nominal2: comparison Paper/Paper.thy

equal deleted inserted replaced

-:b1549d391ea7
+:f659ce282610
 fresh ("_ # _" [51, 51] 50) and
 fresh_star ("_ #\<^sup>* _" [51, 51] 50) and
 supp ("supp _" [78] 73) and
 uminus ("-_" [78] 73) and
 If  ("if _ then _ else _" 10) and
-alpha_gen ("_ \<approx>\<^raw:\raisebox{-1pt}{\makebox[0mm][l]{$\,_{\textit{set}}$}}>\<^bsup>_, _, _\<^esup> _") and
+alpha_gen ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{set}}$}}>\<^bsup>_, _, _\<^esup> _") and
-alpha_lst ("_ \<approx>\<^raw:\raisebox{-1pt}{\makebox[0mm][l]{$\,_{\textit{list}}$}}>\<^bsup>_, _, _\<^esup> _") and
+alpha_lst ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{list}}$}}>\<^bsup>_, _, _\<^esup> _") and
-alpha_res ("_ \<approx>\<^raw:\raisebox{-1pt}{\makebox[0mm][l]{$\,_{\textit{res}}$}}>\<^bsup>_, _, _\<^esup> _") and
+alpha_res ("_ \<approx>\<^raw:\,\raisebox{-1pt}{\makebox[0mm][l]{$_{\textit{res}}$}}>\<^bsup>_, _, _\<^esup> _") and
 abs_set ("_ \<approx>\<^raw:{$\,_{\textit{abs\_set}}$}> _") and
 abs_set2 ("_ \<approx>\<^raw:\raisebox{-1pt}{\makebox[0mm][l]{$\,_{\textit{list}}$}}>\<^bsup>_\<^esup>  _") and
 fv ("fv'(_')" [100] 100) and
 equal ("=") and
 alpha_abs ("_ \<approx>\<^raw:{$\,_{\textit{abs\_set}}$}> _") and
 text {*
 %%%  @{text "(1, (2, 3))"}
 So far, Nominal Isabelle provides a mechanism for constructing
-alpha-equated terms, for example
+$\alpha$-equated terms, for example
 \begin{center}
 @{text "t ::= x | t t | \<lambda>x. t"}
 \end{center}
 \noindent
-where free and bound variables have names.  For such alpha-equated terms,
+where free and bound variables have names.  For such $\alpha$-equated terms,
 Nominal Isabelle derives automatically a reasoning infrastructure that has
 been used successfully in formalisations of an equivalence checking
 algorithm for LF \cite{UrbanCheneyBerghofer08}, Typed
 Scheme~\cite{TobinHochstadtFelleisen08}, several calculi for concurrency
 \cite{BengtsonParow09} and a strong normalisation result for cut-elimination
 also there one would like to bind multiple variables at once.
 Binding multiple variables has interesting properties that cannot be captured
 easily by iterating single binders. For example in the case of type-schemes we do not
 want to make a distinction about the order of the bound variables. Therefore
-we would like to regard the following two type-schemes as alpha-equivalent
+we would like to regard the following two type-schemes as $\alpha$-equivalent
 %
 \begin{equation}\label{ex1}
 @{text "\<forall>{x, y}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{y, x}. y \<rightarrow> x"}
 \end{equation}
 \noindent
 but assuming that @{text x}, @{text y} and @{text z} are distinct variables,
-the following two should \emph{not} be alpha-equivalent
+the following two should \emph{not} be $\alpha$-equivalent
 %
 \begin{equation}\label{ex2}
 @{text "\<forall>{x, y}. x \<rightarrow> y  \<notapprox>\<^isub>\<alpha>  \<forall>{z}. z \<rightarrow> z"}
 \end{equation}
 \noindent
-Moreover, we like to regard type-schemes as alpha-equivalent, if they differ
+Moreover, we like to regard type-schemes as $\alpha$-equivalent, if they differ
 only on \emph{vacuous} binders, such as
 %
 \begin{equation}\label{ex3}
 @{text "\<forall>{x}. x \<rightarrow> y  \<approx>\<^isub>\<alpha>  \<forall>{x, z}. x \<rightarrow> y"}
 \end{equation}
 \noindent
 where @{text z} does not occur freely in the type.  In this paper we will
-give a general binding mechanism and associated notion of alpha-equivalence
+give a general binding mechanism and associated notion of $\alpha$-equivalence
 that can be used to faithfully represent this kind of binding in Nominal
-Isabelle.  The difficulty of finding the right notion for alpha-equivalence
+Isabelle.  The difficulty of finding the right notion for $\alpha$-equivalence
 can be appreciated in this case by considering that the definition given by
 Leroy in \cite{Leroy92} is incorrect (it omits a side-condition).
-However, the notion of alpha-equivalence that is preserved by vacuous
+However, the notion of $\alpha$-equivalence that is preserved by vacuous
 binders is not always wanted. For example in terms like
 %
 \begin{equation}\label{one}
 @{text "\<LET> x = 3 \<AND> y = 2 \<IN> x - y \<END>"}
 \end{equation}
 \noindent
-we might not care in which order the assignments $x = 3$ and $y = 2$ are
+we might not care in which order the assignments @{text "x = 3"} and
-given, but it would be unusual to regard \eqref{one} as alpha-equivalent
+\mbox{@{text "y = 2"}} are given, but it would be unusual to regard
-with
+\eqref{one} as $\alpha$-equivalent with
 %
 \begin{center}
 @{text "\<LET> x = 3 \<AND> y = 2 \<AND> z = loop \<IN> x - y \<END>"}
 \end{center}
 \end{equation}
 \noindent
 we want to bind all variables from the pattern inside the body of the
 $\mathtt{let}$, but we also care about the order of these variables, since
-we do not want to regard \eqref{two} as alpha-equivalent with
+we do not want to regard \eqref{two} as $\alpha$-equivalent with
 %
 \begin{center}
 @{text "\<LET> (y, x) = (3, 2) \<IN> x - y \<END>"}
 \end{center}
 %
 but we do care about the information that there are as many @{text
 "x\<^isub>i"} as there are @{text "t\<^isub>i"}. We lose this information if
 we represent the @{text "\<LET>"}-constructor by something like
 %
 \begin{center}
-@{text "\<LET> [x\<^isub>1,\<dots>,x\<^isub>n].s [t\<^isub>1,\<dots>,t\<^isub>n]"}
+@{text "\<LET> (\<lambda>x\<^isub>1\<dots>x\<^isub>n . s)  [t\<^isub>1,\<dots>,t\<^isub>n]"}
 \end{center}
 \noindent
-where the notation @{text "[_]._"} indicates that the list of @{text "x\<^isub>i"}
+where the notation @{text "\<lambda>_ . _"} indicates that the list of @{text
-becomes bound in @{text s}. In this representation the term
+"x\<^isub>i"} becomes bound in @{text s}. In this representation the term
-\mbox{@{text "\<LET> [x].s [t\<^isub>1, t\<^isub>2]"}} is a perfectly legal
+\mbox{@{text "\<LET> (\<lambda>x . s)  [t\<^isub>1, t\<^isub>2]"}} is a perfectly legal
-instance, but the lengths of the two lists do not agree. To exclude such terms,
+instance, but the lengths of the two lists do not agree. To exclude such
-additional predicates about well-formed
+terms, additional predicates about well-formed terms are needed in order to
-terms are needed in order to ensure that the two lists are of equal
+ensure that the two lists are of equal length. This can result in very messy
-length. This can result in very messy reasoning (see for
+reasoning (see for example~\cite{BengtsonParow09}). To avoid this, we will
-example~\cite{BengtsonParow09}). To avoid this, we will allow type
+allow type specifications for @{text "\<LET>"}s as follows
-specifications for $\mathtt{let}$s as follows
 %
 \begin{center}
 \begin{tabular}{r@ {\hspace{2mm}}r@ {\hspace{2mm}}l}
 @{text trm} & @{text "::="}  & @{text "\<dots>"}\\
-& @{text "|"}    & @{text "\<LET> as::assn s::trm"}\hspace{4mm}
+& @{text "|"}    & @{text "\<LET>  as::assn  s::trm"}\hspace{4mm}
 \isacommand{bind} @{text "bn(as)"} \isacommand{in} @{text "s"}\\[1mm]
 @{text assn} & @{text "::="} & @{text "\<ANIL>"}\\
-& @{text "|"}   & @{text "\<ACONS> name trm assn"}
+& @{text "|"}   & @{text "\<ACONS>  name  trm  assn"}
 \end{tabular}
 \end{center}
 \noindent
 where @{text assn} is an auxiliary type representing a list of assignments
 some sense in the context of Coq's type theory (which Ott supports), but not
 at all in a HOL-based environment where every datatype must have a non-empty
 set-theoretic model \cite{Berghofer99}.
