2. Formalization II: OCL Terms and Library Operations 47
2.9. Collection Type Set: Operations
2.9.4. Constants: mtSet
definitionmtSet::(0A,0α::null)Set (Set{})
where Set{} ≡(λ τ . Abs-Setbase xx{}::0αsetyy)
lemmamtSet-defined[simp,code-unfold]:δ(Set{}) =true hproofi
lemmamtSet-valid[simp,code-unfold]:υ(Set{}) =true hproofi
lemmamtSet-rep-set:ppRep-Setbase (Set{}τ)qq={}
hproofi
lemma[simp,code-unfold]:const Set{}
hproofi
Note that the collection types in OCL allow for null to be included; however, there is the null-collection into which inclusion yields invalid.
2.9.5. Definition: Including
definitionOclIncluding :: [(0A,0α::null)Set,(0A,0α) val]⇒(0A,0α)Set where OclIncluding x y = (λ τ .if (δ x)τ =true τ ∧(υ y)τ =trueτ
then Abs-Setbase xx ppRep-Setbase (x τ)qq ∪ {yτ}yy else invalid τ )
notation OclIncluding (-−>includingS et0
(-0))
interpretationOclIncluding :profile-bind-vOclIncluding λx y.Abs-SetbasexxppRep-Setbasexqq∪ {y}yy hproofi
syntax
-OclFinset ::args =>(0A,0a::null)Set (Set{(-)}) translations
Set{x,xs}==CONST OclIncluding(Set{xs})x Set{x} ==CONST OclIncluding(Set{})x
2.9.6. Definition: Excluding
definitionOclExcluding :: [(0A,0α::null) Set,(0A,0α)val]⇒(0A,0α) Set where OclExcluding x y = (λ τ . if (δ x)τ =trueτ ∧(υ y)τ =true τ
then Abs-Setbase xx ppRep-Setbase (x τ)qq− {yτ}yy else⊥)
notation OclExcluding (-−>excludingS et0
(-0))
lemmaOclExcluding-inv: (x::Set(0b::{null}))6=⊥=⇒x 6=null =⇒ y 6=⊥ =⇒ xxppRep-Setbasexqq− {y}yy∈ {X.X =bot ∨X =null ∨(∀x∈ppXqq.x 6=bot)}
hproofi
interpretationOclExcluding:profile-bind-v OclExcluding λx y.Abs-SetbasexxppRep-Setbase xqq− {y}yy hproofi
2.9.7. Definition: Includes
definitionOclIncludes :: [(0A,0α::null) Set,(0A,0α)val]⇒ 0ABoolean where OclIncludes x y = (λ τ . if (δ x)τ =trueτ ∧(υ y)τ =true τ
thenxx(y τ) ∈ppRep-Setbase(x τ)qq yy else⊥ )
notation OclIncludes (-−>includesS et0
(-0) )
interpretationOclIncludes:profile-bind-v OclIncludesλx y.xxy∈ppRep-Setbasexqqyy hproofi
2.9.8. Definition: Excludes
definitionOclExcludes :: [(0A,0α::null)Set,(0A,0α)val]⇒ 0ABoolean where OclExcludes x y = (not(OclIncludes x y))
notation OclExcludes (-−>excludesS et0
(-0) )
The case of the size definition is somewhat special, we admit explicitly in Featherweight OCL the possibility of infinite sets. For the size definition, this requires an extra condition that assures that the
cardinality of the set is actually a defined integer.
interpretationOclExcludes:profile-bind-v OclExcludesλx y.xxy ∈/ ppRep-Setbasexqqyy hproofi
2.9.9. Definition: Size
definitionOclSize :: (0A,0α::null)Set⇒ 0AInteger
where OclSize x= (λ τ . if (δ x)τ =trueτ ∧finite(ppRep-Setbase (x τ)qq) thenxxint(card ppRep-Setbase (x τ)qq)yy
else⊥) notation
OclSize (-−>sizeS et0
(0) )
The following definition follows the requirement of the standard to treat null as neutral element of sets.
It is a well-documented exception from the general strictness rule and the rule that the distinguished argument self should be non-null.
2.9.10. Definition: IsEmpty
definitionOclIsEmpty :: (0A,0α::null)Set⇒ 0ABoolean
where OclIsEmpty x= ((υ x and not(δ x))or ((OclSize x) .
