112 Nominal Isabelle, then manual reasoning is not an option. |
112 Nominal Isabelle, then manual reasoning is not an option. |
113 |
113 |
114 The purpose of a \emph{quotient package} is to ease the lifting of theorems |
114 The purpose of a \emph{quotient package} is to ease the lifting of theorems |
115 and automate the definitions and reasoning as much as possible. In the |
115 and automate the definitions and reasoning as much as possible. In the |
116 context of HOL, there have been a few quotient packages already |
116 context of HOL, there have been a few quotient packages already |
117 \cite{harrison-thesis,Slotosch97}. The most notable is the one by Homeier |
117 \cite{harrison-thesis,Slotosch97}. The most notable one is by Homeier |
118 \cite{Homeier05} implemented in HOL4. The fundamental construction these |
118 \cite{Homeier05} implemented in HOL4. The fundamental construction these |
119 quotient packages perform can be illustrated by the following picture: |
119 quotient packages perform can be illustrated by the following picture: |
120 |
120 |
121 \begin{center} |
121 \begin{center} |
122 \mbox{}\hspace{20mm}\begin{tikzpicture} |
122 \mbox{}\hspace{20mm}\begin{tikzpicture} |
142 |
142 |
143 \end{tikzpicture} |
143 \end{tikzpicture} |
144 \end{center} |
144 \end{center} |
145 |
145 |
146 \noindent |
146 \noindent |
147 The starting point is an existing type, often referred to as the |
147 The starting point is an existing type, often referred to as the \emph{raw |
148 \emph{raw level}, over which an equivalence relation given by the user is |
148 type}, over which an equivalence relation given by the user is |
149 defined. With this input the package introduces a new type, to which we |
149 defined. With this input the package introduces a new type, to which we |
150 refer as the \emph{quotient level}. This type comes with an |
150 refer as the \emph{quotient type}. This type comes with an |
151 \emph{abstraction} and a \emph{representation} function, written @{text Abs} |
151 \emph{abstraction} and a \emph{representation} function, written @{text Abs} |
152 and @{text Rep}. These functions relate elements in the existing type to |
152 and @{text Rep}.\footnote{Actually they need to be derived from slightly |
153 ones in the new type and vice versa; they can be uniquely identified by |
153 more basic functions. We will show the details later. } These functions |
154 their type. For example for the integer quotient construction the types of |
154 relate elements in the existing type to ones in the new type and vice versa; |
155 @{text Abs} and @{text Rep} are |
155 they can be uniquely identified by their type. For example for the integer |
156 |
156 quotient construction the types of @{text Abs} and @{text Rep} are |
157 |
157 |
158 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
158 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
159 @{text "Abs::nat \<times> nat \<Rightarrow> int"}\hspace{10mm}@{text "Rep::int \<Rightarrow> nat \<times> nat"} |
159 @{text "Abs :: nat \<times> nat \<Rightarrow> int"}\hspace{10mm}@{text "Rep :: int \<Rightarrow> nat \<times> nat"} |
160 \end{isabelle} |
160 \end{isabelle} |
161 |
161 |
162 \noindent |
162 \noindent |
163 However we often leave this typing information implicit for better |
163 However we often leave this typing information implicit for better |
164 readability, but sometimes write @{text Abs_int} and @{text Rep_int} if the |
164 readability, but sometimes write @{text Abs_int} and @{text Rep_int} if the |
203 respectively). The problem is that the method used in the existing quotient |
203 respectively). The problem is that the method used in the existing quotient |
204 packages of just taking the representation of the arguments and then take |
204 packages of just taking the representation of the arguments and then take |
205 the abstraction of the result is \emph{not} enough. The reason is that case in case |
