nominal2: comparison LMCS-Paper/Paper.thy

equal deleted inserted replaced

-:e57c175d9214
+:4fafa8d219dc
 non-empty and the types in the constructors only occur in positive
 position (see \cite{Berghofer99} for an in-depth description of the datatype package
 in Isabelle/HOL).
 We subsequently define each of the user-specified binding
 functions @{term "bn"}$_{1..m}$ by recursion over the corresponding
-raw datatype. We also define permutation operations by
+``raw'' datatype. We also define permutation operations by
 recursion so that for each term constructor @{text "C"} we have that
 \begin{equation}\label{ceqvt}
 @{text "\<pi> \<bullet> (C z\<^isub>1 \<dots> z\<^isub>n) = C (\<pi> \<bullet> z\<^isub>1) \<dots> (\<pi> \<bullet> z\<^isub>n)"}
 \end{equation}\smallskip
 to be ``under'' the binder. Such a premise is \emph{not} needed in @{text "Let_rec"},
 because there all components of an assignment are ``under'' the binder.
 Note also that in case of more than one body (e.g.~in the @{text "Let_rec"}-case)
 we need to parametrise the relation $\approx_{\textit{list}}$ with a compound
 equivalence relation and a compound free-atom function. This is because the
-corresponding binding cluase specifies a binder with two bodies.
+corresponding binding clause specifies a binder with two bodies.
 *}
 section {* Establishing the Reasoning Infrastructure *}
 text {*
 @{text "(ii)"} The relations @{text "\<approx>ty"}$_{1..n}$ and
 @{text "\<approx>bn"}$_{1..m}$ are equivariant.
 \end{lem}
 \begin{proof}
-The function package of Isabelle/HOL \cite{Krauss09} allows us to prove the
+The function package of Isabelle/HOL allows us to prove the first part by
-first part is by mutual induction over the definitions of the functions.\footnote{We
+mutual induction over the definitions of the functions.\footnote{We have
-know that they are terminating functions. From this an induction principle
+that they are terminating functions. From this an induction principle is
-is derived by the function package.} The second is by a straightforward
+derived by the function package \cite{Krauss09}.} The second is by a
-induction over the rules of @{text "\<approx>ty"}$_{1..n}$ and @{text "\<approx>bn"}$_{1..m}$ using
+straightforward induction over the rules of @{text "\<approx>ty"}$_{1..n}$ and
-the first part.
+@{text "\<approx>bn"}$_{1..m}$ using the first part.
 \end{proof}
 \noindent
 Next we establish that the alpha-equivalence relations defined in the
 previous section are indeed equivalence relations.
 \noindent
 We call these conditions as \emph{quasi-injectivity}. They correspond to
 the premises in our alpha-equiva\-lence relations, with the exception that
 in case of binders the relations $\approx_{\textit{set}}^{\textit{R}, \textit{fa}}$
-are replaced by $\approx_{\textit{set}}^{=, \textit{fa}}$.
+are replaced by $\approx_{\textit{set}}^{=, \textit{fa}}$ (similarly for the
+other binding modes).
 Next we can lift the permutation operations defined in \eqref{ceqvt}. In
 order to make this lifting to go through, we have to show that the
 permutation operations are respectful. This amounts to showing that the
 alpha-equivalence relations are equivariant, which
 \noindent
 to our infrastructure. In a similar fashion we can lift the defining equations
 of the free-atom functions @{text "fn_ty\<AL>"}$_{1..n}$ and
 @{text "fa_bn\<AL>"}$_{1..m}$ as well as of the binding functions @{text
-"bn\<AL>"}$_{1..m}$ and the size functions @{text "size_ty\<AL>"}$_{1..n}$.
+"bn\<AL>"}$_{1..m}$ and size functions @{text "size_ty\<AL>"}$_{1..n}$.
-The latter are defined automatically for the raw types @{text "ty"}$_{1..n}$
+The latter are defined automatically for the ``raw'' types @{text "ty"}$_{1..n}$
 by the datatype package of Isabelle/HOL.
