111 sets or $\alpha$-equated lambda-terms one needs to establish a reasoning |
111 sets or $\alpha$-equated lambda-terms one needs to establish a reasoning |
112 infrastructure by transferring, or \emph{lifting}, definitions and theorems |
112 infrastructure by transferring, or \emph{lifting}, definitions and theorems |
113 from the raw type @{typ "nat \<times> nat"} to the quotient type @{typ int} |
113 from the raw type @{typ "nat \<times> nat"} to the quotient type @{typ int} |
114 (similarly for finite sets and $\alpha$-equated lambda-terms). This lifting |
114 (similarly for finite sets and $\alpha$-equated lambda-terms). This lifting |
115 usually requires a \emph{lot} of tedious reasoning effort \cite{Paulson06}. |
115 usually requires a \emph{lot} of tedious reasoning effort \cite{Paulson06}. |
116 It is feasible to to this work manually, if one has only a few quotient |
116 It is feasible to do this work manually, if one has only a few quotient |
117 constructions at hand. But if they have to be done over and over again, as in |
117 constructions at hand. But if they have to be done over and over again, as in |
118 Nominal Isabelle, then manual reasoning is not an option. |
118 Nominal Isabelle, then manual reasoning is not an option. |
119 |
119 |
120 The purpose of a \emph{quotient package} is to ease the lifting of theorems |
120 The purpose of a \emph{quotient package} is to ease the lifting of theorems |
121 and automate the reasoning as much as possible. In the |
121 and automate the reasoning as much as possible. In the |
156 refer as the \emph{quotient type}. This type comes with an |
156 refer as the \emph{quotient type}. This type comes with an |
157 \emph{abstraction} and a \emph{representation} function, written @{text Abs} |
157 \emph{abstraction} and a \emph{representation} function, written @{text Abs} |
158 and @{text Rep}.\footnote{Actually slightly more basic functions are given; |
158 and @{text Rep}.\footnote{Actually slightly more basic functions are given; |
159 the functions @{text Abs} and @{text Rep} need to be derived from them. We |
159 the functions @{text Abs} and @{text Rep} need to be derived from them. We |
160 will show the details later. } These functions relate elements in the |
160 will show the details later. } These functions relate elements in the |
161 existing type to ones in the new type and vice versa; they can be uniquely |
161 existing type to elements in the new type and vice versa; they can be uniquely |
162 identified by their type. For example for the integer quotient construction |
162 identified by their type. For example for the integer quotient construction |
163 the types of @{text Abs} and @{text Rep} are |
163 the types of @{text Abs} and @{text Rep} are |
164 |
164 |
165 |
165 |
166 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
166 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
234 according to the type of the raw constant and the type |
234 according to the type of the raw constant and the type |
235 of the quotient constant. This means we also have to extend the notions |
235 of the quotient constant. This means we also have to extend the notions |
236 of \emph{aggregate equivalence relation}, \emph{respectfulness} and \emph{preservation} |
236 of \emph{aggregate equivalence relation}, \emph{respectfulness} and \emph{preservation} |
237 from Homeier \cite{Homeier05}. |
237 from Homeier \cite{Homeier05}. |
238 |
238 |
239 We are also able to address the criticism by Paulson \cite{Paulson06} cited |
239 In addition we are able to address the criticism by Paulson \cite{Paulson06} cited |
240 at the beginning of this section about having to collect theorems that are |
240 at the beginning of this section about having to collect theorems that are |
241 lifted from the raw level to the quotient level into one giant list. Our |
241 lifted from the raw level to the quotient level into one giant list. Our |
242 quotient package is the first one that is modular so that it allows to lift |
