author | Christian Urban <urbanc@in.tum.de> |
Wed, 01 Mar 2017 13:57:18 +0000 | |
changeset 468 | c6308b24fa20 |
parent 465 | 4dac76eb27d9 |
permissions | -rw-r--r-- |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
<?xml version="1.0" encoding="utf-8"?> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
<html> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
<head> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
<title>Nominal Methods Group</title> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
<link rel="stylesheet" href="nominal.css"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
</head> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
<body> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
<div align="right" style="position:relative; left:15%; width:80%"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
<small> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
<SCRIPT LANGUAGE="JAVASCRIPT" type="text/javascript"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
<!-- |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
16 |
var r_text = new Array (); |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
r_text[0] = "<em>\"Proving theorems about substitutions (and related operations such as alpha-conversion) required far more time and HOL code than any other variety of theorem.\"<br><\/em>M. VanInwegen using a concrete representation for binders in her PhD-thesis, 1996"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
18 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
r_text[1] = "<em>\"When doing the formalization, I discovered that the core part of the proof... is fairly straightforward and only requires a good understanding of the paper version. However, in completing the proof I observed that in certain places I had to invest much more work than expected, e.g. proving lemmas about substitution and weakening.\"<\/em><br>T. Altenkirch using de Bruijn indices in Proc. of TLCA, 1993"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
20 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
r_text[2] = "<em>\"Technical work, however, still represents the biggest part of our implementation, mainly due to the managing of de Bruijn indexes...Of our 800 proved lemmas, about 600 are concerned with operators on free names.\"<\/em><br>D. Hirschkoff in Proc. of TPHOLs, 1997"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
r_text[3] = "<em>\"It took the author many long months to complete the work on this formalization...The part concerning substitution is by far the largest part of the whole development.\"<\/em><br>A. Koprowski using de Bruijn indices in a draft paper, 2006"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
24 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
25 |
r_text[4] = "<em>\"We thank T. Thacher Robinson for showing us on August 19, 1962 by a counterexample the existence of an error in our handling of bound variables.\"<\/em><br>S. Kleene in J. of Symbolic Logic 21(1):11-18, 1962"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
r_text[5] = "<em>\"The main drawback in HOAS is the difficulty of dealing with metatheoretic issues concerning names in processes...As a consequence, some metatheoretic properties involving substitution and freshness of names inside proofs and processes cannot be proved inside the framework and instead have to be postulated.\"<\/em><br>F. Honsell, M. Miculan and I. Scagnetto in Theoretical Computer Science, 253(2):239-285, 2001"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
r_text[6] = "<em>\"Because Twelf metatheorems are proved using totality assertions about LF type families, the class of metatheorems that can be mechanized is restricted to All/Exists-statements over LF types. On the one hand, as the successful Twelf formalizations cited in Section 5 demonstrate, these All/Exists-statements have proved to be sufficient for formalizing a wide variety of metatheorems about programming languages and logics. On the other hand, we have no way to quantify when metatheorems of this form will be sufficient, and there are some well-known examples of proofs that cannot be formalized directly using Twelf as metatheorem language. For example, proofs by logical relations often require more quantifier complexity than All/Exists-statements afford.\"<\/em><br>Robert Harper and Daniel Licata in a paper on Twelf, 2007"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
r_text[7] = "<em>\"So we cannot, hand-on-heart, recommend the vanilla LN style for anything but small, kernel language developments. \"<\/em><br>in F-ing Modules by Rossberg, Russo and Dreyer, TLDI 2010"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
33 |
r_text[8] = "<em>\"Higher-order abstract syntax is a convenient way to approach languages with binding, but it is possible to imagine a problem where manipulating a fully concrete object without binding is simpler. In these cases, it is possible to establish a bijection between your HOAS terms and de Bruijn versions of the same terms. \"<\/em><br>Interesting responses from the <A HREF=\"http://twelf.plparty.org/wiki/Ask_Twelf_Elf\">Twelf wiki.</A> (To be honest, the same comment applies to Nominal. --cu)"; |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
34 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
35 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
var i = Math.floor(r_text.length*Math.random()); |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
document.write(r_text[i]); |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
//--> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
</SCRIPT> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
</small> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
<H1>Barendregt's Substitution Lemma</H1> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
Let us explain one of our results with a simple proof about the lambda calculus. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
An informal "pencil-and-paper" proof there looks typically as follows (this one is taken from <A |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
HREF="http://www.cs.ru.nl/~henk/" target="_top">Barendregt's</A> classic book |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
on the lambda calculus): |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
<!-- Barendregt's proof --> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
56 |
<TABLE style="text-align: left; width: 90%;" BORDER=0 CELLSPACING=0 CELLPADDING=5> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
<TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
<TD style="background-color: rgb(180, 180, 180);"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
<B>2.1.16. Substitution Lemma:</B> If <I>x≠y</I> and <I>x</I> not free in <I>L</I>, |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
then |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
<TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
64 |
<TD style="background-color: rgb(180, 180, 180);"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
65 |
<CENTER><I>M[x:=N][y:=L] = M[y:=L][x:=N[y:=L]]</I>.</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
<TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
<TD style="background-color: rgb(210, 210, 210);"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
<B>Proof:</B> By induction on the structure of <I>M</I>. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
71 |
<DL> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
<DT>Case 1. <I>M</I> is a variable.<DD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
<DL> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
<DT>Case 1.1. <I>M=x</I>. Then both sides equal <I>N[y:=L]</I> since <I>x≠y</I>. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
<DT>Case 1.2. <I>M=y</I>. Then both sides equal <I>L</I>, for <I>x</I> not free in <I>L</I> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
implies <I>L[x:=...]=L</I>. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
<DT>Case 1.3. <I>M=z≠x,y</I>. Then both sides equal <I>z</I>. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
</DL></DD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
<DT>Case 2. <I>M=λz.M<SUB>1</SUB></I>. <DD>By the variable convention we may assume that |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
<I>z≠x,y</I> and <I>z</I> is not free in <I>N</I>, <I>L</I>. Then by the induction hypothesis<BR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
<TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
<TR><TD ALIGN=RIGHT><I>(λz.M<SUB>1</SUB>)[x:=N][y:=L]</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
<TD ALIGN=CENTER><I>=</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
<TD ALIGN=Left><I>λz.M<SUB>1</SUB>[x:=N][y:=L]</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
<TR><TD ALIGN=RIGHT> </TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
<TD ALIGN=CENTER><I>=</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
<TD ALIGN=Left><I>λz.M<SUB>1</SUB>[y:=L][x:=N[y:=L]]</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
<TR><TD ALIGN=RIGHT> </TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
<TD ALIGN=CENTER><I>=</I></TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
<TD ALIGN=Left><I>(λz.M<SUB>1</SUB>)[y:=L][x:=N[y:=L]]</I>.</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
<DT>Case 3. <I>M=M<SUB>1</SUB> M<SUB>2</SUB></I>.<DD>Then the statement follows |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
again from the induction hypothesis. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
</DL> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
100 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
101 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
We want to make it as easy as possible to formalise such informal proofs (and |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
more complicated ones). Inspired by the <A |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
HREF="http://fling-l.seas.upenn.edu/~plclub/cgi-bin/poplmark/" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
109 |
target="_top">PoplMark Challenge</A>, we want that masses use theorem |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
110 |
assistants to do their formal proofs. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
111 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
112 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
113 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
114 |
Since the kind of informal reasoning illustrated by Barendregt's proof is very |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
common in the literature on programming languages, it might be surprising that |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
116 |
implementing his proof |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
117 |
in a theorem assistant is not a trivial task. This is because he relies |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
118 |
implicitly on some assumptions and conventions. For example he states in his |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
119 |
book: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
120 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
121 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
122 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
<TABLE style="text-align: left; width: 90%;" BORDER=0 CELLSPACING=0 CELLPADDING=5> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
<TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
<TD style="background-color: rgb(180, 180, 180);"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
<B>2.1.12. Convention.</B> Terms that are α-congruent are identified. So now we |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
write <I>λx.x=λy.y</I>, etcetera. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
128 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
129 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
130 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
131 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
132 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
<TABLE style="text-align: left; width: 90%;" BORDER=0 CELLSPACING=0 CELLPADDING=5> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
<TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
136 |
<TD style="background-color: rgb(180, 180, 180);"> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
<B>2.1.13. Variable Convention.</B> If <I>M<SUB>1</SUB>,...,M<SUB>n</SUB></I> occur |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
in a certain mathematical context (e.g. definition, proof), then in these terms all |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
bound variables are chosen to be different from the free variables. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
144 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
145 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
146 |
The first convention is crucial for the proof above as it allows one to deal |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
with the variable case by using equational reasoning - one can just calculate |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
what the results of the substitutions are. If one uses un-equated, or raw, lambda-terms, |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
149 |
the same kind of reasoning cannot be performed (the reasoning then has to be |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
150 |
modulo α-equivalence, which causes a lot of headaches in |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
the lambda-case.) But if the data-structure over which the proof is |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
formulated is α-equivalence classes of lambda-terms, then what is the |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
principle "by induction over the structure of <I>M</I>"? There is an |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
induction principle "over the structure" for (un-equated) lambda-terms. But |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
quotening lambda-terms by α-equivalence does not automatically lead to |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
156 |
such a principle for α-equivalence classes. This seems to be a point |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
