|
1 % |
|
2 \begin{isabellebody}% |
|
3 \def\isabellecontext{Locales}% |
|
4 \isanewline |
|
5 \isamarkupfalse% |
|
6 \isamarkupfalse% |
|
7 % |
|
8 \isamarkupsection{Overview% |
|
9 } |
|
10 \isamarkuptrue% |
|
11 % |
|
12 \begin{isamarkuptext}% |
|
13 Locales are an extension of the Isabelle proof assistant. They |
|
14 provide support for modular reasoning. Locales were initially |
|
15 developed by Kamm\"uller~\cite{Kammuller2000} to support reasoning |
|
16 in abstract algebra, but are applied also in other domains --- for |
|
17 example, bytecode verification~\cite{Klein2003}. |
|
18 |
|
19 Kamm\"uller's original design, implemented in Isabelle99, provides, in |
|
20 addition to |
|
21 means for declaring locales, a set of ML functions that were used |
|
22 along with ML tactics in a proof. In the meantime, the input format |
|
23 for proof in Isabelle has changed and users write proof |
|
24 scripts in ML only rarely if at all. Two new proof styles are |
|
25 available, and can |
|
26 be used interchangeably: linear proof scripts that closely resemble ML |
|
27 tactics, and the structured Isar proof language by |
|
28 Wenzel~\cite{Wenzel2002a}. Subsequently, Wenzel re-implemented |
|
29 locales for |
|
30 the new proof format. The implementation, available with |
|
31 Isabelle2003, constitutes a complete re-design and exploits that |
|
32 both Isar and locales are based on the notion of context, |
|
33 and thus locales are seen as a natural extension of Isar. |
|
34 Nevertheless, locales can also be used with proof scripts: |
|
35 their use does not require a deep understanding of the structured |
|
36 Isar proof style. |
|
37 |
|
38 At the same time, Wenzel considerably extended locales. The most |
|
39 important addition are locale expressions, which allow to combine |
|
40 locales more freely. Previously only |
|
41 linear inheritance was possible. Now locales support multiple |
|
42 inheritance through a normalisation algorithm. New are also |
|
43 structures, which provide special syntax for locale parameters that |
|
44 represent algebraic structures. |
|
45 |
|
46 Unfortunately, Wenzel provided only an implementation but hardly any |
|
47 documentation. Besides providing documentation, the present paper |
|
48 is a high-level description of locales, and in particular locale |
|
49 expressions. It is meant as a first step towards the semantics of |
|
50 locales, and also as a base for comparing locales with module concepts |
|
51 in other provers. It also constitutes the base for future |
|
52 extensions of locales in Isabelle. |
|
53 The description was derived mainly by experimenting |
|
54 with locales and partially also by inspecting the code. |
|
55 |
|
56 The main contribution of the author of the present paper is the |
|
57 abstract description of Wenzel's version of locales, and in |
|
58 particular of the normalisation algorithm for locale expressions (see |
|
59 Section~\ref{sec-normal-forms}). Contributions to the |
|
60 implementation are confined to bug fixes and to provisions that |
|
61 enable the use of locales with linear proof scripts. |
|
62 |
|
63 Concepts are introduced along with examples, so that the text can be |
|
64 used as tutorial. It is assumed that the reader is somewhat |
|
65 familiar with Isabelle proof scripts. Examples have been phrased as |
|
66 structured |
|
67 Isar proofs. However, in order to understand the key concepts, |
|
68 including locales expressions and their normalisation, detailed |
|
69 knowledge of Isabelle is not necessary. |
|
70 |
|
71 \nocite{Nipkow2003,Wenzel2002b,Wenzel2003}% |
|
72 \end{isamarkuptext}% |
|
73 \isamarkuptrue% |
|
74 % |
|
75 \isamarkupsection{Locales: Beyond Proof Contexts% |
|
76 } |
|
77 \isamarkuptrue% |
|
78 % |
|
79 \begin{isamarkuptext}% |
|
80 In tactic-based provers the application of a sequence of proof |
|
81 tactics leads to a proof state. This state is usually hard to |
|
82 predict from looking at the tactic script, unless one replays the |
|
83 proof step-by-step. The structured proof language Isar is |
|
84 different. It is additionally based on \emph{proof contexts}, |
|
85 which are directly visible in Isar scripts, and since tactic |
|
86 sequences tend to be short, this commonly leads to clearer proof |
|
87 scripts. |
|
88 |
|
89 Goals are stated with the \textbf{theorem} |
|
90 command. This is followed by a proof. When discharging a goal |
|
91 requires an elaborate argument |
|
92 (rather than the application of a single tactic) a new context |
|
93 may be entered (\textbf{proof}). Inside the context, variables may |
|
94 be fixed (\textbf{fix}), assumptions made (\textbf{assume}) and |
|
95 intermediate goals stated (\textbf{have}) and proved. The |
|
96 assumptions must be dischargeable by premises of the surrounding |
|
97 goal, and once this goal has been proved (\textbf{show}) the proof context |
|
98 can be closed (\textbf{qed}). Contexts inherit from surrounding |
|
99 contexts, but it is not possible |
|
100 to export from them (with exception of the proved goal); |
|
101 they ``disappear'' after the closing \textbf{qed}. |
|
102 Facts may have attributes --- for example, identifying them as |
|
103 default to the simplifier or classical reasoner. |
|
104 |
|
105 Locales extend proof contexts in various ways: |
|
106 \begin{itemize} |
|
107 \item |
|
108 Locales are usually \emph{named}. This makes them persistent. |
|
109 \item |
|
110 Fixed variables may have \emph{syntax}. |
|
111 \item |
|
112 It is possible to \emph{add} and \emph{export} facts. |
|
113 \item |
|
114 Locales can be combined and modified with \emph{locale |
|
115 expressions}. |
|
116 \end{itemize} |
|
117 The Locales facility extends the Isar language: it provides new ways |
|
118 of stating and managing facts, but it does not modify the language |
|
119 for proofs. Its purpose is to support writing modular proofs.% |
|
120 \end{isamarkuptext}% |
|
121 \isamarkuptrue% |
|
122 % |
|
123 \isamarkupsection{Simple Locales% |
|
124 } |
|
125 \isamarkuptrue% |
|
126 % |
|
127 \isamarkupsubsection{Syntax and Terminology% |
|
128 } |
|
129 \isamarkuptrue% |
|
130 % |
|
131 \begin{isamarkuptext}% |
|
132 The grammar of Isar is extended by commands for locales as shown in |
|
133 Figure~\ref{fig-grammar}. |
|
134 A key concept, introduced by Wenzel, is that |
|
135 locales are (internally) lists |
|
136 of \emph{context elements}. There are four kinds, identified |
|
137 by the keywords \textbf{fixes}, \textbf{assumes}, \textbf{defines} and |
|
138 \textbf{notes}. |
|
139 |
|
140 \begin{figure} |
|
141 \hrule |
|
142 \vspace{2ex} |
|
143 \begin{small} |
|
144 \begin{tabular}{l>$c<$l} |
|
145 \textit{attr-name} & ::= |
|
146 & \textit{name} $|$ \textit{attribute} $|$ |
|
147 \textit{name} \textit{attribute} \\ |
|
148 |
|
149 \textit{locale-expr} & ::= |
|
150 & \textit{locale-expr1} ( ``\textbf{+}'' \textit{locale-expr1} )$^*$ \\ |
|
151 \textit{locale-expr1} & ::= |
|
152 & ( \textit{qualified-name} $|$ |
|
153 ``\textbf{(}'' \textit{locale-expr} ``\textbf{)}'' ) |
|
154 ( \textit{name} $|$ ``\textbf{\_}'' )$^*$ \\ |
|
155 |
|
156 \textit{fixes} & ::= |
|
157 & \textit{name} [ ``\textbf{::}'' \textit{type} ] |
|
158 [ ``\textbf{(}'' \textbf{structure} ``\textbf{)}'' $|$ |
|
159 \textit{mixfix} ] \\ |
|
160 \textit{assumes} & ::= |
|
161 & [ \textit{attr-name} ``\textbf{:}'' ] \textit{proposition} \\ |
|
162 \textit{defines} & ::= |
|
163 & [ \textit{attr-name} ``\textbf{:}'' ] \textit{proposition} \\ |
|
164 \textit{notes} & ::= |
|
165 & [ \textit{attr-name} ``\textbf{=}'' ] |
|
166 ( \textit{qualified-name} [ \textit{attribute} ] )$^+$ \\ |
|
167 |
|
168 \textit{element} & ::= |
|
169 & \textbf{fixes} \textit{fixes} ( \textbf{and} \textit{fixes} )$^*$ \\ |
|
170 & | |
|
171 & \textbf{assumes} \textit{assumes} ( \textbf{and} \textit{assumes} )$^*$ \\ |
|
172 & | |
|
173 & \textbf{defines} \textit{defines} ( \textbf{and} \textit{defines} )$^*$ \\ |
|
174 & | |
|
175 & \textbf{notes} \textit{notes} ( \textbf{and} \textit{notes} )$^*$ \\ |
|
176 & | & \textbf{includes} \textit{locale-expr} \\ |
|
177 |
|
178 \textit{locale} & ::= |
|
179 & \textit{element}$^+$ \\ |
|
180 & | & \textit{locale-expr} [ ``\textbf{+}'' \textit{element}$^+$ ] \\ |
|
181 |
|
182 \textit{in-target} & ::= |
|
183 & ``\textbf{(}'' \textbf{in} \textit{qualified-name} ``\textbf{)}'' \\ |
|
184 |
|
185 \textit{theorem} & ::= & ( \textbf{theorem} $|$ \textbf{lemma} $|$ |
|
186 \textbf{corollary} ) [ \textit{in-target} ] [ \textit{attr-name} ] \\ |
|
187 |
|
188 \textit{theory-level} & ::= & \ldots \\ |
|
189 & | & \textbf{locale} \textit{name} [ ``\textbf{=}'' |
|
190 \textit{locale} ] \\ |
|
191 % note: legacy "locale (open)" omitted. |
|
192 & | & ( \textbf{theorems} $|$ \textbf{lemmas} ) \\ |
|
193 & & [ \textit{in-target} ] [ \textit{attr-name} ``\textbf{=}'' ] |
|
194 ( \textit{qualified-name} [ \textit{attribute} ] )$^+$ \\ |
|
195 & | & \textbf{declare} [ \textit{in-target} ] ( \textit{qualified-name} |
|
196 [ \textit{attribute} ] )$^+$ \\ |
|
197 & | & \textit{theorem} \textit{proposition} \textit{proof} \\ |
|
198 & | & \textit{theorem} \textit{element}$^*$ |
|
199 \textbf{shows} \textit{proposition} \textit{proof} \\ |
|
200 & | & \textbf{print\_locale} \textit{locale} \\ |
|
201 & | & \textbf{print\_locales} |
|
202 \end{tabular} |
|
203 \end{small} |
|
204 \vspace{2ex} |
|
205 \hrule |
|
206 \caption{Locales extend the grammar of Isar.} |
|
207 \label{fig-grammar} |
|
208 \end{figure} |
