251 to a variable bound somewhere else, are not excluded by Ott, but we have |
251 to a variable bound somewhere else, are not excluded by Ott, but we have |
252 to). |
252 to). |
253 |
253 |
254 Our insistence on reasoning with alpha-equated terms comes from the |
254 Our insistence on reasoning with alpha-equated terms comes from the |
255 wealth of experience we gained with the older version of Nominal Isabelle: |
255 wealth of experience we gained with the older version of Nominal Isabelle: |
256 for non-trivial properties, reasoning about alpha-equated terms is much |
256 for non-trivial properties, reasoning with alpha-equated terms is much |
257 easier than reasoning with raw terms. The fundamental reason for this is |
257 easier than reasoning with raw terms. The fundamental reason for this is |
258 that the HOL-logic underlying Nominal Isabelle allows us to replace |
258 that the HOL-logic underlying Nominal Isabelle allows us to replace |
259 ``equals-by-equals''. In contrast, replacing |
259 ``equals-by-equals''. In contrast, replacing |
260 ``alpha-equals-by-alpha-equals'' in a representation based on raw terms |
260 ``alpha-equals-by-alpha-equals'' in a representation based on raw terms |
261 requires a lot of extra reasoning work. |
261 requires a lot of extra reasoning work. |
293 \end{center} |
293 \end{center} |
294 |
294 |
295 \noindent |
295 \noindent |
296 We take as the starting point a definition of raw terms (defined as a |
296 We take as the starting point a definition of raw terms (defined as a |
297 datatype in Isabelle/HOL); identify then the alpha-equivalence classes in |
297 datatype in Isabelle/HOL); identify then the alpha-equivalence classes in |
298 the type of sets of raw terms according to our alpha-equivalence relation |
298 the type of sets of raw terms according to our alpha-equivalence relation, |
299 and finally define the new type as these alpha-equivalence classes |
299 and finally define the new type as these alpha-equivalence classes |
300 (non-emptiness is satisfied whenever the raw terms are definable as datatype |
300 (non-emptiness is satisfied whenever the raw terms are definable as datatype |
301 in Isabelle/HOL and the property that our relation for alpha-equivalence is |
301 in Isabelle/HOL and the property that our relation for alpha-equivalence is |
302 indeed an equivalence relation). |
302 indeed an equivalence relation). |
303 |
303 |
493 We use for sets of atoms the abbreviation |
493 We use for sets of atoms the abbreviation |
494 @{thm (lhs) fresh_star_def[no_vars]}, defined as |
494 @{thm (lhs) fresh_star_def[no_vars]}, defined as |
495 @{thm (rhs) fresh_star_def[no_vars]}. |
495 @{thm (rhs) fresh_star_def[no_vars]}. |
496 A striking consequence of these definitions is that we can prove |
496 A striking consequence of these definitions is that we can prove |
497 without knowing anything about the structure of @{term x} that |
497 without knowing anything about the structure of @{term x} that |
498 swapping two fresh atoms, say @{text a} and @{text b}, leave |
498 swapping two fresh atoms, say @{text a} and @{text b}, leaves |
499 @{text x} unchanged. |
499 @{text x} unchanged: |
500 |
500 |
501 \begin{property}\label{swapfreshfresh} |
501 \begin{property}\label{swapfreshfresh} |
502 @{thm[mode=IfThen] swap_fresh_fresh[no_vars]} |
502 @{thm[mode=IfThen] swap_fresh_fresh[no_vars]} |
503 \end{property} |
503 \end{property} |
504 |
504 |
931 \end{tabular} |
931 \end{tabular} |
932 \end{center} |
932 \end{center} |
933 |
933 |
934 \noindent |
934 \noindent |
935 Similarly for the other binding modes. |
935 Similarly for the other binding modes. |
|
936 |
|
937 |
936 There are a few restrictions we need to impose: First, a body can only occur in |
938 There are a few restrictions we need to impose: First, a body can only occur in |
937 \emph{one} binding clause of a term constructor. |
939 \emph{one} binding clause of a term constructor. |
938 |
|
939 For binders we distinguish between \emph{shallow} and \emph{deep} binders. |
940 For binders we distinguish between \emph{shallow} and \emph{deep} binders. |
940 Shallow binders are just labels. The |
941 Shallow binders are just labels. The |
941 restrictions we need to impose on them are that in case of |
942 restriction we need to impose on them is that in case of |
942 \isacommand{bind\_set} and \isacommand{bind\_res} the labels must |
943 \isacommand{bind\_set} and \isacommand{bind\_res} the labels must |
943 either refer to atom types or to sets of atom types; in case of |
944 either refer to atom types or to sets of atom types; in case of |
944 \isacommand{bind} the labels must refer to atom types or lists of atom types. |
945 \isacommand{bind} the labels must refer to atom types or lists of atom types. |
