nominal2: comparison Quotient-Paper-jv/Paper.thy

equal deleted inserted replaced

-:0fb396ae137a
+:80e2fb39332b
 fun minus_pair :: "(nat \<times> nat) \<Rightarrow> (nat \<times> nat)"
 where "minus_pair (n, m) = (m, n)"
 fun
-intrel :: "(nat \<times> nat) \<Rightarrow> (nat \<times> nat) \<Rightarrow> bool"
+intrel :: "(nat \<times> nat) \<Rightarrow> (nat \<times> nat) \<Rightarrow> bool" ("_ \<approx> _" [50, 50] 50)
 where
 "intrel (x, y) (u, v) = (x + v = u + y)"
 (*>*)
 @{thm add_pair.simps[where ?n1.0="n\<^isub>1" and ?n2.0="n\<^isub>2" and ?m1.0="m\<^isub>1" and ?m2.0="m\<^isub>2", THEN eq_reflection]}%
 \hfill\numbered{addpair}
 \end{isabelle}
 \noindent
-Negation on integers is defined in terms of swapping on pairs:
+Negation on integers is defined in terms of swapping of pairs:
 \begin{isabelle}\ \ \ \ \ %%%
 @{thm minus_pair.simps[where ?n="n" and ?m="m", THEN eq_reflection]}%
 \hfill\numbered{minuspair}
 \end{isabelle}
 \begin{isabelle}\ \ \ \ \ %%%
 @{text "(n\<^isub>1, n\<^isub>2) \<approx> (m\<^isub>1, m\<^isub>2) \<equiv> n\<^isub>1 * m\<^isub>2 = m\<^isub>1 * n\<^isub>2"}\hfill\numbered{ratpairequiv}
 \end{isabelle}
 \noindent
-where @{text "n\<^isub>2"} and @{text "m\<^isub>2"} are not zero.
+where @{text "n\<^isub>2"} and @{text "m\<^isub>2"} are not allowed to be zero.
 The difficulty is that in order to be able to reason about integers,
-finite sets, $\alpha$-equated lambda-terms and rational numbers one
+finite sets, etc.~one needs to establish a reasoning infrastructure
-needs to establish a reasoning infrastructure by transferring, or
+by transferring, or \emph{lifting}, definitions and theorems from
-\emph{lifting}, definitions and theorems from the raw type @{typ
+the raw type @{typ "nat \<times> nat"} to the quotient type @{typ int}
-"nat \<times> nat"} to the quotient type @{typ int} (similarly for finite
+(similarly for finite sets, $\alpha$-equated lambda-terms and
-sets, $\alpha$-equated lambda-terms and rational numbers). This
+rational numbers). This lifting usually requires a reasoning effort
-lifting usually requires a reasoning effort that can be repetitive
+that can be rather repetitive and involves explicit conversions
-and involves explicit mediation between the quotient and raw level
+between the quotient and raw level in form of abstraction and
-\cite{Paulson06}.  In principle it is feasible to do this work
+representation functions \cite{Paulson06}.  In principle it is feasible to do this
-manually, if one has only a few quotient constructions at hand. But
+work manually if one has only a few quotient constructions at
-if they have to be done over and over again, as in Nominal Isabelle,
+hand. But if they have to be done over and over again, as in Nominal
-then manual reasoning is not an option.
+Isabelle, then manual reasoning is not an option.
-The purpose of a \emph{quotient package} is to ease the lifting of theorems
+The purpose of a \emph{quotient package} is to ease the lifting of
-and automate the reasoning as much as possible. Before we delve into the
+theorems and automate the reasoning as much as possible. Before we
-details, let us show how the user interacts with our quotient package
+delve into the details, let us show how the user interacts with our
-when defining integers. We assume the definitions involving pairs
+quotient package when defining integers. We assume the definitions
-of natural numbers shown in \eqref{natpairequiv}, \eqref{addpair} and
+involving pairs of natural numbers shown in \eqref{natpairequiv},
-\eqref{minuspair} have already been made. A quotient can be introduced by declaring
+\eqref{addpair} and \eqref{minuspair} have already been made. A
-the new type (in this case @{typ int}), the raw type (@{typ "nat * nat"}) and the
+quotient can then be introduced by declaring the new type (in this case
-equivalence relation (@{text intrel} defined in \eqref{natpairequiv}).
+@{typ int}), the raw type (that is @{typ "nat \<times> nat"}) and the
+equivalence relation (that is @{text intrel} defined in
+\eqref{natpairequiv}).
 *}
 quotient_type int = "nat \<times> nat" / intrel
 txt {*
 \noindent
 This declaration requires the user to prove that @{text intrel} is
-indeed an equivalence relation, whereby the notion of an equivalence
+indeed an equivalence relation, whereby an equivalence
-relation is defined as usual in terms of reflexivity, symmetry and
+relation is defined as one that is reflexive, symmetric and
-transitivity.  This proof obligation can thus be discharged by
+transitive.  This proof obligation can thus be discharged by
 unfolding the definitions and using the standard automatic proving
-tactic in Isabelle.
+tactic in Isabelle/HOL.
 *}
 unfolding equivp_reflp_symp_transp
 unfolding reflp_def symp_def transp_def
 by auto
 (*<*)
 instantiation int :: "{zero, one, plus, uminus}"
 begin
 (*>*)
 text {*
 \noindent
-Next we can declare the constants zero and one for the quotient type @{text int}.
+Next we can declare the constants @{text "0"} and @{text "1"} for the
+quotient type @{text int}.
 *}
 quotient_definition