157 |
that is nearly always ignored in the literature. In fact it takes, as we have |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
158 |
shown in [1] and [2], some serious work to provide such an induction principle |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
159 |
for α-equivalence classes. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
160 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
161 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
162 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
163 |
The second problem for an implementation of Barendregt's proof is his use of |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
164 |
the variable convention: there is just no proof-principle "by convention" in a |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
theorem assistant. Taking a closer look at Barendregt's reasoning, it turns |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
166 |
out that for a proof obligation of the form "for all α-equated |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
lambda-terms <I>λz.M<SUB>1</SUB></I>...", he does not establish this |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
168 |
proof obligation for all <I>λz.M<SUB>1</SUB></I>, but only for some |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
169 |
carefully chosen α-equated lambda-terms, namely the ones for which |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
<I>z</I> is not free in <I>x,y,N</I> and <I>L</I>. This style of reasoning |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
171 |
clearly needs some justification and in fact depends on some assumptions of |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
172 |
the "context" of the induction. By "context" of the induction we mean the |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
173 |
variables <I>x,y,N</I> and <I>L</I>. When employing the variable convention in |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
174 |
a formal proof, one always implicitly assumes that one can choose a fresh name |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
175 |
for this context. This might, however, not always be possible, for example |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
176 |
when the context already mentions all names. Also we found out recently that the |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
177 |
use of the variable convention in proofs by rule-induction can lead to |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
178 |
faulty reasoning [5]. So our work introduces safeguards that ensure that the |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
179 |
use of the variable convention is always safe. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
180 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
181 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
182 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
183 |
One might conclude from our comments about Barendregt's proof that it is no |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
184 |
proof at all. This is, however, not the case! With Nominal Isabelle |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
185 |
and its infrastructure one can easily formalise his reasoning. One first |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
has to declare the structure of <U>α-equated</U> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
lambda-terms as a nominal datatype: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
188 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
191 |
<div class="codedisplay"> atom_decl name |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
192 |
nominal_datatype term = Var "name" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
193 |
| App "term" "term" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
194 |
| Lam "«name»term" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
195 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
197 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
198 |
Note though, that nominal datatypes are not datatypes in the traditional |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
199 |
sense, but stand for α-equivalence classes. Indeed we have for terms of |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
200 |
type <code>term</code> the equation(!) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
201 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
202 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
203 |
<div class="codedisplay"> lemma alpha: "Lam [a].(Var a) = Lam [b].(Var b)" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
204 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
206 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
207 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
208 |
which does not hold for traditional datatypes (note that we write |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
209 |
lambda-abstractions as <code>Lam [a].t</code>). The proof of the substitution |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
210 |
lemma can then be formalised as follows: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
211 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
212 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
213 |
<div class="codedisplay"> lemma substitution_lemma: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
214 |
assumes asm: "x≠y" "x#L" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
215 |
shows "M[x:=N][y:=L] = M[y:=L][x:=N[y:=L]]" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
216 |
using asm |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
217 |
by (nominal_induct M avoiding: x y N L rule: term.induct) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
218 |
(auto simp add: forget fresh_fact) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
219 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
220 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
221 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
222 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
223 |
where the assumption "<I>x</I> is fresh for <I>L</I>", written <code>x#L</code>, |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
224 |
encodes the usual relation of "<I>x</I> not free in <I>L</I>". The method |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
225 |
<code>nominal_induct</code> takes as arguments the variable over which the |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
226 |
induction is |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
227 |
performed (here <I>M</I>), and the context of the induction, which consists of |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
228 |
the variables mentioned in the variable convention (that is the part in |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
229 |
Barendregt's proof where he writes "...we may assume that <I>z≠x,y</I> and |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
<I>z</I> is not free in <I>N,L</I>"). The last argument of <code>nominal_induct</code> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
