1664 proof. |
1664 proof. |
1665 \end{proof} |
1665 \end{proof} |
1666 |
1666 |
1667 \noindent |
1667 \noindent |
1668 To sum up this section, we established a reasoning infrastructure |
1668 To sum up this section, we established a reasoning infrastructure |
1669 for the types @{text "ty\<AL>\<^isub>1 \<dots> ty\<AL>\<^isub>n"} |
1669 for the types @{text "ty\<AL>\<^isub>1, \<dots>, ty\<AL>\<^isub>n"} |
1670 by first lifting definitions from the raw level to the quotient level and |
1670 by first lifting definitions from the raw level to the quotient level and |
1671 then establish facts about these lifted definitions. All necessary proofs |
1671 then establish facts about these lifted definitions. All necessary proofs |
1672 are generated automatically by custom ML-code. This code can deal with |
1672 are generated automatically by custom ML-code we implemented. This code can deal with |
1673 specifications as shown in Figure~\ref{nominalcorehas} for Core-Haskell. |
1673 specifications like the one shown in Figure~\ref{nominalcorehas} for Core-Haskell. |
1674 |
1674 |
1675 \begin{figure}[t!] |
1675 \begin{figure}[t!] |
1676 \begin{boxedminipage}{\linewidth} |
1676 \begin{boxedminipage}{\linewidth} |
1677 \small |
1677 \small |
1678 \begin{tabular}{l} |
1678 \begin{tabular}{l} |
1757 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>n. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n)"} |
1757 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>n. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n)"} |
1758 \end{equation} |
1758 \end{equation} |
1759 |
1759 |
1760 \noindent |
1760 \noindent |
1761 where the @{text "x\<^isub>i, \<dots>, x\<^isub>j"} are the recursive arguments of @{text "C\<^sup>\<alpha>"}. |
1761 where the @{text "x\<^isub>i, \<dots>, x\<^isub>j"} are the recursive arguments of @{text "C\<^sup>\<alpha>"}. |
1762 The problem with this implication is that in general it is not easy to establish. |
1762 The problem with this implication is that in general it is not easy to establish this |
|
1763 implication |
1763 The reason is we cannot make any assumption about the binders in @{text "C\<^sup>\<alpha>"} |
1764 The reason is we cannot make any assumption about the binders in @{text "C\<^sup>\<alpha>"} |
1764 (for example we cannot assume the variable convention). |
1765 (for example we cannot assume the variable convention). |
1765 |
1766 |
1766 In \cite{UrbanTasson05} we introduced a method for automatically |
1767 In \cite{UrbanTasson05} we introduced a method for automatically |
1767 strengthening weak induction principles for terms containing single |
1768 strengthening weak induction principles for terms containing single |
1768 binders. These stronger induction principles allow us to make additional |
1769 binders. These stronger induction principles allow the user to make additional |
1769 assumptions about binders. These additional assumptions amount to a formal |
1770 assumptions about binders when proving the induction hypotheses. |
1770 version of the usual variable convention for binders. A natural question is |
1771 These additional assumptions amount to a formal |
1771 whether we can also strengthen the weak induction principles in the presence |
1772 version of the informal variable convention for binders. A natural question is |
|
1773 whether we can also strengthen the weak induction principles involving |
1772 general binders. We will indeed be able to so, but for this we need an |
1774 general binders. We will indeed be able to so, but for this we need an |
1773 additional notion of permuting deep binders. |
1775 additional notion of permuting deep binders. |
1774 |
1776 |
1775 Given a binding function @{text "bn"} we need to define an auxiliary permutation |
1777 Given a binding function @{text "bn"} we define an auxiliary permutation |
1776 operation @{text "_ \<bullet>\<^bsub>bn\<^esub> _"} which permutes only bound arguments in a deep binder. |
1778 operation @{text "_ \<bullet>\<^bsub>bn\<^esub> _"} which permutes only bound arguments in a deep binder. |
1777 Given a clause of @{text bn} is defined as @{text "bn (C x\<^isub>1 \<dots> x\<^isub>n) = rhs"}, then |
1779 Given a clause of @{text bn} is defined as @{text "bn (C x\<^isub>1 \<dots> x\<^isub>n) = rhs"}, then |
1778 % |
1780 % |
1779 \begin{center} |
1781 \begin{center} |
1780 @{text "p \<bullet>\<^bsub>bn\<^esub> (C x\<^isub>1 \<dots> x\<^isub>n) \<equiv> C y\<^isub>1 \<dots> y\<^isub>n"} |
1782 @{text "p \<bullet>\<^bsub>bn\<^esub> (C x\<^isub>1 \<dots> x\<^isub>n) \<equiv> C y\<^isub>1 \<dots> y\<^isub>n"} |
1790 $\bullet$ & @{text "y\<^isub>i \<equiv> p \<bullet> x\<^isub>i"} otherwise |
1792 $\bullet$ & @{text "y\<^isub>i \<equiv> p \<bullet> x\<^isub>i"} otherwise |
1791 \end{tabular} |
1793 \end{tabular} |
1792 \end{center} |
1794 \end{center} |
1793 |
1795 |
1794 \noindent |
1796 \noindent |
