Synthesizing Bijective Lenses
Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, Steve Zdancewic
aa r X i v : . [ c s . P L ] O c t Synthesizing Bijective Lenses
ANDERS MILTNER,
Princeton University, USA
KATHLEEN FISHER,
Tufts University, USA
BENJAMIN C. PIERCE,
University of Pennsylvania, USA
DAVID WALKER,
Princeton University, USA
STEVE ZDANCEWIC,
University of Pennsylvania, USABidirectional transformations between different data representations occur frequently in modern softwaresystems. They appear as serializers and deserializers, as parsers and pretty printers, as database views andview updaters, and as a multitude of different kinds of ad hoc data converters. Manually building bidirec-tional transformations—by writing two separate functions that are intended to be inverses—is tedious anderror prone. A better approach is to use a domain-specific language in which both directions can be writtenas a single expression. However, these domain-specific languages can be difficult to program in, requiringprogrammers to manage fiddly details while working in a complex type system.We present an alternative approach. Instead of coding transformations manually, we synthesize themfrom declarative format descriptions and examples. Specifically, we present
Optician , a tool for type-directedsynthesis of bijective string transformers. The inputs to Optician are a pair of ordinary regular expressionsrepresenting two data formats and a few concrete examples for disambiguation. The output is a well-typedprogram in Boomerang (a bidirectional language based on the theory of lenses ). The main technical challengeinvolves navigating the vast program search space efficiently enough. In particular, and unlike most priorwork on type-directed synthesis, our system operates in the context of a language with a rich equivalencerelation on types (the theory of regular expressions). Consequently, program synthesis requires search in twodimensions: First, our synthesis algorithm must find a pair of “syntactically compatible types,” and second,using the structure of those types, it must find a type- and example-compliant term. Our key insight is thatit is possible to reduce the size of this search space without losing any computational power by defining anew language of lenses designed specifically for synthesis. The new language is free from arbitrary functioncomposition and operates only over types and terms in a new disjunctive normal form. We prove (1) ournew language is just as powerful as a more natural, compositional, and declarative language and (2) our syn-thesis algorithm is sound and complete with respect to the new language. We also demonstrate empiricallythat our new language changes the synthesis problem from one that admits intractable solutions to one thatadmits highly efficient solutions, able to synthesize lenses between complex file formats with great variationin seconds. We evaluate Optician on a benchmark suite of 39 examples that includes both microbenchmarksand realistic examples derived from other data management systems including Flash Fill, a tool for synthesiz-ing string transformations in spreadsheets, and Augeas, a tool for bidirectional processing of Linux systemconfiguration files.
Programs that analyze consumer information, performance statistics, transaction logs, scientificrecords, and many other kinds of data are essential components in many software systems. Of-tentimes, the data analyzed comes in ad hoc formats, making tools for reliably parsing, printing,cleaning, and transforming data increasingly important. Programmers often need to reliably trans-form back-and-forth between formats, not only transforming source data into a target format butalso safely transforming target data back into the source format.
Lenses [13] are back-and-forthtransformations that provide strong guarantees about their round-trip behavior, guarding againstdata corruption while reading, editing, and writing data sources. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :2 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
A lens comprises two functions, get and put . The get function translates source data into thetarget format. If the target data is updated, the put function translates this edited data back intothe source format. A benefit of lens-based languages is that they use a single term to express both get and put . Furthermore, well-typed lenses give rise to get and put functions guaranteed to satisfydesirable invertibility properties.Lens-based languages are present in variety of tools and have found mainstream industrial use.Boomerang [3, 5] lenses provide guarantees on transformations between ad hoc string documentformats. Augeas [26], a popular tool that reads Linux system configuration files, uses the get part of a lens to transform configuration files into a canonical tree representation that users canedit either manually or programmatically. It uses the lens’s put to merge the edited results backinto the original string format. Other lens-based languages and tools include GRoundTram [20],BiFluX [30], BiYacc [41], Brul [40], BiGUL [21], bidirectional variants of relational algebra [4],spreadsheet formulas [27], graph query languages [19], and XML transformation languages [25].Unfortunately, these languages impose fiddly constraints on lenses, making lens programmingslow and tedious. For example, Boomerang programmers often must rearrange the order of dataitems by recursively using operators that swap adjacent fields. Furthermore, the Boomerang typechecker is very strict, disallowing many programs because they contain ambiguity about howcertain data is transformed. In short, lens languages provide strong bidirectional guarantees at thecost of forcing programmers to satisfy finicky type systems.To make programming with lenses faster and easier, we have developed
Optician , a tool forsynthesizing lenses from simple, high-level specifications. This work continues a recent trend to-ward streamlining programming tasks by synthesizing programs in a variety of domain-specificlanguages [10, 15, 24, 31], many guided by types [10, 11, 14, 29, 32]. Specifically, Optician supportsthe synthesis of bijective lenses , a useful subset of Boomerang. As inputs, Optician takes speci-fications of the source and target formats, plus a collection of concrete examples of the desiredtransformation. Format specifications are supplied as ordinary regular expressions. Because regu-lar expressions are so widely understood, we anticipate such inputs will be substantially easier foreveryday programmers to work with than the unfamiliar syntax of lenses. Moreover, includingthese format descriptions communicates a great deal of information to the synthesis system. Thus,requiring user input of regular expressions makes synthesis robust, helps the system scale to largeand complex data sources, and constrains the search space sufficiently that the user typically needsto give very few, if any, examples.Despite the benefits of Boomerang’s informative types, Boomerang is not well-suited to supportsynthesis directly. Specifically, Boomerang’s types are regular expression pairs, and each regularexpression is equivalent to an infinite number of other regular expressions. To synthesize allBoomerang terms, a type-directed synthesizer must sometimes be able to find, amongst all possibleequivalent regular expressions, the one with the right syntactic structure to guide the subsequentsearch for a well-typed, example-compatible Boomerang term.To resolve these issues, we introduce a new language of
Disjunctive Normal Form (DNF) lenses .Just as string lenses have pairs of regular expressions as types, DNF lenses have pairs of
DNFregular expressions as types. The typing judgements for DNF lenses limit how equivalences can beused, greatly reducing the size of the search space. Despite the restrictive syntax and type systemof DNF lenses, we prove our new language is equivalent to a natural, declarative specification ofthe bijective fragment of Boomerang.Figure 1 shows a high-level, schematic diagram for Optician. First, Optician uses the function ⇓ to convert the input regular expressions into DNF regular expressions. Next, SynthDNFLens performs type-directed synthesis on these DNF regular expressions and the input examples to , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:3 ⇓ STexs DSDT
SynthDNFLens
Optician dl ⇑ l Fig. 1. Schematic Diagram for Optician. Regular expressions, S and T , and examples, exs , are given as input.First, the function ⇓ converts S and T into their respective DNF forms, DS and DT . Next, SynthDNFLens synthesizes a DNF lens, dl , from S , T , and exs . Finally, ⇑ converts dl into l , a lens in Boomerang that isequivalent to dl . synthesize a DNF lens. Finally, this DNF lens is converted back into a regular lens with the function ⇑ , and returned to the user. Contributions.
Optician makes bidirectional programming more accessible by obviating the needfor programmers to write lenses by hand. We begin by briefly reviewing some background on reg-ular expressions and core lens combinators ( § § • We introduce a new lens language (DNF Lenses) that is suitable for synthesis ( § § • We present an efficient, type-directed synthesis algorithm for synthesizing lenses ( § • We evaluate Optician, its optimizations, and existing synthesis tools on 39 benchmarks,including examples derived from Flash Fill [16] and the Augeas [26] system ( § • While we are not aware of any other systems for automatically synthesizing bijectivetransformations, we establish a baseline for our the effectiveness of our techniques bycomparing our synthesis algorithm with the one used in Flash Fill [16], a well-known andinfluential synthesis system deployed in Microsoft Excel. Flash Fill only synthesizes trans-formations in one direction, but it was only able to complete synthesis of 3 out of 39 ofour benchmarks. We conjecture that the extra information we supply the synthesis sys-tem via our regular format descriptions, allows it to scale to significantly more complexand varied formats than is possible in current string synthesis systems that do not use thisinformation.We close with related work ( §
8) and conclusions ( § Technical Report.
Throughout the paper, we will state a number of theorems. We have omittedthese proofs for space, and have included these details in the auxiliary technical report. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :4 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Regular Expressions.
We use Σ to denote the alphabet of individual characters c ; strings s and t are elements of Σ ∗ . Regular expressions, abbreviated REs, are used to express languages , whichare subsets of Σ ∗ . REs over Σ are: S , T :: = s | ∅ | S ∗ | S · S | S | S L( S ) ⊆ Σ ∗ , the language of S , is defined as usual. Unambiguity.
The typing derivations of lenses require regular expressions to be written in away that parses text unambiguously. S and T are unambiguously concatenable , written S · ! T if, forall strings s , s ∈ L( S ) and t , t ∈ L( T ) , whenever s · t = s · t it is the case that s = s and t = t . Similarly, S is unambiguously iterable , written S ∗ ! if, for all n , m ∈ N and for all strings s , . . . , s n , t , . . . , t m ∈ L( S ) , whenever s · . . . · s n = t · . . . · t m it is the case that n = m and s i = t i for all i .A regular expression S is strongly unambiguous if one of the following holds: (a) S = s , or (b) L( S ) = {} ,or (c) S = S · S with S · ! S , or (d) S = S | S with S ∩ S = ∅ , or (e) S = ( S ′ ) ∗ with ( S ′ ) ∗ ! . In therecursive cases, S , S , and S ′ must also be strongly unambiguous. Equivalences. S and T are equivalent , written S ≡ T , if L( S ) = L( T ) . There exists an equationaltheory for determining whether two regular expressions are equivalent, presented by Conway [7],and proven complete by Krob [23]. Conway’s axioms consist of the semiring axioms (associativity,commutativity, identities, and distributivity for | and · ) plus the following rules for equivalencesinvolving the Kleene star: ( S | T ) ∗ ≡ ( S ∗ · T ) ∗ · S ∗ Sumstar ( S · T ) ∗ ≡ ϵ | ( S · ( T · S ) ∗ · T ) Prodstar ( S ∗ ) ∗ ≡ S ∗ Starstar ( S | T ) ∗ ≡ (( S | T ) · T | ( S · T ∗ ) n · S ) ∗ · ( ϵ | ( S | T )· (( S · T ∗ ) | . . . | ( S · T ∗ ) n )) Dicyc
While this equational theory is complete, na¨ıvely using it in the context of lens synthesis presentsseveral problems. In the context of lens synthesis, we instead use the equational theory corre-sponding to the axioms of a star semiring [9]. If two regular expressions are equivalent withinthis equational theory, they are star semiring equivalent , written S ≡ s T . The star semiring axiomsconsist of the semiring axioms plus the following rules for equivalences involving the Kleene star: S ∗ ≡ s ϵ | ( S · S ∗ ) Unrollstar L S ∗ ≡ s ϵ | ( S ∗ · S ) Unrollstar R In §
3, we provide intuition for why synthesis with full regular expression equivalence is problem-atic and justify our choice of using star semiring equivalence instead.
Bijective Lenses.
All bijections between languages are lenses. We define bijective lenses to bebijections created from the following Boomerang lens combinators, l . l :: = const ( s ∈ Σ ∗ , s ∈ Σ ∗ )| iterate ( l )| concat ( l , l )| swap ( l , l )| or ( l , l )| l ; l | id S The denotation of a lens l is [[ l ]] ⊆ String × String . If ( s , s ) ∈ [[ l ]] , then l maps between s and s . There are other complete axiomatizations for regular expression equivalence, such as Kozen’s[22] and Salomaa’s[33]. Wefocus on Conway’s for the sake of specificity, but discuss alternative theories in § ynthesizing Bijective Lenses 1:5 s ∈ Σ ∗ s ∈ Σ ∗ const ( s , s ) : s ⇔ s l : S ⇔ T S ∗ ! T ∗ ! iterate ( l ) : S ∗ ⇔ T ∗ l : S ⇔ T l : S ⇔ T S · ! S T · ! T concat ( l , l ) : S S ⇔ T T l : S ⇔ T l : S ⇔ T S · ! S T · ! T swap ( l , l ) : S S ⇔ T T l : S ⇔ T l : S ⇔ T L( S ) ∩ L( S ) = ∅ L( T ) ∩ L( T ) = ∅ or ( l , l ) : S | S ⇔ T | T l : S ⇔ S l : S ⇔ S l ; l : S ⇔ S S is strongly unambiguous id S : S ⇔ Sl : S ⇔ S S ≡ s S ′ S ≡ s S ′ l : S ′ ⇔ S ′ Fig. 2. Lens Typing Rules [[ const ( s , s )]] = {( s , s )}[[ iterate ( l )]] = {( s · . . . · s n , t · . . . · t n ) | n ∈ N ∧ ∀ i ∈ [ n ] , ( s i , t i ) ∈ [[ l ]]}[[ concat ( l , l )]] = {( s · s , t · t ) | ( s , t ) ∈ [[ l ]] ∧ ( s , t ) ∈ [[ l ]]}[[ swap ( l , l )]] = {( s · s , t · t ) | ( s , t ) ∈ [[ l ]] ∧ ( s , t ) ∈ [[ l ]]}[[ or ( l , l )]] = {( s , t ) | ( s , t ) ∈ [[ l ]] ∨ ( s , t ) ∈ [[ l ]]}[[ l ; l ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ l ]] ∧ ( s , s ) ∈ [[ l ]]}[[ id S ]] = {( s , s ) | s ∈ L( S )} The simplest lens in the combinator language is the constant lens between strings s , and t , const ( s , t ) . The lens const ( s , t ) , when operated left-to-right, replaces the string s with t , and whenoperated right-to-left, replaces string t with s . The identity lens on a regular expression, id S , op-erates in both directions by applying the identity function to strings in L( S ) . The compositioncombinator, l ; l , operates by applying l then l when operating left to right, and applying l then l when operating right to left.Each of the other lenses manipulates structured data. For instance, concat ( l , l ) operates byapplying l to the left portion of a string, and l to the right, and concatenating the results. Thecombinator swap ( l , l ) does the same as concat ( l , l ) but it swaps the results before concatenating.The combinator or ( l , l ) operates by applying either l or l to the string. The combinator iterate ( l ) operates by repeatedly applying l to subparts of a string. Lens Typing.
The typing judgement for lenses has the form l : S ⇔ T , meaning l bijectivelymaps between L( S ) and L( T ) . Figure 2 gives the typing relation. Many of the typing derivationsrequire side conditions about unambiguity. These side conditions guarantee that the semantics ofthe language create a bijective function. For example, if l : S ⇔ T , and l : S ⇔ T , and S isnot unambiguously concatenable with S , then there would exist s , s ′ ∈ L( S ) , and s , s ′ ∈ L( S ) where s · s = s ′ · s ′ , but s , s ′ , and s , s ′ . The lens concat ( l , l ) would no longer necessarily actas a function when applied from left to right, as l could be applied to both s and to s ′ . Because any , Vol. 1, No. 1, Article 1. Publication date: October 2017. :6 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic LegacyClients ModernClientsLegacyServer API ModernServer APIServer StackLens (a)
Legacy Work Item Representation Modern Work Item Representation
Since regular expression equivalence is decidable,it is easy to check whether a given lens l with type S ⇔ S also has type S ′ ⇔ S ′ . During synthe-sis, however, deciding when and how to use type conversion is difficult because there are infinitelymany regular expressions that are equivalent to the source and target regular expressions. Doesthe algorithm need to consider all of them? In what order? To convert from legacy title to , Vol. 1, No. 1, Article 1. Publication date: October 2017. :8 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic legacy title’ , the algorithm must first unroll text char* into "" | text char text char* ,and then it must distribute this disjunction on the left and the right.A related challenge arises from the composition operator, l ; l . The typing rule for compositionrequires that the target type of l be the source type of l . To synthesize a composition lens between S and S , a sound synthesizer must find an intermediate type S and lenses with types S ⇔ S and S ⇔ S . Searching for the correct regular expression S is again problematic because thesearch space is infinite.Thus, na¨ıvely applying type-directed synthesis techniques involves searching in three infinitedimensions . A complete na¨ıve synthesizer must search for (1) a type consisting of two regularexpressions equivalent to the given ones but with “similar shapes” and (2) a lens expression thathas the given type and is consistent with the user’s examples. Furthermore, whenever composi-tion is part of the expression, na¨ıve type-directed synthesis requires a further search for (3) an intermediate regular expression .Our approach to this challenge is to define a new “DNF syntax” for types and lenses that re-duces the synthesis search space in all dimensions . In this new language, regular expressions arewritten in a disjunctive normal form, where disjunctions are fully distributed over concatenationand where binary operators are replaced by n -ary ones, eliminating associativity rules. Using DNFregular expressions, when presented with a synthesis problem with type ( A | B ) C ⇔ A ′ C ′ | B ′ C ′ , Op-tician will first convert this type into h[ A · C ] | [ B · C ]i ⇔ h[ A ′ · C ′ ] | [ B ′ · C ′ ]i , where h . . . i represents n -ary disjunction and [ . . . ] represents n -ary concatenation. Like DNF regular expressions, DNFlenses are stratified, with disjunctions outside of concatenations, and they use n -ary operators in-stead of binary ones. Furthermore, DNF lenses do not need a composition operator, eliminatingan entire dimension of search. This stratification and the lack of composition creates a very tightrelationship between the structure of a well-typed DNF lens and its DNF regular expression types.Translating regular expressions into DNF form collapses many equivalent REs into the samesyntactic form. However, this translation does not fully normalize regular expressions. Nor do wewant it to: If a synthesizer normalized ϵ | BB ∗ to B ∗ , it would have trouble synthesizing lenses withtypes like ϵ | BB ∗ ⇔ ϵ | CD ∗ where the first occurrence of B on the left needs to be transformedinto C while the rest of the B s need to be transformed into D . Normalization to DNF eliminatesmany, but not all, of the regular expression equivalences that may be needed before a simple, type-directed structural search can be applied—i.e., DNF regular expressions are only pseudo-canonical .Consequently, a type-directed synthesis algorithm must still search through some equivalentregular expressions. To handle this search, SynthDNFLens is structured as two communicatingsynthesizers, shown in Figure 4. The first synthesizer,
TypeProp , proposes DNF regular expres-sions equivalent to the input DNF regular expressions.
TypeProp uses the axioms of a star semir-ing to unfold Kleene star operators in one or both types, to obtain equivalent (but larger) DNFregular expression types. The second synthesizer,
RigidSynth , performs a syntax-directed searchbased on the structure of the provided DNF regular expressions, as well as the input examples. Ifthe second synthesizer finds a satisfying DNF lens, it returns that lens. If the second synthesizerfails to find such a lens,
TypeProp learns of that failure, and proposes new candidate DNF regularexpression pairs.
Star Semiring Equivalence and Rewriting.
One could try to search the space of DNF regular ex-pressions equivalent to the input regular expressions by turning the Conway axioms into (undi-rected) rewrite rules operating on DNF regular expressions and then trying all possible combina-tions of rewrites. Doing so would be problematic because the Conway axiomatization itself is bothhighly nondeterministic and infinitely branching (due to the choice of n in the dyclicity axiom). , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:9 TypeProp
DSDTexs DS ’ DT ’ RigidSynth dl × X SynthDNFLens
Fig. 4. Schematic Diagram for DNF Lens Synthesis Algorithm. DNF regular expressions, DS and DT , and aset of examples exs are given as input. The synthesizer, TypeProp , uses these input DNF regular expressionsto propose a pair of equivalent DNF regular expressions, DS ′ and DT ′ . The synthesizer RigidSynth thenattempts to generate a DNF lens, dl , which goes between DS ′ and DT ′ and satisfies all the examples in exs . If RigidSynth is successful, dl is returned. If RigidSynth is unsuccessful, information of the failure isreturned to
TypeProp , which continues proposing candidate DNF regular expressions until
RigidSynth findsa satisfying DNF lens.
We also want DNF lenses to be closed under composition – if it is not then we need to beable to synthesize lenses containing composition operators. To be closed under composition, itis sufficient for the equivalence relation used in the type equivalence rule to be the equivalenceclosure of a rewrite system ( → ) satisfying four conditions. First, if S → S ′ , then L( S ) = L( S ′ ) .Second, if S → S ′ and S is strongly unambiguous, then S ′ is also strongly unambiguous. Theremaining two properties relate the rewrite rules to the typing derivations of DNF lenses, whenthose typing derivations do not use type equivalence. To express these properties, we use thenotation dl ˜: DS ⇔ DT to mean that if dl is a DNF lens that goes between DNF regular expressions DS and DT , then the typing derivation contains no instances of the type equivalence rule. Usingthis notation, we can express the confluence property, as follows: Definition 1 (Confluence) . Whenever dl ˜: (⇓ S ) ⇔ (⇓ T ) , if S → S and T → T , there existregular expressions S , and T and a DNF lens dl , such that:(1) S → S (2) T → T (3) dl ˜: (⇓ S ) ⇔ (⇓ T ) (4) [[ dl ]] = [[ dl ]] We call the final property bisimilarity . Bisimilarity requires two symmetric conditions.
Definition 2 (Bisimilarity) . Whenever dl ˜: (⇓ S ) ⇔ (⇓ T ) and S → S , there exist a regularexpression T and a DNF lens dl such that(1) T → T (2) dl ˜: (⇓ S ) ⇔ (⇓ T ) (3) [[ dl ]] = [[ dl ]] To be bisimilar, the symmetric property must also hold for T → T .Our solution for handling type equivalence is to use ≡ s , the equivalence relation generatedby the axioms of a star semiring. This equivalence relation is compatible with our lens synthesisstrategy, as orienting these unrolling rules from left to right presents us with a rewrite relation thatis both confluent and bisimilar, and whose equivalence closure is ≡ s . The star semiring axioms arethe coarsest subset of regular expression equivalences we could find that is generated by a rewrite , Vol. 1, No. 1, Article 1. Publication date: October 2017. :10 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic relation and is still confluent and bisimilar. We have not been able to prove that this relation isthe coarsest such relation possible, but it is sufficient to cover all the test cases in our benchmarksuite (see § Prodstar in particular) are notbisimilar, which is why we avoid this in our system.
Challenge 2: Large Types.
DNF lenses are equivalent in expressivity to lenses and the algorithm
SynthDNFLens is quite fast. Unfortunately, the conversion to DNF incurs an exponential blowup.In practical examples, the regular expressions describing complex ad hoc data formats may bevery large, causing the exponential blowup to have a significant impact on synthesis time. Thekey to addressing this issue is to observe that users naturally construct large types incrementally,introducing named abbreviations for major subcomponents. For example, in the specification of legacy title and modern title , the variable text char describes which characters can bepresent in a title. To include a large disjunction representing all valid title characters instead ofthe concise variable text char in the definitions of legacy title and modern title would beunmaintainable and difficult to read.Unfortunately, leaving these variables opaque introduces a new dimension of search. In additionto searching through the rewrites on regular expressions, the algorithm must also search throughpossible substitutions , replacements of variables with their definitions. We designate these twotypes of equivalences expansions , using “rewrites” to denote expansions that arise from traversingrewrite rules on the regular expressions, and using “substitutions” to denote expansions that arisefrom replacing a variable with its definition.Interestingly, Optician can exploit the structure inherent in these named abbreviations to speedup the search dramatically. For example, if text char appears just once in both the source andthe target types, the system hypothesizes that the identity lens can be used to convert betweenoccurrences of text char . On the other hand, if text char appears in the source but not in thetarget, the system recognizes that, to find a lens, text char must be replaced by its definition. Inthis way, the positions of names can serve as a guide for applying substitutions and rewrites in thesynthesis algorithm. By using these named abbreviations,
TypeProp guides the transformation ofregular expression types during search by deducing when certain expansions must be taken, orwhen one of a class of expansions must be taken.
The first important step in Optician is to convert regular expression types into disjunctive normalform (DNF). A DNF regular expression, abbreviated DNF RE, is an n-ary disjunction of sequences,where a sequence alternates between concrete strings and atoms, and an atom is an iteration ofDNF regular expressions. The grammar below describes the syntax of DNF regular expressions( DS , DT ), sequences ( SQ , TQ ), and atoms ( A , B ) formally. A , B :: = DS ∗ SQ , TQ :: = [ s · A · . . . · A n · s n ] DS , DT :: = h SQ | . . . | SQ n i Notice that it is straightforward to convert an arbitrary series of atoms and strings into a se-quence: if there are multiple concrete strings between atoms, the strings may be concatenatedinto a single string. If there are multiple atoms between concrete strings, the atoms may be sepa-rated by empty strings, which will sometimes be omitted for readability. Notice also that a simplestring with no atoms may be represented as a sequence containing just one concrete string. Inour implementation, names of user-defined regular expressions are also atoms. However, we elidesuch definitions from our theoretical analysis. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:11 ⊙ SQ : Sequence → Sequence → Sequence [ s · A · . . . · A n · s n ] ⊙ SQ [ t · B · . . . · B m · t m ] = [ s · A · . . . · A n · s n · t · B · . . . · B m · t m ]⊙ : DNF → DNF → DNF h SQ | . . . | SQ n i ⊙ h TQ | . . . | TQ m i = h SQ ⊙ SQ TQ | · · · | SQ ⊙ SQ TQ m | · · · | SQ n ⊙ SQ TQ | · · · | SQ n ⊙ SQ TQ m i⊕ : DNF → DNF → DNF h SQ | . . . | SQ n i ⊕ h TQ | . . . | TQ m i = h SQ | . . . | SQ n | TQ | . . . | TQ m iD : Atom → DNF D( A ) = h[ ϵ · A · ϵ ]i Fig. 5. DNF Regular Expression Functions
Intuitions about DNF regular expressions may be confirmed by their semantics, which we giveby defining the language (set of strings) that each DNF regular expression denotes: L( DS ∗ ) = { s · . . . · s n | ∀ i s i ∈ L( DS )}L([ s · A · . . . · A n · s n ]) = { s · t · · · t n · s n | t i ∈ L( A i )}L(h SQ | . . . | SQ n i) = { s | s ∈ L( SQ i ) and i ∈ [ n ]} A sequence of strings and atoms is sequence unambiguously concatenable , written · ! ( s ; A ; . . . ; A n ; s n ) ,if, when s ′ i , t ′ i ∈ L( A i ) for all i , then s s ′ . . . s ′ n s n = s t ′ . . . t ′ n s n implies s ′ i = t ′ i for all i . A DNFregular expression S is unambiguously iterable , written S ∗ ! if, for all n , m ∈ N and for all strings s , . . . , s n , t , . . . , t m ∈ L( S ) , if s · . . . · s n = t · . . . · t m then n = m and s i = t i for all i . Expressivity of DNF Regular Expressions.
Any regular expression may be converted into an equiv-alent DNF regular expression. To define the conversion function, we rely on several auxiliaryfunctions defined in Figure 5. Intuitively, DS ⊙ DS concatenates two DNF regular expressions, pro-ducing a well-formed DNF regular expression as a result. Similarly, DS ⊕ DS generates a new DNFregular expression representing the union of two DNF regular expressions. Finally, D( A ) convertsa naked atom into a well-formed DNF regular expression. The conversion algorithm itself, written ⇓ S , is defined below. ⇓ s = h[ s ]i⇓∅ = hi⇓( S ∗ ) = D((⇓ S ) ∗ )⇓( S · S ) = ⇓ S ⊙ ⇓ S ⇓( S | S ) = ⇓ S ⊕ ⇓ S Using ⇓ , the definition of legacy title’ gets converted into the DNF regular expression: dnf legacy title = h [ "
DNF Regular Expression Rewrites.
There are many fewer equivalences on DNF regular expres-sions than there are on regular expressions, but there still remain pairs of DNF regular expres-sions that, while syntactically different, are semantically identical. Figure 6 defines a collection ofrewrite rules on DNF regular expressions designed to search the space of equivalent DNF REs. Thisdirected rewrite system helps limit the search space more than the non-directional equivalence ≡ s relation. However, because the rewrite rules are confluent, it is just as powerful as the ≡ s relation.Because disjunctive normal form flattens a series of unions or concatenations into an n-arysum-of-products, there is no need for rewriting rules that manage associativity or distributivity.Moreover, the lens term language and synthesis algorithm itself manages out-of-order summands,so we also have no need of rewriting rules to handle commutativity of unions. Hence, the rewritingsystem need only focus on rewrites that involve Kleene star. The rule Atom Unrollstar L is adirected rewrite rule designed to mirror Unrollstar L . Intuitively, it unfolds any atom DS ∗ into ϵ | ( DS · DS ∗ ) . However, ϵ | ( DS · DS ∗ ) is not a DNF regular expression. Hence, the rule uses DNFconcatenation ( ⊙ ) and union ( ⊕ ) in place of regular expression concatenation and union to ensurea DNF regular expression is constructed. The rule Atom Unrollstar R mirrors the rule Unrollstar R in a similar way.The rules Atom Structural Rewrite and
DNF Structural Rewrite make it possible torewrite terms involving Kleene star that are nested deep within a DNF regular expression, whileensuring that the resulting term remains in DNF form.
The syntax of DNF lenses ( dl ), sequence lenses ( sql ) and atom lenses ( al ) is defined below. DNFlenses and sequence lenses both contain permutations ( σ ) that help describe how these lenses acton data. al :: = iterate ( dl ) sql :: = ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) dl :: = (h sql | . . . | sql n i , σ ) A DNF lens consists of a list of sequence lenses and a permutation. Much like a DNF regularexpression is a list of disjuncted sequences, a DNF lens contains a list of or ed sequence lenses. DNFlenses also contain a permutation that provides information about which sequences are mappedto which by the internal sequence lenses. As an example, consider a DNF lens that maps between , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:13 data with type dnf legacy title and data with type dnf modern title . In such a lens, the per-mutation σ indicates whether data matching [ "
Figure 7 presents the type checking rules for DNF lenses. In order to controlwhere regular expression rewriting may be used (and thereby reduce search complexity), the figuredefines two separate typing judgements. The first judgement has the form dl ˜: DS ⇔ DT . Itimplies that the lens dl is a well-formed bijective map between the languages of DS and DT . Thisjudgement does not include the rule for rewriting the types of the source or target data. The secondjudgement has the form dl : DS ⇔ DT . It rewrites the source and target types, and then searchesfor a DNF lens with the rewritten types.One of the key differences between these typing judgements and the judgements for ordinarylenses are the permutations. For example, in the rule for typing DNF lenses, the permutation σ in-dicates how to match sequence types in the domain ( SQ . . . SQ n ) and the range ( TQ σ ( ) . . . TQ σ ( n ) ).Permutations are used in a similar way in the typing rule for sequence lenses. Properties.
While DNF lenses have a restrictive syntax, they remain as powerful as ordinarybijective lenses. The following theorems characterize the relationship between the two languages. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :14 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ al ˜: A ⇔ B . . . al n ˜: A n ⇔ B n σ ∈ S n · ! ( s ; A ; . . . ; A n ; s n ) · ! ( t ; B σ ( ) ; . . . ; B σ ( n ) ; t n )([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i DS ′ → ∗ DS DT ′ → ∗ DT dl ˜: DS ⇔ DTdl : DS ′ ⇔ DT ′ Fig. 7. DNF Lens Typing
Theorem 2 (DNF Lens Soundness) . If there exists a derivation of dl : DS ⇔ DT , then there exista lens, ⇑ dl , and regular expressions, S and T , such that ⇑ dl : S ⇔ T and ⇓ S = DS and ⇓ T = DT and [[⇑ dl ]] = [[ dl ]] . Theorem 3 (DNF Lens Completeness) . If there exists a derivation for l : S ⇔ T , then there existsa DNF lens dl such that dl : (⇓ S ) ⇔ (⇓ T ) and [[ l ]] = [[ dl ]] . Discussion.
DNF lenses are significantly better suited to synthesis than regular bijective lenses.First, they contain no composition operator. Second, the use of equivalence (rewriting) is highlyconstrained: Rewriting may only be used once at the top-most level as opposed to interleavedbetween uses of the other rules. Consequently, a type-directed synthesis algorithm may be factoredinto two discrete steps: one step that searches for an effective pair of regular expressions and asecond step that is directed by the syntax of the regular expression types that were discovered inthe first step.
Synthesis Overview.
Algorithm 1 presents the synthesis procedure.
SynthLens takes the sourceand target regular expressions S and T , and a list of examples exs , as input. First, SynthLens validates the unambiguity of the input regular expressions, S and T , and confirms that they parsethe input/output examples, exs . Next, the algorithm converts S and T into DNF regular expressions DS and DT using the ⇓ operator. It then calls SynthDNFLens on DS , DT , and the examples tocreate a DNF lens dl . Finally, it uses ⇑ to convert dl to a Boomerang lens. SynthDNFLens starts by creating a priority queue Q to manage the search for a DNF lens.Each element qe in the queue is a tuple of the source DNF regular expression DS ′ , the target DNFregular expression DT ′ , and a count e of the number of expansions needed to produce this pairof DNF regular expressions from the originals DS and DT . (Recall that an expansion is a use of arewrite rule or the substitution of a user-defined definition for its name.) The priority of each queueelement is e ; DNF regular expressions that have undergone fewer expansions will get priority. Thealgorithm initializes the queue with DS and DT , which have an expansion count of zero. Thealgorithm then proceeds by iteratively examining the highest priority element from the queue , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:15 Algorithm 1
SynthLens function SynthDNFLens ( DS , DT , exs ) Q ← CreatePQueue (( DS , DT ) , 0 ) while true do ( qe , Q ) ← Pop ( Q ) ( DS ′ , DT ′ , e ) ← qe dlo ← RigidSynth ( DS ′ , DT ′ , exs ) match dlo with | Some dl → return dl | None → qes ← Expand ( DS , DT , e ) Q ← EnqeueMany ( qes , Q ) function SynthLens ( S , T , exs ) Validate ( S , T , exs ) ( DS , DT ) ← (⇓ S , ⇓ T ) dl ← SynthDNFLens ( DS , DT , exs ) return ⇑ dl (this examination corresponds to TypeProp in Figure 4), and using the function
RigidSynth totry to find a rewriteless DNF lens between the popped source and target DNF regular expressionsthat satisfy the examples exs . If successful, the algorithm returns the DNF lens dl . Otherwise,the function Expand produces a new set of candidate DNF regular expression pairs that can beobtained from DS and DT by applying various expansions to the source and target DNF regularexpressions. Algorithm 2
Expand function ExpandReqired ( DS , DT , e ) CS DS ← GetCurrentSet ( DS ) CS DT ← GetCurrentSet ( DT ) TS DS ← GetTransitiveSet ( DS ) TS DT ← GetTransitiveSet ( DT ) r ← false foreach ( U , i ) ∈ CS DS \ TS DT r ← true ( DS , e ) ← ForceExpand ( DS , U , i , e ) foreach ( U , i ) ∈ CS DT \ TS DS r ← true ( DT , e ) ← ForceExpand ( DT , U , i , e ) if r then return ExpandReqired ( DS , DT , e ) return ( DS , DT , e ) function FixProblemElts ( DS , DT , e ) CS DS ← GetCurrentSet ( DS ) CS DT ← GetCurrentSet ( DT ) qes ← [] foreach ( U , i ) ∈ CS DT \ CS DS qes ← qes ++ Reveal ( DS , U , i , e , DT ) foreach ( U , i ) ∈ CS DS \ CS DT qes ← qes ++ Reveal ( DT , U , i , e , DS ) return qes function Expand ( DS , DT , e ) ( DS , DT , e ) ← ExpandReqired ( DS , DT , e ) qes ← FixProblemElts ( DS , DT , e ) match qes with | [] → return ExpandOnce ( DS , DT , e ) | → return qes , Vol. 1, No. 1, Article 1. Publication date: October 2017. :16 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Expand . Intelligent expansion inference is key to the efficiency of Optician.