231 |
specifies which induction rule should be applied - in this case induction over |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
α-equated lambda-terms, an induction-principle Nominal Isabelle provides |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
automatically when the nominal datatype <code>term</code> is defined. The |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
implemented proof of the substitution lemma proceeds then completely |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
235 |
automatically, except for the need of having to mention the facts <code>forget</code> and |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
236 |
<code>fresh_fact</code>, which are proved separately (also by induction over |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
237 |
α-equated lambda-terms).</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
238 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
239 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
240 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
241 |
The lemma <code>forget</code> shows that if <I>x</I> is not |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
242 |
free in <I>L</I>, then <I>L[x:=...]=L</I> (Barendregt's Case 1.2). Its formalised proof |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
243 |
is as follows: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
244 |
</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
245 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
246 |
<div class="codedisplay"> lemma forget: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
247 |
assumes asm: "x#L" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
248 |
shows "L[x:=P] = L" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
249 |
using asm |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
250 |
by (nominal_induct L avoiding: x P rule: term.induct) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
251 |
(auto simp add: abs_fresh fresh_atm) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
252 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
253 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
254 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
255 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
256 |
In this proof <code>abs_fresh</code> is an automatically generated lemma that |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
257 |
establishes when <I>x</I> is fresh for a lambda-abstraction, namely <I>x#Lam |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
258 |
[z].P'</I> if and only if <I>x=z</I> or (<I>x≠z</I> and <I>x#P'</I>); |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
259 |
<code>fresh_atm</code> states that <I>x#y</I> if and only if <I>x≠y</I>. The lemma |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
260 |
<code>fresh_fact</code> proves the property that if <I>z</I> does not occur |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
261 |
freely in <I>N</I> and <I>L</I> then it also does not occur freely in |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
262 |
<I>N[y:=L]</I>. This fact can be formalised as follows:</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
263 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
264 |
<div class="codedisplay"> lemma fresh_fact: |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
265 |
assumes asm: "z#N" "z#L" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
266 |
shows "z#N[y:=L]" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
267 |
using asm |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
268 |
by (nominal_induct N avoiding: z y L rule: term.induct) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
269 |
(auto simp add: abs_fresh fresh_atm) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
270 |
</div> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
271 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
272 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
273 |
Although the latter lemma does not appear explicitly in Barendregt's reasoning, it is required |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
274 |
in the last step of the lambda-case (Case 2) where he pulls the substitution from under |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
275 |
the binder <I>z</I> (the interesting step is marked with a •):</P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
276 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
277 |
<TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
278 |
<TR><TD> </TD><TD><I>λz.(M<SUB>1</SUB>[y:=L][x:=N[y:=L]])</I></TD><TD> </TD></TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
279 |
<TR><TD>=</TD><TD><I>(λz.M<SUB>1</SUB>[y:=L])[x:=N[y:=L]]</I></TD><TD> •</TD></TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
280 |
<TR><TD>=</TD><TD><I>(λz.M<SUB>1</SUB>)[y:=L][x:=N[y:=L]]</I></TD><TD> </TD></TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
281 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
282 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
283 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
284 |
<P> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
285 |
After these 22 lines one has a completely formalised proof of the substitution |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
286 |
lemma. This proof does not rely on any axioms, apart from the ones on which |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
287 |
HOL is built. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
288 |
</P><BR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
289 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
290 |
<B>References</B><BR><BR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
291 |
<CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
292 |
<TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
293 |
<TR><TD WIDTH="7%" VALIGN=Top>[1]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
294 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
295 |
<B>Nominal Reasoning Techniques in Isabelle/HOL.</B> In |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
296 |
Journal of Automatic Reasoning, 2008, Vol. 40(4), 327-356. |
465 | 297 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/nom-tech.ps" target="_top">ps</A>]. |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
298 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
299 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
300 |
<TR><TD VALIGN=Top>[2]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
301 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
302 |
<B>A Formal Treatment of the Barendregt Variable Convention in Rule Inductions</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
303 |
(Christian Urban and Michael Norrish) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
304 |
Proceedings of the ACM Workshop on Mechanized Reasoning about Languages with Variable |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
305 |
Binding and Names (MERLIN 2005). Tallinn, Estonia. September 2005. Pages 25-32. © ACM, Inc. |
