## Witnessing (Co)datatypes

### BibTeX

@MISC{Blanchette_witnessing(co)datatypes,

author = {Jasmin Christian Blanchette and Andrei Popescu and Dmitriy Traytel},

title = {Witnessing (Co)datatypes},

year = {}

}

### OpenURL

### Abstract

Abstract. Datatypes and codatatypes are very useful for specifying and reasoning about (possibly infinite) computational processes. The interactive theorem prover Isabelle/HOL has been extended with a definitional package that supports both. Here we describe a complete procedure for deriving nonemptiness witnesses in the general mutually recursive, nested case—nonemptiness being a proviso for introducing new types in higher-order logic. The nonemptiness problem also provides an illuminating case study that shows the package in action, tracing its journey from abstract category theory to hands-on functionality. 1

### Citations

704 |
Types and Programming Languages
- Pierce
- 2002
(Show Context)
Citation Context ...tion to β ∼ = unit + α × β), then Fset applied to a list x gives all the elements appearing in x. 3 3 Our Fset has similarities with Pierce’s notion of support from his account of (co)inductive types =-=[17]-=- and with Abel and Altenkirch’s urelement relation from their framework for strong normalization [2]. The elements of Fset m+k j x (for k ∈ [n]) are the recursive components of ctorj x. Using this ins... |

298 | Universal coalgebra: a theory of systems
- Rutten
(Show Context)
Citation Context ... ()) and Cons a b = ctor(Inr (a, b)), can be recast into the familiar rule ϕ Nil ∀a ∈ α. ∀b ∈ α list. ϕ b ⇒ ϕ (Cons a b) ∀b ∈ α list. ϕ b Moving to coinduction, we need a further well-know assumption =-=[19]-=-: that our functors preserve weak pullbacks, which allows us to organize them as relators [18]. For a functor αn F, we lift its action Fmap : (α1 → β1) → ··· → (αn → βn) → α F → β F on functions to an... |

129 | Terminal coalgebras in well-founded set theory, Theoret - Barr - 1993 |

78 |
Power domains
- Smyth
- 1978
(Show Context)
Citation Context ...to defining, for language (sets of sets of terminals), the notions of the word-inclusion subsumption4 , ≤, by L ≤ L ′ iff ∀w ∈ L. ∃w ′ ∈ L ′ . w ′ ⊆ w 4 This is in effect the Smyth preorder extension =-=[21]-=- of the subword relation. β and equivalence, ≡, by L ≡ L ′ iff L ≤ L ′ and L ′ ≤ L It is easy to see that any set ≡-equivalent to a perfect set is again perfect. Note also that Theorem 1 implies L r G... |

74 | Automating recursive type definitions in higher order logic
- Melham
- 1989
(Show Context)
Citation Context ...quotients of nonempty sets are nonempty, and Huffman’s (co)recursive domain package for Isabelle/HOLCF [12] can rely on a minimal element ⊥. For the traditional datatype packages introduced by Melham =-=[15]-=-, extended by Gunter [7], simplified by Harrison [8], and implemented in Isabelle/HOL by Berghofer and Wenzel [5], proving nonemptiness is nontrivial, but by reducing nested definitions to mutual defi... |

62 |
Containers - constructing strictly positive types, Theoretical Computer Science 342
- Abott, Altenkirch, et al.
- 2005
(Show Context)
Citation Context ... type nonemptiness is often not crucial, either because the developments do not target any particular logic [4], [9], [19] or because the targeted logics cater for (potentially empty) dependent types =-=[1]-=-, [3], [10], [20]. VI. CONCLUSION We presented a complete solution to the nonemptiness witness problem that arises in the context of Isabelle’s new (co)datatype package. The solution exploits the func... |

42 | Inductive datatypes in HOL - lessons learned in formal-logic engineering
- Wenzel
(Show Context)
Citation Context ...ly on a minimal element ⊥. For the traditional datatype packages introduced by Melham [15], extended by Gunter [7], simplified by Harrison [8], and implemented in Isabelle/HOL by Berghofer and Wenzel =-=[5]-=-, proving nonemptiness is nontrivial, but by reducing nested definitions to mutual definitions, they could employ a standard reachability analysis [5, § 4.1], whereas our package needs (co)reachabilit... |

