# HG changeset patch # User Christian Urban # Date 1303402705 -28800 # Node ID 66ef2a2c64fbfb0c5cdd894eb59b61122e3b3beb # Parent 7a6b87adebc8a19bf07e0a8e8a4c21b38da1087b more to the pearl paper diff -r 7a6b87adebc8 -r 66ef2a2c64fb Nominal/Nominal2_Base.thy --- a/Nominal/Nominal2_Base.thy Wed Apr 13 13:44:25 2011 +0100 +++ b/Nominal/Nominal2_Base.thy Fri Apr 22 00:18:25 2011 +0800 @@ -2398,11 +2398,6 @@ lemma list_renaming_perm: shows "\q. (\b \ set bs. q \ b = p \ b) \ supp q \ set bs \ (p \ set bs)" proof (induct bs) - case Nil - have "(\b \ set []. 0 \ b = p \ b) \ supp (0::perm) \ set [] \ p \ set []" - by (simp add: supp_zero_perm) - then show "\q. (\b \ set []. q \ b = p \ b) \ supp q \ set [] \ p \ (set [])" by blast -next case (Cons a bs) then have " \q. (\b \ set bs. q \ b = p \ b) \ supp q \ set bs \ p \ (set bs)" by simp then obtain q where *: "\b \ set bs. q \ b = p \ b" and **: "supp q \ set bs \ p \ (set bs)" @@ -2443,6 +2438,11 @@ } ultimately show "\q. (\b \ set (a # bs). q \ b = p \ b) \ supp q \ set (a # bs) \ p \ (set (a # bs))" by blast +next + case Nil + have "(\b \ set []. 0 \ b = p \ b) \ supp (0::perm) \ set [] \ p \ set []" + by (simp add: supp_zero_perm) + then show "\q. (\b \ set []. q \ b = p \ b) \ supp q \ set [] \ p \ (set [])" by blast qed diff -r 7a6b87adebc8 -r 66ef2a2c64fb Pearl-jv/Paper.thy --- a/Pearl-jv/Paper.thy Wed Apr 13 13:44:25 2011 +0100 +++ b/Pearl-jv/Paper.thy Fri Apr 22 00:18:25 2011 +0800 @@ -57,7 +57,7 @@ text {* Nominal Isabelle provides a proving infratructure for convenient reasoning - about syntax involving binders, such as lambda terms or type schemes: + about syntax involving binders, such as lambda terms or type schemes in Mini-ML: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{text "\x. t \{x\<^isub>1,\, x\<^isub>n}. \"} @@ -196,13 +196,14 @@ text {* \noindent - whereby the string argument specifies the sort of the atom.\footnote{A - similar design choice was made by Gunter et al \cite{GunterOsbornPopescu09} - for their variables.} The use of type \emph{string} for sorts is merely for - convenience; any countably infinite type would work as well. - The set of all atoms we shall write as @{term "UNIV::atom set"}. - We have two auxiliary functions for atoms, namely @{text sort} - and @{const nat_of} which are defined as + whereby the string argument specifies the sort of the + atom.\footnote{A similar design choice was made by Gunter et al + \cite{GunterOsbornPopescu09} for their variables.} The use of type + \emph{string} for sorts is merely for convenience; any countably + infinite type would work as well. In what follows we shall write + @{term "UNIV::atom set"} for the set of all atoms. We also have two + auxiliary functions for atoms, namely @{text sort} and @{const + nat_of} which are defined as \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l} @@ -221,8 +222,8 @@ \end{proposition} For implementing sort-respecting permutations, we use functions of type @{typ - "atom => atom"} that @{text "i)"} are bijective; @{text "ii)"} are the - identity on all atoms, except a finite number of them; and @{text "iii)"} map + "atom => atom"} that are bijective; are the + identity on all atoms, except a finite number of them; and map each atom to one of the same sort. These properties can be conveniently stated in Isabelle/HOL for a function @{text \} as follows: @@ -241,7 +242,7 @@ written @{term id}, is included in @{typ perm}. Also function composition, written \mbox{@{text "_ \ _"}}, and function inversion, given by Isabelle/HOL's inverse operator and written \mbox{@{text "inv _"}}, preserve the properties - @{text "i"}-@{text "iii"}. + (\ref{permtype}.