nominal2: comparison Pearl-jv/Paper.thy

equal deleted inserted replaced

-:7a6b87adebc8
+:66ef2a2c64fb
 section {* Introduction *}
 text {*
 Nominal Isabelle provides a proving infratructure for convenient reasoning
-about syntax involving binders, such as lambda terms or type schemes:
+about syntax involving binders, such as lambda terms or type schemes in Mini-ML:
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 @{text "\<lambda>x. t       \<forall>{x\<^isub>1,\<dots>, x\<^isub>n}. \<tau>"}
 \end{isabelle}
 datatype atom\<iota> = Atom\<iota> string nat
 text {*
 \noindent
-whereby the string argument specifies the sort of the atom.\footnote{A
+whereby the string argument specifies the sort of the
-similar design choice was made by Gunter et al \cite{GunterOsbornPopescu09}
+atom.\footnote{A similar design choice was made by Gunter et al
-for their variables.}  The use of type \emph{string} for sorts is merely for
+\cite{GunterOsbornPopescu09} for their variables.}  The use of type
-convenience; any countably infinite type would work as well.
+\emph{string} for sorts is merely for convenience; any countably
-The set of all atoms we shall write as @{term "UNIV::atom set"}.
+infinite type would work as well.  In what follows we shall write
-We have two auxiliary functions for atoms, namely @{text sort}
+@{term "UNIV::atom set"} for the set of all atoms.  We also have two
-and @{const nat_of} which are defined as
+auxiliary functions for atoms, namely @{text sort} and @{const
+nat_of} which are defined as
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
 @{thm (lhs) sort_of.simps[no_vars]} & @{text "\<equiv>"} & @{thm (rhs) sort_of.simps[no_vars]}\\
 @{thm (lhs) nat_of.simps[no_vars]} & @{text "\<equiv>"}  & @{thm (rhs) nat_of.simps[no_vars]}
 @{text "For a finite set of atoms S, there exists an atom a such that
 sort a = s and a \<notin> S"}.
 \end{proposition}
 For implementing sort-respecting permutations, we use functions of type @{typ
-"atom => atom"} that @{text "i)"} are bijective; @{text "ii)"} are the
+"atom => atom"} that are bijective; are the
-identity on all atoms, except a finite number of them; and @{text "iii)"} map
+identity on all atoms, except a finite number of them; and map
 each atom to one of the same sort. These properties can be conveniently stated
 in Isabelle/HOL for a function @{text \<pi>} as follows:
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{r@ {\hspace{4mm}}l}
 introduce a new type @{typ perm} that includes just those functions
 satisfying all three properties. For example the identity function,
 written @{term id}, is included in @{typ perm}. Also function composition,
 written  \mbox{@{text "_ \<circ> _"}}, and function inversion, given by Isabelle/HOL's
 inverse operator and written \mbox{@{text "inv _"}}, preserve the properties
-@{text "i"}-@{text "iii"}.
+(\ref{permtype}.@{text "i"}-@{text "iii"}).
 However, a moment of thought is needed about how to construct non-trivial
 permutations. In the nominal logic work it turned out to be most convenient
 to work with swappings, written @{text "(a b)"}.  In our setting the
 type of swappings must be
 @{text "(a a) = id"}
 \end{tabular}\hfill\numbered{swapeqs}
 \end{isabelle}
 \noindent
-are \emph{equal}. Another advantage of the function representation is that
+are \emph{equal} and can be used interchangeably. Another advantage of the function
-they form a (non-com\-mu\-ta\-tive) group provided we define
+representation is that they form a (non-com\-mu\-ta\-tive) group provided we define
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{10mm}}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
 @{thm (lhs) zero_perm_def[no_vars]} & @{text "\<equiv>"} & @{thm (rhs) zero_perm_def[no_vars]} &
 @{thm (lhs) plus_perm_def[where p="\<pi>\<^isub>1" and q="\<pi>\<^isub>2"]} & @{text "\<equiv>"} &
 Note that Isabelle/HOL defies standard conventions of mathematical notation
 by using additive syntax even for non-commutative groups.  Obviously,
 composition of permutations is not commutative in general; for example
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
-@{text "(a b) + (b c) \<noteq> (b c) + (a b)"}
+@{text "(a b) + (b c) \<noteq> (b c) + (a b)"}\;.