 Another reason is that we establish the reasoning infrastructure
-for alpha-\emph{equated} terms. In contrast, Ott produces  a reasoning
+for $\alpha$-\emph{equated} terms. In contrast, Ott produces  a reasoning
 infrastructure in Isabelle/HOL for
-\emph{non}-alpha-equated, or ``raw'', terms. While our alpha-equated terms
+\emph{non}-$\alpha$-equated, or ``raw'', terms. While our $\alpha$-equated terms
 and the raw terms produced by Ott use names for bound variables,
-there is a key difference: working with alpha-equated terms means, for example,
+there is a key difference: working with $\alpha$-equated terms means, for example,
 that the two type-schemes
 \begin{center}
 @{text "\<forall>{x}. x \<rightarrow> y  = \<forall>{x, z}. x \<rightarrow> y"}
 \end{center}
 \noindent
-are not just alpha-equal, but actually \emph{equal}! As a result, we can
+are not just $\alpha$-equal, but actually \emph{equal}! As a result, we can
-only support specifications that make sense on the level of alpha-equated
+only support specifications that make sense on the level of $\alpha$-equated
 terms (offending specifications, which for example bind a variable according
 to a variable bound somewhere else, are not excluded by Ott, but we have
 to).
-Our insistence on reasoning with alpha-equated terms comes from the
+Our insistence on reasoning with $\alpha$-equated terms comes from the
 wealth of experience we gained with the older version of Nominal Isabelle:
-for non-trivial properties, reasoning with alpha-equated terms is much
+for non-trivial properties, reasoning with $\alpha$-equated terms is much
 easier than reasoning with raw terms. The fundamental reason for this is
 that the HOL-logic underlying Nominal Isabelle allows us to replace
 ``equals-by-equals''. In contrast, replacing
-``alpha-equals-by-alpha-equals'' in a representation based on raw terms
+``$\alpha$-equals-by-$\alpha$-equals'' in a representation based on raw terms
 requires a lot of extra reasoning work.
-Although in informal settings a reasoning infrastructure for alpha-equated
+Although in informal settings a reasoning infrastructure for $\alpha$-equated
 terms is nearly always taken for granted, establishing it automatically in
 the Isabelle/HOL theorem prover is a rather non-trivial task. For every
 specification we will need to construct a type containing as elements the
-alpha-equated terms. To do so, we use the standard HOL-technique of defining
+$\alpha$-equated terms. To do so, we use the standard HOL-technique of defining
 a new type by identifying a non-empty subset of an existing type.  The
 construction we perform in Isabelle/HOL can be illustrated by the following picture:
 \begin{center}
 \begin{tikzpicture}
 \end{tikzpicture}
 \end{center}
 \noindent
 We take as the starting point a definition of raw terms (defined as a
-datatype in Isabelle/HOL); identify then the alpha-equivalence classes in
+datatype in Isabelle/HOL); identify then the $\alpha$-equivalence classes in
-the type of sets of raw terms according to our alpha-equivalence relation,
+the type of sets of raw terms according to our $\alpha$-equivalence relation,
-and finally define the new type as these alpha-equivalence classes
+and finally define the new type as these $\alpha$-equivalence classes
 (non-emptiness is satisfied whenever the raw terms are definable as datatype
-in Isabelle/HOL and the property that our relation for alpha-equivalence is
+in Isabelle/HOL and the property that our relation for $\alpha$-equivalence is
 indeed an equivalence relation).
 The fact that we obtain an isomorphism between the new type and the
 non-empty subset shows that the new type is a faithful representation of
-alpha-equated terms. That is not the case for example for terms using the
+$\alpha$-equated terms. That is not the case for example for terms using the
 locally nameless representation of binders \cite{McKinnaPollack99}: in this
 representation there are ``junk'' terms that need to be excluded by
 reasoning about a well-formedness predicate.
 The problem with introducing a new type in Isabelle/HOL is that in order to
 be useful, a reasoning infrastructure needs to be ``lifted'' from the
 underlying subset to the new type. This is usually a tricky and arduous
 task. To ease it, we re-implemented in Isabelle/HOL the quotient package
 described by Homeier \cite{Homeier05} for the HOL4 system. This package
 allows us to lift definitions and theorems involving raw terms to
-definitions and theorems involving alpha-equated terms. For example if we
+definitions and theorems involving $\alpha$-equated terms. For example if we
 define the free-variable function over raw lambda-terms
 \begin{center}
 @{text "fv(x) = {x}"}\hspace{10mm}
 @{text "fv(t\<^isub>1 t\<^isub>2) = fv(t\<^isub>1) \<union> fv(t\<^isub>2)"}\\[1mm]
 @{text "fv(\<lambda>x.t) = fv(t) - {x}"}
 \end{center}
 \noindent
 then with the help of the quotient package we can obtain a function @{text "fv\<^sup>\<alpha>"}
-operating on quotients, or alpha-equivalence classes of lambda-terms. This
+operating on quotients, or $\alpha$-equivalence classes of lambda-terms. This
 lifted function is characterised by the equations
 \begin{center}
 @{text "fv\<^sup>\<alpha>(x) = {x}"}\hspace{10mm}
 @{text "fv\<^sup>\<alpha>(t\<^isub>1 t\<^isub>2) = fv\<^sup>\<alpha>(t\<^isub>1) \<union> fv\<^sup>\<alpha>(t\<^isub>2)"}\\[1mm]
 \end{center}
 \noindent
 (Note that this means also the term-constructors for variables, applications
 and lambda are lifted to the quotient level.)  This construction, of course,
-only works if alpha-equivalence is indeed an equivalence relation, and the
+only works if $\alpha$-equivalence is indeed an equivalence relation, and the
-``raw'' definitions and theorems are respectful w.r.t.~alpha-equivalence.
+``raw'' definitions and theorems are respectful w.r.t.~$\alpha$-equivalence.
 For example, we will not be able to lift a bound-variable function. Although
 this function can be defined for raw terms, it does not respect
-alpha-equivalence and therefore cannot be lifted. To sum up, every lifting
+$\alpha$-equivalence and therefore cannot be lifted. To sum up, every lifting
 of theorems to the quotient level needs proofs of some respectfulness
 properties (see \cite{Homeier05}). In the paper we show that we are able to
 automate these proofs and as a result can automatically establish a reasoning
-infrastructure for alpha-equated terms.
+infrastructure for $\alpha$-equated terms.
 The examples we have in mind where our reasoning infrastructure will be
 helpful includes the term language of System @{text "F\<^isub>C"}, also
 known as Core-Haskell (see Figure~\ref{corehas}). This term language
 involves patterns that have lists of type-, coercion- and term-variables,
 be bound. Another is that each bound variable comes with a kind or type
 annotation. Representing such binders with single binders and reasoning
 about them in a theorem prover would be a major pain.  \medskip
 \noindent
-{\bf Contributions:}  We provide new definitions for when terms
+{\bf Contributions:}  We provide novel definitions for when terms
-involving multiple binders are alpha-equivalent. These definitions are
+involving general binders are $\alpha$-equivalent. These definitions are
 inspired by earlier work of Pitts \cite{Pitts04}. By means of automatic
-proofs, we establish a reasoning infrastructure for alpha-equated
+proofs, we establish a reasoning infrastructure for $\alpha$-equated
 terms, including properties about support, freshness and equality
-conditions for alpha-equated terms. We are also able to derive strong
+conditions for $\alpha$-equated terms. We are also able to derive strong
 induction principles that have the variable convention already built in.
