nominal2: comparison Paper/Paper.thy

equal deleted inserted replaced

-:0865caafbfe6
+:3890483c674f
 supp ("supp _" [78] 73) and
 uminus ("-_" [78] 73) and
 If  ("if _ then _ else _" 10) and
 alpha_set ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{set}}$}}>\<^bsup>_, _, _\<^esup> _") and
 alpha_lst ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{list}}$}}>\<^bsup>_, _, _\<^esup> _") and
-alpha_res ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{res}}$}}>\<^bsup>_, _, _\<^esup> _") and
+alpha_res ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{set+}}$}}>\<^bsup>_, _, _\<^esup> _") and
 abs_set ("_ \<approx>\<^raw:{$\,_{\textit{abs\_set}}$}> _") and
 abs_set2 ("_ \<approx>\<^raw:\raisebox{-1pt}{\makebox[0mm][l]{$\,_{\textit{list}}$}}>\<^bsup>_\<^esup>  _") and
 fv ("fa'(_')" [100] 100) and
 equal ("=") and
 alpha_abs_set ("_ \<approx>\<^raw:{$\,_{\textit{abs\_set}}$}> _") and
 Abs_set ("[_]\<^bsub>set\<^esub>._" [20, 101] 999) and
 Abs_lst ("[_]\<^bsub>list\<^esub>._") and
 Abs_dist ("[_]\<^bsub>#list\<^esub>._") and
-Abs_res ("[_]\<^bsub>res\<^esub>._") and
+Abs_res ("[_]\<^bsub>set+\<^esub>._") and
 Abs_print ("_\<^bsub>set\<^esub>._") and
 Cons ("_::_" [78,77] 73) and
 supp_set ("aux _" [1000] 10) and
 alpha_bn ("_ \<approx>bn _")
 we would like to regard the first pair of type-schemes as $\alpha$-equivalent,
 but assuming that @{text x}, @{text y} and @{text z} are distinct variables,
 the second pair should \emph{not} be $\alpha$-equivalent:
 %
 \begin{equation}\label{ex1}
-@{text "\<forall>{x, y}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{y, x}. x \<rightarrow> y"}\hspace{10mm}
+@{text "\<forall>{x, y}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{y, x}. y \<rightarrow> x"}\hspace{10mm}
 @{text "\<forall>{x, y}. x \<rightarrow> y  \<notapprox>\<^isub>\<alpha>  \<forall>{z}. z \<rightarrow> z"}
 \end{equation}
 %
 \noindent
 Moreover, we like to regard type-schemes as $\alpha$-equivalent, if they differ
 we might not care in which order the assignments @{text "x = 3"} and
 \mbox{@{text "y = 2"}} are given, but it would be often unusual to regard
 \eqref{one} as $\alpha$-equivalent with
 %
 \begin{center}
-@{text "\<LET> x = 3 \<AND> y = 2 \<AND> z = loop \<IN> x - y \<END>"}
+@{text "\<LET> x = 3 \<AND> y = 2 \<AND> z = foo \<IN> x - y \<END>"}
 \end{center}
 %
 \noindent
 Therefore we will also provide a separate binding mechanism for cases in
 which the order of binders does not matter, but the ``cardinality'' of the
 %reasoning about a well-formedness predicate.