|
209 |
|
210 At the theory level --- that is, at the outer syntactic level of an |
|
211 Isabelle input file --- \textbf{locale} declares a named |
|
212 locale. Other kinds of locales, |
|
213 locale expressions and unnamed locales, will be introduced later. When |
|
214 declaring a named locale, it is possible to \emph{import} another |
|
215 named locale, or indeed several ones by importing a locale |
|
216 expression. The second part of the declaration, also optional, |
|
217 consists of a number of context element declarations. Here, a fifth |
|
218 kind, \textbf{includes}, is available. |
|
219 |
|
220 A number of Isar commands have an additional, optional \emph{target} |
|
221 argument, which always refers to a named locale. These commands |
|
222 are \textbf{theorem} (together with \textbf{lemma} and |
|
223 \textbf{corollary}), \textbf{theorems} (and |
|
224 \textbf{lemmas}), and \textbf{declare}. The effect of specifying a target is |
|
225 that these commands focus on the specified locale, not the |
|
226 surrounding theory. Commands that are used to |
|
227 prove new theorems will add them not to the theory, but to the |
|
228 locale. Similarly, \textbf{declare} modifies attributes of theorems |
|
229 that belong to the specified target. Additionally, for |
|
230 \textbf{theorem} (and related commands), theorems stored in the target |
|
231 can be used in the associated proof scripts. |
|
232 |
|
233 The Locales package permits a \emph{long goals format} for |
|
234 propositions stated with \textbf{theorem} (and friends). While |
|
235 normally a goal is just a formula, a long goal is a list of context |
|
236 elements, followed by the keyword \textbf{shows}, followed by the |
|
237 formula. Roughly speaking, the context elements are |
|
238 (additional) premises. For an example, see |
|
239 Section~\ref{sec-includes}. The list of context elements in a long goal |
|
240 is also called \emph{unnamed locale}. |
|
241 |
|
242 Finally, there are two commands to inspect locales when working in |
|
243 interactive mode: \textbf{print\_locales} prints the names of all |
|
244 targets |
|
245 visible in the current theory, \textbf{print\_locale} outputs the |
|
246 elements of a named locale or locale expression. |
|
247 |
|
248 The following presentation will use notation of |
|
249 Isabelle's meta logic, hence a few sentences to explain this. |
|
250 The logical |
|
251 primitives are universal quantification (\isa{{\isasymAnd}}), entailment |
|
252 (\isa{{\isasymLongrightarrow}}) and equality (\isa{{\isasymequiv}}). Variables (not bound |
|
253 variables) are sometimes preceded by a question mark. The logic is |
|
254 typed. Type variables are denoted by \isa{{\isacharprime}a}, \isa{{\isacharprime}b} |
|
255 etc., and \isa{{\isasymRightarrow}} is the function type. Double brackets \isa{{\isasymlbrakk}} and \isa{{\isasymrbrakk}} are used to abbreviate nested entailment.% |
|
256 \end{isamarkuptext}% |
|
257 \isamarkuptrue% |
|
258 % |
|
259 \isamarkupsubsection{Parameters, Assumptions and Facts% |
|
260 } |
|
261 \isamarkuptrue% |
|
262 % |
|
263 \begin{isamarkuptext}% |
|
264 From a logical point of view a \emph{context} is a formula schema of |
|
265 the form |
|
266 \[ |
|
267 \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}{\isasymdots}x\isactrlsub n{\isachardot}\ {\isasymlbrakk}\ C\isactrlsub {\isadigit{1}}{\isacharsemicolon}\ {\isasymdots}\ {\isacharsemicolon}C\isactrlsub m\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isasymdots}} |
|
268 \] |
|
269 The variables $\isa{x\isactrlsub {\isadigit{1}}}, \ldots, \isa{x\isactrlsub n}$ are |
|
270 called \emph{parameters}, the premises $\isa{C\isactrlsub {\isadigit{1}}}, \ldots, |
|
271 \isa{C\isactrlsub n}$ \emph{assumptions}. A formula \isa{F} |
|
272 holds in this context if |
|
273 \begin{equation} |
|
274 \label{eq-fact-in-context} |
|
275 \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}{\isasymdots}x\isactrlsub n{\isachardot}\ {\isasymlbrakk}\ C\isactrlsub {\isadigit{1}}{\isacharsemicolon}\ {\isasymdots}\ {\isacharsemicolon}C\isactrlsub m\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ F} |
|
276 \end{equation} |
|
277 is valid. The formula is called a \emph{fact} of the context. |
|
278 |
|
279 A locale allows fixing the parameters \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub n} and making the assumptions \isa{C\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ C\isactrlsub m}. This implicitly builds the context in |
|
280 which the formula \isa{F} can be established. |
|
281 Parameters of a locale correspond to the context element |
|
282 \textbf{fixes}, and assumptions may be declared with |
|
283 \textbf{assumes}. Using these context elements one can define |
|
284 the specification of semigroups.% |
|
285 \end{isamarkuptext}% |
|
286 \isamarkuptrue% |
|
287 \isacommand{locale}\ semi\ {\isacharequal}\isanewline |
|
288 \ \ \isakeyword{fixes}\ prod\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymcdot}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
289 \ \ \isakeyword{assumes}\ assoc{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymcdot}\ y{\isacharparenright}\ {\isasymcdot}\ z\ {\isacharequal}\ x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\isamarkupfalse% |
|
290 % |
|
291 \begin{isamarkuptext}% |
|
292 The parameter \isa{prod} has a |
|
293 syntax annotation allowing the infix ``\isa{{\isasymcdot}}'' in the |
|
294 assumption of associativity. Parameters may have arbitrary mixfix |
|
295 syntax, like constants. In the example, the type of \isa{prod} is |
|
296 specified explicitly. This is not necessary. If no type is |
|
297 specified, a most general type is inferred simultaneously for all |
|
298 parameters, taking into account all assumptions (and type |
|
299 specifications of parameters, if present).% |
|
300 \footnote{Type inference also takes into account definitions and |
|
301 import, as introduced later.} |
|
302 |
|
303 Free variables in assumptions are implicitly universally quantified, |
|
304 unless they are parameters. Hence the context defined by the locale |
|
305 \isa{semi} is |
|
306 \[ |
|
307 \isa{{\isasymAnd}prod{\isachardot}\ {\isasymlbrakk}\ {\isasymAnd}x\ y\ z{\isachardot}\ prod\ {\isacharparenleft}prod\ x\ y{\isacharparenright}\ z\ {\isacharequal}\ prod\ x\ {\isacharparenleft}prod\ y\ z{\isacharparenright}\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isasymdots}} |
|
308 \] |
|
309 The locale can be extended to commutative semigroups.% |
|
310 \end{isamarkuptext}% |
|
311 \isamarkuptrue% |
|
312 \isacommand{locale}\ comm{\isacharunderscore}semi\ {\isacharequal}\ semi\ {\isacharplus}\isanewline |
|
313 \ \ \isakeyword{assumes}\ comm{\isacharcolon}\ {\isachardoublequote}x\ {\isasymcdot}\ y\ {\isacharequal}\ y\ {\isasymcdot}\ x{\isachardoublequote}\isamarkupfalse% |
|
314 % |
|
315 \begin{isamarkuptext}% |
|
316 This locale \emph{imports} all elements of \isa{semi}. The |
|
317 latter locale is called the import of \isa{comm{\isacharunderscore}semi}. The |
|
318 definition adds commutativity, hence its context is |
|
319 \begin{align*% |
|
320 } |
|
321 \isa{{\isasymAnd}prod{\isachardot}\ {\isasymlbrakk}} & |
|
322 \isa{{\isasymAnd}x\ y\ z{\isachardot}\ prod\ {\isacharparenleft}prod\ x\ y{\isacharparenright}\ z\ {\isacharequal}\ prod\ x\ {\isacharparenleft}prod\ y\ z{\isacharparenright}{\isacharsemicolon}} \\ |
|
323 & \isa{{\isasymAnd}x\ y{\isachardot}\ prod\ x\ y\ {\isacharequal}\ prod\ y\ x\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isasymdots}} |
|
324 \end{align*% |
|
325 } |
|
326 One may now derive facts --- for example, left-commutativity --- in |
|
327 the context of \isa{comm{\isacharunderscore}semi} by specifying this locale as |
|
328 target, and by referring to the names of the assumptions \isa{assoc} and \isa{comm} in the proof.% |
|
329 \end{isamarkuptext}% |
|
330 \isamarkuptrue% |
|
331 \isacommand{theorem}\ {\isacharparenleft}\isakeyword{in}\ comm{\isacharunderscore}semi{\isacharparenright}\ lcomm{\isacharcolon}\isanewline |
|
332 \ \ {\isachardoublequote}x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}\ {\isacharequal}\ y\ {\isasymcdot}\ {\isacharparenleft}x\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\isanewline |
|
333 \isamarkupfalse% |
|
334 \isacommand{proof}\ {\isacharminus}\isanewline |
|
335 \ \ \isamarkupfalse% |
|
336 \isacommand{have}\ {\isachardoublequote}x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isasymcdot}\ y{\isacharparenright}\ {\isasymcdot}\ z{\isachardoublequote}\ \isamarkupfalse% |
|
337 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ assoc{\isacharparenright}\isanewline |
|
338 \ \ \isamarkupfalse% |
|
339 \isacommand{also}\ \isamarkupfalse% |
|
340 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ {\isacharparenleft}y\ {\isasymcdot}\ x{\isacharparenright}\ {\isasymcdot}\ z{\isachardoublequote}\ \isamarkupfalse% |
|
341 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ comm{\isacharparenright}\isanewline |
|
342 \ \ \isamarkupfalse% |
|
343 \isacommand{also}\ \isamarkupfalse% |
|
344 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ y\ {\isasymcdot}\ {\isacharparenleft}x\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\ \isamarkupfalse% |
|
345 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ assoc{\isacharparenright}\isanewline |
|
346 \ \ \isamarkupfalse% |
|
347 \isacommand{finally}\ \isamarkupfalse% |
|
348 \isacommand{show}\ {\isacharquery}thesis\ \isamarkupfalse% |
|