 \end{isabelle}
 \noindent
 But since the point of this paper is to implement the
 nominal theory as smoothly as possible in Isabelle/HOL, we tolerate
 the non-standard notation in order to reuse the existing libraries.
 A \emph{permutation operation}, written infix as @{text "\<pi> \<bullet> x"},
-applies a permutation @{text "\<pi>"} to an object @{text "x"} of type
+applies a permutation @{text "\<pi>"} to an object @{text "x"}.  This
-@{text \<beta>}, say.  This operation has the type
+operation has the type
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 @{text "_ \<bullet> _ :: perm \<Rightarrow> \<beta> \<Rightarrow> \<beta>"}
 \end{isabelle}
 \noindent
-and will be defined over the hierarchie of types.
+whereby @{text "\<beta>"} is a generic type for @{text x}. The definition of this operation will be
-Isabelle/HOL allows us to give a definition of this operation for
+given by in terms of `induction' over this generic type. The type-class mechanism
+of Isabelle/HOL \cite{Wenzel04} allows us to give a definition for
 `base' types, such as atoms, permutations, booleans and natural numbers:
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}l@ {\hspace{4mm}}l@ {}}
 atoms: & @{thm permute_atom_def[where p="\<pi>",no_vars, THEN eq_reflection]}\\
 & @{thm permute_list.simps(2)[where p="\<pi>", no_vars, THEN eq_reflection]}\\
 products: & @{thm permute_prod.simps[where p="\<pi>", no_vars, THEN eq_reflection]}\\
 \end{tabular}\hfill\numbered{permdefsconstrs}
 \end{isabelle}
-In order to reason abstractly about this operation,
+\noindent
-we use Isabelle/HOL's type classes~\cite{Wenzel04} and state the following two
+The type classes also allow us to reason abstractly about the permutation operation.
+For this we state the following two
 \emph{permutation properties}:
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}r@ {\hspace{4mm}}p{10cm}}
 i) & @{thm permute_zero[no_vars]}\\
 whenever the permutation properties hold for @{text x}. This property can
 be easily shown by unfolding the permutation operation for functions on
 the right-hand side, simplifying the beta-redex and eliminating the permutations
 in front of @{text x} using \eqref{cancel}.
-The use of type classes allows us to delegate much of the routine
+The main benefit of the use of type classes is that it allows us to delegate
-resoning involved in determining whether the permutation properties
+much of the routine resoning involved in determining whether the permutation properties
 are satisfied to Isabelle/HOL's type system: we only have to
 establish that base types satisfy them and that type-constructors
 preserve them. Isabelle/HOL will use this information and determine
 whether an object @{text x} with a compound type satisfies the
 permutation properties.  For this we define the notion of a
 @{text "t ::= c | x | t\<^isub>1 t\<^isub>2 | \<lambda>x. t"}
 \hfill\numbered{holterms}
 \end{isabelle}
 \noindent
-whereby @{text c} stands for constants and @{text x} for
+where @{text c} stands for constants and @{text x} for
-variables. We assume HOL-terms are fully typed, but for the sake of
+variables.
+We assume HOL-terms are fully typed, but for the sake of
 greater legibility we leave the typing information implicit.  We
 also assume the usual notions for free and bound variables of a
 HOL-term.  Furthermore, it is custom in HOL to regard terms as equal
 modulo alpha-, beta- and eta-equivalence.
 A  HOL-term @{text t} is \emph{equivariant} provided
 @{term "\<pi> \<bullet> t = t"} holds for all permutations @{text "\<pi>"}.
 \end{definition}
 \noindent
-We will primarily be interested in the cases where @{text t} is a constant, but
+In what follows we will primarily be interested in the cases where @{text t}
-of course there is no way to restrict this definition in Isabelle/HOL so that it
+is a constant, but of course there is no way in Isabelle/HOL to restrict
-applies to just constants.
+this definition to just these cases.