+The concepts behind our specifications of general binders are taken
+from the Ott-tool, but we introduce restrictions, and also one extension, so
+that the specifications make sense for reasoning about $\alpha$-equated terms.
 \begin{figure}
 \begin{boxedminipage}{\linewidth}
 \begin{center}
 \begin{tabular}{r@ {\hspace{1mm}}r@ {\hspace{2mm}}l}
 \end{center}
 The most original aspect of the nominal logic work of Pitts is a general
 definition for the notion of the ``set of free variables of an object @{text
 "x"}''.  This notion, written @{term "supp x"}, is general in the sense that
-it applies not only to lambda-terms (alpha-equated or not), but also to lists,
+it applies not only to lambda-terms ($\alpha$-equated or not), but also to lists,
 products, sets and even functions. The definition depends only on the
 permutation operation and on the notion of equality defined for the type of
 @{text x}, namely:
 %
 \begin{equation}\label{suppdef}
 @{thm[mode=IfThen] swap_fresh_fresh[no_vars]}
 \end{property}
 While often the support of an object can be relatively easily
 described, for example for atoms, products, lists, function applications,
-booleans and permutations as follows\\[-6mm]
+booleans and permutations as follows
 %
 \begin{eqnarray}
 @{term "supp a"} & = & @{term "{a}"}\\
 @{term "supp (x, y)"} & = & @{term "supp x \<union> supp y"}\\
 @{term "supp []"} & = & @{term "{}"}\\
 @{term "supp b"} & = & @{term "{}"}\\
 @{term "supp p"} & = & @{term "{a. p \<bullet> a \<noteq> a}"}
 \end{eqnarray}
 \noindent
-in some cases it can be difficult to characterise the support precisely, and
+In some cases it can be difficult to characterise the support precisely, and
 only an approximation can be established (see \eqref{suppfun} above). Reasoning about
 such approximations can be simplified with the notion \emph{supports}, defined
 as follows:
 \begin{defn}
 \noindent
 The main point of @{text supports} is that we can establish the following
 two properties.
 \begin{property}\label{supportsprop}
-{\it i)} @{thm[mode=IfThen] supp_is_subset[no_vars]}\\
+Given a set @{text "as"} of atoms.
+{\it i)} @{thm[mode=IfThen] supp_is_subset[where S="as", no_vars]}
 {\it ii)} @{thm supp_supports[no_vars]}.
 \end{property}
 Another important notion in the nominal logic work is \emph{equivariance}.
 For a function @{text f}, say of type @{text "\<alpha> \<Rightarrow> \<beta>"}, to be equivariant
 @{term "\<forall>p. p \<bullet> f = f"}
 \end{equation}
 \noindent or equivalently that a permutation applied to the application
 @{text "f x"} can be moved to the argument @{text x}. That means for equivariant
-functions @{text f}, we have for all permutations @{text p}
+functions @{text f}, we have for all permutations @{text p}:
 %
 \begin{equation}\label{equivariance}
 @{text "p \<bullet> f = f"} \;\;\;\textit{if and only if}\;\;\;
 @{text "p \<bullet> (f x) = f (p \<bullet> x)"}
 \end{equation}
 can easily deduce that equivariant functions have empty support. There is
 also a similar notion for equivariant relations, say @{text R}, namely the property
 that
 %
 \begin{center}
-@{text "x R y"} \;\;implies\;\; @{text "(p \<bullet> x) R (p \<bullet> y)"}
+@{text "x R y"} \;\;\textit{implies}\;\; @{text "(p \<bullet> x) R (p \<bullet> y)"}
 \end{center}
 Finally, the nominal logic work provides us with general means to rename
 binders. While in the older version of Nominal Isabelle, we used extensively
 Property~\ref{swapfreshfresh} for renaming single binders, this property
-proved unwieldy for dealing with multiple binders. For such binders the
+proved too unwieldy for dealing with multiple binders. For such binders the
 following generalisations turned out to be easier to use.
 \begin{property}\label{supppermeq}
 @{thm[mode=IfThen] supp_perm_eq[no_vars]}
 \end{property}
 fact and Property~\ref{supppermeq} allow us to ``rename'' just the binders
 @{text as} in @{text x}, because @{term "p \<bullet> x = x"}.
 Most properties given in this section are described in detail in \cite{HuffmanUrban10}
 and of course all are formalised in Isabelle/HOL. In the next sections we will make
-extensive use of these properties in order to define alpha-equivalence in
+extensive use of these properties in order to define $\alpha$-equivalence in
 the presence of multiple binders.
 *}
 section {* General Binders\label{sec:binders} *}
 from this specification (remember that Nominal Isabelle is a definitional
 extension of Isabelle/HOL, which does not introduce any new axioms).
 In order to keep our work with deriving the reasoning infrastructure
 manageable, we will wherever possible state definitions and perform proofs
-on the user-level of Isabelle/HOL, as opposed to write custom ML-code that
+on the ``user-level'' of Isabelle/HOL, as opposed to write custom ML-code that
 generates them anew for each specification. To that end, we will consider
 first pairs @{text "(as, x)"} of type @{text "(atom set) \<times> \<beta>"}.  These pairs
 are intended to represent the abstraction, or binding, of the set of atoms @{text
 "as"} in the body @{text "x"}.
 The first question we have to answer is when two pairs @{text "(as, x)"} and
-@{text "(bs, y)"} are alpha-equivalent? (For the moment we are interested in
+@{text "(bs, y)"} are $\alpha$-equivalent? (For the moment we are interested in
-the notion of alpha-equivalence that is \emph{not} preserved by adding
+the notion of $\alpha$-equivalence that is \emph{not} preserved by adding
-vacuous binders.) To answer this, we identify four conditions: {\it i)}
+vacuous binders.) To answer this question, we identify four conditions: {\it (i)}
 given a free-variable function @{text "fv"} of type \mbox{@{text "\<beta> \<Rightarrow> atom
 set"}}, then @{text x} and @{text y} need to have the same set of free
 variables; moreover there must be a permutation @{text p} such that {\it
-ii)} @{text p} leaves the free variables of @{text x} and @{text y} unchanged, but
+(ii)} @{text p} leaves the free variables of @{text x} and @{text y} unchanged, but
-{\it iii)} ``moves'' their bound names so that we obtain modulo a relation,
+{\it (iii)} ``moves'' their bound names so that we obtain modulo a relation,
-say \mbox{@{text "_ R _"}}, two equivalent terms. We also require that {\it iv)}
+say \mbox{@{text "_ R _"}}, two equivalent terms. We also require that {\it (iv)}
 @{text p} makes the sets of abstracted atoms @{text as} and @{text bs} equal. The
 requirements {\it i)} to {\it iv)} can be stated formally as follows:
 %
 \begin{equation}\label{alphaset}
-\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l}
+\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l@ {\hspace{4mm}}r}
-\multicolumn{2}{l}{@{term "(as, x) \<approx>gen R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}\hspace{30mm}}\\[1mm]
+\multicolumn{3}{l}{@{term "(as, x) \<approx>gen R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}}\\[1mm]
-& @{term "fv(x) - as = fv(y) - bs"}\\
+& @{term "fv(x) - as = fv(y) - bs"} & \mbox{\it (i)}\\
-@{text "\<and>"} & @{term "(fv(x) - as) \<sharp>* p"}\\
+@{text "\<and>"} & @{term "(fv(x) - as) \<sharp>* p"} & \mbox{\it (ii)}\\
-@{text "\<and>"} & @{text "(p \<bullet> x) R y"}\\
+@{text "\<and>"} & @{text "(p \<bullet> x) R y"} & \mbox{\it (iii)}\\
-@{text "\<and>"} & @{term "(p \<bullet> as) = bs"}\\
+@{text "\<and>"} & @{term "(p \<bullet> as) = bs"} & \mbox{\it (iv)}\\
 \end{array}
 \end{equation}
 \noindent
 Note that this relation depends on the permutation @{text
-"p"}. Alpha-equivalence between two pairs is then the relation where we
+"p"}; $\alpha$-equivalence between two pairs is then the relation where we
 existentially quantify over this @{text "p"}. Also note that the relation is
 dependent on a free-variable function @{text "fv"} and a relation @{text
 "R"}. The reason for this extra generality is that we will use
-$\approx_{\textit{set}}$ for both ``raw'' terms and alpha-equated terms. In
+$\approx_{\,\textit{set}}$ for both ``raw'' terms and $\alpha$-equated terms. In
-the latter case, $R$ will be replaced by equality @{text "="} and we
+the latter case, @{text R} will be replaced by equality @{text "="} and we
 will prove that @{text "fv"} is equal to @{text "supp"}.
