245 |
245 |
246 In addition we are able to address the criticism by Paulson \cite{Paulson06} cited |
246 In addition we are able to address the criticism by Paulson \cite{Paulson06} cited |
247 at the beginning of this section about having to collect theorems that are |
247 at the beginning of this section about having to collect theorems that are |
248 lifted from the raw level to the quotient level into one giant list. Our |
248 lifted from the raw level to the quotient level into one giant list. Our |
249 quotient package is the first one that is modular so that it allows to lift |
249 quotient package is the first one that is modular so that it allows to lift |
250 %%% FIXME: First-order ones exist, HOL-Light one lifts theorems separately. |
250 %%% FIXME: First-order ones exist, for example in HOL-Light the lift_theorem function |
|
251 %%% takes all the prerequisites and one single theorem to lift. |
251 single theorems separately. This has the advantage for the user of being able to develop a |
252 single theorems separately. This has the advantage for the user of being able to develop a |
252 formal theory interactively as a natural progression. A pleasing side-result of |
253 formal theory interactively as a natural progression. A pleasing side-result of |
253 the modularity is that we are able to clearly specify what is involved |
254 the modularity is that we are able to clearly specify what is involved |
254 in the lifting process (this was only hinted at in \cite{Homeier05} and |
255 in the lifting process (this was only hinted at in \cite{Homeier05} and |
255 implemented as a ``rough recipe'' in ML-code). |
256 implemented as a ``rough recipe'' in ML-code). |
396 cannot be stated inside HOL, because of the restriction on types. |
397 cannot be stated inside HOL, because of the restriction on types. |
397 Second, even if we were able to state such a quotient theorem, it |
398 Second, even if we were able to state such a quotient theorem, it |
398 would not be true in general. However, we can prove specific and useful |
399 would not be true in general. However, we can prove specific and useful |
399 instances of the quotient theorem. We will |
400 instances of the quotient theorem. We will |
400 show an example in Section \ref{sec:resp}. |
401 show an example in Section \ref{sec:resp}. |
401 %%% FIXME the example is gone from the paper? |
402 %%% FIXME the example is gone from the paper? Maybe we can just put it here? |
402 |
403 |
403 *} |
404 *} |
404 |
405 |
405 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
406 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
406 |
407 |
923 quantifiers have been omitted. |
924 quantifiers have been omitted. |
924 |
925 |
925 In the first proof step, establishing @{text "raw_thm \<longrightarrow> reg_thm"}, we always |
926 In the first proof step, establishing @{text "raw_thm \<longrightarrow> reg_thm"}, we always |
926 start with an implication. Isabelle provides \emph{mono} rules that can split up |
927 start with an implication. Isabelle provides \emph{mono} rules that can split up |
927 the implications into simpler implication subgoals. This succeeds for every |
928 the implications into simpler implication subgoals. This succeeds for every |
928 monotone connective, except in places wher the function @{text REG} inserted, |
929 monotone connective, except in places where the function @{text REG} inserted, |
929 for example, a quantifier by a bounded quantifier. In this case we have |
930 for example, a quantifier by a bounded quantifier. In this case we have |
930 rules of the form |
931 rules of the form |
931 |
932 |
932 @{text [display, indent=10] "(\<forall>x. R x \<longrightarrow> (P x \<longrightarrow> Q x)) \<longrightarrow> (\<forall>x. P x \<longrightarrow> \<forall>x \<in> R. Q x)"} |
933 @{text [display, indent=10] "(\<forall>x. R x \<longrightarrow> (P x \<longrightarrow> Q x)) \<longrightarrow> (\<forall>x. P x \<longrightarrow> \<forall>x \<in> R. Q x)"} |
933 |
934 |
1002 |
1003 |
1003 text {* |
1004 text {* |
1004 |
1005 |
1005 In this section we will show, a complete interaction with the quotient package |
1006 In this section we will show, a complete interaction with the quotient package |
1006 for defining the type of integers by quotienting pairs of natural numbers and |
1007 for defining the type of integers by quotienting pairs of natural numbers and |
1007 lifting theorems to integers. Oeur quotient package is fully compatible with |