Expand , shown inAlgorithm 2, codifies this inference. It makes critical use of the locations of user-defined data types,measured by their star depth , which is the number of nested ∗ ’s the data type occurs beneath. Stardepth locations are useful because we can quickly compute the current star depths of user-defineddata types (with GetCurrentSet ) and the star depths of user-defined data types reachable viaexpansions (with
GetTransitiveSet ). Furthermore, the star depths of user-defined data typeshave the following useful property:
Property 1. If U is present at star depth i in DS and there exists a rewriteless DNF lens dl suchthat dl ˜: DS ⇔ DT , then U is also present at star depth i in DT . The symmetric property is true if U is present at star depth i in DT .Property 1 means that if there is a rewriteless DNF lens between two DNF regular expressions,then the same user-defined data types must be present at the same locations in both of the DNFregular expressions. We use this property to determine when certain rules must be applied and todirect the search to rules that make progress towards this required alignment. Expand has three major components:
ExpandReqired , FixProblemElts , and
ExpandOnce ,which we discuss in turn.
ExpandReqired performs expansions that must be taken. In partic-ular, if a user-defined data type U at star depth i is impossible to reach through any number ofexpansions on the opposite side, then that user-defined data type must be replaced by its defini-tion at that depth. For example, consider trying to find a lens between h[ legacy title ]i and h[ modern title ]i . No matter how many expansions are performed on modern title , the user-defined type legacy title will not be exposed because the set of possible reachable pairs of datatypes and star depths in modern title is {( modern title , 0 ) , ( text char , 0 ) , ( text char , 1 )} .Because no number of expansions will reveal legacy title on the right, the algorithm mustreplace legacy title with its definition on the left in order to find a lens. ExpandReqired continues until it finds all forced expansions.
ExpandReqired finds all the expansions that must be performed, but it does not perform anyother expansions. However, there are many situations where it is possible to infer that one ofa set of expansions must be performed without forcing any individual expansion. In particular,for any pair of types that have a rewriteless lens between them, for each (user-defined type, stardepth) pair ( U , i ) on one side, that same pair must be present on the other side. FixProblemElts identifies when there is a ( U , i ) pair present on only one side. After identifying these problemelements, it calls Reveal to find the expansions that will reveal this element. For example, after h[ legacy title ]i has been expanded to h[ "
FixProblemElts apply many expansions, but by themselvesthey are not sufficient. Typically, when
FixProblemElts and
ExpandReqired do not find all thenecessary expansions, the input data formats expect large amounts of similar information. For ex-ample, in trying to synthesize the identity transformation between "" | U | UU(U*) and "" | , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:17
U(U*) , ExpandReqired and
FixProblemElts find no forced expansions. An expansion is neces-sary, but the set of pairs ( {( U , 0 ) , ( U , 1 )} ) is the same for both sides. When this situation arises, thealgorithm uses the ExpandOnce function to conduct a purely enumerative search, implementedby performing all single-step expansions.
RigidSynth . The function
RigidSynth , shown in Algorithm 3, implements the portion of
Synth-Lens that generates a lens from the types and examples without using any equivalences. Intu-itively, it aligns the structures of the source and target regular expressions by finding appropriatepermutations of nested sequences and nested atoms, taking into account the information containedin the examples. Once it finds an alignment, it generates the corresponding lens.Searching for aligning permutations requires care, as na¨ıvely considering all permutations be-tween two DNF regular expressions h SQ | . . . | SQ n i and h TQ | . . . | TQ n i would require timeproportional to n !. A better approach is to identify elements of the source and target DNF regularexpressions that match and to leverage that information to create candidate permutations. RigidSynth performs this identification via orderings on sequences ( ≤ Seq ), and atoms ( ≤ Atom ).To determine if one expression is less than the other, the algorithm converts each expression intoa list of its subterms and returns whether the lexicographic ordering determines the first list lessthan the second. These orderings are carefully constructed so that equivalent terms have lensesbetween them. For example, between two sequences, SQ and TQ , there is a lens sql ˜: SQ ⇔ TQ if, and only if, SQ ≤ Seq TQ and TQ ≤ Seq SQ . Through these orderings, aligning the componentsreduces to merely sorting and zipping lists. Furthermore, through composing the permutationsrequired to sort the sequences, the algorithm discovers the permutation used in the lens.As an example, consider trying to find a DNF lens between h [ "
RigidSynthSeq , the atoms would not be reordered, aligning text char with text char , and h[ text char ]i ∗ with h[ text char ]i ∗ . Immediately, RigidSynthAtom finds the identity transfor-mation on text char , and will recurse to find iterate ((h([( "" , "" ) · id text char · ( "" , "" ) , id ])i , id )) for h[ text char ]i ∗ . Then, these generated atom lenses are combined into a sequence lens. Lastly,the two sequence lenses are used with the swapping permutation to create the final DNF lens.By incorporating information about how examples are parsed in the orderings, SynthLens guar-antees not only that there will be a lens between the regular expressions, but also that the lens , Vol. 1, No. 1, Article 1. Publication date: October 2017. :18 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Algorithm 3
RigidSynth function RigidSynthAtom ( A , B , exs ) match ( A , B ) with | ( U , V ) → if U ≤ exs Atom V ∧ V ≤ exs Atom U then return Some id U else return None | ( DS ∗ , DT ∗ ) → match RigidSynth ( DS , DT , exs ) with | Some dl → return iterate ( dl ) | None → return None | → return
None function
RigidSynthSeq ( SQ , TQ , exs ) [ s · A · . . . · A n · s n ] ← SQ [ t · B · . . . · B m · t m ] ← TQ if n , m then return None σ ← sorting (≤ exs Atom , [ A · . . . · A n ]) σ ← sorting (≤ exs Atom , [ B · . . . · B n ]) σ ← σ − ◦ σ ABs ← Zip ([ A · . . . · A n ] , [ B σ ( ) · . . . · B σ ( n ) ]) alos ← Map ( RigidSynthAtom ( exs ) , ABs ) match AllSome ( alos ) with | Some [ al · . . . · al n ] → return Some ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ − ) | None → return None function
RigidSynth ( DS , DT , exs ) h SQ | . . . | SQ n i ← DS h TQ | . . . | TQ m i ← DT if n , m then return None σ ← sorting (≤ exs Seq , [ SQ | . . . | SQ n ]) σ ← sorting (≤ exs Seq , [ TQ | . . . | TQ n ]) σ ← σ − ◦ σ STQs ← Zip ([ SQ | . . . | SQ n ] , [ TQ σ ( ) | . . . | TQ σ ( n ) ]) sqlos ← Map ( RigidSynthSeq ( exs ) , STQs ) match AllSome ( sqlos ) with | Some [ sql | . . . | sql n ] → return Some (h sql | . . . | sql n i , σ − ) | None → return None , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:19 will satisfy the examples. For example if SQ ≤ exs Seq TQ and TQ ≤ exs Seq SQ (where ≤ exs Seq is the orderingincorporating example information) then there is not only a sequence lens between SQ and TQ ,but there is one that also satisfies the examples. Incorporating parse tree information lets the syn-thesis algorithm differentiate between previously indistinguishable subcomponents; a text char that parsed only "a" would become less than a text char that parsed only "b" . The details ofthese orderings are formalized in Section B.12. Correctness.
We have proven two theorems demonstrating the correctness of our algorithm.
Theorem 4 (Algorithm Soundness) . For all lenses l , regular expressions S and T , and examples exs , if l = SynthLens ( S , T , exs ) , then l : S ⇔ T and for all ( s , t ) in exs , ( s , t ) ∈ [[ l ]] . Theorem 5 (Algorithm Completeness) . Given regular expressions S and T , and a set of exam-ples exs , if there exists a lens l such that l : S ⇔ T and for all ( s , t ) in exs , ( s , t ) ∈ [[ l ]] , then SynthLens ( S , T , exs ) will return a lens.Theorem 4 states that when we return a lens, that lens will match the specifications. Theorem 5states that if there is a DNF lens that satisfies the specification, then we will return a lens, butnot necessarily the same one. However, from Theorem 4, we know that this lens will match thespecifications. The proofs of these theorems, and the previous ones, are provided in the appendix. Simplification of Generated Lenses.
While our system takes in only partial specifications, therecan be multiple lenses that satisfy the specifications. To help users determine if the synthesizedlens is correct, Optician transforms the generated code to make it easily readable. Optician (1)maximally factors the concat s and or s, (2) turns lenses that perform identity transformations intoidentity lenses, and (3) simplifies the regular expressions the identity lenses take as an argument.Performing these transformations and pretty printing the generated lenses make the synthesizedlenses easy to understand. Compositional Synthesis.
Most synthesis problems can be divided into subproblems. For exam-ple, if the format S · S must be converted into T · T , one might first work on the S ⇔ T and S ⇔ T subproblems. After those subproblems have been solved, the lenses they generate can becombined into a solution for S · S ⇔ T · T .Our tool allows users to specify multiple synthesis problems in a single file, and allows thelater, more complex problems to use the results generated by earlier problems. This tactic allowsOptician to scale to problems of just about any size and complexity with just a bit more user input.This compositional interface also provides users greater control over the synthesized lenses andallows reuse of intermediate synthesized abstractions. The compositional synthesis engine allowslenses previously defined manually by the user, and lenses in the Boomerang standard library tobe included in synthesis. We have implemented Optician in 3713 lines of OCaml code. We have integrated our synthesisalgorithm into Boomerang, so users can input synthesis tasks in place of lenses. We have publishedthis code on GitHub, with a link given in the non-anonymized supplementary material.We evaluate our synthesis algorithm by applying it to 39 benchmark programs. All evaluationswere performed on a 2.5 GHz Intel Core i7 processor with 16 GB of 1600 MHz DDR3 runningmacOS Sierra. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :20 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Benchmark Suite Construction.
We constructed our benchmarks by adapting examples fromAugeas [26] and Flash Fill [16] and by handcrafting specific examples to test various features ofthe algorithm.Augeas is a configuration editing system for Linux that uses lens combinators similar to thosein Boomerang. However, it transforms strings on the left to structured trees on the right ratherthan transforming strings to strings. We adapted these Augeas lenses to our setting by convertingthe right-hand sides to strings that correspond to serialized versions of the tree formats. Augeasalso supports asymmetric lenses [13], which are more general than the bijective lenses Optician cansynthesize. We adapted these examples by adding extra fields to the target to make the transforma-tions bijective and thus suitable for our study. We derived 29 of the benchmark tests by adaptingthe first 27 lenses in alphabetical order, as well as the lenses aug/xml-firstlevel and aug/xml that were referenced by the ‘A’ lenses. Furthermore, the 12 last synthesis problems derived fromAugeas were tested after Optician was finalized, demonstrating that the optimizations were notovertuned to perform well on the testing data.Flash Fill is a system that allows users to specify common string transformations by exam-ple [16]. Many of the examples from Flash Fill are non-bijective because the user’s goal is oftento extract information. We were able to adapt some examples by adding information to the targetso the resulting transformation was bijective. We derived three benchmarks from examples in theFlash Fill paper [16] that were close to bijections.Finally, we added custom examples to highlight weaknesses of our algorithm ( cap-prob and ) and to test situations for which we thought the tool would be particularly use-ful ( workitem-probs , date-probs , bib-prob , and addr-probs ). These examples convert be-tween work item formats, date formats, bibliography formats, and address formats, respectively.We have both complex and simple synthesis tasks in our benchmark suite. We generate lenses ofsizes between 5 AST nodes, for simple problems like changing how dates are represented, and 305AST nodes, for complex tasks like transforming arbitrary XML of depth 3 or less to a dictionaryrepresentation. Impact of Optimizations.
We developed a series of optimizations that improve the performanceof the synthesis algorithm dramatically. To determine the relative importance of these optimiza-tions, we developed the 5 different modes that run the synthesis algorithm with various optimiza-tions enabled. These modes are:
Full : All optimizations are enabled, and compositional synthesis is used.
NoCS : Like
Full , but compositional synthesis is not used.
NoFPE : Like
NoCS , but
FixProblemElts is never called, expansions are only forced through
Ex-pandReqired or processed enumeratively through
ExpandOnce . NoER : Like
NoFPE , but all the expansions taken are generated through enumerative search from
ExpandOnce . NoUD : User-defined data types are no longer kept abstract until needed. All user-defined regularexpressions get replaced by their definition at the start of synthesis.We ran Optician in each mode over our benchmark suite. We summarize the results of thesetests in Figure 8.
Full synthesized all 39 benchmarks,
NoCS synthesized 48 benchmarks,
NoFPE synthesized 36 benchmarks,
NoER synthesized 6 benchmarks,
NoUD synthesized 8 benchmarks,and
Na¨ıve synthesized 0 benchmarks. Optician’s optimizations make synthesis effective againsta wide range of complex data formats. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:21 B e n c h m a r k s C o m p l e t e d Time vs Benchmarks Completed
FullNoCSNoFPENoUDNoERFlashExtractFlash FillNaïve
Fig. 8. Number of benchmarks that can be solved by a given algorithm in a given amount of time.
Full isthe full synthesis algorithm.
NoCS is the synthesis algorithm using all optimizations but without using alibrary of existing lenses.
NoFPE is the core DNF synthesis algorithm augmented with user-defined datatypes with forced expansions performed.
NoER is the core synthesis augmented with user-defined datatypes.
NoUD is the core synthesis algorithm.
FlashExtract is the existing FlashExtract system.
Flash Fill is the existing Flash Fill system.
Na¨ıve is na¨ıve type-directed synthesis on the bijective lens combinators.Our synthesis algorithm performs better than the na¨ıve approach and other string transformation systems,and our optimizations speed up the algorithm enough that all tasks become solvable.
Interestingly,
NoER performs worse than
NoUD . Adding in user defined data types introducesthe additional search through substitutions. The cost of this additional search outweighs the sav-ings that these data type abstractions provide. In particular, because of the large fan-out of possi-ble expansions,
NoER can only synthesize lenses which require 5 or fewer expansions. However,some lenses require over 50 expansions. Without a way to intelligently traverse expansions, theneed to search through substitutions makes synthesis unbearably slow.In
NoFPE , we can determine that many expansions are forced, so an enumerative search is oftenunnecessary. Figure 9 shows that in a majority of examples, all the expansions can be identifiedas required, minimizing the impact of the large fan-out. While unable to infer every expansionfor all the benchmarks, the full algorithm is able to infer quite a bit. In our benchmark suite,
ExpandReqired infers a median of 13 and a maximum of 75 expansions.Merely inferring the forced expansions makes almost all the synthesis tasks solvable. In manycases,
NoFPE infers all the expansions. In 22 of the 38 examples solvable by
NoCS , all expansionswere forced. However, the remaining 16 still require some enumerative search. This enumerativesearch causes the
NoFPE version of the algorithm to struggle with some of the more complexbenchmarks. Incorporating
FixProblemElts speeds up these slow benchmarks. When using fullinference (
FixProblemElts and
ExpandReqired ), the synthesis algorithm can recognize that , Vol. 1, No. 1, Article 1. Publication date: October 2017. :22 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic B e n c h m a r k C oun t Number of Benchmarks with Uninferred Expansions
NoCSNoFPE
Fig. 9. Number of expansions found using enumerative search for tasks requiring a given number of expan-sions.
NoCS is using the full inference algorithm.
NoFPE only counts forced inferences as found by the
ExpandRequired function. Both systems are able to infer the vast majority of expansions. Full inferenceonly rarely requires enumerative search. B e n c h m a r k C oun t Subtasks Specified During Compositional Synthesis
Fig. 10. Number of subtasks specified during compositional synthesis. Splitting the task into just a fewsubtasks provides huge performance benefits at the cost of a small amount of additional user work. one of a few expansions must be performed. Adding in these types of inferred expansions di-rects the remaining search even more, both speeding up existing problems and solving previouslyunmanageable benchmarks.When combined, these optimizations implement an efficient synthesis algorithm, which cansynthesize lenses between a wide range of data formats. However, some of the tasks are stillslow, and one remains unsolved. Using compositional synthesis lets the system scale to the mostcomplex synthesis tasks, synthesizing all lenses in under 5 seconds. Additional user interactionis required for compositional synthesis, but the amount of interaction is minimal, as shown inFigure 10. The number of subtasks used was in no way the minimal number of subtasks neededfor synthesis under 5 seconds, but rather subtasks were introduced where they naturally arose. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:23 B e n c h m a r k C oun t Examples Required for Benchmarks
Experimental AverageDeterminize Permutations
Fig. 11. Average number of random examples required to synthesize benchmark programs.
ExperimentalAverage is the average number of randomly generated examples needed to correctly synthesize the lens.
Determinize Permutations is the theoretical number of examples required to determinize the choice allthe permutations in
RigidSynth . In practice, far fewer examples are needed to synthesize the correct lensthan would be predicted by the number required to determinize permutations.
The benchmark that only completes with compositional synthesis is also the slowest benchmarkin
Full , aug/xml . Optician can only synthesize a lens for this example when compositional syn-thesis is used because it is a complex data format, it requires a large number of expansions, andrelatively few expansions are forced. When not using compositional synthesis, the algorithm mustperform a total of 398 expansions, of which only 105 are forced. The synthesis algorithm is ableto force so few expansions because of the highly repetitive nature of the aug/xml specification.XML tags occur at many different levels, and they all use the same user-defined data types. Thisrepetitive nature causes our expansion inference to find only a few of the large number of requiredexpansions. The large fan-out of expansions, combined with the large number of expansions thatmust be performed, creates a search space too large for our algorithm to effectively search. How-ever, the synthesis algorithm is able to succeed on the easier task of finding the desired transforma-tion when provided with two additional subtasks: synthesis on XML of depth one, and synthesisof XML of depth up to two. Importance of Examples.
To evaluate how many user-supplied examples the algorithm requiresin practice, we randomly generated appropriate source/target pairs, mimicking what a na¨ıve usermight do. We did not write the examples by hand out of concern that our knowledge of thesynthesis algorithm might bias the selection. Figure 11 shows the number of randomly generatedexamples it takes to synthesize the correct lens averaged over ten runs. The synthesis algorithmalmost never needs any examples: only 5 benchmarks need a nonzero number of examples tosynthesize the correct lens and only one, cust/workitem-probs required over 10 randomlygenerated examples. A clever user may be able to reduce the number of examples further byselecting examples carefully; we synthesized cust/workitem-probs with only 8 examples.These numbers are low because there are relatively few well-typed bijective lenses between anytwo source and target regular expressions. As one would expect, the benchmarks where there aremultiple ways to map source data to the target (and vice versa) require the most examples. For Since xml syntax is context-free, the source and target regular expressions describe only xml expressions up to depth 3., Vol. 1, No. 1, Article 1. Publication date: October 2017. :24 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic example, the benchmark cust/workitem-probs requires a large number of examples becauseit must differentiate between data in different text fields in both the source and target and mapbetween them appropriately. As these text fields are heavily permuted (the legacy format orderedfields by a numeric ID, where the modern format ordered fields alphabetically) and fields can beomitted, a number of examples are needed to correctly identify the mapping between fields.The average number of examples to infer the correct lens does not tell the whole story. Thesystem will stop as soon as it finds a well typed lens that satisfies the supplied examples. Thisinferred lens may or may not correctly handle unseen examples that correspond to unexercisedportions of the source and target regular expressions. Figure 11 lists the number of examples thatare required to determinize the generation of permutations in
RigidSynth . Intuitively, this num-ber represents the maximum number of examples that a user must supply to guide the synthesisengine if it always guesses the wrong permutation when multiple permutations can be used tosatisfy the specification.The average number of examples is so much lower than the maximum number of requiredexamples because of correspondences in how we wrote the regular expressions for the source andtarget data formats. Specifically, when we had corresponding disjunctions in both the source andthe target, we ordered them the same way. The algorithm uses the supplied ordering to guide itssearch, and so the system requires fewer examples. We did not write the examples in this styleto facilitate synthesis, but rather because maintaining similar subparts in similar orderings makesthe types much easier to read. We expect that most users would do the same.
Comparison Against Other Tools.
We are the first tool to synthesize bidirectional transformationsbetween data formats, so there is no tool to which we can make an apple-to-apples comparison.Instead, we compare against tools for generating unidirectional transformations instead. Figure 8includes a comparison against two other well-known tools that synthesize text transformation andextraction functions from examples – Flash Fill and FlashExtract. For this evaluation, we used theversion of these tools distributed through the PROSE project [38].To generate specifications for Flash Fill, we generated input/output specifications by generatingrandom elements of the source language, and running the lens on those elements to generateelements of the target language. These were then fed to Flash Fill.To generate specifications for FlashExtract, we extracted portions of strings mapped in the gen-erated lens either through an identity transformation or through a previously synthesized lens,whereas strings that were mapped through use of const were considered boilerplate and so notextracted.As these tools were designed for a broader audience, they put less of a burden on the user. Thesetools only use input/output examples (for Flash Fill), or marked text regions (for FlashExtract), asopposed to Optician’s use of regular expressions to constrain the format of the input and output. Byusing regular expressions, Optician is able to synthesize significantly more programs than eitherexisting tool.Flash Fill and FlashExtract have two tasks: to determine how the data is transformed, theymust also infer the structure of the data, a difficult job for complex formats. In particular, neitherFlash Fill nor FlashExtract was able to synthesize transformations or extractions present undertwo iterations, a type of format that is notoriously hard to infer. These types of dual iterations arepervasive in Linux configuration files, making Flash Fill and FlashExtract ill suited for many of thesynthesis tasks present in our test suite.Furthermore, as unidirectional transformations, Flash Fill and FlashExtract have a more expres-sive calculus. To guarantee bidirectionality, our syntax must be highly restrictive, providing asmaller search space to traverse. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:25
In searching for equivalent regular expressions, we focused on Conway’s equational theory ratherthan alternative axiomatizations such as Kozen’s [22] and Salomaa’s [33]. Kozen and Salomaa’saxiomatizations are not equational theories: applying certain inference rules requires that sideconditions must be satisfied. Consequently, using these axiomatizations does not permit a simplesearch strategy – our algorithm could no longer merely apply rewrite rules because it would needto confirm that the side conditions are satisfied. To avoid these complications, we focused onConway’s equational theory.The literature on bidirectional programming languages and on lens-like structures is extensive.We discussed highlights in the introduction; readers can also consult a (slightly dated) survey [8]and recent theoretical perspectives [1, 12].While we do not know of any previous efforts to synthesize bidirectional transformations, thereis a good deal of other recent research on synthesizing unidirectional string transformations [16,24, 31, 35, 36]. We compared our system to two of these unidirectional string transformers, FlashFill [16] and FlashExtract [24]. We found that these tools were unsuccessful in synthesizing thecomplex transformations we are performing – both these tools synthesized under 5 of our 39 ex-amples. Furthermore, neither of these tools were able to infer transformations which occurredunder two iterations. Much of this work assumes, like us, that the synthesis engine is providedwith a collection of examples. Our work differs in that we assume the programmer supplies bothexamples and format descriptions in the form of regular expressions. There is a trade-off here. Onthe one hand, a user must have some programming expertise to write regular expression specifi-cations and it requires some work. On the other hand, such specifications provide a great deal ofinformation to the synthesis system, which decreases the number of examples needed (often tozero), makes the system scale well, and allows it to handle large, complex formats, as shown in § RigidSynth algorithm itself.Morpheus [10] is another synthesis system that uses two communicating synthesizers to gener-ate programs. In both Morpheus and Optician, one synthesizer provides an outline for the program,and the other fills in that outline with program details that satisfy the user’s specifications. Thisapproach works well in large search spaces, which require some enumerative search. Our systemsdiffer in that an outline for Morpheus is a sketch—an expression containing holes—whereas an out-line for Optician is a pair of DNF regular expressions, i.e., a type . Moreover, in order to implementan efficient search procedure, we had to create both a new type language and a new term language , Vol. 1, No. 1, Article 1. Publication date: October 2017. :26 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic for lenses. Once we did so, we proved our new, more constrained language designed for synthe-sis was just as expressive as the original, more flexible and compositional language designed forhuman programmers.Many synthesis algorithms work on domain-specific languages custom built for synthesis [15,24, 37, 39]. We too built a custom domain-specific language for synthesis – DNF lenses. We providethe capabilities to convert specifications in an existing language, Boomerang, to specifications asDNF regular expressions, and provide the capabilities to convert our generated DNF lenses toBoomerang lenses. But we go further than merely providing a converter to Boomerang, we alsoprovide completeness results stating exactly which terms of Boomerang we are able to synthesize.
Data processing systems often need to convert data back-and-forth between different formats.Domain-specific languages for generating bidirectional programs help prevent data corruption insuch contexts, but are unfamiliar and hard to use. To simplify the development of bidirectionalapplications, we have created the first synthesizer of a bidirectional language, generating lensesfrom data format specifications and input/output examples. To reduce the size of the synthesissearch space, our system introduces a new language of DNF lenses, which are typed by DNF regularexpressions. We have proven our new language sound and complete with respect to a declarativespecification. We also describe effective optimizations for efficiently searching through the refinedspace of lenses.We evaluated our system on a range of practical examples drawn from other systems in theliterature including Flash Fill and Augeas. In general, we found our system to be robust, to requirefew examples, and to finish in seconds, even on complex data formats. We found that our type-directed synthesis algorithm is able to generate data transformations too complex for both existingexample-directed systems and for a na¨ıve type-directed algorithm, succeeding on 35 more bench-marks than the tested existing alternatives. We attribute its success to a combination of (1) theinformation provided by format specifications, (2) the structure induced by user-specified names,and (3) the inferences used to guide search. The approaches we used are generalizable both toother bidirectional languages, as well as to other domain-specific languages with large numbersof equivalences on the types.
REFERENCES [1] F. Abou-Saleh, J. Cheney, J. Gibbons, J. McKinna, and P. Stevens. Reflections on monadic lenses. In
A List of SuccessesThat Can Change the World - Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday
ACM SIGPLAN International Conference on Functional Programming (ICFP), Baltimore, Maryland , Sept. 2010.[4] A. Bohannon, J. A. Vaughan, and B. C. Pierce. Relational lenses: A language for updateable views. In
Principles ofDatabase Systems (PODS) , 2006. Extended version available as University of Pennsylvania technical report MS-CIS-05-27.[5] A. Bohannon, J. N. Foster, B. C. Pierce, A. Pilkiewicz, and A. Schmitt. Boomerang: Resourceful lenses for string data.In
Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages , POPL’08. ACM, 2008.[6] R. Book, S. Even, S. Greibach, and G. Ott. Ambiguity in graphs and expressions.
IEEE Trans. Comput. , 20(2), Feb. 1971.ISSN 0018-9340.[7] J. H. Conway.
Regular Algebra and Finite Machines . Printed in GB by William Clowes & Sons Ltd, 1971.[8] K. Czarnecki, J. N. Foster, Z. Hu, R. L¨ammel, A. Sch¨urr, and J. F. Terwilliger. Bidirectional transformations: A cross-discipline perspective. In R. F. Paige, editor,
ICMT , volume 5563 of
Lecture Notes in Computer Science , pages 260–283.Springer, 2009. ISBN 978-3-642-02407-8., Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:27 [9] M. Droste, W. Kuich, and H. Vogler, editors.
Semirings and Formal Power Series , pages 3–28. Springer Berlin Heidelberg,2009. URL http://dx.doi.org/10.1007/978-3-642-01492-5 1.[10] Y. Feng, R. Martins, J. Van Geffen, I. Dillig, and S. Chaudhuri. Component-based synthesis of table consolidation andtransformation tasks from examples. In
Proceedings of the 38th ACM SIGPLAN Conference on Programming LanguageDesign and Implementation , PLDI 2017. ACM, 2017. URL http://doi.acm.org/10.1145/3062341.3062351.[11] J. K. Feser, S. Chaudhuri, and I. Dillig. Synthesizing data structure transformations from input-output examples. In
Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) , 2015.[12] S. Fischer, Z. Hu, and H. Pacheco. The essence of bidirectional programming.
SCIENCE CHINA Information Sciences ,58(5):1–21, 2015.[13] J. N. Foster, M. B. Greenwald, J. T. Moore, B. C. Pierce, and A. Schmitt. Combinators for bidirectional tree transforma-tions: A linguistic approach to the view-update problem.
ACM Transactions on Programming Languages and Systems ,29(3):17, May 2007.[14] J. Frankle, P.-M. Osera, D. Walker, and S. Zdancewic. Example-directed synthesis: A type-theoretic interpretation(extended version). Technical Report MS-CIS-15-12, University of Pennsylvania, 2015.[15] S. Gulwani. Automating string processing in spreadsheets using input-output examples. In
ACM SIGPLAN Notices ,volume 46. ACM, 2011.[16] S. Gulwani. Automating string processing in spreadsheets using input-output examples. In
Proceedings of the 38thAnnual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages , POPL ’11. ACM, 2011.[17] T. Gvero, V. Kuncak, I. Kuraj, and R. Piskac. Complete completion using types and weights. In
Proceedings of the 2013ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) , 2013.[18] B. Harry. A new api for visual studio online, 2014.[19] S. Hidaka, Z. Hu, K. Inaba, H. Kato, K. Matsuda, and K. Nakano. Bidirectionalizing graph transformations. In
Proceed-ing of the 15th ACM SIGPLAN international conference on Functional programming, ICFP 2010, Baltimore, Maryland,USA, September 27-29, 2010 , pages 205–216, 2010.[20] S. Hidaka, Z. Hu, K. Inaba, H. Kato, and K. Nakano. Groundtram: An integrated framework for developing well-behaved bidirectional model transformations. In
Automated Software Engineering (ASE) , 2011.[21] H. Ko, T. Zan, and Z. Hu. BiGUL: A formally verified core language for putback-based bidirectional programming.In
Proceedings of the 2016 ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation, PEPM 2016, St.Petersburg, FL, USA, January 20 - 22, 2016 , pages 61–72, 2016.[22] D. Kozen. A completeness theorem for kleene algebras and the algebra of regular events.
Information and Computation
Theor. Comput. Sci. , 89(2), Oct. 1991. ISSN 0304-3975. URLhttp://dx.OMITdoi.org/10.1016/0304-3975(91)90395-I.[24] V. Le and S. Gulwani. FlashExtract: A framework for data extraction by examples. In
Proceedings of the 35th ACMSIGPLAN Conference on Programming Language Design and Implementation , PLDI ’14. ACM, 2014.[25] D. Liu, Z. Hu, and M. Takeichi. Bidirectional interpretation of XQuery. In
Proceedings of the 2007 ACM SIGPLANWorkshop on Partial Evaluation and Semantics-based Program Manipulation, 2007, Nice, France, January 15-16, 2007 ,pages 21–30, 2007.[26] D. Lutterkort. Augeas: A Linux configuration API, Feb. 2007. Available from http://augeas.net/ .[27] N. Macedo, H. Pacheco, N. R. Sousa, and A. Cunha. Bidirectional spreadsheet formulas. In
IEEE Symposium on VisualLanguages and Human-Centric Computing, VL/HCC 2014, Melbourne, VIC, Australia, July 28 - August 1, 2014 , pages161–168, 2014.[28]
Requirements and compatibility — Team Foundation Server Setup, Update and Administration . Microsoft Corporation,2017.[29] P.-M. Osera and S. Zdancewic. Type-and-example-directed program synthesis. In
Proceedings of the 36th ACM SIG-PLAN Conference on Programming Language Design and Implementation . ACM, 2015.[30] H. Pacheco, T. Zan, and Z. Hu. Biflux: A bidirectional functional update language for XML. In
Proceedings of the 16thInternational Symposium on Principles and Practice of Declarative Programming, Kent, Canterbury, United Kingdom,September 8-10, 2014 , pages 147–158, 2014.[31] D. Perelman, S. Gulwani, D. Grossman, and P. Provost. Test-driven synthesis. In
Proceedings of the 35th ACM SIGPLANConference on Programming Language Design and Implementation , PLDI ’14, 2014.[32] N. Polikarpova, I. Kuraj, and A. Solar-Lezama. Program synthesis from polymorphic refinement types. In
Proceedingsof the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation , PLDI ’16. ACM, 2016.URL http://doi.acm.org/10.1145/2908080.2908093.[33] A. Salomaa. Two complete axiom systems for the algebra of regular events.
J. ACM , 13(1), Jan. 1966. ISSN 0004-5411.URL http://doi.acm.org/10.1145/321312.321326. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :28 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic [34] G. Scherer and D. R`emy. Which simple types have a unique inhabitant? In
Proceedings of the 18th ACM SIGPLANInternational Conference on Functional Programming (ICFP) , 2015.[35] R. Singh. Blinkfill: Semi-supervised programming by example for syntactic string transformations.
Proc. VLDBEndow. , 9(10), June 2016.[36] R. Singh and S. Gulwani. Learning semantic string transformations from examples.
Proceedings of the VLDB Endow-ment , 5(8), 2012.[37] A. Solar-Lezama.
