--- a/IsaMakefile Tue Apr 19 13:03:08 2011 +0100
+++ b/IsaMakefile Thu Apr 28 11:51:01 2011 +0800
@@ -128,7 +128,19 @@
cd Slides/generated6 ; $(ISABELLE_TOOL) latex -o pdf root.beamer.tex
cp Slides/generated6/root.beamer.pdf Slides/slides6.pdf
-slides: slides1 slides2 slides3 slides4 slides5 slides6
+session7: Slides/ROOT7.ML \
+ Slides/document/root* \
+ Slides/Slides6.thy
+ @$(USEDIR) -D generated7 -f ROOT7.ML HOL Slides
+
+slides7: session7
+ rm -f Slides/generated7/*.aux # otherwise latex will fall over
+ cd Slides/generated7 ; $(ISABELLE_TOOL) latex -o pdf root.beamer.tex
+ cd Slides/generated7 ; $(ISABELLE_TOOL) latex -o pdf root.beamer.tex
+ cp Slides/generated7/root.beamer.pdf Slides/slides7.pdf
+
+
+slides: slides1 slides2 slides3 slides4 slides5 slides6 slides7
--- a/Nominal/Nominal2_Base.thy Tue Apr 19 13:03:08 2011 +0100
+++ b/Nominal/Nominal2_Base.thy Thu Apr 28 11:51:01 2011 +0800
@@ -2398,11 +2398,6 @@
lemma list_renaming_perm:
shows "\<exists>q. (\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set bs \<union> (p \<bullet> set bs)"
proof (induct bs)
- case Nil
- have "(\<forall>b \<in> set []. 0 \<bullet> b = p \<bullet> b) \<and> supp (0::perm) \<subseteq> set [] \<union> p \<bullet> set []"
- by (simp add: supp_zero_perm)
- then show "\<exists>q. (\<forall>b \<in> set []. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set [] \<union> p \<bullet> (set [])" by blast
-next
case (Cons a bs)
then have " \<exists>q. (\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set bs \<union> p \<bullet> (set bs)" by simp
then obtain q where *: "\<forall>b \<in> set bs. q \<bullet> b = p \<bullet> b" and **: "supp q \<subseteq> set bs \<union> p \<bullet> (set bs)"
@@ -2443,6 +2438,11 @@
}
ultimately show "\<exists>q. (\<forall>b \<in> set (a # bs). q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set (a # bs) \<union> p \<bullet> (set (a # bs))"
by blast
+next
+ case Nil
+ have "(\<forall>b \<in> set []. 0 \<bullet> b = p \<bullet> b) \<and> supp (0::perm) \<subseteq> set [] \<union> p \<bullet> set []"
+ by (simp add: supp_zero_perm)
+ then show "\<exists>q. (\<forall>b \<in> set []. q \<bullet> b = p \<bullet> b) \<and> supp q \<subseteq> set [] \<union> p \<bullet> (set [])" by blast
qed
--- a/Pearl-jv/Paper.thy Tue Apr 19 13:03:08 2011 +0100
+++ b/Pearl-jv/Paper.thy Thu Apr 28 11:51:01 2011 +0800
@@ -57,7 +57,7 @@
text {*
Nominal Isabelle provides a proving infratructure for convenient reasoning
- about syntax involving binders, such as lambda terms or type schemes:
+ about syntax involving binders, such as lambda terms or type schemes in Mini-ML:
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
@{text "\<lambda>x. t \<forall>{x\<^isub>1,\<dots>, x\<^isub>n}. \<tau>"}
@@ -196,13 +196,14 @@
text {*
\noindent
- whereby the string argument specifies the sort of the atom.\footnote{A
- similar design choice was made by Gunter et al \cite{GunterOsbornPopescu09}
- for their variables.} The use of type \emph{string} for sorts is merely for
- convenience; any countably infinite type would work as well.
- The set of all atoms we shall write as @{term "UNIV::atom set"}.
- We have two auxiliary functions for atoms, namely @{text sort}
- and @{const nat_of} which are defined as
+ whereby the string argument specifies the sort of the
+ atom.\footnote{A similar design choice was made by Gunter et al
+ \cite{GunterOsbornPopescu09} for their variables.} The use of type
+ \emph{string} for sorts is merely for convenience; any countably
+ infinite type would work as well. In what follows we shall write
+ @{term "UNIV::atom set"} for the set of all atoms. We also have two
+ auxiliary functions for atoms, namely @{text sort} and @{const
+ nat_of} which are defined as
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
\begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
@@ -221,8 +222,8 @@
\end{proposition}
For implementing sort-respecting permutations, we use functions of type @{typ
- "atom => atom"} that @{text "i)"} are bijective; @{text "ii)"} are the
- identity on all atoms, except a finite number of them; and @{text "iii)"} map
+ "atom => atom"} that are bijective; are the
+ identity on all atoms, except a finite number of them; and map
each atom to one of the same sort. These properties can be conveniently stated
in Isabelle/HOL for a function @{text \<pi>} as follows:
@@ -241,7 +242,7 @@
written @{term id}, is included in @{typ perm}. Also function composition,
written \mbox{@{text "_ \<circ> _"}}, and function inversion, given by Isabelle/HOL's
inverse operator and written \mbox{@{text "inv _"}}, preserve the properties
- @{text "i"}-@{text "iii"}.
+ (\ref{permtype}.@{text "i"}-@{text "iii"}).
However, a moment of thought is needed about how to construct non-trivial
permutations. In the nominal logic work it turned out to be most convenient
@@ -299,8 +300,8 @@
\end{isabelle}
\noindent
- are \emph{equal}. Another advantage of the function representation is that
- they form a (non-com\-mu\-ta\-tive) group provided we define
+ are \emph{equal} and can be used interchangeably. Another advantage of the function
+ representation is that they form a (non-com\-mu\-ta\-tive) group provided we define
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
\begin{tabular}{@ {}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{10mm}}r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
@@ -334,7 +335,7 @@
composition of permutations is not commutative in general; for example
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
- @{text "(a b) + (b c) \<noteq> (b c) + (a b)"}
+ @{text "(a b) + (b c) \<noteq> (b c) + (a b)"}\;.
\end{isabelle}
\noindent
@@ -343,16 +344,17 @@
the non-standard notation in order to reuse the existing libraries.
A \emph{permutation operation}, written infix as @{text "\<pi> \<bullet> x"},
- applies a permutation @{text "\<pi>"} to an object @{text "x"} of type
- @{text \<beta>}, say. This operation has the type
+ applies a permutation @{text "\<pi>"} to an object @{text "x"}. This
+ operation has the type
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
@{text "_ \<bullet> _ :: perm \<Rightarrow> \<beta> \<Rightarrow> \<beta>"}
\end{isabelle}
\noindent
- and will be defined over the hierarchie of types.
- Isabelle/HOL allows us to give a definition of this operation for
+ whereby @{text "\<beta>"} is a generic type for @{text x}. The definition of this operation will be
+ given by in terms of `induction' over this generic type. The type-class mechanism
+ of Isabelle/HOL \cite{Wenzel04} allows us to give a definition for
`base' types, such as atoms, permutations, booleans and natural numbers:
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
@@ -377,8 +379,9 @@
\end{tabular}\hfill\numbered{permdefsconstrs}
\end{isabelle}
- In order to reason abstractly about this operation,
- we use Isabelle/HOL's type classes~\cite{Wenzel04} and state the following two
+ \noindent
+ The type classes also allow us to reason abstractly about the permutation operation.
+ For this we state the following two
\emph{permutation properties}:
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
@@ -446,8 +449,8 @@
the right-hand side, simplifying the beta-redex and eliminating the permutations
in front of @{text x} using \eqref{cancel}.
- The use of type classes allows us to delegate much of the routine
- resoning involved in determining whether the permutation properties
+ The main benefit of the use of type classes is that it allows us to delegate
+ much of the routine resoning involved in determining whether the permutation properties
are satisfied to Isabelle/HOL's type system: we only have to
establish that base types satisfy them and that type-constructors
preserve them. Isabelle/HOL will use this information and determine
@@ -492,7 +495,7 @@
text {*
An important notion in the nominal logic work is
- \emph{equivariance}. It will enable us to characterise how
+ \emph{equivariance}. This notion allows us to characterise how
permutations act upon compound statements in HOL by analysing how
these statements are constructed. To do so, let us first define
\emph{HOL-terms}. They are given by the grammar
@@ -503,8 +506,9 @@
\end{isabelle}
\noindent
- whereby @{text c} stands for constants and @{text x} for
- variables. We assume HOL-terms are fully typed, but for the sake of
+ where @{text c} stands for constants and @{text x} for
+ variables.