=0)) notation OclIsEmpty (-−>isEmptyS et0
(0) )
2.9.11. Definition: NotEmpty
definitionOclNotEmpty :: (0A,0α::null)Set⇒ 0ABoolean where OclNotEmpty x= not(OclIsEmpty x)
notation OclNotEmpty (-−>notEmptyS et0
(0) )
2.9.12. Definition: Any
definitionOclANY :: [(0A,0α::null) Set]⇒(0A,0α)val where OclANY x= (λ τ . if (υ x)τ =trueτ
then if (δx and OclNotEmpty x)τ =trueτ then SOME y.y ∈ppRep-Setbase(x τ)qq else null τ
else⊥) notation OclANY (-−>anyS et0
(0))
2.9.13. Definition: Forall
The definition of OclForall mimics the one of (and): OclForall is not a strict operation.
definitionOclForall :: [(0A,0α::null)Set,(0A,0α)val⇒(0A)Boolean]⇒ 0ABoolean where OclForall S P= (λ τ . if (δ S)τ =true τ
then if (∃x∈ppRep-Setbase(S τ)qq.P(λ-.x)τ =falseτ) then falseτ
else if (∃x∈ppRep-Setbase (S τ)qq.P(λ-.x) τ =invalid τ) then invalid τ
else if (∃x∈ppRep-Setbase (S τ)qq.P(λ-.x)τ =null τ) then nullτ
else trueτ else ⊥)
syntax
-OclForallSet :: [(0A,0α::null)Set,id,(0A)Boolean]⇒ 0ABoolean ((-)−>forAllS et0(-|-0)) translations
X−>forAllS et(x |P) ==CONST UML-Set.OclForall X (%x.P)
2.9.14. Definition: Exists
Like OclForall, OclExists is also not strict.
definitionOclExists :: [(0A,0α::null)Set,(0A,0α)val⇒(0A)Boolean]⇒ 0ABoolean where OclExists S P =not(UML-Set.OclForall S (λX.not (P X)))
syntax
-OclExistSet :: [(0A,0α::null)Set,id,(0A)Boolean]⇒ 0ABoolean ((-)−>existsS et0(-|-0)) translations
X−>existsS et(x |P) ==CONST UML-Set.OclExists X (%x.P)
2.9.15. Definition: Iterate
definitionOclIterate :: [(0A,0α::null)Set,(0A,0β::null)val,
(0A,0α)val⇒(0A,0β)val⇒(0A,0β)val]⇒(0A,0β)val
whereOclIterate S A F = (λ τ . if (δS) τ =true τ ∧(υ A)τ =true τ ∧finiteppRep-Setbase(S τ)qq then(Finite-Set.fold (F) (A) ((λaτ . a) ‘ppRep-Setbase(S τ)qq))τ
else⊥) syntax
-OclIterateSet :: [(0A,0α::null) Set,idt,idt, 0α, 0β] =>(0A,0γ)val (-−>iterateS et0
(-;-=-|-0) ) translations
X−>iterateS et(a;x =A|P) ==CONST OclIterate X A(%a.(%x.P))
2.9.16. Definition: Select
definitionOclSelect :: [(0A,0α::null)Set,(0A,0α)val⇒(0A)Boolean]⇒(0A,0α)Set whereOclSelect S P = (λτ .if (δS) τ =trueτ
then if (∃x∈ppRep-Setbase (S τ)qq.P(λ-.x) τ =invalid τ) then invalid τ
else Abs-Setbasexx{x∈ppRep-Setbase (S τ)qq.P (λ-.x) τ 6=falseτ}yy else invalid τ)
syntax
-OclSelectSet :: [(0A,0α::null)Set,id,(0A)Boolean]⇒ 0ABoolean ((-)−>selectS et0(-|-0)) translations
X−>selectS et(x |P) ==CONST OclSelect X (%x.P)
2.9.17. Definition: Reject
definitionOclReject :: [(0A,0α::null)Set,(0A,0α)val⇒(0A)Boolean]⇒(0A,0α::null)Set whereOclReject S P =OclSelect S (not o P)
syntax
