the nominal datatype package in isabelle hol
play

The Nominal Datatype Package in Isabelle/HOL Christian Urban - PowerPoint PPT Presentation

Sep 09, 2023 •315 likes •554 views

The Nominal Datatype Package in Isabelle/HOL Christian Urban University of Munich joint work with Stefan Berghofer, Markus Wenzel, Alexander Krauss. . . Not tingham, 18. April 2006 p.1 (1/1) The POPLmark-Challenge How close are we

  1. The Nominal Datatype Package in Isabelle/HOL Christian Urban University of Munich joint work with Stefan Berghofer, Markus Wenzel, Alexander Krauss. . . Not tingham, 18. April 2006 – p.1 (1/1)

  2. The POPLmark-Challenge “How close are we to a world where program- ming language papers are routinely supported by machine-checked metatheory proofs, where full-scale language definitions are expressed in machine-processed mathematics. . . ?” Obviously we aren’t there yet: for binders reasonable powerful tools are available: de-Bruijn indices (in Coq, Isabelle,. . . ) or HOAS (mainly in Twelf) but apart from some theorem-proving experts, nobody seems to use them; non-experts are still routinely do their proofs on paper, only Not tingham, 18. April 2006 – p.2 (1/2)

  3. The POPLmark-Challenge “How close are we to a world where program- The aim of the nominal datatype ming language papers are routinely supported package is to support the kind of by machine-checked metatheory proofs, where reasoning that is employed on paper. full-scale language definitions are expressed in The hope is: if you can do formal machine-processed mathematics. . . ?” proofs on paper, then you can Obviously we aren’t there yet: implement them in Isabelle/HOL with ease. for binders reasonable powerful tools are available: de-Bruijn indices (in Coq, Isabelle,. . . ) or That is not a trivial task. HOAS (mainly in Twelf) but apart from some theorem-proving experts, nobody seems to use them; non-experts are still routinely do their proofs on paper, only Not tingham, 18. April 2006 – p.2 (2/2)

  4. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . This is a simple example illustrating M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume a point. We have already z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies implemented much more complicated ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � proofs, e.g. Church-Rosser, SN, �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 transitivity of subtyping in � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 POPLmark, etc. � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (1/8)

  5. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (2/8)

  6. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (3/8)

  7. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (4/8)

  8. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (5/8)

  9. x 6� y and x 62 F V ( L ) , then M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . M . Substitution Lemma: If � Case 1: M is a variable. M � x . Then both sides equal N [ y := L ℄ since x 6� y . Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) L [ x := : : : ℄ � L . M � z 6� x; y . Then both sides equal z . Case 1.1. � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (6/8)

  10. y 6 = x and x 62 F V ( N ) then x 6� y and x 62 F V ( L ) , then ( �y :M )[ x := N ℄ = �y : ( M [ x := N ℄) M [ x := N ℄[ y := L ℄ � M [ y := L ℄[ x := N [ y := L ℄℄ . ( �z :M )[ x := N ℄[ y := L ℄ M . 1 Remember: only if Substitution Lemma: If 1 � Case 1: M is a variable. � ( �z : ( M [ x := N ℄))[ y := L ℄ 1 M � x . Then both sides equal N [ y := L ℄ since x 6� y . 2 � �z : ( M [ x := N ℄[ y := L ℄) 1 Proof: By induction on the structure of M � y . Then both sides equal L , for x 62 F V ( L ) � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 L [ x := : : : ℄ � L . 2 M � z 6� x; y . Then both sides equal z . Case 1.1. � ( �z : ( M [ y := L ℄))[ x := N [ y := L ℄℄) ! ! 1 1 � Case 2: M � �z :M Case 1.2. 1 . By the variable convention we may assume � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . ! 1 IH z 6� x; y and z is not free in N ; L . Then by induction hypothesis implies ( �z :M )[ x := N ℄[ y := L ℄ 1 Case 1.3. � �z : ( M [ x := N ℄[ y := L ℄) 1 that � �z : ( M [ y := L ℄[ x := N [ y := L ℄℄) 1 � ( �z :M )[ y := L ℄[ x := N [ y := L ℄℄ . 1 � Case 3: M � M M 1 2 . The statement follows again from the induc- � tion hypothesis. Not tingham, 18. April 2006 – p.3 (7/8)

