Proof Pearl: A New Foundation for Nominal Isabelle ❇r✐❛♥ ❍✉❢ ❢♠❛♥ ❛♥❞ ❈❤r✐st✐❛♥ ❯r❜❛♥ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✶✴✶✹
✳ ✳ ✳ ♠❛✐♥❧② ✉s❡❞ t♦ ✂♥❞ ❡rr♦rs ✐♥ ♠② ♦✇♥ ✭♣✉❜❧✐s❤❡❞✮ ♣❛♣❡r ♣r♦♦❢s ❛♥❞ ✐♥ t❤♦s❡ ♦❢ ♦t❤❡rs ❀♦✮ Nominal Isabelle ✳ ✳ ✳ ✐s ❛ ❞❡✂♥✐t✐♦♥❛❧ ❡①t❡♥s✐♦♥ ♦❢ ■s❛❜❡❧❧❡✴❍❖▲ ✭❧❡t✲♣♦❧②♠♦r♣❤✐s♠ ❛♥❞ t②♣❡ ❝❧❛ss❡s✮ ✳ ✳ ✳ ♣r♦✈✐❞❡s ❛ ❝♦♥✈❡♥✐❡♥t r❡❛s♦♥✐♥❣ ✐♥❢r❛str✉❝t✉r❡ ❢♦r t❡r♠s ✐♥✈♦❧✈✐♥❣ ❜✐♥❞❡rs ✭❡✳❣✳ ❧❛♠❜❞❛ ❝❛❧❝✉❧✉s✱ ✈❛r✐❛❜❧❡ ❝♦♥✈❡♥t✐♦♥✮ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✷✴✶✹
Nominal Isabelle ✳ ✳ ✳ ✐s ❛ ❞❡✂♥✐t✐♦♥❛❧ ❡①t❡♥s✐♦♥ ♦❢ ■s❛❜❡❧❧❡✴❍❖▲ ✭❧❡t✲♣♦❧②♠♦r♣❤✐s♠ ❛♥❞ t②♣❡ ❝❧❛ss❡s✮ ✳ ✳ ✳ ♣r♦✈✐❞❡s ❛ ❝♦♥✈❡♥✐❡♥t r❡❛s♦♥✐♥❣ ✐♥❢r❛str✉❝t✉r❡ ❢♦r t❡r♠s ✐♥✈♦❧✈✐♥❣ ❜✐♥❞❡rs ✭❡✳❣✳ ❧❛♠❜❞❛ ❝❛❧❝✉❧✉s✱ ✈❛r✐❛❜❧❡ ❝♦♥✈❡♥t✐♦♥✮ ✳ ✳ ✳ ♠❛✐♥❧② ✉s❡❞ t♦ ✂♥❞ ❡rr♦rs ✐♥ ♠② ♦✇♥ ✭♣✉❜❧✐s❤❡❞✮ ♣❛♣❡r ♣r♦♦❢s ❛♥❞ ✐♥ t❤♦s❡ ♦❢ ♦t❤❡rs ❀♦✮ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✷✴✶✹
✐♥✈❴♦❢❴ Nominal Theory ✳ ✳ ✳ ❜② P✐tts❀ ❛t ✐ts ❝♦r❡ ❛r❡✿ s♦rt❡❞ ❛t♦♠s ❛♥❞ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✸✴✶✹
✐♥✈❴♦❢❴ Nominal Theory ✳ ✳ ✳ ❜② P✐tts❀ ❛t ✐ts ❝♦r❡ ❛r❡✿ s♦rt❡❞ ❛t♦♠s ❛♥❞ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s π · x ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✸✴✶✹
Nominal Theory ✳ ✳ ✳ ❜② P✐tts❀ ❛t ✐ts ❝♦r❡ ❛r❡✿ s♦rt❡❞ ❛t♦♠s ❛♥❞ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s ✐♥✈❴♦❢❴ π · ( π · x ) = x ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✸✴✶✹
✐❢ ❬❪ ✐❢ ♦t❤❡r✇✐s❡ The “Old Way” s♦rt❡❞ ❛t♦♠s �→ s❡♣❛r❛t❡ t②♣❡s ✭➇❝♦♣✐❡s➈ ♦❢ ♥❛t✮ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s �→ ❧✐sts ♦❢ ♣❛✐rs ♦❢ ❛t♦♠s ✭❧✐st s✇❛♣♣✐♥❣s✮ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✹✴✶✹