 The definition in \eqref{alphaset} does not make any distinction between the
-order of abstracted variables. If we want this, then we can define alpha-equivalence
+order of abstracted variables. If we want this, then we can define $\alpha$-equivalence
 for pairs of the form \mbox{@{text "(as, x)"}} with type @{text "(atom list) \<times> \<beta>"}
 as follows
 %
 \begin{equation}\label{alphalist}
-\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l}
+\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l@ {\hspace{4mm}}r}
-\multicolumn{2}{l}{@{term "(as, x) \<approx>lst R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}\hspace{30mm}}\\[1mm]
+\multicolumn{2}{l}{@{term "(as, x) \<approx>lst R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}}\\[1mm]
-& @{term "fv(x) - (set as) = fv(y) - (set bs)"}\\
+& @{term "fv(x) - (set as) = fv(y) - (set bs)"} & \mbox{\it (i)}\\
-\wedge     & @{term "(fv(x) - set as) \<sharp>* p"}\\
+\wedge     & @{term "(fv(x) - set as) \<sharp>* p"} & \mbox{\it (ii)}\\
-\wedge     & @{text "(p \<bullet> x) R y"}\\
+\wedge     & @{text "(p \<bullet> x) R y"} & \mbox{\it (iii)}\\
-\wedge     & @{term "(p \<bullet> as) = bs"}\\
+\wedge     & @{term "(p \<bullet> as) = bs"} & \mbox{\it (iv)}\\
 \end{array}
 \end{equation}
 \noindent
-where @{term set} is a function that coerces a list of atoms into a set of atoms.
+where @{term set} is the function that coerces a list of atoms into a set of atoms.
 Now the last clause ensures that the order of the binders matters (since @{text as}
 and @{text bs} are lists of atoms).
 If we do not want to make any difference between the order of binders \emph{and}
 also allow vacuous binders, then we keep sets of binders, but drop the fourth
 condition in \eqref{alphaset}:
 %
 \begin{equation}\label{alphares}
-\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l}
+\begin{array}{@ {\hspace{10mm}}r@ {\hspace{2mm}}l@ {\hspace{4mm}}r}
-\multicolumn{2}{l}{@{term "(as, x) \<approx>res R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}\hspace{30mm}}\\[1mm]
+\multicolumn{2}{l}{@{term "(as, x) \<approx>res R fv p (bs, y)"}\hspace{2mm}@{text "\<equiv>"}}\\[1mm]
-& @{term "fv(x) - as = fv(y) - bs"}\\
+& @{term "fv(x) - as = fv(y) - bs"} & \mbox{\it (i)}\\
-\wedge     & @{term "(fv(x) - as) \<sharp>* p"}\\
+\wedge     & @{term "(fv(x) - as) \<sharp>* p"} & \mbox{\it (ii)}\\
-\wedge     & @{text "(p \<bullet> x) R y"}\\
+\wedge     & @{text "(p \<bullet> x) R y"} & \mbox{\it (iii)}\\
 \end{array}
 \end{equation}
-It might be useful to consider some examples for how these definitions of alpha-equivalence
+It might be useful to consider first some examples for how these definitions
-pan out in practice.
+of $\alpha$-equivalence pan out in practice.  For this consider the case of
-For this consider the case of abstracting a set of variables over types (as in type-schemes).
+abstracting a set of variables over types (as in type-schemes). We set
-We set @{text R} to be the usual equality @{text "="} and for @{text "fv(T)"} we define
+@{text R} to be the usual equality @{text "="} and for @{text "fv(T)"} we
+define
 \begin{center}
 @{text "fv(x) = {x}"}  \hspace{5mm} @{text "fv(T\<^isub>1 \<rightarrow> T\<^isub>2) = fv(T\<^isub>1) \<union> fv(T\<^isub>2)"}
 \end{center}
 \noindent
 Now recall the examples shown in \eqref{ex1}, \eqref{ex2} and
 \eqref{ex3}. It can be easily checked that @{text "({x, y}, x \<rightarrow> y)"} and
-@{text "({y, x}, y \<rightarrow> x)"} are alpha-equivalent according to
+@{text "({y, x}, y \<rightarrow> x)"} are $\alpha$-equivalent according to
-$\approx_{\textit{set}}$ and $\approx_{\textit{res}}$ by taking @{text p} to
+$\approx_{\,\textit{set}}$ and $\approx_{\,\textit{res}}$ by taking @{text p} to
 be the swapping @{term "(x \<rightleftharpoons> y)"}. In case of @{text "x \<noteq> y"}, then @{text
-"([x, y], x \<rightarrow> y)"} $\not\approx_{\textit{list}}$ @{text "([y, x], x \<rightarrow> y)"}
+"([x, y], x \<rightarrow> y)"} $\not\approx_{\,\textit{list}}$ @{text "([y, x], x \<rightarrow> y)"}
 since there is no permutation that makes the lists @{text "[x, y]"} and
 @{text "[y, x]"} equal, and also leaves the type \mbox{@{text "x \<rightarrow> y"}}
-unchanged. Another example is @{text "({x}, x)"} $\approx_{\textit{res}}$
+unchanged. Another example is @{text "({x}, x)"} $\approx_{\,\textit{res}}$
 @{text "({x, y}, x)"} which holds by taking @{text p} to be the identity
 permutation.  However, if @{text "x \<noteq> y"}, then @{text "({x}, x)"}
-$\not\approx_{\textit{set}}$ @{text "({x, y}, x)"} since there is no
+$\not\approx_{\,\textit{set}}$ @{text "({x, y}, x)"} since there is no
 permutation that makes the sets @{text "{x}"} and @{text "{x, y}"} equal
-(similarly for $\approx_{\textit{list}}$).  It can also relatively easily be
+(similarly for $\approx_{\,\textit{list}}$).  It can also relatively easily be
-shown that all three notions of alpha-equivalence coincide, if we only
+shown that all three notions of $\alpha$-equivalence coincide, if we only
 abstract a single atom.
 In the rest of this section we are going to introduce three abstraction
 types. For this we define
 %
 \begin{equation}
 @{term "abs_set (as, x) (bs, x) \<equiv> \<exists>p. alpha_gen (as, x) equal supp p (bs, x)"}
 \end{equation}
 \noindent
-(similarly for $\approx_{\textit{abs\_res}}$
+(similarly for $\approx_{\,\textit{abs\_res}}$
-and $\approx_{\textit{abs\_list}}$). We can show that these relations are equivalence
+and $\approx_{\,\textit{abs\_list}}$). We can show that these relations are equivalence
 relations and equivariant.
 \begin{lemma}\label{alphaeq}
-The relations $\approx_{\textit{abs\_set}}$, $\approx_{\textit{abs\_list}}$
+The relations $\approx_{\,\textit{abs\_set}}$, $\approx_{\,\textit{abs\_list}}$
-and $\approx_{\textit{abs\_res}}$ are equivalence relations, and if @{term
+and $\approx_{\,\textit{abs\_res}}$ are equivalence relations, and if @{term
 "abs_set (as, x) (bs, y)"} then also @{term "abs_set (p \<bullet> as, p \<bullet> x) (p \<bullet>
 bs, p \<bullet> y)"} (similarly for the other two relations).
 \end{lemma}
 \begin{proof}
 \end{proof}
 \noindent
 This lemma allows us to use our quotient package and introduce
 new types @{text "\<beta> abs_set"}, @{text "\<beta> abs_res"} and @{text "\<beta> abs_list"}
-representing alpha-equivalence classes of pairs of type
+representing $\alpha$-equivalence classes of pairs of type
 @{text "(atom set) \<times> \<beta>"} (in the first two cases) and of type @{text "(atom list) \<times> \<beta>"}
 (in the third case).
 The elements in these types will be, respectively, written as:
 \begin{center}
 @{thm permute_Abs[no_vars]}
 \end{equation}
 \noindent
 The second fact derives from the definition of permutations acting on pairs
-\eqref{permute} and alpha-equivalence being equivariant
+\eqref{permute} and $\alpha$-equivalence being equivariant
 (see Lemma~\ref{alphaeq}). With these two facts at our disposal, we can show
-the following lemma about swapping two atoms.
