nominal2: comparison LMCS-Paper/Paper.thy

equal deleted inserted replaced

-:a33e96e62a2b
+:e2c4ee6e3ee7
 text {*
 Having made all necessary definitions for raw terms, we can start with
 establishing the reasoning infrastructure for the alpha-equated types @{text
 "ty\<AL>"}$_{1..n}$, that is the types the user originally specified. We
 give in this section and the next the proofs we need for establishing this
-infrastructure. One main point of our work is that we have completely
+infrastructure. One point of our work is that we have completely
 automated these proofs in Isabelle/HOL.
 First we establish that the free-variable functions, the binding functions and the
-alpha-equivalences are equivariant.
+alpha-equi\-va\-lences are equivariant.
 \begin{lem}\mbox{}\\
 @{text "(i)"} The functions @{text "fa_ty"}$_{1..n}$, @{text "fa_bn"}$_{1..m}$ and
 @{text "bn"}$_{1..m}$ are equivariant.\\
 @{text "(ii)"} The relations @{text "\<approx>ty"}$_{1..n}$ and
 @{text "\<approx>bn"}$_{1..m}$ are equivariant.
 \end{lem}
 \begin{proof}
-The function package of Isabelle/HOL allows us to prove the first part is by mutual
+The function package of Isabelle/HOL allows us to prove the first part is by
-induction over the definitions of the functions. The second is by a straightforward
+mutual induction over the definitions of the functions (we know that they
-induction over the rules of @{text "\<approx>ty"}$_{1..n}$ and @{text "\<approx>bn"}$_{1..m}$ using
+are terminating functions, from which an induction principle can be
-the first part.
+derived). The second is by a straightforward induction over the rules of
+@{text "\<approx>ty"}$_{1..n}$ and @{text "\<approx>bn"}$_{1..m}$ using the first part.
 \end{proof}
 \noindent
 Next we establish that the alpha-equivalence relations defined in the
-previous section are equivalence relations.
+previous section are indeed equivalence relations.
 \begin{lem}\label{equiv}
 The relations @{text "\<approx>ty"}$_{1..n}$ and @{text "\<approx>bn"}$_{1..m}$ are
 equivalence relations.
 \end{lem}
 \begin{proof}
-The proof is by mutual induction over the definitions. The non-trivial
+The proof is by induction over the definitions. The non-trivial
 cases involve premises built up by $\approx_{\textit{set}}$,
 $\approx_{\textit{set+}}$ and $\approx_{\textit{list}}$. They
 can be dealt with as in Lemma~\ref{alphaeq}. However, the transitivity
 case needs in addition the fact that the relations are equivariant.
 \end{proof}
 \noindent
-We can feed this lemma into our quotient package and obtain new types @{text
+We can feed the last lemma into our quotient package and obtain new types
-"ty"}$^\alpha_{1..n}$ representing alpha-equated terms of types @{text "ty"}$_{1..n}$.
+@{text "ty"}$^\alpha_{1..n}$ representing alpha-equated terms of types
+@{text "ty"}$_{1..n}$. We also obtain definitions for the term-constructors
-We also obtain definitions for the term-constructors @{text
+@{text "C"}$^\alpha_{1..k}$ from the raw term-constructors @{text
-"C"}$^\alpha_{1..k}$ from the raw term-constructors @{text "C"}$_{1..k}$,
+"C"}$_{1..k}$, and similar definitions for the free-atom functions @{text
-and similar definitions for the free-atom functions @{text
 "fa_ty"}$^\alpha_{1..n}$ and @{text "fa_bn"}$^\alpha_{1..m}$ as well as the
-binding functions @{text "bn"}$^\alpha_{1..m}$. For this we have to show
+binding functions @{text "bn"}$^\alpha_{1..m}$. However, these definitions
-by induction over the definitions of alpha-equivalences that the ``raw''
+are not really useful to the user, since they are given in terms of the
-functions are respectful. This means we need to establish that
+isomorphisms we obtained by creating new types in Isabelle/HOL (recall the
+picture shown in the Introduction).
+The first useful property for the user is the fact that distinct
+term-constructors are not equal, that is the property
+\begin{equation}\label{distinctalpha}
+\mbox{@{text "C"}$^\alpha$~@{text "x\<^isub>1 \<dots> x\<^isub>r"}~@{text "\<noteq>"}~%
+@{text "D"}$^\alpha$~@{text "y\<^isub>1 \<dots> y\<^isub>s"}}
+\end{equation}\smallskip
+\noindent
+whenever @{text "C"}$^\alpha$~@{text "\<noteq>"}~@{text "D"}$^\alpha$.