@{text "i"}-@{text "iii"}). However, a moment of thought is needed about how to construct non-trivial permutations. In the nominal logic work it turned out to be most convenient @@ -299,8 +300,8 @@ \end{isabelle} \noindent - are \emph{equal}. Another advantage of the function representation is that - they form a (non-com\-mu\-ta\-tive) group provided we define + are \emph{equal} and can be used interchangeably. Another advantage of the function + representation is that they form a (non-com\-mu\-ta\-tive) group provided we define \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{10mm}}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l} @@ -334,7 +335,7 @@ composition of permutations is not commutative in general; for example \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - @{text "(a b) + (b c) \ (b c) + (a b)"} + @{text "(a b) + (b c) \ (b c) + (a b)"}\;. \end{isabelle} \noindent @@ -343,16 +344,17 @@ the non-standard notation in order to reuse the existing libraries. A \emph{permutation operation}, written infix as @{text "\ \ x"}, - applies a permutation @{text "\"} to an object @{text "x"} of type - @{text \}, say. This operation has the type + applies a permutation @{text "\"} to an object @{text "x"}. This + operation has the type \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{text "_ \ _ :: perm \ \ \ \"} \end{isabelle} \noindent - and will be defined over the hierarchie of types. - Isabelle/HOL allows us to give a definition of this operation for + whereby @{text "\"} is a generic type for @{text x}. The definition of this operation will be + given by in terms of `induction' over this generic type. The type-class mechanism + of Isabelle/HOL \cite{Wenzel04} allows us to give a definition for `base' types, such as atoms, permutations, booleans and natural numbers: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @@ -377,8 +379,9 @@ \end{tabular}\hfill\numbered{permdefsconstrs} \end{isabelle} - In order to reason abstractly about this operation, - we use Isabelle/HOL's type classes~\cite{Wenzel04} and state the following two + \noindent + The type classes also allow us to reason abstractly about the permutation operation. + For this we state the following two \emph{permutation properties}: \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @@ -446,8 +449,8 @@ the right-hand side, simplifying the beta-redex and eliminating the permutations in front of @{text x} using \eqref{cancel}. - The use of type classes allows us to delegate much of the routine - resoning involved in determining whether the permutation properties + The main benefit of the use of type classes is that it allows us to delegate + much of the routine resoning involved in determining whether the permutation properties are satisfied to Isabelle/HOL's type system: we only have to establish that base types satisfy them and that type-constructors preserve them. Isabelle/HOL will use this information and determine @@ -503,8 +506,9 @@ \end{isabelle} \noindent - whereby @{text c} stands for constants and @{text x} for - variables. We assume HOL-terms are fully typed, but for the sake of + where @{text c} stands for constants and @{text x} for + variables. + We assume HOL-terms are fully typed, but for the sake of greater legibility we leave the typing information implicit. We also assume the usual notions for free and bound variables of a HOL-term. Furthermore, it is custom in HOL to regard terms as equal @@ -520,9 +524,9 @@ \end{definition} \noindent - We will primarily be interested in the cases where @{text t} is a constant, but - of course there is no way to restrict this definition in Isabelle/HOL so that it - applies to just constants. + In what follows we will primarily be interested in the cases where @{text t} + is a constant, but of course there is no way in Isabelle/HOL to restrict + this definition to just these cases. There are a number of equivalent formulations for the equivariance property. For example, assuming @{text t} is of permutation type @{text "\ \ @@ -542,7 +546,7 @@ \eqref{cancel}. To see the other direction, we use \eqref{permutefunapp}. Similarly for HOL-terms that take more than one argument. The point to note is that equivariance and equivariance in fully - applied form are always interderivable. + applied form are (for permutation types) always interderivable. Both formulations of equivariance have their advantages and disadvantages: \eqref{altequivariance} is usually more convenient to @@ -553,12 +557,13 @@ \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}l} @{thm eq_eqvt[where p="\", no_vars]} - \end{tabular} + \end{tabular}\hfill\numbered{eqeqvt} \end{isabelle} \noindent using the permutation operation on booleans and property - \eqref{permuteequ}. Lemma~\ref{permutecompose} establishes