51 why Nominal Isabelle and similar theorem provers that only provide |
51 why Nominal Isabelle and similar theorem provers that only provide |
52 mechanisms for binding single variables have not fared extremely well with the |
52 mechanisms for binding single variables have not fared extremely well with the |
53 more advanced tasks in the POPLmark challenge \cite{challenge05}, because |
53 more advanced tasks in the POPLmark challenge \cite{challenge05}, because |
54 also there one would like to bind multiple variables at once. |
54 also there one would like to bind multiple variables at once. |
55 |
55 |
56 Binding multiple variables has interesting properties that are not captured |
56 Binding multiple variables has interesting properties that cannot be captured |
57 by iterating single binders. For example in the case of type-schemes we do not |
57 easily by iterating single binders. For example in the case of type-schemes we do not |
58 like to make a distinction about the order of the bound variables. Therefore |
58 like to make a distinction about the order of the bound variables. Therefore |
59 we would like to regard the following two type-schemes as alpha-equivalent |
59 we would like to regard the following two type-schemes as alpha-equivalent |
60 % |
60 % |
61 \begin{equation}\label{ex1} |
61 \begin{equation}\label{ex1} |
62 \forall \{x, y\}. x \rightarrow y \;\approx_\alpha\; \forall \{y, x\}. y \rightarrow x |
62 \forall \{x, y\}. x \rightarrow y \;\approx_\alpha\; \forall \{y, x\}. y \rightarrow x |
150 where the notation $[\_\!\_].\_\!\_$ indicates that the $x_i$ become bound |
150 where the notation $[\_\!\_].\_\!\_$ indicates that the $x_i$ become bound |
151 in $s$. In this representation the term \mbox{$\LET [x].s\;\;[t_1,t_2]$} |
151 in $s$. In this representation the term \mbox{$\LET [x].s\;\;[t_1,t_2]$} |
152 would be a perfectly legal instance. To exclude such terms an additional |
152 would be a perfectly legal instance. To exclude such terms an additional |
153 predicate about well-formed terms is needed in order to ensure that the two |
153 predicate about well-formed terms is needed in order to ensure that the two |
154 lists are of equal length. This can result into very messy reasoning (see |
154 lists are of equal length. This can result into very messy reasoning (see |
155 for example~\cite{BengtsonParow09}). To avoid this, we will allow specifications |
155 for example~\cite{BengtsonParow09}). To avoid this, we will allow type specifications |
156 for $\mathtt{let}$s as follows |
156 for $\mathtt{let}$s as follows |
157 |
157 |
158 \begin{center} |
158 \begin{center} |
159 \begin{tabular}{r@ {\hspace{2mm}}r@ {\hspace{2mm}}l} |
159 \begin{tabular}{r@ {\hspace{2mm}}r@ {\hspace{2mm}}l} |
160 $trm$ & $::=$ & \ldots\\ |
160 $trm$ & $::=$ & \ldots\\ |
163 & $\mid$ & $\mathtt{acons}\;\;name\;\;trm\;\;assn$ |
163 & $\mid$ & $\mathtt{acons}\;\;name\;\;trm\;\;assn$ |
164 \end{tabular} |
164 \end{tabular} |
165 \end{center} |
165 \end{center} |
166 |
166 |
167 \noindent |
167 \noindent |
168 where $assn$ is an auxiliary type representing a list of assignments |
168 where $assn$ is an auxiliary type representing a list of assignments |
169 and $bn$ an auxiliary function identifying the variables to be bound by |
169 and $bn$ an auxiliary function identifying the variables to be bound by |
170 the $\mathtt{let}$. This function is defined by recursion over $assn$ as follows |
170 the $\mathtt{let}$. This function is defined by recursion over $assn$ as follows |
171 |
171 |
172 \begin{center} |
172 \begin{center} |
173 $bn\,(\mathtt{anil}) = \varnothing \qquad bn\,(\mathtt{acons}\;x\;t\;as) = \{x\} \cup bn\,(as)$ |
173 $bn\,(\mathtt{anil}) = \varnothing \qquad bn\,(\mathtt{acons}\;x\;t\;as) = \{x\} \cup bn\,(as)$ |
174 \end{center} |
174 \end{center} |
