1279 |
1279 |
1280 \end{description} |
1280 \end{description} |
1281 \<close> |
1281 \<close> |
1282 |
1282 |
1283 |
1283 |
1284 section \<open>Quotient types\<close> |
1284 section \<open>Quotient types with lifting and transfer\<close> |
|
1285 |
|
1286 text \<open>The quotient package defines a new quotient type given a raw type and |
|
1287 a partial equivalence relation (\secref{sec:quotient-type}). The package |
|
1288 also historically includes automation for transporting definitions and |
|
1289 theorems (\secref{sec:old-quotient}), but most of this automation was |
|
1290 superseded by the Lifting (\secref{sec:lifting}) and Transfer |
|
1291 (\secref{sec:transfer}) packages.\<close> |
|
1292 |
|
1293 |
|
1294 subsection \<open>Quotient type definition \label{sec:quotient-type}\<close> |
1285 |
1295 |
1286 text \<open> |
1296 text \<open> |
1287 \begin{matharray}{rcl} |
1297 \begin{matharray}{rcl} |
1288 @{command_def (HOL) "quotient_type"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
1298 @{command_def (HOL) "quotient_type"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
|
1299 \end{matharray} |
|
1300 |
|
1301 @{rail \<open> |
|
1302 @@{command (HOL) quotient_type} @{syntax typespec} @{syntax mixfix}? '=' |
|
1303 quot_type \<newline> quot_morphisms? quot_parametric? |
|
1304 ; |
|
1305 quot_type: @{syntax type} '/' ('partial' ':')? @{syntax term} |
|
1306 ; |
|
1307 quot_morphisms: @'morphisms' @{syntax name} @{syntax name} |
|
1308 ; |
|
1309 quot_parametric: @'parametric' @{syntax thmref} |
|
1310 \<close>} |
|
1311 |
|
1312 \begin{description} |
|
1313 |
|
1314 \item @{command (HOL) "quotient_type"} defines a new quotient type @{text |
|
1315 \<tau>}. The injection from a quotient type to a raw type is called @{text |
|
1316 rep_\<tau>}, its inverse @{text abs_\<tau>} unless explicit @{keyword (HOL) |
|
1317 "morphisms"} specification provides alternative names. @{command (HOL) |
|
1318 "quotient_type"} requires the user to prove that the relation is an |
|
1319 equivalence relation (predicate @{text equivp}), unless the user specifies |
|
1320 explicitly @{text partial} in which case the obligation is @{text |
|
1321 part_equivp}. A quotient defined with @{text partial} is weaker in the |
|
1322 sense that less things can be proved automatically. |
|
1323 |
|
1324 The command internally proves a Quotient theorem and sets up the Lifting |
|
1325 package by the command @{command (HOL) setup_lifting}. Thus the Lifting |
|
1326 and Transfer packages can be used also with quotient types defined by |
|
1327 @{command (HOL) "quotient_type"} without any extra set-up. The |
|
1328 parametricity theorem for the equivalence relation R can be provided as an |
|
1329 extra argument of the command and is passed to the corresponding internal |
|
1330 call of @{command (HOL) setup_lifting}. This theorem allows the Lifting |
|
1331 package to generate a stronger transfer rule for equality. |
|
1332 |
|
1333 \end{description} |
|
1334 \<close> |
|
1335 |
|
1336 |
|
1337 subsection \<open>Lifting package \label{sec:lifting}\<close> |
|
1338 |
|
1339 text \<open> |
|
1340 The Lifting package allows users to lift terms of the raw type to the |
|
1341 abstract type, which is a necessary step in building a library for an |
|
1342 abstract type. Lifting defines a new constant by combining coercion |
|
1343 functions (@{term Abs} and @{term Rep}) with the raw term. It also proves |
|
1344 an appropriate transfer rule for the Transfer (\secref{sec:transfer}) |
|
1345 package and, if possible, an equation for the code generator. |
|
1346 |
|
1347 The Lifting package provides two main commands: @{command (HOL) |
|
1348 "setup_lifting"} for initializing the package to work with a new type, and |
|
1349 @{command (HOL) "lift_definition"} for lifting constants. The Lifting |
|
1350 package works with all four kinds of type abstraction: type copies, |
|
1351 subtypes, total quotients and partial quotients. |
|
1352 |
|
1353 Theoretical background can be found in @{cite |
|
1354 "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1355 |
|
1356 \begin{matharray}{rcl} |
|
1357 @{command_def (HOL) "setup_lifting"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1358 @{command_def (HOL) "lift_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
|
1359 @{command_def (HOL) "lifting_forget"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1360 @{command_def (HOL) "lifting_update"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1361 @{command_def (HOL) "print_quot_maps"} & : & @{text "context \<rightarrow>"}\\ |
|
1362 @{command_def (HOL) "print_quotients"} & : & @{text "context \<rightarrow>"}\\ |
|
1363 @{attribute_def (HOL) "quot_map"} & : & @{text attribute} \\ |
|
1364 @{attribute_def (HOL) "relator_eq_onp"} & : & @{text attribute} \\ |
|
1365 @{attribute_def (HOL) "relator_mono"} & : & @{text attribute} \\ |
|
1366 @{attribute_def (HOL) "relator_distr"} & : & @{text attribute} \\ |
|
1367 @{attribute_def (HOL) "quot_del"} & : & @{text attribute} \\ |
|
1368 @{attribute_def (HOL) "lifting_restore"} & : & @{text attribute} \\ |
|
1369 \end{matharray} |
|
1370 |
|
1371 @{rail \<open> |
|
1372 @@{command (HOL) setup_lifting} @{syntax thmref} @{syntax thmref}? \<newline> |
|
1373 (@'parametric' @{syntax thmref})? |
|
1374 ; |
|
1375 @@{command (HOL) lift_definition} ('(' 'code_dt' ')')? \<newline> |
|
1376 @{syntax name} '::' @{syntax type} @{syntax mixfix}? 'is' @{syntax term} \<newline> |
|
1377 (@'parametric' (@{syntax thmref}+))? |
|
1378 ; |
|
1379 @@{command (HOL) lifting_forget} @{syntax nameref} |
|
1380 ; |
|
1381 @@{command (HOL) lifting_update} @{syntax nameref} |
|
1382 ; |
|
1383 @@{attribute (HOL) lifting_restore} |
|
1384 @{syntax thmref} (@{syntax thmref} @{syntax thmref})? |
