433 \end{isabelle} |
433 \end{isabelle} |
434 \end{proof} |
434 \end{proof} |
435 |
435 |
436 \noindent |
436 \noindent |
437 Note that the permutation operation for functions is defined so that |
437 Note that the permutation operation for functions is defined so that |
438 we have for applications the property |
438 we have for applications the equation |
439 |
439 |
440 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
440 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
441 @{text "\<pi> \<bullet> (f x) ="} |
441 @{text "\<pi> \<bullet> (f x) ="} |
442 @{thm (rhs) permute_fun_app_eq[where p="\<pi>", no_vars]} |
442 @{thm (rhs) permute_fun_app_eq[where p="\<pi>", no_vars]} |
443 \hfill\numbered{permutefunapp} |
443 \hfill\numbered{permutefunapp} |
444 \end{isabelle} |
444 \end{isabelle} |
445 |
445 |
446 \noindent |
446 \noindent |
447 whenever the permutation properties hold for @{text x}. This property can |
447 whenever the permutation properties hold for @{text x}. This equation can |
448 be easily shown by unfolding the permutation operation for functions on |
448 be easily shown by unfolding the permutation operation for functions on |
449 the right-hand side, simplifying the beta-redex and eliminating the permutations |
449 the right-hand side, simplifying the beta-redex and eliminating the permutations |
450 in front of @{text x} using \eqref{cancel}. |
450 in front of @{text x} using \eqref{cancel}. |
451 |
451 |
452 The main benefit of the use of type classes is that it allows us to delegate |
452 The main benefit of the use of type classes is that it allows us to delegate |
453 much of the routine resoning involved in determining whether the permutation properties |
453 much of the routine resoning involved in determining whether the permutation properties |
454 are satisfied to Isabelle/HOL's type system: we only have to |
454 are satisfied to Isabelle/HOL's type system: we only have to |
455 establish that base types satisfy them and that type-constructors |
455 establish that base types satisfy them and that type-constructors |
456 preserve them. Isabelle/HOL will use this information and determine |
456 preserve them. Isabelle/HOL will use this information and determine |
457 whether an object @{text x} with a compound type satisfies the |
457 whether an object @{text x} with a compound type, like @{typ "atom \<Rightarrow> (atom set * nat)"}, satisfies the |
458 permutation properties. For this we define the notion of a |
458 permutation properties. For this we define the notion of a |
459 \emph{permutation type}: |
459 \emph{permutation type}: |
460 |
460 |
461 \begin{definition}[Permutation type] |
461 \begin{definition}[Permutation type] |
462 A type @{text "\<beta>"} is a \emph{permutation type} if the permutation |
462 A type @{text "\<beta>"} is a \emph{permutation type} if the permutation |
544 the definition of the permutation operation for functions and |
544 the definition of the permutation operation for functions and |
545 simplify with the equation and the cancellation property shown in |
545 simplify with the equation and the cancellation property shown in |
546 \eqref{cancel}. To see the other direction, we use |
546 \eqref{cancel}. To see the other direction, we use |
547 \eqref{permutefunapp}. Similarly for HOL-terms that take more than |
547 \eqref{permutefunapp}. Similarly for HOL-terms that take more than |
548 one argument. The point to note is that equivariance and equivariance in fully |
548 one argument. The point to note is that equivariance and equivariance in fully |
549 applied form are (for permutation types) always interderivable. |
549 applied form are always interderivable (for permutation types). |
550 |
550 |
551 Both formulations of equivariance have their advantages and |
551 Both formulations of equivariance have their advantages and |
552 disadvantages: \eqref{altequivariance} is usually more convenient to |
552 disadvantages: \eqref{altequivariance} is usually more convenient to |
553 establish, since statements in Isabelle/HOL are commonly given in a |