+ We assume HOL-terms are fully typed, but for the sake of
greater legibility we leave the typing information implicit. We
also assume the usual notions for free and bound variables of a
HOL-term. Furthermore, it is custom in HOL to regard terms as equal
@@ -520,9 +524,9 @@
\end{definition}
\noindent
- We will primarily be interested in the cases where @{text t} is a constant, but
- of course there is no way to restrict this definition in Isabelle/HOL so that it
- applies to just constants.
+ In what follows we will primarily be interested in the cases where @{text t}
+ is a constant, but of course there is no way in Isabelle/HOL to restrict
+ this definition to just these cases.
There are a number of equivalent formulations for the equivariance
property. For example, assuming @{text t} is of permutation type @{text "\<alpha> \<Rightarrow>
@@ -542,7 +546,7 @@
\eqref{cancel}. To see the other direction, we use
\eqref{permutefunapp}. Similarly for HOL-terms that take more than
one argument. The point to note is that equivariance and equivariance in fully
- applied form are always interderivable.
+ applied form are (for permutation types) always interderivable.
Both formulations of equivariance have their advantages and
disadvantages: \eqref{altequivariance} is usually more convenient to
@@ -553,12 +557,13 @@
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
\begin{tabular}{@ {}l}
@{thm eq_eqvt[where p="\<pi>", no_vars]}
- \end{tabular}
+ \end{tabular}\hfill\numbered{eqeqvt}
\end{isabelle}
\noindent
using the permutation operation on booleans and property
- \eqref{permuteequ}. Lemma~\ref{permutecompose} establishes that the
+ \eqref{permuteequ}.
+ Lemma~\ref{permutecompose} establishes that the
permutation operation is equivariant. The permutation operation for
lists and products, shown in \eqref{permdefsconstrs}, state that the
constructors for products, @{text "Nil"} and @{text Cons} are
@@ -576,128 +581,156 @@
@{const True} and @{const False} are equivariant by the definition
of the permutation operation for booleans. It is easy to see
that the boolean operators, like @{text "\<and>"}, @{text "\<or>"}, @{text
- "\<not>"} and @{text "\<longrightarrow>"}, are all equivariant too. (see ??? intro)
-
- In contrast, the advantage of Definition \ref{equivariance} is that
- it leads to a relatively simple rewrite system that allows us to `push' a permutation,
- say @{text \<pi>}, towards the leaves of a HOL-term (i.e.~constants and
- variables). Then the permutation disappears in cases where the
- constants are equivariant, since by Definition \ref{equivariance} we
- have @{term "\<pi> \<bullet> c = c"}. What we will show next is that for a HOL-term
- @{term t} containing only equivariant constants, a permutation can be pushed
- inside this term and the only instances remaining are in front of
- the free variables of @{text t}. We can only show this by a meta-argument,
- that means one we cannot formalise inside Isabelle/HOL. But we can invoke
- it in form of a tactic programmed on the ML-level of Isabelle/HOL.
- This tactic is a rewrite systems consisting of `oriented' equations.
-
- A permutation @{text \<pi>} can be
- pushed into applications and abstractions as follows
+ "\<not>"} and @{text "\<longrightarrow>"}, are equivariant too; for example we have
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
- \begin{tabular}{@ {}lrcl}
- i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$
- & @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\
- ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\<lambda>x. \<pi> \<bullet> (t[x := (-\<pi>) \<bullet> x])"}\\
+ \begin{tabular}{@ {}lcl}
+ @{text "\<pi> \<bullet> (A \<and> B) = (\<pi> \<bullet> A) \<and> (\<pi> \<bullet> B)"}\\
+ @{text "\<pi> \<bullet> (A \<longrightarrow> B) = (\<pi> \<bullet> A) \<longrightarrow> (\<pi> \<bullet> B)"}\\
+ \end{tabular}
+ \end{isabelle}
+
+ \noindent
+ by the definition of the permutation operation acting on booleans.
+
+ In contrast, the advantage of Definition \ref{equivariance} is that
+ it leads to a relatively simple rewrite system that allows us to `push' a permutation
+ towards the leaves of a HOL-term (i.e.~constants and
+ variables). Then the permutation disappears in cases where the
+ constants are equivariant. We have implemented this rewrite system
+ as a simplification tactic on the ML-level of Isabelle/HOL. Having this tactic
+ at our disposal, together with a collection of constants for which
+ equivariance is already established, we can automatically establish
+ equivariance of a constant for which equivariance is not yet known. For this we only have to
+ make sure that the definiens of this constant
+ is a HOL-term whose constants are all equivariant. In what follows
+ we shall specify this tactic and argue that it terminates and
+ is correct (in the sense of pushing a
+ permutation @{text "\<pi>"} inside a term and the only remaining
+ instances of @{text "\<pi>"} are in front of the term's free variables).
+
+ The simplifiaction tactic is a rewrite systems consisting of four `oriented'
+ equations. We will first give a naive version of this tactic, which however
+ is in some cornercases incorrect and does not terminate, and then modify
+ it in order to obtain the desired properties. A permutation @{text \<pi>} can
+ be pushed into applications and abstractions as follows
+
+ \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
+ \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l}
+ i) & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh & @{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\\
+ ii) & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x := (-\<pi>) \<bullet> x])"}\\
\end{tabular}\hfill\numbered{rewriteapplam}
\end{isabelle}
\noindent
- The first rule we established in \eqref{permutefunapp};
+ The first equation we established in \eqref{permutefunapp};
the second follows from the definition of permutations acting on functions
and the fact that HOL-terms are equal modulo beta-equivalence.
Once the permutations are pushed towards the leaves we need the
- following two rules
+ following two equations
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
- \begin{tabular}{@ {}lrcl}
- iii) & @{term "\<pi> \<bullet> (- \<pi>) \<bullet> x"} & $\stackrel{\rightharpoonup}{=}$ & @{term "x"}\\
- iv) & @{term "\<pi> \<bullet> c"} & $\stackrel{\rightharpoonup}{=}$ &
- @{term "c"}\hspace{6mm}provided @{text c} is equivariant\\
+ \begin{tabular}{@ {}lr@ {\hspace{3mm}}c@ {\hspace{3mm}}l}
+ iii) & @{term "\<pi> \<bullet> (- \<pi>) \<bullet> x"} & \rrh & @{term "x"}\\
+ iv) & @{term "\<pi> \<bullet> c"} & \rrh &
+ {\rm @{term "c"}\hspace{6mm}provided @{text c} is equivariant}\\
\end{tabular}\hfill\numbered{rewriteother}
\end{isabelle}
\noindent
- in order to remove permuations in front of bound variables and equivariant constants.
-
- In order to obtain a terminating rewrite system, we have to be
- careful with rule ({\it i}). It can lead to a loop whenever
- \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "\<pi>' \<bullet> t'"}. Consider
- for example the infinite reduction sequence
+ in order to remove permuations in front of bound variables and
+ equivariant constants. Unfortunately, we have to be careful with
+ the rules {\it i)} and {\it iv}): they can lead to a loop whenever
+ \mbox{@{text "t\<^isub>1 t\<^isub>2"}} is of the form @{text "((op \<bullet>) \<pi>') t"}. Note
+ that we usually write this application using infix notation as
+ @{text "\<pi> \<bullet> t"} and recall that by Lemma \ref{permutecompose} the
+ constant @{text "(op \<bullet>)"} is equivariant. Now consider the infinite
+ reduction sequence
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
\begin{tabular}{@ {}l}
- @{text "\<pi> \<bullet> (\<pi>' \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\
- @{text "(\<pi> \<bullet> \<pi>') \<bullet> (\<pi> \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots\stackrel{\rightharpoonup}{=}$\\
- @{text "((\<pi> \<bullet> \<pi>') \<bullet> \<pi>) \<bullet> ((\<pi> \<bullet> \<pi>') \<bullet> t)"}~~$\stackrel{\rightharpoonup}{=}\ldots$\\
+ @{text "\<pi> \<bullet> (\<pi>' \<bullet> t)"}
+ $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$
+ @{text "(\<pi> \<bullet> \<pi>') \<bullet> (\<pi> \<bullet> t)"}
+ $\;\;\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it i)}}{\rrh}\stackrel{\text{\it iv)}}{\rrh}\;\;$
+ @{text "((\<pi> \<bullet> \<pi>') \<bullet> \<pi>) \<bullet> ((\<pi> \<bullet> \<pi>') \<bullet> t)"}~~\ldots%
+
\end{tabular}
\end{isabelle}
\noindent
- where the last step is again an instance of the first term, but it is
- bigger (note that for the permutation operation we have that @{text
- "\<pi> \<bullet> (op \<bullet>) = (op \<bullet>)"} since as shown in Lemma \ref{permutecompose}
- \mbox{@{text "(op \<bullet>)"}} is equivariant). In order to avoid this loop
- we need to apply these rules using an `outside to inside' strategy.
- This strategy is sufficient since we are only interested of rewriting
- terms of the form @{term "\<pi> \<bullet> t"}.