 There are a number of equivalent formulations for the equivariance
 property.  For example, assuming @{text t} is of permutation type @{text "\<alpha> \<Rightarrow>
 \<beta>"}, then equivariance can also be stated as
 the definition of the permutation operation for functions and
 simplify with the equation and the cancellation property shown in
 \eqref{cancel}. To see the other direction, we use
 \eqref{permutefunapp}. Similarly for HOL-terms that take more than
 one argument. The point to note is that equivariance and equivariance in fully
-applied form are always interderivable.
+applied form are (for permutation types) always interderivable.
 Both formulations of equivariance have their advantages and
 disadvantages: \eqref{altequivariance} is usually more convenient to
 establish, since statements in Isabelle/HOL are commonly given in a
 form where functions are fully applied. For example we can easily
 show that equality is equivariant
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}l}
 @{thm eq_eqvt[where p="\<pi>", no_vars]}
-\end{tabular}
+\end{tabular}\hfill\numbered{eqeqvt}
 \end{isabelle}
 \noindent
 using the permutation operation on booleans and property
-\eqref{permuteequ}.  Lemma~\ref{permutecompose} establishes that the
+\eqref{permuteequ}.
+Lemma~\ref{permutecompose} establishes that the
 permutation operation is equivariant. The permutation operation for
 lists and products, shown in \eqref{permdefsconstrs}, state that the
 constructors for products, @{text "Nil"} and @{text Cons} are
 equivariant. Furthermore a simple calculation will show that our
 swapping functions are equivariant, that is
 \noindent
 for all @{text a}, @{text b} and @{text \<pi>}. Also the booleans
 @{const True} and @{const False} are equivariant by the definition
 of the permutation operation for booleans. It is easy to see
 that the boolean operators, like @{text "\<and>"}, @{text "\<or>"}, @{text
-"\<not>"} and @{text "\<longrightarrow>"}, are all equivariant too. (see ??? intro)
+"\<not>"} and @{text "\<longrightarrow>"}, are equivariant too; for example we have
+\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
+\begin{tabular}{@ {}lcl}
+@{text "\<pi> \<bullet> (A \<and> B) = (\<pi> \<bullet> A) \<and> (\<pi> \<bullet> B)"}\\
+@{text "\<pi> \<bullet> (A \<longrightarrow> B) = (\<pi> \<bullet> A) \<longrightarrow> (\<pi> \<bullet> B)"}\\
+\end{tabular}
+\end{isabelle}
+\noindent
+by the definition of the permutation operation acting on booleans.
 In contrast, the advantage of Definition \ref{equivariance} is that
-it leads to a relatively simple rewrite system that allows us to `push' a permutation,
+it leads to a relatively simple rewrite system that allows us to `push' a permutation
-say @{text \<pi>}, towards the leaves of a HOL-term (i.e.~constants and
+towards the leaves of a HOL-term (i.e.~constants and
 variables).  Then the permutation disappears in cases where the
-constants are equivariant, since by Definition \ref{equivariance} we
+constants are equivariant. We have implemented this rewrite system
-have @{term "\<pi> \<bullet> c = c"}. What we will show next is that for a HOL-term
+as a simplification tactic on the ML-level of Isabelle/HOL.  Having this tactic
-@{term t} containing only equivariant constants, a permutation can be pushed
+at our disposal, together with a collection of constants for which
-inside this term and the only instances remaining are in front of
+equivariance is already established, we can automatically establish
-the free variables of @{text t}. We can only show this by a meta-argument,
+equivariance of a constant for which equivariance is not yet known. For this we only have to
-that means one we cannot formalise inside Isabelle/HOL. But we can invoke
+make sure that the definiens of this constant
-it in form of a tactic programmed on the ML-level of Isabelle/HOL.
+is a HOL-term whose constants are all equivariant.  In what follows
-This tactic is a rewrite systems consisting of `oriented' equations.
+we shall specify this tactic and argue that it terminates and
+is correct (in the sense of pushing a
-A permutation @{text \<pi>} can be
+permutation @{text "\<pi>"} inside a term and the only remaining
-pushed into applications and abstractions as follows
+instances of @{text "\<pi>"} are in front of the term's free variables).