945 Two examples for the use of shallow binders are the specification of |
946 Two examples for the use of shallow binders are the specification of |
946 lambda-terms, where a single name is bound, and type-schemes, where a finite |
947 lambda-terms, where a single name is bound, and type-schemes, where a finite |
965 \end{tabular} |
966 \end{tabular} |
966 \end{center} |
967 \end{center} |
967 |
968 |
968 \noindent |
969 \noindent |
969 Note that for @{text lam} it does not matter which binding mode we use. The reason is that |
970 Note that for @{text lam} it does not matter which binding mode we use. The reason is that |
970 we bind only a single @{text name}. However, having \isacommand{bind\_set}, or even |
971 we bind only a single @{text name}. However, having \isacommand{bind\_set} or |
971 \isacommand{bind}, in the second |
972 \isacommand{bind} in the second |
972 case changes the semantics of the specification. |
973 case changes the semantics of the specification. |
973 Note also that in these specifications @{text "name"} refers to an atom type, and |
974 Note also that in these specifications @{text "name"} refers to an atom type, and |
974 @{text "fset"} to the type of finite sets. |
975 @{text "fset"} to the type of finite sets. |
975 |
976 |
976 A \emph{deep} binder uses an auxiliary binding function that ``picks'' out |
977 A \emph{deep} binder uses an auxiliary binding function that ``picks'' out |
1004 \hspace{5mm}$\mid$~@{text "bn(PTup p\<^isub>1 p\<^isub>2) = bn(p\<^isub>1) @ bn(p\<^isub>2)"}\\ |
1005 \hspace{5mm}$\mid$~@{text "bn(PTup p\<^isub>1 p\<^isub>2) = bn(p\<^isub>1) @ bn(p\<^isub>2)"}\\ |
1005 \end{tabular}} |
1006 \end{tabular}} |
1006 \end{equation} |
1007 \end{equation} |
1007 |
1008 |
1008 \noindent |
1009 \noindent |
1009 In this specification the function @{text "bn"} determines which atoms of @{text p} are |
1010 In this specification the function @{text "bn"} determines which atoms of |
1010 bound in the argument @{text "t"}. Note that in the second-last @{text bn}-clause the |
1011 @{text p} are bound in the argument @{text "t"}. Note that in the |
1011 function @{text "atom"} |
1012 second-last @{text bn}-clause the function @{text "atom"} coerces a name |
1012 coerces a name into the generic atom type of Nominal Isabelle \cite{HuffmanUrban10}. |
1013 into the generic atom type of Nominal Isabelle \cite{HuffmanUrban10}. This |
1013 This allows |
1014 allows us to treat binders of different atom type uniformly. |
1014 us to treat binders of different atom type uniformly. |
1015 |
1015 |
1016 As said above, for deep binders we allow binding clauses such as |
1016 The most drastic restriction we have to impose on deep binders is that |
1017 % |
1017 we cannot have more than one binding function for one binder. Consider for example the |
|
1018 term-constructors: |
|
1019 |
|
1020 \begin{center} |
1018 \begin{center} |
1021 \begin{tabular}{ll} |
1019 \begin{tabular}{ll} |
1022 @{text "Foo\<^isub>1 p::pat t::trm"} & |
1020 @{text "Bar p::pat t::trm"} & |
1023 \isacommand{bind} @{text "bn\<^isub>1(p) bn\<^isub>2(p)"} \isacommand{in} @{text t}\\ |
|
1024 @{text "Foo\<^isub>2 x::name p::pat t::trm"} & |
|
1025 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text t}, ***\\ |
|
1026 \end{tabular} |
|
1027 \end{center} |
|
1028 |
|
1029 \noindent |
|
1030 In the first case the intention is to bind all atoms from the pattern @{text p} in @{text t} |
|
1031 and also all atoms from @{text q} in @{text t}. Unfortunately, we have no way |
|
1032 to determine whether the binder came from the binding function @{text |
|
1033 "bn(p)"} or @{text "bn(q)"}. Similarly in the second case. The reason why |
|
1034 we must exclude such specifications is that they cannot be represented by |
|
1035 the general binders described in Section \ref{sec:binders}. However |
|
1036 the following two term-constructors are allowed |
|
1037 |
|
1038 \begin{center} |
|
1039 \begin{tabular}{ll} |
|
1040 @{text "Bar\<^isub>1 p::pat t::trm s::trm"} & |
|
1041 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text "t s"}\\ |
|
1042 @{text "Bar\<^isub>2 p::pat t::trm"} & |
|
1043 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text "p t"}\\ |
1021 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text "p t"}\\ |
1044 \end{tabular} |
1022 \end{tabular} |
1045 \end{center} |
1023 \end{center} |
1046 |
1024 |
1047 \noindent |
1025 \noindent |
1048 since there is no overlap of binders. Unlike shallow binders, we restrict deep |
1026 where the argument of the deep binder is also in the body. We call such |
1049 binders to occur in only one binding clause. Therefore @{text "Bar\<^isub>2"} cannot |
1027 binders \emph{recursive}. To see the purpose of such recursive binders, |
