245 |
245 |
246 In addition we are able to address the criticism by Paulson \cite{Paulson06} cited |
246 In addition we are able to address the criticism by Paulson \cite{Paulson06} cited |
247 at the beginning of this section about having to collect theorems that are |
247 at the beginning of this section about having to collect theorems that are |
248 lifted from the raw level to the quotient level into one giant list. Our |
248 lifted from the raw level to the quotient level into one giant list. Our |
249 quotient package is the first one that is modular so that it allows to lift |
249 quotient package is the first one that is modular so that it allows to lift |
|
250 %%% FIXME: First-order ones exist, HOL-Light one lifts theorems separately. |
250 single theorems separately. This has the advantage for the user of being able to develop a |
251 single theorems separately. This has the advantage for the user of being able to develop a |
251 formal theory interactively as a natural progression. A pleasing side-result of |
252 formal theory interactively as a natural progression. A pleasing side-result of |
252 the modularity is that we are able to clearly specify what is involved |
253 the modularity is that we are able to clearly specify what is involved |
253 in the lifting process (this was only hinted at in \cite{Homeier05} and |
254 in the lifting process (this was only hinted at in \cite{Homeier05} and |
254 implemented as a ``rough recipe'' in ML-code). |
255 implemented as a ``rough recipe'' in ML-code). |
395 cannot be stated inside HOL, because of the restriction on types. |
396 cannot be stated inside HOL, because of the restriction on types. |
396 Second, even if we were able to state such a quotient theorem, it |
397 Second, even if we were able to state such a quotient theorem, it |
397 would not be true in general. However, we can prove specific and useful |
398 would not be true in general. However, we can prove specific and useful |
398 instances of the quotient theorem. We will |
399 instances of the quotient theorem. We will |
399 show an example in Section \ref{sec:resp}. |
400 show an example in Section \ref{sec:resp}. |
|
401 %%% FIXME the example is gone from the paper? |
400 |
402 |
401 *} |
403 *} |
402 |
404 |
403 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
405 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
404 |
406 |
841 The raw theorem only shows that particular element in the |
843 The raw theorem only shows that particular element in the |
842 equivalence classes are not equal. A more general statement saying that |
844 equivalence classes are not equal. A more general statement saying that |
843 the equivalence classes are not equal is necessary. |
845 the equivalence classes are not equal is necessary. |
844 |
846 |
845 In the following we will first define the statement of the |
847 In the following we will first define the statement of the |
846 regularized theorem based on @{text "raw_thm"} and the |
848 regularized theorem based on @{text "raw_thm"} and |
847 @{text "quot_thm"}. Then we define the statement of the injected theorem, based |
849 @{text "quot_thm"}. Then we define the statement of the injected theorem, based |
848 on @{text "reg_thm"} theorem and @{text "quot_thm"}. We then show the 3 proofs, |
850 on @{text "reg_thm"} theorem and @{text "quot_thm"}. We then show the 3 proofs, |
849 which can all be performed independently from each other. |
851 which can all be performed independently from each other. |
850 |
852 |
851 We define the function @{text REG}. The intuition |
853 We define the function @{text REG}. The intuition |
868 $\begin{cases} |
870 $\begin{cases} |
869 @{text "\<forall>x\<^sup>\<sigma>. REG (t, s)"} \quad\mbox{provided @{text "\<sigma> = \<tau>"}}\\ |
871 @{text "\<forall>x\<^sup>\<sigma>. REG (t, s)"} \quad\mbox{provided @{text "\<sigma> = \<tau>"}}\\ |
870 @{text "\<forall>x\<^sup>\<sigma> \<in> Respects (REL (\<sigma>, \<tau>)). REG (t, s)"} |
872 @{text "\<forall>x\<^sup>\<sigma> \<in> Respects (REL (\<sigma>, \<tau>)). REG (t, s)"} |
871 \end{cases}$\smallskip\\ |
873 \end{cases}$\smallskip\\ |
872 \multicolumn{3}{@ {}l}{equality:}\smallskip\\ |
874 \multicolumn{3}{@ {}l}{equality:}\smallskip\\ |
873 @{text "REG (=\<^bsup>\<sigma>\<Rightarrow>\<sigma>\<Rightarrow>bool\<^esup>, =\<^bsup>\<tau>\<Rightarrow>\<tau>\<Rightarrow>bool\<^esup>)"} & $\dn$ & |
875 %% REL of two equal types is the equality so we do not need a separate case |
874 $\begin{cases} |
876 @{text "REG (=\<^bsup>\<sigma>\<Rightarrow>\<sigma>\<Rightarrow>bool\<^esup>, =\<^bsup>\<tau>\<Rightarrow>\<tau>\<Rightarrow>bool\<^esup>)"} & $\dn$ & @{text "REL (\<sigma>, \<tau>)"}\\\smallskip\\ |
875 @{text "="} \quad\mbox{provided @{text "\<sigma> = \<tau>"}}\\ |
|
876 @{text "REL (\<sigma>, \<tau>)"}\\ |
|
