233 |
233 |
234 text {* |
234 text {* |
235 |
235 |
236 A respectfulness lemma for a constant states that the equivalence |
236 A respectfulness lemma for a constant states that the equivalence |
237 class returned by this constant depends only on the equivalence |
237 class returned by this constant depends only on the equivalence |
238 classes of the arguments applied to the constant. This can be |
238 classes of the arguments applied to the constant. To automatically |
239 expressed in terms of an aggregate relation between the constant |
239 lift a theorem that talks about a raw constant, to a theorem about |
240 and itself, for example the respectfullness for @{term "append"} |
240 the quotient type a respectfulness theorem is required. |
|
241 |
|
242 A respectfulness condition for a constant can be expressed in |
|
243 terms of an aggregate relation between the constant and itself, |
|
244 for example the respectfullness for @{term "append"} |
241 can be stated as: |
245 can be stated as: |
242 |
246 |
243 @{thm [display] append_rsp[no_vars]} |
247 @{thm [display] append_rsp[no_vars]} |
244 |
248 |
245 \noindent |
249 \noindent |
246 Which is equivalent to: |
250 Which after unfolding @{term "op ===>"} is equivalent to: |
247 |
251 |
248 @{thm [display] append_rsp_unfolded[no_vars]} |
252 @{thm [display] append_rsp_unfolded[no_vars]} |
249 |
253 |
250 Below we show the algorithm for finding the aggregate relation. |
254 An aggregate relation is defined in terms of relation composition, |
251 This algorithm uses |
255 so we define it first: |
252 the relation composition which we define as: |
|
253 |
256 |
254 \begin{definition}[Composition of Relations] |
257 \begin{definition}[Composition of Relations] |
255 @{abbrev "rel_conj R1 R2"} where @{text OO} is the predicate |
258 @{abbrev "rel_conj R1 R2"} where @{text OO} is the predicate |
256 composition @{thm pred_compI[no_vars]} |
259 composition @{thm pred_compI[no_vars]} |
257 \end{definition} |
260 \end{definition} |
258 |
261 |
259 Given an aggregate raw type and quotient type: |
262 The aggregate relation for an aggregate raw type and quotient type |
|
263 is defined as: |
260 |
264 |
261 \begin{itemize} |
265 \begin{itemize} |
262 \item For equal types or free type variables return equality |
266 \item @{text "REL(\<alpha>\<^isub>1, \<alpha>\<^isub>2)"} = @{text "op ="} |
263 |
267 \item @{text "REL(\<sigma>, \<sigma>)"} = @{text "op ="} |
264 \item For equal type constructors use the appropriate rel |
268 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>n))\<kappa>)"} = @{text "(rel \<kappa>) (REL(\<sigma>\<^isub>1,\<tau>\<^isub>1)) \<dots> (REL(\<sigma>\<^isub>n,\<tau>\<^isub>n))"} |
265 function applied to the results for the argument pairs |
269 \item @{text "REL((\<sigma>\<^isub>1,\<dots>,\<sigma>\<^isub>n))\<kappa>\<^isub>1, (\<tau>\<^isub>1,\<dots>,\<tau>\<^isub>m))\<kappa>\<^isub>2)"} = @{text "(rel \<kappa>\<^isub>1) (REL(\<rho>\<^isub>1,\<nu>\<^isub>1) \<dots> (REL(\<rho>\<^isub>p,\<nu>\<^isub>p) OOO Eqv_\<kappa>\<^isub>2"} provided @{text "\<eta> \<kappa>\<^isub>2 = (\<alpha>\<^isub>1\<dots>\<alpha>\<^isub>p)\<kappa>\<^isub>1 \<and> \<exists>s. s(\<sigma>s\<kappa>\<^isub>1)=\<rho>s\<kappa>\<^isub>1 \<and> s(\<tau>s\<kappa>\<^isub>2)=\<nu>s\<kappa>\<^isub>2"} |
266 |
|
267 \item For unequal type constructors, look in the quotients information |
|
268 for a quotient type that matches the type constructor, and instantiate |
|
269 the type appropriately getting back an instantiation environment. We |
|
270 apply the environment to the arguments and recurse composing it with |
|
271 the aggregate relation function. |
|
272 |
270 |
273 \end{itemize} |
271 \end{itemize} |
274 |
272 |
275 Again, the the behaviour of our algorithm in the last situation is |
273 Again, the last case is novel, so lets look at the example of |
276 novel, so lets look at the example of respectfullness for @{term concat}. |
274 respectfullness for @{term concat}. The statement according to |
277 The statement as computed by the algorithm above is: |
275 the definition above is: |
278 |
276 |
279 @{thm [display] concat_rsp[no_vars]} |
277 @{thm [display] concat_rsp[no_vars]} |
280 |
278 |