-\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
+The simplifiaction tactic is a rewrite systems consisting of four `oriented'
-\begin{tabular}{@ {}lrcl}
+equations. We will first give a naive version of this tactic, which however
-i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$
+is in some cornercases incorrect and does not terminate, and then modify
-& @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\
+it in order to obtain the desired properties. A permutation @{text \<pi>} can
-ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\<lambda>x. \<pi> \<bullet> (t[x :=  (-\<pi>) \<bullet> x])"}\\
+be pushed into applications and abstractions as follows
+\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
+\begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l}
+i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\
+ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x :=  (-\<pi>) \<bullet> x])"}\\
 \end{tabular}\hfill\numbered{rewriteapplam}
 \end{isabelle}
 \noindent
-The first rule we established in \eqref{permutefunapp};
+The first equation we established in \eqref{permutefunapp};
 the second follows from the definition of permutations acting on functions
 and the fact that HOL-terms are equal modulo beta-equivalence.
 Once the permutations are pushed towards the leaves we need the
-following two rules
+following two equations
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
-\begin{tabular}{@ {}lrcl}
+\begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l}
-iii) & @{term "\<pi> \<bullet> (- \<pi>) \<bullet> x"} & $\stackrel{\rightharpoonup}{=}$ & @{term "x"}\\
+iii) & @{term "\<pi> \<bullet> (- \<pi>) \<bullet> x"} & \rrh & @{term "x"}\\
-iv) &  @{term "\<pi> \<bullet> c"} & $\stackrel{\rightharpoonup}{=}$ &
+iv) &  @{term "\<pi> \<bullet> c"} & \rrh &
-@{term "c"}\hspace{6mm}provided @{text c} is equivariant\\
+{\rm @{term "c"}\hspace{6mm}provided @{text c} is equivariant}\\
 \end{tabular}\hfill\numbered{rewriteother}
 \end{isabelle}
 \noindent
-in order to remove permuations in front of bound variables and equivariant constants.
+in order to remove permuations in front of bound variables and
+equivariant constants.  Unfortunately, we have to be careful with
-In order to obtain a terminating rewrite system, we have to be
+the rules {\it i)} and {\it iv}): they can lead to a loop whenever
-careful with rule ({\it i}). It can lead to a loop whenever
+\mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "((op \<bullet>) \<pi>') t"}. Note
-\mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "\<pi>' \<bullet> t'"}. Consider
+that we usually write this application using infix notation as
-for example the infinite reduction sequence
+@{text "\<pi> \<bullet> t"} and recall that by Lemma \ref{permutecompose} the
+constant @{text "(op \<bullet>)"} is equivariant. Now consider the infinite
+reduction sequence
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}l}
-@{text "\<pi> \<bullet> (\<pi>' \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\
+@{text "\<pi> \<bullet> (\<pi>' \<bullet> t)"}
-@{text "(\<pi> \<bullet> \<pi>') \<bullet> (\<pi> \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\
+$\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$
-@{text "((\<pi> \<bullet> \<pi>') \<bullet> \<pi>) \<bullet> ((\<pi> \<bullet> \<pi>') \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots$\\
+@{text "(\<pi> \<bullet> \<pi>') \<bullet> (\<pi> \<bullet> t)"}
+$\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$
+@{text "((\<pi> \<bullet> \<pi>') \<bullet> \<pi>) \<bullet> ((\<pi> \<bullet> \<pi>') \<bullet> t)"}~~\ldots%
 \end{tabular}
 \end{isabelle}
 \noindent
-where the last step is again an instance of the first term, but it is
+where the last step is again an instance of the first term, but it
-bigger (note that for the permutation operation we have that @{text
+is bigger.  To avoid this loop we need to apply our rewrite rule
-"\<pi> \<bullet> (op \<bullet>) = (op \<bullet>)"} since as shown in Lemma \ref{permutecompose}
+using an `outside to inside' strategy.  This strategy is sufficient
-\mbox{@{text "(op \<bullet>)"}} is equivariant). In order to avoid this loop
+since we are only interested of rewriting terms of the form @{term
-we need to apply these rules using an `outside to inside' strategy.
+"\<pi> \<bullet> t"}, where an outermost permutation needs to pushed inside a term.
-This strategy is sufficient since we are only interested of rewriting
-terms of the form @{term "\<pi> \<bullet> t"}.
