1231 lines
70 KiB
Plaintext
1231 lines
70 KiB
Plaintext
(*<*)
|
|
theory "paper"
|
|
imports "Isabelle_DOF.scholarly_paper"
|
|
begin
|
|
|
|
open_monitor*[this::article]
|
|
|
|
declare[[ strict_monitor_checking = false]]
|
|
declare[[ Definition_default_class = "definition"]]
|
|
declare[[ Lemma_default_class = "lemma"]]
|
|
declare[[ Theorem_default_class = "theorem"]]
|
|
|
|
define_shortcut* hol \<rightleftharpoons> \<open>HOL\<close>
|
|
isabelle \<rightleftharpoons> \<open>Isabelle/HOL\<close>
|
|
dof \<rightleftharpoons> \<open>Isabelle/DOF\<close>
|
|
LaTeX \<rightleftharpoons> \<open>LaTeX\<close>
|
|
html \<rightleftharpoons> \<open>HTML\<close>
|
|
csp \<rightleftharpoons> \<open>CSP\<close> \<comment>\<open>obsolete\<close>
|
|
holcsp \<rightleftharpoons> \<open>HOL-CSP\<close> \<comment>\<open>obsolete\<close>
|
|
|
|
|
|
ML\<open>
|
|
|
|
fun boxed_text_antiquotation name (* redefined in these more abstract terms *) =
|
|
DOF_lib.gen_text_antiquotation name DOF_lib.report_text
|
|
(fn ctxt => DOF_lib.string_2_text_antiquotation ctxt
|
|
#> DOF_lib.enclose_env false ctxt "isarbox")
|
|
|
|
val neant = K(Latex.text("",\<^here>))
|
|
|
|
fun boxed_theory_text_antiquotation name (* redefined in these more abstract terms *) =
|
|
DOF_lib.gen_text_antiquotation name DOF_lib.report_theory_text
|
|
(fn ctxt => DOF_lib.string_2_theory_text_antiquotation ctxt
|
|
#> DOF_lib.enclose_env false ctxt "isarbox"
|
|
(* #> neant *)) (*debugging *)
|
|
|
|
fun boxed_sml_text_antiquotation name =
|
|
DOF_lib.gen_text_antiquotation name (K(K()))
|
|
(fn ctxt => Input.source_content
|
|
#> Latex.text
|
|
#> DOF_lib.enclose_env true ctxt "sml")
|
|
(* the simplest conversion possible *)
|
|
|
|
fun boxed_pdf_antiquotation name =
|
|
DOF_lib.gen_text_antiquotation name (K(K()))
|
|
(fn ctxt => Input.source_content
|
|
#> Latex.text
|
|
#> DOF_lib.enclose_env true ctxt "out")
|
|
(* the simplest conversion possible *)
|
|
|
|
fun boxed_latex_antiquotation name =
|
|
DOF_lib.gen_text_antiquotation name (K(K()))
|
|
(fn ctxt => Input.source_content
|
|
#> Latex.text
|
|
#> DOF_lib.enclose_env true ctxt "ltx")
|
|
(* the simplest conversion possible *)
|
|
|
|
fun boxed_bash_antiquotation name =
|
|
DOF_lib.gen_text_antiquotation name (K(K()))
|
|
(fn ctxt => Input.source_content
|
|
#> Latex.text
|
|
#> DOF_lib.enclose_env true ctxt "bash")
|
|
(* the simplest conversion possible *)
|
|
\<close>
|
|
|
|
setup\<open>(* std_text_antiquotation \<^binding>\<open>my_text\<close> #> *)
|
|
boxed_text_antiquotation \<^binding>\<open>boxed_text\<close> #>
|
|
(* std_text_antiquotation \<^binding>\<open>my_cartouche\<close> #> *)
|
|
boxed_text_antiquotation \<^binding>\<open>boxed_cartouche\<close> #>
|
|
(* std_theory_text_antiquotation \<^binding>\<open>my_theory_text\<close>#> *)
|
|
boxed_theory_text_antiquotation \<^binding>\<open>boxed_theory_text\<close> #>
|
|
|
|
boxed_sml_text_antiquotation \<^binding>\<open>boxed_sml\<close> #>
|
|
boxed_pdf_antiquotation \<^binding>\<open>boxed_pdf\<close> #>
|
|
boxed_latex_antiquotation \<^binding>\<open>boxed_latex\<close>#>
|
|
boxed_bash_antiquotation \<^binding>\<open>boxed_bash\<close>
|
|
\<close>
|
|
|
|
(*>*)
|
|
|
|
title*[tit::title]\<open>A Framework for Proving Ontology-Relations and Runtime Testing Ontology Instances\<close>
|
|
|
|
text*[idir::author,
|
|
email ="\<open>idir.aitsadoune@centralesupelec.fr\<close>",
|
|
orcid ="''0000-0002-6484-8276''",
|
|
affiliation ="\<open>Université Paris-Saclay, CentraleSupélec, LMF, France\<close>"]\<open>Idir Ait-Sadoune\<close>
|
|
|
|
text*[nic::author,
|
|
email ="\<open>nicolas.meric@universite-paris-saclay.fr\<close>",
|
|
orcid ="''0000-0002-0756-7072''",
|
|
affiliation ="\<open>Université Paris-Saclay, LMF, France\<close>"]\<open>Nicolas Méric\<close>
|
|
text*[bu::author,
|
|
email ="\<open>burkhart.wolff@universite-paris-saclay.fr\<close>",
|
|
affiliation = "\<open>Université Paris-Saclay, LMF, France\<close>"]\<open>Burkhart Wolff\<close>
|
|
|
|
text*[abs::abstract,
|
|
keywordlist="[\<open>Ontologies\<close>,\<open>Formal Documents\<close>,\<open>Formal Development\<close>,\<open>Isabelle/HOL\<close>,\<open>Ontology Mapping\<close>,\<open>Certification\<close>]"]
|
|
\<open> \<^dof> is an ontology framework on top of Isabelle
|
|
@{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"}.
|
|
\<^dof> allows for the formal development of ontologies as well as continuous checking that
|
|
a formal document under development conforms to an underlying ontology. Such a document may
|
|
contain text and code elements as well as formal Isabelle definitions and proofs.
|
|
Thus, \<^dof> is designed to annotate and trace typed meta-data
|
|
within formal developments in Isabelle.
|
|
|
|
In this paper we extend \<^dof> with \<^emph>\<open>invariants\<close> (or: ontological \<^emph>\<open>rules\<close>). Via a reflection
|
|
mechanism, this allows for efficient run-time checking of abstract properties of formal
|
|
content under evolution. Additionally, invariants have a formal represention in HOL amenable to
|
|
formal proofs over mappings between different ontologies.
|
|
With this feature widely called \<^emph>\<open>ontology mapping\<close> in the literature, our framework paves the
|
|
way for advanced uses such as ``semantic'' search and translation. We demonstrate the use of
|
|
these new features in an extended ontology used for formal developments targeting CENELEC
|
|
certifications.
|
|
\<^vs>\<open>-0.3cm\<close> \<close>
|
|
|
|
section*[introheader::introduction] \<open> Introduction \<close>
|
|
|
|
text*[introtext::introduction]\<open> \<^vs>\<open>-0.2cm\<close>
|
|
The linking of \<^emph>\<open>formal\<close> and \<^emph>\<open>informal\<close> information is perhaps the most pervasive challenge
|
|
in the digitization of knowledge and its propagation. Unsurprisingly, this problem reappears
|
|
in the libraries with formalized mathematics and engineering such as the Isabelle Archive of
|
|
Formal Proofs @{cite "AFP-ref22"} (AFP), which passed the impressive numbers of 650 articles,
|
|
written by 420 authors at the beginning of 2022. Together with the AFP, there is also a growing
|
|
body on articles concerned with formal software engineering such as standardized language
|
|
definitions (e.g., @{cite "CakeML-AFP" and "brucker.ea:featherweight:2014"}),
|
|
data-structures
|
|
(e.g., @{cite "brucker.ea:afp-core-dom:2018" and "Splay_Tree-AFP"}), hardware- models
|
|
(e.g., @{cite "SPARCv8-AFP"}),
|
|
security-related specifications
|
|
(e.g., @{cite "brucker.ea:upf-firewall:2017" and "Security_Protocol_Refinement-AFP"}),
|
|
or operating systems (e. g., @{cite "verbeek.ea:formal:2014" and "klein.ea:comprehensive:2014"}).
|
|
|
|
|
|
Still, while the problem of logical consistency
|
|
even under system-changes and pervasive theory evolution is technically solved via continuous
|
|
proof-checking, the problem of knowledge retrieval and of linking semi-formal explanations to
|
|
definitions and proofs remains largely open.
|
|
% The \<^emph>\<open>knowledge\<close> problem of the increasingly massive \<^emph>\<open>digital information\<close> available
|
|
% incites numerous research efforts summarized under the labels ``semantic web'',
|
|
% ``integrated document management'', or any form of advanced ``semantic'' text processing.
|
|
% These technologies are increasingly important in jurisprudence, medical research and
|
|
% life-sciences in order to tame their respective publication tsunamies.
|
|
The central role in technologies adressing the \<^emph>\<open>knowledge\<close> problem
|
|
is played by \<^emph>\<open>document ontologies\<close>, \<^ie>, a machine-readable form
|
|
of meta-data attached to document-elements as well as their document discourse. In order
|
|
to make these techniques applicable to \<^emph>\<open>formal theory development\<close>,
|
|
the following is needed: \<^vs>\<open>0.2cm\<close>
|
|
|
|
\<^item> a general mechanism to define and develop \<^emph>\<open>domain-specific\<close> ontologies,
|
|
\<^item> ... that should be adapted to entities occurring in formal theories,
|
|
\<^ie>, provide built-in support for types, terms, theorems, proofs, etc.,
|
|
\<^item> ways to annotate meta-data generated by ontologies to the document elements,
|
|
as ``deep'' as possible, together with strong validation checks,
|
|
\<^item> a smooth integration into the theory document development process, and
|
|
\<^item> ways to relate ontologies and ontology-conform documents along different
|
|
ontologies by \<^emph>\<open>ontological mappings\<close> and \<^emph>\<open>data translations\<close>
|
|
@{footnote \<open>We follow throughout this text the terminology established in
|
|
@{cite "books/daglib/0032976"}, pp. 39 ff.\<close>}.
