarrow> Boolean"
where A : "(\<tau> \<Turnstile> (\<delta> self)) \<longrightarrow>
(\<tau> \<Turnstile> inv_Person(self)) =
((\<tau> \<Turnstile> (self .boss \<doteq> null)) \<or>
( \<tau> \<Turnstile> (self .boss <> null) \<and> (\<tau> \<Turnstile> ((self .salary) `\<le> (self .boss .salary))) \<and>
(\<tau> \<Turnstile> (inv_Person(self .boss))))) "
axiomatization inv_Person_at_pre :: "Person \<Rightarrow> Boolean"
where B : "(\<tau> \<Turnstile> (\<delta> self)) \<longrightarrow>
(\<tau> \<Turnstile> inv_Person_at_pre(self)) =
((\<tau> \<Turnstile> (self .boss@pre \<doteq> null)) \<or>
( \<tau> \<Turnstile> (self .boss@pre <> null) \<and>
(\<tau> \<Turnstile> (self .boss@pre .salary@pre `\<le> self .salary@pre)) \<and>
(\<tau> \<Turnstile> (inv_Person_at_pre(self .boss@pre))))) "
text{* A very first attempt to characterize the axiomatization by an inductive
definition - this can not be the last word since too weak (should be equality!) *}
coinductive inv :: "Person \<Rightarrow> (\<AA>)st \<Rightarrow> bool" where
"(\<tau> \<Turnstile> (\<delta> self)) \<Longrightarrow> ((\<tau> \<Turnstile> (self .boss \<doteq> null)) \<or>
(\<tau> \<Turnstile> (self .boss <> null) \<and> (\<tau> \<Turnstile> (self .boss .salary `\<le> self .salary)) \<and>
( (inv(self .boss))\<tau> )))
\<Longrightarrow> ( inv self \<tau>)"
section{* The Contract of a Recursive Query *}
text{* The original specification of a recursive query :
\begin{ocl}
context Person::contents():Set(Integer)
post: result = if self.boss = null
then Set{i}
else self.boss.contents()->including(i)
endif
\end{ocl} *}
consts dot_contents :: "Person \<Rightarrow> Set_Integer" ("(1(_).contents'('))" 50)
axiomatization where dot_contents_def:
"(\<tau> \<Turnstile> ((self).contents() \<triangleq> result)) =
(if (\<delta> self) \<tau> = true \<tau>
then ((\<tau> \<Turnstile> true) \<and>
(\<tau> \<Turnstile> (result \<triangleq> if (self .boss \<doteq> null)
then (Set{self .salary})
else (self .boss .contents()->including(self .salary))
endif)))
else \<tau> \<Turnstile> result \<triangleq> invalid)"
consts dot_contents_AT_pre :: "Person \<Rightarrow> Set_Integer" ("(1(_).contents@pre'('))" 50)
axiomatization where dot_contents_AT_pre_def:
"(\<tau> \<Turnstile> (self).contents@pre() \<triangleq> result) =
(if (\<delta> self) \<tau> = true \<tau>
then \<tau> \<Turnstile> true \<and> (* pre *)
\<tau> \<Turnstile> (result \<triangleq> if (self).boss@pre \<doteq> null (* post *)
then Set{(self).salary@pre}
else (self).boss@pre .contents@pre()->including(self .salary@pre)
endif)
else \<tau> \<Turnstile> result \<triangleq> invalid)"
text{* These \inlineocl{@pre} variants on methods are only available on queries, \ie,
operations without side-effect. *}
section{* The Contract of a Method *}
text{*
The specification in high-level OCL input syntax reads as follows:
\begin{ocl}
context Person::insert(x:Integer)
post: contents():Set(Integer)
contents() = contents@pre()->including(x)
\end{ocl}
*}
consts dot_insert :: "Person \<Rightarrow> Integer \<Rightarrow> Void" ("(1(_).insert'(_'))" 50)
axiomatization where dot_insert_def:
"(\<tau> \<Turnstile> ((self).insert(x) \<triangleq> result)) =
(if (\<delta> self) \<tau> = true \<tau> \<and> (\<upsilon> x) \<tau> = true \<tau>
then \<tau> \<Turnstile> true \<and>
\<tau> \<Turnstile> ((self).contents() \<triangleq> (self).contents@pre()->including(x))
else \<tau> \<Turnstile> ((self).insert(x) \<triangleq> invalid))"
end