 The problem with introducing a new type in Isabelle/HOL is that in order to
 be useful, a reasoning infrastructure needs to be ``lifted'' from the
 underlying subset to the new type. This is usually a tricky and arduous
-task. To ease it, we re-implemented in Isabelle/HOL the quotient package
+task. To ease it, we re-implemented in Isabelle/HOL \cite{KaliszykUrban11} the quotient package
 described by Homeier \cite{Homeier05} for the HOL4 system. This package
 allows us to lift definitions and theorems involving raw terms to
 definitions and theorems involving $\alpha$-equated terms. For example if we
 define the free-variable function over raw lambda-terms
 \noindent
 Now recall the examples shown in \eqref{ex1} and
 \eqref{ex3}. It can be easily checked that @{text "({x, y}, x \<rightarrow> y)"} and
 @{text "({y, x}, y \<rightarrow> x)"} are $\alpha$-equivalent according to
-$\approx_{\,\textit{set}}$ and $\approx_{\,\textit{res}}$ by taking @{text p} to
+$\approx_{\,\textit{set}}$ and $\approx_{\,\textit{set+}}$ by taking @{text p} to
 be the swapping @{term "(x \<rightleftharpoons> y)"}. In case of @{text "x \<noteq> y"}, then @{text
 "([x, y], x \<rightarrow> y)"} $\not\approx_{\,\textit{list}}$ @{text "([y, x], x \<rightarrow> y)"}
 since there is no permutation that makes the lists @{text "[x, y]"} and
 @{text "[y, x]"} equal, and also leaves the type \mbox{@{text "x \<rightarrow> y"}}
-unchanged. Another example is @{text "({x}, x)"} $\approx_{\,\textit{res}}$
+unchanged. Another example is @{text "({x}, x)"} $\approx_{\,\textit{set+}}$
 @{text "({x, y}, x)"} which holds by taking @{text p} to be the identity
 permutation.  However, if @{text "x \<noteq> y"}, then @{text "({x}, x)"}
 $\not\approx_{\,\textit{set}}$ @{text "({x, y}, x)"} since there is no
 permutation that makes the sets @{text "{x}"} and @{text "{x, y}"} equal
 (similarly for $\approx_{\,\textit{list}}$).  It can also relatively easily be
 \begin{equation}
 @{term "abs_set (as, x) (bs, x) \<equiv> \<exists>p. alpha_set (as, x) equal supp p (bs, x)"}
 \end{equation}
 \noindent
-(similarly for $\approx_{\,\textit{abs\_res}}$
+(similarly for $\approx_{\,\textit{abs\_set+}}$
 and $\approx_{\,\textit{abs\_list}}$). We can show that these relations are equivalence
 relations. %% and equivariant.
 \begin{lemma}\label{alphaeq}
 The relations $\approx_{\,\textit{abs\_set}}$, $\approx_{\,\textit{abs\_list}}$
-and $\approx_{\,\textit{abs\_res}}$ are equivalence relations. %, and if
+and $\approx_{\,\textit{abs\_set+}}$ are equivalence relations. %, and if
 %@{term "abs_set (as, x) (bs, y)"} then also
 %@{term "abs_set (p \<bullet> as, p \<bullet> x) (p \<bullet> bs, p \<bullet> y)"} (similarly for the other two relations).
 \end{lemma}
 \begin{proof}
 calculations.
 \end{proof}
 \noindent
 This lemma allows us to use our quotient package for introducing
-new types @{text "\<beta> abs_set"}, @{text "\<beta> abs_res"} and @{text "\<beta> abs_list"}
+new types @{text "\<beta> abs_set"}, @{text "\<beta> abs_set+"} and @{text "\<beta> abs_list"}
 representing $\alpha$-equivalence classes of pairs of type
 @{text "(atom set) \<times> \<beta>"} (in the first two cases) and of type @{text "(atom list) \<times> \<beta>"}
 (in the third case).
 The elements in these types will be, respectively, written as
 %
 \begin{center}
 \begin{tabular}{l}
 @{thm (lhs) supp_Abs(1)[no_vars]} $\;\;=\;\;$
 @{thm (lhs) supp_Abs(2)[no_vars]} $\;\;=\;\;$ @{thm (rhs) supp_Abs(2)[no_vars]}, and\\
-@{thm (lhs) supp_Abs(3)[where bs="as", no_vars]} $\;\;=\;\;$
+@{thm (lhs) supp_Abs(3)[where bs="bs", no_vars]} $\;\;=\;\;$
-@{thm (rhs) supp_Abs(3)[where bs="as", no_vars]}
+@{thm (rhs) supp_Abs(3)[where bs="bs", no_vars]}
 \end{tabular}
 \end{center}
 \end{theorem}
 \noindent
 (possibly empty) list of \emph{binding clauses}, which indicate the binders
 and their scope in a term-constructor.  They come in three \emph{modes}:
 %
 \begin{center}
 \begin{tabular}{@ {}l@ {}}
-\isacommand{bind} {\it binders} \isacommand{in} {\it bodies}\;\;\;\;
+\isacommand{bind} {\it binders} \isacommand{in} {\it bodies}\;\;\;\,
-\isacommand{bind (set)} {\it binders} \isacommand{in} {\it bodies}\;\;\;\;
+\isacommand{bind (set)} {\it binders} \isacommand{in} {\it bodies}\;\;\;\,
-\isacommand{bind (res)} {\it binders} \isacommand{in} {\it bodies}
+\isacommand{bind (set+)} {\it binders} \isacommand{in} {\it bodies}
 \end{tabular}
 \end{center}
 %
 \noindent
 The first mode is for binding lists of atoms (the order of binders matters);
 %\end{center}
 \noindent
 %Similarly for the other binding modes.