|
|
\<close>
|
|
|
|
text\<open> \<^vs>\<open>-0.2cm\<close>
|
|
Recently, \<^dof> @{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"}
|
|
\<^footnote>\<open>The official releases are available at \<^url>\<open>https://zenodo.org/record/6385695\<close>, the
|
|
developer version at \<^url>\<open>https://github.com/logicalhacking/Isabelle_DOF\<close>.\<close>
|
|
has been designed as an Isabelle component that attempts to answer these needs.
|
|
\<^dof> generates from ontology definitions directly integrated into Isabelle theories
|
|
typed meta-data, that may be annotated to a number of document elements and that were
|
|
validated ``on-the-fly'' during the general continuous type and proof-checking process
|
|
in an IDE (Isabelle/PIDE). Thus, we extend the document-centric view on code, definitions,
|
|
proofs, text-elements, etc., prevailing in the Isabelle system framework.
|
|
|
|
In more detail, \<^dof> introduces a number of ``ontology aware'' text-elements with analogous
|
|
syntax to standard ones. The difference is a bracket with meta-data of the form:
|
|
@{theory_text [display,indent=10, margin=70]
|
|
\<open>text*[label::classid, attr\<^sub>1=E\<^sub>1, ... attr\<^sub>n=E\<^sub>n]\<open> some semi-formal text \<close>
|
|
ML*[label::classid, attr\<^sub>1=E\<^sub>1, ... attr\<^sub>n=E\<^sub>n]\<open> some SML code \<close>
|
|
...\<close>}
|
|
In these \<^dof> elements, a meta-data object is created and associated to it. This
|
|
meta-data can be referenced via its label and used in further computations in text or code.
|
|
%; the details will be explained in the subsequent section.
|
|
|
|
Admittedly, Isabelle is not the first system that comes into one's mind when writing a scientific
|
|
paper, a book, or a larger technical documentation. However, it has a typesetting system inside
|
|
which is in the tradition of document generation systems such as mkd, Document! X, Doxygen,
|
|
Javadoc, etc., and which embed formal content such as formula pretty-prints into semi-formal text
|
|
or code. The analogous mechanism the Isabelle system provides is a machine-checked macro
|
|
called \<^emph>\<open>antiquotation\<close> that depends on the logical context of the document element.
|
|
|
|
With standard Isabelle antiquotations, for example, the following text element
|
|
of the integrated source will appear in Isabelle/PIDE as follows:
|
|
@{theory_text [display,indent=10, margin=70]
|
|
\<open>text\<open> According to the reflexivity axiom @{thm refl}, we obtain in \<Gamma>
|
|
for @{term "fac 5"} the result @{value "fac 5"}.\<close>\<close>}
|
|
In the corresponding generated \<^LaTeX> or HTML output, this looks like this:
|
|
@{cartouche [display,indent=17, margin=70]
|
|
\<open>According to the reflexivity axiom \<open>x = x\<close>, we obtain in \<Gamma>
|
|
for \<open>fac 5\<close> the result \<open>120\<close>.\<close>}
|
|
where the meta-texts \<open>@{thm refl}\<close> (``give the presentation of theorem `refl'\,\!''),
|
|
\<open>@{term "fac 5"}\<close> (``parse and type-check `fac 5' in the previous logical context'')
|
|
and \<open>@{value "fac 5"}\<close> (``compile and execute `fac 5' according to its
|
|
definitions'') are built-in antiquotations in \<^hol>.
|
|
|
|
One distinguishing feature of \<^dof> is that specific antiquotations \<^emph>\<open>were generated from
|
|
an ontology\<close> rather than being hard-coded into the Isabelle system infrastructure.
|
|
\<close>
|
|
|
|
(*
|
|
text
|
|
\<open>
|
|
|
|
%too long !
|
|
This leads to an evolution strategy we call "integrate the document, strengthen the
|
|
links" (IDSL): integrate all sources into the Isabelle document model, and
|
|
replace \<^emph>\<open>text\<close> by appropriate \<^emph>\<open>meta-text\<close> wherever you can.
|
|
Developers are rewarded for applying IDSL by specific IDE-support,
|
|
by additional semantic checks and thus by a more robust document consistency
|
|
which is easier to maintain under collaborative changes.
|
|
%For example, if someone changes the theorem name, an error would result when processing
|
|
%the text. On the other hand, \<open>@{value "fac 5"}\<close> would not guard against a change of definition
|
|
%of \<open>fac\<close>. If this is desirable, an antiquotation like \<open>@{assert "fac 5 = 120"}\<close> would be more appropriate.
|
|
%too long !
|
|
Antiquotations do not only occur in text-elements in Isabelle; they are also heavily used
|
|
in the code-elements of Isabelle's SML implementation, or were specifically supported in
|
|
C-program contexts in Isabelle/C @{cite "Tuong-IsabelleC:2019"}.
|
|
|
|
However, programming antiquotations on the intern Isabelle API's is nothing for the
|
|
faint-hearted. Recently, \<^dof> @{cite "brucker.ea:isabelledof:2019" and "brucker.ea:isabelle-ontologies:2018"}
|
|
has been designed as an Isabelle component that \<^emph>\<open>generates\<close> antiquotation languages
|
|
from a more abstract description, namely an \<^emph>\<open>ontology\<close> that provides typed meta-data
|
|
and typed reference mechanisms inside text- and ML-contexts.
|
|
|
|
*)
|
|
|
|
text\<open>As novel contribution, this work extends prior versions of \<^dof> by
|
|
\<^enum> support of antiquotations in a new class of contexts, namely \<^emph>\<open>term contexts\<close>
|
|
(rather than SML code or semi-formal text). Thus, annotations generated
|
|
from \<^dof> may also occur in \<open>\<lambda>\<close>-terms used to denote meta-data.
|
|
\<^enum> formal, machine-checked invariants on meta-data, which correspond to the concept of
|
|
``rules'' in OWL~ @{cite "OWL2014"} or ``constraints'' in UML, and which can be specified in
|
|
common \<^hol> \<open>\<lambda>\<close>-term syntax.
|
|
\<close>
|
|
text\<open> \<^noindent> For example, the \<^dof> command evaluating the \<^hol>-expression:
|
|
@{theory_text [display,indent=10, margin=70]
|
|
\<open>value*[ass::Assertion, relvce=4::int]
|
|
\<open>filter (\<lambda> \<sigma>. relvce \<sigma> > 2) @{Assertion-instances}\<close>\<close>}
|
|
where \<^dof> command \<open>value*\<close> type-checks, expands in an own validation phase
|
|
the \<open>Assertion-instances\<close>-term antiquotation, and evaluates the resulting \<^hol> expression
|
|
above. Assuming an ontology providing the class \<open>Assertion\<close> having at least the
|
|
integer attribute \<open>relvce\<close>, the command finally creates an instance of \<open>Assertion\<close> and
|
|
binds this to label \<open>ass\<close>, while setting its \<open>relvce\<close> to 4.
|
|
|
|
Beyond the gain of expressivity in \<^dof> ontologies, term-anti\-quotations pave the way
|
|
for advanced queries of elements inside an integrated source, and invariants
|
|
allow for formal proofs over the relations/translations of ontologies and ontology-instances.
|
|
The latter question raised scientific interest under the label ``ontology mapping'' for
|
|
which we therefore present a formal solution. To sum up, we completed \<^dof> to
|
|
a fairly rich ontology language oriented to interactive theorem proving (ITP) systems,
|
|
which is a concrete proposal for formal development projects targeting a certification,
|
|
for technical documentation, for books with a high amount of machine-checked formal content
|
|
or for mathematical libraries such as the AFP.\<close>
|
|
|
|
(*<*)
|
|
declare_reference*[casestudy::text_section]
|
|
(*>*)
|
|
|
|
section*[bgrnd::background,main_author="Some(@{docitem ''bu''}::author)"] \<open> Background\<close>
|
|
(*
|
|
subsection\<open>Isabelle/DOF Design and Implementation\<close>
|
|
text\<open>
|
|
In this section, we provide a guided tour through the underlying technologies of this paper:
|
|
\begin{inparaenum}
|
|
\item Isabelle and Isabelle/HOL,
|
|
\item \<^dof> and its Ontology Definition Language (ODL).
|
|
\end{inparaenum}
|
|
\<close>
|
|
subsection*[bgrnd_isabelle::text_section]\<open>Isabelle and HOL\<close>
|
|
text\<open>
|
|
While still widely perceived as an interactive theorem proving environment, Isabelle
|
|
@{cite "nipkow.ea:isabelle:2002"} has become a generic system framework providing
|
|
an infrastructure for plug-ins. This comprises extensible
|
|
state components, extensible syntax, code-generation, and advanced documentation support.
|
|
The plugin Isabelle/HOL offers a modeling language similar to functional programming languages
|
|
extended by a logic and automated proof and animation techniques.
|
|
\<close>
|
|
*)
|
|
subsection*[bgrnd_isadof::background]\<open>The \<^dof> Framework\<close>
|
|
text\<open>
|
|
\<^dof>~@{cite "brucker.ea:isabelle-ontologies:2018" and
|
|
"brucker.ea:isabelledof:2019"}
|
|
is a document ontology framework that extends \<^isabelle>.
|
|
\<^dof> offers basically two things: a language called Ontology Definition Language (ODL)
|
|
to \<^emph>\<open>specify\<close> a formal ontology,
|
|
and ways to \<^emph>\<open>annotate\<close> an integrated document written in \<^isabelle> with the specified
|
|
meta-data. Additionally, \<^dof> generates from an ontology a family of
|
|
\<^emph>\<open>anti\-quotations\<close> allowing to specify machine-checked links between ODL entities.
