diff -r 7a6b87adebc8 -r 66ef2a2c64fb Pearl-jv/Paper.thy --- a/Pearl-jv/Paper.thy Wed Apr 13 13:44:25 2011 +0100 +++ b/Pearl-jv/Paper.thy Fri Apr 22 00:18:25 2011 +0800 @@ -57,7 +57,7 @@ text {* Nominal Isabelle provides a proving infratructure for convenient reasoning - about syntax involving binders, such as lambda terms or type schemes: + about syntax involving binders, such as lambda terms or type schemes in Mini-ML: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{text "\x. t \{x\<^isub>1,\, x\<^isub>n}. \"} @@ -196,13 +196,14 @@ text {* \noindent - whereby the string argument specifies the sort of the atom.\footnote{A - similar design choice was made by Gunter et al \cite{GunterOsbornPopescu09} - for their variables.} The use of type \emph{string} for sorts is merely for - convenience; any countably infinite type would work as well. - The set of all atoms we shall write as @{term "UNIV::atom set"}. - We have two auxiliary functions for atoms, namely @{text sort} - and @{const nat_of} which are defined as + whereby the string argument specifies the sort of the + atom.\footnote{A similar design choice was made by Gunter et al + \cite{GunterOsbornPopescu09} for their variables.} The use of type + \emph{string} for sorts is merely for convenience; any countably + infinite type would work as well. In what follows we shall write + @{term "UNIV::atom set"} for the set of all atoms. We also have two + auxiliary functions for atoms, namely @{text sort} and @{const + nat_of} which are defined as \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l} @@ -221,8 +222,8 @@ \end{proposition} For implementing sort-respecting permutations, we use functions of type @{typ - "atom => atom"} that @{text "i)"} are bijective; @{text "ii)"} are the - identity on all atoms, except a finite number of them; and @{text "iii)"} map + "atom => atom"} that are bijective; are the + identity on all atoms, except a finite number of them; and map each atom to one of the same sort. These properties can be conveniently stated in Isabelle/HOL for a function @{text \} as follows: @@ -241,7 +242,7 @@ written @{term id}, is included in @{typ perm}. Also function composition, written \mbox{@{text "_ \ _"}}, and function inversion, given by Isabelle/HOL's inverse operator and written \mbox{@{text "inv _"}}, preserve the properties - @{text "i"}-@{text "iii"}. + (\ref{permtype}.@{text "i"}-@{text "iii"}). However, a moment of thought is needed about how to construct non-trivial permutations. In the nominal logic work it turned out to be most convenient @@ -299,8 +300,8 @@ \end{isabelle} \noindent - are \emph{equal}. Another advantage of the function representation is that - they form a (non-com\-mu\-ta\-tive) group provided we define + are \emph{equal} and can be used interchangeably. Another advantage of the function + representation is that they form a (non-com\-mu\-ta\-tive) group provided we define \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{10mm}}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l} @@ -334,7 +335,7 @@ composition of permutations is not commutative in general; for example \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - @{text "(a b) + (b c) \ (b c) + (a b)"} + @{text "(a b) + (b c) \ (b c) + (a b)"}\;. \end{isabelle} \noindent @@ -343,16 +344,17 @@ the non-standard notation in order to reuse the existing libraries. A \emph{permutation operation}, written infix as @{text "\ \ x"}, - applies a permutation @{text "\"} to an object @{text "x"} of type - @{text \}, say. This operation has the type + applies a permutation @{text "\"} to an object @{text "x"}. This + operation has the type \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{text "_ \ _ :: perm \ \ \ \"} \end{isabelle} \noindent - and will be defined over the hierarchie of types. - Isabelle/HOL allows us to give a definition of this operation for + whereby @{text "\"} is a generic type for @{text x}. The definition of this operation will be + given by in terms of `induction' over this generic type. The type-class mechanism + of Isabelle/HOL \cite{Wenzel04} allows us to give a definition for `base' types, such as atoms, permutations, booleans and natural numbers: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @@ -377,8 +379,9 @@ \end{tabular}\hfill\numbered{permdefsconstrs} \end{isabelle} - In order to reason abstractly about this operation, - we use Isabelle/HOL's type classes~\cite{Wenzel04} and state the following two + \noindent + The type classes also allow us to reason abstractly about the permutation operation. + For this we state the following two \emph{permutation properties}: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @@ -446,8 +449,8 @@ the right-hand side, simplifying the beta-redex and eliminating the permutations in front of @{text x} using \eqref{cancel}. - The use of type classes allows us to delegate much of the routine - resoning involved in determining whether the permutation properties + The main benefit of the use of type classes is that it allows us to delegate + much of the routine resoning involved in determining whether the permutation properties are satisfied to Isabelle/HOL's type system: we only have to establish that base types satisfy them and that type-constructors preserve them. Isabelle/HOL will use this information and determine @@ -503,8 +506,9 @@ \end{isabelle} \noindent - whereby @{text c} stands for constants and @{text x} for - variables. We assume HOL-terms are fully typed, but for the sake of + where @{text c} stands for constants and @{text x} for + variables. + We assume HOL-terms are fully typed, but for the sake of greater legibility we leave the typing information implicit. We also assume the usual notions for free and bound variables of a HOL-term. Furthermore, it is custom in HOL to regard terms as equal @@ -520,9 +524,9 @@ \end{definition} \noindent - We will primarily be interested in the cases where @{text t} is a constant, but - of course there is no way to restrict this definition in Isabelle/HOL so that it - applies to just constants. + In what follows we will primarily be interested in the cases where @{text t} + is a constant, but of course there is no way in Isabelle/HOL to restrict + this definition to just these cases. There are a number of equivalent formulations for the equivariance property. For example, assuming @{text t} is of permutation type @{text "\ \ @@ -542,7 +546,7 @@ \eqref{cancel}. To see the other direction, we use \eqref{permutefunapp}. Similarly for HOL-terms that take more than one argument. The point to note is that equivariance and equivariance in fully - applied form are always interderivable. + applied form are (for permutation types) always interderivable. Both formulations of equivariance have their advantages and disadvantages: \eqref{altequivariance} is usually more convenient to @@ -553,12 +557,13 @@ \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}l} @{thm eq_eqvt[where p="\", no_vars]} - \end{tabular} + \end{tabular}\hfill\numbered{eqeqvt} \end{isabelle} \noindent using the permutation operation on booleans and property - \eqref{permuteequ}. Lemma~\ref{permutecompose} establishes that the + \eqref{permuteequ}. + Lemma~\ref{permutecompose} establishes that the permutation operation is equivariant. The permutation operation for lists and products, shown in \eqref{permdefsconstrs}, state that the constructors for products, @{text "Nil"} and @{text Cons} are @@ -576,128 +581,156 @@ @{const True} and @{const False} are equivariant by the definition of the permutation operation for booleans. It is easy to see that the boolean operators, like @{text "\"}, @{text "\"}, @{text - "\"} and @{text "\"}, are all equivariant too. (see ??? intro) - - In contrast, the advantage of Definition \ref{equivariance} is that - it leads to a relatively simple rewrite system that allows us to `push' a permutation, - say @{text \}, towards the leaves of a HOL-term (i.e.