 %Interestingly, in case of \isacommand{bind (set)}
-%and \isacommand{bind (res)} the binding clauses above will make a difference to the semantics
+%and \isacommand{bind (set+)} the binding clauses above will make a difference to the semantics
 %of the specifications (the corresponding $\alpha$-equivalence will differ). We will
 %show this later with an example.
 There are also some restrictions we need to impose on our binding clauses in comparison to
 the ones of Ott. The
 alternative binder for the same body).
 For binders we distinguish between
 \emph{shallow} and \emph{deep} binders.  Shallow binders are just
 labels. The restriction we need to impose on them is that in case of
-\isacommand{bind (set)} and \isacommand{bind (res)} the labels must either
+\isacommand{bind (set)} and \isacommand{bind (set+)} the labels must either
 refer to atom types or to sets of atom types; in case of \isacommand{bind}
 the labels must refer to atom types or lists of atom types. Two examples for
 the use of shallow binders are the specification of lambda-terms, where a
 single name is bound, and type-schemes, where a finite set of names is
 bound:
 \begin{tabular}{@ {}l@ {}}
 \isacommand{nominal\_datatype}~@{text ty} $=$\\
 \hspace{5mm}\phantom{$\mid$}~@{text "TVar name"}\\
 \hspace{5mm}$\mid$~@{text "TFun ty ty"}\\
 \isacommand{and}~@{text "tsc = All xs::(name fset) T::ty"}~~%
-\isacommand{bind (res)} @{text xs} \isacommand{in} @{text T}\\
+\isacommand{bind (set+)} @{text xs} \isacommand{in} @{text T}\\
 \end{tabular}
 \end{tabular}
 \end{center}
 \noindent
 A \emph{deep} binder uses an auxiliary binding function that ``picks'' out
 the atoms in one argument of the term-constructor, which can be bound in
 other arguments and also in the same argument (we will call such binders
 \emph{recursive}, see below). The binding functions are
 expected to return either a set of atoms (for \isacommand{bind (set)} and
-\isacommand{bind (res)}) or a list of atoms (for \isacommand{bind}). They can
+\isacommand{bind (set+)}) or a list of atoms (for \isacommand{bind}). They can
 be defined by recursion over the corresponding type; the equations
 must be given in the binding function part of the scheme shown in
 \eqref{scheme}. For example a term-calculus containing @{text "Let"}s with
 tuple patterns might be specified as:
 %
 \end{equation}
 \noindent
 In this case we define a premise @{text P} using the relation
 $\approx_{\,\textit{set}}$ given in Section~\ref{sec:binders} (similarly
-$\approx_{\,\textit{res}}$ and $\approx_{\,\textit{list}}$ for the other
+$\approx_{\,\textit{set+}}$ and $\approx_{\,\textit{list}}$ for the other
 binding modes). This premise defines $\alpha$-equivalence of two abstractions
 involving multiple binders. As above, we first build the tuples @{text "D"} and
 @{text "D'"} for the bodies @{text "d"}$_{1..q}$, and the corresponding
 compound $\alpha$-relation @{text "R"} (shown in \eqref{rempty}).
 For $\approx_{\,\textit{set}}$  we also need
 \end{lemma}
 \begin{proof}
 The proof is by mutual induction over the definitions. The non-trivial
 cases involve premises built up by $\approx_{\textit{set}}$,
-$\approx_{\textit{res}}$ and $\approx_{\textit{list}}$. They
+$\approx_{\textit{set+}}$ and $\approx_{\textit{list}}$. They
 can be dealt with as in Lemma~\ref{alphaeq}.
 \end{proof}
 \noindent
 We can feed this lemma into our quotient package and obtain new types @{text
 The latter are defined automatically for the raw types @{text "ty"}$_{1..n}$
 by the datatype package of Isabelle/HOL.