that the + \eqref{permuteequ}. + Lemma~\ref{permutecompose} establishes that the permutation operation is equivariant. The permutation operation for lists and products, shown in \eqref{permdefsconstrs}, state that the constructors for products, @{text "Nil"} and @{text Cons} are @@ -576,128 +581,156 @@ @{const True} and @{const False} are equivariant by the definition of the permutation operation for booleans. It is easy to see that the boolean operators, like @{text "\"}, @{text "\"}, @{text - "\"} and @{text "\"}, are all equivariant too. (see ??? intro) - - In contrast, the advantage of Definition \ref{equivariance} is that - it leads to a relatively simple rewrite system that allows us to `push' a permutation, - say @{text \}, towards the leaves of a HOL-term (i.e.~constants and - variables). Then the permutation disappears in cases where the - constants are equivariant, since by Definition \ref{equivariance} we - have @{term "\ \ c = c"}. What we will show next is that for a HOL-term - @{term t} containing only equivariant constants, a permutation can be pushed - inside this term and the only instances remaining are in front of - the free variables of @{text t}. We can only show this by a meta-argument, - that means one we cannot formalise inside Isabelle/HOL. But we can invoke - it in form of a tactic programmed on the ML-level of Isabelle/HOL. - This tactic is a rewrite systems consisting of `oriented' equations. - - A permutation @{text \} can be - pushed into applications and abstractions as follows + "\"} and @{text "\"}, are equivariant too; for example we have \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}{@ {}lrcl} - i) & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ - & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\\ - ii) & @{text "\ \ (\x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\x. \ \ (t[x := (-\) \ x])"}\\ + \begin{tabular}{@ {}lcl} + @{text "\ \ (A \ B) = (\ \ A) \ (\ \ B)"}\\ + @{text "\ \ (A \ B) = (\ \ A) \ (\ \ B)"}\\ + \end{tabular} + \end{isabelle} + + \noindent + by the definition of the permutation operation acting on booleans. + + In contrast, the advantage of Definition \ref{equivariance} is that + it leads to a relatively simple rewrite system that allows us to `push' a permutation + towards the leaves of a HOL-term (i.e.~constants and + variables). Then the permutation disappears in cases where the + constants are equivariant. We have implemented this rewrite system + as a simplification tactic on the ML-level of Isabelle/HOL. Having this tactic + at our disposal, together with a collection of constants for which + equivariance is already established, we can automatically establish + equivariance of a constant for which equivariance is not yet known. For this we only have to + make sure that the definiens of this constant + is a HOL-term whose constants are all equivariant. In what follows + we shall specify this tactic and argue that it terminates and + is correct (in the sense of pushing a + permutation @{text "\"} inside a term and the only remaining + instances of @{text "\"} are in front of the term's free variables). + + The simplifiaction tactic is a rewrite systems consisting of four `oriented' + equations. We will first give a naive version of this tactic, which however + is in some cornercases incorrect and does not terminate, and then modify + it in order to obtain the desired properties. A permutation @{text \} can + be pushed into applications and abstractions as follows + + \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% + \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} + i) & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\\ + ii) & @{text "\ \ (\x. t)"} & \rrh & @{text "\x. \ \ (t[x := (-\) \ x])"}\\ \end{tabular}\hfill\numbered{rewriteapplam} \end{isabelle} \noindent - The first rule we established in \eqref{permutefunapp}; + The first equation we established in \eqref{permutefunapp}; the second follows from the definition of permutations acting on functions and the fact that HOL-terms are equal modulo beta-equivalence. Once the permutations are pushed towards the leaves we need the - following two rules + following two equations \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}{@ {}lrcl} - iii) & @{term "\ \ (- \) \ x"} & $\stackrel{\rightharpoonup}{=}$ & @{term "x"}\\ - iv) & @{term "\ \ c"} & $\stackrel{\rightharpoonup}{=}$ & - @{term "c"}\hspace{6mm}provided @{text c} is equivariant\\ + \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l} + iii) & @{term "\ \ (- \) \ x"} & \rrh & @{term "x"}\\ + iv) & @{term "\ \ c"} & \rrh & + {\rm @{term "c"}\hspace{6mm}provided @{text c} is equivariant}\\ \end{tabular}\hfill\numbered{rewriteother} \end{isabelle} \noindent - in order to remove permuations in front of bound variables and equivariant constants. - - In order to obtain a terminating rewrite system, we have to be - careful with rule ({\it i}). It can lead to a loop whenever - \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "\' \ t'"}. Consider - for example the infinite reduction sequence + in order to remove permuations in front of bound variables and + equivariant constants. Unfortunately, we have to be careful with + the rules {\it i)} and {\it iv}): they can lead to a loop whenever + \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "((op \) \') t"}. Note + that we usually write this application using infix notation as + @{text "\ \ t"} and recall that by Lemma \ref{permutecompose} the + constant @{text "(op \)"} is equivariant. Now consider the infinite + reduction sequence \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}l} - @{text "\ \ (\' \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\ - @{text "(\ \ \') \ (\ \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\ - @{text "((\ \ \') \ \) \ ((\ \ \') \ t)"}~~$\stackrel{\rightharpoonup}{=}\ldots$\\ + @{text "\ \ (\' \ t)"} + $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$ + @{text "(\ \ \') \ (\ \ t)"} + $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$ + @{text "((\ \ \') \ \) \ ((\ \ \') \ t)"}~~\ldots% + \end{tabular} \end{isabelle} \noindent - where the last step is again an instance of the first term, but it is - bigger (note that for the permutation operation we have that @{text - "\ \ (op \) = (op \)"} since as shown in Lemma \ref{permutecompose} - \mbox{@{text "(op \)"}} is equivariant). In order to avoid this loop - we need to apply these rules using an `outside to inside' strategy. - This strategy is sufficient since we are only interested of rewriting - terms of the form @{term "\ \ t"}. + where the last step is again an instance of the first term, but it + is bigger. To avoid this loop we need to apply our rewrite rule + using an `outside to inside' strategy. This strategy is sufficient + since we are only interested of rewriting terms of the form @{term + "\ \ t"}, where an outermost permutation needs to pushed inside a term. - Another problem we have to avoid is that the rules ({\it i}) and - ({\it iii}) can `overlap'. For this note that - the term @{term "\ \(\x. x)"} reduces to @{term "\x. \ \ (- \) \ - x"}, to which we can apply rule ({\it iii}) in order to obtain - @{term "\x. x"}, as is desired. However, the subterm term @{text + Another problem we have to avoid is that the rules {\it i)} and + {\it iii)} can `overlap'. For this note that + the term @{term "\ \(\x. x)"} reduces by {\it ii)} to + @{term "\x. \ \ (- \) \ x"}, to which we can apply rule {\it iii)} + in order to obtain @{term "\x. x"}, as is desired---there is no + free variable in the original term and so the permutation should completely + vanish. However, the subterm @{text "(- \) \ x"} is also an application. Consequently, the term @{term "\x. \ \ (- \) \x"} can reduce to @{text "\x. (- (\ \ \)) \ (\ \ x)"} using - ({\it i}). Now we cannot apply rule ({\it iii}) anymore and even - worse the measure we will introduce shortly increases. On the - other hand, if we started with the term @{text "\ \ ((- \) \ x)"} - where @{text \} and @{text x} are free variables, then we do - want to apply rule ({\it i}), rather than rule ({\it iii}) which - would eliminate @{text \} completely. This is a problem because we - want to keep the shape of the HOL-term intact during rewriting. - As a remedy we use a standard trick in HOL: we introduce - a separate definition for terms of the form @{text "(- \) \ x"}, - namely as + {\it i)}. Given our