+In order to derive this property, we use the definition of alpha-equivalence
+and establish that
+\begin{equation}\label{distinctraw}
+\mbox{@{text "C x\<^isub>1 \<dots> x\<^isub>r"}\;$\not\approx$@{text ty}\;@{text "D y\<^isub>1 \<dots> y\<^isub>s"}}
+\end{equation}\smallskip
+\noindent
+holds for the corresponding raw term-constructors.
+In order to deduce \eqref{distinctalpha} from \eqref{distinctraw}, our quotient
+package needs to know that the raw term-constructors @{text "C"} and @{text "D"}
+are \emph{respectful} w.r.t.~the alpha-equivalence relations (see \cite{Homeier05}).
+Given, for example, @{text "C"} is of type @{text "ty"} with argument types
+@{text "ty"}$_{1..r}$, respectfulness amounts to showing that
 \[\mbox{
+@{text "C x\<^isub>1 \<dots> x\<^isub>r \<approx>ty C x\<PRIME>\<^isub>1 \<dots> x\<PRIME>\<^isub>r"}
+}\]\smallskip
+\noindent
+holds under the assumptions \mbox{@{text
+"x\<^isub>i \<approx>ty\<^isub>i x\<PRIME>\<^isub>i"}} whenever @{text "x\<^isub>i"}
+and @{text "x\<PRIME>\<^isub>i"} are recursive arguments of @{text C} and
+@{text "x\<^isub>i = x\<PRIME>\<^isub>i"} whenever they are non-recursive arguments
+(similarly for @{text "D"}). For this we have to show
+by induction over the definitions of alpha-equivalences the following
+auxiliary implications
+\begin{equation}\label{fnresp}\mbox{
 \begin{tabular}{lll}
 @{text "x \<approx>ty\<^isub>i x'"} & implies & @{text "fa_ty\<^isub>i x = fa_ty\<^isub>i x'"}\\
 @{text "x \<approx>ty\<^isub>l x'"} & implies & @{text "fa_bn\<^isub>j x = fa_bn\<^isub>j x'"}\\
 @{text "x \<approx>ty\<^isub>l x'"} & implies & @{text "bn\<^isub>j x = bn\<^isub>j x'"}\\
-\end{tabular}
-}\]\smallskip
-\noindent
-holds whereby @{text "ty\<^isub>l"} is the type over which @{text "bn\<^isub>j"} is defined. A
-similar property is needed for the constructors @{text "C"}$_{1..k}$. In order
-to establish it we need to prove that
-\[\mbox{
-\begin{tabular}{lll}
 @{text "x \<approx>ty\<^isub>l x'"} & implies & @{text "x \<approx>bn\<^isub>j x'"}\\
 \end{tabular}
-}\]\smallskip
+}\end{equation}\smallskip
 \noindent
-The respectfulness properties are crucial, ... ???
+whereby @{text "ty\<^isub>l"} is the type over which @{text "bn\<^isub>j"}
-However, these definitions are not really useful to the
+is defined. These implications can be established by induction on @{text
-user, since they are given in terms of the isomorphisms we obtained by
+"\<approx>ty"}$_{1..n}$. Whereas the first, second and last implication are true by
-creating new types in Isabelle/HOL (recall the picture shown in the
+how we stated our definitions, the third \emph{only} holds because of our
-Introduction).
+restriction imposed on the form of the binding functions---namely \emph{not}
+returning any bound atoms. In Ott, in contrast, the user may define @{text
-The first useful property for the user is the fact that distinct
+"bn"}$_{1..m}$ so that they return bound atoms and in this case the third
-term-constructors are not
+implication is \emph{not} true. A result is that the lifting of the
-equal, that is
+corresponding binding functions in Ott to alpha-equated terms is impossible.
-\[\label{distinctalpha}
-\mbox{@{text "C"}$^\alpha$~@{text "x\<^isub>1 \<dots> x\<^isub>r"}~@{text "\<noteq>"}~%
-@{text "D"}$^\alpha$~@{text "y\<^isub>1 \<dots> y\<^isub>s"}}
-\]\smallskip
-\noindent
-whenever @{text "C"}$^\alpha$~@{text "\<noteq>"}~@{text "D"}$^\alpha$.