 Finally we can add to our infrastructure cases lemmas and a (mutual)
 induction principle for the types @{text "ty\<AL>"}$_{1..n}$. The cases
 lemmas allow the user to deduce a property @{text "P"} by exhaustively
-analysing all cases how an element in a type @{text "ty\<AL>"}$_i$ can
+analysing how an element in a type, say @{text "ty\<AL>"}$_i$, can be
-be constructed (that means one case for each of term-constructors
+constructed (that means one case for each of the term-constructors in @{text
-of type @{text "ty\<AL>"}$_i\,$). The lifted cases
+"ty\<AL>"}$_i\,$). The lifted cases lemma for the type @{text
-lemma for the type @{text "ty\<AL>"}$_i\,$ looks as
+"ty\<AL>"}$_i\,$ looks as follows
-follows
+\begin{equation}\label{cases}
-\[
 \infer{P}
 {\begin{array}{l}
 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>k. y = C\<AL>\<^isub>1 x\<^isub>1 \<dots> x\<^isub>k \<Rightarrow> P"}\\
 \hspace{5mm}\ldots\\
 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>l. y = C\<AL>\<^isub>m x\<^isub>1 \<dots> x\<^isub>l \<Rightarrow> P"}\\
 \end{array}}
-\]\smallskip
+\end{equation}\smallskip
 \noindent
 where @{text "y"} is a variable of type @{text "ty"}$_i$ and @{text "P"} is the
 property that is established by the case analysis. Similarly, we have a (mutual)
 induction principle for the types @{text "ty\<AL>"}$_{1..n}$, which is of the
 form
-\[
+\begin{equation}\label{induct}
 \infer{@{text "P\<^isub>1 y\<^isub>1 \<and> \<dots> \<and> P\<^isub>n y\<^isub>n "}}
 {\begin{array}{l}
 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>k. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<AL>\<^isub>1 x\<^isub>1 \<dots> x\<^isub>k)"}\\
 \hspace{5mm}\ldots\\
 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>l. P\<^isub>r x\<^isub>r \<and> \<dots> \<and> P\<^isub>s x\<^isub>s \<Rightarrow> P (C\<AL>\<^isub>m x\<^isub>1 \<dots> x\<^isub>l)"}\\
 \end{array}}
-\]\smallskip
+\end{equation}\smallskip
 \noindent
-whereby the @{text P}$_{1..n}$ are the properties established by induction
+whereby the @{text P}$_{1..n}$ are the properties established by the induction
-and the @{text y}$_{1..n}$ are of type @{text "ty\<AL>"}$_{1..n}$.
+and the @{text y}$_{1..n}$ are of type @{text "ty\<AL>"}$_{1..n}$. Note that
-This induction principle has for the term constructors @{text "C"}$^\alpha_1$
+the induction principle has for the term constructors @{text "C"}$^\alpha_1$ a
-a premise of the form
+premise of the form
-\begin{equation}\label{weakprem}
+\[
 \mbox{@{text "\<forall>x\<^isub>1\<dots>x\<^isub>k. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<AL>\<^sub>1 x\<^isub>1 \<dots> x\<^isub>k)"}}
-\end{equation}\smallskip
+\]\smallskip
 \noindent
-in which the @{text "x"}$_{i..j}$ @{text "\<subseteq>"} @{text "x"}$_{1..k}$ are
+in which the @{text "x"}$_{i..j}$ @{text "\<subseteq>"} @{text "x"}$_{1..k}$ are the
-the recursive arguments of this term constructor (similarly for the other
+recursive arguments of this term constructor (similarly for the other
-term-constructors). In case of the lambda-calculus (with constructors
+term-constructors).
