an algorithm for constructor form unification problems

The algorithm is very straightforward: it consists of repeatedly applying the transition rule appropriate to the leading equation until either the goal is proved outright or no equations remain.

From the above lemma, it is clear that if one step leaves a subgoal, the next step can be made. However, we must still show that unification terminates and computes most general unifiers:

DEFINITION: unifier, most general unifier

If^

„

^

à is a constructor form unification problem over

^

ž

andª is a substitu-

tion from the ^

ž

to terms over some^

ž C , thenª is unifer of ^ „ ^ à ifª ^ „ «ª ^ Ã.

In addition, ª is a most general unifier or mgu of

^ „ ^ à if any unifier of ^ „ ^

à can be factorised¬Ÿ­<ª , where¬ is a substitution on the

^

ž

C

.

LEMMA: unification terminates

For all constructor form unification problems, the sequence of transition rule applications determined at each stage by the leading equation is finite.

PROOF

I shall use the traditional proof: we may establish a well-founded ordering on unifica- tion problems, being the lexicographical ordering on the following three quantities:

Á

the number of variables ^

ž

Á

the number of constructor symbols appearing in the problem

Á

the number of equations in the problem

We may then check case by case that each transition rule either terminates directly or reduces this measure.

Á

cycle and conflict terminate directly

Á

coalescence and substitution decrement the number of variables

Á

injectivity preserves the number of variables but reduces the number of con- structor symbols

Á

identity preserves the number of variables and the number of constructor sym- bols, but reduces the number of equations

©

LEMMA: unification correct

For any initial goal which is constructor form unification problem

E ^ ž J ^ „ ^ æƒ C “ ^ ž·” either^ „ and ^

à have no unifier, in which case the algorithm proves the goal,

or there is a subset ^

ž

Ch®

^

ž

and a substitutionª from the

^

ž

to constructor forms over the ^

ž

C

such thatª is a mgu of

^

„

with

^

à and the algorithm yields

subgoal E­^ ž C J C “ ª ^ ž·” PROOF

It is enough to check that at each step of the problem, either

Á

the goal has been proven and there is no unifier, or

Á

the goal is of form

E­^ ž C J ^ „ C ^ à C ƒ C “ ª ^ ž·”

such that a most general unifier ¬ of remainder

^ „ C ^ à C

induces a most general unifier¬¡­<ª of ^ „ ^ Ã

This invariant holds initially, with accumulatorª the identity substitution. If it holds

finally with no goal, there was no unifier. Otherwise it holds finally with the empty remainder whose mgu is the identity substitution, so the accumulator is the mgu of

^

„

^

Ã.

Case by case, then:

Á

cycle and conflict prove the goal in cases where there is no unifer

Á

identity and injectivity change neither the accumulator nor the unifiers of the remainder

Á

coalescence and substitution

remainder accumulator before žyx ^ „ C Éà x ^ à C ª after “ à U}ž_” ^ „ C “ à U}ž·” ^ à C “ à U}ž·” ­<ª

Suppose ¬ is a mgu of the remainder after the transition. It is enough to show

that ¬¯­

“

Ã

U}ž·”

is a mgu of the remainder beforehand, with the invariant forcing

¬¡­ “ à Už·” ­<ª to be a mgu of ^ „ ^ à . Clearly¬Ÿ­ “ à U}ž·” unifiesžjx ^ „ C Éà x ^ à C .

Now suppose° also unifies žyx ^ „ C ¸Ã x ^ à C . Then° ‡ °=­ “ à U}ž·” , because – °=­ “ à U}ž_”ž ‡ °_à ‡ ° ž by hypothesis – °=­ “ à U}ž_”w ‡ ° w whenwx  ‡ ž Hence° unifies “ à U}ž·” ^ „ C “ à U}ž_” ^ à C

and can thus be factorised±²­L¬ . But°

‡ °³­ “ à U ž_” ‡ ±´­<¬¡­ “ à U}ž·” . Thus¬Ÿ­ “ à Už_”

is most general as required.

©

I feel I should make some comment on these proofs, not that there is anything unusual about them, quite the reverse. I have deliberately given a conventional ‘measure’ proof of termination, by way of comparison with the structurally recursive algorithm I shall exhibit later as an example of programming with dependent datatypes.

Now that we have an algorithm which exploits the transition rules, it remains only to construct proofs of them. identity is trivial. coalescence and substitution are just applications of>;)(c¥

£

=Bh

K

. conflict, injectivity and cycle all require some work.

Before I give the constructions, I want to draw attention to the computational aspect of the proofs built by the unification algorithm: we shall need this technology to build programs as well as proofs. If the algorithm generates

X<WVñLµ S q(DeE­^ ž C J ^ „ C ^ à C ƒ C “ ª ^ ž·” † W7yNS q y ‡ J7J7J DeE­^ ž J ^ „ ^ æƒ C “ ^ ž·”

we shall need the computational behaviour (for arbitrary ^

ž C ) W7yNS q yª ^ žÝ™ >¶ª ^ „]Ÿ ÿ ‡ WVñVµ S q ^ ž C ™ > ^ „ C Ÿ

Recall that the elimination tactic supplies

> proofs for the constraints. When an

elimination rule with associated reductions is applied to a constructor-headed target, it reduces to one of the subgoal proofs, like W¤y]S

q

y , and the

> s are passed for the

subgoal’s constraint arguments—this must allow the subgoal proof to reduce to its simplified version WVñLµ S

q

, and ultimately to the value the user has supplied for that case.

Once again, we may check this property stepwise. identity is implemented by a Y -

abstraction with the appropriate · -behaviour, while coalescence and substitution ex-

ploit the established reduction of>;)(c¥

£

=?h

K

. For conflict and cycle there is nothing to prove, but we must pay attention in the case of injectivity.

In document Dependently Typed Functional Programs and their Proofs. Conor McBride (Page 138-141)