diff -r ea0cdb7c6455 -r 2668486b684a Quotient-Paper/Paper.thy --- a/Quotient-Paper/Paper.thy Fri Oct 29 14:25:50 2010 +0900 +++ b/Quotient-Paper/Paper.thy Fri Oct 29 15:37:24 2010 +0100 @@ -114,14 +114,15 @@ \end{isabelle} \noindent - This constructions yields the new type @{typ int} and definitions for @{text + This constructions yields the new type @{typ int}, and definitions for @{text "0"} and @{text "1"} of type @{typ int} can be given in terms of pairs of natural numbers (namely @{text "(0, 0)"} and @{text "(1, 0)"}). Operations such as @{text "add"} with type @{typ "int \ int \ int"} can be defined in terms of operations on pairs of natural numbers (namely @{text "add_pair (n\<^isub>1, m\<^isub>1) (n\<^isub>2, m\<^isub>2) \ (n\<^isub>1 + n\<^isub>2, m\<^isub>1 + m\<^isub>2)"}). - Similarly one can construct the type of finite sets, written @{term "\ fset"}, + Similarly one can construct %%the type of + finite sets, written @{term "\ fset"}, by quotienting the type @{text "\ list"} according to the equivalence relation \begin{isabelle}\ \ \ \ \ %%% @@ -137,13 +138,12 @@ Quotients are important in a variety of areas, but they are really ubiquitous in the area of reasoning about programming language calculi. A simple example is the lambda-calculus, whose raw terms are defined as - - - \begin{isabelle}\ \ \ \ \ %%% - @{text "t ::= x | t t | \x.t"}\hfill\numbered{lambda} - \end{isabelle} - - \noindent + % + %\begin{isabelle}\ \ \ \ \ %%% + @{text "t ::= x | t t | \x.t"}%\hfill\numbered{lambda} + %\end{isabelle} + % + %\noindent The problem with this definition arises, for instance, when one attempts to prove formally the substitution lemma \cite{Barendregt81} by induction over the structure of terms. This can be fiendishly complicated (see @@ -181,7 +181,7 @@ %%% I wouldn't change it. \begin{center} - \mbox{}\hspace{20mm}\begin{tikzpicture} + \mbox{}\hspace{20mm}\begin{tikzpicture}[scale=0.9] %%\draw[step=2mm] (-4,-1) grid (4,1); \draw[very thick] (0.7,0.3) circle (4.85mm); @@ -201,20 +201,20 @@ \draw[<-, very thick] (-1.8, 0.16) -- (-0.1,0.16); \draw (-0.95, 0.26) node[above=0.4mm] {@{text Rep}}; \draw (-0.95, 0.26) node[below=0.4mm] {@{text Abs}}; - \end{tikzpicture} \end{center} \noindent The starting point is an existing type, to which we refer as the - \emph{raw type} and over which an equivalence relation given by the user is - defined. With this input the package introduces a new type, to which we + \emph{raw type} and over which an equivalence relation is given by the user. + With this input the package introduces a new type, to which we refer as the \emph{quotient type}. This type comes with an \emph{abstraction} and a \emph{representation} function, written @{text Abs} and @{text Rep}.\footnote{Actually slightly more basic functions are given; the functions @{text Abs} and @{text Rep} need to be derived from them. We will show the details later. } They relate elements in the - existing type to elements in the new type and vice versa, and can be uniquely + existing type to elements in the new type, % and vice versa, + and can be uniquely identified by their quotient type. For example for the integer quotient construction the types of @{text Abs} and @{text Rep} are @@ -262,7 +262,8 @@ \end{isabelle} \noindent - where @{text "@"} is the usual list append. We expect that the corresponding + where @{text "@"} is %the usual + list append. We expect that the corresponding operator on finite sets, written @{term "fconcat"}, builds finite unions of finite sets: @@ -290,7 +291,8 @@ cumbersome and