-In order to derive this fact, we use the definition of alpha-equivalence
-and establish that
-\[\label{distinctraw}
-\mbox{@{text "C x\<^isub>1 \<dots> x\<^isub>r"}\;$\not\approx$@{text ty}\;@{text "D y\<^isub>1 \<dots> y\<^isub>s"}}
-\]\smallskip
-\noindent
-holds for the corresponding raw term-constructors.
-In order to deduce \eqref{distinctalpha} from \eqref{distinctraw}, our quotient
-package needs to know that the raw term-constructors @{text "C"} and @{text "D"}
-are \emph{respectful} w.r.t.~the alpha-equivalence relations (see \cite{Homeier05}).
-Assuming, for example, @{text "C"} is of type @{text "ty"} with argument types
-@{text "ty"}$_{1..r}$, respectfulness amounts to showing that
-\begin{center}
-@{text "C x\<^isub>1 \<dots> x\<^isub>r \<approx>ty C x\<PRIME>\<^isub>1 \<dots> x\<PRIME>\<^isub>r"}
-\end{center}
-\noindent
-holds under the assumptions that we have \mbox{@{text
-"x\<^isub>i \<approx>ty\<^isub>i x\<PRIME>\<^isub>i"}} whenever @{text "x\<^isub>i"}
-and @{text "x\<PRIME>\<^isub>i"} are recursive arguments of @{text C} and
-@{text "x\<^isub>i = x\<PRIME>\<^isub>i"} whenever they are non-recursive arguments. We can prove this
-implication by applying the corresponding rule in our alpha-equivalence
-definition and by establishing the following auxiliary implications %facts
-%
-\begin{equation}\label{fnresp}
-\mbox{%
-\begin{tabular}{ll@ {\hspace{7mm}}ll}
-\mbox{\it (i)} & @{text "x \<approx>ty\<^isub>i x\<PRIME>"}~~@{text "\<Rightarrow>"}~~@{text "fa_ty\<^isub>i x = fa_ty\<^isub>i x\<PRIME>"} &
-\mbox{\it (iii)} & @{text "x \<approx>ty\<^isub>j x\<PRIME>"}~~@{text "\<Rightarrow>"}~~@{text "bn\<^isub>j x = bn\<^isub>j x\<PRIME>"}\\
-\mbox{\it (ii)} & @{text "x \<approx>ty\<^isub>j x\<PRIME>"}~~@{text "\<Rightarrow>"}~~@{text "fa_bn\<^isub>j x = fa_bn\<^isub>j x\<PRIME>"} &
-\mbox{\it (iv)} & @{text "x \<approx>ty\<^isub>j x\<PRIME>"}~~@{text "\<Rightarrow>"}~~@{text "x \<approx>bn\<^isub>j x\<PRIME>"}\\
-\end{tabular}}
-\end{equation}
-\noindent
-They can be established by induction on @{text "\<approx>ty"}$_{1..n}$. Whereas the first,
-second and last implication are true by how we stated our definitions, the
-third \emph{only} holds because of our restriction
-imposed on the form of the binding functions---namely \emph{not} returning
-any bound atoms. In Ott, in contrast, the user may
-define @{text "bn"}$_{1..m}$ so that they return bound
-atoms and in this case the third implication is \emph{not} true. A
-result is that the lifting of the corresponding binding functions in Ott to alpha-equated
-terms is impossible.
 Having established respectfulness for the raw term-constructors, the
 quotient package is able to automatically deduce \eqref{distinctalpha} from
-\eqref{distinctraw}. ??? Having the facts \eqref{fnresp} at our disposal, we can
+\eqref{distinctraw}. Having the facts \eqref{fnresp} at our disposal, we can
 also lift properties that characterise when two raw terms of the form
 \[
 \mbox{@{text "C x\<^isub>1 \<dots> x\<^isub>r \<approx>ty C x\<PRIME>\<^isub>1 \<dots> x\<PRIME>\<^isub>r"}}
 \]\smallskip
 @{text "C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r = C\<^sup>\<alpha> x\<PRIME>\<^isub>1 \<dots> x\<PRIME>\<^isub>r"}.
 \]\smallskip
 \noindent
 We call these conditions as \emph{quasi-injectivity}. They correspond to
-the premises in our alpha-equivalence relations.
