(*<*)

theory Paper

imports "../Closures2" "../Attic/Prefix_subtract" 

begin

declare [[show_question_marks = false]]

consts

 REL :: "(string \<times> string) set"

 UPLUS :: "'a set \<Rightarrow> 'a set \<Rightarrow> (nat \<times> 'a) set"

abbreviation

  "EClass x R \<equiv> R `` {x}"

abbreviation

  "Append_rexp2 r_itm r == Append_rexp r r_itm"

abbreviation

  "pow" (infixl "\<up>" 100)

where

  "A \<up> n \<equiv> A ^^ n"

abbreviation "NULL \<equiv> Zero"

abbreviation "EMPTY \<equiv> One"

abbreviation "CHAR \<equiv> Atom"

abbreviation "ALT \<equiv> Plus"

abbreviation "SEQ \<equiv> Times"

abbreviation "STAR \<equiv> Star"

ML {* @{term "op ^^"} *}

notation (latex output)

  str_eq ("\<approx>\<^bsub>_\<^esub>") and

  str_eq_applied ("_ \<approx>\<^bsub>_\<^esub> _") and

  conc (infixr "\<cdot>" 100) and

  star ("_\<^bsup>\<star>\<^esup>") and

  pow ("_\<^bsup>_\<^esup>" [100, 100] 100) and

  Suc ("_+1" [100] 100) and

  quotient ("_ \<^raw:\ensuremath{\!\sslash\!}> _" [90, 90] 90) and

  REL ("\<approx>") and

  UPLUS ("_ \<^raw:\ensuremath{\uplus}> _" [90, 90] 90) and

  lang ("\<^raw:\ensuremath{\cal{L}}>'(_')" [0] 101) and

  Lam ("\<lambda>'(_')" [100] 100) and 

  Trn ("'(_, _')" [100, 100] 100) and 

  EClass ("\<lbrakk>_\<rbrakk>\<^bsub>_\<^esub>" [100, 100] 100) and

  transition ("_ \<^raw:\ensuremath{\stackrel{\text{>_\<^raw:}}{\Longmapsto}}> _" [100, 100, 100] 100) and

  Setalt ("\<^raw:\ensuremath{\bigplus}>_" [1000] 999) and

  Append_rexp2 ("_ \<^raw:\ensuremath{\triangleleft}> _" [100, 100] 100) and

  Append_rexp_rhs ("_ \<^raw:\ensuremath{\triangleleft}> _" [100, 100] 50) and

  uminus ("\<^raw:\ensuremath{\overline{>_\<^raw:}}>" [100] 100) and

  tag_Plus ("tag\<^isub>A\<^isub>L\<^isub>T _ _" [100, 100] 100) and

  tag_Plus ("tag\<^isub>A\<^isub>L\<^isub>T _ _ _" [100, 100, 100] 100) and

  tag_Times ("tag\<^isub>S\<^isub>E\<^isub>Q _ _" [100, 100] 100) and

  tag_Times ("tag\<^isub>S\<^isub>E\<^isub>Q _ _ _" [100, 100, 100] 100) and

  tag_Star ("tag\<^isub>S\<^isub>T\<^isub>A\<^isub>R _" [100] 100) and

  tag_Star ("tag\<^isub>S\<^isub>T\<^isub>A\<^isub>R _ _" [100, 100] 100)

lemma meta_eq_app:

  shows "f \<equiv> \<lambda>x. g x \<Longrightarrow> f x \<equiv> g x"

  by auto

lemma conc_def':

  "A \<cdot> B = {s\<^isub>1 @ s\<^isub>2 | s\<^isub>1 s\<^isub>2. s\<^isub>1 \<in> A \<and> s\<^isub>2 \<in> B}"

unfolding conc_def by simp

lemma str_eq_def':

  shows "x \<approx>A y \<equiv> (\<forall>z. x @ z \<in> A \<longleftrightarrow> y @ z \<in> A)"

unfolding str_eq_def by simp

(* THEOREMS *)

lemma conc_Union_left: 

  shows "B \<cdot> (\<Union>n. A \<up> n) = (\<Union>n. B \<cdot> (A \<up> n))"

unfolding conc_def by auto

notation (Rule output)