349 \isacommand{{\isachardot}}\isanewline |
|
350 \isamarkupfalse% |
|
351 \isacommand{qed}\isamarkupfalse% |
|
352 % |
|
353 \begin{isamarkuptext}% |
|
354 In this equational Isar proof, ``\isa{{\isasymdots}}'' refers to the |
|
355 right hand side of the preceding equation. |
|
356 After the proof is finished, the fact \isa{lcomm} is added to |
|
357 the locale \isa{comm{\isacharunderscore}semi}. This is done by adding a |
|
358 \textbf{notes} element to the internal representation of the locale, |
|
359 as explained the next section.% |
|
360 \end{isamarkuptext}% |
|
361 \isamarkuptrue% |
|
362 % |
|
363 \isamarkupsubsection{Locale Predicates and the Internal Representation of |
|
364 Locales% |
|
365 } |
|
366 \isamarkuptrue% |
|
367 % |
|
368 \begin{isamarkuptext}% |
|
369 \label{sec-locale-predicates} |
|
370 In mathematical texts, often arbitrary but fixed objects with |
|
371 certain properties are considered --- for instance, an arbitrary but |
|
372 fixed group $G$ --- with the purpose of establishing facts valid for |
|
373 any group. These facts are subsequently used on other objects that |
|
374 also have these properties. |
|
375 |
|
376 Locales permit the same style of reasoning. Exporting a fact $F$ |
|
377 generalises the fixed parameters and leads to a (valid) formula of the |
|
378 form of equation~(\ref{eq-fact-in-context}). If a locale has many |
|
379 assumptions |
|
380 (possibly accumulated through a number of imports) this formula can |
|
381 become large and cumbersome. Therefore, Wenzel introduced |
|
382 predicates that abbreviate the assumptions of locales. These |
|
383 predicates are not confined to the locale but are visible in the |
|
384 surrounding theory. |
|
385 |
|
386 The definition of the locale \isa{semi} generates the \emph{locale |
|
387 predicate} \isa{semi} over the type of the parameter \isa{prod}, |
|
388 hence the predicate's type is \isa{{\isacharparenleft}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isacharparenright}\ {\isasymRightarrow}\ bool}. Its |
|
389 definition is |
|
390 \begin{equation} |
|
391 \tag*{\isa{semi{\isacharunderscore}def}:} \isa{semi\ {\isacharquery}prod\ {\isasymequiv}\ {\isasymforall}x\ y\ z{\isachardot}\ {\isacharquery}prod\ {\isacharparenleft}{\isacharquery}prod\ x\ y{\isacharparenright}\ z\ {\isacharequal}\ {\isacharquery}prod\ x\ {\isacharparenleft}{\isacharquery}prod\ y\ z{\isacharparenright}}. |
|
392 \end{equation} |
|
393 In the case where the locale has no import, the generated |
|
394 predicate abbreviates all assumptions and is over the parameters |
|
395 that occur in these assumptions. |
|
396 |
|
397 The situation is more complicated when a locale extends |
|
398 another locale, as is the case for \isa{comm{\isacharunderscore}semi}. Two |
|
399 predicates are defined. The predicate |
|
400 \isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms} corresponds to the new assumptions and is |
|
401 called \emph{delta predicate}, the locale |
|
402 predicate \isa{comm{\isacharunderscore}semi} captures the content of all the locale, |
|
403 including the import. |
|
404 If a locale has neither assumptions nor import, no predicate is |
|
405 defined. If a locale has import but no assumptions, only the locale |
|
406 predicate is defined.% |
|
407 \end{isamarkuptext}% |
|
408 \isamarkuptrue% |
|
409 \isamarkupfalse% |
|
410 % |
|
411 \begin{isamarkuptext}% |
|
412 The Locales package generates a number of theorems for locale and |
|
413 delta predicates. All predicates have a definition and an |
|
414 introduction rule. Locale predicates that are defined in terms of |
|
415 other predicates (which is the case if and only if the locale has |
|
416 import) also have a number of elimination rules (called |
|
417 \emph{axioms}). All generated theorems for the predicates of the |
|
418 locales \isa{semi} and \isa{comm{\isacharunderscore}semi} are shown in |
|
419 Figures~\ref{fig-theorems-semi} and~\ref{fig-theorems-comm-semi}, |
|
420 respectively. |
|
421 \begin{figure} |
|
422 \hrule |
|
423 \vspace{2ex} |
|
424 Theorems generated for the predicate \isa{semi}. |
|
425 \begin{gather} |
|
426 \tag*{\isa{semi{\isacharunderscore}def}:} \isa{semi\ {\isacharquery}prod\ {\isasymequiv}\ {\isasymforall}x\ y\ z{\isachardot}\ {\isacharquery}prod\ {\isacharparenleft}{\isacharquery}prod\ x\ y{\isacharparenright}\ z\ {\isacharequal}\ {\isacharquery}prod\ x\ {\isacharparenleft}{\isacharquery}prod\ y\ z{\isacharparenright}} \\ |
|
427 \tag*{\isa{semi{\isachardot}intro}:} \isa{{\isacharparenleft}{\isasymAnd}x\ y\ z{\isachardot}\ {\isacharquery}prod\ {\isacharparenleft}{\isacharquery}prod\ x\ y{\isacharparenright}\ z\ {\isacharequal}\ {\isacharquery}prod\ x\ {\isacharparenleft}{\isacharquery}prod\ y\ z{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ semi\ {\isacharquery}prod} |
|
428 \end{gather} |
|
429 \hrule |
|
430 \caption{Theorems for the locale predicate \isa{semi}.} |
|
431 \label{fig-theorems-semi} |
|
432 \end{figure} |
|
433 |
|
434 \begin{figure}[h] |
|
435 \hrule |
|
436 \vspace{2ex} |
|
437 Theorems generated for the predicate \isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms}. |
|
438 \begin{gather} |
|
439 \tag*{\isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms{\isacharunderscore}def}:} \isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms\ {\isacharquery}prod\ {\isasymequiv}\ {\isasymforall}x\ y{\isachardot}\ {\isacharquery}prod\ x\ y\ {\isacharequal}\ {\isacharquery}prod\ y\ x} \\ |
|
440 \tag*{\isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms{\isachardot}intro}:} \isa{{\isacharparenleft}{\isasymAnd}x\ y{\isachardot}\ {\isacharquery}prod\ x\ y\ {\isacharequal}\ {\isacharquery}prod\ y\ x{\isacharparenright}\ {\isasymLongrightarrow}\ comm{\isacharunderscore}semi{\isacharunderscore}axioms\ {\isacharquery}prod} |
|
441 \end{gather} |
|
442 Theorems generated for the predicate \isa{comm{\isacharunderscore}semi}. |
|
443 \begin{gather} |
|
444 \tag*{\isa{comm{\isacharunderscore}semi{\isacharunderscore}def}:} \isa{comm{\isacharunderscore}semi\ {\isacharquery}prod\ {\isasymequiv}\ semi\ {\isacharquery}prod\ {\isasymand}\ comm{\isacharunderscore}semi{\isacharunderscore}axioms\ {\isacharquery}prod} \\ |
|
445 \tag*{\isa{comm{\isacharunderscore}semi{\isachardot}intro}:} \isa{{\isasymlbrakk}semi\ {\isacharquery}prod{\isacharsemicolon}\ comm{\isacharunderscore}semi{\isacharunderscore}axioms\ {\isacharquery}prod{\isasymrbrakk}\ {\isasymLongrightarrow}\ comm{\isacharunderscore}semi\ {\isacharquery}prod} \\ |
|
446 \tag*{\isa{comm{\isacharunderscore}semi{\isachardot}axioms}:} \mbox{} \\ |
|
447 \notag \isa{comm{\isacharunderscore}semi\ {\isacharquery}prod\ {\isasymLongrightarrow}\ semi\ {\isacharquery}prod} \\ |
|
448 \notag \isa{comm{\isacharunderscore}semi\ {\isacharquery}prod\ {\isasymLongrightarrow}\ comm{\isacharunderscore}semi{\isacharunderscore}axioms\ {\isacharquery}prod} |
|
449 \end{gather} |
|
450 \hrule |
|
451 \caption{Theorems for the predicates \isa{comm{\isacharunderscore}semi{\isacharunderscore}axioms} and |
|
452 \isa{comm{\isacharunderscore}semi}.} |
|
453 \label{fig-theorems-comm-semi} |
|
454 \end{figure} |
|
455 Note that the theorems generated by a locale |
|
456 definition may be inspected immediately after the definition in the |
|
457 Proof General interface \cite{Aspinall2000} of Isabelle through |
|
458 the menu item ``Isabelle/Isar$>$Show me $\ldots>$Theorems''. |
|
459 |
|
460 Locale and delta predicates are used also in the internal |
|
461 representation of locales as lists of context elements. While all |
|
462 \textbf{fixes} in a |
|
463 declaration generate internal \textbf{fixes}, all assumptions |
|
464 of one locale declaration contribute to one internal \textbf{assumes} |
|
465 element. The internal representation of \isa{semi} is |
|
466 \[ |
|
467 \begin{array}{ll} |
|
468 \textbf{fixes} & \isa{prod} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} |
|
469 (\textbf{infixl} \isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}} 70) \\ |
|
470 \textbf{assumes} & \isa{{\isachardoublequote}semi\ prod{\isachardoublequote}} \\ |
|
471 \textbf{notes} & \isa{assoc}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z\ {\isacharequal}\ {\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} |
|
472 \end{array} |
|
473 \] |
|
474 and the internal representation of \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isachardoublequote}} is |
|
475 \begin{equation} |
|
476 \label{eq-comm-semi} |
|
477 \begin{array}{ll} |
|
478 \textbf{fixes} & \isa{prod} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} |
|
479 ~(\textbf{infixl}~\isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}}~70) \\ |
|
480 \textbf{assumes} & \isa{{\isachardoublequote}semi\ prod{\isachardoublequote}} \\ |
|
481 \textbf{notes} & \isa{assoc}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z\ {\isacharequal}\ {\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
482 \textbf{assumes} & \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isacharunderscore}axioms\ prod{\isachardoublequote}} \\ |
|
483 \textbf{notes} & \isa{comm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}x{\isachardoublequote}} \\ |
|
484 \textbf{notes} & \isa{lcomm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} |
|
485 \end{array} |
|
486 \end{equation} |
|
487 The \textbf{notes} elements store facts of the |
|
488 locales. The facts \isa{assoc} and \isa{comm} were added |
|
489 during the declaration of the locales. They stem from assumptions, |