+ where the last step is again an instance of the first term, but it
+ is bigger. To avoid this loop we need to apply our rewrite rule
+ using an `outside to inside' strategy. This strategy is sufficient
+ since we are only interested of rewriting terms of the form @{term
+ "\<pi> \<bullet> t"}, where an outermost permutation needs to pushed inside a term.
- Another problem we have to avoid is that the rules ({\it i}) and
- ({\it iii}) can `overlap'. For this note that
- the term @{term "\<pi> \<bullet>(\<lambda>x. x)"} reduces to @{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet>
- x"}, to which we can apply rule ({\it iii}) in order to obtain
- @{term "\<lambda>x. x"}, as is desired. However, the subterm term @{text
+ Another problem we have to avoid is that the rules {\it i)} and
+ {\it iii)} can `overlap'. For this note that
+ the term @{term "\<pi> \<bullet>(\<lambda>x. x)"} reduces by {\it ii)} to
+ @{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet> x"}, to which we can apply rule {\it iii)}
+ in order to obtain @{term "\<lambda>x. x"}, as is desired---there is no
+ free variable in the original term and so the permutation should completely
+ vanish. However, the subterm @{text
"(- \<pi>) \<bullet> x"} is also an application. Consequently, the term
@{term "\<lambda>x. \<pi> \<bullet> (- \<pi>) \<bullet>x"} can reduce to @{text "\<lambda>x. (- (\<pi> \<bullet> \<pi>)) \<bullet> (\<pi> \<bullet> x)"} using
- ({\it i}). Now we cannot apply rule ({\it iii}) anymore and even
- worse the measure we will introduce shortly increases. On the
- other hand, if we started with the term @{text "\<pi> \<bullet> ((- \<pi>) \<bullet> x)"}
- where @{text \<pi>} and @{text x} are free variables, then we do
- want to apply rule ({\it i}), rather than rule ({\it iii}) which
- would eliminate @{text \<pi>} completely. This is a problem because we
- want to keep the shape of the HOL-term intact during rewriting.
- As a remedy we use a standard trick in HOL: we introduce
- a separate definition for terms of the form @{text "(- \<pi>) \<bullet> x"},
- namely as
+ {\it i)}. Given our strategy we cannot apply rule {\it iii)} anymore and
+ even worse the measure we will introduce shortly increased. On the
+ other hand, if we had started with the term @{text "\<pi> \<bullet> ((- \<pi>) \<bullet> x)"}
+ where @{text \<pi>} and @{text x} are free variables, then we \emph{do}
+ want to apply rule {\it i)} and not rule {\it iii)}. The latter
+ would eliminate @{text \<pi>} completely. The problem is that rule {\it iii)}
+ should only apply to instances where the variable is to bound; for free variables
+ we want to use {\it ii)}.
+
+ The problem is that in order to distinguish both cases when
+ inductively taking a term `apart', we have to maintain the
+ information which variable is bound. This, unfortunately, does not
+ mesh well with the way how simplification tactics are implemented in
+ Isabelle/HOL. Our remedy is to use a standard trick in HOL: we
+ introduce a separate definition for terms of the form @{text "(- \<pi>)
+ \<bullet> x"}, namely as
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
@{term "unpermute \<pi> x \<equiv> (- \<pi>) \<bullet> x"}
\end{isabelle}
\noindent
- The point is that we will always start with a term that does not
- contain any @{text unpermutes}. With this trick we can reformulate
- our rewrite rules as follows
+ The point is that now we can formulate the rewrite rules as follows
\begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
\begin{tabular}{@ {}lrcl}
- i') & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & $\stackrel{\rightharpoonup}{=}$ &
+ i') & @{text "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2)"} & \rrh &
@{term "(\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}\hspace{45mm}\mbox{}\\
- \multicolumn{4}{r}{provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \<pi> x"}}\smallskip\\
- ii') & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & $\stackrel{\rightharpoonup}{=}$ & @{text "\<lambda>x. \<pi> \<bullet> (t[x := unpermute \<pi> x])"}\\
- iii') & @{text "\<pi> \<bullet> (unpermute \<pi> x)"} & $\stackrel{\rightharpoonup}{=}$ & @{term x}\\
- iv') & @{term "\<pi> \<bullet> c"} & $\stackrel{\rightharpoonup}{=}$ & @{term "c"}
- \hspace{6mm}provided @{text c} is equivariant\\
+ \multicolumn{4}{r}{\rm provided @{text "t\<^isub>1 t\<^isub>2"} is not of the form @{text "unpermute \<pi> x"}}\smallskip\\
+ ii') & @{text "\<pi> \<bullet> (\<lambda>x. t)"} & \rrh & @{text "\<lambda>x. \<pi> \<bullet> (t[x := unpermute \<pi> x])"}\\
+ iii') & @{text "\<pi> \<bullet> (unpermute \<pi> x)"} & \rrh & @{term x}\\
+ iv') & @{term "\<pi> \<bullet> c"} & \rrh & @{term "c"}
+ \hspace{6mm}{\rm provided @{text c} is equivariant}\\
\end{tabular}
\end{isabelle}
\noindent
- None of these rules overlap. To see that the permutation on the
- right-hand side is applied to a smaller term, we take the measure
- consisting of lexicographically ordered pairs whose first component
- is the size of a term (without counting @{text unpermutes}) and the
- second is the number of occurences of @{text "unpermute \<pi> x"} and
- @{text "\<pi> \<bullet> c"}. This means the process of applying these rules
- with our `outside-to-inside' strategy must terminate.
+ and @{text unpermutes} are only generated in case of bound variables.
+ Clearly none of these rules overlap. Moreover, given our
+ outside-to-inside strategy, they terminate. To see this, notice that
+ the permutation on the right-hand side of the rewrite rules is
+ always applied to a smaller term, provided we take the measure consisting
+ of lexicographically ordered pairs whose first component is the size
+ of a term (counting terms of the form @{text "unpermute \<pi> x"} as
+ leaves) and the second is the number of occurences of @{text
+ "unpermute \<pi> x"} and @{text "\<pi> \<bullet> c"}.
- With the rewriting system in plcae, we are able to establish the
- fact that for a HOL-term @{text t} whose constants are all equivariant,
- the HOL-term @{text "\<pi> \<bullet> t"} is equal to @{text "t'"} wherby
- @{text "t'"} is equal to @{text t} except that every free variable
- @{text x} of @{text t} is replaced by @{text "\<pi> \<bullet> x"}. Pitts calls
- this fact \emph{equivariance principle}. In our setting the precise
- statement of this fact is a bit more involved because of the fact
- that @{text unpermute} needs to be treated specially.
+ With the definition of the simplification tactic in place, we can
+ establish its correctness. The property we are after is that for for
+ a HOL-term @{text t} whose constants are all equivariant, the
+ HOL-term @{text "\<pi> \<bullet> t"} is equal to @{text "t'"} with @{text "t'"}
+ being equal to @{text t} except that every free variable @{text x}
+ in @{text t} is replaced by @{text "\<pi> \<bullet> x"}. Pitts calls this
+ property \emph{equivariance principle} (book ref ???). In our
+ setting the precise statement of this property is a slightly more
+ involved because of the fact that @{text unpermutes} needs to be
+ treated specially.
\begin{theorem}[Equivariance Principle]
Suppose a HOL-term @{text t} does not contain any @{text unpermutes} and all
@@ -723,30 +756,7 @@
For an equivariant HOL-term @{text "t"}, @{term "\<pi> \<bullet> t = t"} for all permutations @{term "\<pi>"}.
\end{lemma}
- \begin{proof}
- By induction on the grammar of HOL-terms. The case for variables cannot arise since
- equivariant HOL-terms are closed. The case for constants is clear by Definition
- \ref{equivariance}. The case for applications is also straightforward since by
- \eqref{permutefunapp} we have @{term "\<pi> \<bullet> (t\<^isub>1 t\<^isub>2) = (\<pi> \<bullet> t\<^isub>1) (\<pi> \<bullet> t\<^isub>2)"}.
- For the case of abstractions we can reason as follows
-
- \begin{isabelle}\ \ \ \ \ \ \ \ \ \ %%%
- \begin{tabular}[b]{@ {}c@ {\hspace{2mm}}l@ {\hspace{8mm}}l}
- & @{text "\<pi> \<bullet> (\<lambda>x. t)"}\\
- @{text "\<equiv>"} & @{text "\<lambda>y. \<pi> \<bullet> ((\<lambda>x. t) ((-\<pi>) \<bullet> y))"} & by \eqref{permdefsconstrs}\\
-
- \end{tabular}\hfill\qed
- \end{isabelle}
- \end{proof}
-
- database of equivariant functions
-
- Such a rewrite system is often very helpful
- in determining whether @{text "\<pi> \<bullet> t = t"} holds for a compound term @{text t}. ???