  "==>"  ("\<^raw:\mbox{}\inferrule{\mbox{>_\<^raw:}}>\<^raw:{\mbox{>_\<^raw:}}>")

syntax (Rule output)

  "_bigimpl" :: "asms \<Rightarrow> prop \<Rightarrow> prop"

  ("\<^raw:\mbox{}\inferrule{>_\<^raw:}>\<^raw:{\mbox{>_\<^raw:}}>")

  "_asms" :: "prop \<Rightarrow> asms \<Rightarrow> asms" 

  ("\<^raw:\mbox{>_\<^raw:}\\>/ _")

  "_asm" :: "prop \<Rightarrow> asms" ("\<^raw:\mbox{>_\<^raw:}>")

notation (Axiom output)

  "Trueprop"  ("\<^raw:\mbox{}\inferrule{\mbox{}}{\mbox{>_\<^raw:}}>")

notation (IfThen output)

  "==>"  ("\<^raw:{\normalsize{}>If\<^raw:\,}> _/ \<^raw:{\normalsize \,>then\<^raw:\,}>/ _.")

syntax (IfThen output)

  "_bigimpl" :: "asms \<Rightarrow> prop \<Rightarrow> prop"

  ("\<^raw:{\normalsize{}>If\<^raw:\,}> _ /\<^raw:{\normalsize \,>then\<^raw:\,}>/ _.")

  "_asms" :: "prop \<Rightarrow> asms \<Rightarrow> asms" ("\<^raw:\mbox{>_\<^raw:}> /\<^raw:{\normalsize \,>and\<^raw:\,}>/ _")

  "_asm" :: "prop \<Rightarrow> asms" ("\<^raw:\mbox{>_\<^raw:}>")

notation (IfThenNoBox output)

  "==>"  ("\<^raw:{\normalsize{}>If\<^raw:\,}> _/ \<^raw:{\normalsize \,>then\<^raw:\,}>/ _.")

syntax (IfThenNoBox output)

  "_bigimpl" :: "asms \<Rightarrow> prop \<Rightarrow> prop"

  ("\<^raw:{\normalsize{}>If\<^raw:\,}> _ /\<^raw:{\normalsize \,>then\<^raw:\,}>/ _.")

  "_asms" :: "prop \<Rightarrow> asms \<Rightarrow> asms" ("_ /\<^raw:{\normalsize \,>and\<^raw:\,}>/ _")

  "_asm" :: "prop \<Rightarrow> asms" ("_")

lemma pow_length:

  assumes a: "[] \<notin> A"

  and     b: "s \<in> A \<up> Suc n"

  shows "n < length s"

using b

proof (induct n arbitrary: s)

  case 0

  have "s \<in> A \<up> Suc 0" by fact

  with a have "s \<noteq> []" by auto

  then show "0 < length s" by auto

next

  case (Suc n)

  have ih: "\<And>s. s \<in> A \<up> Suc n \<Longrightarrow> n < length s" by fact

  have "s \<in> A \<up> Suc (Suc n)" by fact

  then obtain s1 s2 where eq: "s = s1 @ s2" and *: "s1 \<in> A" and **: "s2 \<in> A \<up> Suc n"

    by (auto simp add: Seq_def)

  from ih ** have "n < length s2" by simp

  moreover have "0 < length s1" using * a by auto

  ultimately show "Suc n < length s" unfolding eq 

    by (simp only: length_append)

qed

(*>*)

section {* Introduction *}

text {*

  Regular languages are an important and well-understood subject in Computer

  Science, with many beautiful theorems and many useful algorithms. There is a

  wide range of textbooks on this subject, many of which are aimed at students

  and contain very detailed `pencil-and-paper' proofs

  (e.g.~\cite{Kozen97}). It seems natural to exercise theorem provers by

  formalising the theorems and by verifying formally the algorithms.