|
490 which are trivially facts. The fact \isa{lcomm} was |
|
491 added later, after finishing the proof in the respective |
|
492 \textbf{theorem} command above. |
|
493 |
|
494 By using \textbf{notes} in a declaration, facts can be added |
|
495 to a locale directly. Of course, these must be theorems. |
|
496 Typical use of this feature includes adding theorems that are not |
|
497 usually used as a default rewrite rules by the simplifier to the |
|
498 simpset of the locale by a \textbf{notes} element with the attribute |
|
499 \isa{{\isacharbrackleft}simp{\isacharbrackright}}. This way it is also possible to add specialised |
|
500 versions of |
|
501 theorems to a locale by instantiating locale parameters for unknowns |
|
502 or locale assumptions for premises.% |
|
503 \end{isamarkuptext}% |
|
504 \isamarkuptrue% |
|
505 % |
|
506 \isamarkupsubsection{Definitions% |
|
507 } |
|
508 \isamarkuptrue% |
|
509 % |
|
510 \begin{isamarkuptext}% |
|
511 Definitions were available in Kamm\"uller's version of Locales, and |
|
512 they are in Wenzel's. |
|
513 The context element \textbf{defines} adds a definition of the form |
|
514 \isa{p\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ t} as an assumption, where \isa{p} is a |
|
515 parameter of the locale (possibly an imported parameter), and \isa{t} a term that may contain the \isa{x\isactrlsub i}. The parameter may |
|
516 neither occur in a previous \textbf{assumes} or \textbf{defines} |
|
517 element, nor on the right hand side of the definition. Hence |
|
518 recursion is not allowed. |
|
519 The parameter may, however, occur in subsequent \textbf{assumes} and |
|
520 on the right hand side of subsequent \textbf{defines}. We call |
|
521 \isa{p} \emph{defined parameter}.% |
|
522 \end{isamarkuptext}% |
|
523 \isamarkuptrue% |
|
524 \isacommand{locale}\ semi{\isadigit{2}}\ {\isacharequal}\ semi\ {\isacharplus}\isanewline |
|
525 \ \ \isakeyword{fixes}\ rprod\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymodot}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
526 \ \ \isakeyword{defines}\ rprod{\isacharunderscore}def{\isacharcolon}\ {\isachardoublequote}rprod\ x\ y\ {\isasymequiv}\ y\ {\isasymcdot}\ x\ {\isachardoublequote}\isamarkupfalse% |
|
527 % |
|
528 \begin{isamarkuptext}% |
|
529 This locale extends \isa{semi} by a second binary operation \isa{{\isachardoublequote}{\isasymodot}{\isachardoublequote}} that is like \isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}} but with |
|
530 reversed arguments. The |
|
531 definition of the locale generates the predicate \isa{semi{\isadigit{2}}}, |
|
532 which is equivalent to \isa{semi}, but no \isa{semi{\isadigit{2}}{\isacharunderscore}axioms}. |
|
533 The difference between \textbf{assumes} and \textbf{defines} lies in |
|
534 the way parameters are treated on export.% |
|
535 \end{isamarkuptext}% |
|
536 \isamarkuptrue% |
|
537 % |
|
538 \isamarkupsubsection{Export% |
|
539 } |
|
540 \isamarkuptrue% |
|
541 % |
|
542 \begin{isamarkuptext}% |
|
543 A fact is exported out |
|
544 of a locale by generalising over the parameters and adding |
|
545 assumptions as premises. For brevity of the exported theorems, |
|
546 locale predicates are used. Exported facts are referenced by |
|
547 writing qualified names consisting of the locale name and the fact name --- |
|
548 for example, |
|
549 \begin{equation} |
|
550 \tag*{\isa{semi{\isachardot}assoc}:} \isa{semi\ {\isacharquery}prod\ {\isasymLongrightarrow}\ {\isacharquery}prod\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}x\ {\isacharquery}y{\isacharparenright}\ {\isacharquery}z\ {\isacharequal}\ {\isacharquery}prod\ {\isacharquery}x\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}}. |
|
551 \end{equation} |
|
552 Defined parameters receive special treatment. Instead of adding a |
|
553 premise for the definition, the definition is unfolded in the |
|
554 exported theorem. In order to illustrate this we prove that the |
|
555 reverse operation \isa{{\isachardoublequote}{\isasymodot}{\isachardoublequote}} defined in the locale |
|
556 \isa{semi{\isadigit{2}}} is also associative.% |
|
557 \end{isamarkuptext}% |
|
558 \isamarkuptrue% |
|
559 \isacommand{theorem}\ {\isacharparenleft}\isakeyword{in}\ semi{\isadigit{2}}{\isacharparenright}\ r{\isacharunderscore}assoc{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymodot}\ y{\isacharparenright}\ {\isasymodot}\ z\ {\isacharequal}\ x\ {\isasymodot}\ {\isacharparenleft}y\ {\isasymodot}\ z{\isacharparenright}{\isachardoublequote}\isanewline |
|
560 \ \ \isamarkupfalse% |
|
561 \isacommand{by}\ {\isacharparenleft}simp\ only{\isacharcolon}\ rprod{\isacharunderscore}def\ assoc{\isacharparenright}\isamarkupfalse% |
|
562 % |
|
563 \begin{isamarkuptext}% |
|
564 The exported fact is |
|
565 \begin{equation} |
|
566 \tag*{\isa{semi{\isadigit{2}}{\isachardot}r{\isacharunderscore}assoc}:} \isa{semi{\isadigit{2}}\ {\isacharquery}prod\ {\isasymLongrightarrow}\ {\isacharquery}prod\ {\isacharquery}z\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}y\ {\isacharquery}x{\isacharparenright}\ {\isacharequal}\ {\isacharquery}prod\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}z\ {\isacharquery}y{\isacharparenright}\ {\isacharquery}x}. |
|
567 \end{equation} |
|
568 The defined parameter is not present but is replaced by its |
|
569 definition. Note that the definition itself is not exported, hence |
|
570 there is no \isa{semi{\isadigit{2}}{\isachardot}rprod{\isacharunderscore}def}.% |
|
571 \footnote{The definition could alternatively be exported using a |
|
572 let-construct if there was one in Isabelle's meta-logic. Let is |
|
573 usually defined in object-logics.}% |
|
574 \end{isamarkuptext}% |
|
575 \isamarkuptrue% |
|
576 % |
|
577 \isamarkupsection{Locale Expressions% |
|
578 } |
|
579 \isamarkuptrue% |
|
580 % |
|
581 \begin{isamarkuptext}% |
|
582 Locale expressions provide a simple language for combining |
|
583 locales. They are an effective means of building complex |
|
584 specifications from simple ones. Locale expressions are the main |
|
585 innovation of the version of Locales discussed here. Locale |
|
586 expressions are also reason for introducing locale predicates.% |
|
587 \end{isamarkuptext}% |
|
588 \isamarkuptrue% |
|
589 % |
|
590 \isamarkupsubsection{Rename and Merge% |
|
591 } |
|
592 \isamarkuptrue% |
|
593 % |
|
594 \begin{isamarkuptext}% |
|
595 The grammar of locale expressions is part of the grammar in |
|
596 Figure~\ref{fig-grammar}. Locale names are locale |
|
597 expressions, and |
|
598 further expressions are obtained by \emph{rename} and \emph{merge}. |
|
599 \begin{description} |
|
600 \item[Rename.] |
|
601 The locale expression $e\: q_1 \ldots q_n$ denotes |
|
602 the locale of $e$ where pa\-ra\-me\-ters, in the order in |
|
603 which they are fixed, are renamed to $q_1$ to $q_n$. |
|
604 The expression is only well-formed if $n$ does not |
|
605 exceed the number of parameters of $e$. Underscores denote |
|
606 parameters that are not renamed. |
|
607 Parameters whose names are changed lose mixfix syntax, |
|
608 and there is currently no way to re-equip them with such. |
|
609 \item[Merge.] |
|
610 The locale expression $e_1 + e_2$ denotes |
|
611 the locale obtained by merging the locales of $e_1$ |
|
612 and $e_2$. This locale contains the context elements |
|
613 of $e_1$, followed by the context elements of $e_2$. |
|
614 |
|
615 In actual fact, the semantics of the merge operation |
|
616 is more complicated. If $e_1$ and $e_2$ are expressions containing |
|
617 the same name, followed by |
|
618 identical parameter lists, then the merge of both will contain |
|
619 the elements of those locales only once. Details are explained in |
|
620 Section~\ref{sec-normal-forms} below. |
|
621 |
|
622 The merge operation is associative but not commutative. The latter |
|
623 is because parameters of $e_1$ appear |
|
624 before parameters of $e_2$ in the composite expression. |
|
625 \end{description} |
|
626 |
|
627 Rename can be used if a different parameter name seems more |
|
628 appropriate --- for example, when moving from groups to rings, a |
|
629 parameter \isa{G} representing the group could be changed to |
|
630 \isa{R}. Besides of this stylistic use, renaming is important in |
|
631 combination with merge. Both operations are used in the following |
|
632 specification of semigroup homomorphisms.% |
|
633 \end{isamarkuptext}% |
|
634 \isamarkuptrue% |
|
635 \isacommand{locale}\ semi{\isacharunderscore}hom\ {\isacharequal}\ comm{\isacharunderscore}semi\ sum\ {\isacharplus}\ comm{\isacharunderscore}semi\ {\isacharplus}\isanewline |
|
636 \ \ \isakeyword{fixes}\ hom\isanewline |
|
637 \ \ \isakeyword{assumes}\ hom{\isacharcolon}\ {\isachardoublequote}hom\ {\isacharparenleft}sum\ x\ y{\isacharparenright}\ {\isacharequal}\ hom\ x\ {\isasymcdot}\ hom\ y{\isachardoublequote}\isamarkupfalse% |
|
638 % |
|
639 \begin{isamarkuptext}% |
|
640 This locale defines a context with three parameters \isa{sum}, |
|
641 \isa{prod} and \isa{hom}. Only the second parameter has |
|
642 mixfix syntax. The first two are associative operations, |
|
643 the first of type \isa{{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a}, the second of |
|
644 type \isa{{\isacharbrackleft}{\isacharprime}b{\isacharcomma}\ {\isacharprime}b{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}b}. |
|
645 |
|
646 How are facts that are imported via a locale expression identified? |
|
