87 which states that two lists are equivalent if every element in one list is |
88 which states that two lists are equivalent if every element in one list is |
88 also member in the other. The empty finite set, written @{term "{||}"}, can |
89 also member in the other. The empty finite set, written @{term "{||}"}, can |
89 then be defined as the empty list and the union of two finite sets, written |
90 then be defined as the empty list and the union of two finite sets, written |
90 @{text "\<union>"}, as list append. |
91 @{text "\<union>"}, as list append. |
91 |
92 |
92 An area where quotients are ubiquitous is reasoning about programming language |
93 Quotients are important in a variety of areas, but they are ubiquitous in |
93 calculi. A simple example is the lambda-calculus, whose raw terms are defined as |
94 the area of reasoning about programming language calculi. A simple example |
|
95 is the lambda-calculus, whose raw terms are defined as |
|
96 |
94 |
97 |
95 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
98 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
96 @{text "t ::= x | t t | \<lambda>x.t"}\hfill\numbered{lambda} |
99 @{text "t ::= x | t t | \<lambda>x.t"}\hfill\numbered{lambda} |
97 \end{isabelle} |
100 \end{isabelle} |
98 |
101 |
254 and preservation; Section \ref{sec:lift} describes the lifting of theorems, |
260 and preservation; Section \ref{sec:lift} describes the lifting of theorems, |
255 and Section \ref{sec:conc} concludes and compares our results to existing |
261 and Section \ref{sec:conc} concludes and compares our results to existing |
256 work. |
262 work. |
257 *} |
263 *} |
258 |
264 |
259 |
|
260 section {* Preliminaries and General Quotients\label{sec:prelims} *} |
265 section {* Preliminaries and General Quotients\label{sec:prelims} *} |
261 |
266 |
262 text {* |
267 text {* |
263 We describe here briefly some of the most basic concepts of HOL |
268 We describe here briefly the most basic notions of HOL we rely on, and |
264 we rely on and some of the important definitions given by Homeier |
269 the important definitions given by Homeier for quotients \cite{Homeier05}. |
265 \cite{Homeier05}. |
270 |
266 |
271 At its core HOL is based on a simply-typed term language, where types are |
267 HOL is based on a simply-typed term-language, where types are |
272 recorded in Church-style fashion (that means, we can infer the type of |
268 annotated in Church-style (that is we can obtain immediately |
273 a term and its subterms without any additional information). The grammars |
269 infer the type of term and its subterms). |
274 for types and terms are as follows |
270 |
275 |
271 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
276 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
272 \begin{tabular}{@ {}rl@ {\hspace{3mm}}l@ {}} |
277 \begin{tabular}{@ {}rl@ {\hspace{3mm}}l@ {}} |
273 @{text "\<sigma>, \<tau> ::="} & @{text "\<alpha> | (\<sigma>,\<dots>, \<sigma>) \<kappa>"} & (type variables and type constructors)\\ |
278 @{text "\<sigma>, \<tau> ::="} & @{text "\<alpha> | (\<sigma>,\<dots>, \<sigma>) \<kappa>"} & (type variables and type constructors)\\ |
274 @{text "t, s ::="} & @{text "x\<^isup>\<sigma> | c\<^isup>\<sigma> | t t | \<lambda>x\<^isup>\<sigma>. t"} & |
279 @{text "t, s ::="} & @{text "x\<^isup>\<sigma> | c\<^isup>\<sigma> | t t | \<lambda>x\<^isup>\<sigma>. t"} & |
276 \end{tabular} |
281 \end{tabular} |
277 \end{isabelle} |
282 \end{isabelle} |
278 |
283 |