23 | Indexed containers
- Morris, Altenkirch
- 2009
(Show Context)
Citation Context ... nonemptiness is often not crucial, either because the developments do not target any particular logic [4], [9], [19] or because the targeted logics cater for (potentially empty) dependent types [1], =-=[3]-=-, [10], [20]. VI. CONCLUSION We presented a complete solution to the nonemptiness witness problem that arises in the context of Isabelle’s new (co)datatype package. The solution exploits the functoria... |

22 |
Inductive definitions: automation and application
- Harrison
- 1995
(Show Context)
Citation Context ...s (co)recursive domain package for Isabelle/HOLCF [12] can rely on a minimal element ⊥. For the traditional datatype packages introduced by Melham [15], extended by Gunter [7], simplified by Harrison =-=[8]-=-, and implemented in Isabelle/HOL by Berghofer and Wenzel [5], proving nonemptiness is nontrivial, but by reducing nested definitions to mutual definitions, they could employ a standard reachability a... |

20 | A fixedpoint approach to (co)inductive and (co)datatype definitions
- Paulson
- 2000
(Show Context)
Citation Context ...he codatatype dtree provides the right universe for defining well-formed trees as a coinductive predicate. Fixpoint (or Knaster–Tarski) (co)induction is provided in Isabelle/HOL by a separate package =-=[16]-=-. Fixpoint induction relies on the minimality of a predicate (the least fixpoint); dually, fixpoint coinduction relies on maximality (the greatest fixpoint). It is well-known that datatypes interact w... |

18 |
Relators and metric bisimulations
- Rutten
- 1998
(Show Context)
Citation Context ...α list. ϕ b ⇒ ϕ (Cons a b) ∀b ∈ α list. ϕ b Moving to coinduction, we need a further well-know assumption [19]: that our functors preserve weak pullbacks, which allows us to organize them as relators =-=[18]-=-. For a functor αn F, we lift its action Fmap : (α1 → β1) → ··· → (αn → βn) → α F → β F on functions to an action Frel : (α1 → β1 → bool) → ··· → (αn → βn → bool) → (α F → β F → bool), the relator, de... |

17 | Proof principles for datatypes with iterated recursion
- Hensel, Jacobs
- 1997
(Show Context)
Citation Context ...mptiness is often not crucial, either because the developments do not target any particular logic [4], [9], [19] or because the targeted logics cater for (potentially empty) dependent types [1], [3], =-=[10]-=-, [20]. VI. CONCLUSION We presented a complete solution to the nonemptiness witness problem that arises in the context of Isabelle’s new (co)datatype package. The solution exploits the functorial view... |

16 | A broader class of trees for recursive type definitions for HOL
- Gunter
- 1994
(Show Context)
Citation Context ...s are nonempty, and Huffman’s (co)recursive domain package for Isabelle/HOLCF [12] can rely on a minimal element ⊥. For the traditional datatype packages introduced by Melham [15], extended by Gunter =-=[7]-=-, simplified by Harrison [8], and implemented in Isabelle/HOL by Berghofer and Wenzel [5], proving nonemptiness is nontrivial, but by reducing nested definitions to mutual definitions, they could empl... |

15 |
Two applications of analytic functors
- Hasegawa
(Show Context)
Citation Context ...roved (or even formulated) for previous datatype packages. In category theory settings, type nonemptiness is often not crucial, either because the developments do not target any particular logic [4], =-=[9]-=-, [19] or because the targeted logics cater for (potentially empty) dependent types [1], [3], [10], [20]. VI. CONCLUSION We presented a complete solution to the nonemptiness witness problem that arise... |