647 Facts are always introduced in a named locale (either in the |
|
648 locale's declaration, or by using the locale as target in |
|
649 \textbf{theorem}), and their names are |
|
650 qualified by the parameter names of this locale. |
|
651 Hence the full name of associativity in \isa{semi} is |
|
652 \isa{prod{\isachardot}assoc}. Renaming parameters of a target also renames |
|
653 the qualifier of facts. Hence, associativity of \isa{sum} is |
|
654 \isa{sum{\isachardot}assoc}. Several parameters are separated by |
|
655 underscores in qualifiers. For example, the full name of the fact |
|
656 \isa{hom} in the locale \isa{semi{\isacharunderscore}hom} is \isa{sum{\isacharunderscore}prod{\isacharunderscore}hom{\isachardot}hom}. |
|
657 |
|
658 The following example is quite artificial, it illustrates the use of |
|
659 facts, though.% |
|
660 \end{isamarkuptext}% |
|
661 \isamarkuptrue% |
|
662 \isacommand{theorem}\ {\isacharparenleft}\isakeyword{in}\ semi{\isacharunderscore}hom{\isacharparenright}\ {\isachardoublequote}hom\ x\ {\isasymcdot}\ {\isacharparenleft}hom\ y\ {\isasymcdot}\ hom\ z{\isacharparenright}\ {\isacharequal}\ hom\ {\isacharparenleft}sum\ x\ {\isacharparenleft}sum\ y\ z{\isacharparenright}{\isacharparenright}{\isachardoublequote}\isanewline |
|
663 \isamarkupfalse% |
|
664 \isacommand{proof}\ {\isacharminus}\isanewline |
|
665 \ \ \isamarkupfalse% |
|
666 \isacommand{have}\ {\isachardoublequote}hom\ x\ {\isasymcdot}\ {\isacharparenleft}hom\ y\ {\isasymcdot}\ hom\ z{\isacharparenright}\ {\isacharequal}\ hom\ y\ {\isasymcdot}\ {\isacharparenleft}hom\ x\ {\isasymcdot}\ hom\ z{\isacharparenright}{\isachardoublequote}\isanewline |
|
667 \ \ \ \ \isamarkupfalse% |
|
668 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ prod{\isachardot}lcomm{\isacharparenright}\isanewline |
|
669 \ \ \isamarkupfalse% |
|
670 \isacommand{also}\ \isamarkupfalse% |
|
671 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ hom\ {\isacharparenleft}sum\ y\ {\isacharparenleft}sum\ x\ z{\isacharparenright}{\isacharparenright}{\isachardoublequote}\ \isamarkupfalse% |
|
672 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ hom{\isacharparenright}\isanewline |
|
673 \ \ \isamarkupfalse% |
|
674 \isacommand{also}\ \isamarkupfalse% |
|
675 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ hom\ {\isacharparenleft}sum\ x\ {\isacharparenleft}sum\ y\ z{\isacharparenright}{\isacharparenright}{\isachardoublequote}\ \isamarkupfalse% |
|
676 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ sum{\isachardot}lcomm{\isacharparenright}\isanewline |
|
677 \ \ \isamarkupfalse% |
|
678 \isacommand{finally}\ \isamarkupfalse% |
|
679 \isacommand{show}\ {\isacharquery}thesis\ \isamarkupfalse% |
|
680 \isacommand{{\isachardot}}\isanewline |
|
681 \isamarkupfalse% |
|
682 \isacommand{qed}\isamarkupfalse% |
|
683 % |
|
684 \begin{isamarkuptext}% |
|
685 Importing via a locale expression imports all facts of |
|
686 the imported locales, hence both \isa{sum{\isachardot}lcomm} and \isa{prod{\isachardot}lcomm} are |
|
687 available in \isa{hom{\isacharunderscore}semi}. The import is dynamic --- that is, |
|
688 whenever facts are added to a locale, they automatically |
|
689 become available in subsequent \textbf{theorem} commands that use |
|
690 the locale as a target, or a locale importing the locale.% |
|
691 \end{isamarkuptext}% |
|
692 \isamarkuptrue% |
|
693 % |
|
694 \isamarkupsubsection{Normal Forms% |
|
695 } |
|
696 \isamarkuptrue% |
|
697 % |
|
698 \label{sec-normal-forms} |
|
699 \newcommand{\I}{\mathcal{I}} |
|
700 \newcommand{\F}{\mathcal{F}} |
|
701 \newcommand{\N}{\mathcal{N}} |
|
702 \newcommand{\C}{\mathcal{C}} |
|
703 \newcommand{\App}{\mathbin{\overline{@}}} |
|
704 % |
|
705 \begin{isamarkuptext}% |
|
706 Locale expressions are interpreted in a two-step process. First, an |
|
707 expression is normalised, then it is converted to a list of context |
|
708 elements. |
|
709 |
|
710 Normal forms are based on \textbf{locale} declarations. These |
|
711 consist of an import section followed by a list of context |
|
712 elements. Let $\I(l)$ denote the locale expression imported by |
|
713 locale $l$. If $l$ has no import then $\I(l) = \varepsilon$. |
|
714 Likewise, let $\F(l)$ denote the list of context elements, also |
|
715 called the \emph{context fragment} of $l$. Note that $\F(l)$ |
|
716 contains only those context elements that are stated in the |
|
717 declaration of $l$, not imported ones. |
|
718 |
|
719 \paragraph{Example 1.} Consider the locales \isa{semi} and \isa{comm{\isacharunderscore}semi}. We have $\I(\isa{semi}) = \varepsilon$ and |
|
720 $\I(\isa{comm{\isacharunderscore}semi}) = \isa{semi}$, and the context fragments |
|
721 are |
|
722 \begin{align*% |
|
723 } |
|
724 \F(\isa{semi}) & = \left[ |
|
725 \begin{array}{ll} |
|
726 \textbf{fixes} & \isa{prod} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} |
|
727 ~(\textbf{infixl}~\isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}}~70) \\ |
|
728 \textbf{assumes} & \isa{{\isachardoublequote}semi\ prod{\isachardoublequote}} \\ |
|
729 \textbf{notes} & \isa{assoc}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z\ {\isacharequal}\ {\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} |
|
730 \end{array} \right], \\ |
|
731 \F(\isa{comm{\isacharunderscore}semi}) & = \left[ |
|
732 \begin{array}{ll} |
|
733 \textbf{assumes} & \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isacharunderscore}axioms\ prod{\isachardoublequote}} \\ |
|
734 \textbf{notes} & \isa{comm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}x{\isachardoublequote}} \\ |
|
735 \textbf{notes} & \isa{lcomm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} |
|
736 \end{array} \right]. |
|
737 \end{align*% |
|
738 } |
|
739 Let $\pi_0(\F(l))$ denote the list of parameters defined in the |
|
740 \textbf{fixes} elements of $\F(l)$ in the order of their occurrence. |
|
741 The list of parameters of a locale expression $\pi(e)$ is defined as |
|
742 follows: |
|
743 \begin{align*% |
|
744 } |
|
745 \pi(l) & = \pi(\I(l)) \App \pi_0(\F(l)) \text{, for named locale $l$.} \\ |
|
746 \pi(e\: q_1 \ldots q_n) & = \text{$[q_1, \ldots, q_n, p_{n+1}, \ldots, |
|
747 p_{m}]$, where $\pi(e) = [p_1, \ldots, p_m]$.} \\ |
|
748 \pi(e_1 + e_2) & = \pi(e_1) \App \pi(e_2) |
|
749 \end{align*% |
|
750 } |
|
751 The operation $\App$ concatenates two lists but omits elements from |
|
752 the second list that are also present in the first list. |
|
753 It is not possible to rename more parameters than there |
|
754 are present in an expression --- that is, $n \le m$ --- otherwise |
|
755 the renaming is illegal. If $q_i |
|
756 = \_$ then the $i$th entry of the resulting list is $p_i$. |
|
757 |
|
758 In the normalisation phase, imports of named locales are unfolded, and |
|
759 renames and merges are recursively propagated to the imported locale |
|
760 expressions. The result is a list of locale names, each with a full |
|
761 list of parameters, where locale names occurring with the same parameter |
|
762 list twice are removed. Let $\N$ denote normalisation. It is defined |
|
763 by these equations: |
|
764 \begin{align*% |
|
765 } |
|
766 \N(l) & = \N(\I(l)) \App [l\:\pi(l)] \text{, for named locale $l$.} \\ |
|
767 \N(e\: q_1 \ldots q_n) & = \N(e)\:[q_1 \ldots q_n/\pi(e)] \\ |
|
768 \N(e_1 + e_2) & = \N(e_1) \App \N(e_2) |
|
769 \end{align*% |
|
770 } |
|
771 Normalisation yields a list of \emph{identifiers}. An identifier |
|
772 consists of a locale name and a (possibly empty) list of parameters. |
|
773 |
|
774 In the second phase, the list of identifiers $\N(e)$ is converted to |
|
775 a list of context elements $\C(e)$ by converting each identifier to |
|
776 a list of context elements, and flattening the obtained list. |
|
777 Conversion of the identifier $l\:q_1 \ldots q_n$ yields the list of |
|
778 context elements $\F(l)$, but with the following modifications: |
|
779 \begin{itemize} |
|
780 \item |
|
781 Rename the parameter in the $i$th \textbf{fixes} element of $\F(l)$ |
|
782 to $q_i$, $i = 1, \ldots, n$. If the parameter name is actually |
|
783 changed then delete the syntax annotation. Renaming a parameter may |
|
784 also change its type. |
|
785 \item |
|
786 Perform the same renamings on all occurrences of parameters (fixed |
|
787 variables) in \textbf{assumes}, \textbf{defines} and \textbf{notes} |
|
788 elements. |
|
789 \item |
|
790 Qualify names of facts by $q_1\_\ldots\_q_n$. |
|
791 \end{itemize} |
|
792 The locale expression is \emph{well-formed} if it contains no |
|
793 illegal renamings and the following conditions on $\C(e)$ hold, |
|
794 otherwise the expression is rejected: |
|
795 \begin{itemize} |
|
796 \item Parameters in \textbf{fixes} are distinct; |
|
797 \item Free variables in \textbf{assumes} and |
|
798 \textbf{defines} occur in preceding \textbf{fixes};% |
|
799 \footnote{This restriction is relaxed for contexts obtained with |
|
800 \textbf{includes}, see Section~\ref{sec-includes}.} |
|
801 \item Parameters defined in \textbf{defines} must neither occur in |
|
802 preceding \textbf{assumes} nor \textbf{defines}. |
|
803 \end{itemize}% |
|
804 \end{isamarkuptext}% |
|
805 \isamarkuptrue% |
|
806 % |
|
807 \isamarkupsubsection{Examples% |
|
808 } |
|
809 \isamarkuptrue% |
|
810 % |
|
811 \begin{isamarkuptext}% |
|
812 \paragraph{Example 2.} |
|
813 We obtain the context fragment $\C(\isa{comm{\isacharunderscore}semi})$ of the |
|
814 locale \isa{comm{\isacharunderscore}semi}. First, the parameters are computed. |