  There is however a problem: the typical approach to regular languages is to

  introduce finite automata and then define everything in terms of them.  For

  example, a regular language is normally defined as one whose strings are

  recognised by a finite deterministic automaton. This approach has many

  benefits. Among them is the fact that it is easy to convince oneself that

  regular languages are closed under complementation: one just has to exchange

  the accepting and non-accepting states in the corresponding automaton to

  obtain an automaton for the complement language.  The problem, however, lies with

  formalising such reasoning in a HOL-based theorem prover, in our case

  Isabelle/HOL. Automata are built up from states and transitions that 

  need to be represented as graphs, matrices or functions, none

  of which can be defined as an inductive datatype. 

  In case of graphs and matrices, this means we have to build our own

  reasoning infrastructure for them, as neither Isabelle/HOL nor HOL4 nor

  HOLlight support them with libraries. Even worse, reasoning about graphs and

  matrices can be a real hassle in HOL-based theorem provers.  Consider for

  example the operation of sequencing two automata, say $A_1$ and $A_2$, by

  connecting the accepting states of $A_1$ to the initial state of $A_2$:\\[-5.5mm]  

  %  

  \begin{center}

  \begin{tabular}{ccc}

  \begin{tikzpicture}[scale=0.8]

  %\draw[step=2mm] (-1,-1) grid (1,1);

  \draw[rounded corners=1mm, very thick] (-1.0,-0.3) rectangle (-0.2,0.3);

  \draw[rounded corners=1mm, very thick] ( 0.2,-0.3) rectangle ( 1.0,0.3);

  \node (A) at (-1.0,0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (B) at ( 0.2,0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (C) at (-0.2, 0.13) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (D) at (-0.2,-0.13) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (E) at (1.0, 0.2) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (F) at (1.0,-0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (G) at (1.0,-0.2) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \draw (-0.6,0.0) node {\footnotesize$A_1$};

  \draw ( 0.6,0.0) node {\footnotesize$A_2$};

  \end{tikzpicture}

  & 

  \raisebox{1.1mm}{\bf\Large$\;\;\;\Rightarrow\,\;\;$}

  &

  \begin{tikzpicture}[scale=0.8]

  %\draw[step=2mm] (-1,-1) grid (1,1);

  \draw[rounded corners=1mm, very thick] (-1.0,-0.3) rectangle (-0.2,0.3);

  \draw[rounded corners=1mm, very thick] ( 0.2,-0.3) rectangle ( 1.0,0.3);

  \node (A) at (-1.0,0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (B) at ( 0.2,0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (C) at (-0.2, 0.13) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (D) at (-0.2,-0.13) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (E) at (1.0, 0.2) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (F) at (1.0,-0.0) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \node (G) at (1.0,-0.2) [circle, very thick, draw, fill=white, inner sep=0.4mm] {};

  \draw (C) to [very thick, bend left=45] (B);

  \draw (D) to [very thick, bend right=45] (B);

  \draw (-0.6,0.0) node {\footnotesize$A_1$};

  \draw ( 0.6,0.0) node {\footnotesize$A_2$};

  \end{tikzpicture}

  \end{tabular}

  \end{center}

  \noindent

  On `paper' we can define the corresponding graph in terms of the disjoint 

  union of the state nodes. Unfortunately in HOL, the standard definition for disjoint 

  union, namely 

  %

  \begin{equation}\label{disjointunion}

  @{term "UPLUS A\<^isub>1 A\<^isub>2 \<equiv> {(1, x) | x. x \<in> A\<^isub>1} \<union> {(2, y) | y. y \<in> A\<^isub>2}"}

  \end{equation}

  \noindent

  changes the type---the disjoint union is not a set, but a set of pairs. 

  Using this definition for disjoint union means we do not have a single type for automata

  and hence will not be able to state certain properties about \emph{all}

  automata, since there is no type quantification available in HOL (unlike in Coq, for example). An

  alternative, which provides us with a single type for automata, is to give every 

  state node an identity, for example a natural

  number, and then be careful to rename these identities apart whenever

  connecting two automata. This results in clunky proofs

  establishing that properties are invariant under renaming. Similarly,

  connecting two automata represented as matrices results in very adhoc

  constructions, which are not pleasant to reason about.

