|
| 1 | +section \<open>Usage\<close> |
| 2 | + |
| 3 | +text \<open> |
| 4 | + The equivalence reasoner attempts to prove statements of the form \<open>R _ _\<close> where \<^term>\<open>R\<close> is an |
| 5 | + equivalence relation. In the simplest case, it uses facts of the form \<open>R _ _\<close> as rewrite rules for |
| 6 | + repeatedly replacing the first and the second argument of~\<^term>\<open>R\<close> in the statement to prove. If |
| 7 | + both arguments become equal this way, it discharges the now trivial goal. Beyond this core |
| 8 | + functionality the equivalence reasoner has the following features: |
| 9 | + |
| 10 | + \<^item> Rewrite rules can use relations other than~\<^term>\<open>R\<close> as long as these relations are |
| 11 | + subrelations of~\<^term>\<open>R\<close>. It is not necessary for them to be equivalence relations themselves. |
| 12 | + |
| 13 | + \<^item> Rewriting can happen not only directly under the top-level~\<^term>\<open>R\<close>, but also further down |
| 14 | + under an additional stack of function applications, as long as the functions in this stack are |
| 15 | + compatible with~\<^term>\<open>R\<close>. For example, both occurrences of~\<^term>\<open>x\<close> in \<^term>\<open>R (f x (g x)) y\<close> |
| 16 | + can be replaced if \<^term>\<open>f\<close>~and~\<^term>\<open>g\<close> are compatible with~\<^term>\<open>R\<close>, and the first, if just |
| 17 | + \<^term>\<open>f\<close> is. |
| 18 | + |
| 19 | + \<^item> Rewrite rules can be conditional, that is, have the shape \<open>P\<^sub>1 \<Longrightarrow> \<cdots> \<Longrightarrow> P\<^sub>n \<Longrightarrow> S x y\<close>. The |
| 20 | + additional conditions \<^term>\<open>P\<^sub>1\<close> to~\<^term>\<open>P\<^sub>n\<close> must be solvable by the Simplifier. |
| 21 | + |
| 22 | + The equivalence reasoner offers its services via two proof methods: |
| 23 | + |
| 24 | + \<^item> The \<^theory_text>\<open>equivalence\<close> method attempts to prove the given equivalence statement and fails if it is |
| 25 | + unable to complete the proof. |
| 26 | + |
| 27 | + \<^item> The \<^theory_text>\<open>try_equivalence\<close> method attempts to prove the given equivalence statement, but does not |
| 28 | + fail if it is unable to complete the proof, but succeeds, leaving behind an intermediate goal |
| 29 | + it managed to reach. It is intended for debugging. |
| 30 | + |
| 31 | + Beware that the equivalence reasoner transforms the goal in non-trivial ways before performing the |
| 32 | + actual rewriting. The intermediate goals that \<^theory_text>\<open>try_equivalence\<close> leaves behind when being |
| 33 | + unsuccessful expose these transformations. As a result, such an intermediate goal is typically |
| 34 | + harder to comprehend than the original goal, and a follow-up invocation of the equivalence |
| 35 | + reasoner will almost certainly fail, even when using a different configuration. For details about |
| 36 | + the transformations the equivalence reasoner performs see~\ref{implementation}. |
| 37 | + |
| 38 | + Both equivalence reasoner methods share the same interface, which has the following appearance: |
| 39 | + |
| 40 | + \<^item> The equivalence to be proved is given as the goal conclusion. It must have the form \<open>R _ _\<close> |
| 41 | + where \<^term>\<open>R\<close> is known to the equivalence reasoner as an equivalence relation. If it does not |
| 42 | + have this form, the proof method fails. |
| 43 | + |
| 44 | + \<^item> Rewrite rules can be provided as premises, chained facts, or a mix of both. All premises and |
| 45 | + chained facts that are not valid rewrite rules are ignored. |
| 46 | + |
| 47 | + \<^item> There is a named theorem \<^theory_text>\<open>equivalence\<close> that contains the fact \<^term>\<open>equivp R\<close> for |
| 48 | + every~\<^term>\<open>R\<close> that the equivalence reasoner shall recognize as an equivalence relation. |
| 49 | + |
| 50 | + Like with every named theorem, facts can be added to \<^theory_text>\<open>equivalence\<close> by applying an attribute |
| 51 | + named \<^theory_text>\<open>equivalence\<close> to them. Furthermore, additional facts can be provided for a particular |
| 52 | + method invocation by adding \<^theory_text>\<open>equivalence:\<close> followed by these facts to the method call. |