553 establish, since statements in HOL are commonly given in a |
554 form where functions are fully applied. For example we can easily |
554 form where functions are fully applied. For example we can easily |
555 show that equality is equivariant |
555 show that equality is equivariant |
556 |
556 |
557 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
557 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
558 \begin{tabular}{@ {}l} |
558 \begin{tabular}{@ {}l} |
577 \end{isabelle} |
577 \end{isabelle} |
578 |
578 |
579 \noindent |
579 \noindent |
580 for all @{text a}, @{text b} and @{text \<pi>}. Also the booleans |
580 for all @{text a}, @{text b} and @{text \<pi>}. Also the booleans |
581 @{const True} and @{const False} are equivariant by the definition |
581 @{const True} and @{const False} are equivariant by the definition |
582 of the permutation operation for booleans. It is easy to see |
582 of the permutation operation for booleans. Given this definition, it |
583 that the boolean operators, like @{text "\<and>"}, @{text "\<or>"}, @{text |
583 is also easy to see that the boolean operators, like @{text "\<and>"}, |
584 "\<not>"} and @{text "\<longrightarrow>"}, are equivariant too; for example we have |
584 @{text "\<or>"}, @{text "\<longrightarrow>"} and @{text "\<not>"} are equivariant too: |
585 |
585 |
586 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
586 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
587 \begin{tabular}{@ {}lcl} |
587 \begin{tabular}{@ {}lcl} |
588 @{text "\<pi> \<bullet> (A \<and> B) = (\<pi> \<bullet> A) \<and> (\<pi> \<bullet> B)"}\\ |
588 @{text "\<pi> \<bullet> (A \<and> B) = (\<pi> \<bullet> A) \<and> (\<pi> \<bullet> B)"}\\ |
|
589 @{text "\<pi> \<bullet> (A \<or> B) = (\<pi> \<bullet> A) \<or> (\<pi> \<bullet> B)"}\\ |
589 @{text "\<pi> \<bullet> (A \<longrightarrow> B) = (\<pi> \<bullet> A) \<longrightarrow> (\<pi> \<bullet> B)"}\\ |
590 @{text "\<pi> \<bullet> (A \<longrightarrow> B) = (\<pi> \<bullet> A) \<longrightarrow> (\<pi> \<bullet> B)"}\\ |
|
591 @{text "\<pi> \<bullet> (\<not>A) = \<not>(\<pi> \<bullet> A)"}\\ |
590 \end{tabular} |
592 \end{tabular} |
591 \end{isabelle} |
593 \end{isabelle} |
592 |
|
593 \noindent |
|
594 by the definition of the permutation operation acting on booleans. |
|
595 |
594 |
596 In contrast, the advantage of Definition \ref{equivariance} is that |
595 In contrast, the advantage of Definition \ref{equivariance} is that |
597 it leads to a relatively simple rewrite system that allows us to `push' a permutation |
596 it leads to rewrite system that allows us to |
598 towards the leaves of a HOL-term (i.e.~constants and |
597 `push' a permutation towards the leaves of a HOL-term |
599 variables). Then the permutation disappears in cases where the |
598 (i.e.~constants and variables). Then the permutation disappears in |
600 constants are equivariant. We have implemented this rewrite system |
599 cases where the constants are equivariant. This can be stated more |
601 as a simplification tactic on the ML-level of Isabelle/HOL. Having this tactic |
600 formally as the following \emph{equivariance principle}: |
602 at our disposal, together with a collection of constants for which |
601 |
603 equivariance is already established, we can automatically establish |
602 \begin{theorem}[Equivariance Principle]\label{eqvtprin} |
604 equivariance of a constant for which equivariance is not yet known. For this we only have to |
603 Suppose a HOL-term @{text t} whose constants are all equivariant. For any |
605 make sure that the definiens of this constant |
604 permutation @{text \<pi>}, let @{text t'} be the HOL-term @{text t} except every |
606 is a HOL-term whose constants are all equivariant. In what follows |
605 free variable @{text x} in @{term t} is replaced by @{text "\<pi> \<bullet> x"}, then |
607 we shall specify this tactic and argue that it terminates and |
606 @{text "\<pi> \<bullet> t = t'"}. |
608 is correct (in the sense of pushing a |
607 \end{theorem} |
609 permutation @{text "\<pi>"} inside a term and the only remaining |
608 |