-OclRejectSet:: [(0A,0α::null) Set,id,(0A)Boolean]⇒ 0ABoolean ((-)−>rejectS et0
(-|-0)) translations
X−>rejectS et(x |P) ==CONST OclReject X (%x.P)
2.9.18. Definition: IncludesAll
definitionOclIncludesAll :: [(0A,0α::null) Set,(0A,0α)Set]⇒ 0ABoolean where OclIncludesAll x y = (λ τ . if (δ x)τ =trueτ ∧(δ y) τ =true τ
then xxppRep-Setbase(y τ)qq⊆ppRep-Setbase(x τ)qq yy else ⊥ )
notation OclIncludesAll (-−>includesAllS et0
(-0) )
interpretationOclIncludesAll :profile-bind-dOclIncludesAll λx y.xxppRep-Setbase yqq⊆ppRep-Setbasexqqyy hproofi
2.9.19. Definition: ExcludesAll
definitionOclExcludesAll :: [(0A,0α::null)Set,(0A,0α)Set]⇒ 0ABoolean where OclExcludesAll x y= (λ τ . if (δ x) τ =true τ ∧(δy)τ =true τ
thenxxppRep-Setbase (yτ)qq∩ppRep-Setbase(x τ)qq={}yy else⊥ )
notation OclExcludesAll (-−>excludesAllS et0
(-0) )
interpretationOclExcludesAll :profile-bind-d OclExcludesAll λx y.xxppRep-Setbase yqq∩ppRep-Setbasexqq= {}yy
hproofi
2.9.20. Definition: Union
definitionOclUnion :: [(0A,0α::null)Set,(0A,0α)Set]⇒(0A,0α) Set where OclUnion x y = (λ τ . if (δ x) τ =trueτ ∧(δy)τ =true τ
then Abs-SetbasexxppRep-Setbase(yτ)qq∪ppRep-Setbase (x τ)qq yy else⊥ )
notation OclUnion (-−>unionS et0
(-0) )
lemmaOclUnion-inv: (x::Set(0b::{null}))6=⊥=⇒x 6=null =⇒ y 6=⊥ =⇒y 6=null =⇒ xxppRep-Setbase yqq∪ppRep-Setbasexqqyy∈ {X.X =bot ∨X =null ∨ (∀x∈ppXqq.x 6=bot)}
hproofi
interpretationOclUnion:profile-bind-dOclUnionλx y.Abs-SetbasexxppRep-Setbase yqq∪ ppRep-Setbase xqqyy hproofi
2.9.21. Definition: Intersection
definitionOclIntersection :: [(0A,0α::null)Set,(0A,0α)Set]⇒(0A,0α) Set where OclIntersection x y= (λ τ . if (δ x) τ =true τ ∧(δy)τ =true τ
then Abs-SetbasexxppRep-Setbase(yτ)qq
∩ppRep-Setbase(x τ)qqyy else⊥ )
notation OclIntersection(-−>intersectionS et0
(-0) )
lemmaOclIntersection-inv: (x::Set(0b::{null}))6=⊥=⇒x 6=null =⇒ y 6=⊥ =⇒y 6=null =⇒ xxppRep-Setbase yqq∩ppRep-Setbasexqqyy∈ {X.X =bot ∨X =null ∨ (∀x∈ppXqq.x 6=bot)}
hproofi
interpretation OclIntersection : profile-bind-d OclIntersection λx y. Abs-SetbasexxppRep-Setbase yqq ∩ ppRep-Setbase xqqyy
hproofi
2.9.22. Definition (future operators)
consts
OclCount :: [(0A,0α::null)Set,(0A,0α)Set]⇒ 0AInteger OclSum :: (0A,0α::null)Set ⇒ 0AInteger
notation OclCount (-−>countS et0
(-0) ) notation OclSum (-−>sumS et0
(0) )
2.9.23. Logical Properties
OclIncluding
lemmaOclIncluding-valid-args-valid:
(τ |=υ(X−>includingS et(x))) = ((τ |=(δX))∧(τ |=(υ x))) hproofi
lemmaOclIncluding-valid-args-valid00[simp,code-unfold]:
υ(X−>includingS et(x)) = ((δX)and (υx)) hproofi
etc. etc.