175 |
175 |
176 \noindent |
176 \noindent |
177 The scope of the binding is indicated by labels given to the types, for |
177 The scope of the binding is indicated by labels given to the types, for |
178 example \mbox{$s\!::\!trm$}, and a binding clause, in this case |
178 example \mbox{$s\!::\!trm$}, and a binding clause, in this case |
179 $\mathtt{bind}\;bn\,(a) \IN s$, that states to bind all the names the function |
179 $\mathtt{bind}\;bn\,(a) \IN s$, that states to bind in $s$ all the names the |
180 $bn$ returns in $s$. This style of specifying terms and bindings is heavily |
180 function $bn\,(a)$ returns. This style of specifying terms and bindings is |
181 inspired by the syntax of the Ott-tool \cite{ott-jfp}. |
181 heavily inspired by the syntax of the Ott-tool \cite{ott-jfp}. |
182 |
182 |
183 However, we will not be able to deal with all specifications that are |
183 However, we will not be able to deal with all specifications that are |
184 allowed by Ott. One reason is that Ott allows ``empty'' specifications |
184 allowed by Ott. One reason is that Ott allows ``empty'' specifications |
185 like |
185 like |
186 |
186 |
187 \begin{center} |
187 \begin{center} |
188 $t ::= t\;t \mid \lambda x. t$ |
188 $t ::= t\;t \mid \lambda x. t$ |
189 \end{center} |
189 \end{center} |
190 |
190 |
191 \noindent |
191 \noindent |
192 where no clause for variables is given. Such specifications make sense in |
192 where no clause for variables is given. Such specifications make some sense in |
193 the context of Coq's type theory (which Ott supports), but not in a HOL-based |
193 the context of Coq's type theory (which Ott supports), but not at al in a HOL-based |
194 theorem prover where every datatype must have a non-empty set-theoretic model. |
194 theorem prover where every datatype must have a non-empty set-theoretic model. |
195 |
195 |
196 Another reason is that we establish the reasoning infrastructure |
196 Another reason is that we establish the reasoning infrastructure |
197 for alpha-\emph{equated} terms. In contrast, Ott produces a reasoning |
197 for alpha-\emph{equated} terms. In contrast, Ott produces a reasoning |
198 infrastructure in Isabelle/HOL for |
198 infrastructure in Isabelle/HOL for |
251 |
251 |
252 \end{tikzpicture} |
252 \end{tikzpicture} |
253 \end{center} |
253 \end{center} |
254 |
254 |
255 \noindent |
255 \noindent |
256 We take as the starting point a definition of raw terms (being defined as a |
256 We take as the starting point a definition of raw terms (defined as a |
257 datatype in Isabelle/HOL); identify then the |
257 datatype in Isabelle/HOL); identify then the |
258 alpha-equivalence classes in the type of sets of raw terms, according to our |
258 alpha-equivalence classes in the type of sets of raw terms, according to our |
259 alpha-equivalence relation and finally define the new type as these |
259 alpha-equivalence relation and finally define the new type as these |
260 alpha-equivalence classes (non-emptiness is satisfied whenever the raw terms are |
260 alpha-equivalence classes (non-emptiness is satisfied whenever the raw terms are |
261 definable as datatype in Isabelle/HOL and the fact that our relation for alpha is an |
261 definable as datatype in Isabelle/HOL and the fact that our relation for alpha is an |
262 equivalence relation). |
262 equivalence relation). |
263 |
263 |
264 The fact that we obtain an isomorphism between between the new type and the non-empty |
264 The fact that we obtain an isomorphism between between the new type and the non-empty |
265 subset shows that the new type is a faithful representation of alpha-equated terms. |
265 subset shows that the new type is a faithful representation of alpha-equated terms. |
266 That is different for example in the representation of terms using the locally |