12 |
Proof Pearl: Regular Expression Equivalence and Relation Algebra
- Krauss, Nipkow
(Show Context)
Citation Context ...unctors. Instead, the package proves the theorems dynamically for the functors involved in the datatype definitions. Only the soundness part of the theorems is needed. To paraphrase Krauss and Nipkow =-=[13]-=-, completeness belongs to the realm of metatheory and is not required to obtain actual nonemptiness proofs—it merely lets you sleep better. A HOL definitional package has to bear the burden of both co... |

9 |
A purely definitional universal domain
- Huffman
(Show Context)
Citation Context ...ally the proofs are easy: Homeier’s quotient package for HOL4 [11] exploits the observation that quotients of nonempty sets are nonempty, and Huffman’s (co)recursive domain package for Isabelle/HOLCF =-=[12]-=- can rely on a minimal element ⊥. For the traditional datatype packages introduced by Melham [15], extended by Gunter [7], simplified by Harrison [8], and implemented in Isabelle/HOL by Berghofer and ... |

8 | A design structure for higher order quotients
- Homeier
- 2005
(Show Context)
Citation Context ...about 300 lines of Standard ML. V. RELATED WORK Other definitional packages must also prove nonemptiness of newly defined types, but typically the proofs are easy: Homeier’s quotient package for HOL4 =-=[11]-=- exploits the observation that quotients of nonempty sets are nonempty, and Huffman’s (co)recursive domain package for Isabelle/HOLCF [12] can rely on a minimal element ⊥. For the traditional datatype... |

8 | Foundational, compositional (co)datatypes for higher-order logic—Category theory applied to theorem proving
- Traytel, Popescu, et al.
- 2012
(Show Context)
Citation Context ...mutually recursive, nested (co)datatypes. While some theorem provers support codatatypes (e.g., Agda, Coq, and PVS), Isabelle is the first to provide a definitional implementation. Our previous paper =-=[22]-=- developed the underlying constructions, adapted from category theory; in this follow-up, we focus on the more practical aspects of the package. The main such aspect that concerns us here is the gener... |

4 | A predicative strong normalisation proof for a lambda-calculus with interleaving inductive types
- Abel, Altenkirch
- 1991
(Show Context)
Citation Context ... Our Fset has similarities with Pierce’s notion of support from his account of (co)inductive types [17] and with Abel and Altenkirch’s urelement relation from their framework for strong normalization =-=[2]-=-. The elements of Fset m+k j x (for k ∈ [n]) are the recursive components of ctorj x. Using this insight, the induction principle can be expressed abstractly for the mutual initial algebra IF of funct... |

3 |
Formal development associated with this paper
- Traytel, Popescu, et al.
(Show Context)
Citation Context ...I. THE DEFINITIONAL PACKAGE IN ACTION We introduce the (co)datatype definitional package through a concrete example: infinite derivation trees. The corresponding formal scripts are publicly available =-=[6]-=-. We take a few liberties with Isabelle notations to lighten the presentation; in particular, we ignore the distinction between types and sets. A. Definition of Derivation Trees We fix a set T of term... |

3 | Modular type-safety proofs in Agda
- Schwaab, Siek
- 2013
(Show Context)
Citation Context ...ss is often not crucial, either because the developments do not target any particular logic [4], [9], [19] or because the targeted logics cater for (potentially empty) dependent types [1], [3], [10], =-=[20]-=-. VI. CONCLUSION We presented a complete solution to the nonemptiness witness problem that arises in the context of Isabelle’s new (co)datatype package. The solution exploits the functorial view of ty... |

2 |
Java and the Java memory model—A unified, machine-checked formalisation
- Lochbihler
- 2012
(Show Context)
Citation Context ...lopments often involve datatypes and codatatypes in various constellations. For example, Lochbihler’s formalization of the Java memory model represents possibly infinite executions using a codatatype =-=[14]-=-. Codatatypes are also useful to capture lazy data structures, such as Haskell’s lists. Theorem provers based on higher-order logic (HOL), such as HOL4, HOL Light, Isabelle/HOL, and ProofPower–HOL, ar... |