1795 Using the quotient package we can lift the @{text "_ \<bullet>\<^bsub>bn\<^esub> _"} function to alpha |
1797 Using the quotient package again we can lift the @{text "_ \<bullet>\<^bsub>bn\<^esub> _"} function to |
1796 equated terms. We can then prove |
1798 alpha-equated terms. We can then prove: |
1797 |
1799 |
1798 \begin{lemma} Given a binding function @{text "bn\<^sup>\<alpha>"}. Then |
1800 \begin{lemma} Given a binding function @{text "bn\<^sup>\<alpha>"} then for all @{text p} |
1799 {\it i)} @{text "p \<bullet> (bn\<^sup>\<alpha> x) = bn\<^sup>\<alpha> (p \<bullet>\<^bsub>bn\<^sup>\<alpha>\<^esub> x)"} and {\it ii)} |
1801 {\it i)} @{text "p \<bullet> (bn\<^sup>\<alpha> x) = bn\<^sup>\<alpha> (p \<bullet>\<^bsub>bn\<^sup>\<alpha>\<^esub> x)"} and {\it ii)} |
1800 for all permutations @{text p}, @{text "fv_bn\<^isup>\<alpha> x = fv_bn\<^isup>\<alpha> (p \<bullet>\<^bsub>bn\<^sup>\<alpha>\<^esub> x)"}. |
1802 @{text "fv_bn\<^isup>\<alpha> x = fv_bn\<^isup>\<alpha> (p \<bullet>\<^bsub>bn\<^sup>\<alpha>\<^esub> x)"}. |
1801 \end{lemma} |
1803 \end{lemma} |
1802 |
1804 |
1803 \begin{proof} |
1805 \begin{proof} |
1804 By induction on @{text x}. The equation follow by simple unfolding |
1806 By induction on @{text x}. The equation follow by simple unfolding |
1805 of the definitions. |
1807 of the definitions. |
1806 \end{proof} |
1808 \end{proof} |
1807 |
1809 |
1808 This allows is to strengthen the induction principles. We will explain |
1810 The first property states that a permutation applied to a binding function is |
1809 the details with the @{text "Let"} term-constructor from \eqref{letpat}. |
1811 equivalent to first permuting the binders and then calculating the bound |
|
1812 variables. The second amounts to the fact that permuting the binders has no |
|
1813 effect on the free-variable function. |
|
1814 |
|
1815 This notion allows is to strengthen the induction principles. We will explain |
|
1816 the details with the @{text "Let"} term-constructor from the example shown |
|
1817 in \eqref{letpat}. |
1810 Instead of establishing the implication |
1818 Instead of establishing the implication |
1811 |
1819 |
1812 \begin{center} |
1820 \begin{center} |
1813 @{text "\<forall>p t\<^isub>1 t\<^isub>2. P\<^bsub>pat\<^esub> p \<and> P\<^bsub>trm\<^esub> t\<^isub>1 \<and> P\<^bsub>trm\<^esub> t\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub> (Let p t\<^isub>1 t\<^isub>2)"} |
1821 @{text "\<forall>p t\<^isub>1 t\<^isub>2. P\<^bsub>pat\<^esub> p \<and> P\<^bsub>trm\<^esub> t\<^isub>1 \<and> P\<^bsub>trm\<^esub> t\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub> (Let p t\<^isub>1 t\<^isub>2)"} |
1814 \end{center} |
1822 \end{center} |
1815 |
1823 |
1816 \noindent |
1824 \noindent |
1817 from the weak induction principle, we will show that it is sufficient |
1825 for the weak induction principle, we will show that it is sufficient |
1818 to establish |
1826 to establish |
1819 |
1827 |
1820 \begin{center} |
1828 \begin{center} |
1821 \begin{tabular}{l} |
1829 \begin{tabular}{l} |
1822 @{text "\<forall>p t\<^isub>1 t\<^isub>2 c."}\\ |
1830 @{text "\<forall>p t\<^isub>1 t\<^isub>2 c."}\\ |
1824 \hspace{5mm}@{text "(\<forall>d. P\<^bsub>pat\<^esub> d p) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t\<^isub>1) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t\<^isub>2)"}\\ |
1832 \hspace{5mm}@{text "(\<forall>d. P\<^bsub>pat\<^esub> d p) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t\<^isub>1) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t\<^isub>2)"}\\ |
1825 \hspace{15mm}@{text "\<Rightarrow> P\<^bsub>trm\<^esub> c (Let p t\<^isub>1 t\<^isub>2)"} |
1833 \hspace{15mm}@{text "\<Rightarrow> P\<^bsub>trm\<^esub> c (Let p t\<^isub>1 t\<^isub>2)"} |
1826 \end{tabular} |
1834 \end{tabular} |
1827 \end{center} |
1835 \end{center} |
1828 |
1836 |
|
1837 \noindent |
|
1838 While this implication contains additional arguments (i.e.~@{text c}) and |
|
1839 additional universal quantifications, it is usually easier to establish. |
|
1840 The reason is that in the case of @{text "Let"} we can make the freshness |
|
1841 assumption @{text "set (bn\<^sup>\<alpha> p) #\<^sup>* c"}, wherby @{text c} can be arbitrarily |
|
1842 chosen as long as it has finite support. |
1829 |
1843 |
1830 With the help of @{text "\<bullet>bn"} functions defined in the previous section |
1844 With the help of @{text "\<bullet>bn"} functions defined in the previous section |
1831 we can show that binders can be substituted in term constructors. We show |
1845 we can show that binders can be substituted in term constructors. We show |
1832 this only for the specification from Figure~\ref{nominalcorehas}. The only |
1846 this only for the specification from Figure~\ref{nominalcorehas}. The only |
1833 constructor with a complicated binding structure is @{text "ACons"}. For this |
1847 constructor with a complicated binding structure is @{text "ACons"}. For this |