 Finally we can add to our infrastructure a cases lemma (explained in the next section)
 and a structural induction principle
-for the types @{text "ty\<AL>"}$_{i..n}$. The conclusion of the induction principle is
+for the types @{text "ty\<AL>"}$_{1..n}$. The conclusion of the induction principle is
 of the form
 %
 %\begin{equation}\label{weakinduct}
 \mbox{@{text "P\<^isub>1 x\<^isub>1 \<and> \<dots> \<and> P\<^isub>n x\<^isub>n "}}
 %\end{equation}
 @{text "p \<bullet> (fa_bn\<AL>\<^isub>j  x)"} & $=$ & @{text "fa_bn\<AL>\<^isub>j (p \<bullet> x)"}\\
 \end{tabular}
 \end{center}
 %
 \noindent
-These properties can be established using the induction principle.
+These properties can be established using the induction principle for the types @{text "ty\<AL>"}$_{1..n}$.
 %%in \eqref{weakinduct}.
 Having these equivariant properties established, we can
 show that the support of term-constructors @{text "C\<^sup>\<alpha>"} is included in
 the support of its arguments, that means
 @{text "size_ty"}$^\alpha_{1..n}$, which we lifted in the previous section and which are
 all well-founded. %It is straightforward to establish that these measures decrease
 %in every induction step.
 What is left to show is that we covered all cases. To do so, we use
-a cases lemma derived for each type. For the terms in \eqref{letpat}
+a \emph{cases lemma} derived for each type. For the terms in \eqref{letpat}
 this lemma is of the form
 %
 \begin{equation}\label{weakcases}
 \infer{@{text "P\<^bsub>trm\<^esub>"}}
 {\begin{array}{l@ {\hspace{9mm}}l}
 The only remaining difficulty is that in order to derive the stronger induction
 principles conveniently, the cases lemma in \eqref{weakcases} is too weak. For this note that
 in order to apply this lemma, we have to establish @{text "P\<^bsub>trm\<^esub>"} for \emph{all} @{text Lam}- and
 \emph{all} @{text Let}-terms.
-What we need instead is a cases rule where we only have to consider terms that have
+What we need instead is a cases lemma where we only have to consider terms that have
 binders that are fresh w.r.t.~a context @{text "c"}. This gives the implications
 %
 \begin{center}
 \begin{tabular}{l}
 @{text "\<forall>a t'. t = Lam a t' \<and> {atom a} \<FRESH>\<^sup>* c \<Rightarrow> P\<^bsub>trm\<^esub>"}\\
 sense for our $\alpha$-equated terms. Third, it allows empty types that have no
 meaning in a HOL-based theorem prover. We also had to generalise slightly Ott's
 binding clauses. In Ott you specify binding clauses with a single body; we
 allow more than one. We have to do this, because this makes a difference
 for our notion of $\alpha$-equivalence in case of \isacommand{bind (set)} and
-\isacommand{bind (res)}.
+\isacommand{bind (set+)}.
 %
 %Consider the examples
 %
 %\begin{center}
 %\begin{tabular}{@ {}l@ {\hspace{2mm}}l@ {}}
 reasoning infrastructure is well beyond the purposes of his language.
 Similar work for Haskell with similar results was reported by Cheney \cite{Cheney05a}.
 In a slightly different domain (programming with dependent types), the
 paper \cite{Altenkirch10} presents a calculus with a notion of
-$\alpha$-equivalence related to our binding mode \isacommand{bind (res)}.
+$\alpha$-equivalence related to our binding mode \isacommand{bind (set+)}.
 The definition in \cite{Altenkirch10} is similar to the one by Pottier, except that it
 has a more operational flavour and calculates a partial (renaming) map.
 In this way, the definition can deal with vacuous binders. However, to our
 best knowledge, no concrete mathematical result concerning this
 definition of $\alpha$-equivalence has been proved.\\[-7mm]
 variables. For this extension we introduced new definitions of
 $\alpha$-equivalence and automated all necessary proofs in Isabelle/HOL.
 To specify general binders we used the specifications from Ott, but extended them
 in some places and restricted
 them in others so that they make sense in the context of $\alpha$-equated terms.
-We also introduced two binding modes (set and res) that do not
+We also introduced two binding modes (set and set+) that do not
 exist in Ott.
 We have tried out the extension with calculi such as Core-Haskell, type-schemes
 and approximately a  dozen of other typical examples from programming
 language research~\cite{SewellBestiary}.
 %The code

changeset 2637	3890483c674f
parent 2605	213786e0bd45
child 2742	f1192e3474e0