+the following lemma about swapping two atoms in an abstraction.
 \begin{lemma}
 @{thm[mode=IfThen] abs_swap1(1)[where bs="as", no_vars]}
 \end{lemma}
 form @{term "Abs as x"} etc is motivated by the fact that
 we can conveniently establish  at the Isabelle/HOL level
 properties about them.  It would be
 laborious to write custom ML-code that derives automatically such properties
 for every term-constructor that binds some atoms. Also the generality of
-the definitions for alpha-equivalence will help us in the next section.
+the definitions for $\alpha$-equivalence will help us in the next section.
 *}
 section {* Alpha-Equivalence and Free Variables\label{sec:alpha} *}
 text {*
 \end{tabular}}
 \end{equation}
 \noindent
 Every type declaration @{text ty}$^\alpha_{1..n}$ consists of a collection of
-term-constructors, each of which come with a list of labelled
+term-constructors, each of which comes with a list of labelled
 types that stand for the types of the arguments of the term-constructor.
 For example a term-constructor @{text "C\<^sup>\<alpha>"} might be specified with
 \begin{center}
 @{text "C\<^sup>\<alpha> label\<^isub>1::ty"}$'_1$ @{text "\<dots> label\<^isub>l::ty"}$'_l\;\;$  @{text "binding_clauses"}
 \noindent
 The first mode is for binding lists of atoms (the order of binders matters);
 the second is for sets of binders (the order does not matter, but the
 cardinality does) and the last is for sets of binders (with vacuous binders
-preserving alpha-equivalence). The ``\isacommand{in}-part'' of a binding
+preserving $\alpha$-equivalence). The ``\isacommand{in}-part'' of a binding
 clause will be called \emph{bodies} (there can be more than one); the
 ``\isacommand{bind}-part'' will be called \emph{binders}. In contrast to
 Ott, we allow multiple labels in binders and bodies. For example we allow
 binding clauses of the form:
 \begin{center}
 \begin{tabular}{@ {}ll@ {}}
-@{text "Foo\<^isub>1 x::name y::name t::lam s::lam"} &
+@{text "Foo\<^isub>1 x::name y::name t::trm s::trm"} &
 \isacommand{bind} @{text "x y"} \isacommand{in} @{text "t s"}\\
-@{text "Foo\<^isub>2 x::name y::name t::lam s::lam"} &
+@{text "Foo\<^isub>2 x::name y::name t::trm s::trm"} &
 \isacommand{bind} @{text "x y"} \isacommand{in} @{text "t"},
 \isacommand{bind} @{text "x y"} \isacommand{in} @{text "s"}\\
 \end{tabular}
 \end{center}
 \noindent
 Similarly for the other binding modes. Interestingly, in case of \isacommand{bind\_set}
 and \isacommand{bind\_res} the binding clauses above will make a difference to the semantics
-of the specifications (the corresponding alpha-equivalence will differ). We will
+of the specifications (the corresponding $\alpha$-equivalence will differ). We will
 show this later with an example.
-There are some restrictions we need to impose on binding clasues: First, a
+There are some restrictions we need to impose on binding clasues: the main idea behind
-body can only occur in \emph{one} binding clause of a term constructor. For
+these restrictions is that we obtain a sensible notion of $\alpha$-equivalence where
+it is ensured that a bound variable cannot be free at the same time.  First, a
+body can only occur in \emph{one} binding clause of a term constructor (this ensures
+that the bound variables of a body cannot be free at the same time by specifying
+an alternative binder for the body). For
 binders we distinguish between \emph{shallow} and \emph{deep} binders.
 Shallow binders are just labels. The restriction we need to impose on them
 is that in case of \isacommand{bind\_set} and \isacommand{bind\_res} the
 labels must either refer to atom types or to sets of atom types; in case of
 \isacommand{bind} the labels must refer to atom types or lists of atom
 set of names is bound:
 \begin{center}
 \begin{tabular}{@ {}cc@ {}}
 \begin{tabular}{@ {}l@ {\hspace{-1mm}}}
-\isacommand{nominal\_datatype} @{text lam} =\\
+\isacommand{nominal\_datatype} @{text lam} $=$\\
 \hspace{5mm}\phantom{$\mid$}~@{text "Var name"}\\
 \hspace{5mm}$\mid$~@{text "App lam lam"}\\
 \hspace{5mm}$\mid$~@{text "Lam x::name t::lam"}\\
 \hspace{21mm}\isacommand{bind} @{text x} \isacommand{in} @{text t}\\
 \end{tabular} &
 \begin{tabular}{@ {}l@ {}}
-\isacommand{nominal\_datatype}~@{text ty} =\\
+\isacommand{nominal\_datatype}~@{text ty} $=$\\
 \hspace{5mm}\phantom{$\mid$}~@{text "TVar name"}\\
 \hspace{5mm}$\mid$~@{text "TFun ty ty"}\\
 \isacommand{and}~@{text "tsc = All xs::(name fset) T::ty"}\\
 \hspace{24mm}\isacommand{bind\_res} @{text xs} \isacommand{in} @{text T}\\
 \end{tabular}
 \end{tabular}
 \end{center}
 \noindent
+In these specifications @{text "name"} refers to an atom type, and @{text
+"fset"} to the type of finite sets.
 Note that for @{text lam} it does not matter which binding mode we use. The
 reason is that we bind only a single @{text name}. However, having
 \isacommand{bind\_set} or \isacommand{bind} in the second case makes a
-difference to the semantics of the specification. Note also that in
+difference to the semantics of the specification (which we will define below).
-these specifications @{text "name"} refers to an atom type, and @{text
-"fset"} to the type of finite sets.
 A \emph{deep} binder uses an auxiliary binding function that ``picks'' out
 the atoms in one argument of the term-constructor, which can be bound in
 other arguments and also in the same argument (we will call such binders
-\emph{recursive}, see below). The corresponding binding functions are
+\emph{recursive}, see below). The binding functions are
 expected to return either a set of atoms (for \isacommand{bind\_set} and
 \isacommand{bind\_res}) or a list of atoms (for \isacommand{bind}). They can
 be defined by primitive recursion over the corresponding type; the equations
 must be given in the binding function part of the scheme shown in
 \eqref{scheme}. For example a term-calculus containing @{text "Let"}s with
 \hspace{5mm}$\mid$~@{text "PVar name"}\\
 \hspace{5mm}$\mid$~@{text "PTup pat pat"}\\
 \isacommand{binder}~@{text "bn::pat \<Rightarrow> atom list"}\\
 \isacommand{where}~@{text "bn(PNil) = []"}\\
 \hspace{5mm}$\mid$~@{text "bn(PVar x) = [atom x]"}\\
-\hspace{5mm}$\mid$~@{text "bn(PTup p\<^isub>1 p\<^isub>2) = bn(p\<^isub>1) @ bn(p\<^isub>2)"}\\
+\hspace{5mm}$\mid$~@{text "bn(PTup p\<^isub>1 p\<^isub>2) = bn(p\<^isub>1) @ bn(p\<^isub>2)"}\smallskip\\
 \end{tabular}}
 \end{equation}
 \noindent
 In this specification the function @{text "bn"} determines which atoms of
 \noindent
 The difference is that with @{text Let} we only want to bind the atoms @{text
 "bn(as)"} in the term @{text t}, but with @{text "Let_rec"} we also want to bind the atoms
 inside the assignment. This difference has consequences for the free-variable
-function and alpha-equivalence relation, which we are going to define below.
+function and $\alpha$-equivalence relation, which we are going to define below.
-For this definition, we have to impose some restrictions on deep binders. First,
+To make sure that variables bound by deep binders cannot be free at the
+same time, we have to impose some restrictions. First,
 we cannot have more than one binding function for one binder. So we exclude:
 \begin{center}
-\begin{tabular}{ll}
+\begin{tabular}{@ {}l@ {\hspace{2mm}}l@ {}}
-@{text "Baz p::pat t::trm"} &
+@{text "Baz\<^isub>1 p::pat t::trm"} &
 \isacommand{bind} @{text "bn\<^isub>1(p) bn\<^isub>2(p)"} \isacommand{in} @{text t}\\
-\end{tabular}
+@{text "Baz\<^isub>2 p::pat t\<^isub>1::trm t\<^isub>2::trm"} &
-\end{center}
+\isacommand{bind} @{text "bn\<^isub>1(p)"} \isacommand{in} @{text "t\<^isub>1"},
+\isacommand{bind} @{text "bn\<^isub>2(p)"} \isacommand{in} @{text "t\<^isub>2"}\\
-\noindent
+\end{tabular}
-The reason why we must exclude such specifications is that they cannot be
+\end{center}
-represented by the general binders described in Section~\ref{sec:binders}.