strategy we cannot apply rule {\it iii)} anymore and + even worse the measure we will introduce shortly increased. On the + other hand, if we had started with the term @{text "\ \ ((- \) \ x)"} + where @{text \} and @{text x} are free variables, then we \emph{do} + want to apply rule {\it i)} and not rule {\it iii)}. The latter + would eliminate @{text \} completely. The problem is that rule {\it iii)} + should only apply to instances where the variable is to bound; for free variables + we want to use {\it ii)}. + + The problem is that in order to distinguish both cases when + inductively taking a term `apart', we have to maintain the + information which variable is bound. This, unfortunately, does not + mesh well with the way how simplification tactics are implemented in + Isabelle/HOL. Our remedy is to use a standard trick in HOL: we + introduce a separate definition for terms of the form @{text "(- \) + \ x"}, namely as \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% @{term "unpermute \ x \ (- \) \ x"} \end{isabelle} \noindent - The point is that we will always start with a term that does not - contain any @{text unpermutes}. With this trick we can reformulate - our rewrite rules as follows + The point is that now we can formulate the rewrite rules as follows \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% \begin{tabular}{@ {}lrcl} - i') & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ & + i') & @{text "\ \ (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\ \ t\<^isub>1) (\ \ t\<^isub>2)"}\hspace{45mm}\mbox{}\\ - \multicolumn{4}{r}{provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \ x"}}\smallskip\\ - ii') & @{text "\ \ (\x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\x. \ \ (t[x := unpermute \ x])"}\\ - iii') & @{text "\ \ (unpermute \ x)"} & $\stackrel{\rightharpoonup}{=}$ & @{term x}\\ - iv') & @{term "\ \ c"} & $\stackrel{\rightharpoonup}{=}$ & @{term "c"} - \hspace{6mm}provided @{text c} is equivariant\\ + \multicolumn{4}{r}{\rm provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \ x"}}\smallskip\\ + ii') & @{text "\ \ (\x. t)"} & \rrh & @{text "\x. \ \ (t[x := unpermute \ x])"}\\ + iii') & @{text "\ \ (unpermute \ x)"} & \rrh & @{term x}\\ + iv') & @{term "\ \ c"} & \rrh & @{term "c"} + \hspace{6mm}{\rm provided @{text c} is equivariant}\\ \end{tabular} \end{isabelle} \noindent - None of these rules overlap. To see that the permutation on the - right-hand side is applied to a smaller term, we take the measure - consisting of lexicographically ordered pairs whose first component - is the size of a term (without counting @{text unpermutes}) and the - second is the number of occurences of @{text "unpermute \ x"} and - @{text "\ \ c"}. This means the process of applying these rules - with our `outside-to-inside' strategy must terminate. + and @{text unpermutes} are only generated in case of bound variables. + Clearly none of these rules overlap. Moreover, given our + outside-to-inside strategy, they terminate. To see this, notice that + the permutation on the right-hand side of the rewrite rules is + always applied to a smaller term, provided we take the measure consisting + of lexicographically ordered pairs whose first component is the size + of a term (counting terms of the form @{text "unpermute \ x"} as + leaves) and the second is the number of occurences of @{text + "unpermute \ x"} and @{text "\ \ c"}. - With the rewriting system in plcae, we are able to establish the - fact that for a HOL-term @{text t} whose constants are all equivariant, - the HOL-term @{text "\ \ t"} is equal to @{text "t'"} wherby - @{text "t'"} is equal to @{text t} except that every free variable - @{text x} of @{text t} is replaced by @{text "\ \ x"}. Pitts calls - this fact \emph{equivariance principle}. In our setting the precise - statement of this fact is a bit more involved because of the fact - that @{text unpermute} needs to be treated specially. + With the definition of the simplification tactic in place, we can + establish its correctness. The property we are after is that for for + a HOL-term @{text t} whose constants are all equivariant, the + HOL-term @{text "\ \ t"} is equal to @{text "t'"} with @{text "t'"} + being equal