nominal2: comparison Paper/Paper.thy

equal deleted inserted replaced

-:90779aefbf1a
+:431cf4e6a7e2
 %also there one would like to bind multiple variables at once.
 Binding multiple variables has interesting properties that cannot be captured
 easily by iterating single binders. For example in the case of type-schemes we do not
 want to make a distinction about the order of the bound variables. Therefore
-we would like to regard the following two type-schemes as $\alpha$-equivalent
+we would like to regard the first pair of type-schemes as $\alpha$-equivalent,
+but assuming that @{text x}, @{text y} and @{text z} are distinct variables,
+the second pair should \emph{not} be $\alpha$-equivalent:
 %
 \begin{equation}\label{ex1}
-@{text "\<forall>{x, y}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{y, x}. x \<rightarrow> y"}
+@{text "\<forall>{x, y}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{y, x}. x \<rightarrow> y"}\hspace{10mm}
-\end{equation}
+@{text "\<forall>{x, y}. x \<rightarrow> y  \<notapprox>\<^isub>\<alpha>  \<forall>{z}. z \<rightarrow> z"}
-%
-\noindent
-but assuming that @{text x}, @{text y} and @{text z} are distinct variables,
-the following two should \emph{not} be $\alpha$-equivalent
-%
-\begin{equation}\label{ex2}
-@{text "\<forall>{x, y}. x \<rightarrow> y  \<notapprox>\<^isub>\<alpha>  \<forall>{z}. z \<rightarrow> z"}
 \end{equation}
 %
 \noindent
 Moreover, we like to regard type-schemes as $\alpha$-equivalent, if they differ
 only on \emph{vacuous} binders, such as
 @{text "\<LET> x = 3 \<AND> y = 2 \<IN> x - y \<END>"}
 \end{equation}
 \noindent
 we might not care in which order the assignments @{text "x = 3"} and
-\mbox{@{text "y = 2"}} are given, but it would be unusual to regard
+\mbox{@{text "y = 2"}} are given, but it would be often unusual to regard
 \eqref{one} as $\alpha$-equivalent with
 %
 \begin{center}
 @{text "\<LET> x = 3 \<AND> y = 2 \<AND> z = loop \<IN> x - y \<END>"}
 \end{center}
 from the Ott-tool, but we introduce crucial restrictions, and also extensions, so
 that our specifications make sense for reasoning about $\alpha$-equated terms.
 The main improvement over Ott is that we introduce three binding modes
 (only one is present in Ott), provide formalised definitions for $\alpha$-equivalence and
 for free variables of our terms, and also derive a reasoning infrastructure
-for our specifications inside Isabelle/HOL from ``first principles''.
+for our specifications from ``first principles''.
 %\begin{figure}
 %\begin{boxedminipage}{\linewidth}
 %%\begin{center}
 Two central notions in the nominal logic work are sorted atoms and
 sort-respecting permutations of atoms. We will use the letters @{text "a,
 b, c, \<dots>"} to stand for atoms and @{text "p, q, \<dots>"} to stand for
 permutations. The purpose of atoms is to represent variables, be they bound or free.
-The sorts of atoms can be used to represent different kinds of
+%The sorts of atoms can be used to represent different kinds of
-variables, such as the term-, coercion- and type-variables in Core-Haskell.
+%variables, such as the term-, coercion- and type-variables in Core-Haskell.
 It is assumed that there is an infinite supply of atoms for each
 sort. In the interest of brevity, we shall restrict ourselves
 in what follows to only one sort of atoms.
 Permutations are bijective functions from atoms to atoms that are
 \begin{center}
 @{text "fa(x) = {x}"}  \hspace{5mm} @{text "fa(T\<^isub>1 \<rightarrow> T\<^isub>2) = fa(T\<^isub>1) \<union> fa(T\<^isub>2)"}
 \end{center}
 \noindent
-Now recall the examples shown in \eqref{ex1}, \eqref{ex2} and
+Now recall the examples shown in \eqref{ex1} and
 \eqref{ex3}. It can be easily checked that @{text "({x, y}, x \<rightarrow> y)"} and
 @{text "({y, x}, y \<rightarrow> x)"} are $\alpha$-equivalent according to
 $\approx_{\,\textit{set}}$ and $\approx_{\,\textit{res}}$ by taking @{text p} to
 be the swapping @{term "(x \<rightleftharpoons> y)"}. In case of @{text "x \<noteq> y"}, then @{text
 "([x, y], x \<rightarrow> y)"} $\not\approx_{\,\textit{list}}$ @{text "([y, x], x \<rightarrow> y)"}
 \begin{theorem}[Support of Abstractions]\label{suppabs}
 Assuming @{text x} has finite support, then
 \begin{center}
 \begin{tabular}{l}
-@{thm (lhs) supp_Abs(1)[no_vars]} $=$
+@{thm (lhs) supp_Abs(1)[no_vars]} $\;\;=\;\;$
-@{thm supp_Abs(2)[no_vars]}, and\\
+@{thm (lhs) supp_Abs(2)[no_vars]} $\;\;=\;\;$ @{thm (rhs) supp_Abs(2)[no_vars]}, and\\
-@{thm supp_Abs(3)[where bs="as", no_vars]}
+@{thm (lhs) supp_Abs(3)[where bs="as", no_vars]} $\;\;=\;\;$
+@{thm (rhs) supp_Abs(3)[where bs="as", no_vars]}
 \end{tabular}
 \end{center}
 \end{theorem}
 \noindent
 This theorem states that the bound names do not appear in the support.