+\noindent
 We also need to restrict the form of the binding functions. As will shortly
 become clear, we cannot return an atom in a binding function that is also
 bound in the corresponding term-constructor. That means in the example
 \eqref{letpat} that the term-constructors @{text PVar} and @{text PTup} may
 not have a binding clause (all arguments are used to define @{text "bn"}).
 In contrast, in case of \eqref{letrecs} the term-constructor @{text ACons}
-may have binding clause involving the argument @{text t} (the only one that
+may have a binding clause involving the argument @{text t} (the only one that
-is \emph{not} used in the definition of the binding function).  In the version of
+is \emph{not} used in the definition of the binding function).
+In the version of
 Nominal Isabelle described here, we also adopted the restriction from the
 Ott-tool that binding functions can only return: the empty set or empty list
 (as in case @{text PNil}), a singleton set or singleton list containing an
 atom (case @{text PVar}), or unions of atom sets or appended atom lists
-(case @{text PTup}). This restriction will simplify some automatic proofs
+(case @{text PTup}). This restriction will simplify some automatic definitions and proofs
 later on.
 In order to simplify our definitions, we shall assume specifications
-of term-calculi are \emph{completed}. By this we mean that
+of term-calculi are implicitly \emph{completed}. By this we mean that
 for every argument of a term-constructor that is \emph{not}
 already part of a binding clause given by the user, we add implicitly a special \emph{empty} binding
 clause, written \isacommand{bind}~@{term "{}"}~\isacommand{in}~@{text "labels"}. In case
 of the lambda-calculus, the completion produces
 Pottier and Cheney pointed out \cite{Pottier06,Cheney05}, just
 re-arranging the arguments of
 term-constructors so that binders and their bodies are next to each other will
 result in inadequate representations. Therefore we will first
 extract datatype definitions from the specification and then define
-explicitly an alpha-equivalence relation over them.
+explicitly an $\alpha$-equivalence relation over them.
 The datatype definition can be obtained by stripping off the
 binding clauses and the labels from the types. We also have to invent
 new names for the types @{text "ty\<^sup>\<alpha>"} and term-constructors @{text "C\<^sup>\<alpha>"}
 given by the user. In our implementation we just use the affix ``@{text "_raw"}''.
 But for the purpose of this paper, we use the superscript @{text "_\<^sup>\<alpha>"} to indicate
-that a notion is defined over alpha-equivalence classes and leave it out
+that a notion is defined over $\alpha$-equivalence classes and leave it out
 for the corresponding notion defined on the ``raw'' level. So for example
 we have
 \begin{center}
 @{text "ty\<^sup>\<alpha> \<mapsto> ty"} \hspace{2mm}and\hspace{2mm} @{text "C\<^sup>\<alpha> \<mapsto> C"}
 %
 \begin{equation}\label{ceqvt}
 @{text "p \<bullet> (C z\<^isub>1 \<dots> z\<^isub>n) = C (p \<bullet> z\<^isub>1) \<dots> (p \<bullet> z\<^isub>n)"}
 \end{equation}
-The first non-trivial step we have to perform is the generation of free-variable
+The first non-trivial step we have to perform is the generation of
-functions from the specifications. For atomic types we define the auxilary
+free-variable functions from the specifications. Given the raw types @{text
+"ty\<^isub>1 \<dots> ty\<^isub>n"} derived from a specification, we define the
+free-variable functions
+\begin{center}
+@{text "fv_ty\<^isub>1, \<dots>, fv_ty\<^isub>n"}
+\end{center}
+\noindent
+We define them together with auxiliary free-variable functions for
+the binding functions. Given raw binding functions @{text "bn\<^isub>1 \<dots> bn\<^isub>m"} we define
+\begin{center}
+@{text "fv_bn\<^isub>1, \<dots>, fv_bn\<^isub>m"}
+\end{center}
+\noindent
+The reason for this setup is that in a deep binder not all atoms have to be
+bound, as we saw in the example with ``plain'' @{text Let}s. We need therefore a function
+that calculates those unbound atoms.
+For atomic types we define the auxilary
 free variable functions:
 \begin{center}
 \begin{tabular}{r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
 @{text "fv_atom a"} & @{text "="} & @{text "atom a"}\\
 \noindent
 Like the coercion function @{text atom}, @{text "atoms"} coerces
 the set of atoms to a set of the generic atom type.
 It is defined as @{text "atoms as \<equiv> {atom a | a \<in> as}"}.
-Given the raw types @{text "ty\<^isub>1 \<dots> ty\<^isub>n"} we define now the
-free-variable functions
-\begin{center}
-@{text "fv_ty\<^isub>1, \<dots>, fv_ty\<^isub>n"}
-\end{center}
-\noindent
-We define them together with auxiliary free-variable functions for
-the binding functions. Given binding functions
-@{text "bn\<^isub>1 \<dots> bn\<^isub>m"} we define
-%
-\begin{center}
-@{text "fv_bn\<^isub>1, \<dots>, fv_bn\<^isub>m"}
-\end{center}
-\noindent
-The reason for this setup is that in a deep binder not all atoms have to be
-bound, as we saw in the example with ``plain'' @{text Let}s. We need therefore a function
-that calculates those unbound atoms.
 While the idea behind these free-variable functions is clear (they just
 collect all atoms that are not bound), because of our rather complicated
 binding mechanisms their definitions are somewhat involved.  Given a
 term-constructor @{text "C"} of type @{text ty} and some associated binding
 \noindent
 The reason why we only have to treat the empty binding clauses specially in
 the definition of @{text "fv_bn"} is that binding functions can only use arguments
 that do not occur in binding clauses. Otherwise the @{text "bn"} function cannot
-be lifted to alpha-equated terms.
+be lifted to $\alpha$-equated terms.
 To see how these definitions work in practice, let us reconsider the term-constructors
 @{text "Let"} and @{text "Let_rec"} from the example shown in \eqref{letrecs}.
 For this specification we need to define three free-variable functions, namely
 context of a @{text Let} or @{text "Let_rec"} will some atoms become bound.
 This is a phenomenon
 that has also been pointed out in \cite{ott-jfp}. For us it is crucial, because
 we would not be able to lift a @{text "bn"}-function that is defined over
 arguments that are either binders or bodies. In that case @{text "bn"} would
-not respect alpha-equivalence. We can also see that
+not respect $\alpha$-equivalence. We can also see that
 %
 \begin{equation}\label{bnprop}
 @{text "fv_ty x  =  bn x \<union> fv_bn x"}.
 \end{equation}
 \noindent
 holds for any @{text "bn"}-function defined for the type @{text "ty"}.
-Next we define alpha-equivalence relations for the types @{text "ty\<^isub>1, \<dots>, ty\<^isub>n"}. We call them
+Next we define $\alpha$-equivalence relations for the types @{text "ty\<^isub>1, \<dots>, ty\<^isub>n"}. We call them
 @{text "\<approx>ty\<^isub>1, \<dots>, \<approx>ty\<^isub>n"}. Like with the free-variable functions,
-we also need to  define auxiliary alpha-equivalence relations for the binding functions.
+we also need to  define auxiliary $\alpha$-equivalence relations for the binding functions.
 Say we have binding functions @{text "bn\<^isub>1, \<dots>, bn\<^isub>m"}, then we also define @{text "\<approx>bn\<^isub>1, \<dots>, \<approx>bn\<^isub>m"}.
 To simplify our definitions we will use the following abbreviations for
 relations and free-variable acting on products.
