nominal2: comparison Quotient-Paper/Paper.thy

equal deleted inserted replaced

-:973649d612f8
+:c474186439bd
 "op -->" (infix "\<rightarrow>" 100) and
 "==>" (infix "\<Rightarrow>" 100) and
 fun_map (infix "\<longrightarrow>" 51) and
 fun_rel (infix "\<Longrightarrow>" 51) and
 list_eq (infix "\<approx>" 50) and (* Not sure if we want this notation...? *)
-fempty ("\<emptyset>\<^isub>f") and
+fempty ("\<emptyset>") and
-funion ("_ \<union>\<^isub>f _") and
+funion ("_ \<union> _") and
-finsert ("{_} \<union>\<^isub>f _") and
+finsert ("{_} \<union> _") and
 Cons ("_::_") and
 concat ("flat") and
-fconcat ("fset'_flat")
+fconcat ("\<Union>")
 ML {*
 fun nth_conj n (_, r) = nth (HOLogic.dest_conj r) n;
 (HOL). This logic consists of a small number of axioms and inference rules
 over a simply-typed term-language. Safe reasoning in HOL is ensured by two
 very restricted mechanisms for extending the logic: one is the definition of
 new constants in terms of existing ones; the other is the introduction of
 new types by identifying non-empty subsets in existing types. It is well
-understood how to use both mechanisms for dealing with many quotient
+understood how to use both mechanisms for dealing with quotient
 constructions in HOL (see \cite{Homeier05,Paulson06}).  For example the
 integers in Isabelle/HOL are constructed by a quotient construction over the
 type @{typ "nat \<times> nat"} and the equivalence relation
 @{text [display, indent=10] "(n\<^isub>1, n\<^isub>2) \<approx> (m\<^isub>1, m\<^isub>2) \<equiv> n\<^isub>1 + n\<^isub>2 = m\<^isub>1 + m\<^isub>2"}
 such as @{text "add"} with type @{typ "int \<Rightarrow> int \<Rightarrow> int"} can be defined in
 terms of operations on pairs of natural numbers (namely @{text
 "add\<^bsub>nat\<times>nat\<^esub> (n\<^isub>1, m\<^isub>1) (n\<^isub>2,
 m\<^isub>2) \<equiv> (n\<^isub>1 + n\<^isub>2, m\<^isub>1 + m\<^isub>2)"}).
 Similarly one can construct the type of finite sets, written @{term "\<alpha> fset"},
-by quotienting @{text "\<alpha> list"} according to the equivalence relation
+by quotienting the type @{text "\<alpha> list"} according to the equivalence relation
 @{text [display, indent=10] "xs \<approx> ys \<equiv> (\<forall>x. x \<in> xs \<longleftrightarrow> x \<in> ys)"}
 \noindent
 which states that two lists are equivalent if every element in one list is also
 member in the other (@{text "\<in>"} stands here for membership in lists). The
 empty finite set, written @{term "{||}"}, can then be defined as the
-empty list and the union of two finite sets, written @{text "\<union>\<^isub>f"}, as list append.
+empty list and the union of two finite sets, written @{text "\<union>"}, as list append.
 An area where quotients are ubiquitous is reasoning about programming language
 calculi. A simple example is the lambda-calculus, whose ``raw'' terms are defined as
 @{text [display, indent=10] "t ::= x | t t | \<lambda>x.t"}
 prove formally, for example, the substitution lemma \cite{Barendregt81} by induction
 over the structure of terms. This can be fiendishly complicated (see
 \cite[Pages 94--104]{CurryFeys58} for some ``rough'' sketches of a proof
 about ``raw'' lambda-terms). In contrast, if we reason about
 $\alpha$-equated lambda-terms, that means terms quotient according to
-$\alpha$-equivalence, then the reasoning infrastructure provided by,
+$\alpha$-equivalence, then the reasoning infrastructure provided,
-for example, Nominal Isabelle \cite{UrbanKaliszyk11} makes the formal
+for example, by Nominal Isabelle \cite{UrbanKaliszyk11} makes the formal
 proof of the substitution lemma almost trivial.
 The difficulty is that in order to be able to reason about integers, finite
 sets or $\alpha$-equated lambda-terms one needs to establish a reasoning
 infrastructure by transferring, or \emph{lifting}, definitions and theorems
 from the ``raw'' type @{typ "nat \<times> nat"} to the quotient type @{typ int}
 (similarly for finite sets and $\alpha$-equated lambda-terms). This lifting
 usually requires a \emph{lot} of tedious reasoning effort \cite{Paulson06}.
-It is feasible to to this work manually if one has only a few quotient
+It is feasible to to this work manually, if one has only a few quotient
-constructions, but if they have to be done over and over again as in
+constructions at hand. But if they have to be done over and over again as in
 Nominal Isabelle, then manual reasoning is not an option.
-The purpose of a \emph{quotient package} is to ease the lifting and automate
+The purpose of a \emph{quotient package} is to ease the lifting of theorems
-the reasoning as much as possible. In the context of HOL, there have been
+and automate the definitions and reasoning as much as possible. In the
-a few quotient packages already \cite{harrison-thesis,Slotosch97}. The
+context of HOL, there have been a few quotient packages already
-most notable is the one by Homeier \cite{Homeier05} implemented in HOL4.
+\cite{harrison-thesis,Slotosch97}. The most notable is the one by Homeier