The “Old Way” s♦rt❡❞ ❛t♦♠s �→ s❡♣❛r❛t❡ t②♣❡s ✭➇❝♦♣✐❡s➈ ♦❢ ♥❛t✮ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s �→ ❧✐sts ♦❢ ♣❛✐rs ♦❢ ❛t♦♠s ✭❧✐st s✇❛♣♣✐♥❣s✮ ✐❢ π · c = a b ( a b ):: π · c = ❬❪ · c = c ✐❢ π · c = b a π · c ♦t❤❡r✇✐s❡ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✹✴✶✹
The “Old Way” s♦rt❡❞ ❛t♦♠s �→ s❡♣❛r❛t❡ t②♣❡s ✭➇❝♦♣✐❡s➈ ♦❢ ♥❛t✮ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s �→ ❧✐sts ♦❢ ♣❛✐rs ♦❢ ❛t♦♠s ✭❧✐st s✇❛♣♣✐♥❣s✮ ✐❢ π · c = a b ( a b ):: π · c = ❬❪ · c = c ✐❢ π · c = b a π · c ♦t❤❡r✇✐s❡ ❚❤❡ ❜✐❣ ❜❡♥❡✂t✿ t❤❡ t②♣❡ s②st❡♠ t❛❦❡s ❝❛r❡ ♦❢ t❤❡ s♦rt✲r❡s♣❡❝t✐♥❣ r❡q✉✐r❡♠❡♥t✳ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✹✴✶✹
The “Old Way” s♦rt❡❞ ❛t♦♠s �→ s❡♣❛r❛t❡ t②♣❡s ✭➇❝♦♣✐❡s➈ ♦❢ ♥❛t✮ s♦rt✲r❡s♣❡❝t✐♥❣ ♣❡r♠✉t❛t✐♦♥s �→ ❧✐sts ♦❢ ♣❛✐rs ♦❢ ❛t♦♠s ✭❧✐st s✇❛♣♣✐♥❣s✮ ✐❢ π · c = a b ( a b ):: π · c = ❬❪ · c = c ✐❢ π · c = b a π · c ♦t❤❡r✇✐s❡ ❆ s♠❛❧❧ ❜❡♥❡✂t✿ ♣❡r♠✉t❛t✐♦♥ ❝♦♠♣♦s✐t✐♦♥ ✐s ❧✐st ❛♣♣❡♥❞ ❛♥❞ ♣❡r♠✉t❛t✐♦♥ ✐♥✈❡rs✐♦♥ ✐s ❧✐st r❡✈❡rs❛❧✳ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✹✴✶✹
❝❛♥ ♦♥❧② ❤❛✈❡ ♦♥❡ t②♣❡ ♣❛r❛♠❡t❡r ❬❪ ✐❢ t❤❡♥ ✐❢ ✱ ❤❛✈❡ ❞✐❢ ❢✳ t②♣❡✱ t❤❡♥ Problems ❴ · ❴ ✿✿ α ♣❡r♠ ⇒ β ⇒ β s✉♣♣ ❴ ✿✿ β ⇒ α s❡t ✂♥✐t❡ ( s✉♣♣ x ) α 1 s❡t ✳ ✳ ✳ ✂♥✐t❡ ( s✉♣♣ x ) α n s❡t ∀ π α 1 . . . π α n . P t②♣❡✲❝❧❛ss❡s ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✺✴✶✹
❝❛♥ ♦♥❧② ❤❛✈❡ ♦♥❡ t②♣❡ ♣❛r❛♠❡t❡r Problems ❴ · ❴ ✿✿ α ♣❡r♠ ⇒ β ⇒ β s✉♣♣ ❴ ✿✿ β ⇒ α s❡t ✂♥✐t❡ ( s✉♣♣ x ) α 1 s❡t ✳ ✳ ✳ ✂♥✐t❡ ( s✉♣♣ x ) α n s❡t ∀ π α 1 . . . π α n . P t②♣❡✲❝❧❛ss❡s ❬❪ · x = x ( π 1 @ π 2 ) · x = π 1 · ( π 2 · x ) ✐❢ π 1 ∼ π 2 t❤❡♥ π 1 · x = π 2 · x ❢✳ t②♣❡✱ t❤❡♥ π 1 · ( π 2 · x ) = π 2 · ( π 1 · x ) ✐❢ π 1 ✱ π 2 ❤❛✈❡ ❞✐❢ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✺✴✶✹
