| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Thu, 12 Sep 2013 10:34:11 +0200 | |
| changeset 385 | e5e32faa2446 |
| parent 374 | 01d223421ba0 |
| permissions | -rw-r--r-- |
|
374
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
\documentclass[12pt]{article}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
\usepackage{times}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
\usepackage{a4}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
\usepackage{hyperref}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
\usepackage[comma,square]{natbib}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
\usepackage{tikz}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
\usetikzlibrary{automata}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
\begin{document}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
{\bf Dear Dale, dear Reviewers,}\bigskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
Thank you very much for your time and effort in reviewing this paper. We really appreciate |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
16 |
this. However we passionately believe that the most important aspect of the paper has \underline{\bf no}t been taken into account
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
when reaching your decision, and that Referee No 3, who we assume has extensive expertise in |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
18 |
regular languages, has proved our point in his review. He brilliantly writes: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
20 |
\begin{quote}\it
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
``the Myhill-Nerode theorem admits a 15-20 lines fairly detailed proof |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
(e.g., see the one given on wikipedia) ; being able to formalise it |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
is not a real challenge from my point of view.'' |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
24 |
\end{quote}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
25 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
The problem is it \underline{\bf is} a challenge in theorem provers! And the
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
real value of the paper and its novelty is that this is a surprising fact, even for experts |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
in regular languages, as the report of Referee No 3 shows. Because it is |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
surprising, we really think the paper should appear in a more general journal than one |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
specialised on theorem provers (after all, many theorem prover people already |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
appreciate the difficulties; they |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
33 |
just did not know of a way how to overcome them elegantly). |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
34 |
We hope you share with us the belief that theorem prover proofs might not actually |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
35 |
be used in all subjects, but they are |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
the gold standard of proofs and all researchers should be aware of them.\medskip |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
We therefore kindly ask you to reconsider the decision from this |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
point of view and also ask you to consider the supporting |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
numbers, which we provided in the paper in order to prove that formalising automata theory \underline{\bf is} a challenge.
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
We list them below again for quick reference. |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
We are also happy to implement every improvement you suggest that make our general point |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
and proofs clearer.\medskip |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
We can also give one \underline{\bf new} datapoint: \citet{LammichTuerk12} took up the challenge and have formalised a library for NFAs and DFAs
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
in approximately 7000 of lines of Isabelle code---this just sets up the framework. For proving the correctness of |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
Hopcroft's algorithm they need an additional 7000 lines of Isabelle code. In contrast, our |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
paper describes a formalised proof of the most central property in regular language |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
theory taking only 1500(!) lines in Isabelle including all definitions and supporting |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
lemmas. However, the difficulties with formalising automata theory are \underline{\bf not} restricted
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
to Isabelle, as the Reviewers assert, and that you do not have to take |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
our word for it, we list below numbers and comments |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
made by researchers from \underline{\bf Coq}, \underline{\bf Isabelle} and \underline{\bf Nuprl}. We think similar comments would apply to
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
\underline{\bf Matita}, for example, and therefore our paper is written to be as much as possible
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
agnostic with respect to a single theorem prover. \medskip |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
56 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
We answer below the specific points the Reviewers raised. We also hope to surprise again |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
Referee No 3 |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
in that automata complementation is more tricky than it first might appear and |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
most textbooks would suggest.\bigskip |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
\newpage |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
64 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
65 |
\underline{\bf Reviewer 1}\medskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
\begin{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
\item additions with respect to ITP: section 4 gives now a more detailed proof; section 5 and 6 are |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
new; the introduction and conclusion are extended with more numbers and comments, which should prove |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
beyond doubt our general point that automata are difficult to reason about and regular expressions are |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
71 |
a better substitute |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
\item we did {\bf not} cite \citet{OwensReppyTuron09} for the comment that derivatives ``went lost in the sands of time''
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
but that they proved with numbers and an actual implementation that in the context of lexing, derivatives are |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
good enough in practice; we believe that this statement is still accurate and it is the only paper that we could |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
cite for this |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
\item we would be grateful to receive a concrete pointer to the literature: ``{\it The technique is folklore, and can be found in traditional textbooks (possibly passing through left linear
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
grammars)}'' |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
\end{itemize}\bigskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
\underline{\bf Reviewer 2}\medskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
\begin{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
\item we hope the Reviewer agrees with us that an actual deep analysis of the technical |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
details and a comparison with Coq/Sreflect would be a major distraction from the main |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
point that the paper wants to convey; |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
such an analysis would also be in violation with the editor's guidelines for ToCL |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