279 \noindent |
284 \noindent |
280 We often write just @{text \<kappa>} for @{text "() \<kappa>"}, and use @{text "\<alpha>s"} and |
285 We often write just @{text \<kappa>} for @{text "() \<kappa>"}, and use @{text "\<alpha>s"} and |
281 @{text "\<sigma>s"} to stand for list of type variables and types, respectively. |
286 @{text "\<sigma>s"} to stand for collections of type variables and types, |
282 The type of a term is often made explicit by writing @{text "t :: \<sigma>"} HOL |
287 respectively. The type of a term is often made explicit by writing @{text |
283 contains a type @{typ bool} for booleans and the function type, written |
288 "t :: \<sigma>"}. HOL contains a type @{typ bool} for booleans and the function |
284 @{text "\<sigma> \<Rightarrow> \<tau>"}. |
289 type, written @{text "\<sigma> \<Rightarrow> \<tau>"}. HOL also contains |
285 |
290 many primitive and defined constants; for example equality @{text "= :: \<sigma> \<Rightarrow> |
286 |
291 \<sigma> \<Rightarrow> bool"} and the identity function @{text "id :: \<sigma> => \<sigma>"} (the former |
287 |
292 being primitive and the latter being defined as @{text |
288 \begin{definition}[Quotient] |
293 "\<lambda>x\<^sup>\<sigma>. x\<^sup>\<sigma>"}). |
289 A relation $R$ with an abstraction function $Abs$ |
294 |
290 and a representation function $Rep$ is a \emph{quotient} |
295 An important point to note is that theorems in HOL can be seen as a subset |
291 if and only if: |
296 of terms that are constructed specially (namely through axioms and prove |
292 |
297 rules). As a result we are able later on to define automatic proof |
|
298 procedures showing that one theorem implies another by decomposing the term |
|
299 underlying the first theorem. |
|
300 |
|
301 Like Homeier, our work relies on map-functions defined for every type constructor, |
|
302 like @{text map} for lists. Homeier describes others for products, sums, |
|
303 options and also the following map for function types |
|
304 |
|
305 @{thm [display, indent=10] fun_map_def[no_vars, THEN eq_reflection]} |
|
306 |
|
307 \noindent |
|
308 Using this map-function, we can give the following, equivalent, but more |
|
309 uniform, definition for @{text add} shown in \eqref{adddef}: |
|
310 |
|
311 @{text [display, indent=10] "add \<equiv> (Rep_int \<singlearr> Rep_int \<singlearr> Abs_int) add_pair"} |
|
312 |
|
313 \noindent |
|
314 We will sometimes refer to a map-function defined for a type-constructor @{text \<kappa>} |
|
315 as @{text "map_\<kappa>"}. |
|
316 |
|
317 It will also be necessary to have operators, referred to as @{text "rel_\<kappa>"}, |
|
318 which define equivalence relations in terms of constituent equivalence |
|
319 relations. For example given two equivalence relations @{text "R\<^isub>1"} |
|
320 and @{text "R\<^isub>2"}, we can define an equivalence relations over |
|
321 products as follows |
|
322 % |
|
323 @{text [display, indent=10] "(R\<^isub>1 \<tripple> R\<^isub>2) (x\<^isub>1, x\<^isub>2) (y\<^isub>1, y\<^isub>2) \<equiv> R\<^isub>1 x\<^isub>1 y\<^isub>1 \<and> R\<^isub>2 x\<^isub>2 y\<^isub>2"} |
|
324 |
|
325 \noindent |
|
326 Similarly, Homeier defines the following operator for defining equivalence |
|
327 relations over function types: |
|
328 % |
|
329 @{thm [display, indent=10] fun_rel_def[of "R\<^isub>1" "R\<^isub>2", no_vars, THEN eq_reflection]} |
|
330 |
|
331 The central definition in Homeier's work \cite{Homeier05} relates equivalence |
|