|
1385 \<close>} |
|
1386 |
|
1387 \begin{description} |
|
1388 |
|
1389 \item @{command (HOL) "setup_lifting"} Sets up the Lifting package to work |
|
1390 with a user-defined type. The command supports two modes. The first one is |
|
1391 a low-level mode when the user must provide as a first argument of |
|
1392 @{command (HOL) "setup_lifting"} a quotient theorem @{term "Quotient R Abs |
|
1393 Rep T"}. The package configures a transfer rule for equality, a domain |
|
1394 transfer rules and sets up the @{command_def (HOL) "lift_definition"} |
|
1395 command to work with the abstract type. An optional theorem @{term "reflp |
|
1396 R"}, which certifies that the equivalence relation R is total, can be |
|
1397 provided as a second argument. This allows the package to generate |
|
1398 stronger transfer rules. And finally, the parametricity theorem for @{term |
|
1399 R} can be provided as a third argument. This allows the package to |
|
1400 generate a stronger transfer rule for equality. |
|
1401 |
|
1402 Users generally will not prove the @{text Quotient} theorem manually for |
|
1403 new types, as special commands exist to automate the process. |
|
1404 |
|
1405 \medskip When a new subtype is defined by @{command (HOL) typedef}, |
|
1406 @{command (HOL) "lift_definition"} can be used in its second mode, where |
|
1407 only the @{term type_definition} theorem @{term "type_definition Rep Abs |
|
1408 A"} is used as an argument of the command. The command internally proves |
|
1409 the corresponding @{term Quotient} theorem and registers it with @{command |
|
1410 (HOL) setup_lifting} using its first mode. |
|
1411 |
|
1412 For quotients, the command @{command (HOL) quotient_type} can be used. The |
|
1413 command defines a new quotient type and similarly to the previous case, |
|
1414 the corresponding Quotient theorem is proved and registered by @{command |
|
1415 (HOL) setup_lifting}. |
|
1416 |
|
1417 \medskip The command @{command (HOL) "setup_lifting"} also sets up the |
|
1418 code generator for the new type. Later on, when a new constant is defined |
|
1419 by @{command (HOL) "lift_definition"}, the Lifting package proves and |
|
1420 registers a code equation (if there is one) for the new constant. |
|
1421 |
|
1422 \item @{command (HOL) "lift_definition"} @{text "f :: \<tau>"} @{keyword (HOL) |
|
1423 "is"} @{text t} Defines a new function @{text f} with an abstract type |
|
1424 @{text \<tau>} in terms of a corresponding operation @{text t} on a |
|
1425 representation type. More formally, if @{text "t :: \<sigma>"}, then the command |
|
1426 builds a term @{text "F"} as a corresponding combination of abstraction |
|
1427 and representation functions such that @{text "F :: \<sigma> \<Rightarrow> \<tau>" } and defines |
|
1428 @{text "f \<equiv> F t"}. The term @{text t} does not have to be necessarily a |
|
1429 constant but it can be any term. |
|
1430 |
|
1431 The command opens a proof and the user must discharge a respectfulness |
|
1432 proof obligation. For a type copy, i.e.\ a typedef with @{text UNIV}, the |
|
1433 obligation is discharged automatically. The proof goal is presented in a |
|
1434 user-friendly, readable form. A respectfulness theorem in the standard |
|
1435 format @{text f.rsp} and a transfer rule @{text f.transfer} for the |
|
1436 Transfer package are generated by the package. |
|
1437 |
|
1438 The user can specify a parametricity theorems for @{text t} after the |
|
1439 keyword @{keyword "parametric"}, which allows the command to generate |
|
1440 parametric transfer rules for @{text f}. |
|
1441 |
|
1442 For each constant defined through trivial quotients (type copies or |
|
1443 subtypes) @{text f.rep_eq} is generated. The equation is a code |
|
1444 certificate that defines @{text f} using the representation function. |
|
1445 |
|
1446 For each constant @{text f.abs_eq} is generated. The equation is |
|
1447 unconditional for total quotients. The equation defines @{text f} using |
|
1448 the abstraction function. |
|
1449 |
|
1450 \medskip Integration with [@{attribute code} abstract]: For subtypes |
|
1451 (e.g.\ corresponding to a datatype invariant, such as @{typ "'a dlist"}), |
|
1452 @{command (HOL) "lift_definition"} uses a code certificate theorem @{text |
|
1453 f.rep_eq} as a code equation. Because of the limitation of the code |
|
1454 generator, @{text f.rep_eq} cannot be used as a code equation if the |
|
1455 subtype occurs inside the result type rather than at the top level (e.g.\ |
|
1456 function returning @{typ "'a dlist option"} vs. @{typ "'a dlist"}). |
|
1457 |
|
1458 In this case, an extension of @{command (HOL) "lift_definition"} can be |
|
1459 invoked by specifying the flag @{text "code_dt"}. This extension enables |
|
1460 code execution through series of internal type and lifting definitions if |
|
1461 the return type @{text "\<tau>"} meets the following inductive conditions: |
|
1462 |
|
1463 \begin{description} |
|
1464 |
|
1465 \item @{text "\<tau>"} is a type variable \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, |
|
1466 where @{text "\<kappa>"} is an abstract type constructor and @{text "\<tau>\<^sub>1 \<dots> \<tau>\<^sub>n"} |
|
1467 do not contain abstract types (i.e.\ @{typ "int dlist"} is allowed whereas |
|
1468 @{typ "int dlist dlist"} not) |
|
1469 |
|
1470 \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, @{text "\<kappa>"} is a type constructor that |
|
1471 was defined as a (co)datatype whose constructor argument types do not |
|
1472 contain either non-free datatypes or the function type. |
|
1473 |
|
1474 \end{description} |
|
1475 |
|
1476 Integration with [@{attribute code} equation]: For total quotients, |
|