-@{text "Var\<^sup>\<alpha>"},  @{text "App\<^sup>\<alpha>"} and  @{text "Lam\<^sup>\<alpha>"}),
-the cases lemmas and the induction principle boil down to the following
+Recall the lambda-calculus with @{text "Let"}-patterns shown in
-two inference rules:
+\eqref{letpat}. The cases lemmas and the induction principle shown in
+\eqref{cases} and \eqref{induct} boil down to the following three inference
-\[\mbox{
+rules (the cases lemmas are on the left-hand side; the induction principle
+on the right):
+\begin{equation}\label{inductex}\mbox{
 \begin{tabular}{c@ {\hspace{10mm}}c}
-\infer{@{text "P"}}
+\begin{tabular}{@ {}c@ {}}
+\infer{@{text "P\<^bsub>trm\<^esub>"}}
 {\begin{array}{l}
-@{text "\<forall>x. y = Var\<^sup>\<alpha> x \<Rightarrow> P"}\\
+@{text "\<forall>x. y = Var\<^sup>\<alpha> x \<Rightarrow> P\<^bsub>trm\<^esub>"}\\
-@{text "\<forall>x\<^isub>1 x\<^isub>2. y = App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub>"}\\
-@{text "\<forall>x\<^isub>1 x\<^isub>2. y = Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P"}
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub>"}\\
-\end{array}} &
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = Let\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub>"}
+\end{array}}\medskip\\
-\infer{@{text "P y"}}
+\infer{@{text "P\<^bsub>pat\<^esub>"}}
 {\begin{array}{l}
-@{text "\<forall>x. P (Var\<^sup>\<alpha> x)"}\\
+@{text "y = PNil\<^sup>\<alpha>  \<Rightarrow> P\<^bsub>pat\<^esub>"}\\
-@{text "\<forall>x\<^isub>1 x\<^isub>2. P x\<^isub>1 \<and> P x\<^isub>2 \<Rightarrow> P (App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
+@{text "\<forall>x. y = PVar\<^sup>\<alpha> x \<Rightarrow> P\<^bsub>pat\<^esub>"}\\
-@{text "\<forall>x\<^isub>1 x\<^isub>2. P x\<^isub>2 \<Rightarrow> P (Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = PTup\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P\<^bsub>pat\<^esub>"}
 \end{array}}
-\end{tabular}}
+\end{tabular}
-\]\smallskip
+&
-\noindent
+\begin{tabular}{@ {}c@ {}}
-We will show in the next section that these inference rules are not very
+\infer{@{text "P\<^bsub>trm\<^esub> y\<^isub>1 \<and> P\<^bsub>pat\<^esub> y\<^isub>2"}}
-convenient for the user to establish properties about lambda-terms, but
+{\begin{array}{l}
-they are crucial for completing our reasoning infrastructure for the
+@{text "\<forall>x. P\<^bsub>trm\<^esub> (Var\<^sup>\<alpha> x)"}\\
-types @{text "ty\<AL>"}$_{1..n}$.
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P\<^bsub>trm\<^esub> x\<^isub>1 \<and> P\<^bsub>trm\<^esub> x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub> (App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P\<^bsub>trm\<^esub> x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub> (Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P\<^bsub>pat\<^esub> x\<^isub>1 \<and> P\<^bsub>trm\<^esub> x\<^isub>2 \<Rightarrow> P\<^bsub>trm\<^esub> (Let\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
+@{text "P\<^bsub>pat\<^esub> (PNil\<^sup>\<alpha>)"}\\
+@{text "\<forall>x. P\<^bsub>pat\<^esub> (PVar\<^sup>\<alpha> x)"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P\<^bsub>pat\<^esub> x\<^isub>1 \<and> P\<^bsub>pat\<^esub> x\<^isub>2 \<Rightarrow> P\<^bsub>pat\<^esub> (PTup\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}
+\end{array}}
+\end{tabular}
+\end{tabular}}
+\end{equation}\smallskip
 By working now completely on the alpha-equated level, we
-can first show that the free-atom functions and binding functions are
+can first show using \eqref{calphaeqvt} that the support of each term
-equivariant, namely
+constructor is included in the support of its arguments,
+namely
+\[
+@{text "(supp x\<^isub>1 \<union> \<dots> \<union> supp x\<^isub>r) supports (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r)"}
+\]\smallskip
+\noindent
+This allows us to prove using the induction principle for  @{text "ty\<AL>"}$_{1..n}$
+that every element of type @{text "ty\<AL>"}$_{1..n}$ is finitely supported
+(using Prop.~\ref{supportsprop}{\it (i)}).