+the premises in our alpha-equiva\-lence relations.
-Next we can lift the permutation
+Next we can lift the permutation operations defined in \eqref{ceqvt}. In
-operations defined in \eqref{ceqvt}. In order to make this
+order to make this lifting to go through, we have to show that the
-lifting to go through, we have to show that the permutation operations are respectful.
+permutation operations are respectful. This amounts to showing that the
-This amounts to showing that the
+alpha-equivalence relations are equivariant, which
-alpha-equivalence relations are equivariant \cite{HuffmanUrban10}.
+we already established in Lemma~\ref{equiv}. As a result we can add the
-, which we already established
+equations
-in Lemma~\ref{equiv}.
-As a result we can add the equations
 \begin{equation}\label{calphaeqvt}
 @{text "\<pi> \<bullet> (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r) = C\<^sup>\<alpha> (\<pi> \<bullet> x\<^isub>1) \<dots> (\<pi> \<bullet> x\<^isub>r)"}
 \end{equation}\smallskip
 @{text "fa_bn\<AL>"}$_{1..m}$ as well as of the binding functions @{text
 "bn\<AL>"}$_{1..m}$ and the size functions @{text "size_ty\<AL>"}$_{1..n}$.
 The latter are defined automatically for the raw types @{text "ty"}$_{1..n}$
 by the datatype package of Isabelle/HOL.
-Finally we can add to our infrastructure a cases lemma (explained in the next section)
+Finally we can add to our infrastructure cases lemmas and a structural
-and a structural induction principle
+induction principle for the types @{text "ty\<AL>"}$_{1..n}$. The cases
-for the types @{text "ty\<AL>"}$_{1..n}$. The conclusion of the induction principle is
+lemmas allow the user to deduce a property @{text "P"} by exhaustively
-of the form
+analysing all cases how the elements in a type @{text "ty\<AL>"}$_i$ can
+be constructed (that means one case for each of term-constructors @{text "C\<AL>"}$_{1..m}$
-\begin{equation}\label{weakinduct}
+of type @{text "ty\<AL>"}$_i\,$). These are lifted versions of the cases
-\mbox{@{text "P\<^isub>1 x\<^isub>1 \<and> \<dots> \<and> P\<^isub>n x\<^isub>n "}}
+lemma over the raw type  @{text "ty"}$_i$ and schematically look as
-\end{equation} \smallskip
+follows
-\noindent
+\[
-whereby the @{text P}$_{1..n}$ are predicates and the @{text x}$_{1..n}$
+\infer{P}
-have types @{text "ty\<AL>"}$_{1..n}$. This induction principle has for each
+{\begin{array}{l}
-term constructor @{text "C"}$^\alpha$ a premise of the form
+@{text "\<forall>x\<^isub>1\<dots>x\<^isub>k. y = C\<AL>\<^isub>1 x\<^isub>1 \<dots> x\<^isub>k \<Rightarrow> P"}\\
+\hspace{5mm}\ldots\\
+@{text "\<forall>x\<^isub>1\<dots>x\<^isub>l. y = C\<AL>\<^isub>m x\<^isub>1 \<dots> x\<^isub>l \<Rightarrow> P"}\\
+\end{array}}
+\]\smallskip
+\noindent
+where @{text "y"} is a variable of type @{text "ty"}$_i$ and @{text "P"} is the
+property that is established by the case analysis. Similarly, we have an induction
+principle for the types @{text "ty\<AL>"}$_{1..n}$, which is
+\[
+\infer{@{text "P\<^isub>1 y\<^isub>1 \<and> \<dots> \<and> P\<^isub>n y\<^isub>n "}}
+{\begin{array}{l}
+@{text "\<forall>x\<^isub>1\<dots>x\<^isub>k. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<AL>\<^isub>1 x\<^isub>1 \<dots> x\<^isub>k)"}\\
+\hspace{5mm}\ldots\\
+@{text "\<forall>x\<^isub>1\<dots>x\<^isub>l. P\<^isub>r x\<^isub>r \<and> \<dots> \<and> P\<^isub>s x\<^isub>s \<Rightarrow> P (C\<AL>\<^isub>m x\<^isub>1 \<dots> x\<^isub>l)"}\\
+\end{array}}
+\]\smallskip
+\noindent
+whereby the @{text P}$_{1..n}$ are the properties established by induction
+and the @{text y}$_{1..n}$ are of type @{text "ty\<AL>"}$_{1..n}$.