877 \end{cases}$\\ |
|
878 \multicolumn{3}{@ {}l}{applications, variables and constants:}\\ |
877 \multicolumn{3}{@ {}l}{applications, variables and constants:}\\ |
879 @{text "REG (t\<^isub>1 t\<^isub>2, s\<^isub>1 s\<^isub>2)"} & $\dn$ & @{text "REG (t\<^isub>1, s\<^isub>1) REG (t\<^isub>2, s\<^isub>2)"}\\ |
878 @{text "REG (t\<^isub>1 t\<^isub>2, s\<^isub>1 s\<^isub>2)"} & $\dn$ & @{text "REG (t\<^isub>1, s\<^isub>1) REG (t\<^isub>2, s\<^isub>2)"}\\ |
880 @{text "REG (x\<^isub>1, x\<^isub>2)"} & $\dn$ & @{text "x\<^isub>1"}\\ |
879 @{text "REG (x\<^isub>1, x\<^isub>2)"} & $\dn$ & @{text "x\<^isub>1"}\\ |
881 @{text "REG (c\<^isub>1, c\<^isub>2)"} & $\dn$ & @{text "c\<^isub>1"}\\[-5mm] |
880 @{text "REG (c\<^isub>1, c\<^isub>2)"} & $\dn$ & @{text "c\<^isub>1"}\\[-5mm] |
882 \end{longtable} |
881 \end{longtable} |
924 quantifiers have been omitted. |
923 quantifiers have been omitted. |
925 |
924 |
926 In the first proof step, establishing @{text "raw_thm \<longrightarrow> reg_thm"}, we always |
925 In the first proof step, establishing @{text "raw_thm \<longrightarrow> reg_thm"}, we always |
927 start with an implication. Isabelle provides \emph{mono} rules that can split up |
926 start with an implication. Isabelle provides \emph{mono} rules that can split up |
928 the implications into simpler implication subgoals. This succeeds for every |
927 the implications into simpler implication subgoals. This succeeds for every |
929 monotone connectives, except in places wher the function @{text REG} inserted, |
928 monotone connective, except in places wher the function @{text REG} inserted, |
930 for example, a quantifier by a bounded quantifier. In this case we have |
929 for example, a quantifier by a bounded quantifier. In this case we have |
931 rules of the form |
930 rules of the form |
932 |
931 |
933 @{text [display, indent=10] "(\<forall>x. R x \<longrightarrow> (P x \<longrightarrow> Q x)) \<longrightarrow> (\<forall>x. P x \<longrightarrow> \<forall>x \<in> R. Q x)"} |
932 @{text [display, indent=10] "(\<forall>x. R x \<longrightarrow> (P x \<longrightarrow> Q x)) \<longrightarrow> (\<forall>x. P x \<longrightarrow> \<forall>x \<in> R. Q x)"} |
934 |
933 |
935 \noindent |
934 \noindent |
936 They decompose a bounded quantifier on the right-hand side, but are only applicable |
935 They decompose a bounded quantifier on the right-hand side. We can decompose a |
937 if we can prove that |
936 bounded quantifier anywhere if R is an equivalence relation or |
|
937 if it is a relation over function types with the range being an equivalence |
|
938 relation. If @{text R} is an equivalence relation we can prove that |
938 |
939 |
939 @{text [display, indent=10] "\<forall>x \<in> Respects R. P x = \<forall>x. P x"} |
940 @{text [display, indent=10] "\<forall>x \<in> Respects R. P x = \<forall>x. P x"} |
940 |
941 |
941 \noindent |
942 \noindent |
942 And finally it can be removed anywhere if @{term R\<^isub>2} is an equivalence relation |
943 And when @{term R\<^isub>2} is an equivalence relation and we can prove |
943 and we can prove |
|
944 |
944 |
945 @{thm [display, indent=10] (concl) ball_reg_eqv_range[of R\<^isub>1 R\<^isub>2, no_vars]} |
945 @{thm [display, indent=10] (concl) ball_reg_eqv_range[of R\<^isub>1 R\<^isub>2, no_vars]} |
946 |
946 |
947 \noindent |
947 \noindent |
948 The last theorem is new in comparison with Homeier's package. There the |
948 The last theorem is new in comparison with Homeier's package. There the |
949 injection procedure would be used to prove such goals, and there |
949 injection procedure would be used to prove such goals, and there |
950 the assumption about the equivalence relation would be used. We use the above theorem directly, |
950 the assumption about the equivalence relation would be used. We use the above theorem directly, |
951 because this allows us to completely separate the first and the second |
951 because this allows us to completely separate the first and the second |
952 proof step into independent ``units''. |
952 proof step into independent ``units''. |
953 |
953 |
954 The secon proof step, establishing @{text "reg_thm \<longleftrightarrow> inj_thm"}, starts with an equality. |
954 The second proof step, establishing @{text "reg_thm \<longleftrightarrow> inj_thm"}, starts with an equality. |
955 The proof again follows the structure of the |
955 The proof again follows the structure of the |
956 two underlying terms, and is defined for a goal being a relation between these two terms. |
956 two underlying terms, and is defined for a goal being a relation between these two terms. |
957 |
957 |
958 \begin{itemize} |
958 \begin{itemize} |
959 \item For two constants an appropriate constant respectfulness lemma is applied. |
959 \item For two constants an appropriate constant respectfulness lemma is applied. |