-
- For this we have implemented in Isabelle/HOL a
- database of equivariant constants that can be used to rewrite
- HOL-terms.
+ Let us now see how to use the equivariance principle. We have
*}
--- a/Pearl-jv/document/root.tex Tue Apr 19 13:03:08 2011 +0100
+++ b/Pearl-jv/document/root.tex Thu Apr 28 11:51:01 2011 +0800
@@ -4,6 +4,7 @@
\usepackage{isabellesym}
\usepackage{amsmath}
\usepackage{amssymb}
+\usepackage{mathabx}
\usepackage{longtable}
\usepackage{graphics}
\usepackage{pdfsetup}
@@ -19,10 +20,13 @@
\renewcommand{\isasymrightleftharpoons}{}
\renewcommand{\isasymemptyset}{$\varnothing$}
\newcommand{\isasymallatoms}{\ensuremath{\mathbb{A}}}
+\newcommand{\rrh}{\mbox{\footnotesize$\rightrightharpoons$}}
\newcommand{\numbered}[1]{\refstepcounter{equation}{\rm(\arabic{equation})}\label{#1}}
\newcommand\new[0]{\reflectbox{\ensuremath{\mathsf{N}}}}
+\changenotsign
+
\begin{document}
\title{Implementing the Nominal Logic Work in Isabelle/HOL}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Slides/ROOT7.ML Thu Apr 28 11:51:01 2011 +0800
@@ -0,0 +1,6 @@
+(*show_question_marks := false;*)
+quick_and_dirty := true;
+
+no_document use_thy "~~/src/HOL/Library/LaTeXsugar";
+
+use_thy "Slides7"
\ No newline at end of file
--- a/Slides/Slides6.thy Tue Apr 19 13:03:08 2011 +0100
+++ b/Slides/Slides6.thy Thu Apr 28 11:51:01 2011 +0800
@@ -12,7 +12,7 @@
(*>*)
text_raw {*
- \renewcommand{\slidecaption}{Shanghai, 12.~April 2011}
+ \renewcommand{\slidecaption}{Hefei, 15.~April 2011}
\newcommand{\abst}[2]{#1.#2}% atom-abstraction
\newcommand{\pair}[2]{\langle #1,#2\rangle} % pairing
@@ -128,6 +128,23 @@
*}
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{3 Points}
+ \large
+ \begin{itemize}
+ \item It is easy to make mistakes.\bigskip
+ \item Theorem provers can prevent mistakes, {\bf if} the problem
+ is formulated so that it is suitable for theorem provers.\bigskip
+ \item This re-formulation can be done, even in domains where
+ we do not expect it.
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
text_raw {*
@@ -186,15 +203,12 @@
\end{tabular}\medskip
-
-
-
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
*}
+
text_raw {*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -333,7 +347,7 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<1->[c]
- \frametitle{Theorem Provers}
+ \frametitle{Lessons Learned}
\begin{itemize}
\item Theorem provers help with keeping large proofs consistent;
@@ -738,13 +752,13 @@
\begin{textblock}{6}(9.5,6.18)
\begin{flushright}
- \color{gray}``derivative for a char''
+ \color{gray}``derivative w.r.t.~a char''
\end{flushright}
\end{textblock}
\begin{textblock}{6}(9.5,12.1)
\begin{flushright}
- \color{gray}``deriv.~for a string''
+ \color{gray}``deriv.~w.r.t.~a string''
\end{flushright}
\end{textblock}
@@ -861,10 +875,10 @@
\end{itemize}
- I can think of two reasons why this is a good definition:\medskip
+ There are many reasons why this is a good definition:\medskip
\begin{itemize}
\item pumping lemma
- \item closure properties of regular languages (closed under complement)
+ \item closure properties of regular languages\\ (e.g.~closure under complement)
\end{itemize}
\end{frame}}
@@ -909,6 +923,24 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
+ \frametitle{}
+ \large
+ \begin{center}
+ \begin{tabular}{p{9cm}}
+ My point:\bigskip\\
+
+ The theory about regular languages can be reformulated
+ to be more suitable for theorem proving.
+ \end{tabular}
+ \end{center}
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
\frametitle{\LARGE The Myhill-Nerode Theorem}
\begin{itemize}
@@ -925,7 +957,6 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
*}
text_raw {*
@@ -1055,7 +1086,7 @@
\smath{R_1}: & \smath{\{[]\}}\\
\smath{R_2}: & \smath{\{[c]\}}\\
\smath{R_3}: & \smath{U\!N\!IV - \{[], [c]\}}\\[6mm]
- \multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ; [c] \subseteq Y}}}
+ \multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ;; [c] \subseteq Y}}}
\end{tabular}
\end{tabular}
@@ -1345,7 +1376,7 @@
\begin{itemize}
\item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}}
\bigskip\pause
- \item regular languages are closed under complementation; this is easy
+ \item regular languages are closed under complementation; this is now easy\medskip
\begin{center}
\smath{U\!N\!IV /\!/ \approx_L \;\;=\;\; U\!N\!IV /\!/ \approx_{-L}}
\end{center}
@@ -1423,7 +1454,7 @@
\begin{itemize}
\item We formalised the Myhill-Nerode theorem based on
- regular expressions (DFA are difficult to deal with in a theorem prover).\smallskip
+ regular expressions only (DFAs are difficult to deal with in a theorem prover).\smallskip
\item Seems to be a common theme: algorithms need to be reformulated
to better suit formal treatment.\smallskip
@@ -1432,7 +1463,7 @@
implement the matcher directly inside the theorem prover
(ongoing work).\smallskip
- \item Parsing is a vast field and seems to offer new results.
+ \item Parsing is a vast field which seem to offer new results.
\end{itemize}
\end{frame}}
@@ -1450,23 +1481,126 @@
\alert{\Large Questions?}
\end{tabular}}
- %\begin{center}
- %\bf \underline{Short Bio:}
- %\end{center}
- %\mbox{}\\[-17mm]\mbox{}\small
- %\begin{itemize}
- %\item PhD in Cambridge
- %\item Emmy-Noether Fellowship in Munich
- %\item main results in nominal reasoning and nominal unification
- %\end{itemize}
+ \begin{center}
+ \bf \underline{Short Bio:}
+ \end{center}
+ \mbox{}\\[-17mm]\mbox{}\small
+ \begin{itemize}
+ \item PhD in Cambridge
+ \item Emmy-Noether Research Fellowship at the TU Munich
+ \item talks at: CMU, Yale, Princeton, MIT,$\ldots$
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ My existing strengths:\bigskip
+
+ \begin{itemize}
+ \item Isabelle (implementation)\bigskip
+ \item background in logic, programming languages, formal methods
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ I want to have a single logic framework in which I can
+ write programs and prove their correctness.\bigskip
+
+ \begin{itemize}
+ \item extensions of HOL (IO, modules, advanced types)
+ \item high-level programming languages
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ Compilers\bigskip
+
+ \begin{itemize}
+ \item the high-level language needs to be compiled to correct machine
+ code
+ \item compiler verification, machine code verification
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ Stronger type-systems\bigskip
+
+ \begin{itemize}
+ \item ``correct by construction''
+ \item GADTs, dependent types
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ Proof automation\bigskip
+
+ \begin{itemize}
+ \item external tools generate ``proof-certificates''
+ \item certificates are imported into Isabelle
+ \item GPU based external provers
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{Future Research}
+
+ Large-scale applications\bigskip
+
+ \begin{itemize}
+ \item verification of Java-Script, Scala,$\ldots$
+ \item interesting code (INTEL in Shanghai)
+ \end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
*}
-
-
(*<*)
end
(*>*)
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Slides/Slides7.thy Thu Apr 28 11:51:01 2011 +0800
@@ -0,0 +1,1086 @@
+(*<*)
+theory Slides7
+imports "~~/src/HOL/Library/LaTeXsugar" "Main"
+begin
+
+declare [[show_question_marks = false]]
+
+notation (latex output)
+ set ("_") and
+ Cons ("_::/_" [66,65] 65)
+
+(*>*)
+
+text_raw {*
+ \renewcommand{\slidecaption}{Hefei, 15.~April 2011}
+
+ \newcommand{\abst}[2]{#1.#2}% atom-abstraction
+ \newcommand{\pair}[2]{\langle #1,#2\rangle} % pairing
+ \newcommand{\susp}{{\boldsymbol{\cdot}}}% for suspensions
+ \newcommand{\unit}{\langle\rangle}% unit
+ \newcommand{\app}[2]{#1\,#2}% application
+ \newcommand{\eqprob}{\mathrel{{\approx}?}}
+ \newcommand{\freshprob}{\mathrel{\#?}}
+ \newcommand{\redu}[1]{\stackrel{#1}{\Longrightarrow}}% reduction
+ \newcommand{\id}{\varepsilon}% identity substitution
+
+ \newcommand{\bl}[1]{\textcolor{blue}{#1}}
+ \newcommand{\gr}[1]{\textcolor{gray}{#1}}
+ \newcommand{\rd}[1]{\textcolor{red}{#1}}
+
+ \newcommand{\ok}{\includegraphics[scale=0.07]{ok.png}}
+ \newcommand{\notok}{\includegraphics[scale=0.07]{notok.png}}
+ \newcommand{\largenotok}{\includegraphics[scale=1]{notok.png}}
+
+ \renewcommand{\Huge}{\fontsize{61.92}{77}\selectfont}
+ \newcommand{\veryHuge}{\fontsize{74.3}{93}\selectfont}
+ \newcommand{\VeryHuge}{\fontsize{89.16}{112}\selectfont}
+ \newcommand{\VERYHuge}{\fontsize{107}{134}\selectfont}
+
+ \newcommand{\LL}{$\mathbb{L}\,$}
+
+
+ \pgfdeclareradialshading{smallbluesphere}{\pgfpoint{0.5mm}{0.5mm}}%
+ {rgb(0mm)=(0,0,0.9);
+ rgb(0.9mm)=(0,0,0.7);
+ rgb(1.3mm)=(0,0,0.5);
+ rgb(1.4mm)=(1,1,1)}
+
+ \def\myitemi{\begin{pgfpicture}{-1ex}{-0.55ex}{1ex}{1ex}
+ \usebeamercolor[fg]{subitem projected}
+ {\pgftransformscale{0.8}\pgftext{\normalsize\pgfuseshading{bigsphere}}}
+ \pgftext{%
+ \usebeamerfont*{subitem projected}}
+ \end{pgfpicture}}
+
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1>[t]
+ \frametitle{%
+ \begin{tabular}{@ {\hspace{-3mm}}c@ {}}
+ \\
+ \LARGE Verifying a Regular Expression\\[-1mm]
+ \LARGE Matcher and Formal Language\\[-1mm]
+ \LARGE Theory\\[5mm]
+ \end{tabular}}
+ \begin{center}
+ Christian Urban\\
+ \small Technical University of Munich, Germany
+ \end{center}
+
+
+ \begin{center}
+ \small joint work with Chunhan Wu and Xingyuan Zhang from the PLA
+ University of Science and Technology in Nanjing
+ \end{center}
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{This Talk: 3 Points}
+ \large
+ \begin{itemize}
+ \item It is easy to make mistakes.\bigskip
+ \item Theorem provers can prevent mistakes, {\bf if} the problem
+ is formulated so that it is suitable for theorem provers.\bigskip
+ \item This re-formulation can be done, even in domains where
+ we do not expect it.