|
|
% Unlike UML, however, \<^dof> allows for integrated documents with informal and formal elements
|
|
% including the necessary management of logical contexts.
|
|
|
|
The perhaps most attractive aspect of \<^dof> is its deep integration into the IDE of Isabelle
|
|
(Isabelle/PIDE), which allows a hypertext-like navigation as well as fast user-feedback
|
|
during development and evolution of the integrated source. This includes rich editing support,
|
|
including on-the-fly semantics checks, hinting, or auto-completion.
|
|
\<^dof> supports \<^LaTeX>-based document generation as well as ontology-aware ``views'' on
|
|
the integrated document, \<^ie>, specific versions of generated PDF addressing, \<^eg>,
|
|
different stake-holders.
|
|
|
|
\<close>
|
|
|
|
(*<*)
|
|
figure*[isadof_screenshot::figure, relative_width="100", src="''figures/cicm2018-combined''"]\<open>
|
|
The \<^dof> IDE (left) and the corresponding PDF(right).
|
|
\<close>
|
|
text*[description_scrrenshot::background]\<open>
|
|
@{docitem \<open>isadof_screenshot\<close>} shows \<^dof> in action: the left-hand side shows the IDE of
|
|
\<^dof> in the context of a user session maintaining our case study
|
|
(see @{docitem (unchecked) "casestudy"})
|
|
where a user is editing a semi-formal requirement. The right-hand side show the
|
|
generated PDF document that can be used within a certification process.
|
|
\<close>
|
|
(*>*)
|
|
|
|
subsection*[bgrnd_ODL::background]\<open>A Guided Tour through ODL\<close>
|
|
text\<open>
|
|
\<^dof> provides a strongly typed ODL that provides the usual
|
|
concepts of ontologies such as
|
|
\<^item> \<^emph>\<open>document class\<close> (using the \<^theory_text>\<open>doc_class\<close> keyword) that describes a concept,
|
|
\<^item> \<^emph>\<open>attributes\<close> specific to document classes (attributes might be initialized with default
|
|
values), and
|
|
\<^item> a special link, the reference to a super-class,
|
|
establishes an \<^emph>\<open>is-a\<close> relation between classes.
|
|
% classes may refer to other classes via a regular expression in an optional \<^emph>\<open>where\<close> clause
|
|
% (a class with a where clause is called \<^emph>\<open>monitor\<close>).\<close>
|
|
|
|
text\<open>\<^vs>\<open>-0.2cm\<close> The types of attributes are \<^hol>-types. Thus, ODL can refer to any predefined type
|
|
from the \<^hol> library, \<^eg>, \<^type>\<open>string\<close>, \<^type>\<open>int\<close> as well as parameterized types, \<^eg>,
|
|
\<^type>\<open>option\<close>, \<^type>\<open>list\<close>. As a consequence of the Isabelle document model, ODL definitions
|
|
may be arbitrarily mixed with standard \<^hol> type definitions. Document class definitions are
|
|
\<^hol>-types, allowing for formal \<^emph>\<open>links\<close> to and between ontological concepts. For example, the
|
|
basic concept of requirements from CENELEC 50128~@{cite "bsi:50128:2014"} is captured in ODL as
|
|
follows:
|
|
@{theory_text [display,indent=10, margin=70]
|
|
\<open>doc_class requirement = text_element + (* \<comment> \<open>derived from text_element\<close> *)
|
|
long_name ::"string option" (* \<comment> \<open>an optional string attribute\<close> *)
|
|
is_concerned::"role set" (* \<comment> \<open>roles working with this req.\<close> *) \<close>}
|
|
This ODL class definition maybe part of one or more Isabelle theory-files capturing the entire
|
|
ontology definition. Isabelle's session management allows for pre-compiling them before being
|
|
imported in the actual target document. \<close>
|
|
|
|
side_by_side_figure*["text-elements"::side_by_side_figure,anchor="''fig-Req-Def-ex''",
|
|
caption="''A Text-Element as Requirement.''",relative_width="48",
|
|
src="''figures/Req-Def-ex''",anchor2="''fig-Req-Appl-ex''",
|
|
caption2="''Referencing a Requirement.''",relative_width2="48",
|
|
src2="''figures/Req-Appl-ex''"]\<open>Referencing a Requirement. \<close>
|
|
|
|
text\<open>@{figure "text-elements"} shows an ontological annotation of a requirement and its referencing
|
|
via an antiquotation \<^theory_text>\<open>@{requirement \<open>req1\<close>}\<close>; the latter is generated from the above
|
|
class definition. Undefined or ill-typed references were rejected, the high-lighting displays
|
|
the hyperlinking which is activated on a click. The class-definition of \<open>requirement\<close> and its
|
|
documentation is also revisited via one activation click.\<close>
|
|
(*
|
|
|
|
text\<open>\<^dof>'s generated antiquotations are part of a general mechanism of
|
|
Isabelle's standard antiquotations heavily used in various papers and technical reports.
|
|
For example, in the following informal text, the antiquotation \<^verbatim>\<open>thm refl\<close> refers
|
|
to the reflexivity axiom from HOL:
|
|
@{theory_text [display,indent=10, margin=70]
|
|
\<open>
|
|
text<Open>According to the reflexivity axiom <@>{thm refl}, we obtain in \<Gamma>
|
|
for <@>{term <Open>fac 5<Close>} the result <@>{value <Open>fac 5<Close>}.<Close>\<close>}
|
|
In the PDF output, this is represented as follows:
|
|
\begin{out}
|
|
According to the reflexivity axiom $x = x$, we obtain in \<open>\<Gamma>\<close> for $\operatorname{fac} 5$ the result $120$.
|
|
\end{out}
|
|
The antiquotation \inlineisar|<@>{value <Open>fac 5<Close>}| refers to a function that is defined in the
|
|
preceding logical context (and parsed as inner syntax) to compute the value of $5!$, \ie, $120$.
|
|
Summing up, antiquotations can refer to formal content, can be type-checked before being displayed
|
|
and can be used for calculations before actually being typeset. All these features can be
|
|
used for the calculation of attribute values (as in @{docitem \<open>text-elements\<close>}, observe the value
|
|
\<open>UNIV\<close> used to set the attribute \<open>is_concerned\<close> is a HOL-constant denoting the universal set).
|
|
|
|
Finally, for each ontological concept, a custom representation, using \<^LaTeX>-notation, for the
|
|
generated PDF document can be defined. The latter includes, \<^eg>, the possibility to automatically
|
|
generated glossaries or lists of concepts.
|
|
\<close>
|
|
|
|
*)
|
|
(*<*)
|
|
type_synonym A = int
|
|
type_synonym B = int
|
|
record T =
|
|
x :: A
|
|
y :: B
|
|
|
|
term "\<lparr>x = a,y = b\<rparr>"
|
|
(*>*)
|
|
text\<open>\<^vs>\<open>-0.1cm\<close> \<^noindent> \<^isabelle> supports records at the level of terms and
|
|
types. The notation for terms and types is as follows: \<^vs>\<open>-0.2cm\<close>
|
|
\<^item> record terms \<^term>\<open>\<lparr>x = a,y = b\<rparr>\<close> and corresponding record types \<open>\<lparr>x::A, y::B\<rparr>\<close>,
|
|
\<^item> the resulting selectors are written \<^term>\<open>x(r::T)\<close>, \<^term>\<open>y(r::T)\<close>.\<close>
|
|
|
|
text\<open> \<^noindent> In fact, \<^theory_text>\<open>onto_class\<close>es and the logically equivalent \<^theory_text>\<open>doc_class\<close>es were
|
|
represented by \<^emph>\<open>extensible\<close> record types and instances thereof by HOL terms
|
|
(see @{cite"brucker.ea:isabelledof:2019"} for details.).
|
|
Invariants of an \<^theory_text>\<open>onto_class\<close> are just predicates over extensible record
|
|
types and were applied to subclasses. \<close>
|
|
|
|
subsection\<open>Term-Evaluations in Isabelle\<close>
|
|
text\<open>Besides the powerful, but relatively slow Isabelle rewriting-based proof method,
|
|
there are two other techniques for term evaluation: \<^vs>\<open>-0.2cm\<close>
|
|
\<^item> evaluation via reflection @{cite "HaftmannN10"} (\<^theory_text>\<open>eval\<close>), and
|
|
\<^item> normalization by evaluation @{cite "AehligHN12"} (\<^theory_text>\<open>nbe\<close>).\<close>
|
|
|
|
text\<open> \<^noindent> The former is based on a nearly one-to-one compilation of HOL-level datatype specifications
|
|
and function definitions into SML datatypes and functions.
|
|
The latter technique --- allowing for free variables in terms --- uses a generic data-universe
|
|
enriched by explicit variables. Both techniques are several orders of magnitude faster
|
|
than standard rewriting. \<^dof> uses both to generate code that evaluates invariant and data-integrity
|
|
checks on-the-fly during editing. For all examples in our library, this form of runtime-testing
|
|
is sufficiently fast to remain unnoticed by the user.
|
|
\<close>
|
|
(*
|
|
text\<open>
|
|
The generated code is directly compiled by the underlying SML compiler of the
|
|
Isabelle platform. This way, pattern-matching becomes natively compiled rather
|
|
than interpreted as in the matching process of \<^theory_text>\<open>simp\<close>. @{cite "AehligHN12"}
|
|
describes scenarios where \<^theory_text>\<open>eval\<close> is five orders of magnitude faster than \<^theory_text>\<open>simp\<close>.
|
|
However, it is restricted to ground terms.
|
|
|
|
The latter is based on a compilation of datatype specifications into a uniform
|
|
data-universe enriched by closures and explicit variables. Recursive function
|
|
definitions in \<^hol> were compiled to SML functions where the argument terms
|
|
were represented in the data-universe. Pattern-matching is still compiled to
|
|
native functions executed if closures are completed. \<^theory_text>\<open>nbe\<close> is not restricted
|
|
to ground terms, but lies in its efficiency between \<^theory_text>\<open>simp\<close> and \<^theory_text>\<open>eval\<close>.