|
815 \begin{align*% |
|
816 } |
|
817 \pi(\isa{semi}) & = [\isa{prod}] \\ |
|
818 \pi(\isa{comm{\isacharunderscore}semi}) & = \pi(\isa{semi}) \App [] |
|
819 = [\isa{prod}] |
|
820 \end{align*% |
|
821 } |
|
822 Next, the normal form of the locale expression |
|
823 \isa{comm{\isacharunderscore}semi} is obtained. |
|
824 \begin{align*% |
|
825 } |
|
826 \N(\isa{semi}) & = [\isa{semi} \isa{prod}] \\ |
|
827 \N(\isa{comm{\isacharunderscore}semi}) & = \N(\isa{semi}) \App |
|
828 [\isa{comm{\isacharunderscore}semi\ prod}] |
|
829 = [\isa{semi\ prod}, \isa{comm{\isacharunderscore}semi\ prod}] |
|
830 \end{align*% |
|
831 } |
|
832 Converting this to a list of context elements leads to the |
|
833 list~(\ref{eq-comm-semi}) shown in |
|
834 Section~\ref{sec-locale-predicates}, but with fact names qualified |
|
835 by \isa{prod} --- for example, \isa{prod{\isachardot}assoc}. |
|
836 Qualification was omitted to keep the presentation simple. |
|
837 Isabelle's scoping rules identify the most recent fact with |
|
838 qualified name $x.a$ when a fact with name $a$ is requested. |
|
839 |
|
840 \paragraph{Example 3.} |
|
841 The locale expression \isa{comm{\isacharunderscore}semi\ sum} involves |
|
842 renaming. Computing parameters yields $\pi(\isa{comm{\isacharunderscore}semi\ sum}) |
|
843 = [\isa{sum}]$, the normal form is |
|
844 \begin{align*% |
|
845 } |
|
846 \N(\isa{comm{\isacharunderscore}semi\ sum}) & = |
|
847 \N(\isa{comm{\isacharunderscore}semi})[\isa{sum}/\isa{prod}] = |
|
848 [\isa{semi\ sum}, \isa{comm{\isacharunderscore}semi\ sum}] |
|
849 \end{align*% |
|
850 } |
|
851 and the list of context elements |
|
852 \[ |
|
853 \begin{array}{ll} |
|
854 \textbf{fixes} & \isa{sum} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} \\ |
|
855 \textbf{assumes} & \isa{{\isachardoublequote}semi\ sum{\isachardoublequote}} \\ |
|
856 \textbf{notes} & \isa{sum{\isachardot}assoc}: \isa{{\isachardoublequote}sum\ {\isacharparenleft}sum\ {\isacharquery}x\ {\isacharquery}y{\isacharparenright}\ {\isacharquery}z\ {\isacharequal}\ sum\ {\isacharquery}x\ {\isacharparenleft}sum\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
857 \textbf{assumes} & \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isacharunderscore}axioms\ sum{\isachardoublequote}} \\ |
|
858 \textbf{notes} & \isa{sum{\isachardot}comm}: \isa{{\isachardoublequote}sum\ {\isacharquery}x\ {\isacharquery}y\ {\isacharequal}\ sum\ {\isacharquery}y\ {\isacharquery}x{\isachardoublequote}} \\ |
|
859 \textbf{notes} & \isa{sum{\isachardot}lcomm}: \isa{{\isachardoublequote}sum\ {\isacharquery}x\ {\isacharparenleft}sum\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ sum\ {\isacharquery}y\ {\isacharparenleft}sum\ {\isacharquery}x\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} |
|
860 \end{array} |
|
861 \] |
|
862 |
|
863 \paragraph{Example 4.} |
|
864 The context defined by the locale \isa{semi{\isacharunderscore}hom} involves |
|
865 merging two copies of \isa{comm{\isacharunderscore}semi}. We obtain the parameter |
|
866 list and normal form: |
|
867 \begin{align*% |
|
868 } |
|
869 \pi(\isa{semi{\isacharunderscore}hom}) & = \pi(\isa{comm{\isacharunderscore}semi\ sum} + |
|
870 \isa{comm{\isacharunderscore}semi}) \App [\isa{hom}] \\ |
|
871 & = (\pi(\isa{comm{\isacharunderscore}semi\ sum}) \App \pi(\isa{comm{\isacharunderscore}semi})) |
|
872 \App [\isa{hom}] \\ |
|
873 & = ([\isa{sum}] \App [\isa{prod}]) \App [\isa{hom}] |
|
874 = [\isa{sum}, \isa{prod}, \isa{hom}] \\ |
|
875 \N(\isa{semi{\isacharunderscore}hom}) & = |
|
876 \N(\isa{comm{\isacharunderscore}semi\ sum} + \isa{comm{\isacharunderscore}semi}) \App \\ |
|
877 & \phantom{==} |
|
878 [\isa{semi{\isacharunderscore}hom\ sum\ prod\ hom}] \\ |
|
879 & = (\N(\isa{comm{\isacharunderscore}semi\ sum}) \App \N(\isa{comm{\isacharunderscore}semi})) \App \\ |
|
880 & \phantom{==} |
|
881 [\isa{semi{\isacharunderscore}hom\ sum\ prod\ hom}] \\ |
|
882 & = ([\isa{semi\ sum}, \isa{comm{\isacharunderscore}semi\ sum}] \App %\\ |
|
883 % & \phantom{==} |
|
884 [\isa{semi\ prod}, \isa{comm{\isacharunderscore}semi\ prod}]) \App \\ |
|
885 & \phantom{==} |
|
886 [\isa{semi{\isacharunderscore}hom\ sum\ prod\ hom}] \\ |
|
887 & = [\isa{semi\ sum}, \isa{comm{\isacharunderscore}semi\ sum}, |
|
888 \isa{semi\ prod}, \isa{comm{\isacharunderscore}semi\ prod}, \\ |
|
889 & \phantom{==} |
|
890 \isa{semi{\isacharunderscore}hom\ sum\ prod\ hom}]. |
|
891 \end{align*% |
|
892 } |
|
893 Hence $\C(\isa{semi{\isacharunderscore}hom})$, shown below, is again well-formed. |
|
894 \[ |
|
895 \begin{array}{ll} |
|
896 \textbf{fixes} & \isa{sum} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} \\ |
|
897 \textbf{assumes} & \isa{{\isachardoublequote}semi\ sum{\isachardoublequote}} \\ |
|
898 \textbf{notes} & \isa{sum{\isachardot}assoc}: \isa{{\isachardoublequote}sum\ {\isacharparenleft}sum\ {\isacharquery}x\ {\isacharquery}y{\isacharparenright}\ {\isacharquery}z\ {\isacharequal}\ sum\ {\isacharquery}x\ {\isacharparenleft}sum\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
899 \textbf{assumes} & \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isacharunderscore}axioms\ sum{\isachardoublequote}} \\ |
|
900 \textbf{notes} & \isa{sum{\isachardot}comm}: \isa{{\isachardoublequote}sum\ {\isacharquery}x\ {\isacharquery}y\ {\isacharequal}\ sum\ {\isacharquery}y\ {\isacharquery}x{\isachardoublequote}} \\ |
|
901 \textbf{notes} & \isa{sum{\isachardot}lcomm}: \isa{{\isachardoublequote}sum\ {\isacharquery}x\ {\isacharparenleft}sum\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ sum\ {\isacharquery}y\ {\isacharparenleft}sum\ {\isacharquery}x\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
902 \textbf{fixes} & \isa{prod} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}b{\isacharcomma}\ {\isacharprime}b{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}b{\isachardoublequote}} |
|
903 ~(\textbf{infixl}~\isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}}~70) \\ |
|
904 \textbf{assumes} & \isa{{\isachardoublequote}semi\ prod{\isachardoublequote}} \\ |
|
905 \textbf{notes} & \isa{prod{\isachardot}assoc}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z\ {\isacharequal}\ {\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
906 \textbf{assumes} & \isa{{\isachardoublequote}comm{\isacharunderscore}semi{\isacharunderscore}axioms\ prod{\isachardoublequote}} \\ |
|
907 \textbf{notes} & \isa{prod{\isachardot}comm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}y\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharquery}x{\isachardoublequote}} \\ |
|
908 \textbf{notes} & \isa{prod{\isachardot}lcomm}: \isa{{\isachardoublequote}{\isacharquery}x\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}y\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ {\isacharquery}y\ {\isasymcdot}\ {\isacharparenleft}{\isacharquery}x\ {\isasymcdot}\ {\isacharquery}z{\isacharparenright}{\isachardoublequote}} \\ |
|
909 \textbf{fixes} & \isa{hom} :: \isa{{\isachardoublequote}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}b{\isachardoublequote}} \\ |
|
910 \textbf{assumes} & \isa{{\isachardoublequote}semi{\isacharunderscore}hom{\isacharunderscore}axioms\ sum{\isachardoublequote}} \\ |
|
911 \textbf{notes} & \isa{sum{\isacharunderscore}prod{\isacharunderscore}hom{\isachardot}hom}: |
|
912 \isa{hom\ {\isacharparenleft}sum\ x\ y{\isacharparenright}\ {\isacharequal}\ hom\ x\ {\isasymcdot}\ hom\ y} |
|
913 \end{array} |
|
914 \] |
|
915 |
|
916 \paragraph{Example 5.} |
|
917 In this example, a locale expression leading to a list of context |
|
918 elements that is not well-defined is encountered, and it is illustrated |
|
919 how normalisation deals with multiple inheritance. |
|
920 Consider the specification of monads (in the algebraic sense) |
|
921 and monoids.% |
|
922 \end{isamarkuptext}% |
|
923 \isamarkuptrue% |
|
924 \isacommand{locale}\ monad\ {\isacharequal}\isanewline |
|
925 \ \ \isakeyword{fixes}\ prod\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymcdot}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\ \isakeyword{and}\ one\ {\isacharcolon}{\isacharcolon}\ {\isacharprime}a\ {\isacharparenleft}{\isachardoublequote}{\isasymone}{\isachardoublequote}\ {\isadigit{1}}{\isadigit{0}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
926 \ \ \isakeyword{assumes}\ l{\isacharunderscore}one{\isacharcolon}\ {\isachardoublequote}{\isasymone}\ {\isasymcdot}\ x\ {\isacharequal}\ x{\isachardoublequote}\ \isakeyword{and}\ r{\isacharunderscore}one{\isacharcolon}\ {\isachardoublequote}x\ {\isasymcdot}\ {\isasymone}\ {\isacharequal}\ x{\isachardoublequote}\isamarkupfalse% |
|
927 % |
|
928 \begin{isamarkuptext}% |
|
929 Monoids are both semigroups and monads and one would want to |
|
930 specify them as locale expression \isa{semi\ {\isacharplus}\ monad}. |
|
931 Unfortunately, this expression is not well-formed. Its normal form |
|
932 \begin{align*% |
|
933 } |
|
934 \N(\isa{monad}) & = [\isa{monad\ prod}] \\ |
|
935 \N(\isa{semi}+\isa{monad}) & = |
|
936 \N(\isa{semi}) \App \N(\isa{monad}) |
|
937 = [\isa{semi\ prod}, \isa{monad\ prod}] |
|
938 \end{align*% |
|
939 } |
|
940 leads to a list containing the context element |
|
941 \[ |
|
942 \textbf{fixes}~\isa{prod} :: \isa{{\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}} |
|
943 ~(\textbf{infixl}~\isa{{\isachardoublequote}{\isasymcdot}{\isachardoublequote}}~70) |
|
944 \] |
|
945 twice and thus violating the first criterion of well-formedness. To |