1477 @{command (HOL) "lift_definition"} uses @{text f.abs_eq} as a code |
|
1478 equation. |
|
1479 |
|
1480 \item @{command (HOL) lifting_forget} and @{command (HOL) lifting_update} |
|
1481 These two commands serve for storing and deleting the set-up of the |
|
1482 Lifting package and corresponding transfer rules defined by this package. |
|
1483 This is useful for hiding of type construction details of an abstract type |
|
1484 when the construction is finished but it still allows additions to this |
|
1485 construction when this is later necessary. |
|
1486 |
|
1487 Whenever the Lifting package is set up with a new abstract type @{text |
|
1488 "\<tau>"} by @{command_def (HOL) "lift_definition"}, the package defines a new |
|
1489 bundle that is called @{text "\<tau>.lifting"}. This bundle already includes |
|
1490 set-up for the Lifting package. The new transfer rules introduced by |
|
1491 @{command (HOL) "lift_definition"} can be stored in the bundle by the |
|
1492 command @{command (HOL) "lifting_update"} @{text "\<tau>.lifting"}. |
|
1493 |
|
1494 The command @{command (HOL) "lifting_forget"} @{text "\<tau>.lifting"} deletes |
|
1495 set-up of the Lifting package for @{text \<tau>} and deletes all the transfer |
|
1496 rules that were introduced by @{command (HOL) "lift_definition"} using |
|
1497 @{text \<tau>} as an abstract type. |
|
1498 |
|
1499 The stored set-up in a bundle can be reintroduced by the Isar commands for |
|
1500 including a bundle (@{command "include"}, @{keyword "includes"} and |
|
1501 @{command "including"}). |
|
1502 |
|
1503 \item @{command (HOL) "print_quot_maps"} prints stored quotient map |
|
1504 theorems. |
|
1505 |
|
1506 \item @{command (HOL) "print_quotients"} prints stored quotient theorems. |
|
1507 |
|
1508 \item @{attribute (HOL) quot_map} registers a quotient map theorem, a |
|
1509 theorem showing how to "lift" quotients over type constructors. E.g.\ |
|
1510 @{term "Quotient R Abs Rep T \<Longrightarrow> Quotient (rel_set R) (image Abs) (image |
|
1511 Rep) (rel_set T)"}. For examples see @{file "~~/src/HOL/Lifting_Set.thy"} |
|
1512 or @{file "~~/src/HOL/Lifting.thy"}. This property is proved automatically |
|
1513 if the involved type is BNF without dead variables. |
|
1514 |
|
1515 \item @{attribute (HOL) relator_eq_onp} registers a theorem that shows |
|
1516 that a relator applied to an equality restricted by a predicate @{term P} |
|
1517 (i.e.\ @{term "eq_onp P"}) is equal to a predicator applied to the @{term |
|
1518 P}. The combinator @{const eq_onp} is used for internal encoding of proper |
|
1519 subtypes. Such theorems allows the package to hide @{text eq_onp} from a |
|
1520 user in a user-readable form of a respectfulness theorem. For examples see |
|
1521 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1522 This property is proved automatically if the involved type is BNF without |
|
1523 dead variables. |
|
1524 |
|
1525 \item @{attribute (HOL) "relator_mono"} registers a property describing a |
|
1526 monotonicity of a relator. E.g.\ @{prop "A \<le> B \<Longrightarrow> rel_set A \<le> rel_set B"}. |
|
1527 This property is needed for proving a stronger transfer rule in |
|
1528 @{command_def (HOL) "lift_definition"} when a parametricity theorem for |
|
1529 the raw term is specified and also for the reflexivity prover. For |
|
1530 examples see @{file "~~/src/HOL/Lifting_Set.thy"} or @{file |
|
1531 "~~/src/HOL/Lifting.thy"}. This property is proved automatically if the |
|
1532 involved type is BNF without dead variables. |
|
1533 |
|
1534 \item @{attribute (HOL) "relator_distr"} registers a property describing a |
|
1535 distributivity of the relation composition and a relator. E.g.\ @{text |
|
1536 "rel_set R \<circ>\<circ> rel_set S = rel_set (R \<circ>\<circ> S)"}. This property is needed for |
|
1537 proving a stronger transfer rule in @{command_def (HOL) "lift_definition"} |
|
1538 when a parametricity theorem for the raw term is specified. When this |
|
1539 equality does not hold unconditionally (e.g.\ for the function type), the |
|
1540 user can specified each direction separately and also register multiple |
|
1541 theorems with different set of assumptions. This attribute can be used |
|
1542 only after the monotonicity property was already registered by @{attribute |
|
1543 (HOL) "relator_mono"}. For examples see @{file |
|
1544 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
|
1545 property is proved automatically if the involved type is BNF without dead |
|
1546 variables. |
|
1547 |
|
1548 \item @{attribute (HOL) quot_del} deletes a corresponding Quotient theorem |
|
1549 from the Lifting infrastructure and thus de-register the corresponding |
|
1550 quotient. This effectively causes that @{command (HOL) lift_definition} |
|
1551 will not do any lifting for the corresponding type. This attribute is |
|
1552 rather used for low-level manipulation with set-up of the Lifting package |
|
1553 because @{command (HOL) lifting_forget} is preferred for normal usage. |
|
1554 |
|
1555 \item @{attribute (HOL) lifting_restore} @{text "Quotient_thm pcr_def |
|
1556 pcr_cr_eq_thm"} registers the Quotient theorem @{text Quotient_thm} in the |
|
1557 Lifting infrastructure and thus sets up lifting for an abstract type |
|
1558 @{text \<tau>} (that is defined by @{text Quotient_thm}). Optional theorems |
|
1559 @{text pcr_def} and @{text pcr_cr_eq_thm} can be specified to register the |
|
1560 parametrized correspondence relation for @{text \<tau>}. E.g.\ for @{typ "'a |
|
1561 dlist"}, @{text pcr_def} is @{text "pcr_dlist A \<equiv> list_all2 A \<circ>\<circ> |
|
1562 cr_dlist"} and @{text pcr_cr_eq_thm} is @{text "pcr_dlist op= = op="}. |
|
1563 This attribute is rather used for low-level manipulation with set-up of |