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Regular Expressions}
+
+ \begin{textblock}{6}(2,4)
+ \begin{tabular}{@ {}rrl}
+ \bl{r} & \bl{$::=$} & \bl{$\varnothing$}\\
+ & \bl{$\mid$} & \bl{[]}\\
+ & \bl{$\mid$} & \bl{c}\\
+ & \bl{$\mid$} & \bl{r$_1$ + r$_2$}\\
+ & \bl{$\mid$} & \bl{r$_1$ $\cdot$ r$_2$}\\
+ & \bl{$\mid$} & \bl{r$^*$}\\
+ \end{tabular}
+ \end{textblock}
+
+ \begin{textblock}{6}(8,3.5)
+ \includegraphics[scale=0.35]{Screen1.png}
+ \end{textblock}
+
+ \begin{textblock}{6}(10.2,2.8)
+ \footnotesize Isabelle:
+ \end{textblock}
+
+ \only<2>{
+ \begin{textblock}{9}(3.6,11.8)
+ \bl{matches r s $\;\Longrightarrow\;$ true $\vee$ false}\\[3.5mm]
+
+ \hspace{10mm}\begin{tikzpicture}
+ \coordinate (m1) at (0.4,1);
+ \draw (0,0.3) node (m2) {\small\color{gray}rexp};
+ \path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (m2) edge (m1);
+
+ \coordinate (s1) at (0.81,1);
+ \draw (1.3,0.3) node (s2) {\small\color{gray} string};
+ \path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (s2) edge (s1);
+ \end{tikzpicture}
+ \end{textblock}}
+
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Specification}
+
+ \small
+ \begin{textblock}{6}(0,3.5)
+ \begin{tabular}{r@ {\hspace{0.5mm}}r@ {\hspace{1.5mm}}c@ {\hspace{1.5mm}}l}
+ \multicolumn{4}{c}{rexp $\Rightarrow$ set of strings}\bigskip\\
+ &\bl{\LL ($\varnothing$)} & \bl{$\dn$} & \bl{$\varnothing$}\\
+ &\bl{\LL ([])} & \bl{$\dn$} & \bl{\{[]\}}\\
+ &\bl{\LL (c)} & \bl{$\dn$} & \bl{\{c\}}\\
+ &\bl{\LL (r$_1$ + r$_2$)} & \bl{$\dn$} & \bl{\LL (r$_1$) $\cup$ \LL (r$_2$)}\\
+ \rd{$\Rightarrow$} &\bl{\LL (r$_1$ $\cdot$ r$_2$)} & \bl{$\dn$} & \bl{\LL (r$_1$) ;; \LL (r$_2$)}\\
+ \rd{$\Rightarrow$} &\bl{\LL (r$^*$)} & \bl{$\dn$} & \bl{(\LL (r))$^\star$}\\
+ \end{tabular}
+ \end{textblock}
+
+ \begin{textblock}{9}(7.3,3)
+ {\mbox{}\hspace{2cm}\footnotesize Isabelle:\smallskip}
+ \includegraphics[scale=0.325]{Screen3.png}
+ \end{textblock}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Version 1}
+ \small
+ \mbox{}\\[-8mm]\mbox{}
+
+ \begin{center}\def\arraystretch{1.05}
+ \begin{tabular}{@ {\hspace{-5mm}}l@ {\hspace{2.5mm}}c@ {\hspace{2.5mm}}l@ {}}
+ \bl{match [] []} & \bl{$=$} & \bl{true}\\
+ \bl{match [] (c::s)} & \bl{$=$} & \bl{false}\\
+ \bl{match ($\varnothing$::rs) s} & \bl{$=$} & \bl{false}\\
+ \bl{match ([]::rs) s} & \bl{$=$} & \bl{match rs s}\\
+ \bl{match (c::rs) []} & \bl{$=$} & \bl{false}\\
+ \bl{match (c::rs) (d::s)} & \bl{$=$} & \bl{if c = d then match rs s else false}\\
+ \bl{match (r$_1$ + r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::rs) s $\vee$ match (r$_2$::rs) s}\\
+ \bl{match (r$_1$ $\cdot$ r$_2$::rs) s} & \bl{$=$} & \bl{match (r$_1$::r$_2$::rs) s}\\
+ \bl{match (r$^*$::rs) s} & \bl{$=$} & \bl{match rs s $\vee$ match (r::r$^*$::rs) s}\\
+ \end{tabular}
+ \end{center}
+
+ \begin{textblock}{9}(0.2,1.6)
+ \hspace{10mm}\begin{tikzpicture}
+ \coordinate (m1) at (0.44,-0.5);
+ \draw (0,0.3) node (m2) {\small\color{gray}\mbox{}\hspace{-9mm}list of rexps};
+ \path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (m2) edge (m1);
+
+ \coordinate (s1) at (0.86,-0.5);
+ \draw (1.5,0.3) node (s2) {\small\color{gray} string};
+ \path[overlay, ->, line width = 0.5mm, shorten <=-1mm, draw = gray] (s2) edge (s1);
+ \end{tikzpicture}
+ \end{textblock}
+
+ \begin{textblock}{9}(2.8,11.8)
+ \bl{matches$_1$ r s $\;=\;$ match [r] s}
+ \end{textblock}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[c]
+ \frametitle{Testing}
+
+ \small
+ Every good programmer should do thourough tests:
+
+ \begin{center}
+ \begin{tabular}{@ {\hspace{-20mm}}lcl}
+ \bl{matches$_1$ (a$\cdot$b)$^*\;$ []} & \bl{$\mapsto$} & \bl{true}\\
+ \bl{matches$_1$ (a$\cdot$b)$^*\;$ ab} & \bl{$\mapsto$} & \bl{true}\\
+ \bl{matches$_1$ (a$\cdot$b)$^*\;$ aba} & \bl{$\mapsto$} & \bl{false}\\
+ \bl{matches$_1$ (a$\cdot$b)$^*\;$ abab} & \bl{$\mapsto$} & \bl{true}\\
+ \bl{matches$_1$ (a$\cdot$b)$^*\;$ abaa} & \bl{$\mapsto$} & \bl{false}\medskip\\
+ \onslide<2->{\bl{matches$_1$ x$\cdot$(0$|$1)$^*\;$ x} & \bl{$\mapsto$} & \bl{true}}\\
+ \onslide<2->{\bl{matches$_1$ x$\cdot$(0$|$1)$^*\;$ x0} & \bl{$\mapsto$} & \bl{true}}\\
+ \onslide<2->{\bl{matches$_1$ x$\cdot$(0$|$1)$^*\;$ x3} & \bl{$\mapsto$} & \bl{false}}
+ \end{tabular}
+ \end{center}
+
+ \onslide<3->
+ {looks OK \ldots let's ship it to customers\hspace{5mm}
+ \raisebox{-5mm}{\includegraphics[scale=0.05]{sun.png}}}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[c]
+ \frametitle{Version 1}
+
+ \only<1->{Several hours later\ldots}\pause
+
+
+ \begin{center}
+ \begin{tabular}{@ {\hspace{0mm}}lcl}
+ \bl{matches$_1$ []$^*$ s} & \bl{$\mapsto$} & loops\\
+ \onslide<4->{\bl{matches$_1$ ([] + \ldots)$^*$ s} & \bl{$\mapsto$} & loops\\}
+ \end{tabular}
+ \end{center}
+
+ \small
+ \onslide<3->{
+ \begin{center}
+ \begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {}}
+ \ldots\\
+ \bl{match ([]::rs) s} & \bl{$=$} & \bl{match rs s}\\
+ \ldots\\
+ \bl{match (r$^*$::rs) s} & \bl{$=$} & \bl{match rs s $\vee$ match (r::r$^*$::rs) s}\\
+ \end{tabular}
+ \end{center}}
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Testing}
+
+ \begin{itemize}
+ \item While testing is an important part in the process of programming development\pause\ldots
+
+ \item we can only test a {\bf finite} amount of examples.\bigskip\pause
+
+ \begin{center}
+ \colorbox{cream}
+ {\gr{\begin{minipage}{10cm}
+ ``Testing can only show the presence of errors, never their
+ absence.'' (Edsger W.~Dijkstra)
+ \end{minipage}}}
+ \end{center}\bigskip\pause
+
+ \item In a theorem prover we can establish properties that apply to
+ {\bf all} input and {\bf all} output.