610 instances of @{text "\<pi>"} are in front of the term's free variables). |
609 \noindent |
611 |
610 The significance of this principle is that we can automatically establish |
612 The simplifiaction tactic is a rewrite systems consisting of four `oriented' |
611 the equivariance of a constant for which equivariance is not yet |
613 equations. We will first give a naive version of this tactic, which however |
612 known. For this we only have to make sure that the definiens of this |
614 is in some cornercases incorrect and does not terminate, and then modify |
613 constant is a HOL-term whose constants are all equivariant. For example |
615 it in order to obtain the desired properties. A permutation @{text \<pi>} can |
614 the universal quantifier @{text "All"}, also written @{text "\<forall>"}, is |
616 be pushed into applications and abstractions as follows |
615 of type @{text "(\<alpha> \<Rightarrow> bool) \<Rightarrow> bool"} and in HOL is definied as |
|
616 |
|
617 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
618 @{thm All_def[no_vars]} |
|
619 \end{isabelle} |
|
620 |
|
621 \noindent |
|
622 Now @{text All} must be equivariant, because by the equivariance |
|
623 principle we only have to test whether the contants in the HOL-term |
|
624 @{thm (rhs) All_def[no_vars]}, namely @{text "="} and @{text |
|
625 "True"}, are equivariant. We shown this above. Taking all equations |
|
626 together, we can establish |
|
627 |
|
628 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
629 @{text "\<pi> \<bullet> (All P) \<equiv> \<pi> \<bullet> (P = (\<lambda>x. True)) = ((\<pi> \<bullet> P) = (\<lambda>x. True)) \<equiv> All (\<pi> \<bullet> P)"} |
|
630 \end{isabelle} |
|
631 |
|
632 \noindent |
|
633 where the equation in the `middle' is given by Theorem~\ref{eqvtprin}. |
|
634 As a consequence, the constant @{text "All"} is equivariant. Given this |
|
635 fact we can further show that the existential quantifier @{text Ex}, |
|
636 written also as @{text "\<exists>"}, is equivariant, since it is defined as |
|
637 |
|
638 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
639 @{thm Ex_def[no_vars]} |
|
640 \end{isabelle} |
|
641 |
|
642 \noindent |
|
643 and the HOL-term on the right-hand side contains equivariant constants only |
|
644 (namely @{text "\<forall>"} and @{text "\<longrightarrow>"}). In this way we can establish step by step |
|
645 equivariance for constants in HOL. |
|
646 |
|
647 In order to establish Theorem~\ref{eqvtprin}, we use a rewrite system |
|
648 consisting of a series of equalities |
|
649 |
|
650 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
651 @{text "\<pi> \<cdot> t = ... = t'"} |
|
652 \end{isabelle} |
|
653 |
|
654 \noindent |
|
655 that establish the equality between @{term "\<pi> \<bullet> t"} and @{text |
|
656 "t'"}. We have implemented this rewrite system as a conversion |
|
657 tactic on the ML-level of Isabelle/HOL. |
|
658 We shall next specify this tactic and show that it terminates and is |
|
659 correct (in the sense of pushing a permutation @{text "\<pi>"} inside a |
|
660 term and the only remaining instances of @{text "\<pi>"} are in front of |
|
661 the term's free variables). The tactic applies four `oriented' |
|
662 equations. We will first give a naive version of this tactic, which |
|
663 however in some cornercases produces incorrect resolts or does not |
|
664 terminate. We then give a modification it in order to obtain the |
|
665 desired properties. A permutation @{text \<pi>} can be pushed into |
|
666 applications and abstractions as follows |
617 |
667 |
618 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
668 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
619 \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} |
669 \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} |
620 i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\ |
670 i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\ |
621 ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x := (-\<pi>) \<bullet> x])"}\\ |
671 ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x := (-\<pi>) \<bullet> x])"}\\ |