266 That is not the case for example in the representation of terms using the locally |
267 nameless representation of binders: there are non-well-formed terms that need to |
267 nameless representation of binders \cite{McKinnaPollack99}: there are ``junk'' terms that need to |
268 be excluded by reasoning about a well-formedness predicate. |
268 be excluded by reasoning about a well-formedness predicate. |
269 |
269 |
270 The problem with introducing a new type in Isabelle/HOL is that in order to be useful |
270 The problem with introducing a new type in Isabelle/HOL is that in order to be useful, |
271 a reasoning infrastructure needs to be ``lifted'' from the underlying subset to |
271 a reasoning infrastructure needs to be ``lifted'' from the underlying subset to |
272 the new type. This is usually a tricky and arduous task. To ease it |
272 the new type. This is usually a tricky and arduous task. To ease it |
273 we reimplemented in Isabelle/HOL the quotient package described by Homeier |
273 we re-implemented in Isabelle/HOL the quotient package described by Homeier |
274 \cite{Homeier05}. Given that alpha is an equivalence relation, this package |
274 \cite{Homeier05}. This package |
275 allows us to automatically lift definitions and theorems involving raw terms |
275 allows us to lift definitions and theorems involving raw terms |
276 to definitions and theorems involving alpha-equated terms. This of course |
276 to definitions and theorems involving alpha-equated terms. For example |
277 only works if the definitions and theorems are respectful w.r.t.~alpha-equivalence. |
277 if we define the free-variable function over lambda terms |
278 Hence we will be able to lift, for instance, the function for free |
278 |
279 variables of raw terms to alpha-equated terms (since this function respects |
279 \begin{center} |
280 alpha-equivalence), but we will not be able to do this with a bound-variable |
280 $\fv(x) = \{x\}$\hspace{10mm} |
281 function (since it does not respect alpha-equivalence). As a result, each |
281 $\fv(t_1\;t_2) = \fv(t_1) \cup \fv(t_2)$\\[1mm] |
282 lifting needs some respectfulness proofs which we automated.\medskip |
282 $\fv(\lambda x.t) = \fv(t) - \{x\}$ |
|
283 \end{center} |
|
284 |
|
285 \noindent |
|
286 then with not too great effort we obtain a function $\fv_\alpha$ |
|
287 operating on quotients, or alpha-equivalence classes of terms, as follows |
|
288 |
|
289 \begin{center} |
|
290 $\fv_\alpha(x) = \{x\}$\hspace{10mm} |
|
291 $\fv_\alpha(t_1\;t_2) = \fv_\alpha(t_1) \cup \fv_\alpha(t_2)$\\[1mm] |
|
292 $\fv_\alpha(\lambda x.t) = \fv_\alpha(t) - \{x\}$ |
|
293 \end{center} |
|
294 |
|
295 \noindent |
|
296 (Note that this means also the term-constructors for variables, applications |
|
297 and lambda are lifted to the quotient level.) This construction, of course, |
|
298 only works if alpha is an equivalence relation, and the definitions and theorems |
|
299 are respectful w.r.t.~alpha-equivalence. Hence we will not be able to lift this |
|
300 a bound-variable function to alpha-equated terms (since it does not respect |
|
301 alpha-equivalence). To sum up, every lifting needs proofs of some respectfulness |
|
302 properties. These proofs we are able automate and therefore establish a |
|
303 useful reasoning infrastructure for alpha-equated lambda terms.\medskip |
|
304 |
283 |
305 |
284 \noindent |
306 \noindent |
285 {\bf Contributions:} We provide new definitions for when terms |
307 {\bf Contributions:} We provide new definitions for when terms |
286 involving multiple binders are alpha-equivalent. These definitions are |
308 involving multiple binders are alpha-equivalent. These definitions are |
287 inspired by earlier work of Pitts \cite{}. By means of automatic |
309 inspired by earlier work of Pitts \cite{}. By means of automatic |