-The fundamental construction these quotient packages perform can be
+\cite{Homeier05} implemented in HOL4.  The fundamental construction these
-illustrated by the following picture:
+quotient packages perform can be illustrated by the following picture:
 \begin{center}
 \mbox{}\hspace{20mm}\begin{tikzpicture}
 %%\draw[step=2mm] (-4,-1) grid (4,1);
 \end{tikzpicture}
 \end{center}
 \noindent
-The starting point is an existing type over which a user-given equivalence
+The starting point is an existing type over which an equivalence relation
-relation is defined. With this input, the package introduces a new type,
+given by the user is defined. With this input the package introduces a new
-which comes with two associated abstraction and representation functions, written
+type, which comes with two associated abstraction and representation
-@{text Abs} and @{text Rep}. They relate elements in the existing and new
+functions, written @{text Abs} and @{text Rep}. These functions relate
-type and can be uniquely identified by their type (which however we omit for
+elements in the existing and new type, and can be uniquely identified by
-better readability). These two function represent an isomorphism between
+their type (which however we often omit for better readability). They
-the non-empty subset and the new type. They are necessary making definitions
+represent an isomorphism between the non-empty subset and elements in the
-over the new type. For example @{text "0"} and @{text "1"}
+new type. They are necessary for making definitions involving the new type. For
-of type @{typ int} can be defined as
+example @{text "0"} and @{text "1"} of type @{typ int} can be defined as
 \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
 @{text "0 \<equiv> Abs (0, 0)"}\hspace{10mm}@{text "1 \<equiv> Abs (1, 0)"}
 \end{isabelle}
 \noindent
 where we have to take first the representation of @{text n} and @{text m},
 add them according to @{text "add\<^bsub>nat\<times>nat\<^esub>"} and then take the
 abstraction of the result.  This is all straightforward and the existing
 quotient packages can deal with such definitions. But what is surprising
-that none of them can deal with more complicated definitions involving
+that none of them can deal with slightly more complicated definitions involving
 \emph{compositions} of quotients. Such compositions are needed for example
-in case of finite sets. There one would like to have a corresponding definition
+in case of finite sets.  For example over lists one can define an operator
-for finite sets for the operator @{term "concat"} defined over lists. This
+that flattens lists of lists as follows
-operator flattens lists of lists as follows
 @{thm [display, indent=10] concat.simps(1) concat.simps(2)[no_vars]}
 \noindent
 We expect that the corresponding operator on finite sets, written @{term "fconcat"},
 behaves as follows:
 @{thm [display, indent=10] fconcat_empty[no_vars] fconcat_insert[no_vars]}
 \noindent
-The problem is that we want to quotient lists to obtain finite sets and
+The quotient package should provide us with a definition for @{text "\<Union>"} in
-@{term concat} is of type @{text "(\<alpha> list) list \<Rightarrow> \<alpha> list"}. We expect
+terms of @{text flat}, @{text Rep} and @{text Abs}. The problem is that it
-that @{term "fconcat"} has type @{text "(\<alpha> fset) fset \<Rightarrow> \<alpha> fset"}. But
+is not enough to just take the representation of the argument and then
-what should its definition be? It is not possible to just take the representation
+take the abstraction of the result, because in that case we obtain an operator
-of the argument and then take the abstraction of the result of flattening
+with type @{text "(\<alpha> list) fset \<Rightarrow> \<alpha> fset"}, not the expected
-the resulting list. The problem is that a single @{text "Rep"} only gives
+@{text "(\<alpha> fset) fset \<Rightarrow> \<alpha> fset"}. It turns out that we need
-us lists of finite sets, not lists of lists. It turns out that we need
+to build aggregate representation and abstraction functions, which in
-to be able to build aggregate representation and abstraction function, which in
 case of @{term "fconcat"} produce the following definition
-@{text [display, indent=10] "fset_flat S \<equiv> Abs (concat ((map Rep \<circ> Rep) S))"}
+@{text [display, indent=10] "\<Union> S \<equiv> Abs (concat ((map Rep \<circ> Rep) S))"}
 \noindent
-where @{term map} is the usual mapping function for lists.
+where @{term map} is the usual mapping function for lists. In this paper we
+will present a formal definition for our aggregate abstraction and
+representation functions (this definition was omitted in \cite{Homeier05}).
+They generate definitions like the one above for @{text add} and @{text "\<Union>"}
+according to the type of the ``raw'' constant and the type
+of the quotient constant.
 *}
 subsection {* Contributions *}

changeset 2223	c474186439bd
parent 2222	973649d612f8
child 2224	f5b6f9d8a882