 For brevity we omit the proof and again refer the reader to
-our formalisation in Isabelle/HOL (or the appendix).
+our formalisation in Isabelle/HOL.
 %\noindent
 %Below we will show the first equation. The others
 %follow by similar arguments. By definition of the abstraction type @{text "abs_set"}
 %we have
 the use of shallow binders are the specification of lambda-terms, where a
 single name is bound, and type-schemes, where a finite set of names is
 bound:
 \begin{center}\small
-\begin{tabular}{@ {}c@ {\hspace{10mm}}c@ {}}
+\begin{tabular}{@ {}c@ {\hspace{7mm}}c@ {}}
 \begin{tabular}{@ {}l}
 \isacommand{nominal\_datatype} @{text lam} $=$\\
-\hspace{5mm}\phantom{$\mid$}~@{text "Var name"}\\
+\hspace{2mm}\phantom{$\mid$}~@{text "Var name"}\\
-\hspace{5mm}$\mid$~@{text "App lam lam"}\\
+\hspace{2mm}$\mid$~@{text "App lam lam"}\\
-\hspace{5mm}$\mid$~@{text "Lam x::name t::lam"}\\
+\hspace{2mm}$\mid$~@{text "Lam x::name t::lam"}~~\isacommand{bind} @{text x} \isacommand{in} @{text t}\\
-\hspace{24mm}\isacommand{bind} @{text x} \isacommand{in} @{text t}\\
 \end{tabular} &
 \begin{tabular}{@ {}l@ {}}
 \isacommand{nominal\_datatype}~@{text ty} $=$\\
 \hspace{5mm}\phantom{$\mid$}~@{text "TVar name"}\\
 \hspace{5mm}$\mid$~@{text "TFun ty ty"}\\
-\isacommand{and}~@{text "tsc = All xs::(name fset) T::ty"}\\
+\isacommand{and}~@{text "tsc = All xs::(name fset) T::ty"}~~%
-\hspace{29mm}\isacommand{bind (res)} @{text xs} \isacommand{in} @{text T}\\
+\isacommand{bind (res)} @{text xs} \isacommand{in} @{text T}\\
 \end{tabular}
 \end{tabular}
 \end{center}
 \noindent
 To make sure that atoms bound by deep binders cannot be free at the
 same time, we cannot have more than one binding function for a deep binder.
 Consequently we exclude specifications such as
 %
-\begin{center}
+\begin{center}\small
 \begin{tabular}{@ {}l@ {\hspace{2mm}}l@ {}}
 @{text "Baz\<^isub>1 p::pat t::trm"} &
 \isacommand{bind} @{text "bn\<^isub>1(p) bn\<^isub>2(p)"} \isacommand{in} @{text t}\\
 @{text "Baz\<^isub>2 p::pat t\<^isub>1::trm t\<^isub>2::trm"} &
 \isacommand{bind} @{text "bn\<^isub>1(p)"} \isacommand{in} @{text "t\<^isub>1"},
 In the previous section we derived induction principles for $\alpha$-equated terms.
 We call such induction principles \emph{weak}, because for a
 term-constructor \mbox{@{text "C\<^sup>\<alpha> x\<^isub>1\<dots>x\<^isub>r"}}
 the induction hypothesis requires us to establish the implications \eqref{weakprem}.
 The problem with these implications is that in general they are difficult to establish.
-The reason is that we cannot make any assumption about the binders that might be in @{text "C\<^sup>\<alpha>"}.
+The reason is that we cannot make any assumption about the bound atoms that might be in @{text "C\<^sup>\<alpha>"}.
 %%(for example we cannot assume the variable convention for them).
 In \cite{UrbanTasson05} we introduced a method for automatically
 strengthening weak induction principles for terms containing single
 binders. These stronger induction principles allow the user to make additional
-assumptions about binders.
+assumptions about bound atoms.
 %These additional assumptions amount to a formal
 %version of the informal variable convention for binders.
 To sketch how this strengthening extends to the case of multiple binders, we use as
 running example the term-constructors @{text "Lam"} and @{text "Let"}
 from example \eqref{letpat}. Instead of establishing @{text " P\<^bsub>trm\<^esub> t \<and> P\<^bsub>pat\<^esub> p"},
 \end{tabular}
 \end{center}
 In \cite{UrbanTasson05} we showed how the weaker induction principles imply
 the stronger ones. This was done by some quite complicated, nevertheless automated,
-induction proofs. In this paper we simplify this work by leveraging the automated proof
+induction proof. In this paper we simplify this work by leveraging the automated proof
 methods from the function package of Isabelle/HOL.
 The reasoning principle these methods employ is well-founded induction.