Problems ❴ · ❴ ✿✿ α ♣❡r♠ ⇒ β ⇒ β s✉♣♣ ❴ ✿✿ β ⇒ α s❡t ✂♥✐t❡ ( s✉♣♣ x ) α 1 s❡t ✳ ✳ ✳ ✂♥✐t❡ ( s✉♣♣ x ) α n s❡t ∀ π α 1 . . . π α n . P t②♣❡✲❝❧❛ss❡s ❝❛♥ ♦♥❧② ❤❛✈❡ ♦♥❡ t②♣❡ ♣❛r❛♠❡t❡r ❬❪ · x = x ( π 1 @ π 2 ) · x = π 1 · ( π 2 · x ) ✐❢ π 1 ∼ π 2 t❤❡♥ π 1 · x = π 2 · x ❢✳ t②♣❡✱ t❤❡♥ π 1 · ( π 2 · x ) = π 2 · ( π 1 · x ) ✐❢ π 1 ✱ π 2 ❤❛✈❡ ❞✐❢ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✺✴✶✹
❝❛♥ ♦♥❧② ❤❛✈❡ ♦♥❡ t②♣❡ ♣❛r❛♠❡t❡r Problems ❴ · ❴ ✿✿ α ♣❡r♠ ⇒ β ⇒ β s✉♣♣ ❴ ✿✿ β ⇒ α s❡t ✂♥✐t❡ ( s✉♣♣ x ) α 1 s❡t ✳ ✳ ✳ ✂♥✐t❡ ( s✉♣♣ x ) α n s❡t ∀ π α 1 . . . π α n . P ❧♦ts ♦❢ ▼▲✲❝♦❞❡ ♥♦t ♣r❡tt② t②♣❡✲❝❧❛ss❡s ♥♦t ❛ ♣r♦♦❢ ♣❡❛r❧ ✿♦✭ ❬❪ · x = x ( π 1 @ π 2 ) · x = π 1 · ( π 2 · x ) ✐❢ π 1 ∼ π 2 t❤❡♥ π 1 · x = π 2 · x ❢✳ t②♣❡✱ t❤❡♥ π 1 · ( π 2 · x ) = π 2 · ( π 1 · x ) ✐❢ π 1 ✱ π 2 ❤❛✈❡ ❞✐❢ ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✺✴✶✹
♣❡r♠✉t❛t✐♦♥s ❛r❡ ✭r❡str✐❝t❡❞✮ ❜✐❥❡❝t✐✈❡ ❢✉♥❝t✐♦♥s ❢r♦♠ ❛t♦♠ ❛t♦♠ s♦rt✲r❡s♣❡❝t✐♥❣ ✭ s♦rt s♦rt ✮ ✂♥✐t❡ ❞♦♠❛✐♥ ✭✂♥✐t❡ ✮ ❲❤❛t ❛❜♦✉t s✇❛♣♣✐♥❣s ❄ ❞❡❢ ✐❢ s♦rt s♦rt t❤❡♥ ✐❢ t❤❡♥ ❡❧s❡ ✐❢ t❤❡♥ ❡❧s❡ ❡❧s❡ A Better Way ❞❛t❛t②♣❡ ❛t♦♠ ❂ ❆t♦♠ str✐♥❣ ♥❛t ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✻✴✶✹
❲❤❛t ❛❜♦✉t s✇❛♣♣✐♥❣s ❄ ❞❡❢ ✐❢ s♦rt s♦rt t❤❡♥ ✐❢ t❤❡♥ ❡❧s❡ ✐❢ t❤❡♥ ❡❧s❡ ❡❧s❡ A Better Way ❞❛t❛t②♣❡ ❛t♦♠ ❂ ❆t♦♠ str✐♥❣ ♥❛t ♣❡r♠✉t❛t✐♦♥s ❛r❡ ✭r❡str✐❝t❡❞✮ ❜✐❥❡❝t✐✈❡ ❢✉♥❝t✐♦♥s ❢r♦♠ ❛t♦♠ ⇒ ❛t♦♠ s♦rt✲r❡s♣❡❝t✐♥❣ ✭ ∀ a. s♦rt ( πa ) = s♦rt ( a ) ✮ ✂♥✐t❡ ❞♦♠❛✐♥ ✭✂♥✐t❡ { a. πa � = a } ✮ ❴ · ❴ ✿✿ ♣❡r♠ ⇒ β ⇒ β ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✻✴✶✹
A Better Way ❞❛t❛t②♣❡ ❛t♦♠ ❂ ❆t♦♠ str✐♥❣ ♥❛t ♣❡r♠✉t❛t✐♦♥s ❛r❡ ✭r❡str✐❝t❡❞✮ ❜✐❥❡❝t✐✈❡ ❢✉♥❝t✐♦♥s ❢r♦♠ ❛t♦♠ ⇒ ❛t♦♠ s♦rt✲r❡s♣❡❝t✐♥❣ ✭ ∀ a. s♦rt ( πa ) = s♦rt ( a ) ✮ ✂♥✐t❡ ❞♦♠❛✐♥ ✭✂♥✐t❡ { a. πa � = a } ✮ ❲❤❛t ❛❜♦✉t s✇❛♣♣✐♥❣s ❄ ❞❡❢ ( a b ) = ✐❢ s♦rt ( a ) = s♦rt ( b ) t❤❡♥ λc. ✐❢ a = c t❤❡♥ b ❡❧s❡ ✐❢ b = c t❤❡♥ a ❡❧s❡ c ❡❧s❡ ? ❊❞✐♥❜✉r❣❤✱ ✶✶✳ ❏✉❧② ✷✵✶✵ ➊ ♣✳ ✻✴✶✹
Recommend
More recommend