OclExcluding
lemmaOclExcluding-valid-args-valid:
(τ |=υ(X−>excludingS et(x))) = ((τ |=(δ X))∧(τ |=(υ x))) hproofi
lemmaOclExcluding-valid-args-valid00[simp,code-unfold]:
υ(X−>excludingS et(x)) = ((δX)and (υ x)) hproofi
OclIncludes
lemmaOclIncludes-valid-args-valid:
(τ |=υ(X−>includesS et(x))) = ((τ |=(δ X))∧(τ |=(υ x))) hproofi
lemmaOclIncludes-valid-args-valid00[simp,code-unfold]:
υ(X−>includesS et(x)) = ((δ X) and (υ x)) hproofi
OclExcludes
lemmaOclExcludes-valid-args-valid:
(τ |=υ(X−>excludesS et(x))) = ((τ |=(δX))∧(τ |=(υ x))) hproofi
lemmaOclExcludes-valid-args-valid00[simp,code-unfold]:
υ(X−>excludesS et(x)) = ((δX)and (υ x)) hproofi
OclSize
lemmaOclSize-defined-args-valid:τ |=δ(X−>sizeS et()) =⇒τ |=δ X hproofi
lemmaOclSize-infinite:
assumesnon-finite:τ |=not(δ(S−>sizeS et()))
shows (τ |=not(δ(S)))∨ ¬finiteppRep-Setbase (S τ)qq hproofi
lemmaτ |=δX =⇒ ¬finite ppRep-Setbase (X τ)qq=⇒ ¬τ |=δ (X−>sizeS et()) hproofi
lemmasize-defined:
assumesX-finite:V
τ . finiteppRep-Setbase(X τ)qq showsδ (X−>sizeS et()) =δ X
hproofi
lemmasize-defined0:
assumesX-finite:finiteppRep-Setbase(X τ)qq shows(τ |=δ (X−>sizeS et())) = (τ |=δ X) hproofi
OclIsEmpty
lemmaOclIsEmpty-defined-args-valid:τ |=δ (X−>isEmptyS et()) =⇒τ |=υ X hproofi
lemma τ |=δ (null−>isEmptyS et()) hproofi
lemmaOclIsEmpty-infinite:τ |=δ X =⇒ ¬finiteppRep-Setbase(X τ)qq=⇒ ¬τ |=δ(X−>isEmptyS et()) hproofi
OclNotEmpty
lemmaOclNotEmpty-defined-args-valid:τ |=δ (X−>notEmptyS et()) =⇒τ |=υ X hproofi
lemma τ |=δ (null−>notEmptyS et()) hproofi
lemmaOclNotEmpty-infinite:τ |=δ X =⇒ ¬finiteppRep-Setbase(X τ)qq=⇒ ¬τ |=δ(X−>notEmptyS et()) hproofi
lemmaOclNotEmpty-has-elt :τ |=δ X =⇒ τ |=X−>notEmptyS et() =⇒
∃e.e ∈ppRep-Setbase (X τ)qq hproofi
OclANY
lemmaOclANY-defined-args-valid:τ |=δ (X−>anyS et()) =⇒τ |=δX hproofi
lemma τ |=δ X =⇒τ |=X−>isEmptyS et() =⇒ ¬τ |=δ (X−>anyS et()) hproofi
lemmaOclANY-valid-args-valid:
(τ |=υ(X−>anyS et())) = (τ |=υ X) hproofi
lemmaOclANY-valid-args-valid00[simp,code-unfold]:
υ(X−>anyS et()) = (υ X) hproofi
2.9.24. Execution Laws with Invalid or Null or Infinite Set as Argument
OclIncluding OclExcluding OclIncludes OclExcludes OclSize
lemmaOclSize-invalid[simp,code-unfold]:(invalid−>sizeS et()) =invalid hproofi
lemmaOclSize-null[simp,code-unfold]:(null−>sizeS et()) =invalid hproofi
OclIsEmpty
lemmaOclIsEmpty-invalid[simp,code-unfold]:(invalid−>isEmptyS et()) =invalid hproofi
lemmaOclIsEmpty-null[simp,code-unfold]:(null−>isEmptyS et()) =true hproofi
OclNotEmpty
lemmaOclNotEmpty-invalid[simp,code-unfold]:(invalid−>notEmptyS et()) =invalid hproofi
lemmaOclNotEmpty-null[simp,code-unfold]:(null−>notEmptyS et()) =false hproofi
OclANY
lemmaOclANY-invalid[simp,code-unfold]:(invalid−>anyS et()) =invalid hproofi
lemmaOclANY-null[simp,code-unfold]:(null−>anyS et()) =null hproofi
OclForall
lemmaOclForall-invalid[simp,code-unfold]:invalid−>forAllS et(a|P a) =invalid hproofi
lemmaOclForall-null[simp,code-unfold]:null−>forAllS et(a |P a) =invalid hproofi
OclExists
lemmaOclExists-invalid[simp,code-unfold]:invalid−>existsS et(a|P a) =invalid hproofi
lemmaOclExists-null[simp,code-unfold]:null−>existsS et(a |P a) =invalid hproofi
OclIterate
lemmaOclIterate-invalid[simp,code-unfold]:invalid−>iterateS et(a;x =A|P a x) =invalid hproofi
lemmaOclIterate-null[simp,code-unfold]:null−>iterateS et(a;x =A|P a x) =invalid hproofi
lemmaOclIterate-invalid-args[simp,code-unfold]:S−>iterateS et(a;x =invalid |P a x) =invalid hproofi
An open question is this ...
