1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
|
;;; local-confluence.lisp
;;; Convergent reduction relations have a decidable equivalence closure
;;; Created: 1-11-99 Last modified: 11-10-00
;;; =============================================================================
;;; To certify this book:
#|
(in-package "ACL2")
(defconst *abstract-proofs-exports*
'(last-elt r-step direct operator elt1 elt2 r-step-p make-r-step
first-of-proof last-of-proof steps-up steps-down steps-valley
proof-before-valley proof-after-valley inverse-r-step inverse-proof
local-peak-p proof-measure proof-before-peak proof-after-peak
local-peak peak-element))
(defconst *cnf-package-exports*
(union-eq *acl2-exports*
(union-eq
*common-lisp-symbols-from-main-lisp-package*
*abstract-proofs-exports*)))
(defpkg "CNF" *cnf-package-exports*)
(defpkg "NWM" (cons 'multiset-diff *cnf-package-exports*))
(defpkg "LCNF" (cons 'multiset-diff *cnf-package-exports*))
(certify-book "local-confluence" 5)
|#
;;;
(in-package "LCNF")
(local (include-book "confluence"))
(include-book "newman")
;;; ****************************************************************************
;;; LOCALLY CONFLUENT AND TERMINATING REDUCTION RELATIONS HAVE A
;;; DECIDABLE EQUIVALENCE CLOSURE
;;; ****************************************************************************
;;; We prove that every noetherian, locally confluent reduction relation
;;; has decidable equivalence closure. This is a good example of how
;;; functional instantiation can be useful. This result can be easily
;;; proved by functional instantiation of the results in the books
;;; previously developed. Using confluence.lisp, we need to show that
;;; the reduction relation is normalizing and has the Church-Rosser
;;; property. And the Church-Rosser property can be proved by using
;;; Newman's lemma, proved in newman.lisp. The normalizing property is
;;; an easy consequence of noetherianity.
;;; ============================================================================
;;; 1. A Tool for functional instantation
;;; ============================================================================
;;; In this file we have to extensively use functional
;;; instantiation of results previously proved. The functional
;;; instantiations we have to carry out are always of the same kind:
;;; the functional substitution relates functions with the same symbol
;;; name but in different package and the same happen with individual
;;; variables. We define the following functions in :program
;;; mode to provide a tool to make this kind of functional-instance
;;; hints convenient.
(local
(defun pkg-functional-instance-pairs (lemma-name symbols)
(declare (xargs :mode :program))
(if (endp symbols)
nil
(cons (list (acl2::intern-in-package-of-symbol
(string (car symbols)) lemma-name)
(car symbols))
(pkg-functional-instance-pairs lemma-name (cdr symbols))))))
(local
(defun pkg-functional-instance
(id lemma-name variable-symbols function-symbols)
(declare (xargs :mode :program))
(if (equal id (acl2::parse-clause-id "Goal"))
(list :use (list* :functional-instance
(list* :instance
lemma-name
(pkg-functional-instance-pairs
lemma-name variable-symbols))
(pkg-functional-instance-pairs
lemma-name function-symbols)))
nil)))
;;; The function pkg-functional-instance computes a hint (see
;;; computed-hints in the ACL2 manual) and is called
;;; in the following way:
;;; (pkg-functional-instance id lemma-name variable-symbols
;;; function-symbols)
;;; where:
;;; id: is always the variable acl2::id
;;; lemma-name: the name of the lemma to be instantiated
;;; (including the package).
;;; variable-symbols: the list of symbol names of variables to be
;;; instantiated.
;;; function-symbols: the list of symbol names of functions to be
;;; instantiated.
;;; The computed hint is the functional instantiation of the lemma-name,
;;; relating each variable name and function name (of the package where
;;; the lemma has been proved) to the same symbol name in the current
;;; package.
;;; ============================================================================
;;; 2. Formalizing the hypothesis of the theorem
;;; ============================================================================
;;; REMARK: This section is exactly the same as in newman.lisp:
;;; formalization of noetherianity and local confluence. Nevertheless,
;;; since we have to compute normal forms and the function
;;; proof-irreducible, we have to assume the existence of a reducibility
;;; test given by a function reducible with the following properties for
;;; every element x:
;;; 1) When reducible returns non-nil, it returns a legal operator for x.
;;; 2) When reducible returns nil, there are no legal operators for x.
;;; See newman.lisp and confluence-v0.lisp for more details.
;;; A noetherian partial order rel (used to justify noetherianity of the
;;; reduction relation defined later)
;;; .....................................................................
