Defining Functions on Equivalence Classes

Deﬁning Functions on
Equivalence Classes
Lawrence C. Paulson, Computer Laboratory,
University of Cambridge

2
Outline of Talk
1. Review of equivalence relations and quotients
2. General lemmas for deﬁning quotients formally
3. Detailed development of the integers
4. Brief treatment of a quotiented datatype

3
Quotient Constructions
Identify values according to an equivalence relation
• terms that diﬀer only by bound variable names
• numbers that leave the same residue modulo p
numerous applications in algebra, topology, etc.
• quotient constructions of the integers, rationals
and non-standard reals; quotient groups and rings
Where are the applications in automated proof?

4
Deﬁnitions
• An equivalence relation ∼ on a set A is any relation
that is reﬂexive (on A), symmetric and transitive.
• An equivalence class [x]∼ contains all y where y ∼ x
(for x ∈ A)
• If ∼ is an equivalence relation on A, then the
quotient space A/∼ is the set of all equivalence classes
• The equivalence classes form a partition of A

5
Examples
• The integers: equivalence classes on ℕ×ℕ
• The rationals: equivalence classes on ℤ×ℤ≠0
• λ-terms: equivalence classes on α-equivalence
• The hyperreals: infinite sequences of reals
(quotiented with respect to an ultrafilter)
ntegers can be defined as equivalence classes on pairs of natural numbers related by
(x, y) ∼ (u, v) ⇐⇒ x + v = u + y
ational numbers can be defined as equivalence classes on pairs of integers related by
(x, y) ∼ (u, v) ⇐⇒ xv = uy (y, v = 0)
ntegers can be defined using a signed magnitude representation. The rational numbers can be defined as fractions in reduced form.
[x]∼ is the equivalence class {y | y ∼ x}
quivalence relation partitions the set A. The quotient set A/∼ is defined to be the set of generated by ∼.
s examine the construction of the integers.
[(x, y)] represents the integer x − y
The integers can be defined as equivalence classes on pairs of natural numbers related by
(x, y) ∼ (u, v) ⇐⇒ x + v = u + y
The rational numbers can be defined as equivalence classes on pairs of integers related by
(x, y) ∼ (u, v) ⇐⇒ xv = uy (y, v = 0)
The integers can be defined using a signed magnitude representation. The rational numbers can be defined as fractions in reduced fo
The equivalence relation partitions the set A. The quotient set A/∼ is defined to be the set of generated by ∼.
Let us examine the construction of the integers.

6
Constructing the Integers
The integer operations on equivalence classes:
The equivalence relation partitions the set A. The quotient set A/∼ is defined to be the set of generated by ∼.
Let us examine the construction of the integers.
[(x, y)] represents the integer x − y
2
0 = [(0, 0)]
− [(x, y)] = [(y, x)]
[(x, y)] + [(u, v)] = [(x + u, y + v)]
[(x, y)] × [(u, v)] = [(xu + yv, xv + vu)]
Such definitions are only legitimate if they are independent of the particular elements chosen from the equivalence classes.
To prove
−(−z) = z
write the integer z as [(x, y)].
−(−[(x, y)]) = −[(y, x)] = [(x, y)]
Function definitions must preserve the
equivalence relation. Then the choice
of representative does not matter.

7
Sample Proof:
• Replace z by an arbitrary equivalence class
• Rewrite using
• Proof is trivial:
−(−z) = z
e integer z as [(x, y)].
−(−[(x, y)]) = −[(y, x)] = [(
f that addition is associative appeals to the corresponding property for the natura
x1, y1)] + [(x2, y2)] + [(x3, y3)] = [(x1 + x2 +
= [(x1, y1)] +
3
0 = [(0, 0)]
− [(x, y)] = [(y, x)]
[(x, y)] + [(u, v)] = [(x + u, y + v)]
[(x, y)] × [(u, v)] = [(xu + yv, xv + vu)]
To prove
−(−z) = z
−(−[(x, y)]) = −[(y, x)] = [(x, y)]
0 = [(0, 0)]
− [(x, y)] = [(y, x)]
[(x, y)] + [(u, v)] = [(x + u, y + v)]
[(x, y)] × [(u, v)] = [(xu + yv, xv + vu)]
ch deﬁnitions are only legitimate if they are independent of the particular elements chosen from the equivalence classes.
prove
−(−z) = z
rite the integer z as [(x, y)].
−(−[(x, y)]) = −[(y, x)] = [(x, y)]
e proof that addition is associative appeals to the corresponding property for the natural numbers:
[(x1, y1)] + [(x2, y2)] + [(x3, y3)] = [(x1 + x2 + x3, y1 + y2 + y3])
= [(x1, y1)] + [(x2, y2)] + [(x3, y3)]