|
1564 the Lifting package because using of the bundle @{text \<tau>.lifting} together |
|
1565 with the commands @{command (HOL) lifting_forget} and @{command (HOL) |
|
1566 lifting_update} is preferred for normal usage. |
|
1567 |
|
1568 \item Integration with the BNF package @{cite "isabelle-datatypes"}: As |
|
1569 already mentioned, the theorems that are registered by the following |
|
1570 attributes are proved and registered automatically if the involved type is |
|
1571 BNF without dead variables: @{attribute (HOL) quot_map}, @{attribute (HOL) |
|
1572 relator_eq_onp}, @{attribute (HOL) "relator_mono"}, @{attribute (HOL) |
|
1573 "relator_distr"}. Also the definition of a relator and predicator is |
|
1574 provided automatically. Moreover, if the BNF represents a datatype, |
|
1575 simplification rules for a predicator are again proved automatically. |
|
1576 |
|
1577 \end{description} |
|
1578 \<close> |
|
1579 |
|
1580 |
|
1581 subsection \<open>Transfer package \label{sec:transfer}\<close> |
|
1582 |
|
1583 text \<open> |
|
1584 \begin{matharray}{rcl} |
|
1585 @{method_def (HOL) "transfer"} & : & @{text method} \\ |
|
1586 @{method_def (HOL) "transfer'"} & : & @{text method} \\ |
|
1587 @{method_def (HOL) "transfer_prover"} & : & @{text method} \\ |
|
1588 @{attribute_def (HOL) "Transfer.transferred"} & : & @{text attribute} \\ |
|
1589 @{attribute_def (HOL) "untransferred"} & : & @{text attribute} \\ |
|
1590 @{attribute_def (HOL) "transfer_rule"} & : & @{text attribute} \\ |
|
1591 @{attribute_def (HOL) "transfer_domain_rule"} & : & @{text attribute} \\ |
|
1592 @{attribute_def (HOL) "relator_eq"} & : & @{text attribute} \\ |
|
1593 @{attribute_def (HOL) "relator_domain"} & : & @{text attribute} \\ |
|
1594 \end{matharray} |
|
1595 |
|
1596 \begin{description} |
|
1597 |
|
1598 \item @{method (HOL) "transfer"} method replaces the current subgoal with |
|
1599 a logically equivalent one that uses different types and constants. The |
|
1600 replacement of types and constants is guided by the database of transfer |
|
1601 rules. Goals are generalized over all free variables by default; this is |
|
1602 necessary for variables whose types change, but can be overridden for |
|
1603 specific variables with e.g. @{text "transfer fixing: x y z"}. |
|
1604 |
|
1605 \item @{method (HOL) "transfer'"} is a variant of @{method (HOL) transfer} |
|
1606 that allows replacing a subgoal with one that is logically stronger |
|
1607 (rather than equivalent). For example, a subgoal involving equality on a |
|
1608 quotient type could be replaced with a subgoal involving equality (instead |
|
1609 of the corresponding equivalence relation) on the underlying raw type. |
|
1610 |
|
1611 \item @{method (HOL) "transfer_prover"} method assists with proving a |
|
1612 transfer rule for a new constant, provided the constant is defined in |
|
1613 terms of other constants that already have transfer rules. It should be |
|
1614 applied after unfolding the constant definitions. |
|
1615 |
|
1616 \item @{attribute (HOL) "untransferred"} proves the same equivalent |
|
1617 theorem as @{method (HOL) "transfer"} internally does. |
|
1618 |
|
1619 \item @{attribute (HOL) Transfer.transferred} works in the opposite |
|
1620 direction than @{method (HOL) "transfer'"}. E.g.\ given the transfer |
|
1621 relation @{text "ZN x n \<equiv> (x = int n)"}, corresponding transfer rules and |
|
1622 the theorem @{text "\<forall>x::int \<in> {0..}. x < x + 1"}, the attribute would |
|
1623 prove @{text "\<forall>n::nat. n < n + 1"}. The attribute is still in experimental |
|
1624 phase of development. |
|
1625 |
|
1626 \item @{attribute (HOL) "transfer_rule"} attribute maintains a collection |
|
1627 of transfer rules, which relate constants at two different types. Typical |
|
1628 transfer rules may relate different type instances of the same polymorphic |
|
1629 constant, or they may relate an operation on a raw type to a corresponding |
|
1630 operation on an abstract type (quotient or subtype). For example: |
|
1631 |
|
1632 @{text "((A ===> B) ===> list_all2 A ===> list_all2 B) map map"} \\ |
|
1633 @{text "(cr_int ===> cr_int ===> cr_int) (\<lambda>(x,y) (u,v). (x+u, y+v)) plus"} |
|
1634 |
|
1635 Lemmas involving predicates on relations can also be registered using the |
|
1636 same attribute. For example: |
|
1637 |
|
1638 @{text "bi_unique A \<Longrightarrow> (list_all2 A ===> op =) distinct distinct"} \\ |
|
1639 @{text "\<lbrakk>bi_unique A; bi_unique B\<rbrakk> \<Longrightarrow> bi_unique (rel_prod A B)"} |
|
1640 |
|
1641 Preservation of predicates on relations (@{text "bi_unique, bi_total, |
|
1642 right_unique, right_total, left_unique, left_total"}) with the respect to |
|
1643 a relator is proved automatically if the involved type is BNF @{cite |
|
1644 "isabelle-datatypes"} without dead variables. |
|
1645 |
|
1646 \item @{attribute (HOL) "transfer_domain_rule"} attribute maintains a |
|
1647 collection of rules, which specify a domain of a transfer relation by a |
|
1648 predicate. E.g.\ given the transfer relation @{text "ZN x n \<equiv> (x = int |
|
1649 n)"}, one can register the following transfer domain rule: @{text "Domainp |
|
1650 ZN = (\<lambda>x. x \<ge> 0)"}. The rules allow the package to produce more readable |
|
1651 transferred goals, e.g.\ when quantifiers are transferred. |
|
1652 |
|
1653 \item @{attribute (HOL) relator_eq} attribute collects identity laws for |
|
1654 relators of various type constructors, e.g. @{term "rel_set (op =) = (op |
|
1655 =)"}. The @{method (HOL) transfer} method uses these lemmas to infer |
|
1656 transfer rules for non-polymorphic constants on the fly. For examples see |
|