~constants and - variables). Then the permutation disappears in cases where the - constants are equivariant, since by Definition \ref{equivariance} we - have @{term "\ \ c = c"}. What we will show next is that for a HOL-term - @{term t} containing only equivariant constants, a permutation can be pushed - inside this term and the only instances remaining are in front of - the free variables of @{text t}. We can only show this by a meta-argument, - that means one we cannot formalise inside Isabelle/HOL. But we can invoke - it in form of a tactic programmed on the ML-level of Isabelle/HOL. - This tactic is a rewrite systems consisting of `oriented' equations. - - A permutation @{text \} can be - pushed into applications and abstractions as follows + "\"} and @{text "\"}, are equivariant too; for example we have \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}{@ {}lrcl} - i) & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ - & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\\ - ii) & @{text "\ \ (\x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\x. \ \ (t[x := (-\) \ x])"}\\ + \begin{tabular}{@ {}lcl} + @{text "\ \ (A \ B) = (\ \ A) \ (\ \ B)"}\\ + @{text "\ \ (A \ B) = (\ \ A) \ (\ \ B)"}\\ + \end{tabular} + \end{isabelle} + + \noindent + by the definition of the permutation operation acting on booleans. + + In contrast, the advantage of Definition \ref{equivariance} is that + it leads to a relatively simple rewrite system that allows us to `push' a permutation + towards the leaves of a HOL-term (i.e.~constants and + variables). Then the permutation disappears in cases where the + constants are equivariant. We have implemented this rewrite system + as a simplification tactic on the ML-level of Isabelle/HOL. Having this tactic + at our disposal, together with a collection of constants for which + equivariance is already established, we can automatically establish + equivariance of a constant for which equivariance is not yet known. For this we only have to + make sure that the definiens of this constant + is a HOL-term whose constants are all equivariant. In what follows + we shall specify this tactic and argue that it terminates and + is correct (in the sense of pushing a + permutation @{text "\"} inside a term and the only remaining + instances of @{text "\"} are in front of the term's free variables). + + The simplifiaction tactic is a rewrite systems consisting of four `oriented' + equations. We will first give a naive version of this tactic, which however + is in some cornercases incorrect and does not terminate, and then modify + it in order to obtain the desired properties. A permutation @{text \} can + be pushed into applications and abstractions as follows + + \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% + \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} + i) & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\\ + ii) & @{text "\ \ (\x. t)"} & \rrh & @{text "\x. \ \ (t[x := (-\) \ x])"}\\ \end{tabular}\hfill\numbered{rewriteapplam} \end{isabelle} \noindent - The first rule we established in \eqref{permutefunapp}; + The first equation we established in \eqref{permutefunapp}; the second follows from the definition of permutations acting on functions and the fact that HOL-terms are equal modulo beta-equivalence. Once the permutations are pushed towards the leaves we need the - following two rules + following two equations \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}{@ {}lrcl} - iii) & @{term "\ \ (- \) \ x"} & $\stackrel{\rightharpoonup}{=}$ & @{term "x"}\\ - iv) & @{term "\ \ c"} & $\stackrel{\rightharpoonup}{=}$ & - @{term "c"}\hspace{6mm}provided @{text c} is equivariant\\ + \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} + iii) & @{term "\ \ (- \) \ x"} & \rrh & @{term "x"}\\ + iv) & @{term "\ \ c"} & \rrh & + {\rm @{term "c"}\hspace{6mm}provided @{text c} is equivariant}\\ \end{tabular}\hfill\numbered{rewriteother} \end{isabelle} \noindent - in order to remove permuations in front of bound variables and equivariant constants. - - In order to obtain a terminating rewrite system, we have to be - careful with rule ({\it i}). It can lead to a loop whenever - \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "\' \ t'"}. Consider - for example the infinite reduction sequence + in order to remove permuations in front of bound variables and + equivariant constants. Unfortunately, we have to be careful with + the rules {\it i)} and {\it iv}): they can lead to a loop whenever + \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "((op \) \') t"}. Note + that we usually write this application using infix notation as + @{text "\ \ t"} and recall that by Lemma \ref{permutecompose} the + constant @{text "(op \)"} is equivariant. Now consider the infinite + reduction sequence \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}l} - @{text "\ \ (\' \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\ - @{text "(\ \ \') \ (\ \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\ - @{text "((\ \ \') \ \) \ ((\ \ \') \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots$\\ + @{text "\ \ (\' \ t)"} + $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$ + @{text "(\ \ \') \ (\ \ t)"} + $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$ + @{text "((\ \ \') \ \) \ ((\ \ \') \ t)"}~~\ldots% + \end{tabular} \end{isabelle} \noindent - where the last step is again an instance of the first term, but it is - bigger (note that for the permutation operation we have that @{text - "\ \ (op \) = (op \)"} since as shown in Lemma \ref{permutecompose} - \mbox{@{text "(op \)"}} is equivariant). In order to avoid this loop - we need to apply these rules using an `outside to inside' strategy. - This strategy is sufficient since we are only interested of rewriting - terms of the form @{term "\ \ t"}. + where the last step is again an instance of the first term, but it + is bigger. To avoid this loop we need to apply our rewrite rule + using an `outside to inside' strategy. This strategy is sufficient + since we are only interested of rewriting terms of the form @{term + "\ \ t"}, where an outermost permutation needs to pushed inside a term. - Another problem we have to avoid is that the rules ({\it i}) and - ({\it iii}) can `overlap'. For this note that - the term @{term "\ \(\x. x)"} reduces to @{term "\x. \ \ (- \) \ - x"}, to which we can apply rule ({\it iii}) in order to obtain - @{term "\x. x"}, as is desired. However, the subterm term @{text + Another problem we have to avoid is that the rules {\it i)} and + {\it iii)} can `overlap'. For this note that + the term @{term "\ \(\x. x)"} reduces by {\it ii)} to + @{term "\x. \ \ (- \) \ x"}, to which we can apply rule {\it iii)} + in order to obtain @{term "\x. x"}, as is desired---there is no + free variable in the original term and so the permutation should completely + vanish. However, the subterm @{text "(- \) \ x"} is also an application. Consequently, the term @{term "\x. \ \ (- \) \x"} can reduce to @{text "\x. (- (\ \ \)) \ (\ \ x)"} using - ({\it i}). Now we cannot apply rule ({\it iii}) anymore and even - worse the measure we will introduce shortly increases. On the - other hand, if we started with the term @{text "\ \ ((- \) \ x)"} - where @{text \} and @{text x} are free variables, then we do - want to apply rule ({\it i}), rather than rule ({\it iii}) which - would eliminate @{text \} completely. This is a problem because we - want to keep the shape of the HOL-term intact during rewriting. - As a remedy we use a standard trick in HOL: we introduce - a separate definition for terms of the form @{text "(- \) \ x"}, - namely as + {\it i)}. Given our strategy we cannot apply rule {\it iii)} anymore and + even worse the measure we will introduce shortly increased. On the + other hand, if we had started with the term @{text "\ \ ((- \) \ x)"} + where @{text \} and @{text x} are free variables, then we \emph{do} + want to apply rule {\it i)} and not rule {\it iii)}. The latter + would eliminate @{text \} completely. The problem is that rule {\it iii)} + should only apply to instances where the variable is to bound; for free variables + we want to use {\it ii)}. + + The problem is that in order to distinguish both cases when + inductively taking a term `apart', we have to maintain the + information which variable is bound. This, unfortunately, does not + mesh well with the way how simplification tactics are implemented in + Isabelle/HOL. Our remedy is to use a standard trick in HOL: we + introduce a separate definition for terms of the form @{text "(- \) + \ x"}, namely as \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{term "unpermute \ x \ (- \) \ x"} \end{isabelle} \noindent - The point is that we will always start with a term that does not - contain any @{text unpermutes}. With this trick we can reformulate - our rewrite rules as follows + The point is that now we can formulate the rewrite rules as follows \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}lrcl} - i') & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ & + i') & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\hspace{45mm}\mbox{}\\ - \multicolumn{4}{r}{provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \ x"}}\smallskip\\ - ii') & @{text "\ \ (\x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\x. \ \ (t[x := unpermute \ x])"}\\ - iii') & @{text "\ \ (unpermute \ x)"} & $\stackrel{\rightharpoonup}{=}$ & @{term x}\\ - iv') & @{term "\ \ c"} & $\stackrel{\rightharpoonup}{=}$ & @{term "c"} - \hspace{6mm}provided @{text c} is equivariant\\ + \multicolumn{4}{r}{\rm provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \ x"}}\smallskip\\ + ii') & @{text "\ \ (\x. t)"} & \rrh & @{text "\x. \ \ (t[x := unpermute \ x])"}\\ + iii') & @{text "\ \ (unpermute \ x)"} & \rrh & @{term x}\\ + iv') & @{term "\ \ c"} & \rrh & @{term "c"} + \hspace{6mm}{\rm provided @{text c} is equivariant}\\ \end{tabular} \end{isabelle} \noindent - None of these rules overlap. To see that the permutation on the - right-hand side is applied to a smaller term, we take the measure - consisting of lexicographically ordered pairs whose first component - is the size of a term (without counting @{text unpermutes}) and the - second is the number of occurences of @{text "unpermute \ x"} and - @{text "\ \ c"}. This means the process of applying these rules - with our `outside-to-inside' strategy must terminate. + and @{text unpermutes} are only generated in case of bound variables. + Clearly none of these rules overlap. Moreover, given our + outside-to-inside strategy, they terminate. To see this, notice that + the permutation on the right-hand side of the rewrite rules is + always applied to a smaller term, provided we take the measure consisting + of lexicographically ordered pairs whose first component is the size + of a term (counting terms of the form @{text "unpermute \ x"} as + leaves) and the second is the number of occurences of @{text + "unpermute \ x"} and @{text "\ \ c"}. - With the rewriting system in plcae, we are able to establish the - fact that for a HOL-term @{text t} whose constants are all equivariant, - the HOL-term @{text "\ \ t"} is equal to @{text "t'"} wherby - @{text "t'"} is equal to @{text t} except that every free variable - @{text x} of @{text t} is replaced by @{text "\ \ x"}. Pitts calls - this fact \emph{equivariance principle}. In our setting the precise - statement of this fact is a bit more involved because of the fact - that @{text unpermute} needs to be treated specially. + With the definition of the simplification tactic in place, we can + establish its correctness. The property we are after is that for for + a HOL-term @{text t} whose constants are all equivariant, the + HOL-term @{text "\ \ t"} is equal to @{text "t'"} with @{text "t'"} + being equal to @{text t} except that every free variable @{text x} + in @{text t} is replaced by @{text "\ \ x"}. Pitts calls this + property \emph{equivariance principle} (book ref ???). In our + setting the precise statement of this property is a slightly more + involved because of the fact that @{text unpermutes} needs to be + treated specially. \begin{theorem}[Equivariance Principle] Suppose a HOL-term @{text t} does not contain any @{text unpermutes} and all @@ -723,30 +756,7 @@ For an equivariant HOL-term @{text "t"}, @{term "\ \ t = t"} for all permutations @{term "\"}. \end{lemma} - \begin{proof} - By induction on the grammar of HOL-terms. The case for variables cannot arise since - equivariant HOL-terms are closed. The case for constants is clear by Definition - \ref{equivariance}. The case for applications is also straightforward since by - \eqref{permutefunapp} we have @{term "\ \ (t\<^isub>1 t\<^isub>2) = (\ \ t\<^isub>1) (\ \ t\<^isub>2)"}. - For the case of abstractions we can reason as follows - - \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}[b]{@ {}c@ {\hspace{2mm}}l@ {\hspace{8mm}}l} - & @{text "\ \ (\x. t)"}\\ - @{text "\"} & @{text "\y. \ \ ((\x. t) ((-\) \ y))"} & by \eqref{permdefsconstrs}\\ - - \end{tabular}\hfill\qed - \end{isabelle} - \end{proof} - - database of equivariant functions - - Such a rewrite system is often very helpful - in determining whether @{text "\ \ t = t"} holds for a compound term @{text t}. ??? - - For this we have implemented in Isabelle/HOL a - database of equivariant constants that can be used to rewrite - HOL-terms. + Let us now see how to use the equivariance principle. We have *}