|
946 avoid this problem, one can |
|
947 introduce a new locale \isa{magma} with the sole purpose of fixing the |
|
948 parameter and defining its syntax. The specifications of semigroup |
|
949 and monad are changed so that they import \isa{magma}.% |
|
950 \end{isamarkuptext}% |
|
951 \isamarkuptrue% |
|
952 \isacommand{locale}\ magma\ {\isacharequal}\ \isakeyword{fixes}\ prod\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymcdot}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
953 \isanewline |
|
954 \isamarkupfalse% |
|
955 \isacommand{locale}\ semi{\isacharprime}\ {\isacharequal}\ magma\ {\isacharplus}\ \isakeyword{assumes}\ assoc{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymcdot}\ y{\isacharparenright}\ {\isasymcdot}\ z\ {\isacharequal}\ x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\isanewline |
|
956 \isamarkupfalse% |
|
957 \isacommand{locale}\ monad{\isacharprime}\ {\isacharequal}\ magma\ {\isacharplus}\ \isakeyword{fixes}\ one\ {\isacharparenleft}{\isachardoublequote}{\isasymone}{\isachardoublequote}\ {\isadigit{1}}{\isadigit{0}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
958 \ \ \isakeyword{assumes}\ l{\isacharunderscore}one{\isacharcolon}\ {\isachardoublequote}{\isasymone}\ {\isasymcdot}\ x\ {\isacharequal}\ x{\isachardoublequote}\ \isakeyword{and}\ r{\isacharunderscore}one{\isacharcolon}\ {\isachardoublequote}x\ {\isasymcdot}\ {\isasymone}\ {\isacharequal}\ x{\isachardoublequote}\isamarkupfalse% |
|
959 % |
|
960 \begin{isamarkuptext}% |
|
961 Normalisation now yields |
|
962 \begin{align*% |
|
963 } |
|
964 \N(\isa{semi{\isacharprime}\ {\isacharplus}\ monad{\isacharprime}}) & = |
|
965 \N(\isa{semi{\isacharprime}}) \App \N(\isa{monad{\isacharprime}}) \\ |
|
966 & = (\N(\isa{magma}) \App [\isa{semi{\isacharprime}\ prod}]) \App |
|
967 (\N(\isa{magma}) \App [\isa{monad{\isacharprime}\ prod}]) \\ |
|
968 & = [\isa{magma\ prod}, \isa{semi{\isacharprime}\ prod}] \App |
|
969 [\isa{magma\ prod}, \isa{monad{\isacharprime}\ prod}]) \\ |
|
970 & = [\isa{magma\ prod}, \isa{semi{\isacharprime}\ prod}, |
|
971 \isa{monad{\isacharprime}\ prod}] |
|
972 \end{align*% |
|
973 } |
|
974 where the second occurrence of \isa{magma\ prod} is eliminated. |
|
975 The reader is encouraged to check, using the \textbf{print\_locale} |
|
976 command, that the list of context elements generated from this is |
|
977 indeed well-formed. |
|
978 |
|
979 It follows that importing |
|
980 parameters is more flexible than fixing them using a context element. |
|
981 The Locale package provides the predefined locale \isa{var} that |
|
982 can be used to import parameters if no |
|
983 particular mixfix syntax is required. |
|
984 Its definition is |
|
985 \begin{center} |
|
986 \textbf{locale} \textit{var} = \textbf{fixes} \isa{x{\isacharunderscore}} |
|
987 \end{center} |
|
988 The use of the internal variable \isa{x{\isacharunderscore}} |
|
989 enforces that the parameter is renamed before being used, because |
|
990 internal variables may not occur in the input syntax.% |
|
991 \end{isamarkuptext}% |
|
992 \isamarkuptrue% |
|
993 % |
|
994 \isamarkupsubsection{Includes% |
|
995 } |
|
996 \isamarkuptrue% |
|
997 % |
|
998 \begin{isamarkuptext}% |
|
999 \label{sec-includes} |
|
1000 The context element \textbf{includes} takes a locale expression $e$ |
|
1001 as argument. It can occur at any point in a locale declaration, and |
|
1002 it adds $\C(e)$ to the current context. |
|
1003 |
|
1004 If \textbf{includes} $e$ appears as context element in the |
|
1005 declaration of a named locale $l$, the included context is only |
|
1006 visible in subsequent context elements, but it is not propagated to |
|
1007 $l$. That is, if $l$ is later used as a target, context elements |
|
1008 from $\C(e)$ are not added to the context. Although it is |
|
1009 conceivable that this mechanism could be used to add only selected |
|
1010 facts from $e$ to $l$ (with \textbf{notes} elements following |
|
1011 \textbf{includes} $e$), currently no useful applications of this are |
|
1012 known. |
|
1013 |
|
1014 The more common use of \textbf{includes} $e$ is in long goals, where it |
|
1015 adds, like a target, locale context to the proof context. Unlike |
|
1016 with targets, the proved theorem is not stored |
|
1017 in the locale. Instead, it is exported immediately.% |
|
1018 \end{isamarkuptext}% |
|
1019 \isamarkuptrue% |
|
1020 \isacommand{theorem}\ lcomm{\isadigit{2}}{\isacharcolon}\isanewline |
|
1021 \ \ \isakeyword{includes}\ comm{\isacharunderscore}semi\ \isakeyword{shows}\ {\isachardoublequote}x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}\ {\isacharequal}\ y\ {\isasymcdot}\ {\isacharparenleft}x\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\isanewline |
|
1022 \isamarkupfalse% |
|
1023 \isacommand{proof}\ {\isacharminus}\isanewline |
|
1024 \ \ \isamarkupfalse% |
|
1025 \isacommand{have}\ {\isachardoublequote}x\ {\isasymcdot}\ {\isacharparenleft}y\ {\isasymcdot}\ z{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isasymcdot}\ y{\isacharparenright}\ {\isasymcdot}\ z{\isachardoublequote}\ \isamarkupfalse% |
|
1026 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ assoc{\isacharparenright}\isanewline |
|
1027 \ \ \isamarkupfalse% |
|
1028 \isacommand{also}\ \isamarkupfalse% |
|
1029 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ {\isacharparenleft}y\ {\isasymcdot}\ x{\isacharparenright}\ {\isasymcdot}\ z{\isachardoublequote}\ \isamarkupfalse% |
|
1030 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ comm{\isacharparenright}\isanewline |
|
1031 \ \ \isamarkupfalse% |
|
1032 \isacommand{also}\ \isamarkupfalse% |
|
1033 \isacommand{have}\ {\isachardoublequote}{\isasymdots}\ {\isacharequal}\ y\ {\isasymcdot}\ {\isacharparenleft}x\ {\isasymcdot}\ z{\isacharparenright}{\isachardoublequote}\ \isamarkupfalse% |
|
1034 \isacommand{by}\ {\isacharparenleft}simp\ add{\isacharcolon}\ assoc{\isacharparenright}\isanewline |
|
1035 \ \ \isamarkupfalse% |
|
1036 \isacommand{finally}\ \isamarkupfalse% |
|
1037 \isacommand{show}\ {\isacharquery}thesis\ \isamarkupfalse% |
|
1038 \isacommand{{\isachardot}}\isanewline |
|
1039 \isamarkupfalse% |
|
1040 \isacommand{qed}\isamarkupfalse% |
|
1041 % |
|
1042 \begin{isamarkuptext}% |
|
1043 This proof is identical to the proof of \isa{lcomm}. The use of |
|
1044 \textbf{includes} provides the same context and facts as when using |
|
1045 \isa{comm{\isacharunderscore}semi} as target. On the other hand, \isa{lcomm{\isadigit{2}}} is not added as a fact to the locale \isa{comm{\isacharunderscore}semi}, but |
|
1046 is directly visible in the theory. The theorem is |
|
1047 \[ |
|
1048 \isa{comm{\isacharunderscore}semi\ {\isacharquery}prod\ {\isasymLongrightarrow}\ {\isacharquery}prod\ {\isacharquery}x\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}y\ {\isacharquery}z{\isacharparenright}\ {\isacharequal}\ {\isacharquery}prod\ {\isacharquery}y\ {\isacharparenleft}{\isacharquery}prod\ {\isacharquery}x\ {\isacharquery}z{\isacharparenright}}. |
|
1049 \] |
|
1050 Note that it is possible to |
|
1051 combine a target and (several) \textbf{includes} in a goal statement, thus |
|
1052 using contexts of several locales but storing the theorem in only |
|
1053 one of them.% |
|
1054 \end{isamarkuptext}% |
|
1055 \isamarkuptrue% |
|
1056 % |
|
1057 \isamarkupsection{Structures% |
|
1058 } |
|
1059 \isamarkuptrue% |
|
1060 % |
|
1061 \begin{isamarkuptext}% |
|
1062 \label{sec-structures} |
|
1063 The specifications of semigroups and monoids that served as examples |
|
1064 in previous sections modelled each operation of an algebraic |
|
1065 structure as a single parameter. This is rather inconvenient for |
|
1066 structures with many operations, and also unnatural. In accordance |
|
1067 to mathematical texts, one would rather fix two groups instead of |
|
1068 two sets of operations. |
|
1069 |
|
1070 The approach taken in Isabelle is to encode algebraic structures |
|
1071 with suitable types (in Isabelle/HOL usually records). An issue to |
|
1072 be addressed by |
|
1073 locales is syntax for algebraic structures. This is the purpose of |
|
1074 the \textbf{(structure)} annotation in \textbf{fixes}, introduced by |
|
1075 Wenzel. We illustrate this, independently of record types, with a |
|
1076 different formalisation of semigroups. |
|
1077 |
|
1078 Let \isa{{\isacharprime}a\ semi{\isacharunderscore}type} be a not further specified type that |
|
1079 represents semigroups over the carrier type \isa{{\isacharprime}a}. Let \isa{s{\isacharunderscore}op} be an operation that maps an object of \isa{{\isacharprime}a\ semi{\isacharunderscore}type} to |
|
1080 a binary operation.% |
|
1081 \end{isamarkuptext}% |
|
1082 \isamarkuptrue% |
|
1083 \isacommand{typedecl}\ {\isacharprime}a\ semi{\isacharunderscore}type\isanewline |
|
1084 \isamarkupfalse% |
|
1085 \isacommand{consts}\ s{\isacharunderscore}op\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharbrackleft}{\isacharprime}a\ semi{\isacharunderscore}type{\isacharcomma}\ {\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymstar}{\isasymindex}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isamarkupfalse% |
|
1086 % |
|
1087 \begin{isamarkuptext}% |
|
1088 Although \isa{s{\isacharunderscore}op} is a ternary operation, it is declared |
|
1089 infix. The syntax annotation contains the token \isa{{\isasymindex}} |
|
1090 (\verb.\<index>.), which refers to the first argument. This syntax is only |
|