332 relations, abstraction and representation functions: |
|
333 |
|
334 \begin{definition}[Quotient Types] |
|
335 Given a relation $R$, an abstraction function $Abs$ |
|
336 and a representation function $Rep$, the predicate @{term "Quotient R Abs Rep"} |
|
337 means |
293 \begin{enumerate} |
338 \begin{enumerate} |
294 \item @{thm (rhs1) Quotient_def[of "R", no_vars]} |
339 \item @{thm (rhs1) Quotient_def[of "R", no_vars]} |
295 \item @{thm (rhs2) Quotient_def[of "R", no_vars]} |
340 \item @{thm (rhs2) Quotient_def[of "R", no_vars]} |
296 \item @{thm (rhs3) Quotient_def[of "R", no_vars]} |
341 \item @{thm (rhs3) Quotient_def[of "R", no_vars]} |
297 \end{enumerate} |
342 \end{enumerate} |
298 |
|
299 \end{definition} |
343 \end{definition} |
300 |
344 |
301 \begin{definition}[Relation map and function map]\\ |
345 \noindent |
302 @{thm fun_rel_def[of "R1" "R2", no_vars]}\\ |
346 The value of this definition is that validity of @{text Quotient} can be |
303 @{thm fun_map_def[no_vars]} |
347 proved in terms of the validity of @{text "Quotient"} over the constituent types. |
|
348 For example Homeier proves the following property for higher-order quotient |
|
349 types: |
|
350 |
|
351 \begin{proposition}[Function Quotient]\label{funquot} |
|
352 @{thm[mode=IfThen] fun_quotient[where ?R1.0="R\<^isub>1" and ?R2.0="R\<^isub>2" |
|
353 and ?abs1.0="Abs\<^isub>1" and ?abs2.0="Abs\<^isub>2" and ?rep1.0="Rep\<^isub>1" and ?rep2.0="Rep\<^isub>2"]} |
|
354 \end{proposition} |
|
355 |
|
356 \noindent |
|
357 We will heavily rely on this part of Homeier's work including an extension |
|
358 to deal with compositions of equivalence relations defined as follows |
|
359 |
|
360 \begin{definition}[Composition of Relations] |
|
361 @{abbrev "rel_conj R\<^isub>1 R\<^isub>2"} where @{text "\<circ>\<circ>"} is the predicate |
|
362 composition defined by the rule |
|
363 % |
|
364 @{thm [mode=Rule, display, indent=10] pred_compI[of "R\<^isub>1" "x" "y" "R\<^isub>2" "z"]} |
304 \end{definition} |
365 \end{definition} |
305 |
366 |
306 The main theorems for building higher order quotients is: |
367 \noindent |
307 \begin{lemma}[Function Quotient] |
368 Unfortunately, restrictions in HOL's type-system prevent us from stating |
308 If @{thm (prem 1) fun_quotient[no_vars]} and @{thm (prem 2) fun_quotient[no_vars]} |
369 and proving a quotient type theorem, like \ref{funquot}, for compositions |
309 then @{thm (concl) fun_quotient[no_vars]} |
370 of relations. However, we can prove all instances where @{text R\<^isub>1} and |
310 \end{lemma} |
371 @{text "R\<^isub>2"} are built up by constituent equivalence relations. |
311 |
|
312 Higher Order Logic |
|
313 |
|
314 |
|
315 |
|
316 {\it Say more about containers / maping functions } |
|
317 |
|
318 Such maps for most common types (list, pair, sum, |
|
319 option, \ldots) are described in Homeier, and we assume that @{text "map"} |
|
320 is the function that returns a map for a given type. |
|
321 |
|
322 {\it say something about our use of @{text "\<sigma>s"}} |
|
323 |
|
324 *} |
372 *} |
325 |
373 |
326 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
374 section {* Quotient Types and Quotient Definitions\label{sec:type} *} |
327 |
375 |
328 text {* |
376 text {* |
576 \noindent |
624 \noindent |
577 This constant just does not respect @{text "\<alpha>"}-equivalence and as |
625 This constant just does not respect @{text "\<alpha>"}-equivalence and as |
578 consequently no theorem involving this constant can be lifted to @{text |