Program Synthesis by Sketching . PhD thesis, University of California, Berkeley, 2008.[38] M. P. Team. Microsoft Program Synthesis using Examples SDK, 2017. URL https://microsoft.github.io/prose/.[39] N. Yaghmazadeh, C. Klinger, I. Dillig, and S. Chaudhuri. Synthesizing transformations on hierarchically structureddata. In
Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation ,PLDI ’16. ACM, 2016.[40] T. Zan, L. Liu, H. Ko, and Z. Hu. Brul: A putback-based bidirectional transformation library for updatable views. In
Proceedings of the 5th International Workshop on Bidirectional Transformations, Bx 2016, co-located with The EuropeanJoint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 8, 2016. , pages77–89, 2016.[41] Z. Zhu, H. Ko, P. Martins, J. Saraiva, and Z. Hu. Biyacc: Roll your parser and reflective printer into one. In
Proceedingsof the 4th International Workshop on Bidirectional Transformations co-located with Software Technologies: Applicationsand Foundations, STAF 2015, L’Aquila, Italy, July 24, 2015. , pages 43–50, 2015., Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:29
A FORMAL DEFINITIONS
Definition 3 (Unambiguous Concatenation Language) . If L and L are languages, such that forall strings s , t ∈ L , and for all strings s , t ∈ L , If s · s = t · t , then L is unambiguouslyconcatenable with L , written L · ! L . Definition 4 (Conway’s Regular Expression Equivalences) . S | ∅ ≡ S + IdentS · ∅ ≡ ∅ R ∅ · S ≡ ∅ L ( S · S ′ ) · S ′′ ≡ S · ( S ′ · S ′′ ) · Assoc ( S | S ′ ) | S ′′ ≡ S | ( S ′ | S ′′ ) | AssocS | T ≡ T | S | CommS · ( S ′ | S ′′ ) ≡ ( S · S ′ ) | ( S · S ′′ ) Dist R ( S ′ | S ′′ ) · S ≡ ( S ′ · S ) | ( S ′′ · S ) Dist L ϵ · S ≡ S · Ident L S · ϵ ≡ S · Ident R ( S | T ) ∗ ≡ ( S ∗ · T ) ∗ · S ∗ Sumstar ( S · T ) ∗ ≡ ϵ | ( S · ( T · S ) ∗ · T ) Prodstar ( S ∗ ) ∗ ≡ S ∗ Starstar ( S | T ) ∗ ≡ (( S | T ) · T | ( S · T ∗ ) n · S ) ∗ · Dicyc ( ϵ | ( S | T )·(( S · T ∗ ) | . . . | ( S · T ∗ ) n )) Definition 5 (Definitional Regular Expression Equivalences) . S | ∅ ≡ s S + IdentS · ∅ ≡ s ∅ R ∅ · S ≡ s ∅ L ( S · S ′ ) · S ′′ ≡ s S · ( S ′ · S ′′ ) · Assoc ( S | S ′ ) | S ′′ ≡ s S | ( S ′ | S ′′ ) | AssocS | T ≡ s T | S | CommS · ( S ′ | S ′′ ) ≡ s ( S · S ′ ) | ( S · S ′′ ) Dist R ( S ′ | S ′′ ) · S ≡ s ( S ′ · S ) | ( S ′′ · S ) Dist L S · ϵ ≡ s S · Ident L S · ϵ ≡ s S · Ident R S ∗ ≡ s ϵ | ( S · S ∗ ) Unrollstar L S ∗ ≡ s ϵ | ( S ∗ · S ) Unrollstar R B PROOFS
The proof is split into separate subsections based on what is being done. The overall goals are toprove soundness and completeness of DNF regular expressions with respect to regular expressions,and soundness and completeness of DNF lenses with respect to lenses. • Subsection B.1 defines confluence with respect to a property, bisimilarity, and makes somegeneral proofs about those properties. These are used later for the proof of confluence ofrewriting with respect to semantics, which is used in lens completeness. • Subsection B.2 proves some general statements about languages, relating to the relation-ship between nonintersection of pairs of languages, and sets of languages, and the relation-ship between shared prefixes and suffixes of pairs of languages. These are used for proving , Vol. 1, No. 1, Article 1. Publication date: October 2017. :30 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic statements about unambiguity of DNF regular expressions from unambiguous regular ex-pressions, and vice-versa. • Subsection B.3 proves some intuitive statements about lenses and DNF lenses. These state-ments are properties like inversion, closure under composition for rewriteless DNF lenses,and proves that bijective lenses and bijective DNF lenses actually express bijections be-tween the languages of their types. • Subsection B.4 proves soundness and completeness of DNF regular expressions to regularexpressions. • Subsection B.5 proves statements relating to the retention of unambiguity across languages.In particular, it proves statements about ⇓ and ⇑ , and also proves statements about the re-tention of unambiguity through rewrites. • Subsection B.6 proves statements about the retention of language through proofs, and theequivalences of expressibility of various rewrite systems. • Subsection B.7 proves the soundness of DNF lenses to lenses, using the machinery above. • Subsection B.8 defines operators on DNF lenses, which provide combinators similar to thecombinators of normal lenses. This section also proves statements about these combina-tors, like how the combinators act similarly to normal lenses. • Subsection B.9 proves more complex properties about lens operators. These more complexstatements are needed because DNF regular expressions don’t have rewrites that orderclauses. • Subsection B.10 proves statements about the ability to build up rewrites on DNF regularexpressions composed of less complex ones, from the rewrites of those less complex DNFregular expressions. It also proves the proof of confluence of rewrites. • Subsection B.11 proves the completeness of dnf lenses with respect to lenses. • Subsection B.12 proves the algorithm correct. • Subsection B.13 proves some random statements we make, but don’t formally express, inthe paper.
B.1 Confluence Proofs
This section begins by defining confluence and bisimilarity. Next we prove that if a rewrite systemis bisimilar with respect to a property, then the transitive and reflexive closure of that rewritesystem is too. Next, a similar statement about transitive and reflexive closure of rewrite systemsfor confluence is proven, under the conditions that the property confluence is defined with respectto is transitive. Next, propagators are defined, and used in if a rewrite system is confluent withrespect to a property with left and right propagators, then the transitive and reflexive closures ofthat rewrite system is confluent with respect to the same property.
Definition 6.
Let → and p be two binary relations on a set S . We say that → is confluent withrespect to p , written confluent p (→) , if, given x , x ∈ S , where p ( x , x ) , if x → x ′ and x → x ′ ,then there exists x ′′ and x ′′ such that x ′ → x ′′ , x ′ → x ′′ , and p ( x ′′ , x ′′ ) . Definition 7.
Let → and p be two binary relations on a set S . We say that → is bisimilar through p , written bisimilar p (→) , if, given x , x ∈ S , where p ( x , x ) , if x → x ′ then there exists some x such that x → x ′ where p ( x ′ , x ′ ) , and if x → x ′ , then there exists some x ′ such that x → x ′ where p ( x ′ , x ′ ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:31 Definition 8.
Let p be a binary relation. p ∗ is the binary relation defined via the inference rules Reflexivity p ∗ ( x , x ) Base p ( x , y ) p ∗ ( x , y ) Transitivity p ∗ ( x , y ) p ∗ ( y , z ) p ∗ ( x , z ) Lemma 1 (Bisimilarity Preserved through Star left) . Let bisimilar p (→) . If p ( x , y ) and x → ∗ x ′ thenthere exists some y ′ such that y → ∗ y ′ where p ( x ′ , y ′ ) Proof.
By induction on the derivation of x → ∗ x ′ . Case
Reflexivity ) . x → ∗ x Consider the derivation y → ∗ y and by assumption p ( x , y ) . Case
Base ) . x → x ′ x → ∗ x ′ As bisimilar p (→) , y → y ′ where p ( x ′ , y ′ ) . y → y ′ y → ∗ y ′ Case
Transitivity ) . x → ∗ x ′′ x ′′ → ∗ x ′ x → ∗ x ′ By IH, y → ∗ y ′′ where p ( x ′′ , y ′′ ) . By IH, y ′′ → ∗ y ′ where p ( x ′ , y ′ ) . y → ∗ y ′′ y ′′ → ∗ y ′ y → ∗ y ′ (cid:3) Lemma 2 (Bisimilarity Preserved through Star right) . Let bisimilar p (→) . If p ( x , y ) and x → ∗ x ′ then there exists some y ′ such that y → ∗ y ′ where p ( x ′ , y ′ ) Proof.
Symmetrically to Lemma 1. (cid:3)
Lemma 3 (Bisimilarity Preserved through Star) . If bisimilar p (→) , then bisimilar p (→ ∗ ) . Proof.
By application of Lemma 1 and Lemma 2. (cid:3)
Lemma 4. If confluent p (→) , bisimilar p (→) , p ( x , y ) ∧ p ( y , z ) ⇒ p ( x , z ) , and p ( x , y ) ⇒ p ( x , x ) ∧ p ( y , y ) then if p ( x , y ) , x → ∗ x , y → x , then there exists some x , x y such that x → x , y → ∗ y , and p ( x , y ) . Proof.
By induction on the derivation of x → ∗ x . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :32 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case
Reflexivity ) . x → ∗ x By bisimilar p (→) , there exists some x such that x → x and p ( x , y ) . Furthermore, y → ∗ y so we are done. Case
Base ) . x → x x → ∗ x As confluent p (→) , there exists x , y such that x → x , y → y , and p ( x , y ) . Furthermore y → y y → ∗ y Case
Transitivity ) . x → ∗ x x → ∗ x x → ∗ x By IH, there exists x , y such that x → x , and y → ∗ y , and p ( x , y ) .As p ( x , y ) , we have p ( x , x ) . As p ( x , x ) , and x → ∗ x , then there exists x ′ such that p ( x , x ′ ) , so p ( x , x ) . So, by IH, as p ( x , x ) , x → ∗ x , and x → x , there exists x , x such that x → x , x → ∗ x , and p ( x , x ) .As p ( x , y ) , and x → ∗ x , then by bisimilar p (→) and Lemma 3, there exists y such that y → ∗ y ,and p ( x , y ) . By Transitivity , y → ∗ y . From before, x → x . Because we have p ( x , x ) and p ( x , y ) , we have p ( x , y ) . (cid:3) Lemma 5. If confluent p (→) , bisimilar p (→) , and p ( x , y ) ∧ p ( y , z ) ⇒ p ( x , z ) , and p ( x , y ) ⇒ p ( x , x ) ∧ p ( y , y ) then if p ( x , y ) , x → ∗ x , y → ∗ x , then there exists some x , x y such that x → ∗ x , y → ∗ y , and p ( x , y ) . Proof.
By induction on the derivation of y → ∗ y . Case
Reflexivity ) . y → ∗ y By bisimilar p (→) , and Lemma 3, there exists some y such that y → ∗ y and p ( x , y ) . Further-more, y → ∗ y so we are done. Case
Base ) . y → y y → ∗ y As confluent p (→) , bisimilar p (→) , y → y , x → ∗ x , and p ∗ ( x , y ) if, and only if p ( x , y ) , by Lemma 4,there exists x , y such that x → x , y → ∗ y , and p ( x , y ) . Furthermore x → x x → ∗ x , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:33 Case
Transitivity ) . y → ∗ y y → ∗ y y → ∗ y By IH, there exists x , y such that x → ∗ x , and y → ∗ y , and p ( x , y ) .As p ( x , y ) , we have p ( y , y ) . As p ( y , y ) , and y → ∗ y , then there exists y ′ such that p ( y , y ′ ) , so p ( y , y ) . So, by IH, as p ( y , y ) , y → ∗ y , and y → ∗ y , there exists y , y such that y → ∗ y , y → ∗ y ,and p ( y , y ) .As p ( x , y ) , and y → ∗ y , then by bisimilar p (→) and Lemma 3, there exists x such that x → ∗ x ,and p ( x , y ) . By Transitivity , x → ∗ x . From before, y → y . As we have p ( x , y ) and p ( y , y ) ,we have p ( x , y ) . (cid:3) Definition 9.
A property q is a left propagator for p with respect to → if bisimilar q (→) , confluent q (→) , q ( x , y ) ∧ q ( y , z ) ⇒ q ( x , z ) , q ( x , y ) ⇒ q ( x , x ) ∧ q ( y , y )) , p ( x , y ) ⇒ q ( x , x ) , and q ( x , y ) ∧ p ( y , z ) ⇒ p ( x , z ) . Definition 10.
A property q is a right propagator for p with respect to → if bisimilar p (→) , confluent p (→) , q ( x , y ) ∧ q ( y , z ) ⇒ q ( x , z ) , q ( x , y ) ⇒ q ( x , x ) ∧ q ( y , y )) , p ( x , y ) ⇒ q ( y , y ) , and p ( x , y ) ∧ q ( y , z ) ⇒ p ( x , z ) . Lemma 6.
Let confluent p (→) . Let bisimilar p (→) . Let q L be a left propagator for p with respect to → . If p ( x , x ) , x → ∗ x ′ , x → x ′ , then there exists some x ′′ , x ′′ such that x ′ → x ′′ , x ′ → ∗ x ′′ , and p ( x ′′ , x ′′ ) . Proof.
By induction on the derivation of x → ∗ x ′ . Case
Reflexivity ) . x → ∗ x By bisimilar p (→) , there exists some x ′ such that x → x ′ and p ( x ′ , x ′ ) . Furthermore, x ′ → ∗ x ′ so we are done. Case
Base ) . x → x ′ x → ∗ x ′ As confluent p (→) , there exists x , y such that x → x , y → y , and p ( x , y ) . Furthermore y → y y → ∗ y Case
Transitivity ) . x → ∗ x x → ∗ x x → ∗ x By IH, there exists x , y such that x → x , and y → ∗ y , and p ( x , y ) .As q L ∗ ( a , b ) if, and only if q L ( a , b ) , q L ( x , x ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :34 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic As p ( x , y ) , we have q L ( x , x ) . As q L ( x , x ) and x → ∗ x , there exists x ′ such that x → ∗ x ′ , and q L ( x , x ′ ) , which means that q L ( x , x ) . As q L is a propagator with respect to → , it fills the prop-erties required for Lemma 4, So, as q L ( x , x ) , x → ∗ x , and x → x , there exists x , x such that x → x , x → ∗ x , and q L ( x , x ) .As p ( x , y ) , and x → ∗ x , then by bisimilar p (→) and Lemma 3, there exists y such that y → ∗ y ,and p ( x , y ) . By Transitivity , y → ∗ y . From before, x → x . Because q L ( x , x ) and p ( x , y ) ,and q L is a left propagator, p ( x , y ) . (cid:3) Theorem 6 (Confluence Preserved Through Star) . Let confluent p (→) . Let bisimilar p (→) . Let q L be a left propagator for p with respect to → . Let q R be a right propagator for p with respect to → . If p ( x , x ) , x → ∗ x ′ , x → x ′ , then there exists some x ′′ , x ′′ such that x ′ → x ′′ , x ′ → ∗ x ′′ , and p ( x ′′ , x ′′ ) . Proof.
By induction on the derivation of y → ∗ y . Case
Reflexivity ) . y → ∗ y By bisimilar p (→) , and Lemma 3, there exists some y such that y → ∗ y and p ( x , y ) . Further-more, y → ∗ y so we are done. Case
Base ) . y → y y → ∗ y As confluent p (→) , bisimilar p (→) , y → y , x → ∗ x , and p ∗ ( x , y ) if, and only if p ( x , y ) , by Lemma 6,there exists x , y such that x → x , y → ∗ y , and p ( x , y ) . Furthermore x → x x → ∗ x Case
Transitivity ) . y → ∗ y y → ∗ y y → ∗ y By IH, there exists x , y such that x → ∗ x , and y → ∗ y , and p ( x , y ) .As p ( x , y ) , we have q R ( y , y ) . As q R ( x , x ) and y → ∗ y , there exists y ′ such that y → ∗ y ′ , and q R ( y , y ′ ) , which means that q R ( y , y ) . As q L is a propagator with respect to → , it fills the prop-erties required for Lemma 5, So, as q R ( y , y ) , y → ∗ y , and y → ∗ y , there exists y , y such that y → ∗ y , y → ∗ y , and q R ( y , y ) .As p ( x , y ) , and y → ∗ y , then by bisimilar p (→) and Lemma 3, there exists x such that x → ∗ x ,and p ( x , y ) . By Transitivity , x → ∗ x . From before, y → y . Because p ( x , y ) and q R ( y , y ) ,and q R is a right propagator, p ( x , y ) . (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:35 Definition 11.
Let p be a binary relation. ≡ p is the binary relation defined via the inference rules Base p ( x , y )≡ p ( x , y ) Reflexivity ≡ p ( x , x ) Transitivity ≡ p ( x , y ) ≡ p ( y , z )≡ p ( x , z ) Symmetry p ( x , y )≡ p ( y , x ) B.2 Language Proofs
These proofs prove similar things to unambiguity, but on general languages.
Lemma 7.
Let L , . . . , L n , L ′ , . . . , L ′ m be nonempty languages. If · ! ( L ; . . . ; L n ) , · ! ( L ′ ; . . . ; L ′ m ) , and { s · . . . · s n | s i ∈ L i } · ! { s · . . . · s m | s i ∈ L ′ i } , then · ! ( L ; . . . ; L n ; L ′ ; . . . ; L ′ n ) Proof.
Let · ! ( L ; . . . ; L n ) , · ! ( L ′ ; . . . ; L ′ m ) , and { s · . . . ; s n | s i ∈ L i } · ! { s · . . . · s m | s i ∈ L ′ i } Let s i , t i ∈ L i , s ′ i , t ′ i ∈ L ′ i . Let s · . . . · s n · s ′ · . . . · s ′ m = t · . . . · t n · t ′ · . . . · t ′ m . Because { s · . . . ; s n | s i ∈ L i }· ! { s · . . . · s m | s i ∈ L ′ i } , we know s · . . . · s n = t · . . . · t n and s ′ · . . . · s ′ m = t ′ · . . . · t ′ m .Because · ! ( L ; . . . ; L n ) , s i = t i . Because · ! ( L ′ ; . . . ; L ′ n ) , s ′ i = t ′ i . So · ! ( L ; . . . ; L n ; L ′ ; . . . ; L ′ n ) (cid:3) Lemma 8.
Let L , . . . , L n , L ′ , . . . , L ′ m be nonempty languages. · ! ( L ; . . . ; L n ) , · ! ( L ′ ; . . . ; L ′ m ) , and { s · . . . · s n | s i ∈ L i } · ! { s · . . . · s m | s i ∈ L ′ i } if, and only if · ! ( L ; . . . ; L n ; L ′ ; . . . ; L ′ n ) Proof.
Case ⇒ ) . By Lemma 7.
Case ⇐ ) . Let s , t ∈ { s · . . . · s n | s i ∈ L i } . Let s ′ , t ′ ∈ { s · . . . · s m | s i ∈ L ′ i } . Let s · s ′ = t · t ′ . s = s · . . . · s n where s i ∈ L i , t = t · . . . · t n where t i ∈ L i , s ′ = s ′ · . . . · s ′ m where s ′ i ∈ L ′ i , and t ′ = t ′ · . . . · t ′ m where t ′ i ∈ L ′ i . s · s ′ = s · . . . · s n · s ′ · . . . · s ′ m and t · t ′ = s · . . . · s n · s ′ · . . . · s ′ m .By assumption s i = t i and s ′ i = t ′ i . This means s = t and s ′ = t ′ .Let s i , t i ∈ L i , and let s · . . . · s n = t · . . . · t n . Consider some strings s ′ i ∈ L ′ i . s · . . . · s n · s ′ · . . . · s ′ n = t · . . . · t n · s ′ · . . . · s ′ n .By assumption, s i = t i , as desired. (cid:3) Lemma 9.
Let L , . . . , L n , L ′ , . . . , L ′ m be languages. Let L i , j = { s · t | s ∈ L i ∧ t ∈ L ′ j } . Let A = Ð i ∈[ n ] L i , {} . Let B = Ð i ∈[ m ] L ′ i , {} . i , j ⇒ L i ∩ L j = {} i , j ⇒ L ′ i ∩ L ′ j = {} and A · ! B if, and only if ( i , j ) , ( i , j ) ⇒ L ′′ i , j ∩ L ′′ i , j = {} and for all i ∈ [ n ] , j ∈ [ m ] , we have L i · ! L ′ j . Proof.
Case ⇒ ) . Let i , j ⇒ L i , L j i , j ⇒ L ′ i , L ′ j and A · ! B We shall prove ( i , j ) , ( i , j ) ⇒ L ′′ i , j ∩ L ′′ i , j = {} by contrapositive. Let s ∈ L ′′ i , j ∩ L ′′ i , j . Thismeans that s = s i · s j for some s i ∈ L i and some s j ∈ L j , and that s = s i · s j for some s i ∈ L i and some s j ∈ L j .Because A · ! B s i = s i and s j = s j . Because each of A and B are pairwise disjoint, this means i = i and j = j .Let s i , t i ∈ L i . Let s j , t j ∈ L ′ j . Let s i · s j = t i · t j By definition, s i , t i ∈ A and s j , t j ∈ B . Byassumption, A · ! B , so s i = t i and s j = t j . Case ⇐ ) . Let ( i , j ) , ( i , j ) ⇒ L ′′ i , j ∩ L ′′ i , j = {} and for all i ∈ [ n ] , j ∈ [ m ] , we have L i · ! L ′ j .We prove i , j ⇒ L i ∩ L j = {} by contrapositive. Let L i ∩ L j , {} . Let s ∈ L i ∩ L j Let t ∈ B . t ∈ L ′ k for some k ∈ [ m ] . s · t ∈ L ′′ i , k and s · t ∈ L ′′ j , k . By assumption ( i , k ) = ( j , k ) , so i = j . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :36 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic We prove i , j ⇒ L ′ i ∩ L ′ j = {} in the same way.Let s , s ∈ A , t , t ∈ B , and s · t = s · t . s ∈ L i for some i , and s ∈ L j for some j , t ∈ L ′ k for some k , and t ∈ L ′ l for some l . This means s · t ∈ L ′′ i , k , s · t ∈ L ′′ j , l . Because s · t = s · t , ( i , k ) = ( j , l ) . So as s ∈ L i , s ∈ L i , t ∈ L k , t ∈ L ′ k , and L i · ! L ′ k , s = s and t = t . (cid:3) Lemma 10.
Let A = { L , . . . , L n } , B = { L ′ , . . . , L ′ m } , C = { L ′′ , . . . , L ′′ n + m } , be sets of languagesSuch that A ∪ B = C . ( Ð i ∈[ n ] L i ) ∩( Ð i ∈[ m ] L ′ i ) = ∅ , for all i , j ∈ [ n ] , i , j ⇒ Lanдuaдe i ∩ L j = ∅ ,and for all i , j ∈ [ m ] , i , j ⇒ L ′ i ∩ L ′ j = ∅ if, and only if for all i , j ∈ [ n + m ] , i , j ⇒ L ′′ i ∩ L ′′ j = ∅ . Proof.
Case ⇒ ) . Let L ′′ i , L ′′ j ∈ C , where i , j . If L ′′ i ∈ A and L ′′ j ∈ A , then, by pigeonhole principle,there exists an i ′ , j ′ where i ′ , j ′ such that L ′′ i = L i ′ and L ′′ j = L j ′ . By assumption, L i ′ ∩ L j ′ = {} ,so | Lanдuaдe ′′ i ∩ L ′′ j = {} .Similarly for if L ′′ i ∈ B and L ′′ j ∈ B .If L ′′ i ∈ A , and L ′′ j ∈ B . ( Ð i ∈[ n ] L i ) ∩ ( Ð i ∈[ m ] L ′ i ) = ∅ . By application of distributivity Ð ( k , l )∈[ n ]×[ m ] L ′′ k ∩ L ′′ l = {} . This means that for all ( k , l ) ∈ [ n ] × [ m ] , L k ∩ L ′ l = {} . Inparticular, L ′′ i ∩ L ′′ j = {} . Case ⇐ ) . Let i , j ∈ [ n ] and i , j . By pigeonhole principle, there exists some i ′ , j ′ where i ′ , j ′ such that L i = L ′′ i ′ and L j = L ′′ j ′ . By assumption, L ′′ i ′ ∩ L ′′ j ′ = {} , so L i ∩ L j = {} .Similarly for i , j ∈ [ m ] .Assume there exists some s ∈ ( Ð i ∈[ n ] L i ) ∩ ( Ð i ∈[ m ] L ′ i ) . Then s ∈ L i for some i ∈ [ n ] ,and s ∈ L ′ j for some j ∈ [ m ] . There exists some i ′ , j ′ where i ′ , j ′ in [ n + m ] such that L i = L ′′ i ′ and L j = L ′′ j ′ . But, by assumption, L ′′ i ′ ∩ L ′′ j ′ , so we have a contraction. So there is no s ∈ ( Ð i ∈[ n ] L i ) ∩ ( Ð i ∈[ m ] L ′ i ) , so ( Ð i ∈[ n ] L i ) ∩ ( Ð i ∈[ m ] L ′ i ) = {} . (cid:3) B.3 Lens and DNF Basic Property Proofs
There are many intuitive facts about DNF lenses. For example, without rewrites, they are closedunder composition. Furthermore, we can express the identity transformation on DNF lenses. Well-typed DNF lenses and normal lenses express bijections between their types. These properties areproven in this section, and used throughout the paper.
Lemma 11 (DNF Lens Inversion) . (1) If dl : DS ⇔ DT , then there exists some DS ′ , DT ′ such that dl ˜: DS ′ ⇔ DT ′ , DS → ∗ DS ′ ,and DT → ∗ DT ′ .(2) If dl ˜: DS ⇔ DT , then there exists some n ∈ N , SQ , . . . , SQ n , TQ , . . . TQ n , σ ∈ S n , and sql ; . . . ; sql n such that for all i ∈ [ n ] , sql i ˜: SQ i ⇔ TQ i , dl = (h sql | . . . | sql n i , σ ) , DS = h SQ | . . . | SQ n i , and DT = h TQ σ ( ) | . . . | TQ σ ( n ) i .(3) If sql ˜: SQ ⇔ TQ , there exists some n ∈ N , A , . . . , A n , B , . . . , B n , Strinд , . . . , s n , t , . . . , t n , σ ∈ S n , and al , . . . , al n such that for all i ∈ [ n ] , al i ˜: A i ⇔ B i , sql = ([( s , t ) · A · . . . · A n · ( s n , t n )] , σ ) , SQ = [ s · A · . . . · A n · s n ] , and TQ = [ t · A σ ( ) · . . . · A σ ( n ) · t n ] .(4) If al ˜: A ⇔ B , then there exists some dl , DS , DT , such that dl ˜: DS ⇔ DT , al = iterate ( dl ) , A = DS ∗ , and B = DT ∗ . Proof. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:37 (1) Let dl : DS ⇔ DT . The only rule that introduces a typing of this form is RewriteDNF Regex Lens . Because of this, there exists some DS ′ , DT ′ such that dl ˜: DS ′ ⇔ DT ′ , DS → ∗ DS ′ , and DT → ∗ DT ′ , to build up the typing dl ˜: DS ′ ⇔ DT ′ DS → ∗ DS ′ DT → ∗ DT ′ dl : DS ⇔ DT (2) Let dl ˜: DS ⇔ DT . The only rule that introduces a typing of this form is DNF Lens . Becauseof this there exists some n ∈ N , SQ , . . . , SQ n , TQ , . . . TQ n , σ ∈ S n , and sql | . . . | sql n such that for all i ∈ [ n ] , sql i ˜: SQ i ⇔ TQ i , dl = (h SQ | . . . | SQ n i , σ ) , DS = h SQ | . . . | SQ n i , DT = h TQ σ ( ) | . . . | TQ σ ( n ) i , i , j ⇒ SQ i ∩ SQ j = ∅ , and i , j ⇒ TQ i ∩ TQ j = ∅ , to buildup the typing sql i ˜: SQ i ⇔ TQ i i , j ⇒ SQ i ∩ SQ j = ∅ i , j ⇒ TQ i ∩ TQ j = ∅ dl ˜: DS ⇔ DT (3) Let sql ˜: SQ ⇔ TQ . The only rule that introduces a typing of this form is Seqence Lens .Because of this there exists some n ∈ N , A , . . . , A n , B , . . . , B n , Strinд , . . . , s n , t , . . . , t n , σ ∈ S n , and al , . . . , al n such that for all i ∈ [ n ] , al i ˜: A i ⇔ B i , sql = ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) , SQ = [ s · A · . . . · A n · s n ] , and TQ = [ t · A σ ( ) · . . . · A σ ( n ) · t n ] to build upthe typing al i ˜: A i ⇔ B i · ! ( s ; A ; . . . ; A n ; s n ) · ! ( t ; B σ ( ) ; . . . ; B σ ( n ) ; t n )([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · A σ ( ) · . . . · A σ ( n ) · t n ] (4) Let al ˜: A ⇔ B . The only rule that introduces a typing of this form is Atom Lens . Becauseof this, there exists some dl , DS , DT , such that dl ˜: DS ⇔ DT , al = iterate ( dl ) , A = DS ∗ ,and B = DT ∗ to build up the typing dl ˜: DS ⇔ DT DN FReдex ∗ ! DN FReдexAlt ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ (cid:3) Lemma 12. If l : S ⇔ T , then [[ l ]] is a bijection between L( S ) and L( T ) . Proof.
By induction on the typing derivation of the lens
Case
Const ) . s ∈ Σ ∗ s ∈ Σ ∗ const ( s , s ) : s ⇔ s L( s ) = { s } . L( s ) = { s } . SemanticsO f const ( s , s ) = {( s , s )} . Case
Identity ) . S is strongly unambiguous id S : S ⇔ S L( S ) = L( S ) The identity relation on L( S ) is a bijection. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :38 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case
Iterate ) . l : S ⇔ T S ∗ ! T ∗ ! iterate ( l ) : S ∗ ⇔ T ∗ Let s , s in L( S ∗ ) , and ( s , t ) ∈ [[ iterate ( l )]] , and ( s , t ) ∈ [[ iterate ( l )]] .So s = s · . . . · s n , t = t · . . . t n , and ( s i , t i ) ∈ [[ l ]] . So s = s · . . . · s m , t = t ′ · . . . t ′ m , and ( s i , t ′ i ) ∈ [[ l ]] . By T ∗ ! , this means that m = n , and t i = t ′ i . So ( s i , t i ) , and ( s i , t i ) are both in [[ l ]] .As l is a bijection, by IH, s i = s i , so s = s .Similarly for t , t in L( T ∗ ) .Let s ∈ L( S ∗ ) . s = s · . . . · s n , where s i ∈ L( S ) . By IH, as l is a bijection, there exists t i ∈ L( S ) such that ( s i , t i ) ∈ [[ l ]] . So ( s , t · . . . · t n ) ∈ [[ iterate ( l )]] , and t · . . . · t n ∈ L( T ∗ ) .Similarly for t ∈ L( T ∗ ) . Case . l : S ⇔ T l : S ⇔ T S · ! S T · ! T concat ( l , l ) : S S ⇔ T T Let s , s in L( S · S ) , and ( s , t ) ∈ [[ concat ( l , l )]] , and ( s , t ) ∈ [[ concat ( l , l )]] .So s = s · s , t = t t , and ( s i , t i ) ∈ [[ l i ]] . So s = s · s , t = t ′ · t ′ , and ( s i , t ′ i ) ∈ [[ l i ]] . By T · ! T , t i = t ′ i . So ( s i , t i ) , and ( s i , t i ) are both in [[ l i ]] . As l i is a bijection, by IH, s i = s i , so s = s .Similarly for t , t in L( T · T ) .Let s ∈ L( S · S ) . s = s · s , where s i ∈ L( S i ) . By IH, as l i is a bijection, there exists t i ∈ L( DT ) such that ( s i , t i ) ∈ [[ l i ]] . So ( s , t · t ) ∈ [[ concat ( l , l )]] .Similarly for t ∈ L( T · T ) . Case
Swap ) . l : S ⇔ T l : S ⇔ T S · ! S T · ! T swap ( l , l ) : S S ⇔ T T Let s , s in L( S · S ) , and ( s , t ) ∈ [[ swap ( l , l )]] , and ( s , t ) ∈ [[ swap ( l , l )]] .So s = s · s , t = t t , and ( s i , t i ) ∈ [[ l i ]] . So s = s · s , t = t ′ · t ′ , and ( s i , t ′ i ) ∈ [[ l i ]] . By T · ! T , t i = t ′ i . So ( s i , t i ) , and ( s i , t i ) are both in [[ l i ]] . As l i is a bijection, by IH, s i = s i , so s = s .Similarly for t , t in L( T · T ) .Let s ∈ L( S · S ) . s = s · s , where s i ∈ L( S i ) . By IH, as l i is a bijection, there exists t i ∈ L( T i ) such that ( s i , t i ) ∈ [[ l i ]] . So ( s , t · t ) ∈ [[ swap ( l , l )]] , and t · t ∈ L( S · S ) .Similarly for t ∈ L( T · T ) . Case Or ) . l : S ⇔ T l : S ⇔ T L( S ) ∩ L( S ) = ∅ L( T ) ∩ L( T ) = ∅ or ( l , l ) : S | S ⇔ T | T Let s , s in L( S | S ) , and ( s , t ) ∈ [[ or ( l , l )]] , and ( s , t ) ∈ [[ or ( l , l )]] .So ( s , t ) ∈ [[ l ]] or ( s , t ) ∈ [[ l ]] . So ( s , t ) ∈ [[ l ]] or ( s , t ) ∈ [[ l ]] .As L( T ) ∩ L( T ) = ∅ , t i is in only one of L( T ) or L( T ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:39 Let t i ∈ L( T ) . This means that ( s , t ) ∈ [[ l ]] and ( s , t ) ∈ [[ l ]] . As l is a bijection, by IH, s = s .Similarly if t ∈ L( T ) .Similarly for t , t in L( T · T ) .Let s ∈ L( S | S ) . So s is either in L( S ) or L( S ) . If s ∈ L( S ) , then as l is a bijection between L( S ) and L( S ) , there exists t ∈ L( ReдexAlt ) such that ( s , t ) ∈ [[ l ]] , so ( s , t ) ∈ [[ or ( l , l )]] , and t ∈ L( T | T ) . Similarly if s ∈ L( S ) .Similarly for t ∈ L( T · T ) . Case
Compose ) . l : S ⇔ S l : S ⇔ S l ; l : S ⇔ S By IH, [[ l ]] is a bijection between L( S ) and L( S ) . By IH, [[ l ]] is a bijection between L( S ) and L( S ) . From math, this means that their composition is also a bijection. (cid:3) Lemma 13. • If dl ˜: DS ⇔ DT , then [[ dl ]] is a bijection between L( DS ) and L( DT ) . • If sql ˜: SQ ⇔ TQ , then [[ sql ]] is a bijection between L( SQ ) and L( TQ ) . • If al ˜: A ⇔ B , then [[ al ]] is a bijection between L( A ) and L( B ) . Proof.
By mutual induction on the typing derivations of DNF lenses, sequence lenses, and atomlenses.