\end{itemize}\bigskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
\underline{\bf Reviewer 3}\medskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
We honestly enjoyed the comments by Reviewer 3 very much, since they pretty much |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
agreed with our view we helt before we started this work---automata theory is |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
more than 50 years old, surely nothing can be challenging there. We hope, however, the |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
following comments by independent Coq/Nuprl/Isabelle-researchers destroy this view: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
\begin{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
100 |
\item[] {\bf Numbers and comments from the literature that reasoning about automata is challenging in theorem provers
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
101 |
(our formalisation is 1500 loc):}\medskip |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
\item[{\bf Coq:}] \citet{Braibant12} formalises automata theory including
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
Myhill-Nerode: he writes that our formalisation based on |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
regular expressions ``{\it is more concise}'' than his; he also writes
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
there are no problems with standard textbook proofs, |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
except for the ``{\it {\bf intrinsic} difficulties of working with
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
rectangular matrices}'' in Coq ($>$10k loc) |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
109 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
110 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
111 |
\item [{\bf Coq:}] \citet{Filliatre97} formalised automata theory using matrices
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
112 |
leading only to Kleene's theorem, but not |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
113 |
Myhill-Nerode nor closure under complementation: he |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
114 |
writes his formalisation based on matrices is |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
``{\it rather big}'' ($>$4.5k loc)
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
116 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
117 |
\item[{\bf Coq:}] \citet{Almeidaetal10} verify Mirkin's partial derivatives
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
118 |
automata ($>$10k lines of code using matrices) |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
119 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
120 |
\item [{\bf Nuprl:}] \citet{Constable00} estimate their 4-member team needs
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
121 |
11 months with Nuprl for chapters 1 - 11 from Hopcroft |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
122 |
\& Ullman, which includes Myhill-Nerode ($>$100k lines |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
of code) |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
\item[{\bf Isabelle:}] \citet{LammichTuerk12} have in Isabelle formalised an automata
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
library (7k loc) and verified Hopcroft's algorithm |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
(additional 7k loc) |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
128 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
129 |
\item[{\bf Isabelle:}]
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
130 |
\citet{Nipkow98} formalises automata with functions but writes
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
131 |
``{\it proofs require a painful amount of detail}''
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
132 |
\end{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
These numbers and comments should |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
136 |
convincingly negate the premises of the following comments from the judgement |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
by Reviewer No 3: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
\begin{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
\item ``{\it all formalised mathematical results are well known and established
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
since more than fifty years''} ({\bf we do not contest this nor claim otherwise; we talk about
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
theorem prover proofs - there issues are interesting and we have not seen |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
any previous work that took our view of starting with a definition for regular expressions only}) |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
144 |
\item ``{\it the Myhill-Nerode theorem admits a 15-20 lines fairly detailed proof
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
145 |
(e.g., see the one given on wikipedia) ; being able to formalise it |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
146 |
is not a real challenge from my point of view.}'' {(\bf not true)}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
\item ``{\it the followed approach is highly specific to Isabelle/HOL: it is
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
driven by the postulate that it's hard to manipulate automata or |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
149 |
matrices.}'' ({\bf not true})
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
150 |
\item ``{\it despite what the authors claim, I'm certain that a mechanised proof
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
of this Theorem could be straightforward in other theorem provers, |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
using automata for the right-to-left direction and partial |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
derivatives for the left-to-right direction''} {\bf (not true)}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
\end{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
156 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
157 |
Reviewer 3 also raised the following criticisms in his judgement: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
158 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
159 |
\begin{itemize}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
160 |
\item ``{\it Moreover, the authors insist on the fact that they don't want to use
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
161 |
automata, while they actually just rephrase automata-based proofs, |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
162 |
without using the word `automaton'}'' |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
163 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
164 |
We did not deliberately avoid the word ``automaton'', but the {\bf definition} of what an automaton
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
is. As soon as we start with such a definition, be it in terms of functions, matrices or graphs, we would be in trouble |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
166 |
with formalised proofs as the loc-numbers above show in comparison to ours. |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
168 |
\item ``{\it All in all, the paper should be presented as `here is a way of doing
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
169 |
automata in HOL'. I'm sure this would make it much clearer and more |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
interesting, notably since doing automata is supposed to be difficult |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
171 |
in HOL.}'' |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
172 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
173 |
The fundamental difference is that it is easier in {\bf every} theorem prover to
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
174 |
reason about inductive datatypes in comparison with non-inductively defined structures |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
175 |
(graphs, functions, matrices). The specific problem the paper addresses is that |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
176 |
all textbook proofs of Myhill-Nerode start with a definition of automata leading |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
177 |
to cumbersome theorem prover proofs in {\bf all} theorem provers we are aware of.