|
|
|
|
\<^dof> uses a combination of these three techniques in order to check invariants
|
|
for ontological classes on the fly during editing, paving the way for both
|
|
a uniform specification language of ontological data --- namely \<^hol> --- as
|
|
well as the possibility to \<^emph>\<open>prove\<close> properties over and relations between
|
|
classes.\<close>
|
|
*)
|
|
|
|
section*[invariants::technical,main_author="Some(@{docitem ''nic''}::author)"]
|
|
\<open>Term-Context Support, Invariants and Queries in DOF\<close>
|
|
|
|
(*<*)
|
|
(* Ontology example for mathematical papers *)
|
|
|
|
doc_class myauthor =
|
|
email :: "string" <= "''''"
|
|
doc_class mytext_section =
|
|
authored_by :: "myauthor set" <= "{}"
|
|
level :: "int option" <= "None"
|
|
doc_class myintro = mytext_section +
|
|
authored_by :: "myauthor set" <= "UNIV"
|
|
uses :: "string set"
|
|
invariant author_set :: "authored_by \<sigma> \<noteq> {}"
|
|
and force_level :: "the (level \<sigma>) > 1"
|
|
doc_class myclaim = myintro +
|
|
based_on :: "string list"
|
|
doc_class mytechnical = mytext_section +
|
|
formal_results :: "thm list"
|
|
|
|
datatype kind = expert_opinion | argument | "proof"
|
|
|
|
doc_class myresult = mytechnical +
|
|
evidence :: kind
|
|
property :: "thm list" <= "[]"
|
|
invariant has_property :: "evidence \<sigma> = proof \<longleftrightarrow> property \<sigma> \<noteq> []"
|
|
doc_class myconclusion = mytext_section +
|
|
establish :: "(myclaim \<times> myresult) set"
|
|
invariant establish_defined :: "\<forall> x. x \<in> Domain (establish \<sigma>)
|
|
\<longrightarrow> (\<exists> y \<in> Range (establish \<sigma>). (x, y) \<in> establish \<sigma>)"
|
|
|
|
declare[[invariants_checking = true]]
|
|
declare[[invariants_checking_with_tactics = true]]
|
|
|
|
text*[church::myauthor, email="\<open>church@lambda.org\<close>"]\<open>\<close>
|
|
|
|
text*[proof1::myresult, evidence = "proof", property="[@{thm \<open>HOL.refl\<close>}]"]\<open>\<close>
|
|
|
|
text*[proof2::myresult, evidence = "proof", property="[@{thm \<open>HOL.sym\<close>}]"]\<open>\<close>
|
|
|
|
term*\<open>@{myauthor \<open>church\<close>}\<close>
|
|
(*term*\<open>@{myauthor \<open>churche\<close>}\<close>*)
|
|
|
|
value*\<open>email @{myauthor \<open>church\<close>}\<close>
|
|
(*value*\<open>email @{myauthor \<open>churche\<close>}\<close>*)
|
|
|
|
(*assert*\<open>@{myresult \<open>proof1\<close>} = @{myresult \<open>proof2\<close>}\<close>*)
|
|
|
|
(*text*[intro1::myintro, authored_by = "{@{myauthor \<open>church\<close>}}", level = "Some 0"]\<open>\<close>*)
|
|
|
|
(*text*[claimNotion::myclaim, authored_by = "{@{myauthor \<open>church\<close>}}", based_on= "[\<open>Notion1\<close>, \<open>Notion2\<close>]", level = "Some 0"]\<open>\<close>*)
|
|
|
|
text*[intro2::myintro, authored_by = "{@{myauthor \<open>church\<close>}}", level = "Some 2"]\<open>\<close>
|
|
|
|
declare[[invariants_checking = false]]
|
|
declare[[invariants_checking_with_tactics = false]]
|
|
(*>*)
|
|
|
|
text\<open>
|
|
To offer a smooth integration into the \<^emph>\<open>formal\<close> theory development process,
|
|
\<^isabelle> should be able to dynamically interpret the source document.
|
|
But the specific antiquotations introduced by \<^dof> are not directly recognized
|
|
by \<^isabelle>, and the process of term checking and evaluation must be enriched.
|
|
Previous works~@{cite "brucker.ea:isabelle-ontologies:2018" and "brucker.ea:isabelledof:2019"}
|
|
added a validation step for the SML and semi-formal text contexts.
|
|
To support \<^dof> antiquotations in the term contexts, the validation step should
|
|
be improved and a new step, which we call \<^emph>\<open>elaboration\<close> must be added to allow
|
|
these antiquotations in \<open>\<lambda>\<close>-terms.
|
|
The resulting process encompasses the following steps:
|
|
\<^item> Parsing of the term which represents the object in \<^hol>,
|
|
\<^item> Typeinference/Typechecking of the term,
|
|
\<^item> Ontological validation of the term: the meta-data of term antiquotations is
|
|
parsed and checked in the logical context,
|
|
\<^item> Elaboration of term antiquotations: depending of the antiquotation specific
|
|
elaboration function, the antiquotations containing references were replaced,
|
|
for example, by the object they refer to in the logical context,
|
|
\<^item> Generation of markup information for the Isabelle/PIDE, and
|
|
\<^item> Code generation:
|
|
\<^item> Evaluation of \<^hol> expressions with ontological annotations,
|
|
\<^item> Generation of ontological invariants processed simultaneously
|
|
with the generation of the document (a theory in \<^hol>).
|
|
|
|
\<^isabelle> provides inspection commands to type-check (the command \<^theory_text>\<open>term\<close>)
|
|
and to evaluate a term (the command \<^theory_text>\<open>value\<close>).
|
|
We provide the equivalent commands, respectively \<^theory_text>\<open>term*\<close> and \<^theory_text>\<open>value*\<close>, which
|
|
additionally support a validation and elaboration phase.
|
|
A variant of \<^theory_text>\<open>value*\<close> is \<^theory_text>\<open>assert*\<close>, which additionally checks
|
|
that the term-evaluation results in \<^const>\<open>True\<close>.
|
|
Note that term antiquotations are admitted in all \<^dof> commands, not just
|
|
\<^theory_text>\<open>term*\<close>, \<^theory_text>\<open>value*\<close> etc.
|
|
\<close>
|
|
|
|
(*<*)
|
|
declare_reference*["type-checking-example"::side_by_side_figure]
|
|
(*>*)
|
|
|
|
text\<open>
|
|
If we take back the example ontology for mathematical papers
|
|
of~@{cite "brucker.ea:isabelledof:2019"} shown in \autoref{fig-ontology-example}
|
|
\begin{figure}
|
|
@{boxed_theory_text [display]
|
|
\<open>datatype kind = expert_opinion | argument | "proof"
|
|
|
|
doc_class myauthor =
|
|
email :: "string" <= "''''"
|
|
doc_class mytext_section =
|
|
authored_by :: "myauthor set" <= "{}"
|
|
level :: "int option" <= "None"
|
|
doc_class myintro = mytext_section +
|
|
authored_by :: "myauthor set" <= "UNIV"
|
|
uses :: "string set"
|
|
invariant author_set :: "authored_by \<sigma> \<noteq> {}"
|
|
and force_level :: "the (level \<sigma>) > 1"
|
|
doc_class myclaim = myintro +
|
|
based_on :: "string list"
|
|
doc_class mytechnical = mytext_section +
|
|
formal_results :: "thm list"
|
|
doc_class myresult = mytechnical +
|
|
evidence :: kind
|
|
property :: "thm list" <= "[]"
|
|
invariant has_property :: "evidence \<sigma> = proof \<longleftrightarrow> property \<sigma> \<noteq> []"
|
|
doc_class myconclusion = mytext_section +
|
|
establish :: "(myclaim \<times> myresult) set"
|
|
invariant establish_defined :: "\<forall> x. x \<in> Domain (establish \<sigma>)
|
|
\<longrightarrow> (\<exists> y \<in> Range (establish \<sigma>). (x, y) \<in> establish \<sigma>)"\<close>}
|
|
\caption{Excerpt of an Example Ontology for mathematical Papers.}
|
|
\label{fig-ontology-example}
|
|
\end{figure}
|
|
we can define some class instances for this ontology with the \<^theory_text>\<open>text*\<close> command,
|
|
as in \autoref{fig-instances-example}.
|
|
\begin{figure}
|
|
@{boxed_theory_text [display]
|
|
\<open>text*[church::myauthor, email="\<open>church@lambda.org\<close>"]\<open>\<close>
|
|
text*[proof1::myresult, evidence="proof", property="[@{thm \<open>HOL.refl\<close>}]"]\<open>\<close>
|
|
text*[proof2::myresult, evidence="proof", property="[@{thm \<open>HOL.sym\<close>}]"]\<open>\<close>
|
|
text*[intro1::myintro, authored_by="{@{myauthor \<open>church\<close>}}", level="Some 0"]\<open>\<close>
|
|
text*[intro2::myintro, authored_by="{@{myauthor \<open>church\<close>}}", level="Some 2"]\<open>\<close>
|
|
text*[claimNotion::myclaim, authored_by="{@{myauthor \<open>church\<close>}}"
|
|
, based_on="[\<open>Notion1\<close>,\<open>Notion2\<close>]", level="Some 0"]\<open>\<close>\<close>}
|
|
\caption{Some Instances of the Classes of the Ontology of \autoref{fig-ontology-example}.}
|
|
\label{fig-instances-example}
|
|
\end{figure}
|
|
In the instance \<^theory_text>\<open>intro1\<close>, the term antiquotation \<^theory_text>\<open>@{myauthor \<open>church\<close>}\<close>,
|
|
or its equivalent notation \<^term>\<open>@{myauthor \<open>church\<close>}\<close>, denotes
|
|
the instance \<^theory_text>\<open>church\<close> of the class \<^typ>\<open>myauthor\<close>,
|
|
where \<^theory_text>\<open>church\<close> is a \<^hol>-string.