to @{text t} except that every free variable @{text x} + in @{text t} is replaced by @{text "\ \ x"}. Pitts calls this + property \emph{equivariance principle} (book ref ???). In our + setting the precise statement of this property is a slightly more + involved because of the fact that @{text unpermutes} needs to be + treated specially. \begin{theorem}[Equivariance Principle] Suppose a HOL-term @{text t} does not contain any @{text unpermutes} and all @@ -723,30 +756,7 @@ For an equivariant HOL-term @{text "t"}, @{term "\ \ t = t"} for all permutations @{term "\"}. \end{lemma} - \begin{proof} - By induction on the grammar of HOL-terms. The case for variables cannot arise since - equivariant HOL-terms are closed. The case for constants is clear by Definition - \ref{equivariance}. The case for applications is also straightforward since by - \eqref{permutefunapp} we have @{term "\ \ (t\<^isub>1 t\<^isub>2) = (\ \ t\<^isub>1) (\ \ t\<^isub>2)"}. - For the case of abstractions we can reason as follows - - \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%% - \begin{tabular}[b]{@ {}c@ {\hspace{2mm}}l@ {\hspace{8mm}}l} - & @{text "\ \ (\x. t)"}\\ - @{text "\"} & @{text "\y. \ \ ((\x. t) ((-\) \ y))"} & by \eqref{permdefsconstrs}\\ - - \end{tabular}\hfill\qed - \end{isabelle} - \end{proof} - - database of equivariant functions - - Such a rewrite system is often very helpful - in determining whether @{text "\ \ t = t"} holds for a compound term @{text t}. ??? - - For this we have implemented in Isabelle/HOL a - database of equivariant constants that can be used to rewrite - HOL-terms. + Let us now see how to use the equivariance principle. We have *} diff -r 7a6b87adebc8 -r 66ef2a2c64fb Pearl-jv/document/root.tex --- a/Pearl-jv/document/root.tex Wed Apr 13 13:44:25 2011 +0100 +++ b/Pearl-jv/document/root.tex Fri Apr 22 00:18:25 2011 +0800 @@ -4,6 +4,7 @@ \usepackage{isabellesym} \usepackage{amsmath} \usepackage{amssymb} +\usepackage{mathabx} \usepackage{longtable} \usepackage{graphics} \usepackage{pdfsetup} @@ -19,10 +20,13 @@ \renewcommand{\isasymrightleftharpoons}{} \renewcommand{\isasymemptyset}{$\varnothing$} \newcommand{\isasymallatoms}{\ensuremath{\mathbb{A}}} +\newcommand{\rrh}{\mbox{\footnotesize$\rightrightharpoons$}} \newcommand{\numbered}[1]{\refstepcounter{equation}{\rm(\arabic{equation})}\label{#1}} \newcommand\new[0]{\reflectbox{\ensuremath{\mathsf{N}}}} +\changenotsign + \begin{document} \title{Implementing the Nominal Logic Work in Isabelle/HOL} diff -r 7a6b87adebc8 -r 66ef2a2c64fb Slides/Slides6.thy --- a/Slides/Slides6.thy Wed Apr 13 13:44:25 2011 +0100 +++ b/Slides/Slides6.thy Fri Apr 22 00:18:25 2011 +0800 @@ -12,7 +12,7 @@ (*>*) text_raw {* - \renewcommand{\slidecaption}{Shanghai, 12.~April 2011} + \renewcommand{\slidecaption}{Hefei, 15.~April 2011} \newcommand{\abst}[2]{#1.#2}% atom-abstraction \newcommand{\pair}[2]{\langle #1,#2\rangle} % pairing @@ -128,6 +128,23 @@ *} +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{3 Points} + \large + \begin{itemize} + \item It is easy to make mistakes.\bigskip + \item Theorem provers can prevent mistakes, {\bf if} the problem + is formulated so that it is suitable for theorem provers.\bigskip + \item This re-formulation can be done, even in domains where + we do not expect it. + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} text_raw {* @@ -186,15 +203,12 @@ \end{tabular}\medskip - - - - \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% *} + text_raw {* %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -333,7 +347,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}<1->[c] - \frametitle{Theorem Provers} + \frametitle{Lessons Learned} \begin{itemize} \item Theorem provers help with keeping large proofs consistent; @@ -738,13 +752,13 @@ \begin{textblock}{6}(9.5,6.18) \begin{flushright} - \color{gray}``derivative for a char'' + \color{gray}``derivative w.r.t.~a char'' \end{flushright} \end{textblock} \begin{textblock}{6}(9.5,12.1) \begin{flushright} - \color{gray}``deriv.~for a string'' + \color{gray}``deriv.~w.r.t.