nominal2: comparison Quotient-Paper/Paper.thy

equal deleted inserted replaced

-:bf4b28ebb412
+:ea0cdb7c6455
 following the structure of the theorem being lifted and the theorem
 on the quotient level. Space constraints, unfortunately, allow us to only
 sketch this part of our work in Section 5 and we defer the reader to a longer
 version for the details. However, we will give in Section 3 and 4 all
 definitions that specify the input and output data of our three-step
-lifting procedure. Section 6 gives an example how our quotient package
+lifting procedure.
-works in practise.
+%Appendix A gives an example how our quotient package works in practise.
 *}
 section {* Preliminaries and General\\ Quotients\label{sec:prelims} *}
 text {*
 %Finally, we rewrite with the preservation theorems. This will result
 %in two equal terms that can be solved by reflexivity.
 *}
-section {* Examples \label{sec:examples} *}
-text {*
-%%% FIXME Reviewer 1 would like an example of regularized and injected
-%%% statements. He asks for the examples twice, but I would still ignore
-%%% it due to lack of space...
-\noindent
-In this section we will show a sequence of declarations for defining the
-type of integers by quotienting pairs of natural numbers, and
-lifting one theorem.
-A user of our quotient package first needs to define a relation on
-the raw type with which the quotienting will be performed. We give
-the same integer relation as the one presented in \eqref{natpairequiv}:
-\begin{isabelle}\ \ \ \ \ %
-\begin{tabular}{@ {}l}
-\isacommand{fun}~~@{text "int_rel :: (nat \<times> nat) \<Rightarrow> (nat \<times> nat) \<Rightarrow> (nat \<times> nat)"}\\
-\isacommand{where}~~@{text "int_rel (m, n) (p, q) = (m + q = n + p)"}
-\end{tabular}
-\end{isabelle}
-\noindent
-Next the quotient type must be defined. This generates a proof obligation that the
-relation is an equivalence relation, which is solved automatically using the
-definition of equivalence and extensionality:
-\begin{isabelle}\ \ \ \ \ %
-\begin{tabular}{@ {}l}
-\isacommand{quotient\_type}~~@{text "int"}~~\isacommand{=}~~@{text "(nat \<times> nat)"}~~\isacommand{/}~~@{text "int_rel"}\\
-\hspace{5mm}@{text "by (auto simp add: equivp_def expand_fun_eq)"}
-\end{tabular}
-\end{isabelle}
-\noindent
-The user can then specify the constants on the quotient type:
-\begin{isabelle}\ \ \ \ \ %
-\begin{tabular}{@ {}l}
-\isacommand{quotient\_definition}~~@{text "0 :: int"}~~\isacommand{is}~~@{text "(0 :: nat, 0 :: nat)"}\\[3mm]
-\isacommand{fun}~~@{text "add_pair"}\\
-\isacommand{where}~~%
-@{text "add_pair (m, n) (p, q) \<equiv> (m + p :: nat, n + q :: nat)"}\\
-\isacommand{quotient\_definition}~~@{text "+ :: int \<Rightarrow> int \<Rightarrow> int"}~~%
-\isacommand{is}~~@{text "add_pair"}\\
-\end{tabular}
-\end{isabelle}
-\noindent
-The following theorem about addition on the raw level can be proved.
-\begin{isabelle}\ \ \ \ \ %
-\isacommand{lemma}~~@{text "add_pair_zero: int_rel (add_pair (0, 0) x) x"}
-\end{isabelle}
-\noindent
-If the user lifts this theorem, the quotient package performs all the lifting
-automatically leaving the respectfulness proof for the constant @{text "add_pair"}
-as the only remaining proof obligation. This property needs to be proved by the user:
-\begin{isabelle}\ \ \ \ \ %
-\begin{tabular}{@ {}l}
-\isacommand{lemma}~~@{text "[quot_respect]:"}\\
-@{text "(int_rel \<doublearr> int_rel \<doublearr> int_rel) add_pair add_pair"}
-\end{tabular}
-\end{isabelle}
-\noindent
-It can be discharged automatically by Isabelle when hinting to unfold the definition
-of @{text "\<doublearr>"}.
-After this, the user can prove the lifted lemma as follows:
-\begin{isabelle}\ \ \ \ \ %
-\isacommand{lemma}~~@{text "0 + (x :: int) = x"}~~\isacommand{by}~~@{text "lifting add_pair_zero"}
-\end{isabelle}
-\noindent
-or by using the completely automated mode stating just:
-\begin{isabelle}\ \ \ \ \ %
-\isacommand{thm}~~@{text "add_pair_zero[quot_lifted]"}
-\end{isabelle}
-\noindent
-Both methods give the same result, namely @{text "0 + x = x"}