205 the abstraction of the result is \emph{not} enough. The reason is that case in case |
206 of @{text "\<Union>"} we obtain the incorrect definition |
206 of @{text "\<Union>"} we obtain the incorrect definition |
207 |
207 |
208 @{text [display, indent=10] "\<Union> S \<equiv> Abs (flat (Rep S))"} |
208 @{text [display, indent=10] "\<Union> S \<equiv> Abs_fset (flat (Rep_fset S))"} |
209 |
209 |
210 \noindent |
210 \noindent |
211 where the right-hand side is not even typable! This problem can be remedied in the |
211 where the right-hand side is not even typable! This problem can be remedied in the |
212 existing quotient packages by introducing an intermediate step and reasoning |
212 existing quotient packages by introducing an intermediate step and reasoning |
213 about flattening of lists of finite sets. However, this remedy is rather |
213 about flattening of lists of finite sets. However, this remedy is rather |
214 cumbersome and inelegant in light of our work, which can deal with such |
214 cumbersome and inelegant in light of our work, which can deal with such |
215 definitions directly. The solution is that we need to build aggregate |
215 definitions directly. The solution is that we need to build aggregate |
216 representation and abstraction functions, which in case of @{text "\<Union>"} |
216 representation and abstraction functions, which in case of @{text "\<Union>"} |
217 generate the following definition |
217 generate the following definition |
218 |
218 |
219 @{text [display, indent=10] "\<Union> S \<equiv> Abs (flat ((map Rep \<circ> Rep) S))"} |
219 @{text [display, indent=10] "\<Union> S \<equiv> Abs_fset (flat ((map Rep_fset \<circ> Rep_fset) S))"} |
220 |
220 |
221 \noindent |
221 \noindent |
222 where @{term map} is the usual mapping function for lists. In this paper we |
222 where @{term map} is the usual mapping function for lists. In this paper we |
223 will present a formal definition of our aggregate abstraction and |
223 will present a formal definition of our aggregate abstraction and |
224 representation functions (this definition was omitted in \cite{Homeier05}). |
224 representation functions (this definition was omitted in \cite{Homeier05}). |
292 @{text "|"} & @{text "c\<^isup>\<sigma>"} & \textrm{(constant)} \\ \nonumber |
292 @{text "|"} & @{text "c\<^isup>\<sigma>"} & \textrm{(constant)} \\ \nonumber |
293 @{text "|"} & @{text "t t"} & \textrm{(application)} \\ \nonumber |
293 @{text "|"} & @{text "t t"} & \textrm{(application)} \\ \nonumber |
294 @{text "|"} & @{text "\<lambda>x\<^isup>\<sigma>. t"} & \textrm{(abstraction)} \\ \nonumber |
294 @{text "|"} & @{text "\<lambda>x\<^isup>\<sigma>. t"} & \textrm{(abstraction)} \\ \nonumber |
295 \end{eqnarray} |
295 \end{eqnarray} |
296 |
296 |
|
297 {\it Say more about containers / maping functions } |
|
298 |
297 *} |
299 *} |
298 |
300 |
299 section {* Quotient Types and Lifting of Definitions *} |
301 section {* Quotient Types and Lifting of Definitions *} |
300 |
302 |
301 (* Say more about containers? *) |
303 text {* |
302 |
304 The first step in a quotient constructions is to take a name for the new |
303 text {* |
305 type, say @{text "\<kappa>\<^isub>q"}, and an equivalence relation defined over a |
|
306 raw type, say @{text "\<sigma>"}. The equivalence relation for the quotient |
|
307 construction, lets say @{text "R"}, must then be of type @{text "\<sigma> \<Rightarrow> \<sigma> \<Rightarrow> |
|
308 bool"}. Given this data, we can automatically declare the quotient type as |
|
309 |
|
310 |
|
311 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
312 \isacommand{typedef}~~@{text "\<alpha>s \<kappa>\<^isub>q = {c. \<exists>x. c = R x}"} |
|
313 \end{isabelle} |
|
314 |
|
315 \noindent |
|
316 being the set of equivalence classes of @{text "R"}. The restriction in this declaration |
|
317 is that the type variables in the raw type @{text "\<sigma>"} must be included in the |
|
318 type variables @{text "\<alpha>s"} declared for @{text "\<kappa>\<^isub>q"}. HOL will provide us |