Case
Iterate ) . dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ Let s , s in L( DS ∗ ) , and ( s , t ) ∈ [[ iterate ( dl )]] , and ( s , t ) ∈ [[ iterate ( dl )]] .So s = s · . . . · s n , t = t · . . . t n , and ( s i , t i ) ∈ [[ dl ]] . So s = s · . . . · s m , t = t ′ · . . . t ′ m ,and ( s i , t ′ i ) ∈ [[ dl ]] . By DT ∗ ! , this means that m = n , and t i = t ′ i . So ( s i , t i ) , and ( s i , t i ) are bothin [[ dl ]] . As dl is a bijection, by IH, s i = s i , so s = s .Similarly for t , t in L( DT ∗ ) .Let s ∈ L( DS ∗ ) . s = s · . . . · s n , where s i ∈ L( DS ) . By IH, as dl is a bijection, there exists t i ∈ L( DT ) such that ( s i , t i ) ∈ [[ dl ]] . So ( s , t · . . . · t n ) ∈ [[ iterate ( dl )]] , and t · . . . · t n ∈ L( DT ) .Similarly for t ∈ L( DT ∗ ) . Case
SequenceLens ) . al ˜: A ⇔ B . . . al n ˜: A n ⇔ B n σ ∈ S n · ! [ s · A · . . . · A n · s n ] · ! [ t · B σ ( ) · . . . · B σ ( n ) · t n ]([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] Let s , s in L([ s · A · . . . · A n · s n ]) , and ( s , t ) ∈ [[([( s , t ) · al · . . . · al n · ( s n , t n )] , σ )]] , and ( s , t ) ∈ [[([( s , t ) · al · . . . · al n · ( s n , t n )] , σ )]] .So s = s · s · . . . · s n · s n , t = t · t σ ( i ) · . . . t σ ( n ) · t n , and ( s i , t i ) ∈ [[ al i ]] . So s = s · s · . . . · s n · s n , t = t · t σ ( ) · . . . · t n · t σ ( n ) , and ( s i , t i ) ∈ [[ dl ]] . By · ! [ t · B σ ( ) · . . . · B σ ( n ) · t n ] , this means that t i = t i . So ( s i , t i ) , and ( s i , t i ) are both in [[ al i ]] . As al is a bijection, by IH, s i = s i , so s = s .Similarly for t , t in L( DT ∗ ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :40 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Let s ∈ L([ s · A · . . . · A n · s n ]) . s = s · s ′ . . . · s ′ n · s n , where s ′ i ∈ L( A i ) . By IH, as SQ i is abijection, there exists t ′ i ∈ L( B i ) such that ( s ′ i , t ′ i ) ∈ [[ al ]] . So ( s , t · t ′ σ ( ) · . . . · t ′ σ ( n ) · t n ) ∈ [[ sql ]] , and t · t ′ σ ( ) · . . . · t ′ σ ( n ) · t n ∈ L([ t · B σ ( ) · . . . · B σ ( n ) · t n ]) Similarly for t ∈ L( DT ∗ ) . Case
DNFLens ) . sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i Let s , s in L(h SQ | . . . | SQ n i) , and ( s , t ) ∈ [[(h sql | . . . | sql n i , σ )]] ,and ( s , t ) ∈ [[(h sql | . . . | sql n i , σ )]] .So ∃ i . s ∈ L( SQ i ) , t ∈ L( TQ σ ( i ) ) , and ( s , t ) ∈ [[ sql i ]] . So ∃ j . s ∈ L( SQ j ) , t ∈ L( TQ σ ( j ) ) , and ( s , t ) ∈ [[ sql j ]] . As i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅ , i = j . So s ∈ L( SQ i ) , s ∈ L( SQ i ) . As, by IH, sql i is a bijection, s = s .Similarly for t , t in L( DT ∗ ) .Let s ∈ L(h SQ | . . . | SQ n i) . So there exists an i such that s ∈ L( SQ i ) . By IH, as SQ i is abijection, there exists t ∈ L( TQ i ) such that ( s , t ) ∈ [[ SQ i ]] . So ( s , t ) ∈ [[(h sql | . . . | sql n i , σ )]] , and t ∈ L(h TQ σ ( ) | . . . | TQ σ ( n ) i) .Similarly for t ∈ L( DT ∗ ) . (cid:3) Lemma 14 (Closure of Rewriteless Regular Expressions under Composition) . (1) If there are two atom lenses al ˜: A ⇔ A and al ˜: A ⇔ A , then there exists an atomlens al ˜: A ⇔ A , such that [[ al ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ al ]] ∧ ( s , s ) ∈ [[ al ]]} (2) If there are two sequence lenses sql ˜: SQ ⇔ SQ and sql ˜: SQ ⇔ SQ , then there existsan sequence lens sql ˜: SQ ⇔ SQ , such that [[ sql ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ sql ]] ∧ ( s , s ) ∈[[ sql ]]} (3) If there are two DNF lenses dl ˜: DS ⇔ DS and dl ˜: DS ⇔ DS , then there exists aDNF lens dl ˜: DS ⇔ DS , such that [[ dl ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ dl ]] ∧ ( s , s ) ∈ [[ dl ]]} Proof.
By mutual induction
Case . Let DS ∗ , DS ∗ , DS ∗ be three atoms, and iterate ( dl ) ˜: DS ∗ ⇔ DS ∗ with iterate ( dl ) ˜: DS ∗ ⇔ DS ∗ lenses between them. By induction assumption, there exists the typingof a lens dl ˜: DS ⇔ DS such that [[ dl ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ dl ]] ∧ ( s , s ) ∈ [[ dl ]]} iterate ( dl ) and iterate ( dl ) came from Atom Lens , so DS ∗ !1 , DS ∗ !2 , and DS ∗ !3 .Consider the lens dl ˜: DS ⇔ DS DS ∗ !1 DS ∗ !2 iterate ( dl ) ˜: DS ∗ ⇔ DS ∗ This lens has the semantics , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:41 [[ iterate ( dl )]] = {( s · . . . · s n , s · . . . · s n ) | ( s i , s i ) ∈ [[ dl ]]} = {( s · . . . · s n , s · . . . · s n ) | ∃ s i ( s i , s i ) ∈ [[ dl ]] ∧ ( s i , s i ) ∈ [[ dl ]]} = {( s · . . . · s n , s · . . . · s n )| ∃ s · . . . · s n ( s · . . . · s n , s · . . . · s n ) ∈ [[ iterate ( dl )]]∧ ( s · . . . · s n , s · . . . · s n ) ∈ [[ iterate ( dl )]]} = {( s , s ) | ∃ s ( s , s ) ∈ [[ iterate ( dl )]] ∧ ( s , s ) ∈ [[ iterate ( dl )]]} Case . Let [ s · A · . . . · A n · s n ] and [ s · A σ ( ) · . . . · A σ ( n ) · s n ] and [ s · A σ ◦ σ ( ) · . . . · A σ ◦ σ ( n ) · s n ] be sequences, with ([( s , s ) · al · . . . · al n · ( s n , s n )] , σ ) and ([( s , s ) · al · . . . · al n · ( s n , s n )] , σ ) be lenses between them. By induction assumption,there is a typing of lenses al i ˜: A i ⇔ A i such that [[ al i ]] = {( s , s ) | ∃ s ( s , s ) ∈ [[ al i ]] ∧ ( s , s ) ∈ [[ A i ]]} Define σ = σ ◦ σ . ([( s , s ) · al · . . . · al n · ( s n , s n )] , σ ) and ([( s , s ) · al · . . . · al n · ( s n , s n )] , σ ) camefrom Seqence Lens , so · ! ([ s · A · . . . · A n · s n ]) and · ! ([ s · A σ ( ) ,1 · . . . · A σ ( ) , n · s n ]) .Consider the typing of the lens al ˜: A ⇔ A . . . al n ˜: A n ⇔ A n σ ∈ S n · ! ([ s · A · . . . · A n · s n ]) · ! ([ s · A σ ( ) ,1 · . . . · A σ ( ) , n · s n ])([( s , s ) · al · . . . · al n · ( s n , s n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ s · A σ ( ) · . . . · A σ ( n ) · s n ] Furthermore, we can prove the desired property of the semantics. [[([( s , s ) · al · . . . · al n · ( s n , s n )] , σ )]] = {( s · s · . . . · s n · s n , s · t σ ( ) · . . . · t σ ( n ) · s n ) | ( s i , t i ) ∈ [[ al i ]]} = {( s · s · . . . · s n · s n , s · t σ ( ) · . . . · t σ ( n ) · s n ) | ∃ s ′ i ∈ L( A i ) . ( s i , s ′ i ) ∈ [[ al i ]] ∧ ( s ′ i , t i ) ∈ [[ al i ]]} = {( s · s · . . . · s n · s n , s · t σ ( ) · . . . · t σ ( n ) · s n ) | ∃ s ′ i ∈ L( A i )( s · s · . . . · s n · s n , s · s ′ σ ( ) · . . . · s ′ σ ( n ) · s n ) ∈ [[([( s , s )· al · . . . · al n ·( s n , s n )] , σ )]] ∧( s · s ′ σ ( ) · . . . · s ′ σ ( n ) · s n , s · t σ ( ) · . . . · t σ ( n ) · s n ) ∈ [[([( s , s )· al · . . . · al n ·( s n , s n )] , σ )]]} = {( s , s ) | ∃ s ∈ L([ s · A σ ( ) · . . . · A σ ( n ) · s n ])( s , s ) ∈ [[([( s , s ) · al · . . . · al n · ( s n , s n )] , σ )]] ∧( s , s ) ∈ [[([( s , s ) · al · . . . · al n · ( s n , s n )] , σ )]]} Case . Let DS = h SQ | . . . | SQ n i and DS = h SQ σ ( ) | . . . | SQ σ ( n ) i and DS = h SQ σ ◦ σ ( ) | . . . | SQ σ ◦ σ ( n ) i be three DNF regular expressions.Let dl = (h sql | . . . | sql n i , σ ) ˜: DS ⇔ DS and dl = (h sql | . . . | sql n i , σ ) ˜: DS ⇔ DS be lenses between them. By induction assumption, there exists a typing of lenses sql i ˜: SQ i ⇔ SQ i Define σ = σ ◦ σ Consider the lens sql i ˜: SQ i ⇔ SQ i i , j ⇒ SQ i ∩ SQ j = ∅ i , j ⇒ TQ i ∩ TQ j = ∅(h sql | . . . | sql n i , σ ◦ σ ) ˜: h SQ | . . . | SQ n i ⇔ h SQ σ ◦ σ ( ) | . . . | SQ σ ◦ σ ( n ) i , Vol. 1, No. 1, Article 1. Publication date: October 2017. :42 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Furthermore, we can prove the desired property of the semantics. [[(h sql | . . . | sql n i , σ )]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ sql i ]]} = {( s , t ) | ∃ i . ∃ s ′ ∈ L( SQ i ) . ( s , s ′ ) ∈ [[ sql i ]] ∧ ( s ′ , t ) ∈ [[ sql i ]]} = {( s , t ) | ∃ s ′ ∈ L(h SQ σ ( ) | . . . | SQ σ ( n ) i) . ( s , s ′ ) ∈ [[ sql i ]] ∧ ( s ′ , t ) ∈ [[ sql i ]]} (cid:3) Lemma 15 (Expressibility of Identity on Strongly Unambiguous DNF Regex, Clauses, and Atoms) . (1) If DS is a strongly unambiguous DNF Regular expression, then there exists a DNF lens dl ˜: DS ⇔ DS , such that [[ dl ]] = {( s , s ) | s ∈ L( DS )} , where dl typing includes no rewriterules.(2) If SQ is a strongly unambiguous sequence, then there exists a sequence lens sql ˜: SQ ⇔ SQ ,such that [[ sql ]] = {( s , s ) | s ∈ L( DS )} , where sql typing includes no rewrite rules.(3) If A is a strongly unambiguous atom, then there exists an atom lens al ˜: A ⇔ A , such that [[ al ]] = {( s , s ) | s ∈ L( DS )} , where al typing includes no rewrite rules. Proof.
By mutual induction on the structure of the DNF regular expression, atom, and clause.
Case
Star ) . Let A = DS ∗ . As A is strongly unambiguous, DS is strongly unambiguous, and DS ∗ ! .By IH, there exists dl ˜: DS ⇔ DS such that [[ dl ]] = {( s , s ) | s ∈ L( DS )} . Consider the atom lens dl ˜: DS ⇔ DS DS ∗ ! DS ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DS ∗ with typing as desired. [[ iterate ( dl )]] = {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ dl ]]} . So through semantics of dl , [[ iterate ( dl )]] = {( s · . . . · s n , s · . . . · s n ) | s ∈ L( DS )} , so through the definition of DS ∗ , [[ iterate ( dl )]] = {( s , s ) | s ∈L( DS ∗ )} Case
MultiConcat ) . Let SQ = [ s · A · . . . · A n · s n ] . As SQ is strongly unambiguous, for all i , A i is strongly unambiguous, and · ! ( s ; A ; . . . ; A n ; s n ) .By IH, for all i , there exists al i ˜: A i ⇔ A i such that [[ al i ]] = {( s , s ) | s ∈ L( A i )} .Consider the typing al ˜: A ⇔ A . . . al n ˜: A n ⇔ A n id ∈ S n · ! ( s ; A ; . . . ; A n ; s n ) · ! ( s ; A ; . . . ; A n ; s n )([( s , s ) · al · . . . · al n · ( s n , s n )] , id ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ s · A · . . . · A n · s n ] , as desired. [[([( s , s )· al · . . . · al n ·( s n , s n )] , id )]] = {( s · t · . . . · t n · s n , s · t ′ · . . . · t ′ n · s n ) | ( t i , t ′ i ) ∈ [[ al i ]]} . So, throughthe definition of al i , [[([( s , s )· al · . . . · al n ·( s n , s n )] , id )]] = {( s · t · . . . · t n · s n , s · t · . . . · t n · s n ) | t i ∈L( A i )} . So, through the definition of [ s · A · . . . · A n · s n ] , [[([( s , s ) · al · . . . · al n · ( s n , s n )] , id )]] = {( s , s ) | s ∈ L([ s · A · . . . · A n · s n ])} , as desired. Case
MultiOr ) . Let DS = h SQ | . . . | SQ n i . As DS is strongly unambiguous, for all i , SQ i isstrongly unambiguous, and i , j ⇒ L( SQ i ) ∩ L( SQ j ) = {} .By IH, for all i , there exists al i ˜: A i ⇔ A i such that [[ al i ]] = {( s , s ) | s ∈ L( A i )} . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:43 Consider the typing sql ˜: SQ ⇔ SQ . . . sql ˜: SQ ⇔ SQ id ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅(h sql | . . . | sql n i , id ) ˜: h SQ | . . . | SQ n i ⇔ h SQ | . . . | SQ n i as desired. [[(h sql | . . . | sql n i , id )]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ sql i ]]} . So, through the definition of sql i , [[(h sql | . . . | . . . sql n i , id )]] = {( s , s ) | ∃ i . s ∈ L( SQ i )} . So, through the definition of h SQ | . . . | SQ n i , [[(h sql | . . . | sql n i , id )]] = {( s , s ) | s ∈ L(h SQ | . . . | SQ n i)} , as desired (cid:3) Definition 12 (Strong Unambiguity on DNF Regular Expressions) . (1) h SQ | . . . | SQ n i is strongly umambiguous if SQ i is strongly unambiguous for all i , and i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ .(2) [ s · A · . . . · A n · SQ n ] is strongly unambiguous if A i is strongly unambiguous, and · ! ( s ; A ; . . . ; A n ; s n ) .(3) DS ∗ is strongly unambiguous if DS is strongly unambiguous, and DS ∗ ! . Lemma 16 (Strong Unambiguity in Lens Types) . If l : S ⇔ T , then S is strongly unambiguous,and T is strongly unambiguous. Proof.
By induction on the typing derivation of lCase
Const ) . s ∈ Σ ∗ s ∈ Σ ∗ const ( s , s ) : s ⇔ s Base strings are strongly unambiguous.
Case
Concat ) . l : S ⇔ T l : S ⇔ T S · ! S T · ! T concat ( l , l ) : S S ⇔ T T So by IH, S , S , T , and T are all strongly unambiguous.As S · ! S , S · S is strongly unambiguous.As T · ! T , T · T is strongly unambiguous. Case
Iterate ) . l : S ⇔ T S ∗ ! T ∗ ! iterate ( l ) : S ∗ ⇔ T ∗ So, by IH, S and T are both strongly unambiguous.As S ∗ ! , S ∗ is strongly unambiguous.As T ∗ ! , T ∗ is strongly unambiguous. Case
Swap ) . l : S ⇔ T l : S ⇔ T S · ! S T · ! T swap ( l , l ) : S S ⇔ T T , Vol. 1, No. 1, Article 1. Publication date: October 2017. :44 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic So by IH, S , S , T , and T are all strongly unambiguous.As S · ! S , S · S is strongly unambiguous.As T · ! T , T · T is strongly unambiguous. Case Or ) . l : S ⇔ T l : S ⇔ T L( S ) ∩ L( S ) = ∅ L( T ) ∩ L( T ) = ∅ or ( l , l ) : S | S ⇔ T | T So by IH, S , S , T , and T are all strongly unambiguous.As L( S ) ∩ L( S ) = ∅ , S | S is strongly unambiguous.As L( T ) ∩ L( T ) = ∅ , T | T is strongly unambiguous. Case
Compose ) . l : S ⇔ S l : S ⇔ S l ; l : S ⇔ S By IH, S is strongly unambiguous, and S is strongly unambiguous. Case
Identity ) . S is strongly unambiguous id S : S ⇔ S By assumption, S is strongly unambiguous. (cid:3) Lemma 17 (Strong Unambiguity in Rewriteless DNF Lens Types) . • If dl ˜: DS ⇔ DT , then DS is strongly unambiguous, and DT is strongly unambiguous. • If sql ˜: SQ ⇔ TQ , then SQ is strongly unambiguous, and TQ is strongly unambiguous. • If al ˜: A ⇔ B , then A is strongly unambiguous, and B is strongly unambiguous. Proof.
By mutual induction on the typing derivation of dl , sql , and al . Case
AtomLens ) . dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ By IH, DS and DT are strongly unambiguous.As DS ∗ ! , DS ∗ is strongly unambiguous.As DT ∗ ! , DT ∗ is strongly unambiguous. Case
SequenceLens ) . al ˜: A ⇔ B . . . al n ˜: A n ⇔ B n σ ∈ S n · ! [ s · A · . . . · A n · s n ] · ! [ t · B σ ( ) · . . . · B σ ( n ) · t n ]([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] By IH, A i and B i are strongly unambiguous for all i .As · ! [ s · A · . . . · A n · s n ] , we have [ s · A · . . . · A n · s n ] is strongly unambiguous.As · ! [ t · B σ ( ) · . . . · B σ ( n ) · t n ] , we have [ t · B σ ( ) · . . . · B σ ( n ) · t n ] is strongly unambiguous. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:45 Case
DNFLens ) . sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i By IH, SQ i and TQ i are strongly unambiguous for all i .As i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ , we have h SQ | . . . | SQ n i is strongly unambiguous.As i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅ , we have h TQ σ ( ) | . . . | TQ σ ( n ) i is strongly unambiguous. (cid:3) Lemma 18 (Closure of Rewriteless DNF Lenses Under Inversion) . (1) If dl ˜: DS ⇔ DT , then there exists a dnf lens dl − ˜: DT ⇔ DS such that [[ DS − ]] = {( t , s ) | ( s , t ) ∈ [[ dl ]]} (2) If sql ˜: SQ ⇔ TQ , then there exists a sequence lens sql − ˜: TQ ⇔ SQ such that [[ sql − ]] = {( t , s ) | ( s , t ) ∈ [[ sql ]]} (3) If al ˜: A ⇔ B , then there exists an atom lens al − ˜: B ⇔ A such that [[ al − ]] = {( t , s ) | ( s , t ) ∈[[ al ]]} Proof.
By mutual induction on the typing derivation of dl , sql , and al . Case
DNF Lens ) . sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i By IH, there exists sql − i ˜: TQ i ⇔ SQ i where [[ sql − i ]] = {( t , s ) | ( s , t ) ∈ [[ sql i ]]} .Consider the typing sql − σ ( ) ˜: TQ σ ( ) ⇔ SQ σ ( ) . . . sql − σ ( n ) − ˜: TQ σ ( n ) ⇔ SQ σ ( n ) σ − ∈ S n i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅ i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅(h sql − σ ( ) | . . . | sql − σ ( n ) i , σ − ) ˜: h TQ σ ( ) | . . . | TQ σ ( n ) i ⇔ h SQ σ − ( σ ( )) | . . . | SQ σ − ( σ ( n ) )i So (h sql − σ ( ) | . . . | sql − σ ( n ) i , σ − ) ˜: h TQ σ ( ) | . . . | TQ σ ( n ) i ⇔ h SQ | . . . | SQ n )i , or in otherwords (h sql σ ( ) | . . . | sql σ ( n ) i , σ − ) ˜: DT ⇔ DS , as desired. [[(h sql − σ ( ) | . . . | sql − σ ( n ) i , σ − )]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ sql − σ ( i ) ]]} = {( t , s ) | ∃ i . ( s , t ) ∈ [[ sql i ]]} = {( t , s ) | ( s , t ) ∈ [[ dl ]]} , as desired. Case
Seqence Lens ) . al ˜: A ⇔ B . . . al n ˜: A n ⇔ B n σ ∈ S n · ! [ s · A · . . . · A n · s n ] · ! [ t · B · . . . · B n · t n ]([( s , t ) · A · . . . · A n · ( s n , t n )] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] By IH, there exists al − i ˜: B i ⇔ A i where [[ al − i ]] = {( t , s ) | ( s , t ) ∈ [[ al i ]]} .Consider the typing al − σ ( ) ˜: B σ ( ) ⇔ A σ ( n ) . . . al − σ ( n ) ˜: B σ ( n ) ⇔ A σ ( n ) σ − ∈ S n · ! [ t · B · . . . · B n · t n ] · ! [ s · A · . . . · A n · s n ]([( t , s ) · A · . . . · A n · ( t n , s n )] , σ ) ˜: [ t · B σ ( ) · . . . · B σ ( n ) · t n ] ⇔ [ s · A σ − ( σ ( )) · . . . · A σ − ( σ ( n )) · s n ] , Vol. 1, No. 1, Article 1. Publication date: October 2017. :46 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic So ([( t , s ) · al − σ ( ) · . . . · al − σ ( n ) ·( t n , s n )] , σ − ) ˜: [ t · TQ σ ( ) · . . . · TQ σ ( n ) · t n ] ⇔ [ s · SQ | . . . | SQ n )] ,or in other words ([( t , s ) · al − σ ( ) · . . . · al − σ ( n ) · ( t n , s n )] , σ − ) ˜: TQ ⇔ SQ , as desired. [[([( t , s ) · al − σ ( ) · . . . · al − σ ( n ) · ( t n , s n )] , σ − )]] = {( t s ′ . . . s ′ n t n , s t ′ σ − ( ) . . . t ′ σ ( n ) − s n ) | ∀ i . ( s ′ i , t ′ i ) ∈[[ al − σ ( i ) ]]} = {( t t ′ σ ( ) . . . t ′ σ ( n ) t n , s s ′ . . . s ′ n s n ) | ∀ i . ( s ′ , t ′ ) ∈ [[ al i ]]} = {( t , s ) | ( s , t ) ∈ [[ sql ]]} , as desired. Case
Atom Lens ) . dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ By IH, there exists dl − ˜: DT ⇔ DS where [[ dl − ]] = {( t , s ) | ( s , t ) ∈ [[ dl ]]} .Consider the typing dl − ˜: DT ⇔ DSDT ∗ ! DS ∗ ! iterate ( dl − ) ˜: DT ∗ ⇔ DS ∗ So iterate ( dl − ) ˜: DT ∗ ⇔ DS ∗ , or in other words ( iterate ( dl − )) ˜: AtomAlt ⇔ Atom as desired. [[ iterate ( dl − )]] = {( s . . . s n , t . . . t n ) | ∀ i . ( s i , t i ) ∈ [[ dl − ]]} = {( t . . . t n , s . . . s n ) | ∀ i . ( s i , t i ) ∈[[ dl ]]} = {( t , s ) | ( s , t ) ∈ [[ sql ]]} , as desired. (cid:3) B.4 DNF Regular Expression and Regular Expression Proofs
This subsection is in the aims of proving that ⇓ preserves language, and ⇑ is its left inverse. We usethis throughout. These functions are built on the DNF regular expression operators of ⊙ , ⊕ , and ⇓ . In this section, we prove that these operators do as we expect them to, and use these lemmasthroughout the paper. Lemma 19 (Equivalence of ⊙ SQ and · ) . If L( S ) = L( SQ ) , and L( T ) = L( TQ ) , then L( S · T ) = L( SQ ⊙ SQ TQ ) . Proof.
Let SQ = [ s · A · . . . · A n · s n ] , and let TQ = [ t · B · . . . · B m · t m ]L( SQ ⊙ SQ TQ ) = L([ s · A · . . . · A n · s n · t · B · . . . · B m · t m ]) = { s · s ′ · . . . · s ′ n · s n · t · t ′ · . . . · t ′ m · t m | s ′ i ∈ L( A i ) ∧ t ′ i ∈ L( B i )} = { s · t | s ∈ L( SQ ) ∧ t ∈ L( TQ )} = { s · t | s ∈ L( S ) ∧ t ∈ L( T )} = L( S · T ) (cid:3) Lemma 20 (Equivalence of ⊙ and · ) . If L( S ) = L( DS ) , and L( T ) = L( DT ) , then L( S · T ) = L( DS ⊙ DT ) . Proof.
Let DS = h SQ | . . . | SQ n i , and let DT = h TQ | . . . | TQ m i L( DS ⊙ DT ) = L(h SQ i ⊙ SQ TQ j for i ∈ [ n ] , j ∈ [ m ]i) = { s | s ∈ SQ i ⊙ SQ TQ j where i ∈ [ n ] , j ∈ [ m ]} = { s · t | s ∈ L( SQ i ) ∧ t ∈ L( TQ j )} where i ∈ [ n ] , j ∈ [ m ]} = { s · t | s ∈ L( DS ) ∧ t ∈ L( DT )} = { s · t | s ∈ L( S ) ∧ t ∈ L( T )} = L( S · T ) (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:47 Lemma 21 (Equivalence of A and D( A ) ) . L( A ) = L(D( A )) Proof.
L(D( A )) = L(h[ ϵ · A · ϵ ]i)L(h[ ϵ · A · ϵ ]i) = { s | s ∈ L([ ϵ · A · ϵ ])} . L([ ϵ · A · ϵ ]) = { ϵ · s · ϵ | s ∈ L( A )} = { s | s ∈ L( A )} = L( A ) .This means L(h[ ϵ · A · ϵ ]i) = { s | s ∈ L( A )} = L( A ) . (cid:3) Lemma 22 (Equivalence of ⊕ and | ) . If L( S ) = L( DS ) , and L( T ) = L( DT ) , then L( S | T ) = L( DS ⊕ DT ) . Proof.
Let DS = h SQ | . . . | SQ n i , and let DT = h TQ | . . . | TQ m iL( DS ⊕ DT ) = L(h SQ | . . . | SQ n | TQ | . . . | TQ m i) = { s | s ∈ SQ i ∨ s ∈ TQ j where i ∈ [ n ] , j ∈ [ m ]} = { s | s ∈ L( DS ) ∨ s ∈ L( DT )} = { s | s ∈ L( S ) ∨ s ∈ L( T )} = L( S | T ) (cid:3) Theorem 7.
For all regular expressions S , L(⇓ S ) = L( S ) . Proof.
By structural induction.Let S = s . L(⇓ ( s )) = L(h[ s ]i) = { s } = L( s ) Let S = ∅ . L(⇓ (∅)) = L(hi) = {} = L(∅) .Let S = S ′∗ . By induction assumption, L(⇓ ( S ′ )) = L( S ′ ) . L(⇓ ( DS ′∗ )) = L(h[⇓ ( S ′ ) ∗ ]i) = { s | s ∈ L([⇓ ( S ′ ) ∗ ])} = { s | s ∈ L(⇓ ( S ′ ) ∗ )} = { s · . . . · s n | n ∈ N ∧ s i ∈ L(⇓ ( S ′ ))} = { s · . . . · s n | n ∈ N ∧ s i ∈ L( S ′ )} = L( S ′∗ ) Let S = S · S . By induction assumption, L(⇓ ( S )) = L( S ) , and L(⇓ ( S )) = L( S ) . ⇓ ( S · S ) = ⇓( S )⊙ ⇓ ( S ) . By Lemma 20, S · S = ⇓ ( S )⊙ ⇓ ( S ) .Let S = S | S . By induction assumption, L(⇓ ( S )) = L( S ) , and L(⇓ ( S )) = L( S ) . ⇓( S | S ) = ⇓ ( S )⊕ ⇓ ( S ) . By Lemma 22, S | S = ⇓ ( S )⊕ ⇓ ( S ) . (cid:3) Lemma 23.
Let [ s · A · . . . A n · s n ] be a sequence, and ⇓ (⇑ ( A i )) = h[ A i ]i . Then, ⇓ (⇑ ([ s · A · . . . A n · s n ])) = h[ s · A · . . . A n · s n ]i . Proof.
By induction on n .Let n = SQ = [ s ] . ⇓ (⇑ ([ s ])) = ⇓ ( s ) = h[ s ]i Let n > SQ = [ s · A · . . . A n · s n ] . ⇓ (⇑ ([ s · A · . . . A n · s n ]))⇓ (⇑ ([ s · A · . . . A n − · s n − ])· ⇑ ( A n ) · s n ) = ⇓ (⇑ ([ s · A · . . . A n − · s n − ]))⊙ ⇓ (⇑ ( A n )) ⊙⇓ ( s n − ) = h[ s · A · . . . A n − · s n − ]i ⊙h[ A n ]i ⊙ h[ s n ]i = h[ s · A · . . . A n · s n ]i . (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :48 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Lemma 24.
Let h SQ | . . . | SQ n i be a sequence, and ⇓ (⇑ ( SQ i )) = h SQ i i . Then, ⇓ (⇑ (h SQ | . . . | SQ n i)) = h SQ | . . . | SQ n i . Proof.
By induction on n .Let n = ⇓ (⇑ (hi)) = ⇓ (∅) = hi .Let n > ⇓ (⇑ (h SQ · . . . · SQ n i)) = ⇓ (⇑ (h SQ · . . . · SQ n − i)· ⇑ ( SQ n )) = ⇓ (⇑ (h SQ · . . . · SQ n − i)) ⊙⇓ (⇑ ( SQ n )) = h SQ · . . . · SQ n i (cid:3) Lemma 25 (Elimination of ⇓ ◦ ⇑ ) . (1) ⇓ (⇑ ( A )) = h[ A ]i (2) ⇓ (⇑ ( SQ )) = h SQ i (3) ⇓ (⇑ ( DS )) = DS Proof.
By mutual inductionLet DS ∗ be an atom. ⇓ (⇑ ( DS ∗ )) = ⇓ (⇑ ( DS ) ∗ ) = h[⇓ (⇑ ( DS )) ∗ ]i = h[ DS ∗ ]i Let [ s · A · . . . · A n · s n ] be a sequence. ⇓ (⇑ ([ s · A · . . . · A n · s n ])) . By induction assumption, foreach A i , ⇓ (⇑ ( A i )) = h[ A i ]i . By Lemma 23, ⇓ (⇑ ([ s · A · . . . · A n · s n ])) = h[ s · A · . . . · A n · s n ]i .Let h SQ · . . . · SQ n i be a DNF regular expression. By induction assumption, for each SQ i , ⇓ (⇑( SQ i )) = h SQ i i . By Lemma 24, ⇓ (⇑ (h SQ · . . . · SQ n i)) = h SQ · . . . · SQ n i . (cid:3) Lemma 26. ( DS ⊕ DS ) ⊕ DS = DS ⊕ ( DS ⊕ DS ) Proof.
Let DS = h SQ | . . . | SQ n i and DS = h SQ | . . . | SQ n i and DS = h SQ | . . . | SQ n i . ( DS ⊕ DS ) ⊕ DS = h SQ | . . . | SQ n | SQ | . . . | SQ n i ⊕ DS = h SQ | . . . | SQ n | SQ | . . . | SQ n | SQ | . . . | SQ n i = DS ⊕ h SQ | . . . | SQ n | SQ | . . . | SQ n i = DS ⊕ ( DS ⊕ DS ) (cid:3) Lemma 27. ( SQ ⊙ SQ SQ ) ⊙ SQ SQ = SQ ⊙ SQ ( SQ ⊙ SQ SQ ) Proof.
Let SQ = [ s · A · . . . · A n · s n ] , SQ = [ s · A · . . . · A n · s n ] , and SQ = [ s · A · . . . · A n · s n ] . ( SQ ⊙ SQ SQ ) ⊙ SQ SQ = [ s · A · . . . · A n · s n · s · A · . . . · A n · s n ] ⊙ SQ SQ = [ s · A · . . . · A n · s n · s · A · . . . · A n · s n · s · A · . . . · A n · s n ] = SQ ⊙ SQ [ s · A · . . . · A n · s n · s · A · . . . · A n · s n ] = SQ ⊙ SQ ( SQ ⊙ SQ SQ ) (cid:3) Lemma 28. ( DS ⊙ DS ) ⊙ DS = DS ⊙ ( DS ⊙ DS ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:49 Proof.
Let DS = h SQ | . . . | SQ n i , DS = h SQ | . . . | SQ n i , and DS = h SQ | . . . | SQ n i . ( DS ⊙ DS ) ⊙ DS = h SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n i = h( SQ ⊙ SQ SQ ) ⊙ SQ SQ | . . . | . . . | . . . |( SQ n ⊙ SQ SQ n ) ⊙ SQ SQ n i = h SQ ⊙ SQ ( SQ ⊙ SQ SQ ) | . . . | . . . | . . . | SQ n ⊙ SQ ( SQ n ⊙ SQ SQ n )i = DS ⊙ SQ h SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n i = DS ⊙ ( DS ⊙ DS ) (cid:3) Lemma 29. hi ⊕ DS = DS Proof.
By inspection. (cid:3)
Lemma 30. DS ⊕ hi = DS Proof.
By inspection. (cid:3)
Lemma 31. h[ ϵ ]i ⊙ DS = DS Proof.
By inspection, [ ϵ ] ⊙ SQ SQ = SQ .Let DS = h SQ | . . . | SQ n i . h[ ϵ ]i ⊙ DS = h[ ϵ ] ⊙ SQ SQ | . . . | [ ϵ ] ⊙ SQ SQ n i = h SQ | . . . | SQ n i = DS (cid:3) Lemma 32. DS ⊙ h[ ϵ ]i = DS Proof.
Done similarly to Lemma 31. (cid:3)
Lemma 33. hi ⊙ DS = hi Proof.
By inspection. (cid:3)
Lemma 34. DS ⊙ hi = hi Proof.
By inspection. (cid:3)
Lemma 35. ( DS ⊕ DS ) ⊙ DS = ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) Proof.
Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i . ( DS ⊕ DS ) ⊙ DS = ( SQ | . . . | SQ n | SQ | . . . | SQ n ) ⊙ h SQ | . . . | SQ n i . So, throughapplication of ⊙ , h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i .This equals h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i ⊕h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i , which is ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) (cid:3) Lemma 36. h SQ i ⊙ ( DS ⊕ DS ) = (h SQ i ⊙ DS ) ⊕ (h SQ i ⊙ DS ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :50 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Proof.
Let DS = h SQ | . . . | SQ n i . Let DS = h SQ | . . . | SQ n i . h SQ i ⊙ ( DS ⊕ DS ) = h SQ i ⊙ (h SQ | . . . | SQ n i ⊕ h SQ | . . . | SQ n i) . So, throughapplication of ⊙ , h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n i . Thisequals h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n i ⊕ h SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n i , which throughthe definitions, equals (h SQ i ⊙ DS ) ⊕ (h SQ i ⊙ DS ) . (cid:3) Lemma 37 ( ≡ s is finer than ≡ ) . If S ≡ s T , then S ≡ T Proof.