242 quotient package is the first one that is modular so that it allows to lift |
243 single theorems separately. This has the advantage for the user to develop a |
243 single theorems separately. This has the advantage for the user of being able to develop a |
244 formal theory interactively an a natural progression. A pleasing result of |
244 formal theory interactively as a natural progression. A pleasing side-result of |
245 the modularity is also that we are able to clearly specify what needs to be |
245 the modularity is that we are able to clearly specify what needs to be |
246 done in the lifting process (this was only hinted at in \cite{Homeier05} and |
246 done in the lifting process (this was only hinted at in \cite{Homeier05} and |
247 implemented as a ``rough recipe'' in ML-code). |
247 implemented as a ``rough recipe'' in ML-code). |
248 |
248 |
249 |
249 |
250 The paper is organised as follows: Section \ref{sec:prelims} presents briefly |
250 The paper is organised as follows: Section \ref{sec:prelims} presents briefly |
251 some necessary preliminaries; Section \ref{sec:type} describes the definitions |
251 some necessary preliminaries; Section \ref{sec:type} describes the definitions |
252 of quotient types and shows how definition of constants can be made over |
252 of quotient types and shows how definitions of constants can be made over |
253 quotient types. \ldots |
253 quotient types. Section \ref{sec:resp} introduces the notions of respectfullness |
|
254 and preservation.\ldots |
254 *} |
255 *} |
255 |
256 |
256 |
257 |
257 section {* Preliminaries and General Quotient\label{sec:prelims} *} |
258 section {* Preliminaries and General Quotient\label{sec:prelims} *} |
258 |
259 |
374 quotient type and the raw type directly, as can be seen from their type, |
375 quotient type and the raw type directly, as can be seen from their type, |
375 namely @{text "\<sigma> \<Rightarrow> \<alpha>s \<kappa>\<^isub>q"} and @{text "\<alpha>s \<kappa>\<^isub>q \<Rightarrow> \<sigma>"}, |
376 namely @{text "\<sigma> \<Rightarrow> \<alpha>s \<kappa>\<^isub>q"} and @{text "\<alpha>s \<kappa>\<^isub>q \<Rightarrow> \<sigma>"}, |
376 respectively. Given that @{text "R"} is an equivalence relation, the |
377 respectively. Given that @{text "R"} is an equivalence relation, the |
377 following property |
378 following property |
378 |
379 |
379 |
380 \begin{property} |
380 @{text [display, indent=10] "Quotient R Abs_\<kappa>\<^isub>q Rep_\<kappa>\<^isub>q"} |
381 @{text "Quotient R Abs_\<kappa>\<^isub>q Rep_\<kappa>\<^isub>q"} |
381 |
382 \end{property} |
382 \noindent |
383 |
383 holds (for the proof see \cite{Homeier05}) for every quotient type defined |
384 \noindent |
384 as above. |
385 holds for every quotient type defined |
|
386 as above (for the proof see \cite{Homeier05}). |
385 |
387 |
386 The next step in a quotient construction is to introduce definitions of new constants |
388 The next step in a quotient construction is to introduce definitions of new constants |
387 involving the quotient type. These definitions need to be given in terms of concepts |
389 involving the quotient type. These definitions need to be given in terms of concepts |
388 of the raw type (remember this is the only way how to extend HOL |
390 of the raw type (remember this is the only way how to extend HOL |
389 with new definitions). For the user visible is the declaration |
391 with new definitions). For the user visible is the declaration |
413 The problem for us is that from such declarations we need to derive proper |
415 The problem for us is that from such declarations we need to derive proper |
414 definitions using the @{text "Abs"} and @{text "Rep"} functions for the |
416 definitions using the @{text "Abs"} and @{text "Rep"} functions for the |
415 quotient types involved. The data we rely on is the given quotient type |
417 quotient types involved. The data we rely on is the given quotient type |