1657 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1658 This property is proved automatically if the involved type is BNF without |
|
1659 dead variables. |
|
1660 |
|
1661 \item @{attribute_def (HOL) "relator_domain"} attribute collects rules |
|
1662 describing domains of relators by predicators. E.g.\ @{term "Domainp |
|
1663 (rel_set T) = (\<lambda>A. Ball A (Domainp T))"}. This allows the package to lift |
|
1664 transfer domain rules through type constructors. For examples see @{file |
|
1665 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
|
1666 property is proved automatically if the involved type is BNF without dead |
|
1667 variables. |
|
1668 |
|
1669 \end{description} |
|
1670 |
|
1671 Theoretical background can be found in @{cite |
|
1672 "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1673 \<close> |
|
1674 |
|
1675 |
|
1676 subsection \<open>Old-style definitions for quotient types \label{sec:old-quotient}\<close> |
|
1677 |
|
1678 text \<open> |
|
1679 \begin{matharray}{rcl} |
1289 @{command_def (HOL) "quotient_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
1680 @{command_def (HOL) "quotient_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
1290 @{command_def (HOL) "print_quotmapsQ3"} & : & @{text "context \<rightarrow>"}\\ |
1681 @{command_def (HOL) "print_quotmapsQ3"} & : & @{text "context \<rightarrow>"}\\ |
1291 @{command_def (HOL) "print_quotientsQ3"} & : & @{text "context \<rightarrow>"}\\ |
1682 @{command_def (HOL) "print_quotientsQ3"} & : & @{text "context \<rightarrow>"}\\ |
1292 @{command_def (HOL) "print_quotconsts"} & : & @{text "context \<rightarrow>"}\\ |
1683 @{command_def (HOL) "print_quotconsts"} & : & @{text "context \<rightarrow>"}\\ |
1293 @{method_def (HOL) "lifting"} & : & @{text method} \\ |
1684 @{method_def (HOL) "lifting"} & : & @{text method} \\ |
1424 \end{description} |
1773 \end{description} |
1425 \<close> |
1774 \<close> |
1426 |
1775 |
1427 |
1776 |
1428 chapter \<open>Proof tools\<close> |
1777 chapter \<open>Proof tools\<close> |
1429 |
|
1430 section \<open>Lifting package \label{sec:lifting}\<close> |
|
1431 |
|
1432 text \<open> |
|
1433 \begin{matharray}{rcl} |
|
1434 @{command_def (HOL) "setup_lifting"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1435 @{command_def (HOL) "lift_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
|
1436 @{command_def (HOL) "lifting_forget"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1437 @{command_def (HOL) "lifting_update"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
|
1438 @{command_def (HOL) "print_quot_maps"} & : & @{text "context \<rightarrow>"}\\ |
|
1439 @{command_def (HOL) "print_quotients"} & : & @{text "context \<rightarrow>"}\\ |
|
1440 @{attribute_def (HOL) "quot_map"} & : & @{text attribute} \\ |
|
1441 @{attribute_def (HOL) "relator_eq_onp"} & : & @{text attribute} \\ |
|
1442 @{attribute_def (HOL) "relator_mono"} & : & @{text attribute} \\ |
|
1443 @{attribute_def (HOL) "relator_distr"} & : & @{text attribute} \\ |
|
1444 @{attribute_def (HOL) "quot_del"} & : & @{text attribute} \\ |
|
1445 @{attribute_def (HOL) "lifting_restore"} & : & @{text attribute} \\ |
|
1446 \end{matharray} |
|
1447 |
|
1448 The Lifting package allows users to lift terms of the raw type to the |
|
1449 abstract type, which is a necessary step in building a library for an |
|
1450 abstract type. Lifting defines a new constant by combining coercion |
|
1451 functions (@{term Abs} and @{term Rep}) with the raw term. It also proves |
|
1452 an appropriate transfer rule for the Transfer (\secref{sec:transfer}) |
|
1453 package and, if possible, an equation for the code generator. |
|
1454 |
|
1455 The Lifting package provides two main commands: @{command (HOL) |
|
1456 "setup_lifting"} for initializing the package to work with a new type, and |
|
1457 @{command (HOL) "lift_definition"} for lifting constants. The Lifting |
|
1458 package works with all four kinds of type abstraction: type copies, |
|
1459 subtypes, total quotients and partial quotients. |
|
1460 |
|
1461 Theoretical background can be found in @{cite |
|
1462 "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1463 |
|
1464 @{rail \<open> |
|
1465 @@{command (HOL) setup_lifting} @{syntax thmref} @{syntax thmref}? \<newline> |
|
1466 (@'parametric' @{syntax thmref})? |
|
1467 ; |
|
1468 @@{command (HOL) lift_definition} ('(' 'code_dt' ')')? \<newline> |
|
1469 @{syntax name} '::' @{syntax type} @{syntax mixfix}? 'is' @{syntax term} \<newline> |
|
1470 (@'parametric' (@{syntax thmref}+))? |
|
1471 ; |
|
1472 @@{command (HOL) lifting_forget} @{syntax nameref} |
|
1473 ; |
|
1474 @@{command (HOL) lifting_update} @{syntax nameref} |
|
1475 ; |
|
1476 @@{attribute (HOL) lifting_restore} |
|
1477 @{syntax thmref} (@{syntax thmref} @{syntax thmref})? |
|
1478 \<close>} |
|
1479 |
|
1480 \begin{description} |
|
1481 |
|
1482 \item @{command (HOL) "setup_lifting"} Sets up the Lifting package to work |
|
1483 with a user-defined type. The command supports two modes. The first one is |
|
1484 a low-level mode when the user must provide as a first argument of |
|
1485 @{command (HOL) "setup_lifting"} a quotient theorem @{term "Quotient R Abs |
|
1486 Rep T"}. The package configures a transfer rule for equality, a domain |
|
1487 transfer rules and sets up the @{command_def (HOL) "lift_definition"} |
|
1488 command to work with the abstract type. An optional theorem @{term "reflp |
|
1489 R"}, which certifies that the equivalence relation R is total, can be |
|
1490 provided as a second argument. This allows the package to generate |
|
1491 stronger transfer rules. And finally, the parametricity theorem for @{term |
|
1492 R} can be provided as a third argument. This allows the package to |
|
1493 generate a stronger transfer rule for equality. |