By induction on the derivation of ≡ s Case + Ident ) . Through the use of ≡ ’s + Ident . Case R ) . Through the use of ≡ ’s R . Case L ) . Through the use of ≡ ’s L . Case · Assoc ) . Through the use of ≡ ’s · Assoc . Case | Assoc ) . Through the use of ≡ ’s | Assoc . Case | Comm ) . Through the use of ≡ ’s | Comm . Case
Dist R ) . Through the use of ≡ ’s Dist R . Case
Dist L ) . Through the use of ≡ ’s Dist L . Case · Ident L ) . Through the use of ≡ ’s · Ident L . Case
10 ( · Ident R ) . Through the use of ≡ ’s · Ident R . Case
11 (
Unrollstar L ) . Let S ≡ s T through an application of Unrollstar L .So, without loss of generality, from symmetry, we can say S = S ′∗ and T = ϵ | ( S ′ · S ′∗ ) .Consider the derivations S ′ ≡ S ′ · ϵ S ′∗ ≡ ( S ′ · ϵ ) ∗ S ′ · ϵ ∗ ≡ ϵ | ( S ′ · ( ϵ · S ′ ) ∗ · ϵ ) S ′ · ( ϵ · S ′ ) ∗ · ϵ ≡ S ′ · ( ϵ · S ′ ) ∗ ϵ | ( S ′ · ( ϵ · S ′ ) ∗ · ϵ ) ≡ ϵ | ( S ′ · ( ϵ · S ′ ) ∗ ) S ′ · ϵ ≡ S ′ ··· ϵ | ( S ′ · ( ϵ · S ′ ) ∗ ) ≡ ϵ | ( S ′ · S ′∗ ) Through repeated application of equational theory transitivity, S ≡ T . Case
12 (
Unrollstar R ) . Let S ≡ s T through an application of Unrollstar L .So, without loss of generality, from symmetry, we can say S = S ′∗ and T = ϵ | ( S ′∗ · S ′ ) .Consider the derivations S ′ ≡ ϵ · S ′ S ′∗ ≡ ( ϵ · S ′ ) ∗ , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:51 ϵ · S ′∗ ≡ ϵ | ( ϵ · ( S ′ · ϵ ) ∗ · S ′ ) ϵ · ( S ′ · ϵ ) ∗ · S ′ ≡ ( S ′ · ϵ ) ∗ · S ′ ϵ | ( ϵ · ( S ′ · ϵ ) ∗ · S ′ ) ≡ ϵ | ( S ′ ( S ′ · ϵ ) ∗ ) S ′ · ϵ ≡ S ′ ··· ϵ | (( S ′ · ϵ ) ∗ · S ′ ) ≡ ϵ | ( S ′ · S ′∗ ) Through repeated application of equational theory transitivity, S ≡ T . (cid:3) B.5 Unambiguity Property Proofs
Unambiguity is critical in the typing derivations, so unambiguity proofs are similarly critical. Inthis section, we prove requirements for maintaining unambiguity. The bulk of the work for manyof these is proven in the language unambiguity proofs in Subsection B.2. However, this combinesthese together to prove things like unambiguity is maintained through application of the defini-tional equivalence rules.
Lemma 38. If S | T be strongly unambiguous, then L( S ) ∩ L( T ) = {} , and both S and T arestrongly unambiguous. Proof. If S | T is strongly unambiguous, then either L( S | T ) = {} , or L( S ) ∩ L( T ) = {} , and S and T are both strongly unambiguous.If the latter, then we are done.If the former, then both L( S ) = {} and L( T ) = {} . This means they are both strongly unam-biguous. Furthermore, {} ∩ {} = {} , so L( S ) ∩ L( T ) = {} . (cid:3) Lemma 39.
Let S ≡ s T . If S is strongly unambiguous, then T is strongly unambiguous. Proof. If L( S ) = {} , then L( T ) = {} , by Lemma 37.For the case where L( S ) , {} , we proceed by induction on the derivation of equivalence of S and T . Case + Ident left to right) . Let the last step of the derivation be + Ident left to right. S ≡ s S | ∅ . ∅ is strongly unambiguous, as its language is empty. S is strongly unambiguous by assumption L( S ) ∩ L(∅) = L( S ) ∩ {} = ∅ , so T is strongly unambiguous. Case + Ident right to left) . Let the last step of the derivation be + Ident right to left. T | ∅ ≡ s T .If L( T | ∅) = {} then L( T ) = {} , so T is strongly unambiguous.Otherwise T is strongly unambiguous, which is what is desired. Case R both directions) . Let the last step of the derivation be R . The language of bothsides is {} , by Lemma 37. Case L both directions) . Let the last step of the derivation be L . The language of bothsides is {} , by Lemma 37. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :52 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case · Assoc left to right) . Let the last step of the derivation be · Assoc left to right. ( S · S ) · S ≡ s S · ( S · S ) Because S is strongly unambiguous. S · ! S and ( S · S ) · ! S Let s , t ∈ S , let s , t ∈ S , and let s · s = t · t . Consider s in S which exists as L( S ) , {} . ( s · s ) · s = ( s · t ) · t , so s = t and s · s = s · t , so s = t .Let s · s ∈ S · S , t · t ∈ S · S , s , t ∈ S , and let s · ( s · s ) = t · ( t · t ) . This means ( s · s ) · s = ( t · t ) · t ) .So by assumption, s = t , and s · s = t · t . So by assumption, s = t and s = t . So, s · s = t · t , and s = t . Case · Assoc right to left) . Very similarly to left to right.
Case | Assoc left to right) . S | ( S | S ) ≡ s ( S | S ) | S . L( S ) ∩ L( S | S ) = {} . This means that L( S ) ∩ (L( S ) ∪ L( S )) = {} , so through distributivity, L( S ) ∩ L( S ) ∪ L( S ) ∩ L( S ) = {} . This means L( S ) ∩ L( S ) = {} and L( S ) ∩ L( S ) = {} .If L( S | S ) = {} , then the language of each is empty, so they are each strongly unambiguous.This means S | S is strongly unambiguous.Furthermore, L( S ) ∩ L( S ) ∪ L( S ) ∩ L( S ) = {} as each of the intersections is empty. So thewhole thing is unambiguous. Case | Assoc right to left) . Done very similarly to the left to right case.
Case | Comm ) . S | S ≡ s S | S So if the languages are empty, then they are both empty.Otherwise, S is strongly unambiguous, and S is strongly unambiguous, and L( S )∩L( S ) = {} .So L( S ) ∩ L( S ) = {} , and so S | S is strongly unambiguous. Case
10 (
Dist R left to right) . S · ( S | S ) ≡ s ( S · S ) | ( S · S ) .If L( S · ( S | S )) = {} , then ( S · S ) | ( S · S ) = {} , and we are done.If the language is nonempty, so too are the languages of each side, so S is nonempty, and S | S is nonempty, and S is strongly unambiguous, and S | S is strongly unambiguous. S | S being strongly unambiguous implies S is strongly unambiguous, S is strongly unam-biguous, and L( S ) ∩ L( S ) = {} , by Lemma 38.Let s , t ∈ L( S ) , s , t ∈ L( S ) , s · s = t · t . s . Then t ∈ L( S | S ) , and t ∈ L( S | S ) . Byassumption of strong unambiguity, where the languages are not empty, s = s anc t = t .Similarly for s , t ∈ L( S ) , s , t ∈ L( S ) .Assume there exists some s ∈ L( S · S ) ∩ L( S · S ) . This means s = s · s , for s ∈ L( S ) and s ∈ L( S ) , uniquely. It means s = t · t , for t ∈ L( S ) and t ∈ L( S ) . From assumption, as s ∈ L( S · ( S | S )) , s = t and s = t . Contradiction, as L( S ) ∩ L( S ) = {} . So there is no stringin the intersection, or in other words L( S · S ) ∩ L( S · S ) = {} As such, ( S · S ) | ( S · S ) is strongly unambiguous Case
11 (
Dist R right to left) . ( S · S ) | ( S · S ) ≡ s S · ( S | S ) .If L( S ) = {} , then the language of the entire S is empty, and we are done. Otherwise assume L( S ) , {} .From assumption S · S is strongly unambiguous, S · S is strongly unambiguous, and L( S · S ) ∩ L( S · S ) = {} .Assume there exists some s ∈ L( S ) ∩ L( S ) . Let s ∈ L( S ) . This makes s · s ∈ L( S · S ) ∩L( S · S ) . This is a contradiction, so L( S ) ∩ L( S ) = {} .Let s , t ∈ L( S ) . Let s , t ∈ L( S | S ) . Let s · s = t · t . Assume s ∈ L( S ) . Then t ∈ L( S ) ,as otherwise S is not strongly unambiguous. So as s · s ∈ L( S · S ) , and t · t ∈ L( S · S ) , byassumption, s = t , and s = t . If s < L( S ) , then s ∈ L( S ) , and the same argument applies. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:53 Case
12 (
Dist L both directions) . Proceeds the same as
Dist R . Case
13 ( · Ident L left to right) . ϵ · S ′ ≡ s S ′ If they have empty languages, we are done.If nonempty, then S ′ is strongly unambiguous, and we are done. Case
14 ( · Ident L right to left) . S ′ ≡ s ϵ · S ′ Both S ′ and ϵ are strongly unambiguous, by assumption and definition, respectively.Furthermore, let s , t ∈ L( ϵ ) , and s , t ∈ L( S ′ ) , and s · s = t · t s = t = ϵ , so s = t , whichmakes s = t . Case
15 ( · Ident R both directions) . Very similar to · Ident L . Case
16 (
Unrollstar L left to right) . S ′∗ ≡ s ϵ | ( S ′ · S ′∗ ) Let s ∈ L( ϵ ) ∩ L( S ′ · S ′∗ ) . So s = ϵ . So ϵ ∈ L( S ′ ) . Contradiction, as if ϵ in L( S ′ ) , then if s · s n = t · t m , n no longer must equal m , as arbitrarily many ϵ s can be input. ϵ is strongly unambiguous.If L( S ′ ) = ∅ , then S ′ · S ′∗ also has an empty language, and is strongly unambiguous.If the language is nonempty, S ′ is strongly unambiguous.Let s , s ∈ L( S ′ ) , t , t ∈ L( S ′∗ ) . Let s · t = t · t . t = t · . . . · t n and t = t · . . . · t m , where t i , t i ∈ L( S ′∗ ) . Consider s · t · . . . · t n and s · t · . . . · t m . As S ′ is unambiguously iterable, n + = m +
1, and s = s and t i = t i . This means that t = t . So Reдex ′ is unambiguouslyconcatenable with S ′∗ . Case
17 (
Unrollstar L right to left) . ϵ | ( S ′ · S ′∗ ) ≡ s S ′∗ If L( S ′ ) = {} , then it is vacuously unambiguously concatenable, and S ′ is strongly unambiguous,so S ′∗ is strongly unambiguous.Let L( S ′ ) not be empty.Let s · . . . · s n = t · . . . · t m , and s i , t i ∈ L( S ′ ) . We want to show that n = m and s i = t i . This canbe done by induction on n .If n =
0, then m =
0, as otherwise m >
0, which would imply that ϵ ∈ L( S ′ ) , making S notstrongly unambiguous.If n ,
0, then by the unambiguous concatenability of S ′ and S ′∗ , s = t , and s · . . . · s n = t · . . . · t n ,and the IH applies. Case
18 (
Unrollstar R both directions) . Done similarly to
Unrollstar L . Case
19 (All structural cases) . As ≡ s is finer than ≡ , the subparts will have the same languages. Ifthe language of S is empty, then we are done, otherwise, each subpart will be strongly unambigu-ous, by the induction hypothesis. As the top level unambiguity condition is based on the language,and the languages of the subparts are equal, the top level unambiguity condition will be satisfied. Case
20 (Transitivity of Equational Theory) . If S ≡ s S ′ and S ≡ s T , then by IH, S ′ is stronglyunambiguous, and by IH again, T is strongly unambiguous. (cid:3) Lemma 40. If DS ⊙ ( DS ⊕ DS ) is strongly unambiguous, then ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) isstrongly unambiguous. Proof.
Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :54 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic DS ⊕ DS = h SQ | . . . | SQ n | SQ | . . . | SQ n i . DS ⊙ ( DS ⊕ DS ) = h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i . Asthis is strongly unambiguous, SQ i ⊙ SQ SQ j , k is strongly unambiguous for all i , j , k . Furthermore,by strong unambiguity, if ( i , j , k ) , ( i , j , k ) , then SQ i ⊙ SQ SQ j , k ∩ SQ i ⊙ SQ SQ j , k . ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) = h SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . SQ n ⊙ SQ SQ n i From before, if ( i , j , k ) , ( i , j , k ) , then SQ i ⊙ SQ SQ j , k ∩ SQ i ⊙ SQ SQ j , k = {} . Furthermore,each SQ i ⊙ SQ SQ j , k is still strongly unambiguous for all i , j , k , so ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) isstrongly unambiguous.The same process can be repeated to show that assumping ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) is stronglyunambiguous, we can show DS ⊙ ( DS ⊕ DS ) is strongly unambiguous. (cid:3) B.6 Rewrite Equivalence Proofs
This subsection goes through equivalence associated with the rewrites. In this section, proofsof rewrites not altering the language are proven. Furthermore, it is shown that the DefinitionalEquivalence Rules are finer than the base axioms. We prove that both ⇓ and ⇑ maintain unambigu-ity. Parallel Rewrites with Swap are shown to be equivalent to the definitional equivalence rules.We prove that the reflexive and transitive closure of rewrites is equivalent in expressibility to thereflexive and transitive closure of parallel rewrites. Lastly, we prove that if the DNF versions oftwo regular expressions are can be written to each other, then those two regular expressions aredefinitionally equivalent. Lemma 41 (Single Rewrites Respecting Language) . • If A → A DS , then L( A ) = L( DS )• If DS → DT , then L( DS ) = L( DT ) Proof.
By mutual induction on the derivation of → and → A Case
Atom Unrollstar L ) . DS ∗ → A h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Let ⇑ DS = S . S ∗ ≡ ϵ | ( S · S ∗ ) , by Lemma 37. By Theorem 1, L(⇓ S ∗ ) = L(⇓ ( ϵ | ( S · S ∗ ))) . So L(D((⇓ S ) ∗ )) = L(⇓( ϵ | ( S · S ∗ ))) . So by Lemma 21, and application of ⇓ , L( DS ∗ ) = L(h[ ϵ ]i ⊕ DS ⊙ D(( DS ∗ ))) , asdesired. Case
Atom Unrollstar R ) . DS ∗ → A h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ) Let ⇑ DS = S . S ∗ ≡ ϵ | ( S · S ∗ ) , by Lemma 37. By Theorem 1, L(⇓ S ∗ ) = L(⇓ ( ϵ | ( S ∗ · S ))) . So L(D((⇓ S ) ∗ )) = L(⇓( ϵ | ( S ∗ · S ))) . So by Lemma 21, and application of ⇓ , L( DS ∗ ) = L(h[ ϵ ]i ⊕ D(( DS ∗ )) ⊙ DS ) , asdesired. Case
Atom Structural Rewrite ) . DS → DTDS ∗ → A D( DT ∗ ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:55 L( DS ) = L( DT ) , so L( DS ∗ ) = L( DT ∗ ) . Through application of Lemma 21, L( DS ∗ ) = L(D( DT ∗ )) . Case
DNF Structural Rewrite ) . A j → A DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n i →h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i As L(D( A j )) = L( DS ) , by IH and Lemma 21, and because the left side is the same as the right,except with D( A j ) replacing DS , the two languages are the same. (cid:3) Lemma 42 (Rewrites Respecting Language) . If DS → ∗ DT , then L( DS ) = L( DT ) Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS L( DS ) = L( DS ) so we’re done. Case
Base ) . DS → DTDS → ∗ DT By Lemma 41, as DS → DT , L( DS ) = L( DT ) . Case . DS → ∗ DS ′ DS ′ → ∗ DTDS → ∗ DT By IH, L( DS ) = L( DS ′ ) . By IH, L( DS ′ ) = L( DT ) . So L( DS ) = L( DT ) . (cid:3) Lemma 43. If ⇓ S = hi , and S ≡ T , then ⇓ T = hi . Proof.
By induction on the proof of equivalence
Case . Then T = S , so ⇓ T = ⇓ S = hi . Case + Ident left to right) . S ≡ S | ∅ . ⇓( S | ∅) = ⇓ S ⊕ ⇓∅ = hi ⊕ hi . Case + Ident right to left) . T ≡ T | ∅ . ⇓ ( T | ∅) = hi . So by definition, ⇓ T ⊕ ⇓ ∅ = hi . Again bydefinition, ⇓ T ⊕ hi = hi . So by Lemma 30, ⇓ T = hi Case R left to right) . T = ∅ so ⇓ T = hi Case R right to left) . T = S · ∅ , so ⇓ T = ⇓ S ⊙ ⇓∅ = ⇓ S ⊙ hi , so by Lemma 33, ⇓ T = hi . Case L both directions) . Done similarly to R . Case · Assoc left to right) . ( S · S ) · S ≡ S · ( S · S ) . Throguh definitions, and Lemma 27, hi = ⇓(( S · S ) · S ) = (⇓ S ⊙ ⇓ S )⊙ ⇓ S ) = ⇓ S ⊙ (⇓ S ⊙ ⇓ S ) = ⇓( S · ( S · S )) Case · Assoc right to left) . Analogously to left to right
Case | Assoc left to right) . ( S | S ) | S ≡ S | ( S | S ) . Through definitions, and Lemma 26, hi = ⇓(( S | S ) | S ) = (⇓ S ⊕ ⇓ S )⊕ ⇓ S ) = ⇓ S ⊕ (⇓ S ⊕ ⇓ S ) = ⇓( S | ( S | S )) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :56 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case
10 ( | Assoc right to left) . Analogously to left to right
Case
11 ( | Comm ) . S | S ≡ S | S . hi = ⇓ ( S | S ) = ⇓ S ⊕ ⇓ S . By the definition of ⊕ , ⇓ S = hi ,and ⇓ S = hi . ⇓( S | S ) = ⇓ S ⊕ ⇓ S = hi ⊕ hi = hi . Case
12 (
Dist R left to right) . S · ( S | S ) ≡ ( S · S ) | ( S · S )⇓ S · ( S | S ) = ⇓ S ⊙ (⇓ S ⊕ ⇓ S ) = hi . By the definition of ⊙ , this means ⇓ S = hi , or ⇓ S ⊕ ⇓ S = hi .If ⇓ S = hi , then by Lemma 33, ⇓ S ⊙ ⇓ S = hi and ⇓ S ⊙ ⇓ S = hi , so ⇓(( S · S ) | ( S · S ) = (⇓ S ⊙ ⇓ S )⊕ ⇓ S ⊙ ⇓ S = hi .If ⇓ S ⊕ ⇓ S = hi , then by definition of ⊕ , ⇓ S = hi and ⇓ S = hi . By Lemma 34, ⇓ S ⊙ ⇓ S = hi and ⇓ S ⊙ ⇓ S = hi , so ⇓(( S · S ) | ( S · S ) = (⇓ S ⊙ ⇓ S )⊕ ⇓ S ⊙ ⇓ S = hi . Case
13 (
Dist R right to left) . ( S · S ) | ( S · S ) ≡ S · ( S | S )⇓ (( S · S ) | ( S · S )) = (⇓ S ⊙ ⇓ S ) ⊕ (⇓ S ⊙ ⇓ S ) = hi . By the definition of ⊕ , this means ⇓ S ⊙ ⇓ S = hi , and ⇓ S ⊙ ⇓ S = hi .As ⇓ S ⊙ ⇓ S = hi .If ⇓ S = hi , then by Lemma 33, ⇓ S ⊙ (⇓ S ⊕ ⇓ S ) = hi , so S · ( S | S ) = hi .If ⇓ S , hi , then ⇓ S = hi and ⇓ S = hi . This means ⇓ S ⊕ ⇓ S = hi . So, by Lemma 33, ⇓ S ⊙ (⇓ S ⊕ ⇓ S ) = hi , so ⇓( S · ( S | S )) . Case
14 (
Dist L both directions) . Proceeds analogously to
Dist R . Case
15 ( · Ident L left to right) . ϵ · T ≡ T . By assumption, ⇓ ( ϵ · T ) = hi This means ⇓ ϵ ⊙ ⇓ T = hi .By Lemma 31, ⇓ ϵ ⊙ ⇓ T = ⇓ T , so ⇓ T = hi . Case
16 ( · Ident L right to left) . S ≡ ϵ · S . By assumption, ⇓ S = hi . By Lemma 31, ⇓ ( ϵ · S ) = ⇓ S , so ⇓ S = hi . Case
17 ( · Ident R both dierections) . Done analogously to · Ident L . Case
18 (
Sumstar , Prodstar , Starstar , Dicyc , Structural
Star
Equality) . In all of these cases, theregular expression on the left is of the form S ′∗ , for some S ′ . ϵ ∈ S ′∗ for all S ′ . However, L(hi) = {} ,and by Theorem 1, L(⇓ S ) = L( S ) . This means that ⇓ S ′∗ , hi , for all S ′ , so these rules do not apply. Case
19 (Structural Or Equality) . S ≡ T S ≡ T S | S ≡ T | T ⇓ ( S | S ) = ⇓ S ⊕ ⇓ S = hi . By the definition of ⊕ , ⇓ S = hi and ⇓ S = hi . So, by induction, ⇓ T = hi and ⇓ T = hi . So ⇓ T ⊕ ⇓ T = ⇓( T | T ) = hi . Case
20 (Structural
Concat
Equality) . S ≡ T S ≡ T S · S ≡ T · T ⇓ ( S · S ) = ⇓ S ⊙ ⇓ S = hi . By the definition of ⊙ , ⇓ S = hi or ⇓ S = hi . So, by induction, ⇓ T = hi or ⇓ T = hi . So ⇓ T ⊙ ⇓ T = ⇓( T · T ) = hi . Case
21 (Transitivity of Equational Theories) .S ≡ S ′ S ′ ≡ TS ≡ T By IH, ⇓ S ′ = hi . So, by IH, ⇓ T = hi . (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:57 Lemma 44. If L( S ) = {} , then ⇓ S = hi Proof.
L(∅) = {} . We know L( S ) = {} , so S ≡ ∅ . ⇓∅ = hi . So, by Lemma 43, ⇓ S = hi . (cid:3) Lemma 45. If S is strongly unambiguous as a regular expression, then ⇓ S is strongly unambiguousas a DNF regular expression. Proof.
We proceed by induction.
Case
Base ) . ⇓ s = h[ s ]i , which is strongly unambiguous. Case
Empty ) . ⇓∅ = hi , which is strongly unambiguous. Case
Star ) . Let S = ⇓( S ′∗ ) be strongly unambiguous. ⇓( S ′∗ ) = D((⇓ S ′ ) ∗ ) By IH, ⇓ S ′ is stronglyunambiguous. Furthermore, L( S ′ ) = L(⇓ S ′ ) is unambiguously iterable, so (⇓ S ′ ) ∗ is stronglyunambiguous. This means that D((⇓ S ′ ) ∗ ) is strongly unambiguous. Case
Concat ) . Let S = S · S be strongly unambiguous.If L( S ) = {} , by Lemma 44, ⇓ S = hi , which is strongly unambiguous.Let ⇓ S = h SQ | . . . | SQ n i . Let ⇓ S = h TQ | . . . | TQ m i . If L( S ) , {} , this means that L(⇓ S ) , {} , and L(⇓ S ) , {} . This means that SQ i is nonempty, and so is TQ i , for all i . Furthermore,as S is strongly unambiguous, and L( S ) , {} , S and S are strongly unambiguous, which meansso too are h SQ | . . . | SQ n i and h TQ | . . . | TQ m i , and so too are SQ i and TQ i .As ⇓ S · ! ⇓ S , i , j ⇒ SQ i ∩ SQ j = ∅ , and i , j ⇒ TQ i ∩ TQ j = ∅ I know from Lemma 9, ( i , j ) , ( i , j ) ⇒ L( SQ i ⊙ SQ j ) ∩ L( SQ i ⊙ SQ j ) = {} . and L( SQ i ) · ! L( TQ j ) .Let SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] and TQ i = [ t i ,0 · B i ,1 · . . . · B i , n i · t i , n i ] . · ! ( s i ,0 , A i ,1 , . . . , A i , n i , s i , n i )· ! ( t i ,0 , B i ,1 , . . . , B i , n i , t i , n i ) Furthermore, SQ i and TQ i have nonempty languages. By Lemma 8, · ! ( s i ,0 , A i ,1 , . . . , A i , n i , s i , n i · t j ,0 , B j ,1 , . . . , B j , n j , t j , n j ) As SQ i and TQ i are strongly unambiguous, we know A i , j and B i , j are strongly unambiguous. So,as · ! ( s i ,0 , A i ,1 , . . . , A i , n i , s i , n i · t j ,0 , B j ,1 , . . . , B j , n j , t j , n j ) , SQ i ⊙ TQ j is strongly unambiguous.Furthermore, as SQ i ⊙ TQ j is strongly unambiguous and ( i , j ) , ( i , j ) ⇒ L( SQ i ⊙ SQ j ) ∩L( SQ i ⊙ SQ j ) = {} , then h SQ ⊙ TQ | . . . | SQ n ⊙ TQ m i . Case Or ) . Let S = S | S be strongly unambiguous.If L( S ) = {} , by Lemma 44, ⇓ S = hi , which is strongly unambiguous.Otherwise, S and S are strongly unambiguous, and L( S ) ∩ L( S ) = {} . This means ⇓ S and ⇓ S are also strongly unambiguous, by IH.Let ⇓ S = h SQ | . . . | SQ n i . Let ⇓ S = h TQ | . . . | TQ n i . Let SQ ′ i = (cid:26) SQ i if i ≤ n TQ i − n otherwise .As ⇓ S and ⇓ S are strongly unambiguous, i , j ⇒ L( SQ i ) ∩ L( SQ j ) = {} and i , j ⇒L( TQ i ) ∩ L( TQ j ) = {} . Furthermore, as Ð i ∈[ n ] L( SQ i ) ∩ Ð j ∈[ m ] L( SQ j ) , from Lemma 10, i , j ⇒ L( SQ ′ i ) ∩ L( SQ ′ j ) = {} , and as each SQ i and TQ i is strongly unambiguous, ⇓ S ⊕ ⇓ S isstrongly unambiguous. (cid:3) Lemma 46. If DS = h SQ | . . . | SQ n i is strongly unambiguous, and for all i , ⇑ SQ i is stronglyunambiguous, then ⇑ DS is strongly unambiguous. Proof.
By induction on n Case n = . ⇑hi = ∅ , which is strongly unambiguous. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :58 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case n > . ⇑ SQ | . . . | SQ n = ⇑ SQ | . . . | SQ n − | ⇑ SQ n . By IH, ⇑ SQ | . . . | SQ n − is stronglyunambiguous. Furthermore, as DS is strongly unambiguous, by Lemma 10, L(⇑ SQ | . . . | SQ n − )∩ ⇑ SQ n = ∅ , so ⇑ SQ n is strongly unambiguous, so the entire thing is strongly unambiguous. (cid:3) Lemma 47. If SQ = [ s · A · . . . · A n · s n ] is strongly unambiguous, and for all i , ⇑ A i is stronglyunambiguous, then ⇑ SQ is strongly unambiguous. Proof.
By induction on n Case n = . ⇑[ s ] = s , which is strongly unambiguous. Case n > . ⇑ s · A · . . . · A n · s n = ⇑ s · A · . . . · A n − · s n − · ⇑ A n · ⇑ s n . From ⇑ A n and ⇑ s n , weknow ⇑ A n · ! s n because the second part will always be s n , so the first part must be the same. ByIH, ⇑ SQ | . . . | SQ n − is strongly unambiguous. Furthermore, as SQ is strongly unambiguous, byLemma 8, L(⇑ s · A · . . . · A n − · s n − ) · ! (⇑ A n · ⇑ s n ) , so as each side is also is strongly unambiguous,the entire thing is strongly unambiguous. (cid:3) Lemma 48. • If DS is strongly unambiguous as a DNF regular expression, then ⇑ DS is strongly unam-biguous as a regular expression • If SQ is strongly unambiguous as a sequence, then ⇑ SQ is strongly unambiguous as asequence • If A is strongly unambiguous as an atom, then ⇑ A is strongly unambiguous as an atom Proof.
Case
MultiOr ) . Let DS = h SQ | . . . | SQ n i . By IH, ⇑ SQ i is strongly unambiguous. By Lemma 46, ⇑ DS is strongly unambiguous. Case
MultiConcat ) . Let SQ = [ s · A · . . . · A n · s n ] . By IH, ⇑ A i is strongly unambiguous. ByLemma 47, ⇑ SQ is strongly unambiguous. Case . Let A = DS ∗ . By IH, ⇑ DS is strongly unambiguous. As DS ∗ is stronglyunambiguous, DS ∗ ! , so L( DS ) ∗ ! , so (⇑ DS ) ∗ ! . So DS ∗ is strongly unambiguous. (cid:3) Definition 13 (Parallel Rewriting Without Reordering) . Atom Unrollstar L DS ∗ → k A h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) Atom Unrollstar R DS ∗ → k A h[ ϵ ]i ⊕ (h[ DS ∗ ]i ⊙ DS ) Parallel Atom Structural Rewrite DS → k DS ′ DS ∗ → k A h[ DS ′∗ ]i Parallel DNF Structural Rewrite DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n Identity Rewrite DS → k DS , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:59 Definition 14 (Parallel Rewriting With Reordering) . Atom Unrollstar L DS ∗ → k swapA h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) Atom Unrollstar R n DS ∗ → k swapA h[ ϵ ]i ⊕ (h[ DS ∗ ]i ⊙ DS ) Parallel Swap Atom Structural Rewrite DS → k swap DS ′ DS ∗ → k swapA h[ DS ′∗ ]i DNF Reorder σ ∈ S n h SQ | . . . | SQ n i → k swap h SQ σ ( ) | . . . | SQ σ ( n ) i Parallel Swap DNF Structural Rewrite DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k swapA DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k swap DS ⊕ . . . ⊕ DS n Identity Rewrite DS → k swap DS Lemma 49 ( → k Maintained Under Iteration) . Let DS → k DT , then h[ DS ∗ ]i → k h[ DT ∗ ]i . Proof.
Consider the derivation DS → k DTDS ∗ → k A h[ DT ∗ ]ih[ DS ∗ ]i → k h[ DT ∗ ]i (cid:3) Lemma 50. If DS → k DS through an application of Identity Rewrite , then DS → k DS through anapplication of Parallel DNF Structural Rewrite . Proof.
Let DS → k DS through an application of Identity Rewrite .Let DS = h SQ | . . . | SQ n i . Let SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] . By Lemma 70, A i , j → k A D( A i , j ) .Define DS i , j as D( DS i , j ) Define DS i as h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i , so as DS i , j = D( A i , j ) , through the definitionof ⊙ , DN FReдex i = h SQ i i .By the definition of ⊕ , h SQ i ⊕ . . . ⊕ h SQ n i = h SQ | . . . | SQ n i = DS . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n So DS → k DS , with the final rule being an application of Identity Rewrite . (cid:3) Lemma 51 ( → k Maintained Under ⊕ ) . Let DS → k DS ′ and DT → k DT ′ then DS ⊕ DT → k DS ′ ⊕ DT ′ . Proof.
By Lemma 50, a derivation with the final rule being an application of
Identity Rewrite ,can be converted into a derivation with the final rule being an application of
Parallel DNF Struc-tural Rewrite . So we can assume that the final rule of each is an application of
Parallel DNFStructural Rewrite . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n , Vol. 1, No. 1, Article 1. Publication date: October 2017. :60 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic DT = h TQ | . . . | SQ m i ∀ i . TQ i = [ t i ,0 · B i ,1 · . . . · B i , m i · t i , m i ] ∀ i , j . B i , j → k A DT i , j ∀ i . DT i = h[ t i ,0 ]i ⊙ DT i ,1 ⊙ . . . ⊙ DT i , n i ⊙ h[ t i , n i ]i DT → k DT ⊕ . . . ⊕ DT n Define A ′′ i , j = (cid:26) A i , j if i ≤ n B i − n , j if i > n Define s ′′ i , j = (cid:26) s i , j if i ≤ n t i − n , j if i > n Define n ′′ i = (cid:26) n i if i ≤ nm i − n if i > n Define SQ ′′ i = [ s ′′ i ,0 · A ′′ i ,1 · . . . · A ′′ i , n ′′ i · s ′′ i , n ′′ i ] . By inspection, SQ ′′ i = (cid:26) SQ i if i ≤ n TQ i − n if i > n .Define DS ′′ = h SQ ′′ | . . . | SQ ′′ n + m i . By inspection, DS ′′ = DS ⊕ DT .Define DS ′′ i , j = (cid:26) DS i , j if i ≤ n DT i − n , j if i > n . By inspection A ′′ i , j → k DS ′′ i , j .Define DS ′′ i as h[ s ′′ i ,0 ]i ⊙ DS ′′ i ,1 ⊙ . . . ⊙ DS ′′ i , n ′′ i ⊙ h[ s ′′ i , n ′′ i ]i . By inspection, DS ′′ i = (cid:26) DS i if i ≤ n DT i − n if i > n .This means that DS ′′ ⊕ . . . ⊕ DS ′′ n + m = ( DS ⊕ . . . ⊕ DS n ⊕ DT ⊕ . . . ⊕ DT m ) = DS ′ ⊕ DT ′ .Consider the derivation DS ′′ = h SQ ′′ | . . . | SQ ′′ n + m i ∀ i . SQ ′′ i = [ s ′′ i ,0 · A ′′ i ,1 · . . . · A ′′ i , n ′′ i · s ′′ i , n ′′ i ] ∀ i , j . A ′′ i , j → k A DS ′′ i , j ∀ i . DS ′′ i = h[ s ′′ i ,0 ]i ⊙ DS ′′ i ,1 ⊙ . . . ⊙ DS ′′ i , n i ⊙ h[ s ′′ i , n ′′ i ]i DS ′′ → k DS ′′ ⊕ . . . ⊕ DS ′′ n + m (cid:3) Lemma 52 ( → k ∗ Maintained Under Iteration) . Let DS → k ∗ DT , then D( DS ∗ ) → k ∗ D( DT ∗ ) . Proof.
By induction on the derivation of → k ∗ . Case
Reflexivity ) . DS → k ∗ DS By reflexivity rule D( DS ∗ ) → k ∗ D( DS ∗ ) Case
Base ) . DS → k DTDS → k ∗ DT By Lemma 49, D( DS ∗ ) → k D( DT ∗ ) Consider the derivation D( DS ∗ ) → k D( DT ∗ )D( DS ∗ ) → k ∗ D( DT ∗ ) Case
Transitivity ) . DS → k ∗ DS ′ DS ′ → k ∗ DTDS → k ∗ DT , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:61 By IH, D( DS ∗ ) → k ∗ D( DS ′∗ ) and D( DS ′∗ ) → k ∗ D( DT ∗ ) . (cid:3) Lemma 53 (Equivalence of ⇑ ◦ ⇓ ) . (⇑ ◦ ⇓) S ≡ s S Proof.