416 @{text "\<tau>"} and the raw type @{text "\<sigma>"}. They allow us to define \emph{aggregate |
418 @{text "\<tau>"} and the raw type @{text "\<sigma>"}. They allow us to define \emph{aggregate |
417 abstraction} and \emph{representation functions} using the functions @{text "ABS (\<sigma>, |
419 abstraction} and \emph{representation functions} using the functions @{text "ABS (\<sigma>, |
418 \<tau>)"} and @{text "REP (\<sigma>, \<tau>)"} whose clauses we given below. The idea behind |
420 \<tau>)"} and @{text "REP (\<sigma>, \<tau>)"} whose clauses we give below. The idea behind |
419 these two functions is to recursively descend into the raw types @{text \<sigma>} and |
421 these two functions is to recursively descend into the raw types @{text \<sigma>} and |
420 quotient types @{text \<tau>}, and generate the appropriate |
422 quotient types @{text \<tau>}, and generate the appropriate |
421 @{text "Abs"} and @{text "Rep"} in places where the types differ. Therefore |
423 @{text "Abs"} and @{text "Rep"} in places where the types differ. Therefore |
422 we generate just the identity whenever the types are equal. All clauses |
424 we generate just the identity whenever the types are equal. All clauses |
423 are as follows: |
425 are as follows: |
424 |
426 |
425 \begin{center} |
427 \begin{center} |
|
428 \hfill |
426 \begin{tabular}{rcl} |
429 \begin{tabular}{rcl} |
427 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal types:}\\ |
430 \multicolumn{3}{@ {\hspace{-4mm}}l}{equal types:}\\ |
428 @{text "ABS (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id :: \<sigma> \<Rightarrow> \<sigma>"}\\ |
431 @{text "ABS (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id :: \<sigma> \<Rightarrow> \<sigma>"}\\ |
429 @{text "REP (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id :: \<sigma> \<Rightarrow> \<sigma>"}\smallskip\\ |
432 @{text "REP (\<sigma>, \<sigma>)"} & $\dn$ & @{text "id :: \<sigma> \<Rightarrow> \<sigma>"}\smallskip\\ |
430 \multicolumn{3}{@ {\hspace{-4mm}}l}{function types:}\\ |
433 \multicolumn{3}{@ {\hspace{-4mm}}l}{function types:}\\ |
458 @{text "MAP (\<sigma>)"} & $\dn$ & @{text "\<lambda>as. MAP'(\<sigma>)"} |
461 @{text "MAP (\<sigma>)"} & $\dn$ & @{text "\<lambda>as. MAP'(\<sigma>)"} |
459 \end{tabular} |
462 \end{tabular} |
460 \end{center} |
463 \end{center} |
461 % |
464 % |
462 \noindent |
465 \noindent |
463 In this definition we abuse the fact that we can interpret type-variables @{text \<alpha>} as |
466 In this definition we rely on the fact that we can interpret type-variables @{text \<alpha>} as |
464 term variables @{text a}. In the last clause we build an abstraction over all |
467 term variables @{text a}. In the last clause we build an abstraction over all |
465 term-variables inside map-function generated by the auxiliary function |
468 term-variables inside map-function generated by the auxiliary function |
466 @{text "MAP'"}. |
469 @{text "MAP'"}. |
467 The need of aggregate map-functions can be seen in cases where we build quotients, |
470 The need of aggregate map-functions can be seen in cases where we build quotients, |
468 say @{text "(\<alpha>, \<beta>) \<kappa>\<^isub>q"}, out of compound raw types, say @{text "(\<alpha> list) \<times> \<beta>"}. |
471 say @{text "(\<alpha>, \<beta>) \<kappa>\<^isub>q"}, out of compound raw types, say @{text "(\<alpha> list) \<times> \<beta>"}. |
496 @{text [display, indent=10] "\<Union> \<equiv> ((map Rep_fset \<circ> Rep_fset) \<singlearr> Abs_fset) flat"} |
499 @{text [display, indent=10] "\<Union> \<equiv> ((map Rep_fset \<circ> Rep_fset) \<singlearr> Abs_fset) flat"} |
497 |
500 |
498 \noindent |
501 \noindent |
499 Note that by using the operator @{text "\<singlearr>"} and special clauses |
502 Note that by using the operator @{text "\<singlearr>"} and special clauses |
500 for function types in \eqref{ABSREP}, we do not have to |
503 for function types in \eqref{ABSREP}, we do not have to |
501 distinguish between arguments and results: the representation and abstraction |