|
319 with abstraction and representation functions having the type |
|
320 |
|
321 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
322 @{text "abs_\<kappa>\<^isub>q :: \<sigma> set \<Rightarrow> \<alpha>s \<kappa>\<^isub>q"}\hspace{10mm}@{text "rep_\<kappa>\<^isub>q :: \<alpha>s \<kappa>\<^isub>q \<Rightarrow> \<sigma> set"} |
|
323 \end{isabelle} |
|
324 |
|
325 \noindent |
|
326 relating the new quotient type and raw type. However, as Homeier noted, it is easier |
|
327 to work with the following derived definitions |
|
328 |
|
329 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
|
330 @{text "Abs_\<kappa>\<^isub>q x \<equiv> abs_\<kappa>\<^isub>q (R x)"}\hspace{10mm}@{text "Rep_\<kappa>\<^isub>q x \<equiv> \<epsilon> (rep_\<kappa>\<^isub>q x)"} |
|
331 \end{isabelle} |
|
332 |
|
333 \noindent |
|
334 on the expense of having to use Hilbert's choice operator @{text "\<epsilon>"}. With these |
|
335 definitions the abstraction and representation functions relate directly the |
|
336 quotient and raw types (their type is @{text "\<sigma> \<Rightarrow> \<alpha>s \<kappa>\<^isub>q"} and @{text "\<alpha>s \<kappa>\<^isub>q \<Rightarrow> \<sigma>"}, |
|
337 respectively). We can show that the property |
|
338 |
|
339 @{text [display, indent=10] "Quotient R Abs_\<kappa>\<^isub>q Rep_\<kappa>\<^isub>q"} |
|
340 |
|
341 \noindent |
|
342 holds (for the proof see \cite{Homeier05}). |
304 |
343 |
305 To define a constant on the lifted type, an aggregate abstraction |
344 To define a constant on the lifted type, an aggregate abstraction |
306 function is applied to the raw constant. Below we describe the operation |
345 function is applied to the raw constant. Below we describe the operation |
307 that generates |
346 that generates |
308 an aggregate @{term "Abs"} or @{term "Rep"} function given the |
347 an aggregate @{term "Abs"} or @{term "Rep"} function given the |
315 option, \ldots) are described in Homeier, and we assume that @{text "map"} |
354 option, \ldots) are described in Homeier, and we assume that @{text "map"} |
316 is the function that returns a map for a given type. Then REP/ABS is defined |
355 is the function that returns a map for a given type. Then REP/ABS is defined |
317 as follows: |
356 as follows: |
318 |
357 |
319 {\it the first argument is the raw type and the second argument the quotient type} |
358 {\it the first argument is the raw type and the second argument the quotient type} |
320 |
359 % |
321 |
|
322 \begin{center} |
360 \begin{center} |
323 \begin{tabular}{rcl} |
361 \begin{longtable}{rcl} |
324 |
|
325 % type variable case says that variables must be equal...therefore subsumed by the equal case below |
|
326 % |
|
327 %\multicolumn{3}{@ {\hspace{-4mm}}l}{type variables:}\\ |
|
328 %@{text "ABS (\<alpha>\<^isub>1, \<alpha>\<^isub>2)"} & $\dn$ & @{text "id"}\\ |
|
329 %@{text "REP (\<alpha>\<^isub>1, \<alpha>\<^isub>2)"} & $\dn$ & @{text "id"}\smallskip\\ |
|
330 |
|
331 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal types:}\\ |
362 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal types:}\\ |
332 @{text "ABS (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id"}\\ |
363 @{text "ABS (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id"}\\ |
333 @{text "REP (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id"}\smallskip\\ |
364 @{text "REP (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id"}\smallskip\\ |
334 \multicolumn{3}{@ {\hspace{-4mm}}l}{function types:}\\ |
365 \multicolumn{3}{@ {\hspace{-4mm}}l}{function types:}\\ |
335 @{text "ABS (\<sigma>\<^isub>1 \<Rightarrow> \<sigma>\<^isub>2, \<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2)"} & $\dn$ & @{text "REP (\<sigma>\<^isub>1, \<tau>\<^isub>1) \<singlearr> ABS (\<sigma>\<^isub>2, \<tau>\<^isub>2)"}\\ |
366 @{text "ABS (\<sigma>\<^isub>1 \<Rightarrow> \<sigma>\<^isub>2, \<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2)"} & $\dn$ & @{text "REP (\<sigma>\<^isub>1, \<tau>\<^isub>1) \<singlearr> ABS (\<sigma>\<^isub>2, \<tau>\<^isub>2)"}\\ |