1091 effective in the context of a locale, and only if the first argument |
|
1092 is a |
|
1093 \emph{structural} parameter --- that is, a parameter with annotation |
|
1094 \textbf{(structure)}. The token has the effect of replacing the |
|
1095 parameter with a subscripted number, the index of the structural |
|
1096 parameter in the locale. This replacement takes place both for |
|
1097 printing and |
|
1098 parsing. Subscripted $1$ for the first structural |
|
1099 parameter may be omitted, as in this specification of semigroups with |
|
1100 structures:% |
|
1101 \end{isamarkuptext}% |
|
1102 \isamarkuptrue% |
|
1103 \isacommand{locale}\ comm{\isacharunderscore}semi{\isacharprime}\ {\isacharequal}\isanewline |
|
1104 \ \ \isakeyword{fixes}\ G\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a\ semi{\isacharunderscore}type{\isachardoublequote}\ {\isacharparenleft}\isakeyword{structure}{\isacharparenright}\isanewline |
|
1105 \ \ \isakeyword{assumes}\ assoc{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymstar}\ y{\isacharparenright}\ {\isasymstar}\ z\ {\isacharequal}\ x\ {\isasymstar}\ {\isacharparenleft}y\ {\isasymstar}\ z{\isacharparenright}{\isachardoublequote}\ \isakeyword{and}\ comm{\isacharcolon}\ {\isachardoublequote}x\ {\isasymstar}\ y\ {\isacharequal}\ y\ {\isasymstar}\ x{\isachardoublequote}\isamarkupfalse% |
|
1106 % |
|
1107 \begin{isamarkuptext}% |
|
1108 Here \isa{x\ {\isasymstar}\ y} is equivalent to \isa{x\ {\isasymstar}\isactrlsub {\isadigit{1}}\ y} and |
|
1109 abbreviates \isa{s{\isacharunderscore}op\ G\ x\ y}. A specification of homomorphisms |
|
1110 requires a second structural parameter.% |
|
1111 \end{isamarkuptext}% |
|
1112 \isamarkuptrue% |
|
1113 \isacommand{locale}\ semi{\isacharprime}{\isacharunderscore}hom\ {\isacharequal}\ comm{\isacharunderscore}semi{\isacharprime}\ {\isacharplus}\ comm{\isacharunderscore}semi{\isacharprime}\ H\ {\isacharplus}\isanewline |
|
1114 \ \ \isakeyword{fixes}\ hom\isanewline |
|
1115 \ \ \isakeyword{assumes}\ hom{\isacharcolon}\ {\isachardoublequote}hom\ {\isacharparenleft}x\ {\isasymstar}\ y{\isacharparenright}\ {\isacharequal}\ hom\ x\ {\isasymstar}\isactrlsub {\isadigit{2}}\ hom\ y{\isachardoublequote}\isamarkupfalse% |
|
1116 % |
|
1117 \begin{isamarkuptext}% |
|
1118 The parameter \isa{H} is defined in the second \textbf{fixes} |
|
1119 element of $\C(\isa{semi{\isacharprime}{\isacharunderscore}comm})$. Hence \isa{{\isasymstar}\isactrlsub {\isadigit{2}}} |
|
1120 abbreviates \isa{s{\isacharunderscore}op\ H\ x\ y}. The same construction can be done |
|
1121 with records instead of an \textit{ad-hoc} type. In general, the |
|
1122 $i$th structural parameter is addressed by index $i$. Only the |
|
1123 index $1$ may be omitted.% |
|
1124 \end{isamarkuptext}% |
|
1125 \isamarkuptrue% |
|
1126 \isacommand{record}\ {\isacharprime}a\ semi\ {\isacharequal}\ prod\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharbrackleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}a{\isacharbrackright}\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}\isakeyword{infixl}\ {\isachardoublequote}{\isasymbullet}{\isasymindex}{\isachardoublequote}\ {\isadigit{7}}{\isadigit{0}}{\isacharparenright}\isamarkupfalse% |
|
1127 % |
|
1128 \begin{isamarkuptext}% |
|
1129 This declares the types \isa{{\isacharprime}a\ semi} and \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ semi{\isacharunderscore}scheme}. The latter is an extensible record, where the second |
|
1130 type argument is the type of the extension field. For details on |
|
1131 records, see \cite{NipkowEtAl2002} Chapter~8.3.% |
|
1132 \end{isamarkuptext}% |
|
1133 \isamarkuptrue% |
|
1134 \isacommand{locale}\ semi{\isacharunderscore}w{\isacharunderscore}records\ {\isacharequal}\ struct\ G\ {\isacharplus}\isanewline |
|
1135 \ \ \isakeyword{assumes}\ assoc{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymbullet}\ y{\isacharparenright}\ {\isasymbullet}\ z\ {\isacharequal}\ x\ {\isasymbullet}\ {\isacharparenleft}y\ {\isasymbullet}\ z{\isacharparenright}{\isachardoublequote}\isamarkupfalse% |
|
1136 % |
|
1137 \begin{isamarkuptext}% |
|
1138 The type \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isacharprime}b{\isacharparenright}\ semi{\isacharunderscore}scheme} is inferred for the parameter \isa{G}. Using subtyping on records, the specification can be extended |
|
1139 to groups easily.% |
|
1140 \end{isamarkuptext}% |
|
1141 \isamarkuptrue% |
|
1142 \isacommand{record}\ {\isacharprime}a\ group\ {\isacharequal}\ {\isachardoublequote}{\isacharprime}a\ semi{\isachardoublequote}\ {\isacharplus}\isanewline |
|
1143 \ \ one\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}{\isachardoublequote}l{\isasymindex}{\isachardoublequote}\ {\isadigit{1}}{\isadigit{0}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
1144 \ \ inv\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a{\isachardoublequote}\ {\isacharparenleft}{\isachardoublequote}inv{\isasymindex}\ {\isacharunderscore}{\isachardoublequote}\ {\isacharbrackleft}{\isadigit{8}}{\isadigit{1}}{\isacharbrackright}\ {\isadigit{8}}{\isadigit{0}}{\isacharparenright}\isanewline |
|
1145 \isamarkupfalse% |
|
1146 \isacommand{locale}\ group{\isacharunderscore}w{\isacharunderscore}records\ {\isacharequal}\ semi{\isacharunderscore}w{\isacharunderscore}records\ {\isacharplus}\isanewline |
|
1147 \ \ \isakeyword{assumes}\ l{\isacharunderscore}one{\isacharcolon}\ {\isachardoublequote}l\ {\isasymbullet}\ x\ {\isacharequal}\ x{\isachardoublequote}\ \isakeyword{and}\ l{\isacharunderscore}inv{\isacharcolon}\ {\isachardoublequote}inv\ x\ {\isasymbullet}\ x\ {\isacharequal}\ l{\isachardoublequote}\isamarkupfalse% |
|
1148 % |
|
1149 \begin{isamarkuptext}% |
|
1150 Finally, the predefined locale |
|
1151 \begin{center} |
|
1152 \textbf{locale} \textit{struct} = \textbf{fixes} \isa{S{\isacharunderscore}} |
|
1153 \textbf{(structure)}. |
|
1154 \end{center} |
|
1155 is analogous to \isa{var}. |
|
1156 More examples on the use of structures, including groups, rings and |
|
1157 polynomials can be found in the Isabelle distribution in the |
|
1158 session HOL-Algebra.% |
|
1159 \end{isamarkuptext}% |
|
1160 \isamarkuptrue% |
|
1161 % |
|
1162 \isamarkupsection{Conclusions and Outlook% |
|
1163 } |
|
1164 \isamarkuptrue% |
|
1165 % |
|
1166 \begin{isamarkuptext}% |
|
1167 Locales provide a simple means of modular reasoning. They allow to |
|
1168 abbreviate frequently occurring context statements and maintain facts |
|
1169 valid in these contexts. Importantly, using structures, they allow syntax to be |
|
1170 effective only in certain contexts, and thus to mimic common |
|
1171 practice in mathematics, where notation is chosen very flexibly. |
|
1172 This is also known as literate formalisation \cite{Bailey1998}. |
|
1173 Locale expressions allow to duplicate and merge |
|
1174 specifications. This is a necessity, for example, when reasoning about |
|
1175 homomorphisms. Normalisation makes it possible to deal with |
|
1176 diamond-shaped inheritance structures, and generally with directed |
|
1177 acyclic graphs. The combination of locales with record |
|
1178 types in higher-order logic provides an effective means for |
|
1179 specifying algebraic structures: locale import and record subtyping |
|
1180 provide independent hierarchies for specifications and structure |
|
1181 elements. Rich examples for this can be found in |
|
1182 the Isabelle distribution in the session HOL-Algebra. |
|
1183 |
|
1184 The primary reason for writing this report was to provide a better |
|
1185 understanding of locales in Isar. Wenzel provided hardly any |
|
1186 documentation, with the exception of \cite{Wenzel2002b}. The |
|
1187 present report should make it easier for users of Isabelle to take |
|
1188 advantage of locales. |
|
1189 |
|
1190 The report is also a base for future extensions. These include |
|
1191 improved syntax for structures. Identifying them by numbers seems |
|
1192 unnatural and can be confusing if more than two structures are |
|
1193 involved --- for example, when reasoning about universal |
|
1194 properties --- and numbering them by order of occurrence seems |
|
1195 arbitrary. Another desirable feature is \emph{instantiation}. One |
|
1196 may, in the course of a theory development, construct objects that |
|
1197 fulfil the specification of a locale. These objects are possibly |
|
1198 defined in the context of another locale. Instantiation should make it |
|
1199 simple to specialise abstract facts for the object under |
|
1200 consideration and to use the specified facts. |
|
1201 |
|
1202 A detailed comparison of locales with module systems in type theory |
|
1203 has not been undertaken yet, but could be beneficial. For example, |
|
1204 a module system for Coq has recently been presented by Chrzaszcz |
|
1205 \cite{Chrzaszcz2003}. While the |
|
1206 latter usually constitute extensions of the calculus, locales are |
|
1207 a rather thin layer that does not change Isabelle's meta logic. |
|
1208 Locales mainly manage specifications and facts. Functors, like |
|
1209 the constructor for polynomial rings, remain objects of the |
|
1210 logic. |
|
1211 |
|
1212 \textbf{Acknowledgements.} Lawrence C.\ Paulson and Norbert |
|
1213 Schirmer made useful comments on a draft of this paper.% |
|
1214 \end{isamarkuptext}% |
|
1215 \isamarkuptrue% |
|
1216 \isamarkupfalse% |
|
1217 \end{isabellebody}% |
|
1218 %%% Local Variables: |
|
1219 %%% mode: latex |
|
1220 %%% TeX-master: "root" |
|
1221 %%% End: |