(encapsulate
((rel (x y) booleanp)
(fn (x) e0-ordinalp))
(local (defun rel (x y) (declare (ignore x y)) nil))
(local (defun fn (x) (declare (ignore x)) 1))
(defthm rel-well-founded-relation-on-mp
;; modified for v2-8 ordinals changes
(and
(o-p (fn x))
(implies (rel x y)
(o< (fn x) (fn y))))
:rule-classes (:well-founded-relation
:rewrite))
(defthm rel-transitive
(implies (and (rel x y) (rel y z))
(rel x z))))
(in-theory (disable rel-transitive))
;;; A noetherian and locally confluent reduction relation
;;; �����������������������������������������������������
(encapsulate
((legal (x u) boolean)
(reduce-one-step (x u) element)
(reducible (x) boolean)
(transform-local-peak (x) proof))
(local (defun legal (x u) (declare (ignore x u)) nil))
(local (defun reduce-one-step (x u) (+ x u)))
(local (defun reducible (x) (declare (ignore x)) nil))
(local (defun transform-local-peak (x) (declare (ignore x)) nil))
(defthm legal-reducible-1
(implies (reducible x) (legal x (reducible x))))
(defthm legal-reducible-2
(implies (not (reducible x)) (not (legal x u))))
(defun proof-step-p (s)
(let ((elt1 (elt1 s)) (elt2 (elt2 s))
(operator (operator s)) (direct (direct s)))
(and (r-step-p s)
(implies direct (and (legal elt1 operator)
(equal (reduce-one-step elt1 operator)
elt2)))
(implies (not direct) (and (legal elt2 operator)
(equal (reduce-one-step elt2 operator)
elt1))))))
(defun equiv-p (x y p)
(if (endp p)
(equal x y)
(and (proof-step-p (car p))
(equal x (elt1 (car p)))
(equiv-p (elt2 (car p)) y (cdr p)))))
; The following was added by Matt Kaufmann after ACL2 Version 3.4 because of
; a soundness bug fix; see ``subversive'' in :doc note-3-5.
(defthm equiv-p-type
(booleanp (equiv-p x y p))
:rule-classes :type-prescription)
(defthm local-confluence
(let ((valley (transform-local-peak p)))
(implies (and (equiv-p x y p) (local-peak-p p))
(and (steps-valley valley)
(equiv-p x y valley)))))
(defthm noetherian
(implies (legal x u) (rel (reduce-one-step x u) x))))
;;; ============================================================================
;;; 2. Theorem: The reduction relation has the Church-Rosser property
;;; ============================================================================
;;; REMARK: We show that it is possible to define a function
;;; transform-to-valley with the propertiy of transforming every proof
;;; ina an equivalent valley proof. This is done in newman.lisp, so
;;; now we can functionally instantiate the main results proved there.
;;; See newman.lisp for details.
;;; Well-founded multiset extension of rel
;;; ��������������������������������������
;(acl2::defmul-components rel)
;The list of components is:
; (REL REL-WELL-FOUNDED-RELATION-ON-MP T FN X Y)
(local
(acl2::defmul (REL REL-WELL-FOUNDED-RELATION-ON-MP T FN X Y)))
;;; Auxiliary functions in the definition of transform-to-valley
;;; �����������������������������������������������������������
(local
(defun exists-local-peak (p)
(cond ((or (atom p) (atom (cdr p))) nil)
((and
(not (direct (car p)))
(direct (cadr p)))
(and (proof-step-p (car p))
(proof-step-p (cadr p))
(equal (elt2 (car p)) (elt1 (cadr p)))))
(t (exists-local-peak (cdr p))))))
(local
(defun replace-local-peak (p)
(cond ((or (atom p) (atom (cdr p))) nil)
((and (not (direct (car p))) (direct (cadr p)))
(append (transform-local-peak (list (car p) (cadr p)))
(cddr p)))
(t (cons (car p) (replace-local-peak (cdr p)))))))
;;; transform-to-valley terminates
;;; ������������������������������
;;; By functional instantiation of the same result in newman.lisp
(local
(defthm transform-to-valley-admission
(implies (exists-local-peak p)
(mul-rel (proof-measure (replace-local-peak p))
(proof-measure p)))
:rule-classes nil
:hints ((pkg-functional-instance
acl2::id
'nwm::transform-to-valley-admission
'(p) '(fn legal forall-exists-rel-bigger reduce-one-step
proof-step-p equiv-p rel mul-rel
exists-local-peak replace-local-peak
transform-local-peak exists-rel-bigger))
("Subgoal 10" :in-theory (enable rel-transitive)))))
;;; Definition of transform-to-valley
;;; ���������������������������������
(local
(defun transform-to-valley (p)
(declare (xargs :measure (proof-measure p)
:well-founded-relation mul-rel
:hints (("Goal" :use
(:instance transform-to-valley-admission)))))
(if (not (exists-local-peak p))
p
(transform-to-valley (replace-local-peak p)))))
;;; Properties of transform-to-valley: the Church-Rosser property
;;; �������������������������������������������������������������
;;; By functional instantiation of the same results in newman.lisp
(local
(defthm equiv-p-x-y-transform-to-valley
(implies (equiv-p x y p)
(equiv-p x y (transform-to-valley p)))
:hints ((pkg-functional-instance
acl2::id
'nwm::equiv-p-x-y-transform-to-valley
'(p x y)
'(fn transform-to-valley reduce-one-step legal
proof-step-p equiv-p rel exists-local-peak
replace-local-peak transform-local-peak)))))
(local
(defthm valley-transform-to-valley
(implies (equiv-p x y p)
(steps-valley (transform-to-valley p)))
:hints ((pkg-functional-instance
acl2::id
'nwm::valley-transform-to-valley
'(p x y)
'(fn transform-to-valley reduce-one-step legal
proof-step-p equiv-p rel exists-local-peak
replace-local-peak transform-local-peak)))))
;;; ============================================================================
;;; 3. Theorem: The reduction relation is normalizing
;;; ============================================================================
;;; To instantiate the results in confluence.lisp, we have to define a
;;; function proof-irreducible and prove the properties assumed there as
;;; axioms.