504 distinguish between arguments and results, but can deal with them uniformly. |
502 functions are just inverses of each other, which we can combine using |
505 Consequently, all definitions in the quotient package |
503 @{text "\<singlearr>"} to deal uniformly with arguments of functions and |
|
504 their result. Consequently, all definitions in the quotient package |
|
505 are of the general form |
506 are of the general form |
506 |
507 |
507 @{text [display, indent=10] "c \<equiv> ABS (\<sigma>, \<tau>) t"} |
508 @{text [display, indent=10] "c \<equiv> ABS (\<sigma>, \<tau>) t"} |
508 |
509 |
509 \noindent |
510 \noindent |
510 where @{text \<sigma>} is the type of the definiens @{text "t"} and @{text "\<tau>"} the |
511 where @{text \<sigma>} is the type of the definiens @{text "t"} and @{text "\<tau>"} the |
511 type of the defined quotient constant @{text "c"}. This data can be easily |
512 type of the defined quotient constant @{text "c"}. This data can be easily |
512 generated from the declaration given by the user. |
513 generated from the declaration given by the user. |
513 To increase the confidence of making correct definitions, we can prove |
514 To increase the confidence in this way of making definitions, we can prove |
514 that the terms involved are all typable. |
515 that the terms involved are all typable. |
515 |
516 |
516 \begin{lemma} |
517 \begin{lemma} |
517 If @{text "ABS (\<sigma>, \<tau>)"} returns some abstraction function @{text "Abs"} |
518 If @{text "ABS (\<sigma>, \<tau>)"} returns some abstraction function @{text "Abs"} |
518 and @{text "REP (\<sigma>, \<tau>)"} some representation function @{text "Rep"}, |
519 and @{text "REP (\<sigma>, \<tau>)"} some representation function @{text "Rep"}, |
542 \noindent |
543 \noindent |
543 The reader should note that this lemma fails for the abstraction and representation |
544 The reader should note that this lemma fails for the abstraction and representation |
544 functions used, for example, in Homeier's quotient package. |
545 functions used, for example, in Homeier's quotient package. |
545 *} |
546 *} |
546 |
547 |
547 section {* Respectfulness and Preservation *} |
548 section {* Respectfulness and Preservation \label{sec:resp} *} |
548 |
549 |
549 text {* |
550 text {* |
550 The main point of the quotient package is to automatically ``lift'' theorems |
551 The main point of the quotient package is to automatically ``lift'' theorems |
551 involving constants over the raw type to theorems involving constants over |
552 involving constants over the raw type to theorems involving constants over |
552 the quotient type. Before we can describe this lift process, we need to impose |
553 the quotient type. Before we can describe this lift process, we need to impose |
554 can be given, \emph{not} all theorems can be actually be lifted. Most notably is |
555 can be given, \emph{not} all theorems can be actually be lifted. Most notably is |
555 the bound variable function, that is the constant @{text bn}, defined for |
556 the bound variable function, that is the constant @{text bn}, defined for |
556 raw lambda-terms as follows |
557 raw lambda-terms as follows |
557 |
558 |
558 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
559 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% |
559 @{text "bn (x) \<equiv> \<emptyset>"}\hspace{5mm} |
560 @{text "bn (x) \<equiv> \<emptyset>"}\hspace{4mm} |
560 @{text "bn (t\<^isub>1 t\<^isub>2) \<equiv> bn (t\<^isub>1) \<union> bn (t\<^isub>2)"}\hspace{5mm} |
561 @{text "bn (t\<^isub>1 t\<^isub>2) \<equiv> bn (t\<^isub>1) \<union> bn (t\<^isub>2)"}\hspace{4mm} |
561 @{text "bn (\<lambda>x. t) \<equiv> {x} \<union> bn (t)"} |
562 @{text "bn (\<lambda>x. t) \<equiv> {x} \<union> bn (t)"} |
562 \end{isabelle} |
563 \end{isabelle} |
563 |
564 |
564 \noindent |
565 \noindent |
565 This constant just does not respect @{text "\<alpha>"}-equivalence and as |
566 This constant just does not respect @{text "\<alpha>"}-equivalence and as |