Recommend

1 Datatypes Generally This Scheme Does Not Always Work datatype ( 1 ,..., n ) K =

1 Datatypes Generally This Scheme Does Not Always Work datatype ( 1 ,..., n ) K =

Types in Isabelle Course 2D1453, 2006-07 Types: T ::= A | X | X :: C | T T | (T 1 ,...,T n ) K where: Advanced Formal Methods A {bool, int, ...} base type X { , ,...} type variable Lecture 4: Isabelle Types

183 views • 5 slides
Proof Pearl: A New Foundation for Nominal Isabelle r

Proof Pearl: A New Foundation for Nominal Isabelle r

Proof Pearl: A New Foundation for Nominal Isabelle r rst r r

615 views • 43 slides
CSE 341 : Programming Languages Lets fix the fact that our only example datatype so far was

CSE 341 : Programming Languages Lets fix the fact that our only example datatype so far was

Useful examples CSE 341 : Programming Languages Lets fix the fact that our only example datatype so far was silly Lecture 5 Enumerations, including carrying other data More Datatypes and Pattern Matching datatype suit = Club |

258 views • 6 slides
A Formalised Proof of Craigs Interpolation Theorem in Nominal Isabelle Peter Chapman Peter

A Formalised Proof of Craigs Interpolation Theorem in Nominal Isabelle Peter Chapman Peter

Introduction Craigs Theorem Formal Proof Further Work A Formalised Proof of Craigs Interpolation Theorem in Nominal Isabelle Peter Chapman Peter Chapman M unchen Talk Introduction Craigs Theorem Formal Proof Further Work

621 views • 59 slides
Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Introduction Krugman, 1980 The Gravity Equation Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu http://mejean.isabelle.googlepages.com/ Master Economics and Public Policy, International Macroeconomics October

763 views • 32 slides
Towards Nominal Abramsky Towards Nominal Abramsky Andrzej Murawski Nikos Tzevelekos University

Towards Nominal Abramsky Towards Nominal Abramsky Andrzej Murawski Nikos Tzevelekos University

Towards Nominal Abramsky Towards Nominal Abramsky Andrzej Murawski Nikos Tzevelekos University of Warwick Queen Mary, U. of London What this talk is about Abramsky's cube (1990's): a taxonomy of game semantics models Nominal game

464 views • 30 slides
Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud, LRI 13-Jul-2014 There is nothing to prove or even to suppose that the Serbian government is accessory to the inducement for the crime, its

347 views • 30 slides
1. Structure of a nominal in Korean background Main grammatical positions 1 in a nominal [Chang

1. Structure of a nominal in Korean background Main grammatical positions 1 in a nominal [Chang

1 Elena Rudnitskaya, Moscow, IV RAN, erudnitskaya@gmail.com MOWL, Leipzig, 11-13.06.2009 Postposition constructions in Korean: morphology and syntax * 1. Structure of a nominal in Korean background Main grammatical positions 1 in a nominal

350 views • 16 slides
Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive definitions for lists. Isabelle has most of these already defined in a theory List.thy . This can be found locally at /usr/share/Isabelle/src/HOL There

411 views • 6 slides
A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many

A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many

A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many possible definitions (no interior values) Examples General Trees datatype b i t r e e = Leaf i n t of | Node of b i t r e e b i t r e e

536 views • 8 slides
Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2017-3-8 1 Part I Isabelle 2 Chapter 2 Programming and Proving 3 1 Overview of Isabelle/HOL 2 Type and function

2.13k views • 186 slides
Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I Florian Haftmann Technische Universit at M unchen January 2009 Overview Viewing Isabelle / HOL as a functional programming language: 1.