8
Proof that + is Associative
Prove by associativity of + on the naturals
− [(x, y)] = [(y, x)]
[(x, y)] + [(u, v)] = [(x + u, y + v)]
[(x, y)] × [(u, v)] = [(xu + yv, xv + vu)]
To prove
−(−z) = z
−(−[(x, y)]) = −[(y, x)] = [(x, y)]
The proof that addition is associative appeals to the corresponding property for the natural numbers:
[(x1, y1)] + [(x2, y2)] + [(x3, y3)] = [(x1 + x2 + x3, y1 + y2 + y3])
= [(x1, y1)] + [(x2, y2)] + [(x3, y3)]
3
Replace each integer by a pair of natural numbers.

9
Alternatives to Quotients
• λ-terms? Use de Bruijn’s treatment of variables ✓
• Integers as signed natural numbers? Ugly, with
massive case analyses ✗
• Rationals as reduced fractions? Requires serious
reasoning about greatest common divisors ✗
• Hyperreals? Quotient groups? ✗✗✗

10
The equivalence class [x]
Formalizing Quotients
theorem eq equiv class iff:
"[[equiv A r; x ∈ A; y ∈ A]]
⇒ (r‘‘{x} = r‘‘{y}) = ((x,y) ∈ r)"
The quotient set is deﬁned to be the set of equivalence classes.
"A//r ≡ x ∈ A. {r‘‘{x}}"
set comprehensions as unions and singleton sets
{ f (x1, . . . , xn) | x1 ∈ A1, . . . , xn ∈ An} =
x1∈A1
. . .
xn∈An
{ f (x1, . . . , xn)}
Congruence-preserving property:
congruent r f ≡ ∀ y z. (y,z) ∈ r −→ f y = f z
4
Example: this deﬁnition of a quotient space
A Formalization of Equivalence Classes
R“{x} denotes {y | (x, y) ∈ R}: the equivalence class [x]R
"[[equiv A r; x ∈ A; y ∈ A]]
⇒ (r‘‘{x} = r‘‘{y}) = ((x,y) ∈ r)"
"A//r ≡ x ∈ A. {r‘‘{x}}"
{ f (x1, . . . , xn) | x1 ∈ A1, . . . , xn ∈ An} =
x1∈A1
. . .
xn∈An
{ f (
Set comprehensions as nested unions of singletons

11
Typical theorem: [x] = [y]
if and only if x ∼ yA Formalization of Equivalence Classes
R“{x} denotes {y | (x, y) ∈ R}: the equivalence class [x]R
"[[equiv A r; x ∈ A; y ∈ A]]
⇒ (r‘‘{x} = r‘‘{y}) = ((x,y) ∈ r)"
"A//r ≡ x ∈ A. {r‘‘{x}}"
{ f (x1, . . . , xn) | x1 ∈ A1, . . . , xn ∈ An} =
x1∈A1
. . .
xn∈An
{ f (x1,
r is an equivalence
relation on A
The equivalence classes
[x] and [y]

12
Defining Functions on
Equivalence Classes
lemma eliminates a union over the elements of an equivalence class provided the function
lemma UN equiv class:
"[[equiv A r; congruent r f; a
⇒ ( x ∈ r‘‘{a}. f x) = f a
other stuff for two-argument functions
contents {x} = x
Example: Defining the Integers Formally
We begin by defining the equivalence relation.
"intrel ≡ {((x,y),(u,v)) | x y
Next, we introduce the type int.
(Comprehensions are unions, so
we collapse constant unions)
• Form a set by applying the concrete function to
all representatives
• If the function preserves the equivalence relation,
this set will be a singleton. Then get its element:

13
A Key Deﬁnition & Lemma
{ f (x1, . . . , xn) | x1 ∈ A1, . . . , xn ∈ An} =
x1∈A1
. . .
xn∈An
{ f (x1, . . . , xn)}
congruent r f ≡ ∀ y z. (y,z) ∈ r −→ f y = f z
4
lemma eliminates a union over the elements of an equivalence class provided the function is Congruence-preserving.
"[[equiv A r; congruent r f; a ∈ A]]
⇒ ( x ∈ r‘‘{a}. f x) = f a"
contents {x} = x
Congruence-preserving function, f:
Collapsing unions over equivalence classes,
where f is a set-valued function
If f respects a equivalence relation, then the
union over [a] is simply f (a).