+
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Version 2}
+ \mbox{}\\[-14mm]\mbox{}
+
+ \small
+ \begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
+ \bl{nullable ($\varnothing$)} & \bl{$=$} & \bl{false} &\\
+ \bl{nullable ([])} & \bl{$=$} & \bl{true} &\\
+ \bl{nullable (c)} & \bl{$=$} & \bl{false} &\\
+ \bl{nullable (r$_1$ + r$_2$)} & \bl{$=$} & \bl{nullable r$_1$ $\vee$ nullable r$_2$} & \\
+ \bl{nullable (r$_1$ $\cdot$ r$_2$)} & \bl{$=$} & \bl{nullable r$_1$ $\wedge$ nullable r$_2$} & \\
+ \bl{nullable (r$^*$)} & \bl{$=$} & \bl{true} & \\
+ \end{tabular}\medskip
+
+ \begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
+ \bl{der c ($\varnothing$)} & \bl{$=$} & \bl{$\varnothing$} & \\
+ \bl{der c ([])} & \bl{$=$} & \bl{$\varnothing$} & \\
+ \bl{der c (d)} & \bl{$=$} & \bl{if c = d then [] else $\varnothing$} & \\
+ \bl{der c (r$_1$ + r$_2$)} & \bl{$=$} & \bl{(der c r$_1$) + (der c r$_2$)} & \\
+ \bl{der c (r$_1$ $\cdot$ r$_2$)} & \bl{$=$} & \bl{((der c r$_1$) $\cdot$ r$_2$)} & \\
+ & & \bl{\;\;+ (if nullable r$_1$ then der c r$_2$ else $\varnothing$)}\\
+ \bl{der c (r$^*$)} & \bl{$=$} & \bl{(der c r) $\cdot$ r$^*$} &\smallskip\\
+
+ \bl{derivative r []} & \bl{$=$} & \bl{r} & \\
+ \bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \\
+ \end{tabular}\medskip
+
+ \bl{matches$_2$ r s $=$ nullable (derivative r s)}
+
+ \begin{textblock}{6}(9.5,0.9)
+ \begin{flushright}
+ \color{gray}``if r matches []''
+ \end{flushright}
+ \end{textblock}
+
+ \begin{textblock}{6}(9.5,6.18)
+ \begin{flushright}
+ \color{gray}``derivative w.r.t.~a char''
+ \end{flushright}
+ \end{textblock}
+
+ \begin{textblock}{6}(9.5,12.1)
+ \begin{flushright}
+ \color{gray}``deriv.~w.r.t.~a string''
+ \end{flushright}
+ \end{textblock}
+
+ \begin{textblock}{6}(9.5,13.98)
+ \begin{flushright}
+ \color{gray}``main''
+ \end{flushright}
+ \end{textblock}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \frametitle{Is the Matcher Error-Free?}
+
+ We expect that
+
+ \begin{center}
+ \begin{tabular}{lcl}
+ \bl{matches$_2$ r s = true} & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
+ \only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\in$ \LL(r)}\\
+ \bl{matches$_2$ r s = false} & \only<1>{\rd{$\Longrightarrow\,\,$}}\only<2>{\rd{$\Longleftarrow\,\,$}}%
+ \only<3->{\rd{$\Longleftrightarrow$}} & \bl{s $\notin$ \LL(r)}\\
+ \end{tabular}
+ \end{center}
+ \pause\pause\bigskip
+ ??? By \alert<4->{induction}, we can {\bf prove} these properties.\bigskip
+
+ \begin{tabular}{lrcl}
+ Lemmas: & \bl{nullable (r)} & \bl{$\Longleftrightarrow$} & \bl{[] $\in$ \LL (r)}\\
+ & \bl{s $\in$ \LL (der c r)} & \bl{$\Longleftrightarrow$} & \bl{(c::s) $\in$ \LL (r)}\\
+ \end{tabular}
+
+ \only<4->{
+ \begin{textblock}{3}(0.9,4.5)
+ \rd{\huge$\forall$\large{}r s.}
+ \end{textblock}}
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1>[c]
+ \frametitle{
+ \begin{tabular}{c}
+ \mbox{}\\[23mm]
+ \LARGE Demo
+ \end{tabular}}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+
+ \mbox{}\\[-2mm]
+
+ \small
+ \begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}ll@ {}}
+ \bl{nullable (NULL)} & \bl{$=$} & \bl{false} &\\
+ \bl{nullable (EMPTY)} & \bl{$=$} & \bl{true} &\\
+ \bl{nullable (CHR c)} & \bl{$=$} & \bl{false} &\\
+ \bl{nullable (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) orelse (nullable r$_2$)} & \\
+ \bl{nullable (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{(nullable r$_1$) andalso (nullable r$_2$)} & \\
+ \bl{nullable (STAR r)} & \bl{$=$} & \bl{true} & \\
+ \end{tabular}\medskip
+
+ \begin{tabular}{@ {}l@ {\hspace{2mm}}c@ {\hspace{2mm}}l@ {\hspace{-10mm}}l@ {}}
+ \bl{der c (NULL)} & \bl{$=$} & \bl{NULL} & \\
+ \bl{der c (EMPTY)} & \bl{$=$} & \bl{NULL} & \\
+ \bl{der c (CHR d)} & \bl{$=$} & \bl{if c=d then EMPTY else NULL} & \\
+ \bl{der c (ALT r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (der c r$_1$) (der c r$_2$)} & \\
+ \bl{der c (SEQ r$_1$ r$_2$)} & \bl{$=$} & \bl{ALT (SEQ (der c r$_1$) r$_2$)} & \\
+ & & \bl{\phantom{ALT} (if nullable r$_1$ then der c r$_2$ else NULL)}\\
+ \bl{der c (STAR r)} & \bl{$=$} & \bl{SEQ (der c r) (STAR r)} &\smallskip\\
+
+ \bl{derivative r []} & \bl{$=$} & \bl{r} & \\
+ \bl{derivative r (c::s)} & \bl{$=$} & \bl{derivative (der c r) s} & \\
+ \end{tabular}\medskip
+
+ \bl{matches r s $=$ nullable (derivative r s)}
+
+ \only<2>{
+ \begin{textblock}{8}(1.5,4)
+ \includegraphics[scale=0.3]{approved.png}
+ \end{textblock}}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{No Automata?}
+
+ You might be wondering why I did not use any automata?