281 \noindent |
279 \noindent |
282 By unfolding the definition of relation composition and relation map |
280 By unfolding the definition of relation composition and relation map |
319 |
317 |
320 text {* |
318 text {* |
321 Given two quotients, one of which quotients a container, and the |
319 Given two quotients, one of which quotients a container, and the |
322 other quotients the type in the container, we can write the |
320 other quotients the type in the container, we can write the |
323 composition of those quotients. To compose two quotient theorems |
321 composition of those quotients. To compose two quotient theorems |
324 we compose the relations with relation composition |
322 we compose the relations with relation composition as defined above |
325 and the abstraction and relation functions with function composition. |
323 and the abstraction and relation functions are the ones of the sub |
326 The @{term "Rep"} and @{term "Abs"} functions that we obtain are |
324 quotients composed with the usual function composition. |
327 the same as the ones created by in the aggregate functions and the |
325 The @{term "Rep"} and @{term "Abs"} functions that we obtain agree |
|
326 with the definition of aggregate Abs/Rep functions and the |
328 relation is the same as the one given by aggregate relations. |
327 relation is the same as the one given by aggregate relations. |
329 This becomes especially interesting |
328 This becomes especially interesting |
330 when we compose the quotient with itself, as there is no simple |
329 when we compose the quotient with itself, as there is no simple |
331 intermediate step. |
330 intermediate step. |
332 |
331 |
333 Lets take again the example of @{term concat}. To be able to lift |
332 Lets take again the example of @{term concat}. To be able to lift |
334 theorems that talk about it we will first prove the composition |
333 theorems that talk about it we provide the composition quotient |
335 quotient theorems, which then lets us perform the lifting procedure |
334 theorems, which then lets us perform the lifting procedure in an |
336 in an unchanged way: |
335 unchanged way: |
337 |
336 |
338 @{thm [display] quotient_compose_list[no_vars]} |
337 @{thm [display] quotient_compose_list[no_vars]} |
339 *} |
338 *} |
340 |
339 |
341 |
340 |
343 |
342 |
344 text {* |
343 text {* |
345 The core of the quotient package takes an original theorem that |
344 The core of the quotient package takes an original theorem that |
346 talks about the raw types, and the statement of the theorem that |
345 talks about the raw types, and the statement of the theorem that |
347 it is supposed to produce. This is different from other existing |
346 it is supposed to produce. This is different from other existing |
348 quotient packages, where only the raw theorems was necessary. |
347 quotient packages, where only the raw theorems were necessary. |
349 We notice that in some cases only some occurrences of the raw |
348 We notice that in some cases only some occurrences of the raw |
350 types need to be lifted. This is for example the case in the |
349 types need to be lifted. This is for example the case in the |
351 new Nominal package, where a raw datatype that talks about |
350 new Nominal package, where a raw datatype that talks about |
352 pairs of natural numbers or strings (being lists of characters) |
351 pairs of natural numbers or strings (being lists of characters) |
353 should not be changed to a quotient datatype with constructors |
352 should not be changed to a quotient datatype with constructors |
362 implementation. |
361 implementation. |
363 |
362 |
364 We first define the statement of the regularized theorem based |
363 We first define the statement of the regularized theorem based |
365 on the original theorem and the goal theorem. Then we define |
364 on the original theorem and the goal theorem. Then we define |
366 the statement of the injected theorem, based on the regularized |
365 the statement of the injected theorem, based on the regularized |
367 theorem and the goal. We then show the 3 proofs, and all three |
366 theorem and the goal. We then show the 3 proofs as all three |