14
Constructing the Integers
The equivalence relation:
⇒ ( x ∈ r‘‘{a}. f x) = f a"
contents {x} = x
"intrel ≡ {((x,y),(u,v)) | x y u v. x+v = u+y}"
typedef (Integ) int = "UNIV//intrel"
by (auto simp add: quotient def)
Now we can deﬁne the integer constants 0 and 1.
"0 ≡ Abs Integ(intrel ‘‘ {(0,0)})"
5
⇒ ( x ∈ r‘‘{a}. f x) = f a"
contents {x} = x
"intrel ≡ {((x,y),(u,v)) | x y u v. x+v
5
The type deﬁnition (quotienting the universal set):
lemma eliminates a union over the elements of an equivalence class provided the function is Congruence-preserving
⇒ ( x ∈ r‘‘{a}. f x) = f a"
contents {x} = x
"intrel ≡ {((x,y),(u,v)) | x y u v. x+v =
5
The constants zero and one:

15
Deﬁning Unary Minus
Proving that intrel is an equivalence relation requires a one-line simpliﬁer call.
every integer is represented by a pair of natural numbers.
∀z ∃xy z = [(x, y)]
lemma eq Abs Integ [cases type: int]:
"( x y. z = Abs Integ(intrel‘‘{(x,y)}) ⇒ P) ⇒ P
Unary minus, A One-Argument Function
We cannot pick an arbitrary element of an equivalence class, but if the function is congruent, the choice of element does not mat
Therefore, we form a set consisting of all values generated by all elements of the equivalence class. This set will simplify to a singlet
whose value will be returned via the equation contents {x} = x.
"-z ≡ contents ( (x,y)∈Rep Integ z.
{ Abs Integ(intrel‘‘{(y,x)}) })"
Here intrel ‘‘ {(y,x)} denotes the equivalence class
[(y, x)]
The argument of contents is the collection of all integers [(y, x)] such that (x, y) belongs to the equivalence class for z. This collect
will turn out to be a singleton.
prove its characteristic equation
− [(x, y)] = [(y, x)]
6
All representatives of the integer z
every integer is represented by a pair of na
∀z ∃xy z = [(x, y)]
lemma eq Abs Integ
"( x y. z = Abs
Unary minus, A One-Arg
We cannot pick an arbitrary element of an
Therefore, we form a set consisting of all v
whose value will be returned via the equati
"-z ≡ contents (
{
Here intrel ‘‘ {(y,x)} denotes the equiv
[(y, x)]
The argument of contents is the collection
− [(x, y)] = [(y, x)]
The equivalence class
The desired characteristic equation:
∀z ∃xy z = [(x, y)]
lemma eq Abs Integ [c
"( x y. z = Abs In
Unary minus, A One-Argum
We cannot pick an arbitrary element of an equiva
Therefore, we form a set consisting of all values g
whose value will be returned via the equation cont
"-z ≡ contents ( (
{ Ab
Here intrel ‘‘ {(y,x)} denotes the equivalence
[(y, x)]
The argument of contents is the collection of all i
− [(x, y)] = [(y, x)]

16
Proving the
Characteristic Equation
lemma minus:
"- Abs Integ(intrel‘‘{(x,y)}) = Abs Integ(intrel ‘‘ {(y,x)})"
proof -
have "congruent intrel (λ(x,y). {Abs Integ (intrel‘‘{(y,x)})})"
by (simp add: congruent def)
thus ?thesis
by (simp add: minus int def UN equiv class [OF equiv intrel])
qed
The first part of the proof concerns congruence. The second part of the proof establishes the desired equation using the definition of
negation (minus int def) and our theorem about unions over equivalence classes.
Given the characteristic equation, proving properties of unary negation is trivial.
Consider the proof that negation is self-cancelling.
lemma "- (- z) = z"
by (cases z, simp add: minus)
Two-Argument Functions on Equivalence Classes
The definition respects the
equivalence relation.
Result follows by definition,
simplifying with a general lemma.