-where @{text x} is of type integer.
-Although seemingly simple, arriving at this result without the help of a quotient
-package requires a substantial reasoning effort (see \cite{Paulson06}).
-*}
 section {* Conclusion and Related Work\label{sec:conc}*}
 text {*
 \noindent
 {\bf Acknowledgements:} We would like to thank Peter Homeier for the many
 discussions about his HOL4 quotient package and explaining to us
 some of its finer points in the implementation. Without his patient
 help, this work would have been impossible.
+%  \appendix
 *}
+(* section {* Examples \label{sec:examples} *}
+text {*
+%%% FIXME Reviewer 1 would like an example of regularized and injected
+%%% statements. He asks for the examples twice, but I would still ignore
+%%% it due to lack of space...
+\noindent
+In this appendix we will show a sequence of declarations for defining the
+type of integers by quotienting pairs of natural numbers, and
+lifting one theorem.
+A user of our quotient package first needs to define a relation on
+the raw type with which the quotienting will be performed. We give
+the same integer relation as the one presented in \eqref{natpairequiv}:
+\begin{isabelle}\ \ \ \ \ %
+\begin{tabular}{@ {}l}
+\isacommand{fun}~~@{text "int_rel :: (nat \<times> nat) \<Rightarrow> (nat \<times> nat) \<Rightarrow> (nat \<times> nat)"}\\
+\isacommand{where}~~@{text "int_rel (m, n) (p, q) = (m + q = n + p)"}
+\end{tabular}
+\end{isabelle}
+\noindent
+Next the quotient type must be defined. This generates a proof obligation that the
+relation is an equivalence relation, which is solved automatically using the
+definition of equivalence and extensionality:
+\begin{isabelle}\ \ \ \ \ %
+\begin{tabular}{@ {}l}
+\isacommand{quotient\_type}~~@{text "int"}~~\isacommand{=}~~@{text "(nat \<times> nat)"}~~\isacommand{/}~~@{text "int_rel"}\\
+\hspace{5mm}@{text "by (auto simp add: equivp_def expand_fun_eq)"}
+\end{tabular}
+\end{isabelle}
+\noindent
+The user can then specify the constants on the quotient type:
+\begin{isabelle}\ \ \ \ \ %
+\begin{tabular}{@ {}l}
+\isacommand{quotient\_definition}~~@{text "0 :: int"}~~\isacommand{is}~~@{text "(0 :: nat, 0 :: nat)"}\\[3mm]
+\isacommand{fun}~~@{text "add_pair"}\\
+\isacommand{where}~~%
+@{text "add_pair (m, n) (p, q) \<equiv> (m + p :: nat, n + q :: nat)"}\\
+\isacommand{quotient\_definition}~~@{text "+ :: int \<Rightarrow> int \<Rightarrow> int"}~~%
+\isacommand{is}~~@{text "add_pair"}\\
+\end{tabular}
+\end{isabelle}
+\noindent
+The following theorem about addition on the raw level can be proved.
+\begin{isabelle}\ \ \ \ \ %
+\isacommand{lemma}~~@{text "add_pair_zero: int_rel (add_pair (0, 0) x) x"}
+\end{isabelle}
+\noindent
+If the user lifts this theorem, the quotient package performs all the lifting
+automatically leaving the respectfulness proof for the constant @{text "add_pair"}
+as the only remaining proof obligation. This property needs to be proved by the user:
+\begin{isabelle}\ \ \ \ \ %
+\begin{tabular}{@ {}l}
+\isacommand{lemma}~~@{text "[quot_respect]:"}\\
+@{text "(int_rel \<doublearr> int_rel \<doublearr> int_rel) add_pair add_pair"}
+\end{tabular}
+\end{isabelle}
+\noindent
+It can be discharged automatically by Isabelle when hinting to unfold the definition
+of @{text "\<doublearr>"}.
+After this, the user can prove the lifted lemma as follows:
+\begin{isabelle}\ \ \ \ \ %
+\isacommand{lemma}~~@{text "0 + (x :: int) = x"}~~\isacommand{by}~~@{text "lifting add_pair_zero"}
+\end{isabelle}
+\noindent
+or by using the completely automated mode stating just:
+\begin{isabelle}\ \ \ \ \ %
+\isacommand{thm}~~@{text "add_pair_zero[quot_lifted]"}
+\end{isabelle}
+\noindent
+Both methods give the same result, namely @{text "0 + x = x"}
+where @{text x} is of type integer.
+Although seemingly simple, arriving at this result without the help of a quotient
+package requires a substantial reasoning effort (see \cite{Paulson06}).
+*}
+*)
 (*<*)
 end
 (*>*)

changeset 2553	ea0cdb7c6455
parent 2552	bf4b28ebb412
child 2554	2668486b684a