368 can be performed independently from each other. |
367 can be performed independently from each other. |
369 |
368 |
370 *} |
369 *} |
371 |
370 |
372 subsection {* Regularization and Injection statements *} |
371 subsection {* Regularization and Injection statements *} |
373 |
372 |
374 text {* |
373 text {* |
375 |
374 |
376 The function that gives the statement of the regularized theorem |
375 We first define the function @{text REG}, which takes the statements |
377 takes the statement of the raw theorem (a term) and the statement |
376 of the raw theorem and the lifted theorem (both as terms) and |
378 of the lifted theorem. The intuition behind the procedure is that |
377 returns the statement of the regularized version. The intuition |
379 it replaces quantifiers and abstractions involving raw types |
378 behind this function is that it replaces quantifiers and |
380 by bounded ones, and equalities involving raw types are replaced |
379 abstractions involving raw types by bounded ones, and equalities |
381 by appropriate aggregate relations. It is defined as follows: |
380 involving raw types are replaced by appropriate aggregate |
|
381 relations. It is defined as follows: |
382 |
382 |
383 \begin{itemize} |
383 \begin{itemize} |
384 \item @{text "REG (\<lambda>x : \<sigma>. t, \<lambda>x : \<sigma>. s) = \<lambda>x : \<sigma>. REG (t, s)"} |
384 \item @{text "REG (\<lambda>x : \<sigma>. t, \<lambda>x : \<sigma>. s) = \<lambda>x : \<sigma>. REG (t, s)"} |
385 \item @{text "REG (\<lambda>x : \<sigma>. t, \<lambda>x : \<tau>. s) = \<lambda>x : \<sigma> \<in> Res (REL (\<sigma>, \<tau>)). REG (t, s)"} |
385 \item @{text "REG (\<lambda>x : \<sigma>. t, \<lambda>x : \<tau>. s) = \<lambda>x : \<sigma> \<in> Res (REL (\<sigma>, \<tau>)). REG (t, s)"} |
386 \item @{text "REG (\<forall>x : \<sigma>. t, \<forall>x : \<sigma>. s) = \<forall>x : \<sigma>. REG (t, s)"} |
386 \item @{text "REG (\<forall>x : \<sigma>. t, \<forall>x : \<sigma>. s) = \<forall>x : \<sigma>. REG (t, s)"} |
390 \item @{text "REG (t\<^isub>1 t\<^isub>2, s\<^isub>1 s\<^isub>2) = REG (t\<^isub>1, s\<^isub>1) REG (t\<^isub>2, s\<^isub>2)"} |
390 \item @{text "REG (t\<^isub>1 t\<^isub>2, s\<^isub>1 s\<^isub>2) = REG (t\<^isub>1, s\<^isub>1) REG (t\<^isub>2, s\<^isub>2)"} |
391 \item @{text "REG (v\<^isub>1, v\<^isub>2) = v\<^isub>1"} |
391 \item @{text "REG (v\<^isub>1, v\<^isub>2) = v\<^isub>1"} |
392 \item @{text "REG (c\<^isub>1, c\<^isub>2) = c\<^isub>1"} |
392 \item @{text "REG (c\<^isub>1, c\<^isub>2) = c\<^isub>1"} |
393 \end{itemize} |
393 \end{itemize} |
394 |
394 |
395 Existential quantifiers and unique existential quantifiers are defined |
395 In the above definition we ommited the cases for existential quantifiers |
396 similarily to the universal one. |
396 and unique existential quantifiers, as they are very similar to the cases |
397 |
397 for the universal quantifier. |
398 The function that gives the statment of the injected theorem |
398 |
399 takes the statement of the regularized theorems and the statement |
399 Next we define the function @{text INJ} which takes the statement of |
400 of the lifted theorem both as terms. |
400 the regularized theorems and the statement of the lifted theorem both as |
|
401 terms and returns the statment of the injected theorem: |
401 |
402 |
402 \begin{itemize} |
403 \begin{itemize} |
403 \item @{text "INJ ((\<lambda>x. t) : \<sigma>, (\<lambda>x. s) : \<sigma>) = \<lambda>x. (INJ (t, s)"} |
404 \item @{text "INJ ((\<lambda>x. t) : \<sigma>, (\<lambda>x. s) : \<sigma>) = \<lambda>x. (INJ (t, s)"} |
404 \item @{text "INJ ((\<lambda>x. t) : \<sigma>, (\<lambda>x. s) : \<tau>) = REP(\<sigma>,\<tau>) (ABS (\<sigma>,\<tau>) (\<lambda>x. (INJ (t, s))))"} |
405 \item @{text "INJ ((\<lambda>x. t) : \<sigma>, (\<lambda>x. s) : \<tau>) = REP(\<sigma>,\<tau>) (ABS (\<sigma>,\<tau>) (\<lambda>x. (INJ (t, s))))"} |
405 \item @{text "INJ ((\<lambda>x \<in> R. t) : \<sigma>, (\<lambda>x. s) : \<tau>) = REP(\<sigma>,\<tau>) (ABS (\<sigma>,\<tau>) (\<lambda>x \<in> R. (INJ (t, s))))"} |
406 \item @{text "INJ ((\<lambda>x \<in> R. t) : \<sigma>, (\<lambda>x. s) : \<tau>) = REP(\<sigma>,\<tau>) (ABS (\<sigma>,\<tau>) (\<lambda>x \<in> R. (INJ (t, s))))"} |