inelegant in light of our work, which can deal with such definitions directly. The solution is that we need to build aggregate representation and abstraction functions, which in case of @{text "\"} - generate the following definition + generate the %%%following + definition \begin{isabelle}\ \ \ \ \ %%% @{text "\ S \ Abs_fset (flat ((map_list Rep_fset \ Rep_fset) S))"} @@ -391,7 +393,7 @@ which define equivalence relations in terms of constituent equivalence relations. For example given two equivalence relations @{text "R\<^isub>1"} and @{text "R\<^isub>2"}, we can define an equivalence relations over - products as follows + products as %% follows \begin{isabelle}\ \ \ \ \ %%% @{text "(R\<^isub>1 \ R\<^isub>2) (x\<^isub>1, x\<^isub>2) (y\<^isub>1, y\<^isub>2) \ R\<^isub>1 x\<^isub>1 y\<^isub>1 \ R\<^isub>2 x\<^isub>2 y\<^isub>2"} @@ -481,8 +483,7 @@ \begin{isabelle}\ \ \ \ \ %%% \begin{tabular}{r@ {\hspace{1mm}}l} @{text "Quot"} & @{text "(rel_list R \\\ \\<^bsub>list\<^esub>)"}\\ - & @{text "(Abs_fset \ map_list Abs)"}\\ - & @{text "(map_list Rep \ Rep_fset)"}\\ + & @{text "(Abs_fset \ map_list Abs)"} @{text "(map_list Rep \ Rep_fset)"}\\ \end{tabular} \end{isabelle} *} @@ -606,7 +607,7 @@ \hfill \begin{tabular}{@ {\hspace{2mm}}l@ {}} \multicolumn{1}{@ {}l}{equal types:}\\ - @{text "ABS (\, \)"} $\dn$ @{text "id :: \ \ \"}\\ + @{text "ABS (\, \)"} $\dn$ @{text "id :: \ \ \"}\hspace{5mm}%\\ @{text "REP (\, \)"} $\dn$ @{text "id :: \ \ \"}\smallskip\\ \multicolumn{1}{@ {}l}{function types:}\\ @{text "ABS (\\<^isub>1 \ \\<^isub>2, \\<^isub>1 \ \\<^isub>2)"} $\dn$ @{text "REP (\\<^isub>1, \\<^isub>1) \ ABS (\\<^isub>2, \\<^isub>2)"}\\ @@ -689,7 +690,7 @@ In our implementation we further simplify this function by rewriting with the usual laws about @{text "map"}s and @{text "id"}, for example @{term "map_list id = id"} and @{text "f \ id = - id \ f = f"}. This gives us the simpler abstraction function + id \ f = f"}. This gives us %%%the simpler abstraction function \begin{isabelle}\ \ \ \ \ %%% @{text "(map_list Rep_fset \ Rep_fset) \ Abs_fset"} @@ -708,12 +709,12 @@ distinguish between arguments and results, but can deal with them uniformly. Consequently, all definitions in the quotient package are of the general form - - \begin{isabelle}\ \ \ \ \ %%% - @{text "c \ ABS (\, \) t"} - \end{isabelle} - - \noindent + % + %\begin{isabelle}\ \ \ \ \ %%% + \mbox{@{text "c \ ABS (\, \) t"}} + %\end{isabelle} + % + %\noindent where @{text \} is the type of the definiens @{text "t"} and @{text "\"} the type of the defined quotient constant @{text "c"}. This data can be easily generated from the declaration given by the user. @@ -757,7 +758,8 @@ two restrictions in form of proof obligations that arise during the lifting. The reason is that even if definitions for all raw constants can be given, \emph{not} all theorems can be lifted to the quotient type. Most - notable is the bound variable function, that is the constant @{text bn}, defined + notable is the bound variable function %%, that is the constant @{text bn}, + defined for raw lambda-terms as follows \begin{isabelle} @@ -790,7 +792,7 @@ \begin{center} \hfill \begin{tabular}{l} - \multicolumn{1}{@ {}l}{equal types:}\\ + \multicolumn{1}{@ {}l}{equal types:} @{text "REL (\, \)"} $\dn$ @{text "= :: \ \ \ \ bool"}\smallskip\\ \multicolumn{1}{@ {}l}{equal type constructors:}\\ @{text "REL (\s \, \s \)"} $\dn$ @{text "rel_\ (REL (\s, \s))"}\smallskip\\ @@ -810,12 +812,12 @@ lift to a theorem where @{text "c\<^isub>r"} is replaced by the corresponding constant @{text "c\<^isub>q :: \"} defined over a quotient type. In this situation we generate the following proof obligation - - \begin{isabelle}\ \ \ \ \ %%% - @{text "REL (\, \) c\<^isub>r c\<^isub>r"} - \end{isabelle} - - \noindent + % + %\begin{isabelle}\ \ \ \ \ %%% + @{text "REL (\, \) c\<^isub>r c\<^isub>r"}. + %\end{isabelle} + % + %\noindent Homeier calls these proof obligations \emph{respectfulness theorems}. However, unlike his quotient package, we might have several respectfulness theorems for one constant---he has at most one. @@ -826,13 +828,13 @@ Before lifting a theorem, we require the user to discharge respectfulness proof obligations. In case of @{text bn} - this obligation is as follows - - \begin{isabelle}\ \ \ \ \ %%% + this obligation is %%as follows + % + %\begin{isabelle}\ \ \ \ \ %%% @{text "(\\<^isub>\ \ =) bn bn"} - \end{isabelle} - - \noindent + %\end{isabelle} + % + %\noindent and the point is that the user cannot discharge it: because it is not true. To see this, we can just unfold the definition of @{text "\"} \eqref{relfun} using extensionality to obtain the false statement @@ -842,8 +844,8 @@ \end{isabelle} \noindent - In contrast, if we lift a theorem about @{text "append"} to a theorem describing - the union of finite sets, then we need to discharge the proof obligation + In contrast, lifting a theorem about @{text "append"} to a theorem describing + the union of finite sets will mean to discharge the proof obligation \begin{isabelle}\ \ \ \ \ %%% @{text "(\\<^bsub>list\<^esub> \ \\<^bsub>list\<^esub> \ \\<^bsub>list\<^esub>) append append"} @@ -1007,21 +1009,21 @@ % \begin{center} \begin{tabular}{@ {}l@ {}} - \multicolumn{1}{@ {}l@ {}}{abstractions:}\smallskip\\ + \multicolumn{1}{@ {}l@ {}}{abstractions:}\\%%\smallskip\\ @{text "REG (\x\<^sup>\. t, \x\<^sup>\. s)"} $\dn$ $\begin{cases} @{text "\x\<^sup>\. REG (t, s)"} \quad\mbox{provided @{text "\ = \"}}\\ @{text "\x\<^sup>\ \ Resp (REL (\, \)). REG (t, s)"} - \end{cases}$\smallskip\\ + \end{cases}$\\%%\smallskip\\ \multicolumn{1}{@ {}l@ {}}{universal quantifiers:}\\ @{text "REG (\x\<^sup>\. t, \x\<^sup>\. s)"} $\dn$ $\begin{cases} @{text "\x\<^sup>\. REG (t, s)"} \quad\mbox{provided @{text "\ = \"}}\\ @{text "\x\<^sup>\ \ Resp (REL (\, \)). REG (t, s)"} - \end{cases}$\smallskip\\ - \multicolumn{1}{@ {}l@ {}}{equality:}\smallskip\\ + \end{cases}$\\%%\smallskip\\ + \multicolumn{1}{@ {}l@ {}}{equality: \hspace{3mm}%%}\smallskip\\ %% REL of two equal types is the equality so we do not need a separate case - @{text "REG (=\<^bsup>\\\\bool\<^esup>, =\<^bsup>\\\\bool\<^esup>)"} $\dn$ @{text "REL (\, \)"}\smallskip\\ + @{text "REG (=\<^bsup>\\\\bool\<^esup>, =\<^bsup>\\\\bool\<^esup>)"} $\dn$ @{text "REL (\, \)"}}\smallskip\\ \multicolumn{1}{@ {}l@ {}}{applications, variables and constants:}\\ @{text "REG (t\<^isub>1 t\<^isub>2, s\<^isub>1 s\<^isub>2)"} $\dn$ @{text "REG (t\<^isub>1, s\<^isub>1) REG (t\<^isub>2, s\<^isub>2)"}\\ @{text "REG (x\<^isub>1, x\<^isub>2)"} $\dn$ @{text "x\<^isub>1"}\\ @@ -1236,13 +1238,13 @@ %% %% give an example for this %% - \medskip + \smallskip \noindent {\bf Acknowledgements:} We would like to thank Peter Homeier for the many - discussions about his HOL4 quotient package and explaining to us - some of its finer points in the implementation. Without his patient - help, this work would have been impossible. + discussions about his HOL4 quotient package.\\[-5mm]% and explaining to us + %some of its finer points in the implementation. Without his patient + %help, this work would have been impossible. % \appendix