By induction on the structure of
SCase
Base ) . (⇑ ◦ ⇓) s = ⇑ h[ s ]i = ∅ | s ∅ | s ≡ s s . Case
Empty ) . (⇑ ◦ ⇓)∅ = ⇑ hi = ∅∅ ≡ s ∅ . Case
Star ) . (⇑ ◦ ⇓) S ′∗ = ⇑h[ ϵ · (⇓ S ′ ) ∗ · ϵ ]i = ∅ | ( ϵ · ((⇑ ◦ ⇓) S ′ ) ∗ · ϵ ) Then, through application ofequational theory transitivity, + Ident , · Ident L , and · Ident R , We get (⇑ ◦ ⇓) S ′∗ ≡ s ((⇑ ◦ ⇓) S ′ ) ∗ . Byapplication of the IH, and transitivity, we get (⇑ ◦ ⇓) S ′∗ ≡ s S ′∗ Case
Concat ) . Let (⇑ ◦ ⇓)( S · S ) = ⇑ (⇓ S ⊙ ⇓ S ) . Let ⇓ S = h SQ | . . . | SQ n i and ⇓ S = h TQ | . . . | SQ m i . S ≡ s (⇑ ◦ ⇓)( S ) = (∅ | (⇑ SQ | ( . . . | (⇑ SQ n ) . . . ))) ≡ s ⇑ SQ | . . . | ⇑ SQ n and S ≡ s (⇑ ◦ ⇓)( S ) = (∅ | (⇑ TQ | ( . . . | (⇑ TQ m ) . . . ))) ≡ s ⇑ TQ | . . . | ⇑ TQ m .So by structural Concat identity, and transitivity, S · S ≡ s (⇑ SQ | . . . | ⇑ SQ n ) · (⇑ TQ | . . . | ⇑ TQ m ) .Through repeated application of Dist R and Dist L , S · S ≡ s (⇑ SQ · ⇑ TQ | . . . | ⇑ SQ n · ⇑ TQ m ) .Now, I want to show ⇑ SQ i · ⇑ TQ j ≡ s ⇑ ( SQ i ⊙ TQ j ) . Let SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] , and TQ j = [ t j ,0 · B j ,1 · . . . · A j , m j · s j , n j ] . ⇑( SQ i ⊙ SQ j ) = ⇑[ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i · t j ,0 · B j ,1 · . . . · A j , m j · s j , n j ] = s i ,0 · ( A i ,1 · ( . . . · s i , n i · t j ,0 · ( B j ,1 · ( . . . · ( A j , n j · s j , n j ) . . . )) . . . )) So through repeated application of · Assoc , ⇑( SQ i ⊙ SQ j ) ≡ s ( s i ,0 · ( A i ,1 · ( . . . · ( A i , n i · s i , n i ) . . . ))) · ( t j ,0 · ( B j ,1 · ( . . . · ( B j , n j · s j , n j ) . . . ))) .Because of this S · S ≡ s ⇑ ( SQ ⊙ TQ ) | . . . | ⇑ ( SQ n ⊙ TQ n ) . Through repeated applicationof | Assoc , and + Ident , S · S ≡ s ∅ | (⇑ ( SQ ⊙ TQ ) | . . . (⇑ ( SQ n ⊙ TQ m )) . . . ) . Furthermore, ∅ | (⇑( SQ ⊙ TQ ) | . . . (⇑( SQ n ⊙ TQ m )) . . . ) = ⇑ h SQ ⊙ SQ TQ | . . . | SQ n · TQ m i = (⇑ ◦ ⇓)( S · S ) as desired. Case Or ) . Let (⇑ ◦ ⇓)( S | S ) = ⇑ (⇓ S ⊕ ⇓ S ) . Let ⇓ S = h SQ | . . . | SQ n i and ⇓ S = h TQ | . . . | TQ m i . So (⇑ ◦ ⇓)( S | S ) = ⇑h SQ | . . . | SQ n | TQ | . . . | TQ m i = ∅ | (⇑ SQ | ( . . . | (⇑ TQ m ) . . . )) . Through applying associativity a lot, and + Ident once, I get (⇑ ◦ ⇓)( S | S ) = (∅ | (⇑ SQ | ( . . . | (⇑ SQ n ) . . . ))) | (∅ | (⇑ TQ | ( . . . | (⇑ TQ m ) . . . ))) . (⇑ ◦ ⇓)( S | S ) = (∅ | (⇑ SQ | ( . . . | (⇑ SQ n ) . . . ))) = (⇑ ◦ ⇓) S and (∅ | (⇑ TQ | ( . . . | (⇑ TQ m ) . . . ))) = (⇑ ◦ ⇓) S , so by IH (⇑ ◦ ⇓)( S | S ) = (∅ | (⇑ SQ | ( . . . | (⇑ SQ n ) . . . ))) ≡ s S and (∅ | (⇑ TQ | ( . . . | (⇑ TQ m ) . . . ))) ≡ s S .Through an application of structural Or equality, (∅ | (⇑ SQ | ( . . . | (⇑ SQ n ) . . . ))) | (∅ | (⇑ TQ | ( . . . | (⇑ TQ m ) . . . ))) ≡ s S | S , as desired. (cid:3) Lemma 54 (Equivalence of Preimage of ⇓ ) . If ⇓ S = ⇓ T , then S ≡ s T . Proof. ⇓ S = ⇓ T , so (⇑ ◦ ⇓) S = (⇑ ◦ ⇓) T . By Lemma 53, S ≡ s (⇑ ◦ ⇓) T ≡ s T (cid:3) Lemma 55 (Equivalence of Adjacent Swapping Permutation of Or ) . Let S | . . . | S n . Let σ i be anadjacent swapping permutation. S | . . . | S n ≡ s S σ i ( ) | . . . | S σ i ( n ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :62 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Proof. S | . . . | S n ≡ s ( S | . . . | S i − ) | ( S i | S i + ) | ( S i + | . . . | S n ) by repeated application ofassociativity. S i | S i + = S i + | S i by Or commutativity, so by Or structural equality, ( S | . . . | S i − ) | ( S i | S i + ) | ( S i + | . . . | S n ) ≡ s ( S | . . . | S i − ) | ( S i + | S i ) | ( S i + | . . . | S n )( S | . . . | S i − ) | ( S i + | S i ) | ( S i + | . . . | S n ) ≡ s S σ i ( ) | . . . | S σ i ( n ) by repeated application ofassociativity.So, by the transitivity of equational theories, S | . . . | S n ≡ s S σ i ( ) | . . . | S σ i ( n ) . (cid:3) Lemma 56 (Expressibility of → k swap in ≡ s Up To Preimage) . (1) If ⇓ S → k swap ⇓ T , then S ≡ s T .(2) If ⇓ S = h[ A ]i and A → k swapA ⇓ T then S ≡ s T . Proof.
By mutual induction on the derivation of → k swap and → k swapA . Case
Atom Unrollstar L ) . Let ⇓ S = h[ A ]i , and A → k swapA ⇓ T from Atom Unrollstar L . Thismeans that A = DS ∗ and ⇓ T = h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) .Let S ′ = ⇑ DS . As ⇓ S ′∗ = h[ DS ∗ ]i , then from Lemma 54, S ′∗ ≡ s S . Similarly, as ⇓( ϵ | ( S ′ · S ′∗ )) = h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) , then from Lemma 54, ϵ | ( S ′ · S ′∗ ) ≡ s T .So, through an application of UnrollstarLeftRule, S ≡ s S ′∗ ≡ s ϵ | ( S ′ · S ′∗ ) ≡ s T , as desired. Case
Atom Unrollstar R ) . Let ⇓ S = h[ A ]i , and A → k swapA ⇓ T from Atom Unrollstar R . Thismeans that A = DS ∗ and ⇓ T = h[ ϵ ]i ⊕ (h[ DS ∗ ]i ⊙ DS ) .Let S ′ = ⇑ DS . As ⇓ S ′∗ = h[ DS ∗ ]i , then from Lemma 54, S ′∗ ≡ s S . Similarly, as ⇓( ϵ | ( S ′∗ · S ′ )) = h[ ϵ ]i ⊕ (h[ DS ∗ ]i ⊙ DS ) , then from Lemma 54, ϵ | ( S ′∗ · S ′ ) ≡ s T .So, through an application of UnrollstarRightRule, S ≡ s S ′∗ ≡ s ϵ | ( S ′∗ · S ′ ) ≡ s T , as desired. Case
Parallel Swap Atom Structural Rewrite ) . Let ⇓ S = h[ A ]i , and A → k swapA ⇓ T Thismeans that A = DS ∗ and ⇓ T = h[ DT ])i where DS → k swap DT .Let ⇑ DS = S ′ and ⇑ DT = T ′ . By induction assumption, S ′ ≡ s T ′ . By structural equivalence, S ′∗ = T ′∗ . As ⇓ S ′∗ = h[ DS ∗ ]i , from Lemma 54, S ′∗ ≡ s S . As ⇓ T ′∗ = h[ DT ∗ ]i , from Lemma 54, T ′∗ ≡ s T . S ≡ s S ′∗ ≡ s T ′∗ ≡ s T , as desired. Case
DNF Reorder ) . Let ⇓ S → k swap ⇓ T , and the last step of the proof is an application of DNF Reorder . Let ⇓ S = h SQ | . . . | SQ n i . Then, for some σ ∈ S n , ⇓ T = h SQ σ ( ) | . . . | SQ σ ( n ) i . ⇑⇓ S = ⇑ SQ | . . . | ⇑ SQ n and ⇑⇓ T = ⇑ SQ σ ( ) | . . . | ⇑ SQ σ ( n ) . σ can then be broken down into a number of adjacent swapping permutations, σ i ◦ . . . ◦ σ i m = σ By Lemma 55, each σ i j can be applied to a sequence of Or s.Consider the derivation ⇑ SQ | . . . | ⇑ SQ n ≡ s ⇑ SQ | . . . | ⇑ SQ n ···⇑ SQ σ im ( ) | . . . | ⇑ SQ σ im ( n ) ≡ s ⇑ SQ | . . . | ⇑ SQ n ···⇑ SQ ( σ i ◦ ... ◦ σ im )( ) | . . . | ⇑ SQ ( σ i ◦ ... ◦ σ im )( n ) ≡ s ⇑ SQ | . . . | ⇑ SQ n So, by Lemma 54, S ≡ s ⇑⇓ S and ⇑⇓ T ≡ s T . Furthermore, ⇑⇓ S ≡ s ⇑⇓ T . So by the transitivity of anequational theory, S ≡ s T . Case
Identity Rewrite ) . Let ⇓ S → k swap ⇓ T by an application of Identity Rewrite . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:63 That means ⇓ S = ⇓ T .So, by Lemma 54, That means that S ≡ s ⇑⇓ S ≡ s TCase
Parallel Swap DNF Structural Rewrite ) . Let ⇓ S → k swap ⇓ T by an application of Parallel Swap DNF Structural Rewrite . ⇓ S = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k swapA DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i S → k swap DS ⊕ . . . ⊕ DS n ⇓ T = DS ⊕ . . . ⊕ DS n . A i , j → k swapA DS i , j , ⇓⇑D( A i , j ) = D( A i , j ) , and ⇓⇑ DS i , j = DS i , j , so by IH, ⇑D( A i , j ) ≡ s ⇑ DS i , j .Consider the regular expressions S i = s i ,0 · ⇑D( A i ,1 ) · . . . · ⇑D( A i , n i ) · s i , n i .Consider the regular expressions T i = s i ,0 · ⇑ DS i , j · . . . · ⇑ DS i , n i · s i , n i .By structural equality of Concat , S i ≡ s T i .Consider the regular expression S ′ = S ⊕ . . . ⊕ S n and the regular expression T ′ = T | . . . | T n .By structural equality of Or , S ′ ≡ s T ′ ⇓ S i = h[ s i ,0 ]i ⊙ D( A i ,1 ) ⊙ . . . ⊙ D( A i , n i ) ⊙ h[ s i , n i ]i = h[ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ]i = h SQ i i⇓ S ′ = ⇓ S ⊕ . . . ⊕ ⇓ S n = h SQ i ⊕ . . . ⊕ h SQ n i = h SQ | . . . | SQ n i . This means, by Lemma 54,that S ≡ s S ′ ⇓ T i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i = DS i . ⇓ T ′ = ⇓ T ⊕ . . . ⊕ ⇓ T n = DS ⊕ . . . ⊕ DS n . This means, by Lemma 54, that T ′ ≡ s T So, S ≡ s S ′ ≡ s T ′ ≡ s T , so by transitivity of equational theories, S ≡ s T . (cid:3) Lemma 57 (Expressibility of ≡ →k swap in ≡ s ) . If ⇓ S ≡ →k swap ⇓ T , then S ≡ s T . Proof.
By induction on the typing derivation of ≡ →k swap Case
Reflexivity ) . Let ⇓ S ≡ →k swap ⇓ T , and the last step of the derivation is an application of Reflexivity .This means ⇓ S = ⇓ T . That means ⇑⇓ S = ⇑⇓ T . By Lemma 54, S ≡ s ⇑⇓ S . By Lemma 54, ⇑⇓ T ≡ s = T .By the transitivity of equational theories, S ≡ s T . Case
Base ) . Let ⇓ S ≡ →k swap ⇓ T , and the last step of the derivation is an application of Base .This means that ⇓ S → k swap ⇓ T .By Lemma 56, S ≡ s T . Case
Symmetry ) . Let ⇓ S ≡ →k swap ⇓ T , and the last step of the derivation is an application of Base .This means that ⇓ S → k swap ⇓ T .By Lemma 56, S ≡ s T . (cid:3) Lemma 58 (Propagation of → k swap through ⊕ on the left) . If DS → k swap DS ′ , then DS ⊕ DT → k swap DS ′ ⊕ DT Proof.
This will be done by cases on the last step of the derivation of → k swap Case
DNF Reorder ) . Let DS → k swap DS ′ by an application of DNF Reorder . This means, forsome SQ , . . . , SQ n , and some σ ∈ S n , DS = h SQ | . . . | SQ n i and DS ′ = h SQ σ ( ) | . . . | SQ σ ( n ) i . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :64 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic The DNF regular expression DT = h TQ | . . . | TQ m i for some TQ , . . . , TQ m . Let id m be theidentity permutation on m elements. Define σ ′ = σ ⊙ id m . Define SQ ′ i = (cid:26) SQ i if i ≤ n TQ i − n otherwise . h SQ ′ | . . . | SQ ′ n + m i = DS ⊕ DT . h SQ ′ σ ′ ( ) | . . . | SQ ′ σ ′ ( n + m ) i = h SQ σ ( ) | . . . | SQ σ ( n ) | TQ | . . . | TQ m i = DS ′ ⊕ DT .Consider the derivation h SQ ′ | . . . | SQ ′ n + m i → k swap h SQ ′ σ ′ ( ) | . . . | SQ ′ σ ′ ( n + m ) i as desired. Case
Parallel Swap Atom Structural Rewrite ) . Let DS → k swap DS ′ by an application of Par-allel Swap Atom Structural Rewrite . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k swapA DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k swap DS ⊕ . . . ⊕ DS n Let DT = h TQ | . . . | TQ m i . Let TQ i = [ t i ,0 · B i ,1 · . . . · B i , m i · t i , m i ] .Let k i = (cid:26) n i if i ≤ nm i otherwiseLet SQ ′′ i = (cid:26) SQ i if i ≤ n TQ i − n otherwise . Let DS ′′ = DS ⊕ DT = h SQ ′′ | . . . | SQ ′′ n + m i . Let A ′′ i , j = (cid:26) A i , j if i ≤ n B i − n , j otherwise Let s ′′ i , j = (cid:26) s i , j if i ≤ n t i − n , j otherwiseLet DS ′′ i , j = (cid:26) DS i , j if i ≤ n D( B i − n , j ) otherwiseIf i ≤ n , by assumption A ′′ i , j = A i , j → k swapA DS i , j = DS ′′ i , j . If i > n , by Parallel Swap AtomStructural Rewrite , A ′′ i , j = B i − n , j → k swapA D( B i − n , j ) = DS ′′ i , j .Let DS ′′ i = (cid:26) DS i if i ≤ n h[ t i − n ,0 ]i ⊙ B i − n ,1 · . . . · ⊙ B i − n , m i ⊙ t i − n , m i otherwiseFor i > n , DS ′′ i = h[ t i − n ,0 ]i ⊙ B i − n ,1 · . . . · ⊙ B i − n , k i ⊙ t i − n , k i = h TQ i i through application of ⊙ onmany singleton DNF regular expressions. DS ′′ n + ⊕ . . . ⊕ DS ′′ n + m = h TQ i ⊕ . . . h TQ m i = h TQ | . . . | TQ m i through repeated applicationof ⊕ to singleton DNFs.As DS ′′ ⊕ . . . ⊕ DS ′′ n = DS ⊕ . . . ⊕ DS n = DS ′ , and DS ′′ n + ⊕ . . . ⊕ DS ′′ n + m = DT , we get DS ′′ ⊕ . . . ⊕ DS ′′ n + m = DS ′ ⊕ DT Consider the derivation DS ′′ = h SQ ′′ | . . . | SQ ′′ n + m i ∀ i . SQ ′′ i = [ s ′′ i ,0 · A ′′ i ,1 · . . . · A ′′ i , k i · s ′′ i , k i ] ∀ i , j . A ′′ i , j → k swapA DS ′′ i , j ∀ i . DS ′′ i = h[ s ′′ i ,0 ]i ⊙ DS ′′ i ,1 ⊙ . . . ⊙ DS ′′ i , n i ⊙ h[ s ′′ i , k i ]i DS ′′ → k swap DS ′′ ⊕ . . . ⊕ DS ′′ n + m as desired. (cid:3) Lemma 59 (Propagation of → k swap through ⊕ on the right) . If DS → k swap DS ′ , then DS ⊙ DT → k swap DS ′ ⊙ DT Proof.
Proceeds as Lemma 58, but on the right. (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:65
Lemma 60 (Propagation of ≡ →k swap through ⊕ on the left) . If DS ≡ →k swap DS ′ , then DS ⊕ DT ≡ →k swap DS ′ ⊕ DT Proof.
By induction on the last step of the derivation of DS ≡ →k swap DS ′ . Case
Reflexivity ) . If DS ≡ →k swap DS ′ through an application of Reflexivity , then DS ′ = DS .So, through reflexivity, DS ⊕ DT ≡ →k swap DS ⊕ DTCase
Base ) . If DS ≡ →k swap DS ′ through an application of Reflexivity , then DS ′ → k swap DS . FromLemma 58 DS ⊕ DT → k swap DS ′ ⊕ DT , so DS ⊕ DT ≡ →k swap DS ′ ⊕ DT . Case
Transitivity ) . If DS ≡ →k swap DS ′ through an application of Transitivity , then thereexists a DS ′′ such that DS ≡ →k swap DS ′′ and DS ′′ ≡ →k swap DS ′ . By IH, DS ⊕ DT ≡ →k swap DS ′′ ⊕ DT and DS ′′ ⊕ DT ≡ →k swap DS ′ ⊕ DT .This gives us the derivation DS ⊕ DT ≡ →k swap DS ′′ ⊕ DT DS ′′ ⊕ DT ≡ →k swap DS ′ ⊕ DTDS ⊕ DT ≡ →k swap DS ′ ⊕ DT (cid:3) Lemma 61 (Propagation of ≡ →k swap through ⊕ on the right) . If DS ≡ →k swap DS ′ , then DS ⊕ DT ≡ →k swap DS ′ ⊕ DT Proof.
Proceeds as Lemma 60, but on the right. (cid:3)
Lemma 62 (Propagation of ≡ →k swap through ⊕ ) . If DS ≡ →k swap DS ′ and DT ≡ →k swap DT ′ , then DS ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ . Proof.
By Lemma 60, DS ⊕ DT ≡ →k swap DS ′ ⊕ DT . By Lemma 61, DS ′ ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ .Consider the derivation DS ⊕ DT ≡ →k swap DS ′ ⊕ DT DS ′ ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ DS ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ (cid:3) Lemma 63 (Propagation of → k swap through ⊙ on the left) . If DS → k swap DS ′ , then DS ⊙ DT → k swap DS ′ ⊙ DT Proof.
By induction on the derivation of → k swap . Case
DNF Reorder ) . Let DS → k swap DS ′ by an application of DNF Reorder . This means, forsome SQ , . . . , SQ n , and some σ ∈ S n , DS = h SQ | . . . | SQ n i and DS ′ = h SQ σ ( ) | . . . | SQ σ ( n ) i .The DNF regular expression DT = h TQ | . . . | TQ m i for some TQ , . . . , TQ m . Let id m be theidentity permutation on m elements. Define σ ′ = σ ⊗ id m . Define SQ i , j = SQ i ⊙ SQ TQ j .By definition of ⊙ , h SQ | . . . | SQ n , m i = h SQ ⊙ TQ | . . . | SQ n ⊙ TQ m i = DS ⊙ DT .By the definition of ⊙ and ⊗ , h SQ σ ′ ( ) | . . . | SQ σ ′ ( n , m ) i = h SQ ( σ ( ) ,1 ) | . . . | SQ ( σ ( n ) , m ) i = h SQ σ ( ) ⊙ TQ | . . . | SQ σ ( n ) ⊙ TQ m i = DS ′ ⊙ DT . Case
Parallel Swap DNF Structural Rewrite ) . Let DS → k swap DS ′ by an application of Par-allel Swap DNF Structural Rewrite . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k swapA DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k swap DS ⊕ . . . ⊕ DS n , Vol. 1, No. 1, Article 1. Publication date: October 2017. :66 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Let DT = h TQ | . . . | TQ m i . Let TQ i = [ t i ,0 · B i ,1 · . . . · B i , m i · t i , m i ] . Let SQ ′′ i , j = SQ i ⊙ SQ SQ j Let DS ′′ = DS ⊙ DT = h SQ ′′ | . . . | SQ ′′ n , m i . Let A ′′ i , j , k = (cid:26) A i , j , k if k ≤ n i B i , j , k − n i otherwise Let s ′′ i , j , k = s i , k if i < n i s i , n i · t j ,0 if i = n i t j , k − n i otherwiseLet DS ′′ i , j , k = (cid:26) DS i , k if i ≤ n i D( B i , j , k − n i ) otherwiseIf k ≤ n i , by assumption A ′′ i , j , k = A i , j → k swapA DS i , j , k = DS ′′ i , j , k . If k > n i , by Parallel Swap AtomStructural Rewrite , A ′′ i , j , k = B j , k − n i → k swapA D( B j , k − n i ) = DS ′′ i , j , k .Let DS ′′ i , j = DS i ⊙ h[ t i − n ,0 ]i ⊙ B i − n ,1 · . . . · ⊙ B i − n , n i ⊙ t i − n , n i Through repeated application of ⊙ on singletons, DS ′′ i , j = DS i ⊙ h TQ j i .This means DS ⊕ . . . ⊕ DS n , m = ( DS ⊕ . . . ⊕ DS n ) ⊙ DT = DS ′ ⊙ DT .Consider the derivation DS ′′ = h SQ ′′ | . . . | SQ ′′ n , m i ∀ i , j . SQ ′′ i , j = [ s ′′ i , j ,0 · A ′′ i , j ,1 · . . . · A ′′ i , j , n i + m j · s ′′ i , j , n i + m j ] ∀ i , j , k . A ′′ i , j , k → k swapA DS ′′ i , j , k ∀ i , j . DS ′′ i , j = h[ s ′′ i , j ,0 ]i ⊙ DS ′′ i , j ,1 ⊙ . . . ⊙ DS ′′ i , j , n i + m i ⊙ h[ s ′′ i , j , n i + m i ]i DS ′′ → k swap DS ′′ ⊕ . . . ⊕ DS ′′ n , m as desired. (cid:3) Lemma 64 (Propagation of → k swap through ⊙ on the right) . If DT → k swap DT ′ , then DS ⊙ DT → k swap DS ⊙ DT ′ Proof.
Proceeds as Lemma 58, but on the right. (cid:3)
Lemma 65 (Propagation of ≡ →k swap through ⊙ on the left) . If DS ≡ →k swap DS ′ , then DS ⊙ DT ≡ →k swap DS ′ ⊙ DT Proof.
By induction on the last step of the derivation of DS ≡ →k swap DS ′ . Case
Reflexivity ) . If DS ≡ →k swap DS ′ through an application of Reflexivity , then DS ′ = DS .So, through reflexivity, DS ⊙ DT ≡ →k swap DS ⊙ DTCase
Base ) . If DS ≡ →k swap DS ′ through an application of Reflexivity , then DS ′ → k swap DS . FromLemma 63 DS ⊙ DT → k swap DS ′ ⊙ DT , so DS ⊙ DT ≡ →k swap DS ′ ⊙ DT . Case
Transitivity ) . If DS ≡ →k swap DS ′ through an application of Transitivity , then thereexists a DS ′′ such that DS ≡ →k swap DS ′′ and DS ′′ ≡ →k swap DS ′ . By IH, DS ⊙ DT ≡ →k swap DS ′′ ⊙ DT and DS ′′ ⊙ DT ≡ →k swap DS ′ ⊙ DT .This gives us the derivation DS ⊙ DT ≡ →k swap DS ′′ ⊙ DT DS ′′ ⊙ DT ≡ →k swap DS ′ ⊙ DTDS ⊙ DT ≡ →k swap DS ′ ⊙ DT (cid:3) Lemma 66 (Propagation of ≡ →k swap through ⊙ on the right) . If DS ≡ →k swap DS ′ , then DS ⊙ DT ≡ →k swap DS ′ ⊙ DT Proof.
Proceeds as Lemma 65, but on the right. (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:67
Lemma 67 (Propagation of ≡ →k swap through ⊙ ) . If DS ≡ →k swap DS ′ and DT ≡ →k swap DT ′ , then DS ⊙ DT ≡ →k swap DS ′ ⊙ DT ′ . Proof.
By Lemma 65, DS ⊙ DT ≡ →k swap DS ′ ⊙ DT . By Lemma 66, DS ′ ⊙ DT ≡ →k swap DS ′ ⊙ DT ′ .Consider the derivation DS ⊕ DT ≡ →k swap DS ′ ⊕ DT DS ′ ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ DS ⊕ DT ≡ →k swap DS ′ ⊕ DT ′ (cid:3) Lemma 68 (Propagation of ≡ →k swap through ∗ ) . If DS ≡ →k swap DT , then D( DS ∗ ) ≡ →k swap D( DT ∗ ) Proof.
By induction on the derivation of ≡ →k swap . Case
Reflexivity ) . Let DS ≡ →k swap DT , with the last step of the derivation being Reflexivity .This means DT = DS . Consider the derivation D( DS ∗ ) ≡ →k swap D( DS ∗ ) Case
Base ) . Let DS ≡ →k swap DT , with the last step of the derivation being Base . That means DS → k swap DT . Consider the derivation DS → k swap DTDS ∗ → k swapA D( DT ∗ )D( DS ∗ ) → k swap D( DT ∗ )D( DS ∗ ) ≡ →k swap D( DT ∗ ) Case
Symmetry ) . Let DS ≡ →k swap DT , with the last step of the derivation being Symmetry . Thatmeans DT → k swap DS . Consider the derivation DT → k swap DSDT ∗ → k swapA D( DS ∗ )D( DT ∗ ) → k swap D( DS ∗ )D( DS ∗ ) ≡ →k swap D( DT ∗ ) Case
Transitivity ) . Let DS ≡ →k swap DT , with the last step of the derivation being Transitivity .That means that, for some DS ′ , the last step of the derivation is DS ≡ →k swap DS ′ DS ′ ≡ →k swap DTDS ≡ →k swap DT By induction assumption, D( DS ∗ ) ≡ →k swap D( DS ′∗ ) and D( DS ′∗ ) ≡ →k swap D( DT ∗ ) . Consider thederivation D( DS ∗ ) ≡ →k swap D( DS ′∗ ) D( DN FReдex ′∗ ) ≡ →k swap D( DT ∗ )D( DS ∗ ) ≡ →k swap D( DT ∗ ) (cid:3) Lemma 69 (Expressibility of ≡ s in ≡ →k swap ) . If S ≡ s T , then ⇓ S ≡ →k swap ⇓ T . Proof.
Assume S ≡ s T . Prove by induction on the deduction of ≡ s Case . Let S ≡ s T , and the last step of the deduction is an applicationof structural equality rule. That means that T = S . Through reflexivity, ⇓ S ≡ →k swap ⇓ S = ⇓ T . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :68 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case + Ident ) . Let S ≡ s T , and the last step of the deduction is an application of + Ident . Withoutloss of generality, from symmetry, T = S | ∅ . ⇓ S | ∅ = ⇓ S ⊕ ⇓∅ = ⇓ S ⊕ hi = ⇓ S . Through reflexivity, ⇓ S ≡ →k swap ⇓ S = ⇓ S | ∅ Case R ) . Let S ≡ s T , and the last step of the deduction is an application of R . Withoutloss of generality, from symmetry, S = S ′ · ∅ , and T = ∅ . ⇓ S ′ · ∅ = ⇓ S ⊙ ⇓∅ = ⇓ S ⊙ hi = hi . Through reflexivity, ⇓ S = ⇓∅ ≡ s ⇓∅ = ⇓ T . Case L ) . Let S ≡ s T , and the last step of the deduction is an application of R . Withoutloss of generality, from symmetry, S = ∅ · S ′ , and T = ∅ . ⇓∅ · S ′ = ⇓∅⊙ ⇓ S = hi⊙ ⇓ S = hi . Through reflexivity, ⇓ S = ⇓∅ ≡ →k swap ⇓∅ = ⇓ T . Case · Assoc ) . Let S ≡ s T , and the last step of the deduction is an application of · Assoc . Withoutloss of generality, from symmetry, S = S · ( S · S ) , and T = ( S · S ) · S . ⇓ ( S · ( S · S )) = ⇓ S ⊙ (⇓ S ⊙ ⇓ S ) = (⇓ S ⊙ ⇓ S )⊙ ⇓ S = ⇓ ( S · S ) · S . Through reflexivity, ⇓ S = ⇓ S ⊙ (⇓ S ⊙ ⇓ S ) ≡ →k swap ⇓ S ⊙ (⇓ S ⊙ ⇓ S ) = ⇓ T . Case | Assoc ) . Let S ≡ s T , and the last step of the deduction is an application of | Assoc .Without loss of generality, from symmetry, S = S | ( S | S ) , and T = ( S | S ) | S . ⇓ ( S | ( S · S )) = ⇓ S ⊕ (⇓ S ⊕ ⇓ S ) = (⇓ S ⊕ ⇓ S )⊕ ⇓ S = ⇓ ( S | S ) | S . Through reflexivity, ⇓ S = ⇓ S ⊕ (⇓ S ⊕ ⇓ S ) ≡ →k swap ⇓ S ⊕ (⇓ S ⊕ ⇓ S ) = ⇓ T . Case | Comm ) . Let S ≡ s T , and the last step of the deduction is an application of | Comm . S = S | S , and T = S | S .Let ⇓ S = h SQ | . . . | SQ n i and ⇓ S = h TQ | . . . | SQ m i . h SQ | . . . | SQ n i⊕h TQ | . . . | SQ m i = h SQ | . . . | SQ n | TQ | . . . | TQ m i . h TQ | . . . | SQ m i ⊕ h SQ | . . . | SQ n i = h TQ | . . . | TQ n | SQ | . . . | SQ m i .Let SQ ′ i = (cid:26) SQ i if i ∈ [ n ] TQ i − n if i ∈ [ n + m ] Consider the deduction id n s id m ∈ S n + m h SQ ′ | . . . | SQ ′ n + m i → k swap h SQ ′ id n s id m ( ) | . . . | SQ ′ id n s id m ( n + m ) ih SQ ′′ | . . . | SQ ′′ n + m i = h SQ | . . . | SQ n | TQ | . . . | TQ n i = ⇓ S ⊕ ⇓ S h SQ ′ id n s id m ( ) | . . . | SQ ′ id n s id m ( n + m ) i = h SQ ′ id m ( ) + n | . . . | SQ ′ id m ( m ) + n | SQ ′ id n ( ) | . . . | SQ id n ( n ) i = h SQ ′ n + | . . . | SQ n + m | SQ ′ | . . . | SQ ′ n i = h TQ | . . . | TQ m | SQ | . . . | SQ n i = ⇓ S ⊕ ⇓ S So ⇓ S ⊕ ⇓ S → k swap ⇓ S ⊕ ⇓ S , which means ⇓ S ⊕ ⇓ S ≡ →k swap ⇓ S ⊕ ⇓ S Case
Dist R ) . Let S ≡ s T , and the last step of the deduction is an application of Dist R . Withoutloss of generality, from symmetry, S = S · ( S | S ) , and T = ( S · S ) | ( S · S ) .Let ⇓ S = h SQ | . . . | SQ n i . Let ⇓ S = h SQ | . . . | SQ n i . Let ⇓ S = h SQ | . . . | SQ n i . ⇓( S · ( S | S )) = ⇓ S ⊙ (⇓ S ⊕ ⇓ S ) = ⇓ S ⊙ h SQ | . . . | SQ n | SQ | . . . | SQ n i = h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ n i , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:69 ⇓(( S · S ) | ( S · S )) = (⇓ S ⊙ ⇓ S ) ⊕ (⇓ S ⊙ ⇓ S ) = h SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n i⊕h SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n i = h SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . | . . . | SQ n ⊙ SQ SQ n i So ⇓ ( S · ( S | S )) is different from ⇓ (( S · S ) | ( S · S )) only by the difference in the orderingof the sequences.Through using DNFReorderRule, ⇓( S · ( S | S )) → k swap ⇓(( S · S ) | ( S · S )) , so through the baserule, ⇓( S · ( S | S )) ≡ →k swap ⇓(( S · S ) | ( S · S )) . Case
Dist L ) . Let S ≡ s T , and the last step of the deduction is an application of Dist L . Withoutloss of generality, from symmetry, S = ( S | S ) · S , and T = ( S · S ) | ( S · S ) . ⇓( S | S ) · S = (⇓ S ⊕ ⇓ S )⊙ ⇓ S = (⇓ S ⊙ ⇓ S ) ⊕ (⇓ S ⊙ ⇓ S ) = ⇓( S · S ) | ( S · S ) .Through reflexivity, ⇓ S = ⇓(( S | S ) · S ) ≡ →k swap ⇓( S · S ) | ( S · S ) = ⇓ TCase
10 ( · Ident L ) . Let S ≡ s T , and the last step of the deduction is an application of Dist L . Withoutloss of generality, from symmetry, S = S ′ · ϵ , and T = S ′ . ⇓( S ′ · ϵ ) = ⇓ S ′ ⊙ ⇓ ϵ = ⇓ S ′ ⊙ h[ ϵ ]i = ⇓ S ′ .Through reflexivity, ⇓ S = ⇓( S ′ · ϵ ) ≡ →k swap ⇓ S ′ = ⇓ TCase
11 ( · Ident R ) . Let S ≡ s T , and the last step of the deduction is an application of Dist L . Withoutloss of generality, from symmetry, S = ϵ · S ′ , and T = S ′ . ⇓( ϵ · S ′ ) = ⇓ ϵ ⊙ ⇓ S ′ = h[ ϵ ]i⊙ ⇓ S ′ = ⇓ S ′ Through reflexivity, ⇓ S = ⇓( ϵ · S ′ ) ≡ →k swap ⇓ S ′ = ⇓ TCase
12 (
Unrollstar L ) . Let S ≡ s T , and the last step of the deduction is an application of Unrollstar L .Without loss of generality, from symmetry, S = S ′∗ , and T = ϵ | ( S ′ · S ′∗ ) . ⇓ S ′∗ = D((⇓ S ′ ) ∗ ) . ⇓( ϵ | ( S ′ · S ′∗ )) = h[ ϵ ]i ⊕ (⇓ S ′ ⊙ D((⇓ S ′ ) ∗ )) .Through Atom Unrollstar L , ⇓ S = ⇓ S ′∗ → k swap ⇓( ϵ | ( S ′ · S ′∗ )) = ⇓ T . Case
13 (
Unrollstar R ) . Let S ≡ s T , and the last step of the deduction is an application of Unrollstar R .Without loss of generality, from symmetry, S = S ′∗ , and T = ϵ | ( S ′∗ · S ′ ) . ⇓ S ′∗ = D((⇓ S ′ ) ∗ ) . ⇓( ϵ | ( S ′∗ · S ′ )) = h[ ϵ ]i ⊕ (D((⇓ S ′ ) ∗ )⊙ ⇓ S ′ ) .Through Atom Unrollstar R , ⇓ S = ⇓ S ′∗ → k swap ⇓( ϵ | ( S ′∗ · S ′ )) = ⇓ T . Case
14 (Structural Or Equality) . Let S ≡ s T , through structural equality of Or . S = S | S , and T = T | T , S ≡ s T , and S ≡ s T .By induction assumption, ⇓ S ≡ →k swap ⇓ T and ⇓ S ≡ →k swap ⇓ T .By Lemma 62, ⇓ S ⊕ ⇓ S ≡ →k swap ⇓ T ⊕ ⇓ T . By the definition of ⇓ , ⇓( S | S ) ≡ →k swap ⇓( T | T ) ,as desired. Case
15 (Structural
Concat
Equality) . Let S ≡ s T , through structural equality of Concat . S = S · S ,and T = T · T , S ≡ s T , and S ≡ s T .By induction assumption, ⇓ S ≡ →k swap ⇓ T and ⇓ S ≡ →k swap ⇓ T .By Lemma 67, ⇓ S ⊙ ⇓ S ≡ →k swap ⇓ T ⊙ ⇓ T . By the definition of ⇓ , ⇓( S · S ) ≡ →k swap ⇓( T · T ) ,as desired. Case
16 (Structural
Star
Equality) . Let S ≡ s T , through structural equality of Star . S = S ′∗ , T = T ′∗ ,and S ′ ≡ s T ′ .By induction assumption, ⇓ S ′ ≡ →k swap ⇓ T ′ .By Lemma 68, D(⇓ S ′∗ ) ≡ →k swap D(⇓ S ′∗ ) . By the definition of ⇓ , ⇓ S ′∗ ≡ →k swap ⇓ T ′∗ , as desired. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :70 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case
17 (Transitivity of Equational Theory) . Let S ≡ s T through the transitivity of an equationaltheory. This means there exists a S ′ such that S ≡ s S ′ and S ′ ≡ s T .By induction assumption, ⇓ S ≡ →k swap ⇓ S ′ and ⇓ S ′ ≡ →k swap ⇓ T .Consider the derivation ⇓ S ≡ →k swap ⇓ S ′ ⇓ S ′ ≡ →k swap ⇓ T ⇓ S ≡ →k swap ⇓ T (cid:3) Theorem 8 (Equivalence of ≡ →k swap and ≡ s ) . S ≡ s T if, and only if ⇓ S ≡ →k swap ⇓ T Proof.