+Another problem we have to avoid is that the rules {\it i)} and
+{\it iii)} can `overlap'. For this note that
-Another problem we have to avoid is that the rules ({\it i}) and
+the term @{term "\<pi> \<bullet>(\<lambda>x. x)"} reduces by {\it ii)} to
-({\it iii}) can `overlap'. For this note that
+@{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet> x"}, to which we can apply rule {\it iii)}
-the term @{term "\<pi> \<bullet>(\<lambda>x. x)"} reduces to @{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet>
+in order to obtain @{term "\<lambda>x. x"}, as is desired---there is no
-x"}, to which we can apply rule ({\it iii}) in order to obtain
+free variable in the original term and so the permutation should completely
-@{term "\<lambda>x. x"}, as is desired.  However, the subterm term @{text
+vanish. However, the subterm @{text
 "(- \<pi>) \<bullet> x"} is also an application. Consequently, the term
 @{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet>x"} can reduce to @{text "\<lambda>x. (- (\<pi> \<bullet> \<pi>)) \<bullet> (\<pi> \<bullet> x)"} using
-({\it i}).  Now we cannot apply rule ({\it iii}) anymore and even
+{\it i)}.  Given our strategy we cannot apply rule {\it iii)} anymore and
-worse the measure we will introduce shortly increases. On the
+even worse the measure we will introduce shortly increased. On the
-other hand, if we started with the term @{text "\<pi> \<bullet> ((- \<pi>) \<bullet> x)"}
+other hand, if we had started with the term @{text "\<pi> \<bullet> ((- \<pi>) \<bullet> x)"}
-where @{text \<pi>} and @{text x} are free variables, then we do
+where @{text \<pi>} and @{text x} are free variables, then we \emph{do}
-want to apply rule  ({\it i}), rather than rule ({\it iii}) which
+want to apply rule  {\it i)} and not rule {\it iii)}. The latter
-would eliminate @{text \<pi>} completely. This is a problem because we
+would eliminate @{text \<pi>} completely. The problem is that rule {\it iii)}
-want to keep the shape of the HOL-term intact during rewriting.
+should only apply to instances where the variable is to bound; for free variables
-As a remedy we use a standard trick in HOL: we introduce
+we want to use {\it ii)}.
-a separate definition for terms of the form @{text "(- \<pi>) \<bullet> x"},
-namely as
+The problem is that in order to distinguish both cases when
+inductively taking a term `apart', we have to maintain the
+information which variable is bound. This, unfortunately, does not
+mesh well with the way how simplification tactics are implemented in
+Isabelle/HOL. Our remedy is to use a standard trick in HOL: we
+introduce a separate definition for terms of the form @{text "(- \<pi>)
+\<bullet> x"}, namely as
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 @{term "unpermute \<pi> x \<equiv> (- \<pi>) \<bullet> x"}
 \end{isabelle}
 \noindent
-The point is that we will always start with a term that does not
+The point is that now we can formulate the rewrite rules as follows
-contain any @{text unpermutes}.  With this trick we can reformulate
-our rewrite rules as follows
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 \begin{tabular}{@ {}lrcl}
-i') & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ &
+i') & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh &
 @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\hspace{45mm}\mbox{}\\
-\multicolumn{4}{r}{provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \<pi> x"}}\smallskip\\
+\multicolumn{4}{r}{\rm provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \<pi> x"}}\smallskip\\
-ii') & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\<lambda>x. \<pi> \<bullet> (t[x := unpermute \<pi> x])"}\\
+ii') & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x := unpermute \<pi> x])"}\\
-iii') & @{text "\<pi> \<bullet> (unpermute \<pi> x)"} & $\stackrel{\rightharpoonup}{=}$ & @{term x}\\
+iii') & @{text "\<pi> \<bullet> (unpermute \<pi> x)"} & \rrh & @{term x}\\
-iv') &  @{term "\<pi> \<bullet> c"} & $\stackrel{\rightharpoonup}{=}$ & @{term "c"}
+iv') &  @{term "\<pi> \<bullet> c"} & \rrh & @{term "c"}
-\hspace{6mm}provided @{text c} is equivariant\\
+\hspace{6mm}{\rm provided @{text c} is equivariant}\\
 \end{tabular}
 \end{isabelle}
 \noindent
-None of these rules overlap. To see that the permutation on the
+and @{text unpermutes} are only generated in case of bound variables.