|
|
One can now reference a class instance in a \<^theory_text>\<open>term*\<close> command.
|
|
In the command \<^theory_text>\<open>term*\<open>@{myauthor \<open>church\<close>}\<close>\<close>
|
|
the term \<^term>\<open>@{myauthor \<open>church\<close>}\<close> is type-checked, \<^ie>, the command \<^theory_text>\<open>term*\<close> checks that
|
|
\<^theory_text>\<open>church\<close> references a term of type \<^typ>\<open>myauthor\<close> against the global context
|
|
(see \<^side_by_side_figure>\<open>type-checking-example\<close>).
|
|
\<close>
|
|
|
|
|
|
side_by_side_figure*[
|
|
"type-checking-example"::side_by_side_figure
|
|
, anchor="''fig-term-type-checking-ex''"
|
|
, caption="''Church is an existing Instance.''"
|
|
, relative_width="48"
|
|
, src="''figures/term-context-checking-example''"
|
|
, anchor2="''fig-term-type-checking-failed-ex''"
|
|
, caption2="''The Churche Instance is not defined.''"
|
|
, relative_width2="48"
|
|
, src2="''figures/term-context-failed-checking-example''"
|
|
]\<open>Type-Checking of Antiquotations in a Term-Context.\<close>
|
|
|
|
(*<*)
|
|
declare_reference*["evaluation-example"::side_by_side_figure]
|
|
(*>*)
|
|
|
|
text\<open>
|
|
The command \<^theory_text>\<open>value*\<open>email @{author \<open>church\<close>}\<close>\<close>
|
|
validates \<^term>\<open>@{myauthor \<open>church\<close>}\<close>
|
|
and returns the attribute-value of \<^const>\<open>email\<close> for the \<^theory_text>\<open>church\<close> instance,
|
|
\<^ie> the \<^hol> string \<^term>\<open>''church@lambda.org''\<close>
|
|
(see \<^side_by_side_figure>\<open>evaluation-example\<close>).
|
|
\<close>
|
|
|
|
side_by_side_figure*[
|
|
"evaluation-example"::side_by_side_figure
|
|
, anchor="''fig-term-evaluation-ex''"
|
|
, caption="''The Evaluation succeeds.''"
|
|
, relative_width="48"
|
|
, src="''figures/term-context-evaluation-example''"
|
|
, anchor2="''fig-term-failed-evaluation-ex''"
|
|
, caption2="''The Evaluation fails.''"
|
|
, relative_width2="48"
|
|
, src2="''figures/term-context-failed-evaluation-example''"
|
|
]\<open>Evaluation of Antiquotations in a Term-Context.\<close>
|
|
|
|
(*
|
|
figure*[
|
|
"term-context-checking-example-figure"::figure
|
|
, relative_width="99"
|
|
, src="''figures/term-context-checking-example''"
|
|
]\<open>The invariant \<^theory_text>\<open>force_level\<close> of the class claim is inherited
|
|
from the class \<^theory_text>\<open>introduction\<close> and is violated by the instance \<^theory_text>\<open>claimNotion\<close>.
|
|
\<close>
|
|
|
|
figure*[
|
|
"term-context-evaluation-figure"::figure
|
|
, relative_width="99"
|
|
, src="''figures/term-context-evaluation-example''"
|
|
]\<open>The invariant \<^theory_text>\<open>force_level\<close> of the class claim is inherited
|
|
from the class \<^theory_text>\<open>introduction\<close> and is violated by the instance \<^theory_text>\<open>claimNotion\<close>.
|
|
\<close>
|
|
*)
|
|
|
|
(*<*)
|
|
declare_reference*["term-context-equality-evaluation"::figure]
|
|
(*>*)
|
|
|
|
text\<open>
|
|
Since term antiquotations are logically uninterpreted constants,
|
|
it is possible to compare class instances logically. The assertion
|
|
in the \<^figure>\<open>term-context-equality-evaluation\<close> fails:
|
|
the class instances \<^theory_text>\<open>proof1\<close> and \<^theory_text>\<open>proof2\<close> are not equivalent
|
|
because their attribute \<^term>\<open>property\<close> differs.
|
|
When \<^theory_text>\<open>assert*\<close> evaluates the term,
|
|
the term antiquotations \<^term>\<open>@{thm \<open>HOL.refl\<close>}\<close> and \<^term>\<open>@{thm \<open>HOL.sym\<close>}\<close> are checked
|
|
against the global context such that the strings \<^term>\<open>\<open>HOL.refl\<close>\<close> and \<^term>\<open>\<open>HOL.sym\<close>\<close>
|
|
denote existing theorems.
|
|
\<close>
|
|
|
|
figure*[
|
|
"term-context-equality-evaluation"::figure
|
|
, relative_width="80"
|
|
, src="''figures/term-context-equality-evaluation-example''"
|
|
]\<open>Evaluation of the Equivalence of two Class Instances.
|
|
\<close>
|
|
|
|
text\<open>
|
|
The mechanism of term annotations is also used for the new concept of
|
|
invariant constraints which can be specified in common \<^hol> syntax.
|
|
They were introduced by the keyword \<^theory_text>\<open>invariant\<close>
|
|
in a class definition (recall \autoref{fig-ontology-example}).
|
|
Following the constraints proposed in @{cite "brucker.ea:isabelle-ontologies:2018"},
|
|
one can specify that any instance of a class \<^typ>\<open>myresult\<close>
|
|
finally has a non-empty property list, if its \<^typ>\<open>kind\<close> is \<^const>\<open>proof\<close>
|
|
(see the \<^theory_text>\<open>invariant has_property\<close>), or that
|
|
the relation between \<^typ>\<open>myclaim\<close> and \<^typ>\<open>myresult\<close> expressed in the attribute \<^const>\<open>establish\<close>
|
|
must be defined when an instance
|
|
of the class \<^typ>\<open>myconclusion\<close> is defined (see the \<^theory_text>\<open>invariant establish_defined\<close>).
|
|
|
|
In \autoref{fig-ontology-example}, the \<^theory_text>\<open>invariant author_set\<close> of the class \<^typ>\<open>myintro\<close>
|
|
enforces that a \<^typ>\<open>myintro\<close> instance has at least one author.
|
|
The \<open>\<sigma>\<close> symbol is reserved and references the future class instance.
|
|
By relying on the implementation of the Records
|
|
in \<^isabelle>~@{cite "wenzel:isabelle-isar:2020"},
|
|
one can reference an attribute of an instance using its selector function.
|
|
For example, \<^term>\<open>establish \<sigma>\<close> denotes the value
|
|
of the attribute \<^const>\<open>establish\<close>
|
|
of the future instance of the class \<^typ>\<open>myconclusion\<close>.
|
|
\<close>
|
|
|
|
(*<*)
|
|
declare_reference*["inherited-invariant-checking-figure"::figure]
|
|
(*>*)
|
|
|
|
text\<open>
|
|
The value of each attribute defined for the instances is checked at run-time
|
|
against their class invariants.
|
|
Classes also inherit the invariants from their super-class.
|
|
As the class \<^typ>\<open>myclaim\<close> is a subclass
|
|
of the class \<^typ>\<open>myintro\<close>, it inherits the \<^typ>\<open>myintro\<close> invariants.
|
|
In \<^figure>\<open>inherited-invariant-checking-figure\<close>,
|
|
we attempt to specify a new instance \<^theory_text>\<open>claimNotion\<close> of the class \<^typ>\<open>myclaim\<close>.
|
|
However, the invariant checking triggers an error because
|
|
the \<^theory_text>\<open>invariant force_level\<close> forces the value of the argument
|
|
of the attribute \<^const>\<open>level\<close> to be greater than 1,
|
|
and we initialize it to \<^term>\<open>Some (0::int)\<close> in \<^theory_text>\<open>claimNotion\<close>.
|
|
\<close>
|
|
|
|
figure*[
|
|
"inherited-invariant-checking-figure"::figure
|
|
, relative_width="99"
|
|
, src="''figures/inherited-invariant-checking-violated-example''"
|
|
]\<open>Inherited Invariant Violation.\<close>
|
|
|
|
(*<*)
|
|
value*\<open>map (myresult.property) @{myresult-instances}\<close>
|
|
value*\<open>map (mytext_section.authored_by) @{myintro-instances}\<close>
|
|
|
|
value*\<open>filter (\<lambda>\<sigma>. myresult.evidence \<sigma> = proof) @{myresult-instances}\<close>
|
|
value*\<open>filter (\<lambda>\<sigma>. the (mytext_section.level \<sigma>) > 1) @{myintro-instances}\<close>
|
|
value*\<open>filter (\<lambda>\<sigma>. myresult.evidence \<sigma> = argument) @{myresult-instances}\<close>
|
|
(*>*)
|
|
|
|
text\<open>
|
|
Any class definition generates term antiquotations checking a class instance reference
|
|
in a particular logical context; these references were
|
|
elaborated to objects they refer to.
|
|
This paves the way for a new mechanism to query the ``current'' instances presented
|
|
as a \<^hol> \<^type>\<open>list\<close>.
|
|
Arbitrarily complex queries can therefore be defined inside the logical language.