 %
 \begin{center}
 @{text "(fv\<^isub>1 \<oplus> fv\<^isub>2) (x, y)"} & @{text "\<equiv>"} & @{text "fv\<^isub>1 x \<union> fv\<^isub>2 y"}\\
 \end{tabular}
 \end{center}
-The relations for alpha-equivalence are inductively defined predicates, whose clauses have
+The relations for $\alpha$-equivalence are inductively defined predicates, whose clauses have
 conclusions of the form
 %
 \begin{center}
 @{text "C x\<^isub>1 \<dots> x\<^isub>n  \<approx>ty  C y\<^isub>1 \<dots> y\<^isub>n"}
 \end{center}
 of excluding overlapping deep binders, as these would need to be translated into separate
 abstractions.
-The alpha-equivalence relations @{text "\<approx>bn\<^isub>j"} for binding functions
+The $\alpha$-equivalence relations @{text "\<approx>bn\<^isub>j"} for binding functions
 are similar. We again have conclusions of the form \mbox{@{text "C x\<^isub>1 \<dots> x\<^isub>n \<approx>bn C y\<^isub>1 \<dots> y\<^isub>n"}}
 and need to generate appropriate premises. We generate first premises according to the first three
 rules given above. Only the ``left-over'' pairs  @{text "(x\<^isub>i, y\<^isub>i)"} need to be treated
 differently. They depend on whether @{text "x\<^isub>i"}  occurs in @{text "rhs"} of  the
 clause @{text "bn (C x\<^isub>1 \<dots> x\<^isub>n) = rhs"}:
 \end{tabular}
 \end{center}
 \noindent
 Note the difference between  $\approx_{\textit{assn}}$ and
-$\approx_{\textit{bn}}$: the latter only ``tracks'' alpha-equivalence of
+$\approx_{\textit{bn}}$: the latter only ``tracks'' $\alpha$-equivalence of
 the components in an assignment that are \emph{not} bound. Therefore we have
 a $\approx_{\textit{bn}}$-premise in the clause for @{text "Let"} (which is
 a non-recursive binder). The underlying reason is that the terms inside an assignment are not meant
 to be ``under'' the binder. Such a premise is \emph{not} needed in @{text "Let_rec"},
 because there everything from the assignment is under the binder.
 section {* Establishing the Reasoning Infrastructure *}
 text {*
 Having made all necessary definitions for raw terms, we can start
-introducing the reasoning infrastructure for the alpha-equated types the
+introducing the reasoning infrastructure for the $\alpha$-equated types the
 user originally specified. We sketch in this section the facts we need for establishing
 this reasoning infrastructure. First we have to show that the
-alpha-equivalence relations defined in the previous section are indeed
+$\alpha$-equivalence relations defined in the previous section are indeed
 equivalence relations.
 \begin{lemma}\label{equiv}
 Given the raw types @{text "ty\<^isub>1, \<dots>, ty\<^isub>n"} and binding functions
 @{text "bn\<^isub>1, \<dots>, bn\<^isub>m"}, the relations @{text "\<approx>ty\<^isub>1, \<dots>, \<approx>ty\<^isub>n"} and
 can be dealt with as in Lemma~\ref{alphaeq}.
 \end{proof}
 \noindent
 We can feed this lemma into our quotient package and obtain new types @{text
-"ty\<AL>\<^bsub>1..n\<^esub>"} representing alpha-equated terms of types @{text "ty\<^bsub>1..n\<^esub>"}. We also obtain
+"ty\<AL>\<^bsub>1..n\<^esub>"} representing $\alpha$-equated terms of types @{text "ty\<^bsub>1..n\<^esub>"}. We also obtain
 definitions for the term-constructors @{text
 "C"}$^\alpha_{1..m}$ from the raw term-constructors @{text
 "C"}$_{1..m}$, and similar definitions for the free-variable functions @{text
 "fv_ty"}$^\alpha_{1..n}$ and the binding functions @{text
 "bn"}$^\alpha_{1..k}$. However, these definitions are not really useful to the
 \mbox{@{text "C"}$^\alpha_i$@{text "x\<^isub>1 \<dots> x\<^isub>n"} @{text "\<noteq>"}
 @{text "C"}$^\alpha_j$@{text "y\<^isub>1 \<dots> y\<^isub>m"} holds for @{text "i \<noteq> j"}.}
 \end{equation}
 \noindent
-By definition of alpha-equivalence we can show that
+By definition of $\alpha$-equivalence we can show that
 for the raw term-constructors
 %
 \begin{equation}\label{distinctraw}
 \mbox{@{text "C\<^isub>i x\<^isub>1 \<dots> x\<^isub>n"}\;$\not\approx$@{text ty}\;@{text "C\<^isub>j y\<^isub>1 \<dots> y\<^isub>m"} holds for @{text "i \<noteq> j"}.}
 \end{equation}
 \noindent
 In order to generate \eqref{distinctalpha} from \eqref{distinctraw}, the quotient
 package needs to know that the term-constructors @{text "C\<^isub>i"} and @{text "C\<^isub>j"}
-are \emph{respectful} w.r.t.~the alpha-equivalence relations (see \cite{Homeier05}).
+are \emph{respectful} w.r.t.~the $\alpha$-equivalence relations (see \cite{Homeier05}).
 Assuming @{text "C\<^isub>i"} is of type @{text "ty"} with argument types
 @{text "ty\<^isub>1, \<dots>, ty\<^isub>n"}, then respectfulness amounts to showing that
 \begin{center}
 @{text "C\<^isub>i x\<^isub>1 \<dots> x\<^isub>n \<approx>ty C\<^isub>i y\<^isub>1 \<dots> y\<^isub>n"}
 \end{center}
 \noindent
-are alpha-equivalent under the assumption that @{text "x\<^isub>i \<approx>ty\<^isub>i y\<^isub>i"} holds for all recursive arguments
+are $\alpha$-equivalent under the assumption that @{text "x\<^isub>i \<approx>ty\<^isub>i y\<^isub>i"} holds for all recursive arguments
 and  @{text "x\<^isub>i = y\<^isub>i"} holds for all non-recursive arguments of @{text "C\<^isub>i"}. We can prove this by
 analysing the definition of @{text "\<approx>ty"}. For this proof to succeed we have to establish
 the following auxiliary fact about binding functions. Given a binding function @{text bn\<^isub>i} defined
 for the type @{text ty\<^isub>i}, we have that
 %
 \noindent
 This can be established by induction on the definition of @{text "\<approx>ty\<^isub>i"}.
 Having established respectfulness for every raw term-constructor, the
 quotient package is able to automatically deduce \eqref{distinctalpha} from \eqref{distinctraw}.
-In fact we can from now on lift facts from the raw level to the alpha-equated level
+In fact we can from now on lift facts from the raw level to the $\alpha$-equated level
 as long as they contain raw term-constructors only. The
 induction principles derived by the datatype package in Isabelle/HOL for the types @{text
 "ty\<^bsub>1..n\<^esub>"} fall into this category. So we can also add to our infrastructure
 induction principles that establish
 Next we lift the permutation operations defined in \eqref{ceqvt} for
 the raw term-constructors @{text "C"}. These facts contain, in addition
 to the term-constructors, also permutation operations. In order to make the
 lifting go through,
 we have to know that the permutation operations are respectful
-w.r.t.~alpha-equivalence. This amounts to showing that the
+w.r.t.~$\alpha$-equivalence. This amounts to showing that the
-alpha-equivalence relations are equivariant, which we already established
+$\alpha$-equivalence relations are equivariant, which we already established
 in Lemma~\ref{equiv}. As a result we can establish the equations
 \begin{equation}\label{calphaeqvt}
 @{text "p \<bullet> (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n) = C\<^sup>\<alpha> (p \<bullet> x\<^isub>1) \<dots> (p \<bullet> x\<^isub>n)"}
 \end{equation}
 \begin{center}
 @{text "C x\<^isub>1 \<dots> x\<^isub>n \<approx>ty C y\<^isub>1 \<dots> y\<^isub>n"}
 \end{center}
 \noindent
-are alpha-equivalent. This gives us conditions when the corresponding
+are $\alpha$-equivalent. This gives us conditions when the corresponding
-alpha-equated terms are \emph{equal}, namely
+$\alpha$-equated terms are \emph{equal}, namely
 \begin{center}
 @{text "C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n = C\<^sup>\<alpha> y\<^isub>1 \<dots> y\<^isub>n"}
 \end{center}
 \noindent
 We call these conditions as \emph{quasi-injectivity}. Except for one function, which
 we have to lift in the next section, we completed
 the lifting part of establishing the reasoning infrastructure.