1008 lifting theorems to integers. Our quotient package is fully compatible with |
1008 Isabelle type classes, but for clarity we will not use them in this example. |
1009 Isabelle type classes, but for clarity we will not use them in this example. |
1009 In a larger formalization of integers using the type class mechanism would |
1010 In a larger formalization of integers using the type class mechanism would |
1010 provide many algebraic properties ``for free''. |
1011 provide many algebraic properties ``for free''. |
1011 |
1012 |
1012 A user of our quotient package first needs to define a relation on |
1013 A user of our quotient package first needs to define a relation on |
1063 (int_rel \<doublearr> int_rel \<doublearr> int_rel) plus_raw plus_raw"} |
1064 (int_rel \<doublearr> int_rel \<doublearr> int_rel) plus_raw plus_raw"} |
1064 \end{tabular} |
1065 \end{tabular} |
1065 \end{isabelle} |
1066 \end{isabelle} |
1066 |
1067 |
1067 \noindent |
1068 \noindent |
1068 This can be dischaged automatically by Isabelle when telling it to unfold the definition |
1069 This can be discharged automatically by Isabelle when telling it to unfold the definition |
1069 of @{text "\<doublearr>"}. |
1070 of @{text "\<doublearr>"}. |
1070 After this, the user can prove the lifted lemma explicitly: |
1071 After this, the user can prove the lifted lemma explicitly: |
1071 |
1072 |
1072 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ % |
1073 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ % |
1073 \isacommand{lemma}~~@{text "0 + (x :: int) = x"}~~\isacommand{by}~~@{text "lifting plus_zero_raw"} |
1074 \isacommand{lemma}~~@{text "0 + (x :: int) = x"}~~\isacommand{by}~~@{text "lifting plus_zero_raw"} |
1112 quotients in theorem provers. |
1113 quotients in theorem provers. |
1113 Slotosch~\cite{Slotosch97} implemented a mechanism that automatically |
1114 Slotosch~\cite{Slotosch97} implemented a mechanism that automatically |
1114 defines quotient types for Isabelle/HOL. But he did not include theorem lifting. |
1115 defines quotient types for Isabelle/HOL. But he did not include theorem lifting. |
1115 Harrison's quotient package~\cite{harrison-thesis} is the first one that is |
1116 Harrison's quotient package~\cite{harrison-thesis} is the first one that is |
1116 able to automatically lift theorems, however only first-order theorems (that is theorems |
1117 able to automatically lift theorems, however only first-order theorems (that is theorems |
1117 where abstractions, quantifiers and variables do not involve the quotient type). |
1118 where abstractions, quantifiers and variables do not involve functions that |
|
1119 include the quotient type). |
1118 There is also some work on quotient types in |
1120 There is also some work on quotient types in |
1119 non-HOL based systems and logical frameworks, including theory interpretations |
1121 non-HOL based systems and logical frameworks, including theory interpretations |
1120 in PVS~\cite{PVS:Interpretations}, new types in MetaPRL~\cite{Nogin02}, |
1122 in PVS~\cite{PVS:Interpretations}, new types in MetaPRL~\cite{Nogin02}, |
1121 and setoids in Coq \cite{ChicliPS02}. |
1123 and setoids in Coq \cite{ChicliPS02}. |
1122 Paulson showed a construction of quotients that does not require the |
1124 Paulson showed a construction of quotients that does not require the |
1123 Hilbert Choice operator, but also only first-order theorems to be lifted~\cite{Paulson06}. |
1125 Hilbert Choice operator, but also only first-order theorems can be lifted~\cite{Paulson06}. |
1124 The most related work to our package is the package for HOL4 by Homeier~\cite{Homeier05}. |
1126 The most related work to our package is the package for HOL4 by Homeier~\cite{Homeier05}. |
1125 He introduced most of the abstract notions about quotients and also deals with the |
1127 He introduced most of the abstract notions about quotients and also deals with the |
1126 lifting of higher-order theorems. However, he cannot deal with quotient compositions (needed |
1128 lifting of higher-order theorems. However, he cannot deal with quotient compositions (needed |
1127 for lifting theorems about @{text flat}. Also, a number of his definitions, like @{text ABS}, |
1129 for lifting theorems about @{text flat}. Also, a number of his definitions, like @{text ABS}, |
1128 @{text REP} and @{text INJ} etc only exist in ML-code. On the other hand, Homeier |
1130 @{text REP} and @{text INJ} etc only exist in ML-code. On the other hand, Homeier |