The forward direction is proven by Lemma 69. The reverse direction is proven byLemma 57 (cid:3)
Lemma 70. A → k A D( A ) . Proof. A = DS ∗ for some DNF regular expression. Consider the derivation DS → k DSDS ∗ → k D( DS ∗ ) as desired. (cid:3) Lemma 71. • If A → DT , then A → k DT . • If DS → DT , then DS → k DT . Proof.
By mutual induction on the derivation of → and → A Case
Atom Unrollstar L ) . DS ∗ → A h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Consider the derivation DS ∗ → k A h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Case
Atom Unrollstar R ) . DS ∗ → A h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ) Consider the derivation DS ∗ → k A h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ) Case
Atom Structural Rewrite ) . DS → DT ′ DS ∗ → D( DT ′∗ ) By IH, DS → k DT ′ , so consider the derivation DS → k DT ′ DS ∗ → k D( DT ′∗ ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:71 Case
DNF Structural Rewrite ) . A j → A DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n i →h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i Define SQ i as [ s · A · . . . · A m · s m ] . Through the definition of ⊕ and ⊙ , DS = h SQ | . . . | SQ n i .Define SQ k = [ s k ,0 · A k ,1 · . . . · A k , n k · s k , n k ] . So, in particular, A i , j = A j , and n i = m . Define DS k , l = (cid:26) DS if ( k , l ) = ( i , j )D( A k , l ) otherwise So, for all k , l , A k , l → k A DS k , l , as if ( k , l ) = ( i , j ) , then by assumption A i , j → k A DS , and otherwise, from Lemma 70, A k , l → k A D( A k , l ) .Define DS k as h[ s k ,0 ]i ⊙ DS k ,1 ⊙ . . . ⊙ DS k , n k ⊙ h[ s k , n k ]i . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n So DS k , for k , i = h[ s k ,0 ]i ⊙ D( A k ,1 ) ⊙ . . . ⊙ D( A k , n k ) ⊙ h[ s k , n k ]i = SQ k DS i = h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ,so, through the definition of ⊕ , DS ⊕ . . . ⊕ DS n = h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i , so we get DS → k DS ⊕ . . . ⊕ DS n = h SQ | . . . | SQ i − i ⊕h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i . (cid:3) Lemma 72. If DS → ∗ DT , then DS → k ∗ DT Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS Consider the following derivation DS → k ∗ DSCase
Base ) . DS → DTDS → ∗ DT By Lemma 80, DS → k ∗ DT . Case
Transitivity ) . DS → ∗ DS ′ DS ′ → ∗ DTDS → ∗ DT By IH, DS → k ∗ DS ′ and DS ′ → k ∗ DT .Consider the following derivation DS → k ∗ DS ′ DS ′ → k ∗ DTDS → k ∗ DT (cid:3) Lemma 73. If DS → ∗ DT , then D( DS ∗ )→ ∗ D( DT ∗ ) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :72 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS Consider the derivation D( DS )→ ∗ D( DS ) Case
Base ) . DS → DTDS → ∗ DT Consider the derivation DS → DTDS ∗ → A D( DT ∗ )D( DS ∗ ) → D( DT ∗ )D( DS ∗ )→ ∗ D( DT ∗ ) Case
Transitivity ) . DS → ∗ DS ′ DS ′ → ∗ DTDS → ∗ DT By IH, there exists derivations of D( DS ∗ )→ ∗ D( DS ′∗ ) and D( DS ′∗ )→ ∗ D( DT ∗ ) .Consider the derivation D( DS ∗ )→ ∗ D( DS ′∗ ) D( DS ′∗ )→ ∗ D( DT ∗ )D( DS ∗ )→ ∗ D( DT ∗ ) (cid:3) Lemma 74. If DS → ∗ DS , then for all DT , DS ⊕ DT → ∗ DS ⊕ DT Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS so, by Reflexivity DS ⊕ DT → ∗ DS ⊕ DTCase
Base ) . DS → DS DS → ∗ DS The only way to get a derivation of → is with an application of DNF Structural Rewrite , soby inversion, A j → DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n i →h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:73 where DS = h SQ | . . . | SQ i − i⊕h[ s · A · . . . · s j − ]i⊙D( A j )⊙h[ s j · . . . · A m · s m ]i⊕h SQ i + | . . . | SQ n i and where DS = h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙[ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i .So, let DT = h TQ | . . . | TQ n ′ i .Consider the derivation A j → DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i⊕h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ i → h SQ | . . . | SQ i − i⊕h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ ih SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ i = h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ (h SQ i + | . . . | SQ n i ⊕h TQ | . . . | TQ n ′ i) . So through associativity of ⊕ , h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ i = DS ⊕ DT . h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ i = h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ h[ s j · . . . · A m · s m ]i ⊕ (h SQ i + | . . . | SQ n i ⊕h TQ | . . . | TQ n ′ i) . So through associativity of ⊕ , h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n | TQ | . . . | TQ n ′ i = DS ⊕ DT . Case
Transitivity ) . DS → ∗ DS DS → ∗ DS DS → ∗ DS By IH, DS ⊕ DT → ∗ DS ⊕ DT . By IH, DS ⊕ DT → ∗ DS ⊕ DT .Consider the derivation DS ⊕ DT → ∗ DS ⊕ DT DS ⊕ DT → ∗ DS ⊕ DTDS ⊕ DT → ∗ DS ⊕ DT (cid:3) Lemma 75. If DS → ∗ DS , then for all DT , DT ⊕ DS → ∗ DT ⊕ DS Proof.
Proven symmetrically to Lemma 74. (cid:3)
Lemma 76. If DS → ∗ DS , and DT → ∗ DT , then DS ⊕ DT → ∗ DS ⊕ DT Proof.
By Lemma 74, DS ⊕ DS → ∗ DT ⊕ DS . By Lemma 75, DT ⊕ DS → ∗ DT ⊕ DT .Consider the derivation DS ⊕ DS → ∗ DT ⊕ DS DT ⊕ DS → ∗ DT ⊕ DT DS ⊕ DS → ∗ DT ⊕ DT (cid:3) Lemma 77. If DS → ∗ DS , then for all SQ , DS ⊙ h SQ i→ ∗ DS ⊙ h SQ i Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS so, by Reflexivity , Vol. 1, No. 1, Article 1. Publication date: October 2017. :74 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic DS ⊙ h SQ i→ ∗ DS ⊙ h SQ i Case
Base ) . DS → DS DS → ∗ DS The only way to get a derivation of → is with an application of DNF Structural Rewrite , soby inversion, A j → DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n i →h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i Consider the derivation A j → DS h SQ ⊙ SQ SQ | . . . | SQ i − ⊙ SQ SQ i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ] ⊙ SQ SQ i⊕h SQ i + ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ i →h SQ ⊙ SQ SQ | . . . | SQ i − ⊙ SQ SQ i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ h[ s j · . . . · A m · s m ] ⊙ SQ SQ i⊕h SQ i + ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ i By the definition of ⊙ , using Lemma 36 this is equal to DS ⊙ h SQ i → DS ⊙ h SQ i , so, considerthe derivation A j → DSDS ⊙ h SQ i → DS ⊙ h SQ i DS ⊙ h SQ i→ ∗ DS ⊙ h SQ i Case
Transitivity ) . DS → ∗ DS DS → ∗ DS DS → ∗ DS By IH, DS ⊙ h SQ i→ ∗ DS ⊙ h SQ i . By IH, h SQ i ⊙ DS → ∗ h SQ i ⊙ DS .Consider the derivation h SQ i ⊙ DS → ∗ h SQ i ⊙ DS h SQ i ⊙ DS → ∗ h SQ i ⊙ DS h SQ i ⊙ DS → ∗ h SQ i ⊙ DS (cid:3) Lemma 78. If DS → ∗ DS , then for all DT , DT ⊙ DS → ∗ DT ⊙ DS Proof.
By induction on the derivation of → ∗ Case
Reflexivity ) . DS → ∗ DS so, by Reflexivity DT ⊙ DS → ∗ DT ⊙ DS , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:75 Case
Base ) . DS → DS DS → ∗ DS The only way to get a derivation of → is with an application of DNF Structural Rewrite , soby inversion, A j → DS h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ D( A j ) ⊙ h[ s j · . . . · A m · s m ]i ⊕ h SQ i + | . . . | SQ n i →h SQ | . . . | SQ i − i ⊕ h[ s · A · . . . · s j − ]i ⊙ DS ⊙ [ s j · . . . · A m · s m ] ⊕ h SQ i + | . . . | SQ n i Let DT = h SQ ′ | . . . | SQ ′ n ′ i .By Lemma 78, h SQ ′ k i ⊙ DS → k h SQ ′ k i ⊙ DS . So, through repeated application of Lemma 76, (h SQ ′ i ⊙ DS ) ⊕ . . . ⊕ (h SQ ′ n ′ i ⊙ DS ) → k (h SQ ′ i ⊙ DS ) ⊕ . . . ⊕ (h SQ ′ n ′ i ⊙ DS ) From Lemma 35, (h SQ ′ i ⊙ DS ) ⊕ . . . ⊕ (h SQ ′ n ′ i ⊙ DS ) = (h SQ ′ i ⊕ . . . ⊕ h SQ ′ n ′ i) ⊙ DS = DT ⊙ DS and (h SQ ′ i ⊙ DS ) ⊕ . . . ⊕ (h SQ ′ n ′ i ⊙ DS ) = (h SQ ′ i ⊕ . . . ⊕ h SQ ′ n ′ i) ⊙ DS = DT ⊙ DS .So we have DT ⊙ DS → ∗ DT ⊙ DS . Case
Transitivity ) . DS → ∗ DS DS → ∗ DS DS → ∗ DS By IH, DS ⊙ DT → ∗ DS ⊙ DT . By IH, DS ⊙ DT → ∗ DS ⊙ DT .Consider the derivation DS ⊙ DT → ∗ DS ⊙ DT DS ⊙ DT → ∗ DS ⊙ DTDS ⊙ DT → ∗ DS ⊙ DT (cid:3) Lemma 79.
Let D( A i )→ ∗ DS i . h[ s · A · . . . · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h[ s n ]i Proof.
By induction on n . Case n = . Through use of
Reflexivity h[ s ]i → ∗ h[ s ]i Case n > . h[ s · A · . . . · A n · s n ]i = h[ s · A · . . . · A n − · s n − ]i ⊙ h[ ϵ · A n · s n ]i by the definitionof ⊙ .From IH, h[ s · A · . . . · A n − · s n − ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ h[ s n − ]i From Lemma 77, h[ s · A · . . . · A n − · s n − ]i ⊙ h[ ϵ · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ h[ ϵ · A n · s n ]i . h[ ϵ · A n · s n ]i = D( A n ) ⊙ h[ s n ]i From Lemma 77, as D( A n )→ ∗ DS n h[ ϵ · A n · s n ]i→ ∗ DS n ⊙ h[ s n ]i .As h[ ϵ · A n · s n ]i→ ∗ DS n ⊙ h[ s n ]i , from Lemma 78, h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ h[ ϵ · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ DS n ⊙ h[ s n ]i .Consider the derivation h[ s · A · . . . · A n − · s n − ]i ⊙ h[ ϵ · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ h[ ϵ · A n · s n ]ih[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ h[ ϵ · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ DS n ⊙ h[ s n ]ih[ s · A · . . . · A n · s n ]i = h[ s · A · . . . · A n − · s n − ]i ⊙ h[ ϵ · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n − ⊙ DS n ⊙ h[ s n ]i So, h[ s · A · . . . · A n · s n ]i→ ∗ h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h[ s n ]i , as desired. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :76 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic (cid:3) Lemma 80. • If A → k A DT , then D( DS )→ ∗ DT . • If DS → k DT , then D( DS )→ ∗ DT . Proof.
By mutual induction on the derivation of → k A Case
Atom Unrollstar L ) . DS ∗ → k A h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Consider the derivation DS ∗ → A h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ ))D( DS ∗ ) → h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ ))D( DS ∗ )→ ∗ h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Case
Atom Unrollstar R ) . DS ∗ → k A h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ) Consider the derivation DS ∗ → A h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS )D( DS ∗ ) → h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ ))D( DS ∗ )→ ∗ h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) Case
Parallel Atom Structural Rewrite ) .DS → k DT ′ DS ∗ → k D( DT ′∗ ) By IH, DS → ∗ DT ′ , so by Lemma 73, D( DS ∗ )→ ∗ D( DT ′∗ ) . Case .DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n From the definition of ⊕ , DS = h SQ i ⊕ . . . ⊕ h SQ n i . From IH, D( A i ,1 )→ ∗ DS i , j . From Lemma 79, h SQ i i = h[ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ]i→ ∗ h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i = DS i , so h SQ i i→ ∗ DS i .From Lemma 76, DS = h SQ i i ⊕ . . . ⊕ h SQ n i→ ∗ DS ⊕ . . . ⊕ DS n . Case
Identity Rewrite ) . DS → k DS Through application of
Reflexivity DS → ∗ DS (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:77 Lemma 81. If DS → k ∗ DT , then DS → ∗ DT Proof.
By induction on the derivation of → k ∗ Case
Reflexivity ) . DS → k ∗ DS Consider the following derivation DS → ∗ DSCase
Base ) . DS → k DTDS → k ∗ DT By Lemma 80, DS → ∗ DT . Case
Transitivity ) . DS → k ∗ DS ′ DS ′ → k ∗ DTDS → k ∗ DT By IH, DS → ∗ DS ′ and DS ′ → ∗ DT .Consider the following derivation DS → ∗ DS ′ DS ′ → ∗ DTDS → ∗ DT (cid:3) Theorem 9. DS → k ∗ DS ′ , if, and only if DS → ∗ DS ′ Proof.
Forward direction is proven by Lemma 72. Reverse direction is proven by Lemma 81. (cid:3)
Corollary 1 ( → ∗ Maintained Under Iteration) . If DS → ∗ DT , then h[ DS ∗ ]i→ ∗ h[ DT ∗ ]i . Proof.
From Theorem 9 applied to Lemma 52. (cid:3)
Lemma 82 ( → k can be expressed in → k swap ) . If DS → k DT then DS → k swap DT Proof. → k swap has all of the inference rules of → k , so a straightforward induction using thoserules can prove this. (cid:3) Lemma 83 ( → k can be expressed in ≡ s ) . If ⇓ S → k ⇓ T , then S ≡ s T . Proof.
By Lemma 82, ⇓ S → k swap ⇓ T , then by Lemma 56, S ≡ s T . (cid:3) Lemma 84 ( → k ∗ can be expressed in ≡ s ) . If ⇓ S → k ∗ ⇓ T , then S ≡ s T . Proof.
By straightforward induction, using for base rule, Lemma 83, for transitivity the transi-tivity of equational theories, and for reflexivity the reflexivity of equational theories. (cid:3)
Lemma 85 ( → ∗ can be expressed in ≡ s ) . If ⇓ S → ∗ ⇓ T , then S ≡ s T . Proof.
By Lemma 84 and Theorem 9. (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :78 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
B.7 Lens Soundness
Using the above machinery, we prove the soundness of DNF lenses. The unambiguity is guaranteedthrough prior unambiguity proofs. The rewrite portion of DNF lenses are proven to be correctthrough the above subsection. The bulk of this is showing that the lenses can be built up fromtheir subcomponents, and that arbitrary permutations can be expressed.
Lemma 86 (Expressibility of Safe Boilerplate Alterations) . Suppose(1) · ! [ s · A · . . . · A n · s n ] (2) · ! [ t · A · . . . · A n · t n ] Then there exists a lens l : S ⇔ T such that(1) S = ⇑ ([ s · A · . . . · A n · s n ]) (2) T = ⇑ ([ t · A · . . . · A n · t n ]) (3) [[ l ]] = {( s , t ) | s = s · s ′ · . . . · s ′ n · s n ∧ t = t · s ′ · . . . · s ′ n · t n ∧ s i ∈ L( A i )} Proof.
By induction on n .Let n =
0. Consider the Lens const ( s , t ) : s ⇔ t By inspection, this satisfies the desired properties.Let n >
0. By induction, there exists a lens l : S ⇔ T satisfying the desired properties. Considerthe lens D l : S ⇔ T const ( s n , t n ) : s n ⇔ t n concat ( l , const ( s n , t n )) : S · s n ⇔ T · t n D id ⇑( A n ) : ⇑ ( A n ) ⇔⇑ ( A n ) concat ( concat ( l , const ( s n , t n )) , id ⇑( A n ) ) : S · s n · ⇑ ( A n ) ⇔ S · t n · ⇑ ( A n ) By inspection, this satisfies the desired properties. (cid:3)
Lemma 87 (Creation of Lens from Identity Perm Sequence Lens) . Suppose(1) SQ = [ s · A · . . . · A n · s n ] (2) TQ = [ t · B · . . . · B n · t n ] (3) ([( s , t ) · al · . . . · al n · ( s n , t n )] , id ) ˜: SQ ⇔ TQ (4) For each al i ˜: A i ⇔ B i , there exists a l i ˜: ⇑ ( A i ) ⇔⇑ ( B i ) such that [[ l i ]] = [[ al i ]] then there exists a l ˜: ⇑ ( SQ ) ⇔⇑ ( DT ) such that [[ l ]] = [[([( s , t ) · al · . . . · al n · ( s n , t n )] , id )]] . Proof.
By induction on n .Let n = ([( s , t )] , id ) ˜: [ s ] ⇔ [ t ] . Then consider const ( s , t ) : s ⇔ t s = ⇑ ([ s ]) , and t = ⇑ ([ t ]) . [[ const ( s , t )]] = { s , t } = [[[( s , t )] , id )]] .Let n >
0. Let SQ ′ = [ s · A · . . . · A n − · s n − ] , and TQ ′ = [ t · B · . . . · B n − · t n − ] By inductionassumption, there exists a typing derivation l : ⇑ ( SQ ′ ) ⇔⇑ ( TQ ′ ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:79 satisfying [[ l ]] = [[([( s , t ) · al · . . . · al n − · ( s n − , t n − )] , id )]] By problem statement, there exists a typing derivation l al n : ⇑ ( A n ) ⇔⇑ ( B n ) satisfying [[ l A n ]] = [[ A n ]] .Consider the following lens typing D D n const ( s n , t n ) : s n ⇔ t n concat ( l al n , const ( s n , t n )) : ⇑ ( A n ) · s n ⇔⇑ ( B n ) · t n l : ⇑ ( SQ ) ⇔⇑ ( TQ ) D concat ( l , concat ( l al n , const ( s n , t n ))) : ⇑ ( SQ )· ⇑ ( A n ) · s n ⇔⇑ ( TQ )· ⇑ ( B n ) · t n [[ concat ( l , concat ( l al n , const ( s n , t n )))]] = {( s , t ) | s = s ′ · s ′′ · s n ∧ t = t ′ · t ′′ · t n ∧( s ′ , t ′ ) ∈ [[ l ]] ∧ ( s ′′ , t ′′ ) ∈ [[ l al n ]]} = {( s , t ) | s = s · s ′ · . . . · s ′ n − · s n − · s n · s ′ n ∧ t = t · t ′ · . . . · t ′ n − · t n − · t n · t ′ n ∧ s ′ i ∈ A i ∧ t ′ i ∈ B i } = [[([( s , t ) · al · . . . · al n · ( s n , t n − )] , id )]] (cid:3) Lemma 88 (Unambiguity of $) . Let Σ be an alphabet. Let Σ $ = Σ ∪ { $ } , where $ is a character notin Σ . If L , . . . , L n , are languages in Σ ∗ , then · ! [L( $ ) ; L ; L( $ ) ; . . . ; L( $ ) ; L n ; L( $ )] . Proof.
We prove this by induction on n .Let n = · ! [L( $ )] , as · ! [ L ] , for any language L .Let n >
0. Let s i , t i ∈ L i for all i ∈ [ n ] , and let $ s $ . . . $ s n $ = $ t $ . . . $ t n $. We want to showthat s n $ = t n $. If they were not equal, then one string is strictly contained in the other, say withoutloss of generality s n $ is strictly contained in t n $. Because of that $ s n $ is contained in t n $, so $ iscontained in t n ∈ Σ ∗ . This is a contradiction, as $ < Σ , so we know s n $ = t n $, and so s n = t n . Thismeans that $ s $ . . . $ s n − $ = $ t $ . . . $ t n − , so by induction, I know s i = t i for all i . (cid:3) Definition 15 (Adjacent Swapping Permutation) . Let σ i ∈ S n be the permutation where σ i ( i ) = i + σ i ( i + ) = i , σ i ( k ) = k when k , i , and k , i + Lemma 89 (Expressibility of Adjacent Swapping Permutation Lens) . Suppose(1) σ i is an adjacent element swapping permutation(2) [ $ · A · $ . . . $ · A n · $ ] is a sequence with all base strings equal to $.Then there exists a typing of a lens l : S ⇔ T such that(1) L( S ) = L([ $ · A · . . . · A n · $ ]) (2) L( T ) = L([ $ · A σ i ( ) · . . . · A σ i ( n ) · $ ]) (3) [[ l ]] = {( s , t ) | s = $ · s · $ · . . . · $ · s n · $ ∧ t = $ · s σ i ( ) · $ · . . . · $ · s σ i ( n ) $ ∧ s i ∈ L( A i )} , Vol. 1, No. 1, Article 1. Publication date: October 2017. :80 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Proof.
By the soundness of regular expressions, define regular expressions S , S , S , S as S = ⇑([ $ · A · . . . · A i − · $ ]) , S = ⇑ ( A i ) , S = ⇑ ( A i + ) , and S = ⇑ ([ $ · A i + · . . . · A n · $ ]) . Consider thefollowing deduction D id $ : $ ⇔ $ id S : S ⇔ S swap ( id $ , id S ) : $ · S ⇔ S · s i D ’ id S : S ⇔ S D swap ( id S , s ( id $ , id S )) : S · $ · S ⇔ S · $ · S D ” id S : S ⇔ S D ′ concat ( id S , s ( id S , s ( id $ , id S ))) : S · S · $ · S ⇔ S · S · $ · S D ′′ id S : S ⇔ S concat ( c ( id S , s ( id S , s ( id $ , id S ))) , id S ) : S · S · $ · S · S ⇔ S · S · $ · S · S By inspection, the final lens c ( c ( id S , s ( id S , s ( id $ , id S ))) , id S ) : S · S · $ · S · S ⇔ S · S · $ · S · S satisfies L( S · S · s i · S · S ) = L([ $ · A · $ · . . . · $ · A n · $ ]) and L( S · S · s i · S · S ) = L([ $ · A σ i ( ) · . . . · A σ i ( n ) · $ ]) and has the desired semantics of swapping the strings at spots i and i + (cid:3) Lemma 90 (Expressibility of Adjacent Swapping Permutation Composition) . Suppose(1) σ = σ i ◦ . . . ◦ σ i m (2) [ $ · A · $ . . . $ · A n · $ ] is a sequence with all base strings equal to $.Then there exists a typing of a lens l : S ⇔ T such that(1) L( S ) = L([ $ · A · . . . · A n · $ ]) (2) L( T ) = L([ $ · A σ ( ) · . . . · A σ ( n ) · $ ]) (3) [[ l ]] = {( s , t ) | s = $ · s · $ · . . . · $ · s n · $ ∧ t = $ · s σ ( ) · $ · . . . · $ · s σ ( n ) $ ∧ s i ∈ L( A i )} Proof.
By induction on m .Let m =
0. Then σ = id . Consider the lens id ⇑([ $ · A · $ ... $ · A n · $ ]) : ⇑ ([ $ · A · $ . . . $ · A n · $ ]) ⇔⇑([ $ · A · $ . . . $ · A n · $ ]) . By inspection, this lens satisfies the requirements.Let m >
0. Let σ ′ = σ i ◦ . . . ◦ σ i m − . Let l : S ⇔ T be the lens obtained by an application of theinduction assumption on σ ′ . Let l m : T ′ ⇔ T ′′ be the lens obtained by an application of Lemma 89to the permutation σ m and the sequence [ $ · A σ ′ ( ) · . . . · A σ ′ ( n ) · $ ] . From the induction assumptionand the previous lemmas, we know L( T ) = L([ $ · A σ ′ ( ) · . . . · A σ ′ ( n ) · $ ]) = L( T ′ ) . Consider thefollowing Lens typing l : S ⇔ T L( T ) = L( T ′ ) l : S ⇔ T ′ l m : T ′ ⇔ T ′′ l m ; l : S ⇔ T ′′ The language of S is already as desired, and L( T ′′ ) = L([ $ · A σ m ◦ σ ′ ( ) · . . . · A σ m ◦ σ ′ ( n ) ]) = L([ $ · A σ ( ) · . . . · A σ ( n ) ]) , as desired. Furthermore, the composition of the lenses composes the permutations ofstrings, giving the semantics as desired. (cid:3) Lemma 91 (Expressibility of Permutation) . Suppose(1) σ is a permutation in S n (2) [ $ · A · $ . . . $ · A n · $ ] is a sequence with all base strings equal to $. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:81 Then there exists a typing of a lens l : S ⇔ T such that(1) L( S ) = L([ $ · A · . . . · A n · $ ]) (2) L( T ) = L([ $ · A σ ( ) · . . . · A σ ( n ) · $ ]) (3) [[ l ]] = {( s , t ) | s = $ · s · $ · . . . · $ · s n · $ ∧ t = $ · s σ ( ) · $ · . . . · $ · s σ ( n ) $ ∧ s i ∈ L( A i )} Proof.
By algebra, any permutation can be expressed as the composition of adjacent swappingpermutations. As such, σ = σ i ◦ . . . ◦ σ i m for some adjacency swapping permutations σ i j . ByLemma 90, we obtain a lens with the properties desired. (cid:3) Lemma 92 (Creation of Lens from Identity Perm DNF Lens) . Suppose(1) DS = h SQ | . . . | SQ n i (2) DT = h TQ | . . . | TQ n i (3) (h sql | . . . | sql n i , id ) ˜: DS ⇔ DT (4) For each sql i ˜: SQ i ⇔ TQ i , there exists a l i such that [[ l i ]] = [[ sql i ]] .then there exists a l ˜: ⇑ ( DS ) ⇔⇑ ( DT ) such that [[ l ]] = [[([ sql | . . . | sql n ] , id )]] . Proof.
By induction on nLet n = hi ˜: hi ⇔ hi . Then consider id ⇑(hi) ˜: ⇑ (hi) ⇔⇑ (hi) This has the desired typing, and [[ id ⇑(hi) ]] = [[ id ∅ ]] = {} = [[hi]] .Let n >
0. Let DS ′ = h SQ | . . . | SQ n − i , and DT ′ = h TQ | . . . | TQ n − i . By inductionassumption, there exists a derivation of l : ⇑ ( DS ′ ) ⇔⇑ ( DT ′ ) . By problem statement, there existsa typing derivation l n : ⇑ ( SQ n ) ⇔⇑ ( TQ n ) Consider the following derivation l : ⇑ ( DS ′ ) ⇔⇑ ( DT ′ ) l n : ⇑ ( SQ n ) ⇔⇑ ( TQ n ) or ( l n , l ) : ⇑ ( DS ′ ) | ⇑ ( SQ n ) ⇔⇑ ( DT ′ ) | ⇑ ( SQ n )[[ or ( l , l n )]] = {( s , t ) | ( s , t ) ∈ l ∨ ( s , t ) ∈ l n } = {( s , t ) | ( s , t ) ∈ h sql | . . . | sql n − i∨ ( s , t ) ∈ h sql n i} = {( s , t ) | ( s , t ) ∈ sql i } . (cid:3) Lemma 93 (Ineffectiveness of Permutation on DNF Regex Semantics) . Let σ ∈ S n , and h SQ . . . SQ n i be a DNF regex. L(h SQ | . . . | SQ n i) = L(h SQ σ ( ) | . . . | SQ σ ( n ) i) . Proof.
By inspection. (cid:3)
Lemma 94 (Ineffectiveness of Permutation on DNF Lens Semantics) . Let σ ∈ S n , and (h sql | . . . | sql n i , id ) ˜: h SQ | . . . | SQ n i ⇔ h TQ | . . . | TQ n i be a typing of a DNF lens with anidentity permutation. [[(h sql | . . . | sql n i , id )]] = [[(h sql | . . . | sql n i , σ )]] Proof.
By inspection (cid:3)
Lemma 95 (Soundness of DNF, Sequence, and Atom Lenses) . (1) Let DS and DT be two dnf regular expressions, and dl ˜: DS ⇔ DT . Then there exists a l such that l : ⇑ ( DS ) ⇔⇑ ( DT ) , [[ l ]] = [[ dl ]] (2) Let SQ and TQ be two clauses, and sql ˜: SQ ⇔ TQ . Then there exists a l such that l : ⇑( SQ ) ⇔⇑ ( TQ ) , [[ l ]] = [[ sql ]] . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :82 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic (3) Let A and B be two atoms, and al ˜: A ⇔ B . Then there exists a l , such that l ˜: ⇑ ( A ) ⇔⇑ ( B ) , [[ l ]] = [[ al ]] . Proof.
By mutual induction on the structure of the DNF Regex, Sequence, and Atom lensestyping.Let dl ˜: DS ⇔ DT be formed from an application of Rewrite DNF Regex Lens . dl ˜: DS ′ ⇔ DT ′ DS ′ → DS DT ′ → DTdl ˜: DS ⇔ DT By induction assumption, there exists a l ˜: ⇑ ( DS ′ ) ⇔⇑ ( DT ′ ) , and from Lemma 42, we know L( DS ) = L( DS ′ ) , and L( DT ) = L( DT ′ ) . Consider the derivation l ˜: ⇑ ( DS ′ ) ⇔⇑ ( DT ′ ) L(⇑ ( DS ′ )) = L(⇑ ( DS )) L(⇑ ( DT ′ )) = L(⇑ ( DT )) l ˜: ⇑ ( DS ) ⇔⇑ ( DT ) This has the desired typing, and by induction assumption, has the desired semantics.Let (h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i be formed from anapplication of DNF Lens . By Induction assumption, for each sql i ˜: SQ i ⇔ TQ i there exists a l i ˜: ⇑ ( SQ i ) ⇔⇑ ( TQ i ) .By Lemma 92 there exists a l ˜: ⇑ (h SQ | . . . | SQ n i) ⇔⇑ (h TQ | . . . | TQ n i) such that [[ l ]] = [[([ sql | . . . sql n ] , id )]] , By Lemma 94, [[( DN FO f sql | . . . | sql n , id )]] = [[(h sql | . . . | sql n i , σ )]] .By Lemma 93, L(h TQ | . . . | TQ n i) = L(h TQ σ ( ) | . . . | TQ σ ( n ) i) . Consider the following typing l ˜: ⇑ (h SQ | . . . | SQ n i) ⇔⇑ (h TQ | . . . | TQ n i)L(⇑ (h TQ | . . . | TQ n i)) = L(⇑ (h TQ σ ( ) | . . . | TQ σ ( n ) i)) l ˜: ⇑ (h SQ | . . . | SQ n i) ⇔⇑ (h TQ σ ( ) | . . . | TQ σ ( n ) i) This has the typing and semantics as desired.Let ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ∈ S n ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] be formed from an application of Seqence Lens . By induction assumption, for each al i ˜: A i ⇔ B i there exists a l i : ⇑ ( S i ) ⇔⇑ ( T i ) .By Lemma 87, there exists a l : S ⇔ T such that [[ l ]] = [[([( s , t ) · al · . . . · al n · ( s n , t n )] , id )]] , S = ⇑ ([ s · A · . . . · A n · s n ]) , and T = ⇑ ([ t · B · . . . · B n · t n ]) . Define T $ as ⇑ ([ $ · B · . . . · B n · $ ]) .By Lemma 86, there exists a l ′ : T ⇔ T $ , with semantics of merely changing the boilerplate. ByLemma 91, there exists a l ′′ : T ′ $ ⇔ T ′′ $ where [[ T ′ $ ]] = [[ T $ ]] and [[ T ′′ $ ]] = [[[ $ · B σ ( ) · . . . · B σ ( n ) · $ ]]] .Lastly, with Lemma 86, there exists a l ′′′ : T ′′ $ ⇔ T ′ , where T = ⇑ ([ t · B σ ( ) · . . . · B σ ( n ) · t n ]) . Throughcomposition of all these lenses, we finally get a lens with the desired type and semantics.Let iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ be introduced through an application of Atom Lens . From inductionassumption, I know that there exists l ˜: S ⇔ T , such that [[ dl ]] = [[ l ]] , S = ⇑ ( DS ), and T = ⇑ ( DT ) .Consider iterate ( l ) ˜: S ∗ ⇔ T ∗ .By definition, S ∗ and T ∗ are ⇑ ( DS ∗ ) and ⇑ ( S ∗ ) , respectively. [[ iterate ( l )]] = {( s . . . s n , t . . . t n ) | ( s i , t i ) ∈ [[ l ]]} = {( s . . . s n , t . . . t n ) | ( s i , t i ) ∈ [[ dl ]]} = [[ iterate ( dl )]] (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:83 Theorem 10.