  Functions are much better supported in Isabelle/HOL, but they still lead to similar

  problems as with graphs.  Composing, for example, two non-deterministic automata in parallel

  requires also the formalisation of disjoint unions. Nipkow \cite{Nipkow98} 

  dismisses for this the option of using identities, because it leads according to 

  him to ``messy proofs''. He

  opts for a variant of \eqref{disjointunion} using bit lists, but writes 

  \begin{quote}

  \it%

  \begin{tabular}{@ {}l@ {}p{0.88\textwidth}@ {}}

  `` & All lemmas appear obvious given a picture of the composition of automata\ldots

       Yet their proofs require a painful amount of detail.''

  \end{tabular}

  \end{quote}

  \noindent

  and

  \begin{quote}

  \it%

  \begin{tabular}{@ {}l@ {}p{0.88\textwidth}@ {}}

  `` & If the reader finds the above treatment in terms of bit lists revoltingly

       concrete, I cannot disagree. A more abstract approach is clearly desirable.''

  \end{tabular}

  \end{quote}

  \noindent

  Moreover, it is not so clear how to conveniently impose a finiteness condition 

  upon functions in order to represent \emph{finite} automata. The best is

  probably to resort to more advanced reasoning frameworks, such as \emph{locales}

  or \emph{type classes},

  which are \emph{not} available in all HOL-based theorem provers.

  Because of these problems to do with representing automata, there seems

  to be no substantial formalisation of automata theory and regular languages 

  carried out in HOL-based theorem provers. Nipkow  \cite{Nipkow98} establishes

  the link between regular expressions and automata in

  the context of lexing. Berghofer and Reiter \cite{BerghoferReiter09} 

  formalise automata working over 

  bit strings in the context of Presburger arithmetic.

  The only larger formalisations of automata theory 

  are carried out in Nuprl \cite{Constable00} and in Coq \cite{Filliatre97}.

  In this paper, we will not attempt to formalise automata theory in

  Isabelle/HOL, but take a different approach to regular

  languages. Instead of defining a regular language as one where there exists

  an automaton that recognises all strings of the language, we define a

  regular language as:

  \begin{definition}

  A language @{text A} is \emph{regular}, provided there is a regular expression that matches all

  strings of @{text "A"}.

  \end{definition}

  \noindent

  The reason is that regular expressions, unlike graphs, matrices and functions, can

  be easily defined as inductive datatype. Consequently a corresponding reasoning 

  infrastructure comes for free. This has recently been exploited in HOL4 with a formalisation

  of regular expression matching based on derivatives \cite{OwensSlind08} and

  with an equivalence checker for regular expressions in Isabelle/HOL \cite{KraussNipkow11}.  

  The purpose of this paper is to

  show that a central result about regular languages---the Myhill-Nerode theorem---can 

  be recreated by only using regular expressions. This theorem gives necessary

  and sufficient conditions for when a language is regular. As a corollary of this

  theorem we can easily establish the usual closure properties, including 

  complementation, for regular languages.\smallskip

  \noindent

  {\bf Contributions:} 

  There is an extensive literature on regular languages.

  To our best knowledge, our proof of the Myhill-Nerode theorem is the

  first that is based on regular expressions, only. We prove the part of this theorem 

  stating that a regular expression has only finitely many partitions using certain 

  tagging-functions. Again to our best knowledge, these tagging-functions have

  not been used before to establish the Myhill-Nerode theorem.

*}

section {* Preliminaries *}

text {*

  Strings in Isabelle/HOL are lists of characters with the \emph{empty string}

  being represented by the empty list, written @{term "[]"}.  \emph{Languages}

  are sets of strings. The language containing all strings is written in

  Isabelle/HOL as @{term "UNIV::string set"}. The concatenation of two languages 

  is written @{term "A \<cdot> B"} and a language raised to the power @{text n} is written 

  @{term "A \<up> n"}. They are defined as usual

  \begin{center}

  @{thm conc_def'[THEN eq_reflection, where A1="A" and B1="B"]}

  \hspace{7mm}

  @{thm lang_pow.simps(1)[THEN eq_reflection, where A1="A"]}

  \hspace{7mm}

  @{thm lang_pow.simps(2)[THEN eq_reflection, where A1="A" and n1="n"]}

  \end{center}

  \noindent

  where @{text "@"} is the list-append operation. The Kleene-star of a language @{text A}

  is defined as the union over all powers, namely @{thm star_def}. In the paper

  we will make use of the following properties of these constructions.