+Similarly, we can establish by induction that the free-atom functions and binding
+functions are equivariant, namely
 \[\mbox{
 \begin{tabular}{rcl}
 @{text "\<pi> \<bullet> (fa_ty\<AL>\<^isub>i  x)"} & $=$ & @{text "fa_ty\<AL>\<^isub>i (\<pi> \<bullet> x)"}\\
 @{text "\<pi> \<bullet> (fa_bn\<AL>\<^isub>j  x)"} & $=$ & @{text "fa_bn\<AL>\<^isub>j (\<pi> \<bullet> x)"}\\
 \end{tabular}}
 \]\smallskip
 \noindent
-These properties can be established using the induction principle for the
+Lastly, we can show that the support of elements in @{text
-types @{text "ty\<AL>"}$_{1..n}$.  Having these
+"ty\<AL>"}$_{1..n}$ is the same as @{text "fa_ty\<AL>"}$_{1..n}$.  This fact
-equivariant properties at our disposal, we can show that the support of
+is important in the nominal setting where the general theory is formulated
-term-constructors @{text "C\<^sup>\<alpha>"} is included in the support of its
+in terms of support and freshness, but also provides evidence that our
-arguments, that means
+notions of free-atoms and alpha-equivalence ``match up''.
-\[
-@{text "supp (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r) \<subseteq> (supp x\<^isub>1 \<union> \<dots> \<union> supp x\<^isub>r)"}
-\]\smallskip
-\noindent
-holds. This allows us to prove by induction that every @{text x} of type
-@{text "ty\<AL>"}$_{1..n}$ is finitely supported. This can be again shown by
-the induction principle for  @{text "ty\<AL>"}$_{1..n}$. Lastly, we can show that the
-support of elements in @{text "ty\<AL>"}$_{1..n}$ is the same as @{text
-"fa_ty\<AL>"}$_{1..n}$.  This fact is important in the nominal setting
-where the general theory is formulated in terms of @{text "supp"} and @{text "#"}, but
-also provides evidence that our notions of free-atoms and alpha-equivalence
-are sensible.
 \begin{thm}
 For @{text "x"}$_{1..n}$ with type @{text "ty\<AL>"}$_{1..n}$, we have
 @{text "supp x\<^isub>i = fa_ty\<AL>\<^isub>i x\<^isub>i"}.
 \end{thm}
 \begin{proof}
 The proof is by induction. In each case
 we unfold the definition of @{text "supp"}, move the swapping inside the
 term-constructors and then use the quasi-injectivity lemmas in order to complete the
-proof. For the abstraction cases we use the facts derived in Theorem~\ref{suppabs}.
+proof. For the abstraction cases we use then the facts derived in Theorem~\ref{suppabs},
+for which we have to know that every body of an abstraction is finitely supported.
+This we have proved earlier.
 \end{proof}
 \noindent
-To sum up this section, we can establish automatically a reasoning infrastructure
+To sum up this section, we can establish a reasoning infrastructure for the
-for the types @{text "ty\<AL>"}$_{1..n}$
+types @{text "ty\<AL>"}$_{1..n}$ by first lifting definitions from the
-by first lifting definitions from the ``raw'' level to the quotient level and
+``raw'' level to the quotient level and then by proving facts about
-then by establishing facts about these lifted definitions. All necessary proofs
+these lifted definitions. All necessary proofs are generated automatically
-are generated automatically by custom ML-code.
+by custom ML-code.
 *}
 section {* Strong Induction Principles *}
 text {*
-In the previous section we derived induction principles for alpha-equated terms.
+In the previous section we derived induction principles for alpha-equated
-We call such induction principles \emph{weak}, because for a
+terms (see \eqref{induct} and \eqref{inductex}). This was done by lifting
-term-constructor \mbox{@{text "C\<^sup>\<alpha> x\<^isub>1\<dots>x\<^isub>r"}}
+the corresponding inductions principles for ``raw'' terms.  We already
-the induction hypothesis requires us to establish the implications \eqref{weakprem}.
+employed these induction principles in order to derive several facts for
-The problem with these implications is that in general they are difficult to establish.
+alpha-equated terms, including the property that the free-variable functions
-The reason is that we cannot make any assumption about the bound atoms that might be in @{text "C\<^sup>\<alpha>"}.
+and the notion of support coincide. Still, we call these induction
-(for example we cannot assume the variable convention for them).
