Re: [ProofPower] Proving properties of Z types.

[Frank Zeyda]

, and be interested in other users' 
contributions).


Roger Bishop Jones wrote:
 On Tuesday 16 June 2009 14:47:55 Frank Zeyda wrote:
 Dear ProofPower Users,

 I have a little observation which I would like to confirm. The problem
 is as follows. I defined a new Z type NAME by

 [NAME]

 and then introduced a set ALPHABET to refer to the subsets of NAME by

 ALPHABET == P NAME

 It seems odd for an alphabet to be a set of names,
 it sounds more like a set of characters from which
 one might form names as sequences.

 At some point it showed to be necessary to construct fresh names for any
 given alphabet, i.e. which are not in the alphabet. In that, I attempted
 to prove the following theorem.

 FORALL a : ALPHABET @ (EXISTS n : NAME @ n \not \in a)

 I assumed it would be sufficient to restrict the set alphabet to finite
 subsets of name, for instance using the following definition for
 ALPHABET instead.

 ALPHABET == F NAME

 but I think this is not the case. For a new Z type, the defining axiom
 we obtain is that the Z type constant (i.e. NAME) is equal to the
 universe over a certain, newly introduced, HOL type (here z'NAME); a HOL
 constant Universe is used to refer to the carrier set of a HOL type.
 It guarantees that any x of the correct (HOL) type is an element of the
 respective (type-instantiated) Universe, that x is not an element of the
 empty set which I suppose excludes the case of an empty universe, and a
 property regarding the Insert functions to reason about enumerated sets.

 I'm puzzled where this came from.
 In ProofPower when you introduce a given set NAME you get a
 new HOL type z'NAME (as you say) about which nothing is specified
 (but all types are non-empty), and you get a new Z constant NAME
 defined by NAME = BBU.
 BBU (the double bold U symbol) is difficult to unpick because
 for Z it behaves as a primitive, but it is in fact the set of
 all elements of the type x'NAME.  The proof system knows enough
 about BBU that you should not need to think about what's happening
 underneath but simply understand that it is the set of all elements
 of some type, and the type will be determined by type inference.

 From this alone one cannot prove that the corresponding Universe is
 infinite.

 yes, it might be finite, for all anyone knows.

 The underlying HOL type of the new Z type, i.e. here z'NAME
 SET I think defines a representation function that equates the type of
 a set with functions over some new HOL type into BOOL, but again I think
 this cannot be used to prove that z'NAME SET is infinite unless
 z'NAME is (?!).

 Yes. The HOL type constructor SET, which is used also for sets in
 Z, is represented by propositional functions.  In HOL SETs are
 just different ways of talking about propositional functions.
 (though you can introduce other kinds of set if you like)

 In that, I suppose if we want a Z type to be infinite,
 we need to explicitly state it, that is by an axiom along the lines of

 EXISTS f : z'NAME - z'NAME @ (OneOne f) /\ ¬ Onto f

 (Similar to the infinity_axiom in the HOL theory init.)

 Though it might be better in this case to use

 F NAME propersubsetof P NAME

 Or alternatively (maybe more useful when doing the proofs in Z rather
 than HOL) that there exists an injective Z function from N to the
 carrier set of the new type. The only type in ProofPower-Z that
 explicitly claims its infinite seems to be the type IND.

 Though there are many others which are easily seen to be.
 e.g. N or seq T for any type T.

 However, there
 seems no way to prove that for a newly introduce HOL type there is an
 injective function from IND to the elements of that. Even further, it
 seems not possible to prove that there are two distinct elements in a
 newly introduced Z type. For example, the consistency axioms for

 | x, y : NAME

 -

 | x =/= y

 Appear not to be provable by the defining axiom for NAME, unless we
 introduce some axiom stating properties of the cardinality of NAME.

 All this is consistent (I believe) with the Z standard.

 If someone could confirm or refute the above that would be great.

 Yes.  However, you should not really need to know any of the
 stuff about how this is done in HOL.
 The given sets are implemented as they should be in Z
 and U is well understood by the Z proof contexts.

 As a side-issue, I realised the automatic proof support for finite sets
 is not as well developed as that for (possibly infinite) sets. I proved
 a couple of theorems that could be useful, for instance discharging that
 every enumerated set is finite. It may be worth introducing a new Z
 component proof context for finite sets.

 The place to look for theorems about finiteness is in the maths 
examples, wrk073.pdf, not part of the standard

 distribution.
 However, this is all HOL, so to use it in Z you will need
 to understand the relations between HOL and Z.

 However, I'm not convinced that you need it for the purposes
 described.  If you just add the constraint I

[ProofPower] A question about customisation of pretty printing.

[Frank Zeyda]

Dear ProofPower Users,

I have the following problem, hope someone might be able to help.
At the moment I am trying to define a pretty printer UTP in order to
print certain terms in (mostly) Z expressions in a particular way. I
used the function set_printer from PrettyPrinterSupport to configure the
new pretty printer, providing the various functions for possible shapes
of basic HOL terms. (To introduce a custom symbol for the special quote
I also used set_start_quote).

My question is related to how to control which Z terms are printer using 
the UTP printer. For that sake I defined a new theory in which I set the 
language to UTP via set_current_language UTP. This, however, did not 
result in Z terms such as a \cup b being printed through the UTP 
printer. It seems that the printer that is used for a particular 
constant is determined by the language of the theory in which the 
constant is defined. To solve the problem, declare_const_language can be 
used to specify manually what printer should be used for a particular 
constant in a particular theory context. What is in particular necessary 
to channel printing of any kind of Z function applications through UTP 
is to change the language for the Z'App function.


declare_const_language (Z'App, UTP);

The printing functions for the UTP printer, however, are not meant to 
print all Z terms, only certain ones. In that, they may return 
PfNotPossible as a result. In such a case I would like to fall back on 
the original printer of the constant as specified in the theory where 
the constant is defined. What seems to be the case, however, is that 
then the HOL printer is used. I'm not sure why this happens, and whether 
it is possible to circumvent this. Strangle, when I call 
get_const_language Z'App in the context of the newly created theory, 
it gives me [Z, UTP] as a result. So if the UTP printer fails, it 
somehow suggests that in the next instance the Z printer may be, and not 
the HOL printer.


Apologies this is rather a specific, but any advise on this would be 
very much appreciated. I could think of one solution, that is to 
manually invoke the printing functions of the Z printer within those of 
the UTP printer if printing fails, but this is a bit tricky since they 
are not directly exposed by the implementation. What are the mechanisms 
for fall-back if one pretty-printer fails? This might be the key to 
solving the problem.


Many thanks as usual,
Frank

--
 Frank Zeyda, Dipl.-Inform. BSc PhD
 Research Associate
 High Integrity Systems Engineering Group
 Department of Computer Science
 University of York (UK)
 Email: ze...@cs.york.ac.uk
 Phone: 0044-(0)1904-433244
 WWW: http://www-users.cs.york.ac.uk/~zeyda/


___
Proofpower mailing list
Proofpower@lemma-one.com
http://lemma-one.com/mailman/listinfo/proofpower_lemma-one.com