1050 be reformulated as |
1028 compare ``plain'' @{text "Let"}s and @{text "Let_rec"}s in the following |
1051 |
1029 specification: |
1052 \begin{center} |
|
1053 \begin{tabular}{ll} |
|
1054 @{text "Bar\<^isub>3 p::pat t::trm"} & |
|
1055 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text "p"}, |
|
1056 \isacommand{bind} @{text "bn(p)"} \isacommand{in} @{text "t"}\\ |
|
1057 \end{tabular} |
|
1058 \end{center} |
|
1059 |
|
1060 Note that in the @{text "Bar\<^isub>2"}, we wrote \isacommand{bind}~@{text |
|
1061 "bn(p)"}~\isacommand{in}~@{text "p.."}. Whenever such a binding clause |
|
1062 is present, where the argument in the binder also occurs in the body, we will |
|
1063 call the corresponding binder \emph{recursive}. To see the |
|
1064 purpose of such recursive binders, compare ``plain'' @{text "Let"}s and |
|
1065 @{text "Let_rec"}s in the following specification: |
|
1066 % |
1030 % |
1067 \begin{equation}\label{letrecs} |
1031 \begin{equation}\label{letrecs} |
1068 \mbox{% |
1032 \mbox{% |
1069 \begin{tabular}{@ {}l@ {}} |
1033 \begin{tabular}{@ {}l@ {}} |
1070 \isacommand{nominal\_datatype}~@{text "trm ="}\\ |
1034 \isacommand{nominal\_datatype}~@{text "trm ="}\\ |
1086 The difference is that with @{text Let} we only want to bind the atoms @{text |
1050 The difference is that with @{text Let} we only want to bind the atoms @{text |
1087 "bn(as)"} in the term @{text t}, but with @{text "Let_rec"} we also want to bind the atoms |
1051 "bn(as)"} in the term @{text t}, but with @{text "Let_rec"} we also want to bind the atoms |
1088 inside the assignment. This difference has consequences for the free-variable |
1052 inside the assignment. This difference has consequences for the free-variable |
1089 function and alpha-equivalence relation, which we are going to describe in the |
1053 function and alpha-equivalence relation, which we are going to describe in the |
1090 rest of this section. |
1054 rest of this section. |
|
1055 |
|
1056 The restriction we have to impose on deep binders is that we cannot have |
|
1057 more than one binding function for one binder. So we exclude: |
|
1058 |
|
1059 \begin{center} |
|
1060 \begin{tabular}{ll} |
|
1061 @{text "Baz p::pat t::trm"} & |
|
1062 \isacommand{bind} @{text "bn\<^isub>1(p) bn\<^isub>2(p)"} \isacommand{in} @{text t}\\ |
|
1063 \end{tabular} |
|
1064 \end{center} |
|
1065 |
|
1066 \noindent |
|
1067 The reason why we must exclude such specifications is that they cannot be |
|
1068 represented by the general binders described in Section |
|
1069 \ref{sec:binders}. Unlike shallow binders, we restrict deep binders to occur |
|
1070 in only one binding clause. |
1091 |
1071 |
1092 We also need to restrict the form of the binding functions. As will shortly |
1072 We also need to restrict the form of the binding functions. As will shortly |
1093 become clear, we cannot return an atom in a binding function that is also |
1073 become clear, we cannot return an atom in a binding function that is also |
1094 bound in the corresponding term-constructor. That means in the example |
1074 bound in the corresponding term-constructor. That means in the example |
1095 \eqref{letpat} that the term-constructors @{text PVar} and @{text PTup} may |
1075 \eqref{letpat} that the term-constructors @{text PVar} and @{text PTup} may |
1102 (as in case @{text PNil}), a singleton set or singleton list containing an |
1082 (as in case @{text PNil}), a singleton set or singleton list containing an |
1103 atom (case @{text PVar}), or unions of atom sets or appended atom lists |
1083 atom (case @{text PVar}), or unions of atom sets or appended atom lists |
1104 (case @{text PTup}). This restriction will simplify some automatic proofs |
1084 (case @{text PTup}). This restriction will simplify some automatic proofs |
1105 later on. |
1085 later on. |
1106 |
1086 |
1107 In order to simplify some later definitions, we shall assume specifications |
1087 In order to simplify later definitions, we shall assume specifications |
1108 of term-calculi are \emph{completed}. By this we mean that |
1088 of term-calculi are \emph{completed}. By this we mean that |
1109 for every argument of a term-constructor that is \emph{not} |
1089 for every argument of a term-constructor that is \emph{not} |
1110 already part of a binding clause, we add implicitly a special \emph{empty} binding |
1090 already part of a binding clause, we add implicitly a special \emph{empty} binding |
1111 clause, written \isacommand{bind}~@{term "{}"}~\isacommand{in}~@{text "label"}. In case |
1091 clause, written \isacommand{bind}~@{term "{}"}~\isacommand{in}~@{text "label"}. In case |
1112 of the lambda-calculus, the completion produces |
1092 of the lambda-calculus, the completion produces |