| 53 | + |
| 54 | + All facts that are not of the form \<open>equivp _\<close> are ignored, whether they have been added to the |
| 55 | + named theorem using the \<^theory_text>\<open>equivalence\<close> attribute or passed as method arguments. |
| 56 | + |
| 57 | + \<^item> There is a named theorem \<^theory_text>\<open>inclusion\<close> that contains facts of the shape \<open>T \<le> U\<close> where |
| 58 | + \<^term>\<open>T\<close>~and~\<^term>\<open>U\<close> are relations. A rewrite rule that uses a relation~\<^term>\<open>S\<close> is considered |
| 59 | + valid for rewriting an equivalence that uses an equivalence relation~\<^term>\<open>R\<close> exactly if the |
| 60 | + statement \<open>S \<le> R\<close> can be derived from the given inclusions using only reflexivity and |
| 61 | + transitivity of \<open>(\<le>)\<close> for relations. |
| 62 | + |
| 63 | + Like with \<^theory_text>\<open>equivalence\<close>, \<^theory_text>\<open>inclusion\<close> can be augmented via method arguments, and all facts |
| 64 | + that are not of the appropriate form are ignored. |
| 65 | + |
| 66 | + \<^item> There is a named theorem \<^theory_text>\<open>compatibility\<close> that contains facts that establish compatibility of |
| 67 | + certain functions with certain equivalence relations. We call these facts compatibility rules. |
| 68 | + The compatibility of an \<^term>\<open>n\<close>-ary function~\<^term>\<open>f\<close> with an equivalence relation~\<^term>\<open>R\<close> is |
| 69 | + usually expressed using the statement |
| 70 | + \<open>\<And>x\<^sub>1 \<dots> x\<^sub>n y\<^sub>1 \<dots> y\<^sub>n. R x\<^sub>1 y\<^sub>1 \<Longrightarrow> \<cdots> \<Longrightarrow> R x\<^sub>n y\<^sub>n \<Longrightarrow> R (f x\<^sub>1 \<dots> x\<^sub>n) (f y\<^sub>1 \<dots> y\<^sub>n)\<close>. However, the |
| 71 | + equivalence reasoner expects this compatibility to be stated as |
| 72 | + \<open>\<And>x\<^sub>1 \<dots> x\<^sub>n. R (f x\<^sub>1 \<dots> x\<^sub>n) (f (canonical R x\<^sub>1) \<dots> (canonical R x\<^sub>n))\<close>. This formulation uses |
| 73 | + certain constructs introduced by the equivalence reasoner: |
| 74 | + |
| 75 | + \<^item> A term \<^term>\<open>canonical R x\<close> denotes a value that is equivalent to~\<^term>\<open>x\<close> with respect |
| 76 | + to~\<^term>\<open>R\<close> and serves as a canonical form of all values that are equivalent to~\<^term>\<open>x\<close>. |
| 77 | + The term \<^term>\<open>canonical R x\<close> is an abbreviation for \<open>representative [x]\<^bsub>R\<^esub>\<close>. |
| 78 | + |
| 79 | + \<^item> A term \<open>[x]\<^bsub>R\<^esub>\<close> denotes the equivalence class of~\<^term>\<open>x\<close> with respect to~\<^term>\<open>R\<close>. |
| 80 | + |
| 81 | + \<^item> A term \<^term>\<open>representative X\<close> denotes an unspecified element of the equivalence |
| 82 | + class~\<^term>\<open>X\<close>. |
| 83 | + |
| 84 | + The equivalence reasoner does not insist on compatibility rules having precisely the format |
| 85 | + described above, but only requires them to be equivalences. As a result, compatibility rules |
| 86 | + can be used to trigger behavior more complex than just the application of actual |
| 87 | + compatibilities. To see exactly how the equivalence handler uses compatibility rules, turn |
| 88 | + to~ref{implementation}. |
| 89 | + |
| 90 | + Like with \<^theory_text>\<open>equivalence\<close> and \<^theory_text>\<open>inclusion\<close>, \<^theory_text>\<open>compatibility\<close> can be augmented via method |
| 91 | + arguments. All facts that are not of the form \<open>R _ _\<close> where \<^term>\<open>R\<close> is the equivalence |
| 92 | + relation of the conclusion are ignored. |
| 93 | + |
| 94 | + \<^item> Simplification rules for solving conditions arising from the application of conditional |
| 95 | + rewrite rules can be provided by adding them to the method invocation preceded by |
| 96 | + \<^theory_text>\<open>simplification:\<close>. Simplification of conditions does not use any simplification rules beyond |
| 97 | + those explicitly provided. |
| 98 | +\<close> |
| 99 | + |
| 100 | +section \<open>Implementation\<close> |
| 101 | + |
| 102 | +text_raw \<open>\label{implementation}\<close> |
| 103 | + |
1 | 104 | theory Equivalence_Reasoner |
2 | 105 | imports |
3 | 106 | Main |
|
0 commit comments