  \begin{proposition}\label{langprops}\mbox{}\\

  \begin{tabular}{@ {}ll}

  (i)   & @{thm star_unfold_left}     \\ 

  (ii)  & @{thm[mode=IfThen] pow_length}\\

  (iii) & @{thm conc_Union_left} \\ 

  \end{tabular}

  \end{proposition}

  \noindent

  In @{text "(ii)"} we use the notation @{term "length s"} for the length of a

  string; this property states that if \mbox{@{term "[] \<notin> A"}} then the lengths of

  the strings in @{term "A \<up> (Suc n)"} must be longer than @{text n}.  We omit

  the proofs for these properties, but invite the reader to consult our

  formalisation.\footnote{Available at \url{http://www4.in.tum.de/~urbanc/regexp.html}}

  The notation in Isabelle/HOL for the quotient of a language @{text A} according to an 

  equivalence relation @{term REL} is @{term "A // REL"}. We will write 

  @{text "\<lbrakk>x\<rbrakk>\<^isub>\<approx>"} for the equivalence class defined 

  as \mbox{@{text "{y | y \<approx> x}"}}.

  Central to our proof will be the solution of equational systems

  involving equivalence classes of languages. For this we will use Arden's Lemma \cite{Brzozowski64},

  which solves equations of the form @{term "X = A \<cdot> X \<union> B"} provided

  @{term "[] \<notin> A"}. However we will need the following `reverse' 

  version of Arden's Lemma (`reverse' in the sense of changing the order of @{term "A \<cdot> X"} to

  \mbox{@{term "X \<cdot> A"}}).

  \begin{lemma}[Reverse Arden's Lemma]\label{arden}\mbox{}\\

  If @{thm (prem 1) reversed_Arden} then

  @{thm (lhs) reversed_Arden} if and only if

  @{thm (rhs) reversed_Arden}.

  \end{lemma}

  \begin{proof}

  For the right-to-left direction we assume @{thm (rhs) reversed_Arden} and show

  that @{thm (lhs) reversed_Arden} holds. From Prop.~\ref{langprops}@{text "(i)"} 

  we have @{term "A\<star> = {[]} \<union> A \<cdot> A\<star>"},

  which is equal to @{term "A\<star> = {[]} \<union> A\<star> \<cdot> A"}. Adding @{text B} to both 

  sides gives @{term "B \<cdot> A\<star> = B \<cdot> ({[]} \<union> A\<star> \<cdot> A)"}, whose right-hand side

  is equal to @{term "(B \<cdot> A\<star>) \<cdot> A \<union> B"}. This completes this direction. 

  For the other direction we assume @{thm (lhs) reversed_Arden}. By a simple induction

  on @{text n}, we can establish the property

  \begin{center}

  @{text "(*)"}\hspace{5mm} @{thm (concl) reversed_arden_helper}

  \end{center}

  \noindent

  Using this property we can show that @{term "B \<cdot> (A \<up> n) \<subseteq> X"} holds for

  all @{text n}. From this we can infer @{term "B \<cdot> A\<star> \<subseteq> X"} using the definition

  of @{text "\<star>"}.

  For the inclusion in the other direction we assume a string @{text s}

  with length @{text k} is an element in @{text X}. Since @{thm (prem 1) reversed_Arden}

  we know by Prop.~\ref{langprops}@{text "(ii)"} that 

  @{term "s \<notin> X \<cdot> (A \<up> Suc k)"} since its length is only @{text k}

  (the strings in @{term "X \<cdot> (A \<up> Suc k)"} are all longer). 