|
|
Thus, to get the list of the properties of the instances of the class \<^typ>\<open>myresult\<close>,
|
|
or to get the list of the authors of the instances of the \<^typ>\<open>myintro\<close> class,
|
|
it suffices to treat this meta-data as usual:
|
|
@{theory_text [display,indent=5, margin=70]
|
|
\<open>value*\<open>map (myresult.property) @{myresult-instances}\<close>
|
|
value*\<open>map (mytext_section.authored_by) @{myintro-instances}\<close>\<close>}
|
|
In order to get the list of the instances of the class \<^typ>\<open>myresult\<close>
|
|
whose \<^const>\<open>evidence\<close> is a \<^const>\<open>proof\<close>, one can use the command:
|
|
@{theory_text [display,indent=5, margin=70]
|
|
\<open>value*\<open>filter (\<lambda>\<sigma>. myresult.evidence \<sigma> = proof) @{myresult-instances}\<close>\<close>}
|
|
\<close>
|
|
|
|
section*["morphisms"::technical,main_author="Some(@{docitem ''idir''}::author)"] \<open>Proving Morphisms on Ontologies\<close>
|
|
|
|
(*<*)
|
|
(* Mapped_PILIB_Ontology example *)
|
|
term\<open>fold (+) S 0\<close>
|
|
|
|
definition sum
|
|
where "sum S = (fold (+) S 0)"
|
|
|
|
datatype Hardware_Type =
|
|
Motherboard |
|
|
Expansion_Card |
|
|
Storage_Device |
|
|
Fixed_Media |
|
|
Removable_Media |
|
|
Input_Device |
|
|
Output_Device
|
|
|
|
(* Reference Ontology *)
|
|
onto_class Resource =
|
|
name :: string
|
|
|
|
onto_class Electronic = Resource +
|
|
provider :: string
|
|
manufacturer :: string
|
|
|
|
onto_class Component = Electronic +
|
|
mass :: int
|
|
dimensions :: "int list"
|
|
|
|
onto_class Informatic = Resource +
|
|
description :: string
|
|
|
|
onto_class Hardware = Informatic +
|
|
type :: Hardware_Type
|
|
mass :: int
|
|
composed_of :: "Component list"
|
|
invariant c1 :: "mass \<sigma> = sum(map Component.mass (composed_of \<sigma>))"
|
|
|
|
(* Local Ontology *)
|
|
onto_class Item =
|
|
name :: string
|
|
|
|
onto_class Product = Item +
|
|
serial_number :: int
|
|
provider :: string
|
|
mass :: int
|
|
|
|
onto_class Computer_Hardware = Product +
|
|
type :: Hardware_Type
|
|
composed_of :: "Product list"
|
|
invariant c2 :: "Product.mass \<sigma> = sum(map Product.mass (composed_of \<sigma>))"
|
|
|
|
|
|
definition Product_to_Component_morphism :: "Product \<Rightarrow> Component"
|
|
("_ \<langle>Component\<rangle>\<^sub>P\<^sub>r\<^sub>o\<^sub>d\<^sub>u\<^sub>c\<^sub>t" [1000]999)
|
|
where " \<sigma> \<langle>Component\<rangle>\<^sub>P\<^sub>r\<^sub>o\<^sub>d\<^sub>u\<^sub>c\<^sub>t = \<lparr> Resource.tag_attribute = 1::int ,
|
|
Resource.name = name \<sigma> ,
|
|
Electronic.provider = provider \<sigma> ,
|
|
Electronic.manufacturer = ''no manufacturer'' ,
|
|
Component.mass = mass \<sigma> ,
|
|
Component.dimensions = [] \<rparr>"
|
|
|
|
definition Computer_Hardware_to_Hardware_morphism :: "Computer_Hardware \<Rightarrow> Hardware"
|
|
("_ \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e" [1000]999)
|
|
where "\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e =
|
|
\<lparr> Resource.tag_attribute = 2::int ,
|
|
Resource.name = name \<sigma> ,
|
|
Informatic.description = ''no description'',
|
|
Hardware.type = type \<sigma> ,
|
|
Hardware.mass = mass \<sigma> ,
|
|
Hardware.composed_of = map Product_to_Component_morphism
|
|
(composed_of \<sigma>)
|
|
\<rparr>"
|
|
|
|
lemma inv_c2_preserved :
|
|
"c2_inv \<sigma> \<Longrightarrow> c1_inv (\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e)"
|
|
unfolding c1_inv_def c2_inv_def
|
|
Computer_Hardware_to_Hardware_morphism_def Product_to_Component_morphism_def
|
|
by (auto simp: comp_def)
|
|
|
|
lemma Computer_Hardware_to_Hardware_morphism_total :
|
|
"Computer_Hardware_to_Hardware_morphism ` ({X::Computer_Hardware. c2_inv X}) \<subseteq> ({X::Hardware. c1_inv X})"
|
|
using inv_c2_preserved
|
|
by auto
|
|
|
|
(*>*)
|
|
|
|
text\<open>
|
|
The \<^dof> framework does not assume that all documents refer to the same ontology.
|
|
Each document may even build its local ontology without any external reference.
|
|
It may also be based on several reference ontologies (\<^eg>, from the \<^dof> library).
|
|
Since ontological instances possess \<^emph>\<open>representations inside the logic\<close>,
|
|
the relationship between a local ontology and a reference ontology can be formalised
|
|
using a morphism function also inside the logic. More precisely, the instances of local ontology
|
|
classes may be described as the image of a
|
|
transformation applied to one or several other instances of class(es) belonging to another
|
|
ontology. Thanks to the morphism relationship, the obtained class may either import meta-data
|
|
(definitions are preserved) or map meta-data (the properties are different but
|
|
are semantically equivalent) that are defined in the referenced class(es).
|
|
It may also provide additional properties. This means that morphisms may be injective,
|
|
surjective, bijective, and thus describe abstract relations between ontologies.
|
|
This raises the question of invariant preservation.
|
|
\<close>
|
|
text\<open>
|
|
To illustrate this process, we have defined a simple ontology to classify Hardware objects.
|
|
%This ontology is described in \autoref{fig-Local-Ontology-example
|
|
|
|
%\begin{figure}[!h]
|
|
@{boxed_theory_text [display]
|
|
\<open>onto_class Item =
|
|
name :: string
|
|
onto_class Product = Item +
|
|
serial_number :: int
|
|
provider :: string
|
|
mass :: int
|
|
onto_class Computer_Hardware = Product +
|
|
type :: Hardware_Type
|
|
composed_of :: "Product list"
|
|
invariant c2 :: "Product.mass \<sigma> = sum(map Product.mass (composed_of \<sigma>))"\<close>}
|
|
%\caption{An extract of a local (user) ontology.}
|
|
%\label{fig-Local-Ontology-example}
|
|
%\end{figure}
|
|
%}
|
|
|
|
This ontology defines the \<^typ>\<open>Item\<close>, \<^typ>\<open>Product\<close> and \<^typ>\<open>Computer_Hardware\<close> concepts (or classes).
|
|
Each class contains a set of attributes or properties and some local invariants.
|
|
In this example, we focus on the \<^typ>\<open>Computer_Hardware\<close>
|
|
class defined as a list of products characterised by their mass value.
|
|
This class contains a local \<^theory_text>\<open>invariant c2\<close> to guarantee that its own mass value
|
|
equals the sum of all the masses of the products composing the object.
|
|
For the sake of the argument, we use the reference ontology (considered as a standard)
|
|
described in this listing:
|
|
%\begin{figure}
|
|
@{boxed_theory_text [display]
|
|
\<open>definition sum where "sum S = (fold (+) S 0)"
|
|
|
|
datatype Hardware_Type = Motherboard | Expansion_Card | Storage_Device ...
|
|
|
|
onto_class Resource =
|
|
name :: string
|
|
onto_class Electronic = Resource +
|
|
provider :: string
|
|
manufacturer :: string
|
|
onto_class Component = Electronic +
|
|
mass :: int
|
|
dimensions :: "int list"
|
|
onto_class Informatic = Resource +
|
|
description :: string
|
|
onto_class Hardware = Informatic +
|
|
type :: Hardware_Type
|
|
mass :: int
|
|
composed_of :: "Component list"
|
|
invariant c1 :: "mass \<sigma> = sum(map Component.mass (composed_of \<sigma>))"\<close>}
|
|
%\caption{An extract of a reference ontology.}
|
|
%\label{fig-Reference-Ontology-example}
|
|
%\end{figure}
|
|
|
|
This ontology defines the \<^typ>\<open>Resource\<close>,
|
|
\<^typ>\<open>Electronic\<close>, \<^typ>\<open>Component\<close>, \<^typ>\<open>Informatic\<close> and \<^typ>\<open>Hardware\<close> concepts.
|
|
In our example, we focus on the \<^typ>\<open>Hardware\<close> class containing a \<^const>\<open>Component.mass\<close> attribute
|
|
inherited from the \<^typ>\<open>Component\<close> class
|
|
and composed of a list of components with a \<^const>\<open>Component.mass\<close> attribute formalising
|
|
the mass value of each component.
|
|
The \<^typ>\<open>Hardware\<close> class also contains a local \<^theory_text>\<open>invariant c1\<close>
|
|
to define a constraint linking the global mass of a \<^typ>\<open>Hardware\<close> object
|
|
with the masses of its own components.
|
|
|
|
\<close>
|
|
|
|
text\<open>
|
|
To check the coherence of our local ontology, we define a relationship between the local ontology
|
|
and the reference ontology using morphism functions (or mapping rules as in ATL framework~@{cite "atl"}
|
|
or EXPRESS-X language~@{cite "BGPP95"}). These rules are applied to define the relationship
|
|
between one class of the local ontology to one or several other class(es) described in the reference
|
|
ontology. In our case, we have define two morphisms, \<^const>\<open>Product_to_Component_morphism\<close>
|
|
and \<^const>\<open>Computer_Hardware_to_Hardware_morphism\<close>, detailed in the following listing:
|
|
|
|
%\begin{figure}
|
|
@{boxed_theory_text [display]
|
|
\<open>definition Product_to_Component_morphism ::
|
|
"Product \<Rightarrow> Component" ("_ \<langle>Component\<rangle>\<^sub>P\<^sub>r\<^sub>o\<^sub>d\<^sub>u\<^sub>c\<^sub>t" [1000]999)
|
|
where " \<sigma> \<langle>Component\<rangle>\<^sub>P\<^sub>r\<^sub>o\<^sub>d\<^sub>u\<^sub>c\<^sub>t = \<lparr> Resource.tag_attribute = 1::int ,
|
|
Resource.name = name \<sigma> ,
|
|
Electronic.provider = provider \<sigma> ,
|
|
Electronic.manufacturer = ''no manufacturer'' ,
|
|
Component.mass = mass \<sigma> ,
|
|
Component.dimensions = [] \<rparr>"\<close>}
|
|
|
|
@{boxed_theory_text [display]
|
|
\<open>definition Computer_Hardware_to_Hardware_morphism ::
|
|
"Computer_Hardware \<Rightarrow> Hardware"
|
|
("_ \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e" [1000]999)
|
|
where "\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e =
|
|
\<lparr> Resource.tag_attribute = 2::int ,
|
|
Resource.name = name \<sigma> ,
|
|
Informatic.description = ''no description'',
|
|
Hardware.type = type \<sigma> ,
|
|
Hardware.mass = mass \<sigma> ,
|
|
Hardware.composed_of = map Product_to_Component_morphism
|
|
(composed_of \<sigma>) \<rparr>"\<close>}
|
|
%\caption{An extract of a mapping definition.}
|
|
%\label{fig-mapping-example}
|
|
%\end{figure}
|
|
|
|
|
|
These definitions specify how \<^typ>\<open>Product\<close> or \<^typ>\<open>Computer_Hardware\<close> objects are mapped to \<^typ>\<open>Component\<close>
|
|
or \<^typ>\<open>Hardware\<close> objects defined in the reference ontology.