;;; Definition of proof-irreducible
;;; �������������������������������
;;; REMARK: Iteratively apply reduction steps until an irreducible
;;; element is found. This function termination can be justified by the
;;; well-founded relation rel. That is, the normal-form computation
;;; terminates because the reduction relation is assumed to be
;;; noetherian.
(defun proof-irreducible (x) (declare (xargs :measure x
:well-founded-relation rel))
(let ((red (reducible x)))
(if (not red)
nil
(cons (make-r-step
:direct t :elt1 x :elt2 (reduce-one-step x red)
:operator red)
(proof-irreducible (reduce-one-step x red))))))
;;; Properties of proof-irreducible (normalizing property)
;;; ������������������������������������������������������
;;; REMARK: These are the assumed proerties of proof-irreducible in
;;; confluence.lisp, in rewriting rule form:
(local
(defthm normalizing-1
(let ((y (elt2 (last-elt (proof-irreducible x)))))
(implies (consp (proof-irreducible x))
(and (equiv-p x y (proof-irreducible x))
(not (legal y op)))))))
(local
(defthm normalizing-2
(implies
(not (consp (proof-irreducible x)))
(not (legal x op)))))
;;; ============================================================================
;;; 4. Theorem: The equivalence closure is decidable
;;; ============================================================================
;;; ----------------------------------------------------------------------------
;;; 4.1 Definition of a decison procedure for <--*--reduce-one-step--*-->
;;; ----------------------------------------------------------------------------
(defun normal-form (x)
(declare (xargs :measure x
:well-founded-relation rel))
(let ((red (reducible x)))
(if (not red)
x
(normal-form (reduce-one-step x red)))))
(defun r-equivalent (x y)
(equal (normal-form x) (normal-form y)))
;;; REMARK: Note that this is not exactly the same definition of the
;;; decision procedure given in confluence.lisp. The point is that in
;;; confluence.lisp the normal-form computation is through the proof
;;; given by proof-irreducible. In order to functionally instantiate the
;;; result of confluence.lisp, we show that it is the same function.
;;; This is the same function as r-equiv in confluence.lisp
;;; �������������������������������������������������������
;;; REMARK: normal-form-aux is analogue NWM::normal-form, but
;;; normal-form is more eficcient. The same for r-equiv.
(local
(defun normal-form-aux (x) (last-of-proof x (proof-irreducible x))))
(local
(defthm normal-form-aux-normal-form
(equal (normal-form x)
(normal-form-aux x))))
(local
(defun r-equiv (x y)
(equal (normal-form-aux x) (normal-form-aux y))))
;;; ----------------------------------------------------------------------------
;;; 4.2 Soundness and completeness
;;; ----------------------------------------------------------------------------
;;; Completeness
;;; ������������
;;; By functional instantiation of the same results in confluence.lisp
(defthm r-equivalent-complete
(implies (equiv-p x y p)
(r-equivalent x y))
:rule-classes nil
:hints ((pkg-functional-instance
acl2::id
'cnf::r-equiv-complete
'(p x y)
'(legal proof-step-p r-equiv
equiv-p reduce-one-step proof-irreducible
transform-to-valley normal-form))))
;;; Soundness
;;; ���������
;;; By functional instantiation of the same results in confluence.lisp
;;; Skolem function
(defun make-proof-common-n-f (x y)
(append (proof-irreducible x) (inverse-proof (proof-irreducible y))))
(defthm r-equivalent-sound
(implies (r-equivalent x y)
(equiv-p x y (make-proof-common-n-f x y)))
:hints ((pkg-functional-instance
acl2::id
'cnf::r-equiv-sound
'(x y)
'(legal make-proof-common-n-f proof-step-p
r-equiv equiv-p
reduce-one-step proof-irreducible transform-to-valley
normal-form))))
|