 "0 \<Colon> int"  is  "(0\<Colon>nat, 0\<Colon>nat)" .
 quotient_definition
 "1 \<Colon> int"  is  "(1\<Colon>nat, 0\<Colon>nat)" .
 text {*
 \noindent
-To be useful and to state some properties, we also need to declare
+To be useful, we can also need declare two operations for adding two
-two operations for adding two integers (written infix as @{text "_ + _"}) and negating
+integers (written @{text plus}) and negating an integer
-an integer (written @{text "uminus _"} or @{text "- _"}).
+(written @{text "uminus"}).
 *}
 quotient_definition
-"(op +) \<Colon> int \<Rightarrow> int \<Rightarrow> int"  is  add_pair
+"plus \<Colon> int \<Rightarrow> int \<Rightarrow> int"  is  add_pair
 by auto
 quotient_definition
 "uminus \<Colon> int \<Rightarrow> int"  is  minus_pair
 by auto
 end
 (*>*)
 text {*
 \noindent
-In both cases we have to discharge a proof-obligation which ensures
+Isabelle/HOL can introduce some convenient short-hand notation for these
-that the operations a \emph{respectful}. This property ensures that
+operations allowing the user to write
-the operations are well-defined on the quotient level (a formal
+addition as infix operation, for example @{text "i + j"}, and
-definition will be given later). Both proofs can again be solved by
+negation as prefix operation, for example @{text "- i"}.  In both
-the automatic proving tactic in Isabelle.
+cases, however, the declaration requires the user to discharge a
+proof-obligation which ensures that the operations a
+\emph{respectful}. This property ensures that the operations are
+well-defined on the quotient level (a formal definition of
+respectfulness will be given later). Both proofs can be solved by
+the automatic proving tactic in Isabelle/HOL.
+Besides helping with declarations of quotient types and definitions
+of constants, the point of a quotient package is to help with
+proving properties about quotient types. For example we might be
+interested in the usual property that zero is an ???. This property
+can be stated as follows:
+*}
+lemma zero_add:
+shows "0 + i = (i::int)"
+proof(descending)
+txt {*
+\noindent
+The tactic @{text "descending"} automatically transfers this property of integers
+to a proof-obligation involving pairs of @{typ nat}s. (There is also
+a tactic, called @{text lifting}, which automatically transfers properties
+from the raw level to the quotient type.) In case of lemma @{text "zero_add"}
+we obtain the subgoal
+\begin{isabelle}\ \ \ \ \ %%%
+@{text "add_pair (0, 0) i \<approx> i"}
+\end{isabelle}
+\noindent
+which can be solved again by the automatic proving tactic @{text "auto"}, as follows
+*}
+qed(auto)
+text {*
+In this simple example the task of the user is to state the property for integers
+and use the quotient package and automatic proving tools of Isabelle/HOL to do
+the ``rest''. A more interesting example is to establish an induction principle for
+integers. For this we first establish the following induction principle where the
+induction proceeds over two natural numbers.
+*}
+lemma nat_induct2:
+assumes "P 0 0"
+and     "\<And>n m. P n m \<Longrightarrow> P (Suc n) m"
+and     "\<And>n m. P n m \<Longrightarrow> P n (Suc m)"
+shows   "P n m"
+using assms
+by (induction_schema) (pat_completeness, lexicographic_order)
+text {*
+\noindent
+The symbol @{text "\<And>"} stands for Isabelle/HOL's universal quantifier and
+@{text "\<Longrightarrow>"} for its implication.
+As can be seen, this induction principle can be conveniently established using the
+reasoning infrastructure of the function package \cite{???}, which
+provides the tactics @{text "induction_schema"}, @{text "pat_completeness"}
+and @{text "lexicographic_order"}. These tactics enable Isabelle/HOL
+to use well-founded induction to prove @{text "nat_induct2"}. Our
+quotient package can now be used to prove the following property:
+*}
+lemma int_induct:
+assumes "P 0"
+and     "\<And>i. P i \<Longrightarrow> P (i + 1)"
+and     "\<And>i. P i \<Longrightarrow> P (i + (- 1))"
+shows   "P (j::int)"
+using assms
+proof (descending)
+txt {*
+\noindent
+The @{text descending} tactic transfers it to the following proof
+obligation on the raw level.
+@{subgoals[display]}
+\noindent
+Note that the variable @{text "j"} in this subgoal is of type
+@{text "nat \<times> nat"}. This subgoal cannot be proved automatically by
+@{text auto}, but if we give it the hint to use @{text nat_induct2},
+then @{text auto} can discharge it as follows.
+*}
+qed (auto intro: nat_induct2)
+text {*
+This completes the proof of the induction principle
+for integers. Isabelle/HOL would allow us to inspect the
+detailed reasoning steps involved which would confirm that
+@{text "int_induct"} has been proved from ``first-principles''
+by transforming the property over the quotient type @{text int}
+to a corresponding property one on the raw level.
 In the
 context of HOL, there have been a few quotient packages already
 \cite{harrison-thesis,Slotosch97}. The most notable one is by Homeier
 \cite{Homeier05} implemented in HOL4.  The fundamental construction these

changeset 3156	80e2fb39332b
parent 3151	16e6140225af