+principles \emph{weak}, because for a term-constructor, say \mbox{@{text
+"C\<^sup>\<alpha> x\<^isub>1\<dots>x\<^isub>r"}}, the induction hypothesis requires us to
-In \cite{UrbanTasson05} we introduced a method for automatically
+establish (under some assumptions) a property @{text "P (C\<^sup>\<alpha>
-strengthening weak induction principles for terms containing single
+x\<^isub>1\<dots>x\<^isub>r)"} for \emph{all} @{text "x"}$_{1..r}$. The problem is that in the
-binders. These stronger induction principles allow the user to make additional
+presence of binders we cannot make any assumptions about the atoms that are
-assumptions about bound atoms.
+bound, and we have to potentially rename them. This renaming has to be
-These additional assumptions amount to a formal
+done manually and is often very cumbersome (especially in the case for
-version of the informal variable convention for binders.
+multiple bound atoms).
-To sketch how this strengthening extends to the case of multiple binders, we use as
-running example the term-constructors @{text "Lam"} and @{text "Let"}
+For the older versions of Nominal Isabelle we introduced in
-from example \eqref{letpat}. Instead of establishing @{text " P\<^bsub>trm\<^esub> t \<and> P\<^bsub>pat\<^esub> p"},
+\cite{UrbanTasson05} a method for automatically strengthening weak induction
-the stronger induction principle for \eqref{letpat} establishes properties @{text " P\<^bsub>trm\<^esub> c t \<and> P\<^bsub>pat\<^esub> c p"}
+principles in case of single binders. These stronger induction principles
-where the additional parameter @{text c} controls
+allow the user to make additional assumptions about bound atoms. The main
-which freshness assumptions the binders should satisfy. For the two term constructors
+point is that these additional assumptions amount to a formal version of the
-this means that the user has to establish in inductions the implications
+informal variable convention for binders and nearly always make manual
+renaming of binders unnecessary.
-\begin{center}
-\begin{tabular}{l}
+To explain how the strengthening works in the presence of multiple binders,
-@{text "\<forall>a t c. {atom a} \<FRESH>\<^sup>* c \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t) \<Rightarrow> P\<^bsub>trm\<^esub> c (Lam a t)"}\\
+we use as running example the lambda-calculus with @{text "Let"}-patterns
-@{text "\<forall>p t c. (set (bn p)) \<FRESH>\<^sup>* c \<and> (\<forall>d. P\<^bsub>pat\<^esub> d p) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d t) \<and> \<Rightarrow> P\<^bsub>trm\<^esub> c (Let p t)"}\\%[-0mm]
+shown in \eqref{letpat}. Its weak induction principle is given in \eqref{inductex}.
-\end{tabular}
+The stronger induction principle is as follows
-\end{center}
+\begin{equation}\label{stronginduct}
-In \cite{UrbanTasson05} we showed how the weaker induction principles imply
+\mbox{
-the stronger ones. This was done by some quite complicated, nevertheless automated,
+\begin{tabular}{@ {}c@ {}}
-induction proof. In this paper we simplify this work by leveraging the automated proof
+\infer{@{text "P\<^bsub>trm\<^esub> c y\<^isub>1 \<and> P\<^bsub>pat\<^esub> c y\<^isub>2"}}
-methods from the function package of Isabelle/HOL.
+{\begin{array}{l}
-The reasoning principle these methods employ is well-founded induction.
+@{text "\<forall>x c. P\<^bsub>trm\<^esub> c (Var\<^sup>\<alpha> x)"}\\
-To use them in our setting, we have to discharge
+@{text "\<forall>x\<^isub>1 x\<^isub>2 c. (\<forall>d. P\<^bsub>trm\<^esub> d x\<^isub>1) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d x\<^isub>2) \<Rightarrow> P\<^bsub>trm\<^esub> c (App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
-two proof obligations: one is that we have
+@{text "\<forall>x\<^isub>1 x\<^isub>2 c. {atom x\<^isub>1} #\<^sup>* c \<and> (\<forall>d. P\<^bsub>trm\<^esub> d x\<^isub>2) \<Rightarrow> P\<^bsub>trm\<^esub> c (Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
-well-founded measures (for each type @{text "ty"}$^\alpha_{1..n}$) that decrease in
+@{text "\<forall>x\<^isub>1 x\<^isub>2 c. (set (bn x\<^isub>1)) #\<^sup>* c \<and> (\<forall>d. P\<^bsub>pat\<^esub> d x\<^isub>1) \<and> (\<forall>d. P\<^bsub>trm\<^esub> d x\<^isub>2) \<Rightarrow> P\<^bsub>trm\<^esub> c (Let\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
-every induction step and the other is that we have covered all cases.