  From @{text "(*)"} it follows then that

  @{term s} must be an element in @{term "(\<Union>m\<in>{0..k}. B \<cdot> (A \<up> m))"}. This in turn

  implies that @{term s} is in @{term "(\<Union>n. B \<cdot> (A \<up> n))"}. Using Prop.~\ref{langprops}@{text "(iii)"} 

  this is equal to @{term "B \<cdot> A\<star>"}, as we needed to show.\qed

  \end{proof}

  \noindent

  Regular expressions are defined as the inductive datatype

  \begin{center}

  @{text r} @{text "::="}

  @{term NULL}\hspace{1.5mm}@{text"|"}\hspace{1.5mm} 

  @{term EMPTY}\hspace{1.5mm}@{text"|"}\hspace{1.5mm} 

  @{term "CHAR c"}\hspace{1.5mm}@{text"|"}\hspace{1.5mm} 

  @{term "SEQ r r"}\hspace{1.5mm}@{text"|"}\hspace{1.5mm} 

  @{term "ALT r r"}\hspace{1.5mm}@{text"|"}\hspace{1.5mm} 

  @{term "STAR r"}

  \end{center}

  \noindent

  and the language matched by a regular expression is defined as

  \begin{center}

  \begin{tabular}{c@ {\hspace{10mm}}c}

  \begin{tabular}{rcl}

  @{thm (lhs) lang.simps(1)} & @{text "\<equiv>"} & @{thm (rhs) lang.simps(1)}\\

  @{thm (lhs) lang.simps(2)} & @{text "\<equiv>"} & @{thm (rhs) lang.simps(2)}\\

  @{thm (lhs) lang.simps(3)[where a="c"]} & @{text "\<equiv>"} & @{thm (rhs) lang.simps(3)[where a="c"]}\\

  \end{tabular}

  &

  \begin{tabular}{rcl}

  @{thm (lhs) lang.simps(4)[where ?r="r\<^isub>1" and ?s="r\<^isub>2"]} & @{text "\<equiv>"} &

       @{thm (rhs) lang.simps(4)[where ?r="r\<^isub>1" and ?s="r\<^isub>2"]}\\

  @{thm (lhs) lang.simps(5)[where ?r="r\<^isub>1" and ?s="r\<^isub>2"]} & @{text "\<equiv>"} &

       @{thm (rhs) lang.simps(5)[where ?r="r\<^isub>1" and ?s="r\<^isub>2"]}\\

  @{thm (lhs) lang.simps(6)[where r="r"]} & @{text "\<equiv>"} &

      @{thm (rhs) lang.simps(6)[where r="r"]}\\

  \end{tabular}

  \end{tabular}

  \end{center}

  Given a finite set of regular expressions @{text rs}, we will make use of the operation of generating 

  a regular expression that matches the union of all languages of @{text rs}. We only need to know the 

  existence

  of such a regular expression and therefore we use Isabelle/HOL's @{const "fold_graph"} and Hilbert's

  @{text "\<epsilon>"} to define @{term "\<Uplus>rs"}. This operation, roughly speaking, folds @{const ALT} over the 

  set @{text rs} with @{const NULL} for the empty set. We can prove that for a finite set @{text rs}

  %

  \begin{equation}\label{uplus}

  \mbox{@{thm (lhs) folds_plus_simp} @{text "= \<Union> (\<calL> ` rs)"}}

  \end{equation}

  \noindent

  holds, whereby @{text "\<calL> ` rs"} stands for the 

  image of the set @{text rs} under function @{text "\<calL>"}.

*}

section {* The Myhill-Nerode Theorem, First Part *}

text {*

  The key definition in the Myhill-Nerode theorem is the

  \emph{Myhill-Nerode relation}, which states that w.r.t.~a language two 

  strings are related, provided there is no distinguishing extension in this

  language. This can be defined as a tertiary relation.

  \begin{definition}[Myhill-Nerode Relation] Given a language @{text A}, two strings @{text x} and

  @{text y} are Myhill-Nerode related provided

  \begin{center}

  @{thm str_eq_def'}

  \end{center}

  \end{definition}

  \noindent

  It is easy to see that @{term "\<approx>A"} is an equivalence relation, which

  partitions the set of all strings, @{text "UNIV"}, into a set of disjoint

  equivalence classes. To illustrate this quotient construction, let us give a simple 

  example: consider the regular language containing just

  the string @{text "[c]"}. The relation @{term "\<approx>({[c]})"} partitions @{text UNIV}

  into three equivalence classes @{text "X\<^isub>1"}, @{text "X\<^isub>2"} and  @{text "X\<^isub>3"}

  as follows

  \begin{center}