|
1494 |
|
1495 Users generally will not prove the @{text Quotient} theorem manually for |
|
1496 new types, as special commands exist to automate the process. |
|
1497 |
|
1498 \medskip When a new subtype is defined by @{command (HOL) typedef}, |
|
1499 @{command (HOL) "lift_definition"} can be used in its second mode, where |
|
1500 only the @{term type_definition} theorem @{term "type_definition Rep Abs |
|
1501 A"} is used as an argument of the command. The command internally proves |
|
1502 the corresponding @{term Quotient} theorem and registers it with @{command |
|
1503 (HOL) setup_lifting} using its first mode. |
|
1504 |
|
1505 For quotients, the command @{command (HOL) quotient_type} can be used. The |
|
1506 command defines a new quotient type and similarly to the previous case, |
|
1507 the corresponding Quotient theorem is proved and registered by @{command |
|
1508 (HOL) setup_lifting}. |
|
1509 |
|
1510 \medskip The command @{command (HOL) "setup_lifting"} also sets up the |
|
1511 code generator for the new type. Later on, when a new constant is defined |
|
1512 by @{command (HOL) "lift_definition"}, the Lifting package proves and |
|
1513 registers a code equation (if there is one) for the new constant. |
|
1514 |
|
1515 \item @{command (HOL) "lift_definition"} @{text "f :: \<tau>"} @{keyword (HOL) |
|
1516 "is"} @{text t} Defines a new function @{text f} with an abstract type |
|
1517 @{text \<tau>} in terms of a corresponding operation @{text t} on a |
|
1518 representation type. More formally, if @{text "t :: \<sigma>"}, then the command |
|
1519 builds a term @{text "F"} as a corresponding combination of abstraction |
|
1520 and representation functions such that @{text "F :: \<sigma> \<Rightarrow> \<tau>" } and defines |
|
1521 @{text "f \<equiv> F t"}. The term @{text t} does not have to be necessarily a |
|
1522 constant but it can be any term. |
|
1523 |
|
1524 The command opens a proof and the user must discharge a respectfulness |
|
1525 proof obligation. For a type copy, i.e.\ a typedef with @{text UNIV}, the |
|
1526 obligation is discharged automatically. The proof goal is presented in a |
|
1527 user-friendly, readable form. A respectfulness theorem in the standard |
|
1528 format @{text f.rsp} and a transfer rule @{text f.transfer} for the |
|
1529 Transfer package are generated by the package. |
|
1530 |
|
1531 The user can specify a parametricity theorems for @{text t} after the |
|
1532 keyword @{keyword "parametric"}, which allows the command to generate |
|
1533 parametric transfer rules for @{text f}. |
|
1534 |
|
1535 For each constant defined through trivial quotients (type copies or |
|
1536 subtypes) @{text f.rep_eq} is generated. The equation is a code |
|
1537 certificate that defines @{text f} using the representation function. |
|
1538 |
|
1539 For each constant @{text f.abs_eq} is generated. The equation is |
|
1540 unconditional for total quotients. The equation defines @{text f} using |
|
1541 the abstraction function. |
|
1542 |
|
1543 \medskip Integration with [@{attribute code} abstract]: For subtypes |
|
1544 (e.g.\ corresponding to a datatype invariant, such as @{typ "'a dlist"}), |
|
1545 @{command (HOL) "lift_definition"} uses a code certificate theorem @{text |
|
1546 f.rep_eq} as a code equation. Because of the limitation of the code |
|
1547 generator, @{text f.rep_eq} cannot be used as a code equation if the |
|
1548 subtype occurs inside the result type rather than at the top level (e.g.\ |
|
1549 function returning @{typ "'a dlist option"} vs. @{typ "'a dlist"}). |
|
1550 |
|
1551 In this case, an extension of @{command (HOL) "lift_definition"} can be |
|
1552 invoked by specifying the flag @{text "code_dt"}. This extension enables |
|
1553 code execution through series of internal type and lifting definitions if |
|
1554 the return type @{text "\<tau>"} meets the following inductive conditions: |
|
1555 |
|
1556 \begin{description} |
|
1557 |
|
1558 \item @{text "\<tau>"} is a type variable \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, |
|
1559 where @{text "\<kappa>"} is an abstract type constructor and @{text "\<tau>\<^sub>1 \<dots> \<tau>\<^sub>n"} |
|
1560 do not contain abstract types (i.e.\ @{typ "int dlist"} is allowed whereas |
|
1561 @{typ "int dlist dlist"} not) |
|
1562 |
|
1563 \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, @{text "\<kappa>"} is a type constructor that |
|
1564 was defined as a (co)datatype whose constructor argument types do not |
|
1565 contain either non-free datatypes or the function type. |
|
1566 |
|
1567 \end{description} |
|
1568 |
|
1569 Integration with [@{attribute code} equation]: For total quotients, |
|
1570 @{command (HOL) "lift_definition"} uses @{text f.abs_eq} as a code |
|
1571 equation. |
|
1572 |
|
1573 \item @{command (HOL) lifting_forget} and @{command (HOL) lifting_update} |
|
1574 These two commands serve for storing and deleting the set-up of the |
|
1575 Lifting package and corresponding transfer rules defined by this package. |
|
1576 This is useful for hiding of type construction details of an abstract type |
|
1577 when the construction is finished but it still allows additions to this |
|
1578 construction when this is later necessary. |
|
1579 |
|
1580 Whenever the Lifting package is set up with a new abstract type @{text |
|
1581 "\<tau>"} by @{command_def (HOL) "lift_definition"}, the package defines a new |
|
1582 bundle that is called @{text "\<tau>.lifting"}. This bundle already includes |
|
1583 set-up for the Lifting package. The new transfer rules introduced by |
|
1584 @{command (HOL) "lift_definition"} can be stored in the bundle by the |
|
1585 command @{command (HOL) "lifting_update"} @{text "\<tau>.lifting"}. |