|
|
This mapping shows that the structure of a (user) ontology may be arbitrarily different
|
|
from the one of a standard ontology it references.
|
|
\<close>
|
|
|
|
text\<open>
|
|
After defining the mapping rules, now we have to deal with the question of invariant preservation.
|
|
The following example proofs for a simple but typical example of reformatting meta-data into another
|
|
format along an ontological mapping are nearly trivial:
|
|
|
|
%\begin{figure}
|
|
@{boxed_theory_text [display]
|
|
\<open>lemma inv_c2_preserved :
|
|
"c2_inv \<sigma> \<Longrightarrow> c1_inv (\<sigma> \<langle>Hardware\<rangle>\<^sub>C\<^sub>o\<^sub>m\<^sub>p\<^sub>u\<^sub>t\<^sub>e\<^sub>r\<^sub>H\<^sub>a\<^sub>r\<^sub>d\<^sub>w\<^sub>a\<^sub>r\<^sub>e)"
|
|
unfolding c1_inv_def c2_inv_def
|
|
Computer_Hardware_to_Hardware_morphism_def
|
|
Product_to_Component_morphism_def
|
|
by (auto simp: comp_def)
|
|
|
|
lemma Computer_Hardware_to_Hardware_total :
|
|
"Computer_Hardware_to_Hardware_morphism ` ({X. c2_inv X})
|
|
\<subseteq> ({X::Hardware. c1_inv X})"
|
|
using inv_c2_preserved by auto\<close>}
|
|
%\caption{Proofs establishing an Invariant Preservation.}
|
|
%\label{fig-xxx}
|
|
%\end{figure}
|
|
|
|
After unfolding
|
|
the invariant and the morphism definitions, the preservation proof is automatic. The advantage
|
|
of using the \<^dof> framework compared to approaches like ATL or EXPRESS-X is
|
|
the possibility of formally verifying the \<^emph>\<open>mapping rules\<close>, \<^ie>, proving the preservation
|
|
of invariants, as we have demonstrated in the previous example.
|
|
\<close>
|
|
|
|
(*<*)
|
|
text\<open>Ontology example extracted from
|
|
\<^file>\<open>$ISABELLE_DOF_HOME/src/ontologies/CENELEC_50128/CENELEC_50128.thy\<close> and adapted\<close>
|
|
|
|
datatype role = PM \<comment> \<open>Program Manager\<close>
|
|
| RQM \<comment> \<open>Requirements Manager\<close>
|
|
| DES \<comment> \<open>Designer\<close>
|
|
| IMP \<comment> \<open>Implementer\<close>
|
|
| ASR \<comment> \<open>Assessor\<close>
|
|
| INT \<comment> \<open>Integrator\<close>
|
|
| TST \<comment> \<open>Tester\<close>
|
|
| VER \<comment> \<open>Verifier\<close>
|
|
| VnV \<comment> \<open>Verification and Validation\<close>
|
|
| VAL \<comment> \<open>Validator\<close>
|
|
|
|
datatype phase = SYSDEV_ext \<comment> \<open> System Development Phase (external)\<close>
|
|
| SPl \<comment> \<open>Software Planning\<close>
|
|
| SR \<comment> \<open>Software Requirement\<close>
|
|
| SA \<comment> \<open>Software Architecture\<close>
|
|
| SDES \<comment> \<open>Software Design\<close>
|
|
| SCDES \<comment> \<open>Software Component Design\<close>
|
|
| CInT \<comment> \<open>Component Implementation and Testing\<close>
|
|
| SI \<comment> \<open>Software Integration\<close>
|
|
| SV \<comment> \<open>Software Validation\<close>
|
|
| SD \<comment> \<open>Software Deployment\<close>
|
|
| SM \<comment> \<open>Software Maintenance\<close>
|
|
|
|
doc_class cenelec_document = text_element +
|
|
phase :: phase
|
|
written_by :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
fst_check :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
snd_check :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
invariant must_be_chapter :: "text_element.level \<sigma> = Some(0)"
|
|
invariant two_eyes_prcple :: "written_by \<sigma> \<noteq> fst_check \<sigma>
|
|
\<and> written_by \<sigma> \<noteq> snd_check \<sigma>"
|
|
|
|
(* artificial definition to enable checking in text\<open>\<close>
|
|
It will have to be implemented to enable the invariant well_formed_pre in SWIS_E.
|
|
*)
|
|
definition "iswff\<^sub>p\<^sub>r\<^sub>e" :: "bool"
|
|
where "iswff\<^sub>p\<^sub>r\<^sub>e \<equiv> True"
|
|
|
|
doc_class SWIS_E =
|
|
op_name :: "string"
|
|
op_args_res :: "(string \<times> typ) list \<times> typ" \<comment> \<open>args and result type\<close>
|
|
pre_cond :: "(string \<times> thm) list" \<comment> \<open>labels and predicates\<close>
|
|
post_cond :: "(string \<times> thm) list" \<comment> \<open>labels and predicates\<close>
|
|
(* iswff\<^sub>p\<^sub>r\<^sub>e will have to be implemented to enable the invariant well_formed_pre. *)
|
|
(* invariant well_formed_pre :: "\<forall>cond \<in> set(map snd (pre_cond \<sigma>)).
|
|
iswff\<^sub>p\<^sub>r\<^sub>e (op_args_res \<sigma>) (cond)"
|
|
invariant well_formed_post:: ...*)
|
|
|
|
doc_class SWIS = cenelec_document + \<comment> \<open>software interface specification\<close>
|
|
phase :: "phase" <= "SCDES" written_by :: "role" <= "DES"
|
|
fst_check :: "role" <= "VER" snd_check :: "role" <= "VAL"
|
|
components:: "SWIS_E list"
|
|
type_synonym software_interface_specification = SWIS
|
|
|
|
(*>*)
|
|
|
|
section*[appl_certif::technical]\<open>Application: CENELEC Ontology\<close>
|
|
|
|
text\<open>From its beginning, \<^dof> had been used for documents containing formal models targeting
|
|
certifications. A major case-study from the railways domain based on the CENELEC 50128 standard
|
|
had been published earlier (cf. @{cite "DBLP:conf-ifm-BruckerW19"})
|
|
\<^footnote>\<open>Our CENELEC ontology in
|
|
\<^dof> can be found at
|
|
\<^url>\<open>https://github.com/logicalhacking/Isabelle_DOF/blob/main/src/ontologies/CENELEC_50128/CENELEC_50128.thy\<close>.\<close>.
|
|
The CENELEC Standard comprises 18 different ``Design and Test Documents''; a fully fledged description of
|
|
our ontology covering these is therefore out of reach of this paper.
|
|
Rather, we present how the novel concepts such as invariants and term-antiquotations are used in
|
|
selected elements in this ontology.
|
|
|
|
According to CENELEC Table C.1, for example, we specify the category of ``Design and Test Documents''
|
|
as follows:
|
|
@{boxed_theory_text [display]
|
|
\<open>doc_class cenelec_document = text_element +
|
|
phase :: phase
|
|
written_by :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
fst_check :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
snd_check :: role \<comment> \<open>Annex C Table C.1 \<close>
|
|
...
|
|
invariant must_be_chapter :: "text_element.level \<sigma> = Some(0)"
|
|
invariant two_eyes_prcple :: "written_by \<sigma> \<noteq> fst_check \<sigma>
|
|
\<and> written_by \<sigma> \<noteq> snd_check \<sigma>"\<close>}
|
|
|
|
This class refers to the ``software phases'' the standard postulates (like \<^const>\<open>SPl\<close> for
|
|
``Software Planning'' or \<^const>\<open>SCDES\<close> for ``Software Component Design'')
|
|
which we model by a corresponding enumeration types (not shown here).
|
|
Similarly, the standard postulates ``roles'' that certain specified teams possess in the overall process
|
|
(like \<^const>\<open>VER\<close> for verification and \<^const>\<open>VAL\<close> for validation). We added invariants that specify
|
|
certain constraints implicit in the standard: for example, a \<^typ>\<open>cenelec_document\<close> must have
|
|
the textual structure of a chapter (the \<^emph>\<open>level\<close>-attribute is inherited from an underlying
|
|
ontology library specifying basic text-elements) as well as the two-eyes-principle between authors and
|
|
checkers of these chapters.
|
|
\<close>
|
|
text\<open> The concrete sub-class of \<^typ>\<open>cenelec_document\<close> is the class \<^typ>\<open>SWIS\<close>
|
|
(``software interface specification'') as shown below,
|
|
which provides the role assignment required for this document type:
|
|
@{boxed_theory_text [display] \<open>
|
|
|
|
doc_class SWIS = cenelec_document + \<comment> \<open>software interface specification\<close>
|
|
phase :: "phase" <= "SCDES" written_by :: "role" <= "DES"
|
|
fst_check :: "role" <= "VER" snd_check :: "role" <= "VAL"
|
|
components:: "SWIS_E list"\<close>}
|
|
The structural constraints expressed so far can in principle be covered by any
|
|
hand-coded validation process and suitable editing support (\<^eg>, Protégé @{cite "protege"}).