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
178 |
\end{itemize}\bigskip
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
179 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
180 |
\subsection*{Complementation of Automata}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
181 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
182 |
Finally, we like to comment on the difficulty about complementation of automata, which |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
183 |
on {\bf paper} looks trivial and which highlights the differences between pencil-and-paper textbook
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
184 |
reasoning and formal proofs in a theorem prover: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
185 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
\begin{quote}\it
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
``if we take the definition `a language is regular if recognised by |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
188 |
a finite deterministic automaton (DFA)' then closure under |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
complementation is **trivial** (revert the accepting status of |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
states, that's it)'' |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
191 |
\end{quote}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
192 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
193 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
194 |
Given a representation of automata as graphs or |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
195 |
matrices, then the following |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
197 |
\begin{center}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
198 |
\begin{tikzpicture}[scale=3, line width=0.7mm]
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
199 |
\node[state, initial] (q0) at ( 0,1) {$q_0$};
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
200 |
\node[state, accepting] (q1) at ( 1,1) {$q_1$};
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
201 |
\path[->] (q0) edge node[above] {$a$} (q1)
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
202 |
(q1) edge [loop right] node {$b$} ()
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
203 |
; |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
204 |
\end{tikzpicture}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
\end{center}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
206 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
207 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
208 |
fits the definition as a graph or matrix of nodes. However interchanging the terminal and |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
209 |
non-terminal states gives the {\bf incorrect} result. What is needed is the
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
210 |
notion of a {\bf completed} automaton, such as
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
211 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
212 |
\begin{center}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
213 |
\begin{tikzpicture}[scale=3, line width=0.7mm]
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
214 |
\node[state, initial] (q0) at ( 0,1) {$q_0$};
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
215 |
\node[state, accepting] (q1) at ( 1,1) {$q_1$};
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
216 |
\node[state] (q3) at (0.5, 1.5) {$q_{sink}$};
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
217 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
218 |
\path[->] (q0) edge node[above] {$a$} (q1)
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
219 |
(q1) edge [loop right] node {$b$} ()
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
220 |
(q0) edge node[above] {$b$} (q3)
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
221 |
(q1) edge node[above] {$a$} (q3)
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
222 |
(q3) edge [loop above] node {$a, b$} ()
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
223 |
; |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
224 |
\end{tikzpicture}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
225 |
\end{center}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
226 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
227 |
\noindent |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
228 |
This additional restriction unfortunately percolates through formalised proofs. In the work by |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
229 |
\citet{LammichTuerk12}, for example, this completeness constrain is mentioned in 160 places
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
out of almost 600 lemmas. Since, their representation is based on graphs (sets of nodes and edges), the restriction |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
231 |
about finitely many nodes is mentioned in another 108 places. Similarly, badly fare the definitions |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
based on matrices in Coq: they need to formalise the shape of matrices and carry around |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
this baggage in their proofs and operations (which {\bf all} authors of formalised automata theory in
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
Coq point out as clunky). Also, attempting to imitate the textbook definition of a finite |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
235 |
function of type state $\times$ letter $\rightarrow$ state, which by the way has not been |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
236 |
used by anybody who formalised automata theory in Coq, does not solve the difficulties: since |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
237 |
no theorem prover has a finite-function type built in, the additional constraint about finite |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
238 |
domains need to be carried around, again making proofs clunky. |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
239 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
240 |
Regular expressions really solve all the problems mentioned above: they are inductive |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
241 |
datatypes in all theorem provers, they come with simple structural induction principles |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
242 |
for free and operations can be easily defined without any restrictions. The concrete question |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
243 |
the paper answers is whether regular expressions are enough to obtain the central result in |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
244 |
regular language theory side-stepping the definition of automata which, according to |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
245 |
all previous work, leads to cumbersome reasoning in all theorem provers. The answer we give is yes: |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
246 |
If you are in the business of verifying Hopcroft's algorithm there is no way around automata. |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
247 |
But for Myhill-Nerode there is, and the work involved is reduced by roughly a {\bf factor of 5}.
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
248 |
We have not found this answer in any of the textbooks or papers available to us. We are happy to |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
249 |
be proved otherwise. |
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
250 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
251 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
252 |
\bibliographystyle{apa}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
253 |
\bibliography{root}
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
254 |
|
|
01d223421ba0
slight changes
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
255 |
\end{document}
|