|
1586 |
|
1587 The command @{command (HOL) "lifting_forget"} @{text "\<tau>.lifting"} deletes |
|
1588 set-up of the Lifting package for @{text \<tau>} and deletes all the transfer |
|
1589 rules that were introduced by @{command (HOL) "lift_definition"} using |
|
1590 @{text \<tau>} as an abstract type. |
|
1591 |
|
1592 The stored set-up in a bundle can be reintroduced by the Isar commands for |
|
1593 including a bundle (@{command "include"}, @{keyword "includes"} and |
|
1594 @{command "including"}). |
|
1595 |
|
1596 \item @{command (HOL) "print_quot_maps"} prints stored quotient map |
|
1597 theorems. |
|
1598 |
|
1599 \item @{command (HOL) "print_quotients"} prints stored quotient theorems. |
|
1600 |
|
1601 \item @{attribute (HOL) quot_map} registers a quotient map theorem, a |
|
1602 theorem showing how to "lift" quotients over type constructors. E.g.\ |
|
1603 @{term "Quotient R Abs Rep T \<Longrightarrow> Quotient (rel_set R) (image Abs) (image |
|
1604 Rep) (rel_set T)"}. For examples see @{file "~~/src/HOL/Lifting_Set.thy"} |
|
1605 or @{file "~~/src/HOL/Lifting.thy"}. This property is proved automatically |
|
1606 if the involved type is BNF without dead variables. |
|
1607 |
|
1608 \item @{attribute (HOL) relator_eq_onp} registers a theorem that shows |
|
1609 that a relator applied to an equality restricted by a predicate @{term P} |
|
1610 (i.e.\ @{term "eq_onp P"}) is equal to a predicator applied to the @{term |
|
1611 P}. The combinator @{const eq_onp} is used for internal encoding of proper |
|
1612 subtypes. Such theorems allows the package to hide @{text eq_onp} from a |
|
1613 user in a user-readable form of a respectfulness theorem. For examples see |
|
1614 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1615 This property is proved automatically if the involved type is BNF without |
|
1616 dead variables. |
|
1617 |
|
1618 \item @{attribute (HOL) "relator_mono"} registers a property describing a |
|
1619 monotonicity of a relator. E.g.\ @{prop "A \<le> B \<Longrightarrow> rel_set A \<le> rel_set B"}. |
|
1620 This property is needed for proving a stronger transfer rule in |
|
1621 @{command_def (HOL) "lift_definition"} when a parametricity theorem for |
|
1622 the raw term is specified and also for the reflexivity prover. For |
|
1623 examples see @{file "~~/src/HOL/Lifting_Set.thy"} or @{file |
|
1624 "~~/src/HOL/Lifting.thy"}. This property is proved automatically if the |
|
1625 involved type is BNF without dead variables. |
|
1626 |
|
1627 \item @{attribute (HOL) "relator_distr"} registers a property describing a |
|
1628 distributivity of the relation composition and a relator. E.g.\ @{text |
|
1629 "rel_set R \<circ>\<circ> rel_set S = rel_set (R \<circ>\<circ> S)"}. This property is needed for |
|
1630 proving a stronger transfer rule in @{command_def (HOL) "lift_definition"} |
|
1631 when a parametricity theorem for the raw term is specified. When this |
|
1632 equality does not hold unconditionally (e.g.\ for the function type), the |
|
1633 user can specified each direction separately and also register multiple |
|
1634 theorems with different set of assumptions. This attribute can be used |
|
1635 only after the monotonicity property was already registered by @{attribute |
|
1636 (HOL) "relator_mono"}. For examples see @{file |
|
1637 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
|
1638 property is proved automatically if the involved type is BNF without dead |
|
1639 variables. |
|
1640 |
|
1641 \item @{attribute (HOL) quot_del} deletes a corresponding Quotient theorem |
|
1642 from the Lifting infrastructure and thus de-register the corresponding |
|
1643 quotient. This effectively causes that @{command (HOL) lift_definition} |
|
1644 will not do any lifting for the corresponding type. This attribute is |
|
1645 rather used for low-level manipulation with set-up of the Lifting package |
|
1646 because @{command (HOL) lifting_forget} is preferred for normal usage. |
|
1647 |
|
1648 \item @{attribute (HOL) lifting_restore} @{text "Quotient_thm pcr_def |
|
1649 pcr_cr_eq_thm"} registers the Quotient theorem @{text Quotient_thm} in the |
|
1650 Lifting infrastructure and thus sets up lifting for an abstract type |
|
1651 @{text \<tau>} (that is defined by @{text Quotient_thm}). Optional theorems |
|
1652 @{text pcr_def} and @{text pcr_cr_eq_thm} can be specified to register the |
|
1653 parametrized correspondence relation for @{text \<tau>}. E.g.\ for @{typ "'a |
|
1654 dlist"}, @{text pcr_def} is @{text "pcr_dlist A \<equiv> list_all2 A \<circ>\<circ> |
|
1655 cr_dlist"} and @{text pcr_cr_eq_thm} is @{text "pcr_dlist op= = op="}. |
|
1656 This attribute is rather used for low-level manipulation with set-up of |
|
1657 the Lifting package because using of the bundle @{text \<tau>.lifting} together |
|
1658 with the commands @{command (HOL) lifting_forget} and @{command (HOL) |
|
1659 lifting_update} is preferred for normal usage. |
|
1660 |
|
1661 \item Integration with the BNF package @{cite "isabelle-datatypes"}: As |
|
1662 already mentioned, the theorems that are registered by the following |
|
1663 attributes are proved and registered automatically if the involved type is |
|
1664 BNF without dead variables: @{attribute (HOL) quot_map}, @{attribute (HOL) |
|
1665 relator_eq_onp}, @{attribute (HOL) "relator_mono"}, @{attribute (HOL) |
|
1666 "relator_distr"}. Also the definition of a relator and predicator is |
|
1667 provided automatically. Moreover, if the BNF represents a datatype, |
|
1668 simplification rules for a predicator are again proved automatically. |
|
1669 |
|
1670 \end{description} |
|
1671 \<close> |
|
1672 |
|
1673 |
|
1674 section \<open>Transfer package \label{sec:transfer}\<close> |