464 views • 34 slides
Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification 01 Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan Lawrence jonathan.lawrence@cs.ox.ac.uk Concurrent Datatype Verification 02 Introduction Case study using

618 views • 27 slides
Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer

924 views • 40 slides
The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element

The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element

The Class Chain firstNode null a b c d e The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element (datatype Object) The Class Chain Constructors /** linked implementation of LinearList */ /** create a

273 views • 8 slides
The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element

The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element

The Class Chain firstNode null a b c d e The Class Chain size = number of elements Use ChainNode next (datatype ChainNode) element (datatype Object) The Class Chain Constructors /** linked implementation of LinearList */ /** create a

732 views • 5 slides
Declaring Array Variables Chapter 6 Arrays datatype[] arrayRefVar; Preferred! Example:

Declaring Array Variables Chapter 6 Arrays datatype[] arrayRefVar; Preferred! Example:

Declaring Array Variables Chapter 6 Arrays datatype[] arrayRefVar; Preferred! Example: double[] myList; datatype arrayRefVar[]; Example: double myList[]; 1 4 Motivations Creating Arrays Suppose we want to write a program that

408 views • 19 slides
in Austronesian languages Isabelle BRIL Lacito-CNRS, LABEX EFL isabelle.bril@cnrs.fr 1

in Austronesian languages Isabelle BRIL Lacito-CNRS, LABEX EFL isabelle.bril@cnrs.fr 1

Utrecht University , Oct. 7-8, 2019 Reciprocals in Austronesian languages Isabelle BRIL Lacito-CNRS, LABEX EFL isabelle.bril@cnrs.fr 1 Formosan languages Amis 4 dialects 2 3 The Middle, reciprocal domain in Austronesian 1. In

508 views • 49 slides
Translating Specifications from Nominal Logic to CIC with the Theory of Contexts Marino Miculan

Translating Specifications from Nominal Logic to CIC with the Theory of Contexts Marino Miculan

Metalogics Motivations Nominal signatures NS in NL NS in CIC/ToC NINL( S ) into CIC/ToC( S ) Derivability Conclusion Translating Specifications from Nominal Logic to CIC with the Theory of Contexts Marino Miculan Ivan Scagnetto Furio

280 views • 24 slides
Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The Isabelle/Isar framework 3. The induct method 4. Common induction patterns Motivation Introduction Isabelle/Pure: simple logical framework (models abstract

585 views • 24 slides
Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and

Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and

Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and Julian Parsert Czech Technical University in Prague University of Innsbruck Isabelle/HOL before PSL Isabelle/HOL before PSL context proof goal

558 views • 33 slides
Parsing package docs: Part III: Using the ReadP package

Parsing package docs: Part III: Using the ReadP package

On to ReadP ReadP A small, but fairly complete parsing package (shipped with GHC) Parsing package docs: Part III: Using the ReadP package http://hackage.haskell.org/package/base-4.12.0.0/docs/ Text-ParserCombinators-ReadP.html

537 views • 7 slides
Nominal Exchange Rate Variability, Nominal Wage Rigidity, and the Pattern of Trade ISHISE,

Nominal Exchange Rate Variability, Nominal Wage Rigidity, and the Pattern of Trade ISHISE,

Nominal Exchange Rate Variability, Nominal Wage Rigidity, and the Pattern of Trade ISHISE, Hirokazu ishise@osipp.osaka-u.ac.jp Osaka School of International Public Policy Osaka University Dec 2019 Exchange rate & trade pattern Hiro

587 views • 57 slides
Nominal Completion for Rewrite Systems with Binders Maribel Fern andez Kings College

Nominal Completion for Rewrite Systems with Binders Maribel Fern andez Kings College

Nominal Completion for Rewrite Systems with Binders Maribel Fern andez Kings College London July 2012 Joint work with Albert Rubio M. Fern andez Nominal Completion for Rewrite Systems with Binders Summary Motivations Nominal

791 views • 44 slides

More recommend