-By working now completely on the alpha-equated level, we can first show that
+By working now completely on the $\alpha$-equated level, we can first show that
 the free-variable functions and binding functions
 are equivariant, namely
 \begin{center}
 \begin{tabular}{rcl}
 \noindent
 These properties can be established by structural induction over the @{text x}
 (using the induction principles we lifted above for the types @{text "ty\<AL>\<^bsub>1..n\<^esub>"}).
 Until now we have not yet derived anything about the support of the
-alpha-equated terms. This however will be necessary in order to derive
+$\alpha$-equated terms. This however will be necessary in order to derive
 the strong induction principles in the next section.
 Using the equivariance properties in \eqref{ceqvt} we can
 show for every term-constructor @{text "C\<^sup>\<alpha>"} that
 \begin{center}
 section {* Strong Induction Principles *}
 text {*
 In the previous section we were able to provide induction principles that
-allow us to perform structural inductions over alpha-equated terms.
+allow us to perform structural inductions over $\alpha$-equated terms.
 We call such induction principles \emph{weak}, because in case of a term-constructor @{text "C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n"},
 the induction hypothesis requires us to establish the implication
 %
 \begin{equation}\label{weakprem}
 @{text "\<forall>x\<^isub>1\<dots>x\<^isub>n. P\<^isub>i x\<^isub>i \<and> \<dots> \<and> P\<^isub>j x\<^isub>j \<Rightarrow> P (C\<^sup>\<alpha> x\<^isub>1 \<dots> x\<^isub>n)"}
 \end{tabular}
 \end{center}
 \noindent
 Using again the quotient package  we can lift the @{text "_ \<bullet>\<^bsub>bn\<^esub> _"} function to
-alpha-equated terms. We can then prove the following two facts
+$\alpha$-equated terms. We can then prove the following two facts
 \begin{lemma}\label{permutebn}
 Given a binding function @{text "bn\<^sup>\<alpha>"} then for all @{text p}
 {\it i)} @{text "p \<bullet> (bn\<^sup>\<alpha> x) = bn\<^sup>\<alpha> (p \<bullet>\<^bsub>bn\<^esub>\<^sup>\<alpha> x)"} and {\it ii)}
 @{text "fv_bn\<^isup>\<alpha> x = fv_bn\<^isup>\<alpha> (p \<bullet>\<^bsub>bn\<^esub>\<^sup>\<alpha> x)"}.
 front-end for creating \LaTeX{} documents from specifications of
 term-calculi involving general binders. For a subset of the specifications,
 Ott can also generate theorem prover code using a raw representation of
 terms, and in Coq also a locally nameless representation. The developers of
 this tool have also put forward (on paper) a definition for
-alpha-equivalence of terms that can be specified in Ott.  This definition is
+$\alpha$-equivalence of terms that can be specified in Ott.  This definition is
 rather different from ours, not using any nominal techniques.  To our
 knowledge there is also no concrete mathematical result concerning this
-notion of alpha-equivalence.  A definition for the notion of free variables
+notion of $\alpha$-equivalence.  A definition for the notion of free variables
 in a term are work in progress in Ott.
 Although we were heavily inspired by their syntax,
-their definition of alpha-equivalence is unsuitable for our extension of
+their definition of $\alpha$-equivalence is unsuitable for our extension of
 Nominal Isabelle. First, it is far too complicated to be a basis for
 automated proofs implemented on the ML-level of Isabelle/HOL. Second, it
 covers cases of binders depending on other binders, which just do not make
-sense for our alpha-equated terms. Third, it allows empty types that have no
+sense for our $\alpha$-equated terms. Third, it allows empty types that have no
 meaning in a HOL-based theorem prover. We also had to generalise slightly their
 binding clauses. In Ott you specify binding clauses with a single body; we
 allow more than one. We have to do this, because this makes a difference
-for our notion of alpha-equivalence in case of \isacommand{bind\_set} and
+for our notion of $\alpha$-equivalence in case of \isacommand{bind\_set} and
 \isacommand{bind\_res}. This makes
 \begin{center}
-\begin{tabular}{@ {}ll@ {}}
+\begin{tabular}{@ {}l@ {\hspace{2mm}}l@ {}}
-@{text "Foo\<^isub>1 xs::name fset x::name y::name"} &
+@{text "Foo\<^isub>1 xs::name fset t::trm s::trm"} &
-\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "x y"}\\
+\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "t s"}\\
-@{text "Foo\<^isub>2 xs::name fset x::name y::name"} &
+@{text "Foo\<^isub>2 xs::name fset t::trm s::trm"} &
-\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "x"},
+\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "t"},
-\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "y"}\\
+\isacommand{bind\_set} @{text "xs"} \isacommand{in} @{text "s"}\\
 \end{tabular}
 \end{center}
 \noindent
-behave differently. To see this, consider the following equations
+behave differently. In the first term-constructor, we essentially have a single
+body, which happens to be ``spread'' over two arguments; in the second we have
+two independent bodies, in which the same variables are bound. As a result we
+have
+\begin{center}
+\begin{tabular}{r@ {\hspace{1.5mm}}c@ {\hspace{1.5mm}}l}
+@{text "Foo\<^isub>1 {a, b} (a, b) (a, b)"} & $\not=$ &
+@{text "Foo\<^isub>1 {a, b} (a, b) (b, a)"}\\
+@{text "Foo\<^isub>2 {a, b} (a, b) (a, b)"} & $=$ &
+@{text "Foo\<^isub>2 {a, b} (a, b) (b, a)"}\\
+\end{tabular}
+\end{center}
+To see this, consider the following equations
 \begin{center}
 \begin{tabular}{c}
 @{term "Abs_print [a,b] (a, b) = Abs_print [a,b] (b, a)"}\\
 @{term "Abs_print [a,b] (a, b) = Abs_print [a,b] (a, b)"}\\
 can be indicated with some special constructs, written @{text "inner"} and
 @{text "outer"}. With this, it seems, our and his specifications can be
 inter-translated, but we have not proved this. However, we believe the
 binding specifications in the style of Ott are a more natural way for
 representing terms involving bindings. Pottier gives a definition for
-alpha-equivalence, which is similar to our binding mode \isacommand{bind}.
+$\alpha$-equivalence, which is similar to our binding mode \isacommand{bind}.
 Although he uses also a permutation in case of abstractions, his
 definition is rather different from ours. He proves that his notion
-of alpha-equivalence is indeed a equivalence relation, but a complete
+of $\alpha$-equivalence is indeed a equivalence relation, but a complete
 reasoning infrastructure is well beyond the purposes of his language.
 In a slightly different domain (programming with dependent types), the
 paper \cite{Altenkirch10} presents a calculus with a notion of
-alpha-equivalence related to our binding mode \isacommand{bind\_res}.
+$\alpha$-equivalence related to our binding mode \isacommand{bind\_res}.
 This definition is similar to the one by Pottier, except that it
 has a more operational flavour and calculates a partial (renaming) map.
 In this way they can handle vacous binders. However, their notion of
 equality between terms also includes rules for $\beta$ and to our
 knowledge no concrete mathematical result concerning their notion
 it can be downloaded from the Mercurial repository linked at
 \href{http://isabelle.in.tum.de/nominal/download}
 {http://isabelle.in.tum.de/nominal/download}.
 We have left out a discussion about how functions can be defined over
-alpha-equated terms that involve general binders. In earlier versions of Nominal
+$\alpha$-equated terms that involve general binders. In earlier versions of Nominal
 Isabelle \cite{UrbanBerghofer06} this turned out to be a thorny issue.  We
 hope to do better this time by using the function package that has recently
 been implemented in Isabelle/HOL and also by restricting function
 definitions to equivariant functions (for such functions it is possible to
 provide more automation).
 many discussions about Nominal Isabelle. We thank Peter Sewell for
 making the informal notes \cite{SewellBestiary} available to us and
 also for patiently explaining some of the finer points of the work on the Ott-tool. We
 also thank Stephanie Weirich for suggesting to separate the subgrammars
 of kinds and types in our Core-Haskell example.
+* Conference of Altenkirch *
 *}
 (*<*)
 end
 (*>*)

changeset 2341	f659ce282610
parent 2331	f170ee51eed2
child 2342	f296ef291ca9