17
Reasoning About Minus
lemma minus:
"- Abs Integ(intrel‘‘{(x,y)}) = Abs Integ(intrel ‘‘ {(y,x)})"
proof -
have "congruent intrel (λ(x,y). {Abs Integ (intrel‘‘{(y,x)})})"
by (simp add: congruent def)
thus ?thesis
qed
The ﬁrst part of the proof concerns congruence. The second part of the proof establishes the desired equation using th
lemma "- (- z) = z"
Addition: There are simply two unions instead of one.
"z + w ≡
The characteristic equation lets other proofs
resemble textbook ones.
Step 1: uses cases to replace each integer by an
arbitrary pair of natural numbers.
Step 2: simplify using the equation and laws about
the natural numbers.

18
All representatives of the integers z and w
A Two-Argument Function
qed
The ﬁrst part of the proof concerns congruence. The second part of the proof establishes the desired equation using the deﬁnition of
lemma "- (- z) = z"
Addition: There are simply two unions instead of one.
"z + w ≡
contents ( (x,y)∈Rep Integ z. (u,v)∈Rep Integ w.
{ Abs Integ(intrel‘‘{(x+u, y+v)}) })"
7
The characteristic equation for addition [(x, y)] + [(u, v)] = [(x + u, y + v)]
lemma add:
"Abs Integ (intrel‘‘{(x,y)}) + Abs Integ (intrel‘‘{(u,v)}) =
Abs Integ (intrel‘‘{(x+u, y+v)})"
unary minus distributes over addition.
lemma "-(z + w) = (-z) + (-w)"
by (cases z, cases w), simp add: minus add)
The obvious generalization of
the one-argument case

19
Proofs About Addition
The characteristic equation:The characteristic equation for addition [(x, y)] + [(u, v)] = [(x + u, y + v)]
lemma add:
lemma "-(z + w) = (-z) + (-w)"
the ordering (≤)
"z ≤ (w::int)
≡ ∃ x y u v. x+v ≤ u+y &
(x,y) ∈ Rep Integ z & (u,v) ∈ Rep Inte
the characteristic equation directly
[(x, y)] ≤ [u, v] ⇐⇒ x + v ≤ u + y
lemma le:
"(Abs Integ(intrel‘‘{(x,y)}) ≤ Abs Integ(intrel‘‘{(u,v)}))
= (x+v ≤ u+y)"
by (force simp add: le int def)
A typical theorem:
lemma add:
lemma "-(z + w) = (-z) + (-w)"
the ordering (≤)
"z ≤ (w::int)
≡ ∃ x y u v. x+v ≤ u+y &
(x,y) ∈ Rep Integ z & (u,v) ∈ Rep Inte
[(x, y)] ≤ [u, v] ⇐⇒ x + v ≤ u + y
Proof, as usual, by cases and simpliﬁcation

20
Deﬁning The Ordering
lemma add:
lemma "-(z + w) = (-z) + (-w)"
the ordering (≤)
"z ≤ (w::int)
≡ ∃ x y u v. x+v ≤ u+y &
(x,y) ∈ Rep Integ z & (u,v) ∈ Rep Integ w"
[(x, y)] ≤ [u, v] ⇐⇒ x + v ≤ u + y
lemma le:
= (x+v ≤ u+y)"
8
Its proof:
lemma add:
lemma "-(z + w) = (-z) + (-w)"
the ordering (≤)
"z ≤ (w::int)
≡ ∃ x y u v. x+v ≤ u+y &
(x,y) ∈ Rep Integ z & (u,v) ∈ Rep In
[(x, y)] ≤ [u, v] ⇐⇒ x + v ≤ u + y
lemma le:
= (x+v ≤ u+y)"
8
We are not forced to treat relations as functions.
lemma "-(z + w) = (-z) + (-w)"
by (cases z, cases w), simp add: minus ad
the ordering (≤)
"z ≤ (w::int)
≡ ∃ x y u v. x+v ≤ u+y &
(x,y) ∈ Rep Integ z & (u,v)
[(x, y)] ≤ [(u, v)] ⇐⇒ x + v ≤ u + y
lemma le:
"(Abs Integ(intrel‘‘{(x,y)}) ≤ Abs Integ(intrel‘‘{(u,v)})
= (x+v ≤ u+y)"
8

21
How to Define a Quotiented
Recursive Datatype
1. Define an ordinary datatype: a free algebra.
2. Define an equivalence relation expressing the
desired equations.
3. Define the new type to be a quotient.
4. Define its abstract constructors and other
operations as functions on equivalence classes.