lemma S−>iterateS et(a;x =null |P a x) =invalid hproofi
lemmaOclIterate-infinite:
assumesnon-finite:τ |=not(δ(S−>sizeS et())) shows(OclIterate S A F)τ =invalid τ hproofi
OclSelect
lemmaOclSelect-invalid[simp,code-unfold]:invalid−>selectS et(a |P a) =invalid
hproofi
lemmaOclSelect-null[simp,code-unfold]:null−>selectS et(a|P a) =invalid hproofi
OclReject
lemmaOclReject-invalid[simp,code-unfold]:invalid−>rejectS et(a |P a) =invalid hproofi
lemmaOclReject-null[simp,code-unfold]:null−>rejectS et(a |P a) =invalid hproofi
Context Passing lemmacp-OclIncludes1:
(X−>includesS et(x))τ = (X−>includesS et(λ-.x τ))τ hproofi
lemmacp-OclSize:X−>sizeS et()τ = ((λ-.X τ)−>sizeS et())τ hproofi
lemmacp-OclIsEmpty:X−>isEmptyS et()τ = ((λ-.X τ)−>isEmptyS et())τ hproofi
lemmacp-OclNotEmpty:X−>notEmptyS et()τ = ((λ-.X τ)−>notEmptyS et())τ hproofi
lemmacp-OclANY:X−>anyS et()τ = ((λ-.X τ)−>anyS et())τ hproofi
lemmacp-OclForall:
(S−>forAllS et(x |P x))τ = ((λ-.S τ)−>forAllS et(x |P (λ-.x τ)))τ hproofi
lemmacp-OclForall1 [simp,intro!]:
cp S =⇒cp (λX.((S X)−>forAllS et(x |P x))) hproofi
lemma
cp (λX St x.P (λτ .x)X St) =⇒cp S =⇒cp(λX.(S X)−>forAllS et(x|P x X)) hproofi
lemma cp S =⇒
(V
x.cp(P x)) =⇒
cp(λX.((S X)−>forAllS et(x |P x X))) hproofi
lemmacp-OclExists:
(S−>existsS et(x |P x))τ = ((λ-.S τ)−>existsS et(x |P (λ-.x τ)))τ hproofi
lemmacp-OclExists1 [simp,intro!]:
cp S =⇒cp (λX.((S X)−>existsS et(x |P x))) hproofi
lemmacp-OclIterate:
(X−>iterateS et(a;x =A|P a x))τ =
((λ-.X τ)−>iterateS et(a;x =A|P a x))τ hproofi
lemmacp-OclSelect: (X−>selectS et(a |P a))τ = ((λ-.X τ)−>selectS et(a|P a))τ hproofi
lemmacp-OclReject: (X−>rejectS et(a|P a))τ = ((λ-.X τ)−>rejectS et(a |P a))τ hproofi
lemmascp-intro00S et[intro!,simp,code-unfold] =
cp-OclSize [THEN allI[THEN allI[THEN cpI1],of OclSize]]
cp-OclIsEmpty [THEN allI[THEN allI[THEN cpI1],of OclIsEmpty]]
cp-OclNotEmpty [THEN allI[THEN allI[THEN cpI1],of OclNotEmpty]]
cp-OclANY [THEN allI[THEN allI[THEN cpI1],of OclANY]]
Const
lemmaconst-OclIncluding[simp,code-unfold] : assumesconst-x :const x
andconst-S :const S
shows const(S−>includingS et(x)) hproofi