+This induction principle has for all term constructors @{text "C"}$^\alpha$
+a premise of the form
 \begin{equation}\label{weakprem}
 \mbox{@{text "\<forall>x\<^isub>1\<dots>x\<^isub>r. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r)"}}
 \end{equation}\smallskip
 \noindent
 in which the @{text "x"}$_{i..j}$ @{text "\<subseteq>"} @{text "x"}$_{1..r}$ are
-the recursive arguments of @{text "C\<AL>"}.
+the recursive arguments of the term constructor. In case of the lambda-calculus,
+the cases lemma and the induction principle boil down to the following:
+\[\mbox{
+\begin{tabular}{c@ {\hspace{10mm}}c}
+\infer{@{text "P"}}
+{\begin{array}{l}
+@{text "\<forall>x. y = Var\<^sup>\<alpha> x \<Rightarrow> P"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. y = Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2 \<Rightarrow> P"}
+\end{array}} &
+\infer{@{text "P y"}}
+{\begin{array}{l}
+@{text "\<forall>x. P (Var\<^sup>\<alpha> x)"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P x\<^isub>1 \<and> P x\<^isub>2 \<Rightarrow> P (App\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}\\
+@{text "\<forall>x\<^isub>1 x\<^isub>2. P x\<^isub>2 \<Rightarrow> P (Lam\<^sup>\<alpha> x\<^isub>1 x\<^isub>2)"}
+\end{array}}
+\end{tabular}}
+\]\smallskip
 By working now completely on the alpha-equated level, we
 can first show that the free-atom functions and binding functions are
 equivariant, namely
 \begin{tabular}{rcl}
 @{text "\<pi> \<bullet> (fa_ty\<AL>\<^isub>i  x)"} & $=$ & @{text "fa_ty\<AL>\<^isub>i (\<pi> \<bullet> x)"}\\
 @{text "\<pi> \<bullet> (fa_bn\<AL>\<^isub>j  x)"} & $=$ & @{text "fa_bn\<AL>\<^isub>j (\<pi> \<bullet> x)"}\\
 @{text "\<pi> \<bullet> (bn\<AL>\<^isub>j  x)"}    & $=$ & @{text "bn\<AL>\<^isub>j (\<pi> \<bullet> x)"}\\
 \end{tabular}}
-\]
+\]\smallskip
 \noindent
 These properties can be established using the induction principle for the
-types @{text "ty\<AL>"}$_{1..n}$.  in \eqref{weakinduct}.  Having these
+types @{text "ty\<AL>"}$_{1..n}$.  Having these
 equivariant properties established, we can show that the support of
 term-constructors @{text "C\<^sup>\<alpha>"} is included in the support of its
 arguments, that means
 \[
 @{text "supp (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>r) \<subseteq> (supp x\<^isub>1 \<union> \<dots> \<union> supp x\<^isub>r)"}
 \]\smallskip
 \noindent
-holds. This allows us to prove by induction that
+holds. This allows us to prove by induction that every @{text x} of type
-every @{text x} of type @{text "ty\<AL>"}$_{1..n}$ is finitely supported.
+@{text "ty\<AL>"}$_{1..n}$ is finitely supported. This can be again shown by
-This can be again shown by induction
+induction over @{text "ty\<AL>"}$_{1..n}$. Lastly, we can show that the
-over @{text "ty\<AL>"}$_{1..n}$.
+support of elements in @{text "ty\<AL>"}$_{1..n}$ is the same as @{text
-Lastly, we can show that the support of
+"fa_ty\<AL>"}$_{1..n}$.  This fact is important in the nominal setting, but
-elements in  @{text "ty\<AL>"}$_{1..n}$ is the same as @{text "fa_ty\<AL>"}$_{1..n}$.
+also provides evidence that our notions of free-atoms and alpha-equivalence
-This fact is important in a nominal setting, but also provides evidence
+are sensible.
-that our notions of free-atoms and alpha-equivalence are correct.
 \begin{thm}
 For @{text "x"}$_{1..n}$ with type @{text "ty\<AL>"}$_{1..n}$, we have
 @{text "supp x\<^isub>i = fa_ty\<AL>\<^isub>i x\<^isub>i"}.
 \end{thm}

changeset 3012	e2c4ee6e3ee7
parent 3011	a33e96e62a2b
child 3013	01a3861035d4