22
A Message Datatype
Quotienting a Recursive Data type
To define a datatype with equational constraints, first define an ordinary datatype (which will be a free algebra).
Then, define an equivalence relation expressing the desired equations. Finally, quotient the datatype.
The free datatype constructors are lifted to the new recursive datatype, using the techniques of function definition described above.
To define other functions on the new datatype, first define a concrete version on the free datatype and then lift it.
datatype
freemsg = NONCE nat
| MPAIR freemsg freemsg
| CRYPT nat freemsg
| DECRYPT nat freemsg
inductive "msgrel"
intros
CD: "CRYPT K (DECRYPT K X) ∼ X"
DC: "DECRYPT K (CRYPT K X) ∼ X"
NONCE: "NONCE N ∼ NONCE N"
MPAIR: "[[X ∼ X’; Y ∼ Y’]] ⇒ MPAIR X Y ∼ MPAIR X’ Y’"
CRYPT: "X ∼ X’ ⇒ CRYPT K X ∼ CRYPT K X’"
DECRYPT: "X ∼ X’ ⇒ DECRYPT K X ∼ DECRYPT K X’"
SYM: "X ∼ Y ⇒ Y ∼ X"
TRANS: "[[X ∼ Y; Y ∼ Z]] ⇒ X ∼ Z"
9
Can encryption and decryption to be inverses?
Quotienting a Recursive Data type
To define a datatype with equational constraints, first define an ordinary datatype (which will be a free algebra).
Then, define an equivalence relation expressing the desired equations. Finally, quotient the datatype.
The free datatype constructors are lifted to the new recursive datatype, using the techniques of function definition d
To define other functions on the new datatype, first define a concrete version on the free datatype and then lift it.
datatype
freemsg = NONCE nat
| MPAIR freemsg freemsg
| CRYPT nat freemsg
| DECRYPT nat freemsg
DK (EK (X)) = X and EK (DK (X)) = X
9

23
Symmetry and
transitivity
For the abstract
constructors
The desired equations
The Equivalence Relation
inductive "msgrel"
intros
SYM: "X ∼ Y ⇒ Y ∼ X"
TRANS: "[[X ∼ Y; Y ∼ Z]] ⇒ X ∼ Z"
"Nonce N == Abs Msg(msgrel‘‘{NONCE N})"
"MPair X Y ==
Abs Msg ( U∈Rep Msg X. V∈Rep Msg Y. msgrel‘‘{MPAIR U V})"
"Crypt K X == Abs Msg ( U∈Rep Msg X. msgrel‘‘{CRYPT K U})"
"Decrypt K X == Abs Msg ( U∈Rep Msg X. msgrel‘‘{DECRYPT K U})"
Related work

24
Defining Functions on the
Quotiented Datatype
• Destructors: define first on the free datatype,
respecting ∼, then transfer.
• Constructors: define like other functions on
equivalence relations. They respect ∼ by its
definition.
inductive "msgrel"
intros
SYM: "X ∼ Y ⇒ Y ∼ X"
TRANS: "[[X ∼ Y; Y ∼ Z]] ⇒ X ∼ Z"
"Nonce N == Abs Msg(msgrel‘‘{NONCE N})"
"MPair X Y ==
Abs Msg ( U∈Rep Msg X. V∈Rep Msg Y. msgrel‘‘{MPAIR U V})"
"Crypt K X == Abs Msg ( U∈Rep Msg X. msgrel‘‘{CRYPT K U})"
"Decrypt K X == Abs Msg ( U∈Rep Msg X. msgrel‘‘{DECRYPT K U})"
Related work
John Harrison package for HOL declares the type and operations and returns theorems about those operations. However, suc
is not essential. The necessary definitions are straightforward and the reasoning about equivalence classes poses no difficulti
Homeier: special support for quotient constructions on recursive data types.
10

25
Related Work
• HOL-4 packages by Harrison and Homeier
• lift concrete functions to abstract ones
• Isabelle/HOL theories
• Slotosch: partial equivalence relations
• Wenzel: axiomatic type classes
• All using Axiom of Choice (Hilbert’s ε-operator)

26
Conclusions
• Working with functions deﬁned on quotient
spaces is easy, using set comprehension.
• Any tool for set theory or HOL is suitable.
(Arthan uses similar ideas with ProofPower.)
• The axiom of choice is not required.
• With correct lemmas, simpliﬁcation is automatic.

Defining Functions on Equivalence Classes

More Related Content

What's hot (20)

Similar to Defining Functions on Equivalence Classes (20)

More from Lawrence Paulson (14)

Recently uploaded (20)

Defining Functions on Equivalence Classes