 To use them in our setting, we have to discharge
 two proof obligations: one is that we have
 well-founded measures (for each type @{text "ty"}$^\alpha_{1..n}$) that decrease in
 every induction step and the other is that we have covered all cases.
 As measures we use the size functions
 @{text "size_ty"}$^\alpha_{1..n}$, which we lifted in the previous section and which are
-all well-founded. It is straightforward to establish that these measures decrease
+all well-founded. %It is straightforward to establish that these measures decrease
-in every induction step.
+%in every induction step.
 What is left to show is that we covered all cases. To do so, we use
 a cases lemma derived for each type. For the terms in \eqref{letpat}
 this lemma is of the form
 %
 permutes names bound by @{text bn} and leaves the other names unchanged. We do this again
 by lifting. For a
 clause @{text "bn (C x\<^isub>1 \<dots> x\<^isub>r) = rhs"}, we define
 %
 \begin{center}
-@{text "p \<bullet>\<^bsub>bn\<^esub> (C x\<^isub>1 \<dots> x\<^isub>r) \<equiv> C y\<^isub>1 \<dots> y\<^isub>r"} \;\; with
+@{text "p \<bullet>\<^bsub>bn\<^esub> (C x\<^isub>1 \<dots> x\<^isub>r) \<equiv> C y\<^isub>1 \<dots> y\<^isub>r"}  with
 $\begin{cases}
 \text{@{text "y\<^isub>i \<equiv> x\<^isub>i"} provided @{text "x\<^isub>i"} does not occur in @{text "rhs"}}\\
 \text{@{text "y\<^isub>i \<equiv> p \<bullet>\<^bsub>bn'\<^esub> x\<^isub>i"} provided @{text "bn' x\<^isub>i"} is in @{text "rhs"}}\\
 \text{@{text "y\<^isub>i \<equiv> p \<bullet> x\<^isub>i"} otherwise}
 \end{cases}$
 Ott can also generate theorem prover code using a raw representation of
 terms, and in Coq also a locally nameless representation. The developers of
 this tool have also put forward (on paper) a definition for
 $\alpha$-equivalence of terms that can be specified in Ott.  This definition is
 rather different from ours, not using any nominal techniques.  To our
-knowledge there is also no concrete mathematical result concerning this
+knowledge there is no concrete mathematical result concerning this
 notion of $\alpha$-equivalence.  Also the definition for the
 notion of free variables
 is work in progress.
 Although we were heavily inspired by the syntax of Ott,
-its definition of $\alpha$-equivalence is unsuitable for our extension of
+its definition of $\alpha$-equi\-valence is unsuitable for our extension of
 Nominal Isabelle. First, it is far too complicated to be a basis for
 automated proofs implemented on the ML-level of Isabelle/HOL. Second, it
 covers cases of binders depending on other binders, which just do not make
 sense for our $\alpha$-equated terms. Third, it allows empty types that have no
 meaning in a HOL-based theorem prover. We also had to generalise slightly Ott's
 them in others so that they make sense in the context of $\alpha$-equated terms.
 We also introduced two binding modes (set and res) that do not
 exist in Ott.
 We have tried out the extension with calculi such as Core-Haskell, type-schemes
 and approximately a  dozen of other typical examples from programming
-language research~\cite{SewellBestiary}. The code
+language research~\cite{SewellBestiary}.
-will eventually become part of the next Isabelle distribution.\footnote{For the moment
+%The code
-it can be downloaded from the Mercurial repository linked at
+%will eventually become part of the next Isabelle distribution.\footnote{For the moment
-\href{http://isabelle.in.tum.de/nominal/download}
+%it can be downloaded from the Mercurial repository linked at
-{http://isabelle.in.tum.de/nominal/download}.}
+%\href{http://isabelle.in.tum.de/nominal/download}
+%{http://isabelle.in.tum.de/nominal/download}.}
 We have left out a discussion about how functions can be defined over
 $\alpha$-equated terms involving general binders. In earlier versions of Nominal
-Isabelle \cite{UrbanBerghofer06} this turned out to be a thorny issue.  We
+Isabelle this turned out to be a thorny issue.  We
 hope to do better this time by using the function package that has recently
 been implemented in Isabelle/HOL and also by restricting function
-definitions to equivariant functions (for such functions we can
+definitions to equivariant functions (for them we can
 provide more automation).
 %There are some restrictions we imposed in this paper that we would like to lift in
 %future work. One is the exclusion of nested datatype definitions. Nested
 %datatype definitions allow one to specify, for instance, the function kinds
 \noindent
 {\bf Acknowledgements:} %We are very grateful to Andrew Pitts for
 %many discussions about Nominal Isabelle.
 We thank Peter Sewell for
 making the informal notes \cite{SewellBestiary} available to us and
-also for patiently explaining some of the finer points of the work on the Ott-tool.
+also for patiently explaining some of the finer points of the Ott-tool.\\[-7mm]
 %Stephanie Weirich suggested to separate the subgrammars
 %of kinds and types in our Core-Haskell example. \\[-6mm]
 *}

changeset 2604	431cf4e6a7e2
parent 2580	6b3e8602edcf
child 2605	213786e0bd45