+@{text "\<forall>c. P\<^bsub>pat\<^esub> c (PNil\<^sup>\<alpha>)"}\\
-As measures we use the size functions
+@{text "\<forall>x c. P\<^bsub>pat\<^esub> c (PVar\<^sup>\<alpha> x)"}\\
-@{text "size_ty"}$^\alpha_{1..n}$, which we lifted in the previous section and which are
+@{text "\<forall>x\<^isub>1 x\<^isub>2 c. (\<forall>d. P\<^bsub>pat\<^esub> d x\<^isub>1) \<and> (\<forall>d. P\<^bsub>pat\<^esub> d x\<^isub>2) \<Rightarrow> P\<^bsub>pat\<^esub> c (PTup\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}
-all well-founded. It is straightforward to establish that these measures decrease
+\end{array}}
-in every induction step.
+\end{tabular}}
+\end{equation}\smallskip
-What is left to show is that we covered all cases. To do so, we use
-a \emph{cases lemma} derived for each type. For the terms in \eqref{letpat}
+\noindent
+Instead of establishing the two properties @{text " P\<^bsub>trm\<^esub> y\<^isub>1 \<and>
+P\<^bsub>pat\<^esub> y\<^isub>2"}, as the weak one does, the stronger
+induction principle establishes the properties @{text " P\<^bsub>trm\<^esub> c
+y\<^isub>1 \<and> P\<^bsub>pat\<^esub> c y\<^isub>2"} in which the additional
+parameter @{text c} is assumed to be of finite support. The purpose of
+@{text "c"} is to ``control'' which freshness assumptions the binders should
+satisfy in the @{text "Lam\<^sup>\<alpha>"} and @{text "Let\<^sup>\<alpha>"} cases (these are the cases
+where the user specified some binding clauses).
+In what follows we will show that the induction principle in
+\eqref{inductex} implies \eqref{stronginduct}. This fact was established in
+\cite{UrbanTasson05} by some quite involved, nevertheless automated,
+induction proof. In this paper we simplify the proof by leveraging the
+automated proof methods from the function package of Isabelle/HOL
+\cite{Krauss09}. The reasoning principle behind these methods is
+well-founded induction. To use them in our setting, we have to discharge two
+proof obligations: one is that we have well-founded measures (one for each type
+@{text "ty"}$^\alpha_{1..n}$) that decrease in every induction step and the
+other is that we have covered all cases.
+As measures we can use the size functions @{text "size_ty"}$^\alpha_{1..n}$,
+which we lifted in the previous section and which are all well-founded. It
+is straightforward to establish that these measures decrease in every
+induction step. What is left to show is that we covered all cases.
+To do so, we use a \emph{cases lemma} derived for each type. For the terms in \eqref{letpat}
 this lemma is of the form
 \begin{equation}\label{weakcases}
 \infer{@{text "P\<^bsub>trm\<^esub>"}}
 {\begin{array}{l@ {\hspace{9mm}}l}
 result concerning this notion of alpha-equivalence and free variables. We
 have proved that our definitions lead to alpha-equated terms, whose support
 is as expected (that means bound names are removed from the support). We
 also showed that our specifications lift from ``raw'' types to types of
 alpha-equivalence classes. For this we had to establish (automatically) that every
-term-constructor and function is repectful w.r.t.~alpha-equivalence.
+term-constructor and function is respectful w.r.t.~alpha-equivalence.
 Although we were heavily inspired by the syntax of Ott, its definition of
 alpha-equi\-valence is unsuitable for our extension of Nominal
 Isabelle. First, it is far too complicated to be a basis for automated
 proofs implemented on the ML-level of Isabelle/HOL. Second, it covers cases

changeset 3015	4fafa8d219dc
parent 3014	e57c175d9214
child 3016	799769b40f0e