-right-hand side is applied to a smaller term, we take the measure
+Clearly none of these rules overlap. Moreover, given our
-consisting of lexicographically ordered pairs whose first component
+outside-to-inside strategy, they terminate. To see this, notice that
-is the size of a term (without counting @{text unpermutes}) and the
+the permutation on the right-hand side of the rewrite rules is
-second is the number of occurences of @{text "unpermute \<pi> x"} and
+always applied to a smaller term, provided we take the measure consisting
-@{text "\<pi> \<bullet> c"}. This means the process of applying these rules
+of lexicographically ordered pairs whose first component is the size
-with our `outside-to-inside' strategy must terminate.
+of a term (counting terms of the form @{text "unpermute \<pi> x"} as
+leaves) and the second is the number of occurences of @{text
-With the rewriting system in plcae, we are able to establish the
+"unpermute \<pi> x"} and @{text "\<pi> \<bullet> c"}.
-fact that for a HOL-term @{text t} whose constants are all equivariant,
-the HOL-term @{text "\<pi> \<bullet> t"} is equal to @{text "t'"} wherby
+With the definition of the simplification tactic in place, we can
-@{text "t'"} is equal to @{text t} except that every free variable
+establish its correctness. The property we are after is that for for
-@{text x} of @{text t} is replaced by @{text "\<pi> \<bullet> x"}.  Pitts calls
+a HOL-term @{text t} whose constants are all equivariant, the
-this fact \emph{equivariance principle}. In our setting the precise
+HOL-term @{text "\<pi> \<bullet> t"} is equal to @{text "t'"} with @{text "t'"}
-statement of this fact is a bit more involved because of the fact
+being equal to @{text t} except that every free variable @{text x}
-that @{text unpermute} needs to be treated specially.
+in @{text t} is replaced by @{text "\<pi> \<bullet> x"}.  Pitts calls this
+property \emph{equivariance principle} (book ref ???). In our
+setting the precise statement of this property is a slightly more
+involved because of the fact that @{text unpermutes} needs to be
+treated specially.
 \begin{theorem}[Equivariance Principle]
 Suppose a HOL-term @{text t} does not contain any @{text unpermutes} and all
 its constants are equivariant. For any permutation @{text \<pi>}, let @{text t'}
 be the HOL-term @{text t} except every free variable @{text x} in @{term t} is
 \begin{lemma}
 For an equivariant HOL-term @{text "t"},  @{term "\<pi> \<bullet> t = t"} for all permutations @{term "\<pi>"}.
 \end{lemma}
-\begin{proof}
+Let us now see how to use the equivariance principle. We have
-By induction on the grammar of HOL-terms. The case for variables cannot arise since
-equivariant HOL-terms are closed. The case for constants is clear by Definition
-\ref{equivariance}. The case for applications is also straightforward since by
-\eqref{permutefunapp} we have @{term "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2) = (\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}.
-For the case of abstractions we can reason as follows
-\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
-\begin{tabular}[b]{@ {}c@ {\hspace{2mm}}l@ {\hspace{8mm}}l}
-& @{text "\<pi> \<bullet> (\<lambda>x. t)"}\\
-@{text "\<equiv>"} & @{text "\<lambda>y. \<pi> \<bullet> ((\<lambda>x. t) ((-\<pi>) \<bullet> y))"} & by \eqref{permdefsconstrs}\\
-\end{tabular}\hfill\qed
-\end{isabelle}
-\end{proof}
-database of equivariant functions
-Such a rewrite system is often very helpful
-in determining whether @{text "\<pi> \<bullet> t = t"} holds for a compound term @{text t}. ???
-For this we have implemented in Isabelle/HOL a
-database of equivariant constants that can be used to rewrite
-HOL-terms.
 *}
 section {* Support and Freshness *}

changeset 2771	66ef2a2c64fb
parent 2761	64a03564bc24
child 2772	c3ff26204d2a