+
+ \begin{itemize}
+ \item {\bf Def.:} A \alert{regular language} is one where there is a DFA that
+ recognises it.\bigskip\pause
+ \end{itemize}
+
+
+ There are many reasons why this is a good definition:\medskip
+ \begin{itemize}
+ \item pumping lemma
+ \item closure properties of regular languages\\ (e.g.~closure under complement)
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[t]
+ \frametitle{Really Bad News!}
+
+ DFAs are bad news for formalisations in theorem provers. They might
+ be represented as:
+
+ \begin{itemize}
+ \item graphs
+ \item matrices
+ \item partial functions
+ \end{itemize}
+
+ All constructions are messy to reason about.\bigskip\bigskip
+ \pause
+
+ \small
+ \only<2>{
+ Constable et al needed (on and off) 18 months for a 3-person team
+ to formalise automata theory in Nuprl including Myhill-Nerode. There is
+ only very little other formalised work on regular languages I know of
+ in Coq, Isabelle and HOL.}
+ \only<3>{Typical textbook reasoning goes like: ``\ldots if \smath{M} and \smath{N} are any two
+ automata with no inaccessible states \ldots''
+ }
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{}
+ \large
+ \begin{center}
+ \begin{tabular}{p{9cm}}
+ My point:\bigskip\\
+
+ The theory about regular languages can be reformulated
+ to be more suitable for theorem proving.
+ \end{tabular}
+ \end{center}
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE The Myhill-Nerode Theorem}
+
+ \begin{itemize}
+ \item provides necessary and suf\!ficient conditions for a language
+ being regular (pumping lemma only necessary)\medskip
+
+ \item will help with closure properties of regular languages\bigskip\pause
+
+ \item key is the equivalence relation:\smallskip
+ \begin{center}
+ \smath{x \approx_{L} y \,\dn\, \forall z.\; x @ z \in L \Leftrightarrow y @ z \in L}
+ \end{center}
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE The Myhill-Nerode Theorem}
+
+ \mbox{}\\[5cm]
+
+ \begin{itemize}
+ \item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}}
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Equivalence Classes}
+
+ \begin{itemize}
+ \item \smath{L = []}
+ \begin{center}
+ \smath{\Big\{\{[]\},\; U\!N\!IV - \{[]\}\Big\}}
+ \end{center}\bigskip\bigskip
+
+ \item \smath{L = [c]}
+ \begin{center}
+ \smath{\Big\{\{[]\},\; \{[c]\},\; U\!N\!IV - \{[], [c]\}\Big\}}
+ \end{center}\bigskip\bigskip
+
+ \item \smath{L = \varnothing}
+ \begin{center}
+ \smath{\Big\{U\!N\!IV\Big\}}
+ \end{center}
+
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Regular Languages}
+
+ \begin{itemize}
+ \item \smath{L} is regular \smath{\dn} if there is an automaton \smath{M}
+ such that \smath{\mathbb{L}(M) = L}\\[1.5cm]
+
+ \item Myhill-Nerode:
+
+ \begin{center}
+ \begin{tabular}{l}
+ finite $\Rightarrow$ regular\\
+ \;\;\;\smath{\text{finite}\,(U\!N\!IV /\!/ \approx_L) \Rightarrow \exists r. L = \mathbb{L}(r)}\\[3mm]
+ regular $\Rightarrow$ finite\\
+ \;\;\;\smath{\text{finite}\, (U\!N\!IV /\!/ \approx_{\mathbb{L}(r)})}
+ \end{tabular}
+ \end{center}
+
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Final States}
+
+ \mbox{}\\[3cm]
+
+ \begin{itemize}
+ \item ??? \smath{\text{final}_L\,X \dn \{[|s|]_\approx\;|\; s \in X\}}\\
+ \medskip
+
+ \item we can prove: \smath{L = \bigcup \{X\;|\;\text{final}_L\,X\}}
+
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Transitions between\\[-3mm] Equivalence Classes}
+
+ \smath{L = \{[c]\}}
+
+ \begin{tabular}{@ {\hspace{-7mm}}cc}
+ \begin{tabular}{c}
+ \begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick]
+ \tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+
+ %\draw[help lines] (0,0) grid (3,2);
+
+ \node[state,initial] (q_0) {$R_1$};
+ \node[state,accepting] (q_1) [above right of=q_0] {$R_2$};
+ \node[state] (q_2) [below right of=q_0] {$R_3$};
+
+ \path[->] (q_0) edge node {c} (q_1)
+ edge node [swap] {$\Sigma-{c}$} (q_2)
+ (q_2) edge [loop below] node {$\Sigma$} ()
+ (q_1) edge node {$\Sigma$} (q_2);
+ \end{tikzpicture}
+ \end{tabular}
+ &
+ \begin{tabular}[t]{ll}
+ \\[-20mm]
+ \multicolumn{2}{l}{\smath{U\!N\!IV /\!/\approx_L} produces}\\[4mm]
+
+ \smath{R_1}: & \smath{\{[]\}}\\
+ \smath{R_2}: & \smath{\{[c]\}}\\
+ \smath{R_3}: & \smath{U\!N\!IV - \{[], [c]\}}\\[6mm]
+ \multicolumn{2}{l}{\onslide<2->{\smath{X \stackrel{c}{\longrightarrow} Y \dn X ;; [c] \subseteq Y}}}
+ \end{tabular}
+
+ \end{tabular}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Systems of Equations}
+
+ Inspired by a method of Brzozowski\;'64, we can build an equational system
+ characterising the equivalence classes:
+
+ \begin{center}
+ \begin{tabular}{@ {\hspace{-20mm}}c}
+ \\[-13mm]
+ \begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick]
+ \tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+
+ %\draw[help lines] (0,0) grid (3,2);
+
+ \node[state,initial] (p_0) {$R_1$};
+ \node[state,accepting] (p_1) [right of=q_0] {$R_2$};
+
+ \path[->] (p_0) edge [bend left] node {a} (p_1)
+ edge [loop above] node {b} ()
+ (p_1) edge [loop above] node {a} ()
+ edge [bend left] node {b} (p_0);
+ \end{tikzpicture}\\
+ \\[-13mm]
+ \end{tabular}
+ \end{center}
+
+ \begin{center}
+ \begin{tabular}{@ {\hspace{-6mm}}ll@ {\hspace{1mm}}c@ {\hspace{1mm}}l}
+ & \smath{R_1} & \smath{\equiv} & \smath{R_1;b + R_2;b \onslide<2->{\alert<2>{+ \lambda;[]}}}\\
+ & \smath{R_2} & \smath{\equiv} & \smath{R_1;a + R_2;a}\medskip\\
+ \onslide<3->{we can prove}
+ & \onslide<3->{\smath{R_1}} & \onslide<3->{\smath{=}}
+ & \onslide<3->{\smath{R_1; \mathbb{L}(b) \,\cup\, R_2;\mathbb{L}(b) \,\cup\, \{[]\};\{[]\}}}\\
+ & \onslide<3->{\smath{R_2}} & \onslide<3->{\smath{=}}
+ & \onslide<3->{\smath{R_1; \mathbb{L}(a) \,\cup\, R_2;\mathbb{L}(a)}}\\
+ \end{tabular}
+ \end{center}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1>[t]
+ \small
+
+ \begin{center}
+ \begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+ \onslide<1->{\smath{R_1}} & \onslide<1->{\smath{=}}
+ & \onslide<1->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+ \onslide<1->{\smath{R_2}} & \onslide<1->{\smath{=}}
+ & \onslide<1->{\smath{R_1; a + R_2; a}}\\
+
+ & & & \onslide<2->{by Arden}\\
+
+ \onslide<2->{\smath{R_1}} & \onslide<2->{\smath{=}}
+ & \onslide<2->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+ \onslide<2->{\smath{R_2}} & \onslide<2->{\smath{=}}
+ & \only<2>{\smath{R_1; a + R_2; a}}%
+ \only<3->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<4->{by Arden}\\
+
+ \onslide<4->{\smath{R_1}} & \onslide<4->{\smath{=}}
+ & \onslide<4->{\smath{R_2; b \cdot b^\star+ \lambda;b^\star}}\\
+ \onslide<4->{\smath{R_2}} & \onslide<4->{\smath{=}}
+ & \onslide<4->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<5->{by substitution}\\
+
+ \onslide<5->{\smath{R_1}} & \onslide<5->{\smath{=}}
+ & \onslide<5->{\smath{R_1; a\cdot a^\star \cdot b \cdot b^\star+ \lambda;b^\star}}\\
+ \onslide<5->{\smath{R_2}} & \onslide<5->{\smath{=}}
+ & \onslide<5->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<6->{by Arden}\\
+
+ \onslide<6->{\smath{R_1}} & \onslide<6->{\smath{=}}
+ & \onslide<6->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+ \onslide<6->{\smath{R_2}} & \onslide<6->{\smath{=}}
+ & \onslide<6->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<7->{by substitution}\\
+
+ \onslide<7->{\smath{R_1}} & \onslide<7->{\smath{=}}
