0

I am working on a theory where I use extensional functions defined in the Funcset theory quite heavily. I need to work with function valued functions where both the function, and the values are extensional. It is quite annoying that some of my lemmas fail because an undefined function does not map everything into undefined. So the goal

undefined x = undefined

is not provable. I can work around this using restrictions, but it would be much more elegant without those. Is it safe to add a new axiom:

axiomatization where 
  undefined_at [simp]: "undefined x = undefined"

? I am concerned about this because

1) I'm not sure if I should fiddle around with the logic like this.

2) After I add this axiom, for goals like " undefined \in A", nitpick produces the error : Limit reached: too many nested axioms (256).

3) The seemingly similarly innocent axiom 

axiomatization where 
  at_undefined [simp]: "f undefined = undefined"

produces weird goals like "P ==> undefined" .

Dávid Kertész
  • 117
  • 3

1 Answers1

2

The constant undefined does not really model the mathematical notion of undefined. Rather does it denote not being specified, as I have explained in a thread on the Isabelle mailing list.

Back in 2008, undefined actually was specified with the axiom undefined x = undefined, i.e., the function undefined maps everything to undefined. Soon, people realised that this was not what undefined should represent, because it restricted the function undefined to a constant function, which is not an arbitrary function at all. Adding this axiom does not make HOL unsound, but it severely restricts the generality of the what is proven, because undefined is used a lot by Isabelle's packages.

The other axiom at_undefined however leads to inconsistencies. As stated it means that every function f should be the identity on unspecified value undefined. Consider the type bool of Booleans. undefined must be either True or False. So if you take negation for f, then the axiom requires that ~ True = True or ~ False = False. Obviously, this is inconsistent with the specification of op ~, so the axiom is inconsistent.

Andreas Lochbihler
  • 4,998
  • 12
  • 10
  • Thank you, your reply was very helpful. It is good to know that `undefined_at` is safe and reasonable to add, but too specific for some applications. I'm going to define a new `undefined` (I'm tempted to call it `nothing`) with the stronger axiom and use that where I need to. – Dávid Kertész Jul 08 '15 at 12:23
  • 1
    Actually, you do not need axioms. Define a type class `class nothing = fixes nothing` and instantiate it for the types you need. For the function type, use `instantiation "fun" :: (type, nothing) nothing begin` `definition "nothing x = nothing"` `instance ..` `end` If it is too cumbersome to instantiate all the types, you can also use unrestricted overloading, which is also safe. `consts nothing :: 'a` `overloading f == "nothing :: ('a ⇒ 'b)" begin` `definition nothing_fun_def: "f (x :: 'a) = (nothing :: 'b)"` `end` With both approaches, you can add more equations for other types later on. – Andreas Lochbihler Jul 08 '15 at 15:29