|
1675 |
|
1676 text \<open> |
|
1677 \begin{matharray}{rcl} |
|
1678 @{method_def (HOL) "transfer"} & : & @{text method} \\ |
|
1679 @{method_def (HOL) "transfer'"} & : & @{text method} \\ |
|
1680 @{method_def (HOL) "transfer_prover"} & : & @{text method} \\ |
|
1681 @{attribute_def (HOL) "Transfer.transferred"} & : & @{text attribute} \\ |
|
1682 @{attribute_def (HOL) "untransferred"} & : & @{text attribute} \\ |
|
1683 @{attribute_def (HOL) "transfer_rule"} & : & @{text attribute} \\ |
|
1684 @{attribute_def (HOL) "transfer_domain_rule"} & : & @{text attribute} \\ |
|
1685 @{attribute_def (HOL) "relator_eq"} & : & @{text attribute} \\ |
|
1686 @{attribute_def (HOL) "relator_domain"} & : & @{text attribute} \\ |
|
1687 \end{matharray} |
|
1688 |
|
1689 \begin{description} |
|
1690 |
|
1691 \item @{method (HOL) "transfer"} method replaces the current subgoal with |
|
1692 a logically equivalent one that uses different types and constants. The |
|
1693 replacement of types and constants is guided by the database of transfer |
|
1694 rules. Goals are generalized over all free variables by default; this is |
|
1695 necessary for variables whose types change, but can be overridden for |
|
1696 specific variables with e.g. @{text "transfer fixing: x y z"}. |
|
1697 |
|
1698 \item @{method (HOL) "transfer'"} is a variant of @{method (HOL) transfer} |
|
1699 that allows replacing a subgoal with one that is logically stronger |
|
1700 (rather than equivalent). For example, a subgoal involving equality on a |
|
1701 quotient type could be replaced with a subgoal involving equality (instead |
|
1702 of the corresponding equivalence relation) on the underlying raw type. |
|
1703 |
|
1704 \item @{method (HOL) "transfer_prover"} method assists with proving a |
|
1705 transfer rule for a new constant, provided the constant is defined in |
|
1706 terms of other constants that already have transfer rules. It should be |
|
1707 applied after unfolding the constant definitions. |
|
1708 |
|
1709 \item @{attribute (HOL) "untransferred"} proves the same equivalent |
|
1710 theorem as @{method (HOL) "transfer"} internally does. |
|
1711 |
|
1712 \item @{attribute (HOL) Transfer.transferred} works in the opposite |
|
1713 direction than @{method (HOL) "transfer'"}. E.g.\ given the transfer |
|
1714 relation @{text "ZN x n \<equiv> (x = int n)"}, corresponding transfer rules and |
|
1715 the theorem @{text "\<forall>x::int \<in> {0..}. x < x + 1"}, the attribute would |
|
1716 prove @{text "\<forall>n::nat. n < n + 1"}. The attribute is still in experimental |
|
1717 phase of development. |
|
1718 |
|
1719 \item @{attribute (HOL) "transfer_rule"} attribute maintains a collection |
|
1720 of transfer rules, which relate constants at two different types. Typical |
|
1721 transfer rules may relate different type instances of the same polymorphic |
|
1722 constant, or they may relate an operation on a raw type to a corresponding |
|
1723 operation on an abstract type (quotient or subtype). For example: |
|
1724 |
|
1725 @{text "((A ===> B) ===> list_all2 A ===> list_all2 B) map map"} \\ |
|
1726 @{text "(cr_int ===> cr_int ===> cr_int) (\<lambda>(x,y) (u,v). (x+u, y+v)) plus"} |
|
1727 |
|
1728 Lemmas involving predicates on relations can also be registered using the |
|
1729 same attribute. For example: |
|
1730 |
|
1731 @{text "bi_unique A \<Longrightarrow> (list_all2 A ===> op =) distinct distinct"} \\ |
|
1732 @{text "\<lbrakk>bi_unique A; bi_unique B\<rbrakk> \<Longrightarrow> bi_unique (rel_prod A B)"} |
|
1733 |
|
1734 Preservation of predicates on relations (@{text "bi_unique, bi_total, |
|
1735 right_unique, right_total, left_unique, left_total"}) with the respect to |
|
1736 a relator is proved automatically if the involved type is BNF @{cite |
|
1737 "isabelle-datatypes"} without dead variables. |
|
1738 |
|
1739 \item @{attribute (HOL) "transfer_domain_rule"} attribute maintains a |
|
1740 collection of rules, which specify a domain of a transfer relation by a |
|
1741 predicate. E.g.\ given the transfer relation @{text "ZN x n \<equiv> (x = int |
|
1742 n)"}, one can register the following transfer domain rule: @{text "Domainp |
|
1743 ZN = (\<lambda>x. x \<ge> 0)"}. The rules allow the package to produce more readable |
|
1744 transferred goals, e.g.\ when quantifiers are transferred. |
|
1745 |
|
1746 \item @{attribute (HOL) relator_eq} attribute collects identity laws for |
|
1747 relators of various type constructors, e.g. @{term "rel_set (op =) = (op |
|
1748 =)"}. The @{method (HOL) transfer} method uses these lemmas to infer |
|
1749 transfer rules for non-polymorphic constants on the fly. For examples see |
|
1750 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1751 This property is proved automatically if the involved type is BNF without |
|
1752 dead variables. |
|
1753 |
|
1754 \item @{attribute_def (HOL) "relator_domain"} attribute collects rules |
|
1755 describing domains of relators by predicators. E.g.\ @{term "Domainp |
|
1756 (rel_set T) = (\<lambda>A. Ball A (Domainp T))"}. This allows the package to lift |
|
1757 transfer domain rules through type constructors. For examples see @{file |
|
1758 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
|
1759 property is proved automatically if the involved type is BNF without dead |
|
1760 variables. |
|
1761 |
|
1762 \end{description} |
|
1763 |
|
1764 Theoretical background can be found in @{cite |
|
1765 "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1766 \<close> |
|
1767 |
|
1768 |
1778 |
1769 section \<open>Coercive subtyping\<close> |
1779 section \<open>Coercive subtyping\<close> |
1770 |
1780 |
1771 text \<open> |
1781 text \<open> |
1772 \begin{matharray}{rcl} |
1782 \begin{matharray}{rcl} |