465 | 306 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/merlin-05.ps" target="_top">ps</A>] |
307 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/merlin-05.pdf" target="_top">pdf</A>] |
|
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
308 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
309 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
310 |
<TR><TD VALIGN=Top>[3]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
311 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
312 |
<B>A Recursion Combinator for Nominal Datatypes Implemented in Isabelle/HOL</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
313 |
(Christian Urban and Stefan Berghofer) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
314 |
Proceedings of the 3rd |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
315 |
International Joint Conference on Automated Deduction (IJCAR 2006). In volume 4130 of |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
316 |
Lecture Notes in Artificial Intelligence. Seattle, USA. August 2006. Pages 498-512. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
317 |
© <A HREF="http://link.springer.de/link/service/series/0558/" target="_top">Springer Verlag</A> |
465 | 318 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/ijcar-06.ps" target="_top">ps</A>] |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
319 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
320 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
321 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
322 |
<TR><TD VALIGN=Top>[4]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
323 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
324 |
<B>A Head-to-Head Comparison of de Bruijn Indices and Names.</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
325 |
(Stefan Berghofer and Christian Urban) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
326 |
Proceedings of the International Workshop on Logical Frameworks and |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
327 |
Meta-Languages: Theory and Practice (LFMTP 2006). Seattle, USA. ENTCS. Pages 53-67. |
465 | 328 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/lfmtp-06.ps" target="_top">ps</A>] |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
329 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
330 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
331 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
332 |
<TR><TD VALIGN=Top>[5]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
333 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
334 |
<B>Barendregt's Variable Convention in Rule Inductions.</B> (Christian |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
335 |
Urban, Stefan Berghofer and Michael Norrish) Proceedings of the 21th |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
336 |
Conference on Automated Deduction (CADE 2007). In volume 4603 of Lecture |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
337 |
Notes in Artificial Intelligence. Bremen, Germany. July 2007. Pages 35-50. |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
338 |
© <A HREF="http://link.springer.de/link/service/series/0558/tocs/t4603.htm" |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
339 |
target="_top">Springer Verlag</A> |
465 | 340 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/cade07.ps" target="_top">ps</A>] |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
341 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
342 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
343 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
344 |
<TR><TD VALIGN=Top>[6]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
345 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
346 |
<B>Mechanising the Metatheory of LF.</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
347 |
(Christian Urban, James Cheney and Stefan Berghofer) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
348 |
In Proc. of the 23rd IEEE Symposium on Logic in Computer Science (LICS 2008), IEEE Computer Society, |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
349 |
June 2008. Pages 45-56. |
465 | 350 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/lics-08.pdf">pdf</A>] More |
351 |
information <A HREF="http://nms.kcl.ac.uk/christian.urban/Nominal/LF/index.html">elsewhere</A>. |
|
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
352 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
353 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
354 |
<TR><TD VALIGN=Top>[7]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
355 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
356 |
<B>Proof Pearl: A New Foundation for Nominal Isabelle.</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
357 |
(Brian Huffman and Christian Urban) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
358 |
In Proc. of the 1st Conference on Interactive Theorem Proving (ITP 2010). In volume 6172 in |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
359 |
Lecture Notes in Computer Science, Pages 35-50, 2010. |
465 | 360 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/nominal-atoms.pdf">pdf</A>] |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
361 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
362 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
363 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
364 |
<TR><TD VALIGN=Top>[8]</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
365 |
<TD ALIGN=Left> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
366 |
<B>General Bindings and Alpha-Equivalence in Nominal Isabelle.</B> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
367 |
(Christian Urban and Cezary Kaliszyk) |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
368 |
In Proc. of the 20th European Symposium on Programming (ESOP 2011). |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
369 |
In Volume 6602 of Lecture Notes in Computer Science, Pages 480-500, 2011. |
465 | 370 |
[<A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/esop-11.pdf">pdf</A>] |
402
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
371 |
</TD> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
372 |
</TR> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
373 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
374 |
</TABLE> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
375 |
</CENTER> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
376 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
377 |
<P><!-- Created: Tue Mar 4 00:23:25 GMT 1997 --> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
378 |
<!-- hhmts start --> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
379 |
Last modified: Mon May 9 05:35:17 BST 2011 |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
380 |
<!-- hhmts end --> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
381 |
<a href="http://validator.w3.org/check/referer" target="_top">[Validate this page.]</a> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
382 |
|
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
383 |
</body> |
9e089afe5086
added Nominal
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
384 |
</html> |