626 consequently no theorem involving this constant can be lifted to @{text |
579 "\<alpha>"}-equated lambda terms. Homeier formulates the restrictions in terms of |
627 "\<alpha>"}-equated lambda terms. Homeier formulates the restrictions in terms of |
580 the properties of \emph{respectfullness} and \emph{preservation}. We have |
628 the properties of \emph{respectfullness} and \emph{preservation}. We have |
581 to slighlty extend Homeier's definitions in order to deal with quotient |
629 to slightly extend Homeier's definitions in order to deal with quotient |
582 compositions. |
630 compositions. |
583 |
631 |
584 To formally define what respectfulness is, we have to first define |
632 To formally define what respectfulness is, we have to first define |
585 the notion of \emph{aggregate equivalence relations}. |
633 the notion of \emph{aggregate equivalence relations}. |
586 |
634 |
587 @{text [display] "GIVE DEFINITION HERE"} |
635 TBD |
588 |
|
589 class returned by this constant depends only on the equivalence |
|
590 classes of the arguments applied to the constant. To automatically |
|
591 lift a theorem that talks about a raw constant, to a theorem about |
|
592 the quotient type a respectfulness theorem is required. |
|
593 |
|
594 A respectfulness condition for a constant can be expressed in |
|
595 terms of an aggregate relation between the constant and itself, |
|
596 for example the respectfullness for @{text "append"} |
|
597 can be stated as: |
|
598 |
|
599 @{text [display, indent=10] "(R \<doublearr> R \<doublearr> R) append append"} |
|
600 |
|
601 \noindent |
|
602 Which after unfolding the definition of @{term "op ===>"} is equivalent to: |
|
603 |
|
604 @{thm [display, indent=10] append_rsp_unfolded[no_vars]} |
|
605 |
|
606 \noindent An aggregate relation is defined in terms of relation |
|
607 composition, so we define it first: |
|
608 |
|
609 \begin{definition}[Composition of Relations] |
|
610 @{abbrev "rel_conj R1 R2"} where @{text OO} is the predicate |
|
611 composition @{thm pred_compI[no_vars]} |
|
612 \end{definition} |
|
613 |
|
614 The aggregate relation for an aggregate raw type and quotient type |
|
615 is defined as: |
|
616 |
636 |
617 \begin{itemize} |
637 \begin{itemize} |
618 \item @{text "REL(\<alpha>\<^isub>1, \<alpha>\<^isub>2)"} = @{text "op ="} |
638 \item @{text "REL(\<alpha>\<^isub>1, \<alpha>\<^isub>2)"} = @{text "op ="} |
619 \item @{text "REL(\<sigma>, \<sigma>)"} = @{text "op ="} |
639 \item @{text "REL(\<sigma>, \<sigma>)"} = @{text "op ="} |
620 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>n))\<kappa>)"} = @{text "(rel \<kappa>) (REL(\<sigma>\<^isub>1,\<tau>\<^isub>1)) \<dots> (REL(\<sigma>\<^isub>n,\<tau>\<^isub>n))"} |
640 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>n))\<kappa>)"} = @{text "(rel \<kappa>) (REL(\<sigma>\<^isub>1,\<tau>\<^isub>1)) \<dots> (REL(\<sigma>\<^isub>n,\<tau>\<^isub>n))"} |
621 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>\<^isub>1, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>m))\<kappa>\<^isub>2)"} = @{text "(rel \<kappa>\<^isub>1) (REL(\<rho>\<^isub>1,\<nu>\<^isub>1) \<dots> (REL(\<rho>\<^isub>p,\<nu>\<^isub>p) OOO Eqv_\<kappa>\<^isub>2"} provided @{text "\<eta> \<kappa>\<^isub>2 = (\<alpha>\<^isub>1\<dots>\<alpha>\<^isub>p)\<kappa>\<^isub>1 \<and> \<exists>s. s(\<sigma>s\<kappa>\<^isub>1)=\<rho>s\<kappa>\<^isub>1 \<and> s(\<tau>s\<kappa>\<^isub>2)=\<nu>s\<kappa>\<^isub>2"} |