~a string'' \end{flushright} \end{textblock} @@ -861,10 +875,10 @@ \end{itemize} - I can think of two reasons why this is a good definition:\medskip + There are many reasons why this is a good definition:\medskip \begin{itemize} \item pumping lemma - \item closure properties of regular languages (closed under complement) + \item closure properties of regular languages\\ (e.g.~closure under complement) \end{itemize} \end{frame}} @@ -909,6 +923,24 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] + \frametitle{} + \large + \begin{center} + \begin{tabular}{p{9cm}} + My point:\bigskip\\ + + The theory about regular languages can be reformulated + to be more suitable for theorem proving. + \end{tabular} + \end{center} + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] \frametitle{\LARGE The Myhill-Nerode Theorem} \begin{itemize} @@ -925,7 +957,6 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - *} text_raw {* @@ -1055,7 +1086,7 @@ \smath{R_1}: & \smath{\{[]\}}\\ \smath{R_2}: & \smath{\{[c]\}}\\ \smath{R_3}: & \smath{U\!N\!IV - \{[], [c]\}}\\[6mm] - \multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ; [c] \subseteq Y}}} + \multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ;; [c] \subseteq Y}}} \end{tabular} \end{tabular} @@ -1345,7 +1376,7 @@ \begin{itemize} \item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}} \bigskip\pause - \item regular languages are closed under complementation; this is easy + \item regular languages are closed under complementation; this is now easy\medskip \begin{center} \smath{U\!N\!IV /\!/ \approx_L \;\;=\;\; U\!N\!IV /\!/ \approx_{-L}} \end{center} @@ -1423,7 +1454,7 @@ \begin{itemize} \item We formalised the Myhill-Nerode theorem based on - regular expressions (DFA are difficult to deal with in a theorem prover).\smallskip + regular expressions only (DFAs are difficult to deal with in a theorem prover).\smallskip \item Seems to be a common theme: algorithms need to be reformulated to better suit formal treatment.\smallskip @@ -1432,7 +1463,7 @@ implement the matcher directly inside the theorem prover (ongoing work).\smallskip - \item Parsing is a vast field and seems to offer new results. + \item Parsing is a vast field which seem to offer new results. \end{itemize} \end{frame}} @@ -1450,23 +1481,126 @@ \alert{\Large Questions?} \end{tabular}} - %\begin{center} - %\bf \underline{Short Bio:} - %\end{center} - %\mbox{}\\[-17mm]\mbox{}\small - %\begin{itemize} - %\item PhD in Cambridge - %\item Emmy-Noether Fellowship in Munich - %\item main results in nominal reasoning and nominal unification - %\end{itemize} + \begin{center} + \bf \underline{Short Bio:} + \end{center} + \mbox{}\\[-17mm]\mbox{}\small + \begin{itemize} + \item PhD in Cambridge + \item Emmy-Noether Research Fellowship at the TU Munich + \item talks at: CMU, Yale, Princeton, MIT,$\ldots$ + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + My existing strengths:\bigskip + + \begin{itemize} + \item Isabelle (implementation)\bigskip + \item background in logic, programming languages, formal methods + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + I want to have a single logic framework in which I can + write programs and prove their correctness.\bigskip + + \begin{itemize} + \item extensions of HOL (IO, modules, advanced types) + \item high-level programming languages + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + Compilers\bigskip + + \begin{itemize} + \item the high-level language needs to be compiled to correct machine + code + \item compiler verification, machine code verification + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + Stronger type-systems\bigskip + + \begin{itemize} + \item ``correct by construction'' + \item GADTs, dependent types + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + Proof automation\bigskip + + \begin{itemize} + \item external tools generate ``proof-certificates'' + \item certificates are imported into Isabelle + \item GPU based external provers + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +*} + +text_raw {* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Future Research} + + Large-scale applications\bigskip + + \begin{itemize} + \item verification of Java-Script, Scala,$\ldots$ + \item interesting code (INTEL in Shanghai) + \end{itemize} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% *} - - (*<*) end (*>*) \ No newline at end of file