|
|
However, a closer look at the class \<^typ>\<open>SWIS_E\<close> (``software interface specification
|
|
element'') referenced in the \<^const>\<open>components\<close>-attribute reveals the unique power of \<^dof>;
|
|
rather than saying ``there must be a pre-condition'', \<^dof> can be far more precise:
|
|
@{boxed_theory_text [display]
|
|
\<open>doc_class SWIS_E =
|
|
op_name :: "string"
|
|
op_args_res :: "(string \<times> typ) list \<times> typ" \<comment> \<open>args and result type\<close>
|
|
pre_cond :: "(string \<times> thm) list" \<comment> \<open>labels and predicates\<close>
|
|
post_cond :: "(string \<times> thm) list" \<comment> \<open>labels and predicates\<close>
|
|
invariant well_formed_pre :: "\<forall>cond \<in> set(map snd (pre_cond \<sigma>)).
|
|
iswff\<^sub>p\<^sub>r\<^sub>e (op_args_res \<sigma>) (cond)"
|
|
invariant well_formed_post:: ...\<close>}
|
|
where the constant \<^const>\<open>iswff\<^sub>p\<^sub>r\<^sub>e\<close> is bound to a function at the SML-level, that
|
|
is executed during the evaluation phase of these invariants and that checks:
|
|
\<^item> Any \<^emph>\<open>cond\<close> is indeed a valid definition in the global logical context
|
|
(taking HOL-libraries but also the concrete certification target model into account).
|
|
\<^item> Any such HOL definition has the syntactic form:
|
|
\<^vs>\<open>-0.3cm\<close>
|
|
@{cartouche [display,indent=10,margin=70] \<open>pre_<op_name> (a\<^sub>1::\<tau>\<^sub>1) ... (a\<^sub>n::\<tau>\<^sub>n) \<equiv> <predicate>,\<close>}
|
|
\<^vs>\<open>-0.3cm\<close>
|
|
where \<open>(a\<^sub>1::\<tau>\<^sub>1) ... (a\<^sub>n::\<tau>\<^sub>n)\<close> correspond to the argument list.
|
|
\<^item> The case for the post-condition is treated analogously. \<close>
|
|
|
|
text\<open>Note that this technique can also be applied to impose specific syntactic constraints on
|
|
types. For example, via the SI-package available in the Isabelle AFP
|
|
\<^footnote>\<open>\<^url>\<open>https://www.isa-afp.org/entries/Physical_Quantities.html\<close>\<close>, it is possible to express
|
|
that the result of some calculation is of type
|
|
\<open>32 unsigned [m\<^sup>\<cdot>s\<^sup>-\<^sup>2]\<close>, so a 32-bit natural representing an acceleration in the SI-system.
|
|
Therefore it is possible to impose that certain values refer to physical dimensions
|
|
measured in a concrete metrological system.
|
|
\<close>
|
|
|
|
section*[rw::related_work]\<open>Related Work\<close>
|
|
|
|
text\<open>There are a number of approaches to use ontologies for structuring the link between
|
|
information and knowledge, and to make it amenable to
|
|
``semantic'' search in or consistency checking of documents.
|
|
Some are targeting mathematical libraries,
|
|
like the search engine \<^url>\<open>http://shinh.org/wfs\<close> which uses clever text-based search methods in
|
|
a large number of formulas, agnostic of their logical context and of formal proof,
|
|
or the OAF project @{cite "KohlhaseR21"} which developed a common ontological format,
|
|
called OMDoc/MMT, and six \<^emph>\<open>export\<close> functions from major ITP systems into it.
|
|
The more difficult task to develop import functions has not been addressed, not to mention
|
|
the construction of imported proofs in a native tactic proof format. Rather, the emphasis
|
|
was put on building a server infrastructure based on conventional, rather heavy-weight
|
|
database and OWL technology. Our approach targets so far only one ITP system and
|
|
its libraries, and emphasizes type-safeness, expressive power and “depth” of meta-data,
|
|
which is adapted to the specific needs of ITP systems and theory developments.
|
|
|
|
There are also a number of proposals of ontologies targeting mathematics:
|
|
the OntoMath\textsuperscript{PRO} @{cite "Nevzorova2014OntoMathPO"} proposes a
|
|
``taxonomy of the fields of mathematics'' (p. 6).
|
|
In total, OntoMath\textsuperscript{PRO} contains the daunting number of 3,449 classes,
|
|
which is in part due to the need to compensate
|
|
the lack of general datatype definition methods for meta-data.
|
|
It is nevertheless an interesting starting point for a future development of a mathematics ontology
|
|
in the \<^dof> framework.
|
|
Other ontologies worth mentioning are DBpedia @{cite "10.1007/978-3-540-76298-0_52"},
|
|
which provides with the \<^emph>\<open>SPARQL endpoint\<close> \<^url>\<open>http://dbpedia.org/sparql\<close> a search engine,
|
|
and the more general ScienceWISE \<^footnote>\<open>\<^url>\<open>http://sciencewise.info/ontology/\<close>.\<close>
|
|
that allows users to introduce their own category concepts.
|
|
Both suffer from the lack of deeper meta-data modeling, and the latter is still at the beginning
|
|
(ScienceWISE marks the Mathematics part as ``under construction'').
|
|
|
|
Regarding the use of formal methods to formalise standards, the Event-B method was proposed by
|
|
Fotso et al. @{cite "FotsoFLM18"} for specifications of the hybrid ERTMS/ETCS level 3 standard,
|
|
in which requirements are specified using SysML/KAOS goal diagrams. The latter were translated into
|
|
Event-B, where domain-specific properties were specified by ontologies.
|
|
In another case, Mendil et al. @{cite "MendilASMP21"} propose an Event-B framework for formalising standard
|
|
conformance through formal modelling of standards as ontologies.
|
|
The proposed approach was exemplified on ARINC 661 standard
|
|
in the context of a weather radar system application.
|
|
These works are essentially interested in expressing ontological concepts in a formal method
|
|
but do not explicitly deal with the formalisation of rules/invariants defined in ontologies.
|
|
The question of ontology-mappings is not addressed.
|
|
|
|
% \<^url>\<open>https://github.com/CLLKazan/OntoMathPro\<close>
|
|
%
|
|
% ITEM The "Ontology for Engineering Mathematics"
|
|
% \<^url>\<open>https://tomgruber.org/writing/an-ontology-for-engineering-mathematics\<close> is
|
|
% is unfortunately only a half-baked approach to model physical quantities
|
|
% and SI-measurements. Instead of using ontologies for this purpose, there
|
|
% exist approaches based on strong type systems
|
|
\<close>
|
|
|
|
section*[concl::conclusion]\<open>Conclusion and Future Work\<close>
|
|
text\<open>We presented \<^dof>, an ontology framework
|
|
deeply integrating continuous-check\slash continuous-build functionality into
|
|
the formal development process in \<^hol>. The novel feature of term-contexts in \<^dof>,
|
|
which permits term-antiquotations elaborated in the parsing process, paves the
|
|
way for the abstract specification of meta-data constraints as well the possibility
|
|
of advanced search in the meta-data of document elements. Thus it profits and
|
|
extends Isabelle's document-centric view on formal development.
|
|
|
|
Many ontological languages such as OWL as well as the meta-modeling technology
|
|
available for UML/OCL provide concepts for semantic rules and constraints, but
|
|
leave the validation checking usually to external tools (if implementing them at all).
|
|
This limits their practical usefulness drastically. Our approach treats invariants as
|
|
first-class citizens, and turns them into an object of formal study in, for example,
|
|
ontological mappings. Such a technology exists, to our knowledge, for the first time.
|
|
|
|
Our experiments with adaptations of existing ontologies from engineering and mathematics
|
|
show that \<^dof>'s ODL has sufficient expressive power to cover all aspects
|
|
of languages such as OWL (with perhaps the exception of multiple inheritance on classes).
|
|
However, these ontologies have been developed specifically \<^emph>\<open>in\<close> OWL and target
|
|
its specific support, the Protégé editor @{cite "protege"}. We argue that \<^dof> might ask
|
|
for a re-engineering of these ontologies: less deep hierarchies, rather deeper structure
|
|
in meta-data and stronger invariants.
|
|
\<close>
|
|
|
|
(*subsection*[fw::related_work]\<open>Future Work\<close>*)
|
|
|
|
text\<open> We plan to complement \<^dof> with incremental LaTeX generation and a previewing facility
|
|
that will further increase the usability of our framework for the ontology-conform editing
|
|
of formal content, be it in the engineering or the mathematics domain
|
|
(this paper has been edited in \<^dof>, of course).
|
|
|
|
Another line of future application is to increase the ``depth'' of built-in term antiquotations such
|
|
as \<^theory_text>\<open>@{typ \<open>'\<tau>\<close>}\<close>, \<^theory_text>\<open>@{term \<open>a + b\<close>}\<close> and \<^theory_text>\<open>@{thm \<open>HOL.refl\<close>}\<close>, which are currently implemented
|
|
just as validations in the current logical context. In the future, they could optionally be expanded
|
|
to the types, terms and theorems (with proof objects attached) in a meta-model of the Isabelle Kernel
|
|
such as the one presented in @{cite "10.1007/978-3-030-79876-5_6"} (also available in the AFP).
|
|
This will allow for definitions of query-functions in, \<^eg>, proof-objects, and pave the way
|
|
to annotate them with typed meta-data. Such a technology could be relevant for the interoperability
|
|
of proofs across different ITP platforms.
|
|
\<close>
|
|
|
|
(*<*)
|
|
close_monitor*[this]
|
|
|
|
end
|
|
(*>*)
|