336 @{text "REP (\<sigma>\<^isub>1 \<Rightarrow> \<sigma>\<^isub>2, \<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2)"} & $\dn$ & @{text "ABS (\<sigma>\<^isub>1, \<tau>\<^isub>1) \<singlearr> REP (\<sigma>\<^isub>2, \<tau>\<^isub>2)"}\smallskip\\ |
367 @{text "REP (\<sigma>\<^isub>1 \<Rightarrow> \<sigma>\<^isub>2, \<tau>\<^isub>1 \<Rightarrow> \<tau>\<^isub>2)"} & $\dn$ & @{text "ABS (\<sigma>\<^isub>1, \<tau>\<^isub>1) \<singlearr> REP (\<sigma>\<^isub>2, \<tau>\<^isub>2)"}\smallskip\\ |
337 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal type constructors:}\\ |
368 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal type constructors:}\\ |
338 @{text "ABS (\<sigma>s \<kappa>, \<tau>s \<kappa>)"} & $\dn$ & @{text "map_\<kappa> (ABS (\<sigma>s, \<tau>s))"}\\ |
369 @{text "ABS (\<sigma>s \<kappa>, \<tau>s \<kappa>)"} & $\dn$ & @{text "map_\<kappa> (ABS (\<sigma>s, \<tau>s))"}\\ |
339 @{text "REP (\<sigma>s \<kappa>, \<tau>s \<kappa>)"} & $\dn$ & @{text "map_\<kappa> (REP (\<sigma>s, \<tau>s))"}\smallskip\\ |
370 @{text "REP (\<sigma>s \<kappa>, \<tau>s \<kappa>)"} & $\dn$ & @{text "map_\<kappa> (REP (\<sigma>s, \<tau>s))"}\smallskip\\ |
340 \multicolumn{3}{@ {\hspace{-4mm}}l}{unequal type constructors:}\\ |
371 \multicolumn{3}{@ {\hspace{-4mm}}l}{unequal type constructors:}\\ |
341 @{text "ABS (\<sigma>s \<kappa>\<^isub>1, \<tau>s \<kappa>\<^isub>2)"} & $\dn$ & @{text "Abs_\<kappa>\<^isub>2 \<circ> (MAP(\<rho>s \<kappa>\<^isub>1) (ABS (\<sigma>s', \<tau>s')))"}\\ |
372 @{text "ABS (\<sigma>s \<kappa>, \<tau>s \<kappa>\<^isub>q)"} & $\dn$ & @{text "Abs_\<kappa>\<^isub>q \<circ> (MAP(\<rho>s \<kappa>) (ABS (\<sigma>s', \<tau>s')))"}\\ |
342 @{text "REP (\<sigma>s \<kappa>\<^isub>1, \<tau>s \<kappa>\<^isub>2)"} & $\dn$ & @{text "(MAP(\<rho>s \<kappa>\<^isub>1) (REP (\<sigma>s', \<tau>s'))) \<circ> Rep_\<kappa>\<^isub>2"}\\ |
373 @{text "REP (\<sigma>s \<kappa>, \<tau>s \<kappa>\<^isub>q)"} & $\dn$ & @{text "(MAP(\<rho>s \<kappa>) (REP (\<sigma>s', \<tau>s'))) \<circ> Rep_\<kappa>\<^isub>q"}\\ |
343 \end{tabular} |
374 \end{longtable} |
344 \end{center} |
375 \end{center} |
345 |
376 % |
346 \noindent |
377 \noindent |
347 where in the last two clauses we have that the quotient type @{text "\<alpha>s \<kappa>\<^isub>2"} is a quotient of |
378 where in the last two clauses we have that the quotient type @{text "\<alpha>s \<kappa>\<^isub>q"} is a quotient of |
348 the raw type @{text "\<rho>s \<kappa>\<^isub>1"} (for example @{text "\<alpha> fset"} and @{text "\<alpha> list"}). |
379 the raw type @{text "\<rho>s \<kappa>"} (for example @{text "\<alpha> fset"} and @{text "\<alpha> list"}). |
349 The quotient construction ensures that the type variables in @{text "\<rho>s"} |
380 The quotient construction ensures that the type variables in @{text "\<rho>s"} |
350 must be amongst the @{text "\<alpha>s"}. Now the @{text "\<sigma>s'"} are given by the matchers |
381 must be amongst the @{text "\<alpha>s"}. Now the @{text "\<sigma>s'"} are given by the matchers |
351 for the @{text "\<alpha>s"} |
382 for the @{text "\<alpha>s"} |
352 when matching @{text "\<sigma>s \<kappa>\<^isub>2"} against @{text "\<alpha>s \<kappa>\<^isub>2"}; similarly the @{text "\<tau>s'"} are given by the |
383 when matching @{text "\<sigma>s \<kappa>\<^isub>q"} against @{text "\<alpha>s \<kappa>\<^isub>q"}; similarly the @{text "\<tau>s'"} are given by the |
353 same type-variables when matching @{text "\<tau>s \<kappa>\<^isub>1"} against @{text "\<rho>s \<kappa>\<^isub>1"}. |
384 same type-variables when matching @{text "\<tau>s \<kappa>"} against @{text "\<rho>s \<kappa>"}. |
354 The function @{text "MAP"} calculates an \emph{aggregate map-function} for a type |
385 The function @{text "MAP"} calculates an \emph{aggregate map-function} for a type |
355 as follows: |
386 as follows: |
356 |
387 |
357 \begin{center} |
388 \begin{center} |
358 \begin{tabular}{rcl} |
389 \begin{tabular}{rcl} |