+ & \onslide<7->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+ \onslide<7->{\smath{R_2}} & \onslide<7->{\smath{=}}
+ & \onslide<7->{\smath{\lambda; b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star
+ \cdot a\cdot a^\star}}\\
+ \end{tabular}
+ \end{center}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE A Variant of Arden's Lemma}
+
+ {\bf Arden's Lemma:}\smallskip
+
+ If \smath{[] \not\in A} then
+ \begin{center}
+ \smath{X = X; A + \text{something}}
+ \end{center}
+ has the (unique) solution
+ \begin{center}
+ \smath{X = \text{something} ; A^\star}
+ \end{center}
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1->[t]
+ \small
+
+ \begin{center}
+ \begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+ \onslide<1->{\smath{R_1}} & \onslide<1->{\smath{=}}
+ & \onslide<1->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+ \onslide<1->{\smath{R_2}} & \onslide<1->{\smath{=}}
+ & \onslide<1->{\smath{R_1; a + R_2; a}}\\
+
+ & & & \onslide<2->{by Arden}\\
+
+ \onslide<2->{\smath{R_1}} & \onslide<2->{\smath{=}}
+ & \onslide<2->{\smath{R_1; b + R_2; b + \lambda;[]}}\\
+ \onslide<2->{\smath{R_2}} & \onslide<2->{\smath{=}}
+ & \only<2>{\smath{R_1; a + R_2; a}}%
+ \only<3->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<4->{by Arden}\\
+
+ \onslide<4->{\smath{R_1}} & \onslide<4->{\smath{=}}
+ & \onslide<4->{\smath{R_2; b \cdot b^\star+ \lambda;b^\star}}\\
+ \onslide<4->{\smath{R_2}} & \onslide<4->{\smath{=}}
+ & \onslide<4->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<5->{by substitution}\\
+
+ \onslide<5->{\smath{R_1}} & \onslide<5->{\smath{=}}
+ & \onslide<5->{\smath{R_1; a\cdot a^\star \cdot b \cdot b^\star+ \lambda;b^\star}}\\
+ \onslide<5->{\smath{R_2}} & \onslide<5->{\smath{=}}
+ & \onslide<5->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<6->{by Arden}\\
+
+ \onslide<6->{\smath{R_1}} & \onslide<6->{\smath{=}}
+ & \onslide<6->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+ \onslide<6->{\smath{R_2}} & \onslide<6->{\smath{=}}
+ & \onslide<6->{\smath{R_1; a\cdot a^\star}}\\
+
+ & & & \onslide<7->{by substitution}\\
+
+ \onslide<7->{\smath{R_1}} & \onslide<7->{\smath{=}}
+ & \onslide<7->{\smath{\lambda;b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star}}\\
+ \onslide<7->{\smath{R_2}} & \onslide<7->{\smath{=}}
+ & \onslide<7->{\smath{\lambda; b^\star\cdot (a\cdot a^\star \cdot b \cdot b^\star)^\star
+ \cdot a\cdot a^\star}}\\
+ \end{tabular}
+ \end{center}
+
+ \only<8->{
+ \begin{textblock}{6}(2.5,4)
+ \begin{block}{}
+ \begin{minipage}{8cm}\raggedright
+
+ \begin{tikzpicture}[shorten >=1pt,node distance=2cm,auto, ultra thick, inner sep=1mm]
+ \tikzstyle{state}=[circle,thick,draw=blue!75,fill=blue!20,minimum size=0mm]
+
+ %\draw[help lines] (0,0) grid (3,2);
+
+ \node[state,initial] (p_0) {$R_1$};
+ \node[state,accepting] (p_1) [right of=q_0] {$R_2$};
+
+ \path[->] (p_0) edge [bend left] node {a} (p_1)
+ edge [loop above] node {b} ()
+ (p_1) edge [loop above] node {a} ()
+ edge [bend left] node {b} (p_0);
+ \end{tikzpicture}
+
+ \end{minipage}
+ \end{block}
+ \end{textblock}}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE The Equ's Solving Algorithm}
+
+ \begin{itemize}
+ \item The algorithm must terminate: Arden makes one equation smaller;
+ substitution deletes one variable from the right-hand sides.\bigskip
+
+ \item We need to maintain the invariant that Arden is applicable
+ (if \smath{[] \not\in A} then \ldots):\medskip
+
+ \begin{center}\small
+ \begin{tabular}{l@ {\hspace{1mm}}c@ {\hspace{1mm}}ll}
+ \smath{R_1} & \smath{=} & \smath{R_1; b + R_2; b + \lambda;[]}\\
+ \smath{R_2} & \smath{=} & \smath{R_1; a + R_2; a}\\
+
+ & & & by Arden\\
+
+ \smath{R_1} & \smath{=} & \smath{R_1; b + R_2; b + \lambda;[]}\\
+ \smath{R_2} & \smath{=} & \smath{R_1; a\cdot a^\star}\\
+ \end{tabular}
+ \end{center}
+
+ \end{itemize}
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Other Direction}
+
+ One has to prove
+
+ \begin{center}
+ \smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r)})}
+ \end{center}
+
+ by induction on \smath{r}. Not trivial, but after a bit
+ of thinking, one can prove that if
+
+ \begin{center}
+ \smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_1)})}\hspace{5mm}
+ \smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_2)})}
+ \end{center}
+
+ then
+
+ \begin{center}
+ \smath{\text{finite} (U\!N\!IV /\!/ \approx_{\mathbb{L}(r_1) \,\cup\, \mathbb{L}(r_2)})}
+ \end{center}
+
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE What Have We Achieved?}
+
+ \begin{itemize}
+ \item \smath{\text{finite}\, (U\!N\!IV /\!/ \approx_L) \;\Leftrightarrow\; L\; \text{is regular}}
+ \bigskip\pause
+ \item regular languages are closed under complementation; this is now easy\medskip
+ \begin{center}
+ \smath{U\!N\!IV /\!/ \approx_L \;\;=\;\; U\!N\!IV /\!/ \approx_{-L}}
+ \end{center}
+ \end{itemize}
+
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Examples}
+
+ \begin{itemize}
+ \item \smath{L \equiv \Sigma^\star 0 \Sigma} is regular
+ \begin{quote}\small
+ \begin{tabular}{lcl}
+ \smath{A_1} & \smath{=} & \smath{\Sigma^\star 00}\\
+ \smath{A_2} & \smath{=} & \smath{\Sigma^\star 01}\\
+ \smath{A_3} & \smath{=} & \smath{\Sigma^\star 10 \cup \{0\}}\\
+ \smath{A_4} & \smath{=} & \smath{\Sigma^\star 11 \cup \{1\} \cup \{[]\}}\\
+ \end{tabular}
+ \end{quote}
+
+ \item \smath{L \equiv \{ 0^n 1^n \,|\, n \ge 0\}} is not regular
+ \begin{quote}\small
+ \begin{tabular}{lcl}
+ \smath{B_0} & \smath{=} & \smath{\{0^n 1^n \,|\, n \ge 0\}}\\
+ \smath{B_1} & \smath{=} & \smath{\{0^n 1^{(n-1)} \,|\, n \ge 1\}}\\
+ \smath{B_2} & \smath{=} & \smath{\{0^n 1^{(n-2)} \,|\, n \ge 2\}}\\
+ \smath{B_3} & \smath{=} & \smath{\{0^n 1^{(n-3)} \,|\, n \ge 3\}}\\
+ & \smath{\vdots} &\\
+ \end{tabular}
+ \end{quote}
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE What We Have Not Achieved}
+
+ \begin{itemize}
+ \item regular expressions are not good if you look for a minimal
+ one for a language (DFAs have this notion)\pause\bigskip
+
+ \item Is there anything to be said about context free languages:\medskip
+
+ \begin{quote}
+ A context free language is where every string can be recognised by
+ a pushdown automaton.\bigskip
+ \end{quote}
+ \end{itemize}
+
+ \textcolor{gray}{\footnotesize Yes. Derivatives also work for c-f grammars. Ongoing work.}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}[c]
+ \frametitle{\LARGE Conclusion}
+
+ \begin{itemize}
+ \item We formalised the Myhill-Nerode theorem based on
+ regular expressions only (DFAs are difficult to deal with in a theorem prover).\smallskip
+
+ \item Seems to be a common theme: algorithms need to be reformulated
+ to better suit formal treatment.\smallskip
+
+ \item The most interesting aspect is that we are able to
+ implement the matcher directly inside the theorem prover
+ (ongoing work).\smallskip
+
+ \item Parsing is a vast field which seem to offer new results.
+ \end{itemize}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+text_raw {*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ \mode<presentation>{
+ \begin{frame}<1>[b]
+ \frametitle{
+ \begin{tabular}{c}
+ \mbox{}\\[13mm]
+ \alert{\LARGE Thank you very much!}\\
+ \alert{\Large Questions?}
+ \end{tabular}}
+
+ \end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+*}
+
+
+
+(*<*)
+end
+(*>*)
\ No newline at end of file