1341
examples/Employee_AnalysisModel_UMLPart.thy Normal file
View File

File diff suppressed because it is too large Load Diff

143
examples/Employee_DesignModel_OCLPart.thy Normal file
View File

@ -0,0 +1,143 @@
(*****************************************************************************
* Featherweight-OCL --- A Formal Semantics for UML-OCL Version OCL 2.4
* for the OMG Standard.
* http://www.brucker.ch/projects/hol-testgen/
*
* Employee_DesignModel_OCLPart.thy --- OCL Contracts and an Example.
* This file is part of HOL-TestGen.
*
* Copyright (c) 2012-2013 Université Paris-Sud, France
* 2013 IRT SystemX, France
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
******************************************************************************)
header{* The Employee Design Model (OCL) *}
theory
Employee_DesignModel_OCLPart
imports
Employee_DesignModel_UMLPart
begin
text {* \label{ex:employee-design:ocl} *}
section{* Standard State Infrastructure *}
text{* Ideally, these definitions are automatically generated from the class model. *}
section{* Invariant *}
text{* These recursive predicates can be defined conservatively
by greatest fix-point
constructions---automatically. See~\cite{brucker.ea:hol-ocl-book:2006,brucker:interactive:2007}
for details. For the purpose of this example, we state them as axioms
here. *}
axiomatization inv_Person :: "Person \<Rightarrow> Boolean"
where A : "(\<tau> \<Turnstile> (\<delta> self)) \<longrightarrow>
(\<tau> \<Turnstile> inv_Person(self)) =
((\<tau> \<Turnstile> (self .boss \<doteq> null)) \<or>
( \<tau> \<Turnstile> (self .boss <> null) \<and> (\<tau> \<Turnstile> ((self .salary) `\<le> (self .boss .salary))) \<and>
(\<tau> \<Turnstile> (inv_Person(self .boss))))) "
axiomatization inv_Person_at_pre :: "Person \<Rightarrow> Boolean"
where B : "(\<tau> \<Turnstile> (\<delta> self)) \<longrightarrow>
(\<tau> \<Turnstile> inv_Person_at_pre(self)) =
((\<tau> \<Turnstile> (self .boss@pre \<doteq> null)) \<or>
( \<tau> \<Turnstile> (self .boss@pre <> null) \<and>
(\<tau> \<Turnstile> (self .boss@pre .salary@pre `\<le> self .salary@pre)) \<and>
(\<tau> \<Turnstile> (inv_Person_at_pre(self .boss@pre))))) "
text{* A very first attempt to characterize the axiomatization by an inductive
definition - this can not be the last word since too weak (should be equality!) *}
coinductive inv :: "Person \<Rightarrow> (\<AA>)st \<Rightarrow> bool" where
"(\<tau> \<Turnstile> (\<delta> self)) \<Longrightarrow> ((\<tau> \<Turnstile> (self .boss \<doteq> null)) \<or>
(\<tau> \<Turnstile> (self .boss <> null) \<and> (\<tau> \<Turnstile> (self .boss .salary `\<le> self .salary)) \<and>
( (inv(self .boss))\<tau> )))
\<Longrightarrow> ( inv self \<tau>)"
section{* The Contract of a Recursive Query *}
text{* The original specification of a recursive query :
\begin{ocl}
context Person::contents():Set(Integer)
post: result = if self.boss = null
then Set{i}
else self.boss.contents()->including(i)
endif
\end{ocl} *}
consts dot_contents :: "Person \<Rightarrow> Set_Integer" ("(1(_).contents'('))" 50)
axiomatization where dot_contents_def:
"(\<tau> \<Turnstile> ((self).contents() \<triangleq> result)) =
(if (\<delta> self) \<tau> = true \<tau>
then ((\<tau> \<Turnstile> true) \<and>
(\<tau> \<Turnstile> (result \<triangleq> if (self .boss \<doteq> null)
then (Set{self .salary})
else (self .boss .contents()->including(self .salary))
endif)))
else \<tau> \<Turnstile> result \<triangleq> invalid)"
consts dot_contents_AT_pre :: "Person \<Rightarrow> Set_Integer" ("(1(_).contents@pre'('))" 50)
axiomatization where dot_contents_AT_pre_def:
"(\<tau> \<Turnstile> (self).contents@pre() \<triangleq> result) =
(if (\<delta> self) \<tau> = true \<tau>
then \<tau> \<Turnstile> true \<and> (* pre *)
\<tau> \<Turnstile> (result \<triangleq> if (self).boss@pre \<doteq> null (* post *)
then Set{(self).salary@pre}
else (self).boss@pre .contents@pre()->including(self .salary@pre)
endif)
else \<tau> \<Turnstile> result \<triangleq> invalid)"
text{* These \inlineocl{@pre} variants on methods are only available on queries, \ie,
operations without side-effect. *}
section{* The Contract of a Method *}
text{*
The specification in high-level OCL input syntax reads as follows:
\begin{ocl}
context Person::insert(x:Integer)
post: contents():Set(Integer)
contents() = contents@pre()->including(x)
\end{ocl}
*}
consts dot_insert :: "Person \<Rightarrow> Integer \<Rightarrow> Void" ("(1(_).insert'(_'))" 50)
axiomatization where dot_insert_def:
"(\<tau> \<Turnstile> ((self).insert(x) \<triangleq> result)) =
(if (\<delta> self) \<tau> = true \<tau> \<and> (\<upsilon> x) \<tau> = true \<tau>
then \<tau> \<Turnstile> true \<and>
\<tau> \<Turnstile> ((self).contents() \<triangleq> (self).contents@pre()->including(x))
else \<tau> \<Turnstile> ((self).insert(x) \<triangleq> invalid))"
end

1273
examples/Employee_DesignModel_UMLPart.thy Normal file
View File

File diff suppressed because it is too large Load Diff