641 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>\<^isub>1, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>m))\<kappa>\<^isub>2)"} = @{text "(rel \<kappa>\<^isub>1) (REL(\<rho>\<^isub>1,\<nu>\<^isub>1) \<dots> (REL(\<rho>\<^isub>p,\<nu>\<^isub>p) OOO Eqv_\<kappa>\<^isub>2"} provided @{text "\<eta> \<kappa>\<^isub>2 = (\<alpha>\<^isub>1\<dots>\<alpha>\<^isub>p)\<kappa>\<^isub>1 \<and> \<exists>s. s(\<sigma>s\<kappa>\<^isub>1)=\<rho>s\<kappa>\<^isub>1 \<and> s(\<tau>s\<kappa>\<^isub>2)=\<nu>s\<kappa>\<^isub>2"} |
622 |
|
623 \end{itemize} |
642 \end{itemize} |
|
643 |
|
644 class returned by this constant depends only on the equivalence |
|
645 classes of the arguments applied to the constant. To automatically |
|
646 lift a theorem that talks about a raw constant, to a theorem about |
|
647 the quotient type a respectfulness theorem is required. |
|
648 |
|
649 A respectfulness condition for a constant can be expressed in |
|
650 terms of an aggregate relation between the constant and itself, |
|
651 for example the respectfullness for @{text "append"} |
|
652 can be stated as: |
|
653 |
|
654 @{text [display, indent=10] "(\<approx>\<^bsub>list\<^esub> \<doublearr> \<approx>\<^bsub>list\<^esub> \<doublearr> \<approx>\<^bsub>list\<^esub>) append append"} |
|
655 |
|
656 \noindent |
|
657 Which after unfolding the definition of @{term "op ===>"} is equivalent to: |
|
658 |
|
659 @{thm [display, indent=10] append_rsp_unfolded[no_vars]} |
|
660 |
|
661 \noindent An aggregate relation is defined in terms of relation |
|
662 composition, so we define it first: |
|
663 |
|
664 |
|
665 |
|
666 The aggregate relation for an aggregate raw type and quotient type |
|
667 is defined as: |
|
668 |
624 |
669 |
625 Again, the last case is novel, so lets look at the example of |
670 Again, the last case is novel, so lets look at the example of |
626 respectfullness for @{term concat}. The statement according to |
671 respectfullness for @{term concat}. The statement according to |
627 the definition above is: |
672 the definition above is: |
628 |
673 |
666 For some constants (for example empty list) it is possible to show a |
708 For some constants (for example empty list) it is possible to show a |
667 general compositional theorem, but for @{term "op #"} it is necessary |
709 general compositional theorem, but for @{term "op #"} it is necessary |
668 to show that it respects the particular quotient type: |
710 to show that it respects the particular quotient type: |
669 |
711 |
670 @{thm [display, indent=10] insert_preserve2[no_vars]} |
712 @{thm [display, indent=10] insert_preserve2[no_vars]} |
671 *} |
713 |
672 |
714 {\it Composition of Quotient theorems} |
673 subsection {* Composition of Quotient theorems *} |
715 |
674 |
|
675 text {* |
|
676 Given two quotients, one of which quotients a container, and the |
716 Given two quotients, one of which quotients a container, and the |
677 other quotients the type in the container, we can write the |
717 other quotients the type in the container, we can write the |
678 composition of those quotients. To compose two quotient theorems |
718 composition of those quotients. To compose two quotient theorems |
679 we compose the relations with relation composition as defined above |
719 we compose the relations with relation composition as defined above |
680 and the abstraction and relation functions are the ones of the sub |
720 and the abstraction and relation functions are the ones of the sub |