If there exists a derivation of dl : DS ⇔ DT , then there exist a lens, ⇑ dl , and regularexpressions, S and T , such that ⇑ dl : S ⇔ T and ⇓ S = DS and ⇓ T = DT and [[⇑ dl ]] = [[ dl ]] . Proof.
Let dl : DS ⇔ DT .By inversion, the last step is dl ˜: DS ′ ⇔ DT ′ DS → ∗ DS ′ DT → ∗ DT ′ dl : DS ⇔ DT From Lemma 95, there exists l : ⇑ DS ′ ⇔⇑ DT ′ .So, as ⇓⇑ DS → ∗ ⇓⇑ DS ′ , and ⇓⇑ DT → ∗ ⇓⇑ DT ′ , from Lemma 85, ⇑ DS ≡ s ⇑ DS ′ , and ⇑ DT ≡ s ⇑ DT ′ . l : ⇑ DS ′ ⇔⇑ DT ′ ⇑ DS ≡ s ⇑ DS ′ ⇑ DT ≡ s ⇑ DT ′ l : ⇑ DS ≡ s ⇑ DT We call this lens ⇑ dl ( constructiveproo f ) .Furthermore, we also know that ⇓⇑ DS = DS , and similarly for DT . (cid:3) B.8 DNF Lens Operators
DNF lens operators are defined to give DNF lenses similar capabilities to lenses. This allows theproof of many of the cases of completeness to be trivial, leaving only the complications of prov-ing statements about rewrites, proving closure under composition, and proving the ability to userewrites to express lens retyping.
Definition 16 (Permutation Functions) . ⊙ : S n → S m → S n + m ( σ ⊙ σ )( i ) = (cid:26) σ ( i ) if i ≤ nσ ( i − n ) + n otherwise s : S n → S m → S n + m ( σ s σ )( i ) = (cid:26) σ ( i ) + n if i ≤ nσ ( i − n ) otherwise ⊗ : S n → S m → S n × m ( σ ⊗ σ )( i , j ) = ( σ ( i ) , σ ( j ))⊗ s : S n → S m → S n × m ( σ ⊗ σ )( i , j ) = ( σ ( j ) , σ ( i )) Definition 17 (DNF Lens Functions) . ⊙ sql : SequenceLens → SequenceLens → SequenceLens ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) ⊙ sql ([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) = ([( s , t ) · al · . . . · al n · ( s n · s ′ , t n · t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ⊙ σ ) s sql : SequenceLens → SequenceLens → SequenceLens
Let s ′′ i = s i for i ∈ [ n − ] s n · s for i = n s ′ i for i ∈ [ n + n + m ] Let t ′′ i = t ′ i for i ∈ [ m − ] t ′ m · t for i = m t i for i ∈ [ m + m + n ] , Vol. 1, No. 1, Article 1. Publication date: October 2017. :84 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ ) s sql ([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) = ([( s ′′ , t ′′ ) · al · . . . · al n · ( s ′′ n , t ′′ n ) · al ′ · ( s ′′ n + , t ′′ n ) . . . · al ′ n · ( s ′′ n + m , t ′′ n + m )] , σ s σ )⊙ : DNFLens → DNFLens → DNFLens (h sql | . . . | sql n i , σ ) ⊙ (h sql ′ | . . . | sql ′ m i , σ ) = (h sql ⊙ sql sql ′ | · · · sql ⊙ sql sql ′ m |· · · sql n ⊙ sql sql ′ | · · · sql n ⊙ sql sql ′ m i , σ ⊗ σ ) s : DNFLens → DNFLens → DNFLens (h sql | . . . | sql n i , σ ) s (h sql ′ | . . . | sql ′ m i , σ ) = (h sql s sql sql ′ | · · · sql s sql sql ′ m |· · · sql n s sql sql ′ | · · · sql n s sql sql ′ m i , σ ⊗ s σ )⊕ : DNFLens → DNFLens → DNFLens (h sql | . . . | sql n i , σ ) ⊕ (h sql ′ | . . . | SQ ′ m i , σ ) = (h sql | . . . | sql n | sql ′ | . . . | SQ ′ m i , σ ⊙ σ )D : AtomLens → DNFLens D( al ) = (h([( ϵ , ϵ ) · al · ( ϵ , ϵ )] , id )i , id ) Lemma 96. (h([( ϵ , ϵ )] , id )i , id ) ⊙ dl = dl , where id is the identity permutation on 0 elements,and id is the identity permutation on 1 element. Proof.
Let dl = (h sql | . . . | sql n i , σ ) . By definition, ( id ⊗ σ )( i ) = ( σ ( i )) . By definition, id ⊙ σ = σ . Let sql i = ([( s i ,0 , t i ,0 ) · al i ,1 · . . . al i , n i · ( s i , n i , t i , n i )] , σ i ) . So ([( ϵ , ϵ )] , id ) ⊙ sql sql i = ([( ϵ · s i ,0 , ϵ · t i ,0 )· al i ,1 · . . . al i , n i ·( s i , n i , t i , n i )] , σ i ) = sql i . So (h([( ϵ , ϵ )] , id )i , id ) ⊙ h sql | . . . | sql n i = (h([( ϵ , ϵ )] , id ) ⊙ sql sql | . . . | ([( ϵ , ϵ )] , id ) ⊙ sql sql n i , id ⊗ σ ) = (h sql | . . . | sql n , σ i) . (cid:3) Lemma 97. dl ⊙ h[( ϵ , ϵ )]i = dl Proof.
Done similarly to Lemma 96. (cid:3)
Lemma 98 (Typing and Semantics of ⊙ sql ) . Let sql : SQ ⇔ TQ and sql : SQ ⇔ TQ be thetyping of two sequence lenses, where L( SQ ) · ! L( SQ ) and L( TQ ) · ! L( TQ ) . Then sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ and [[ sql ⊙ sql sql ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ sql ]] ∧ ( s , t ) ∈ [[ sql ]]} Proof.
By assumption, there exists typing derivations sql ˜: SQ ⇔ TQ and sql ˜: SQ ⇔ TQ By inversion, we know that the last rule application on each side was
DNF Lens , giving al i : A i ⇔ B i σ ∈ S n · ! ( s · A · . . . · A n · s n ) · ! ( t · B σ ( ) · . . . · B σ ( n ) · t n )([( s , t ) · al · . . . · al n ] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:85 and al ′ i : A ′ i ⇔ B ′ i σ ∈ S m · ! ( s ′ · A ′ · . . . · A ′ m · s ′ m ) · ! ( t ′ · B ′ σ ( ) · . . . · B ′ σ ( n ) · t ′ n )([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) ˜: [ s ′ · A ′ · . . . · A ′ m · s ′ m ] ⇔ [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] where sql = ([( s , t ) · al · . . . · al n ] , σ ) SQ = [ s · A · . . . · A n · s n ] TQ = [ t · B σ ( ) · . . . · B σ ( n ) · t n ] sql = ([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) SQ = [ s ′ · A ′ · . . . · A ′ m · s ′ m ] TQ = [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] Define s ′′ i as s i for i ∈ [ n − ] , and as s ′ i − n for i ∈ [ n + n + m ] , and as s n · s ′ for i = n .Define t ′′ i as t i for i ∈ [ n − ] , and as t ′ i as t i − n for i ∈ [ n + n + m ] , and as t n · t for i = n .Define A ′′ i as A i for i ∈ [ n ] , and as A ′ i − n for i ∈ [ n + n + m ] .Define B ′′ i as A i for i ∈ [ n ] , and as B ′ i − n for i ∈ [ n + n + m ] .Define al i as al i for i ∈ [ n ] , and as al ′ i − n for i ∈ [ n + n + m ] .From Lemma 8, as · ! ( s · A · . . . · A n · s n ) , · ! ( s ′ · A ′ · . . . · A ′ m · s ′ m ) , and [ s · A · . . . · A n · s n ]· ! [ s ′ · A ′ · . . . · A ′ m · s ′ m ] ,then · ! ( s ; A ; . . . ; A n ; s n · s ′ ; A ′ ; . . . ; A ′ m ; s ′ m ) , so · ! ( s ′′ ; A ′′ ; . . . ; A ′′ n + m ; s ′′ n + m ) .From Lemma 8, as · ! ( t ; B ′ σ ( ) ; . . . ; B σ ( n ) ; t n ) , · ! ( t ′ ; B ′ σ ( ) ; . . . ; B ′ σ ( m ) ; t ′ m ) , and [ t · B σ ( ) · . . . · B σ ( n ) · t n ] · ! [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] , then · ! ( t ; B σ ( ) ; . . . ; B σ ( n ) ; t n · t ′ ; B ′ σ ( ) ; . . . ; B ′ σ ( m ) ; t ′ m ) ,so · ! ( t ′′ ; B ′′ σ ⊙ σ ( ) ; . . . ; B ′′ σ ⊙ σ ( n + m ) ; t ′′ n + m ) .Consider the derivation al i : A i ⇔ B i σ ⊙ σ ∈ S n + m · ! ( s ′′ ; A ′′ ; . . . ; A ′′ n + m ; s ′′ n + m ) · ! ( t ′′ ; B ′′ σ ⊙ σ ( ) ; . . . ; B ′′ σ ⊙ σ ( n + m ) ; t ′′ n + m )([( s ′′ , t ′′ ) · al · . . . · al n + m · ( s ′′ n + m , t ′′ n + m )] , σ ⊙ σ ) ˜: [ s ′′ · A ′′ · . . . · A ′′ n + m · s ′′ n + m ] ⇔ [ t ′′ · B ′′ · . . . · B ′′ n + m · t ′′ n + m ] We wish to show that this is a derivation of sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ . ([( s ′′ , t ′′ ) · al ′′ · . . . · al ′′ n + m · ( s ′′ n + m , t ′′ n + m )] , σ ⊙ σ ) = ([( s ′′ , t ′′ ) · al ′′ · . . . · al ′′ n · ( s ′′ n , t ′′ n )· al ′′ n + · . . . · al ′′ n + m · ( s ′′ n + m , t ′′ n + m )] , σ ⊙ σ ) = ([( s , t ) · al · . . . · al n · ( s n · s ′ , t n · t ′ )· al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ⊙ σ ) = sql ⊙ sql sql [ s ′′ · A ′′ · . . . · A ′′ n + m · s ′′ n + m ] = [ s ′′ · A ′′ · . . . · A ′′ n · s ′′ n · A ′′ n + · . . . A ′′ n + m · s ′′ n + m ] = [ s · A · . . . · A n · ( s n · s ′ ) · A ′ · . . . A ′ m · s ′ m ] = SQ ⊙ SQ SQ [ t ′′ · B ′′ σ ⊙ σ ( ) · . . . · B ′′ σ ⊙ σ ( n + m ) · t ′′ n + m ] = [ t ′′ · B ′′ σ ⊙ σ ( ) · . . . · B ′′ σ ⊙ σ ( n ) · t ′′ n · B ′′ σ ⊙ σ ( n + ) · . . . · B ′′ σ ⊙ σ ( n + m ) · t ′′ n + m ] = [ t ′′ · B ′′ σ ( ) · . . . · B ′′ σ ( n ) · t ′′ n · B ′′ σ ( ) + n · . . . · B ′′ σ ( m ) + n · t ′′ n + m ] = [ t · B σ ( ) · . . . · B σ ( n ) · t n · t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] = TQ ⊙ SQ TQ , Vol. 1, No. 1, Article 1. Publication date: October 2017. :86 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic So we have a derivation of sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ We also wish to have the desired semantics. [[([( s ′′ , t ′′ ) · al ′′ · . . . · al ′′ n + m · ( s ′′ n + m , t ′′ n + m )] , σ ⊙ σ )]] = {( s ′′ · s · . . . · s n + m · s ′′ n + m , t ′′ · t σ ⊙ σ ( ) · . . . · t σ ⊙ σ ( n + m ) · t ′′ n + m ))| ∀ i ∈ [ n + m ] . ( s i , t i ) ∈ sql ′′ i } = {( s · s · . . . · s n · s n · s ′ · s ′ · . . . · s ′ m · s ′ m , t · t σ ( ) · . . . · t σ ( n ) · t n · t ′ · t ′ σ ( ) · . . . · t ′ σ ( m ) · t ′ m ))| ( ∀ i ∈ [ n ] . ( s i , t i ) ∈ sql i ∧ ∀ i ∈ [ m ] . ( s ′ i , t ′ i ) ∈ sql ′ i } = {( s · s ′ , t · t ′ ) | ( s , t ) ∈ [[ sql ]] ∧ ( s ′ , t ′ ) ∈ [[ sql ]]} (cid:3) Lemma 99 (Typing and Semantics of s sql ) . Let sql : SQ ⇔ TQ and sql : SQ ⇔ TQ be thetyping of two sequence lenses, where L( SQ ) · ! L( SQ ) and L( TQ ) · ! L( TQ ) Then sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ and [[ sql ⊙ sql sql ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ sql ]] ∧ ( s , t ) ∈ [[ sql ]]} Proof.
By assumption, there exists typing derivations sql ˜: SQ ⇔ TQ and sql ˜: SQ ⇔ TQ By inversion, we know that the last rule application on each side was
DNF Lens , giving al i : A i ⇔ B i σ ∈ S n · ! ( s · A · . . . · A n · s n ) · ! ( t · B σ ( ) · . . . · B σ ( n ) · t n )([( s , t ) · al · . . . · al n ] , σ ) ˜: [ s · A · . . . · A n · s n ] ⇔ [ t · B σ ( ) · . . . · B σ ( n ) · t n ] and al ′ i : A ′ i ⇔ B ′ i σ ∈ S m · ! ( s ′ · A ′ · . . . · A ′ m · s ′ m ) · ! ( t ′ · B ′ σ ( ) · . . . · B ′ σ ( n ) · t ′ n )([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) ˜: [ s ′ · A ′ · . . . · A ′ m · s ′ m ] ⇔ [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] where sql = ([( s , t ) · al · . . . · al n ] , σ ) SQ = [ s · A · . . . · A n · s n ] TQ = [ t · B σ ( ) · . . . · B σ ( n ) · t n ] sql = ([( s ′ , t ′ ) · al ′ · . . . · al ′ m · ( s ′ m , t ′ m )] , σ ) SQ = [ s ′ · A ′ · . . . · A ′ m · s ′ m ] TQ = [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] Define s ′′ i as s i for i ∈ [ n − ] , and as s ′ i − n for i ∈ [ n + n + m ] , and as s n · s ′ for i = n .Define t ′′ i as t ′ i for i ∈ [ m − ] , and as t i − m for i ∈ [ m + m + n ] , and as t ′ m · t for i = m .Define A ′′ i as A i for i ∈ [ n ] , and as A ′ i − n for i ∈ [ n + n + m ] .Define B ′′ i as B ′ i for i ∈ [ m ] , and as B i − m for i ∈ [ m + m + n ] .Define al i as al i for i ∈ [ n ] , and as al ′ i − n for i ∈ [ n + n + m ] .From Lemma 8, as · ! ( s ; A ; . . . ; A n ; s n ) , · ! ( s ′ ; A ′ ; . . . ; A ′ m ; s ′ m ) , and [ s · A · . . . · A n · s n ] · ! [ s ′ · A ′ · . . . · A ′ m · s ′ m ] , then · ! ( s ; A ; . . . ; A n ; s n · s ′ ; A ′ ; . . . ; A ′ m ; s ′ m ) , so · ! ( s ′′ ; A ′′ ; . . . ; A ′′ n + m ; s ′′ n + m ) .From Lemma 8, as · ! ( t ′ ; B ′ σ ( ) ; . . . ; B ′ σ ( m ) ; t ′ m ) , · ! ( t ; B ′ σ ( ) ; . . . ; B σ ( n ) ; t n ) , and [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m ] · ! [ t · B σ ( ) · . . . · B σ ( n ) · t n ] , then · ! ( t ′ ; B ′ σ ( ) ; . . . ; B ′ σ ( m ) ; t ′ m · t ; B σ ( ) ; . . . ; B σ ( n ) ; t n ) ,so · ! ( t ′′ ; B ′′ σ s σ ( ) ; . . . ; B ′′ σ s σ ( n + m ) ; t ′′ n + m ) .Consider the derivation , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:87 al i : A i ⇔ B i σ s σ ∈ S n + m · ! ( s ′′ ; A ′′ ; . . . ; A ′′ n + m ; s ′′ n + m ) · ! ( t ′′ ; B ′′ σ ⊙ σ ( ) ; . . . ; B ′′ σ ⊙ σ ( n + m ) ; t ′′ n + m )([( s ′′ , t ′′ ) · al · . . . · al n + m · ( s ′′ n + m , t ′′ n + m )] , σ s σ ) ˜: [ s ′′ · A ′′ · . . . · A ′′ n + m · s ′′ n + m ] ⇔ [ t ′′ · B ′′ · . . . · B ′′ n + m · t ′′ n + m ] We wish to show that this is a derivation of sql s sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ .By the definition of s sql , s ′′ i , and t ′′ i , ([( s ′′ , t ′′ )· al · . . . · al n + m ·( s ′′ n + m , t ′′ n + m )] , σ s σ ) = sql s sql sql [ s ′′ · A ′′ · . . . · A ′′ n + m · s ′′ n + m ] = [ s ′′ · A ′′ · . . . · A ′′ n · s ′′ n · A ′′ n + · . . . A ′′ n + m · s ′′ n + m ] = [ s · A · . . . · A n · ( s n · s ′ ) · A ′ · . . . A ′ m · s ′ m ] = SQ ⊙ SQ SQ [ t ′′ · B ′′ σ s σ ( ) · . . . · B ′′ σ s σ ( n + m ) · t ′′ n + m ] = [ t ′′ · B ′′ σ s σ ( ) · . . . · B ′′ σ s σ ( m ) · t ′′ m · B ′′ σ s σ ( n + ) · . . . · B ′′ σ s σ ( n + m ) · TQ ′′ n + m ] = [ t ′′ · B ′′ σ ( ) + n · . . . · B ′′ σ ( m ) + n · t ′′ n · B ′′ σ ( ) · . . . · B ′′ σ ( m ) · t ′′ n + m ] = [ t ′ · B ′ σ ( ) · . . . · B ′ σ ( m ) · t ′ m · t · B σ ( ) · . . . · B σ ( n ) · t n ] = TQ ⊙ SQ TQ So we have a derivation of sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ We also wish to have the desired semantics. [[([( s ′′ , t ′′ ) · sql ′′ · . . . · sql ′′ n + m · ( s ′′ n + m , t ′′ n + m )] , σ s σ )]] = {( s ′′ · s · . . . · s n + m · s ′′ n + m , t ′′ · t σ s σ ( ) · . . . · t σ s σ ( n + m ) · t ′′ n + m ))| ∀ i ∈ [ n + m ] . ( s i , t i ) ∈ sql ′′ i } = {( s · s · . . . · s n · s n · s ′ · s ′ · . . . · s ′ m · s ′ m , t ′ · t ′ σ ( ) · . . . · t ′ σ ( m ) · t ′ m · t · t σ ( ) · . . . · t σ ( n ) · t n ))| ( ∀ i ∈ [ n ] . ( s i , t i ) ∈ sql i ∧ ∀ i ∈ [ m ] . ( s ′ i , t ′ i ) ∈ sql ′ i } = {( s · s ′ , t ′ · t ) | ( s , t ) ∈ [[ sql ]] ∧ ( s ′ , t ′ ) ∈ [[ sql ]]} (cid:3) Lemma 100 (Typing and Semantics of ⊙ ) . Let dl : DS ⇔ DT and dl : DS ⇔ DT bethe typing of two DNF lenses, where L( DS ) · ! L( DS ) and L( DT ) · ! L( DT ) . Then dl ⊙ dl : DS ⊙ DS ⇔ DT ⊙ DT and [[ dl ⊙ dl ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ]]} Proof.
By assumption, there exists typing derivations dl ˜: DS ⇔ DT and dl ˜: DS ⇔ DT By inversion, we know that the last rule application on each side was
DNF Lens , giving sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i , Vol. 1, No. 1, Article 1. Publication date: October 2017. :88 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic and sql ′ ˜: SQ ′ ⇔ TQ . . . sql ′ n ˜: SQ ′ m ⇔ TQ m σ ∈ S m i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql ′ | . . . | sql ′ n i , σ ) ˜: h SQ ′ | . . . | SQ ′ n i ⇔ h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i where dl = (h sql | . . . | sql n i , σ ) DS = h SQ | . . . | SQ n i DT = h TQ σ ( ) | . . . | TQ σ ( n ) i dl = (h sql ′ | . . . | sql ′ n i , σ ) DS = h SQ ′ | . . . | SQ ′ n i DT = h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i Define SQ i , j as SQ i ⊙ SQ SQ ′ j .Define TQ i , j as TQ i ⊙ SQ TQ ′ j From Lemma 9, as i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ , i , j ⇒ L( SQ ′ i ) ∩ L( SQ ′ j ) = ∅ , and h SQ | . . . | SQ n i· ! h SQ ′ | . . . | SQ ′ m i , then SQ i · ! SQ ′ j , and ( i , j ) , ( i , j ) ⇒ L( SQ i , j )∩L( SQ i , j ) = ∅ . From Lemma 9, as i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅ , i , j ⇒ L( TQ ′ i ) ∩ L( TQ ′ j ) = ∅ , and h TQ | . . . | TQ n i · ! h TQ ′ | . . . | TQ ′ m i , then TQ i · ! TQ ′ j , and ( i , j ) , ( i , j ) ⇒ L( TQ i , j ) ∩L( TQ i , j ) = ∅ .So, from Lemma 98, sql i ⊙ sql sql j ˜: SQ i ⊙ SQ SQ j ⇔ TQ i ⊙ SQ TQ j .Define sql i , j = sql i ⊙ sql sql j Consider the derivation sql i , j : SQ i , j ⇔ TQ i , j σ ⊗ σ ∈ S n × m ( i , j ) , ( i , j ) ⇒ L( SQ i , j ) ∩ L( SQ i , j ) = ∅( i , j ) , ( i , j ) ⇒ L( TQ i , j ) ∩ L( TQ i , j ) = ∅(h sql | . . . | sql n , m i , σ ⊗ σ ) ˜: h SQ | . . . | SQ n , m i ⇔ h TQ | . . . | TQ n , m i We wish to show that this is a derivation of dl ⊙ dl : DS ⊙ DS ⇔ DT ⊙ DT . (h sql | . . . | sql n , m i , σ ⊗ σ ) = ( sql ⊙ sql sql ′ | . . . | sql n ⊙ sql sql ′ m , σ ⊗ σ ) = dl ⊙ dl . h SQ | . . . | SQ n , m i = h SQ ⊙ SQ SQ ′ | . . . | SQ n ⊙ SQ SQ ′ m i = DS ⊙ DS h TQ | . . . | TQ n , m i = h TQ ⊙ SQ TQ ′ | . . . | TQ n ⊙ SQ TQ ′ m i = DT ⊙ DT So we have a derivation of sql ⊙ sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ We also wish to have the desired semantics. [[(h sql | . . . | sql n , m i , σ ⊗ σ )]] = {( s · s , t · t ) | ∃ i , j . ( s , t ) ∈ [[ sql i ]] ∧ ( s , t ) ∈ [[ sql j ]]} = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ′ ]]} (cid:3) Lemma 101 (Typing and Semantics of s ) . Let dl : DS ⇔ DT and dl : DS ⇔ DT bethe typing of two DNF lenses, where L( DS ) · ! L( DS ) and L( DT ) · ! L( DT ) . Then dl ⊙ dl : DS ⊙ DS ⇔ DT ⊙ DT and [[ dl ⊙ dl ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ]]} Proof.
By assumption, there exists typing derivations dl ˜: DS ⇔ DT , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:89 and dl ˜: DS ⇔ DT By inversion, we know that the last rule application on each side was
DNF Lens , giving sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i and sql ′ ˜: SQ ′ ⇔ TQ . . . sql ′ n ˜: SQ ′ m ⇔ TQ m σ ∈ S m i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql ′ | . . . | sql ′ n i , σ ) ˜: h SQ ′ | . . . | SQ ′ n i ⇔ h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i where dl = (h sql | . . . | sql n i , σ ) DS = h SQ | . . . | SQ n i DT = h TQ σ ( ) | . . . | TQ σ ( n ) i dl = (h sql ′ | . . . | sql ′ n i , σ ) DS = h SQ ′ | . . . | SQ ′ n i DT = h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i Define SQ i , j as SQ i ⊙ SQ SQ ′ j .Define TQ j , i as TQ ′ j ⊙ SQ TQ i From Lemma 9, as i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ , i , j ⇒ L( SQ ′ i ) ∩ L( SQ ′ j ) = ∅ , and h SQ | . . . | SQ n i· ! h SQ ′ | . . . | SQ ′ m i , then SQ i · ! SQ ′ j , and ( i , j ) , ( i , j ) ⇒ L( SQ i , j )∩L( SQ i , j ) = ∅ . From Lemma 9, as i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅ , i , j ⇒ L( TQ ′ i ) ∩ L( TQ ′ j ) = ∅ , and h TQ ′ | . . . | TQ ′ m i · ! h TQ | . . . | TQ n i , then TQ ′ j · ! TQ i , and ( j , i ) , ( j , i ) ⇒ L( TQ j , i ) ∩L( TQ j , i ) = ∅ .So, from Lemma 99, sql i s sql sql j ˜: SQ i ⊙ SQ SQ j ⇔ TQ j ⊙ SQ TQ i .Define sql i , j = sql i s sql sql j Consider the derivation sql i , j : SQ i , j ⇔ TQ j , i σ ⊗ s σ ∈ S n × m ( i , j ) , ( i , j ) ⇒ L( SQ i , j ) ∩ L( SQ i , j ) = ∅( j , i ) , ( j , i ) ⇒ L( TQ j , i ) ∩ L( TQ j , i ) = ∅(h sql | . . . | sql n , m i , σ ⊗ s σ ) ˜: h SQ | . . . | SQ n , m i ⇔ h TQ | . . . | TQ m , n i We wish to show that this is a derivation of dl s dl : DS ⊙ DS ⇔ DT ⊙ DT . (h sql | . . . | sql n , m i , σ ⊗ s σ ) = ( sql s sql sql ′ | . . . | sql n s sql sql ′ m , σ ⊗ s σ ) = dl s dl . h SQ | . . . | SQ n , m i = h SQ ⊙ SQ SQ ′ | . . . | SQ n ⊙ SQ SQ ′ m i = DS ⊙ DS h TQ | . . . | TQ m , n i = h TQ ′ ⊙ SQ TQ | . . . | TQ ′ m ⊙ SQ TQ n i = DT ⊙ DT So we have a derivation of sql s sql sql : SQ ⊙ SQ SQ ⇔ TQ ⊙ SQ TQ We also wish to have the desired semantics. [[(h sql | . . . | sql n , m i , σ ⊗ s σ )]] = {( s · s , t · t ) | ∃ i , j . ( s , t ) ∈ [[ sql i ]] ∧ ( s , t ) ∈ [[ sql j ]]} = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ′ ]]} (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :90 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Lemma 102 (Typing and Semantics of ⊕ ) . Let dl : DS ⇔ DT and dl : DS ⇔ DT be thetyping of two DNF lenses, where L( DS ) ∩ L( DS ) = ∅ Then dl ⊕ dl : DS ⊕ DS ⇔ DT ⊕ DT and [[ dl ⊕ dl ]] = {( s , t ) | ( s , t ) ∈ [[ dl ]] ∨ ( s , t ) ∈ [[ dl ]]} Proof.
By assumption, there exists typing derivations dl ˜: DS ⇔ DT and dl ˜: DS ⇔ DT By inversion, we know that the last rule application on each side was
DNF Lens , giving sql i : SQ i ⇔ TQ i σ ∈ S n i , j ⇒ SQ i ∩ SQ j = ∅ i , j ⇒ TQ i ∩ TQ j = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i and sql ′ i : SQ ′ i ⇔ TQ ′ i σ ∈ S m i , j ⇒ SQ ′ i ∩ SQ ′ j = ∅ i , j ⇒ TQ ′ i ∩ TQ ′ j = ∅(h sql ′ | . . . | sql ′ m i , σ ) ˜: h SQ ′ | . . . | SQ ′ m i ⇔ h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i where dl = (h sql | . . . | sql n i , σ ) , DS = h SQ | . . . | SQ n i , DT = h TQ σ ( ) | . . . | TQ σ ( n ) i , dl = (h sql ′ | . . . | sql ′ m i , σ ) , DS = h SQ ′ | . . . | SQ ′ m i , and DT = h TQ ′ σ ( ) | . . . | TQ ′ σ ( m ) i .Define SQ i as SQ ′ i − n for i ∈ [ n + n + m ] . Define TQ i as TQ i − n for i ∈ [ n + n + m ] . Define sql i as sql ′ i − n for i ∈ [ n + n + m ] .If i , j , and i , j ∈ [ n ] , then SQ i ∩ SQ j = ∅ by the derivation of dl . If i , j , and i , j ∈ [ n + n + m ] ,then SQ i ∩ SQ j = ∅ by the derivation of dl . If i , j and i ∈ [ n ] and j ∈ [ n + n + m ] , then SQ i ∩ SQ j = ∅ as DS ∩ DS = ∅ , and L( SQ i ) ⊂ L( DS ) , and L( SQ j ) ⊂ L( DS ) . If i , j and i ∈ [ n + n + m ] and j ∈ [ n ] , then SQ i ∩ SQ j = ∅ as ∩ is commutative. Because of these cases, if i , j , then SQ i ∩ SQ j = ∅ for all i , j ∈ [ n + m ] .For a symmetric reason, if i , j , then TQ i ∩ TQ j = ∅ , for all i , j ∈ [ n + m ] .Consider the derivation sql i : SQ i ⇔ TQ i σ ⊙ σ ∈ S n i , j ⇒ SQ i ∩ SQ j = ∅ i , j ⇒ TQ i ∩ TQ j = ∅(h sql | . . . | sql n + m i , σ ⊙ σ ) ˜: h SQ | . . . | SQ n + m i ⇔ h TQ σ ⊙ σ ( ) | . . . | TQ σ ⊙ σ ( )( n + m ) i We wish to show that this is a derivation of dl ⊕ dl : DS ⊕ DS ⇔ DT ⊕ DT . (h sql | . . . | sql n + m i , σ ⊙ σ ) = (h sql | . . . | sql n | sql ′ | . . . | sql ′ m i , σ ⊙ σ ) = dl ⊕ dl h SQ | . . . | SQ n + m i = h SQ | . . . | SQ n | SQ ′ | . . . SQ ′ n i = DS ⊕ DS h TQ σ ⊙ σ ( ) | . . . | TQ σ ⊙ σ ( n + m ) i = h TQ σ ( ) | . . . | TQ σ ( n ) | TQ σ ( n + − n ) + n | TQ σ ( n + m − n ) + n i = h TQ σ ( ) | . . . | TQ σ ( n ) | TQ σ ( ) + n | TQ σ ( m ) + n i = h TQ σ ( ) | . . . | TQ σ ( n ) | TQ ′ σ ( ) | TQ ′ σ ( m ) i = DT ⊕ DT So we have a derivation of dl ⊕ dl : DS ⊕ DS ⇔ DT ⊕ DT We also wish to have the desired semantics. , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:91 [[(h sql | . . . | sql n + m i , σ ⊙ σ )]] = {( s , t ) | ( s , t ) ∈ sql i for some i } = {( s , t ) | ( s , t ) ∈ sql i for some i ∈ [ n ]∨( s , t ) ∈ sql i for some i ∈ [ n + n + m ]} = {( s , t ) | ( s , t ) ∈ sql i for some i ∈ [ n ]∨( s , t ) ∈ sql ′ i for some i ∈ [ m ]} = {( s , t ) | ( s , t ) ∈ [[ dl ]] ∨ ( s , t ) ∈ [[ dl ]]} (cid:3) Lemma 103 (Typing and Semantic of D ) . If al ˜: A ⇔ B is the typing of a rewriteless Atom lens,then D( al ) ˜: D( A ) ⇔ D( B ) , and [[D( al )]] = [[ al ]] . Proof.
Let al ˜: A ⇔ B . · ! (( ϵ ; A ; ϵ )) because L( ϵ ) = { ϵ } . · ! (( ϵ ; B ; ϵ )) because L( ϵ ) = { ϵ } .As there is only one sequence, the pointwise disjoint condition for DNF lenses are true vacu-ously.Consider the typing derivation al ˜: A ⇔ B · ! (( ϵ ; A ; ϵ )) · ! (( ϵ ; B ; ϵ ))([( ϵ , ϵ ) · al · ( ϵ , ϵ )] , id ) ˜: [ ϵ · A · ϵ ] ⇔ [ ϵ · B · ϵ ] i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅(h([( ϵ , ϵ ) · al · ( ϵ , ϵ )] , id )i , id ) ˜: h[ ϵ · A · ϵ ]i ⇔ h[ ϵ · B · ϵ ]iD( al ) = (h([( ϵ , ϵ ) · al · ( ϵ , ϵ )] , id )i , id ) . [[[( ϵ , ϵ ) · al · ( ϵ , ϵ )]]] = {( ϵ , s , ϵ , ϵ , t , ϵ ) | ( s , t ) ∈ L( al )} = [[ al ]] . [[(h([( ϵ , ϵ ) · al · ( ϵ , ϵ )] , id )i , id )]] = {( s , t ) | ( s , t ) ∈ [[[( ϵ , ϵ ) · al · ( ϵ , ϵ )]]]} = {( s , t ) | ( s , t ) ∈ [[ al ]]} = [[ al ]] (cid:3) Lemma 104 (Typing and Semantics of D( iterate (·)) ) . Let dl ˜: DS ⇔ DT be the typing of a rewrite-less DNF lens, where DS ∗ ! and DT ∗ ! . h[ iterate ( dl )]i ˜: h[ DS ∗ ]i ⇔ h[ DT ∗ ]i and [[h[ iterate ( dl )]i]] = {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ dl ]]} Proof.
By assumption, there exists a typing derivation dl ˜: DS ⇔ DT Consider the typing derivation dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ · ! ( ϵ ; DS ; ϵ ) · ! ( ϵ ; DT ; ϵ )[( ϵ , ϵ ) · iterate ( dl ) · ( ϵ , ϵ )] ˜: [ ϵ · DS · ϵ ] ⇔ [ ϵ · DS · ϵ ]h[ iterate ( dl )]i ˜: h[ DS ∗ ]i ⇔ h[ DT ∗ ]i And the semantics are shown to be equal to the desired semantics. [[h[ iterate ( dl )]i]] = {( s , t ) | ( s , t ) ∈ [[[ iterate ( dl )]]]} = {( ϵ · s · ϵ , ϵ · t · ϵ ) | ( s , t ) ∈ [[ iterate ( dl )]]} = {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ dl ]]} (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :92 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic B.9 Complex Lens Operator Properties
The previous properties of lens operators were merely about the operators, and how they could betyped. This portion writes about how lens operators have the same semantics as lenses with verycomplex properties, up to the existence of an identity lens. Much of this complication comes fromthe fact that the DNF regular expression operators don’t have right distributivity. An analogue tothe commutativity of regular expression Or to be expressed using these properties. Lemma 105 (Commutativity of ⊕ ) . If there exists a lens dl ˜: DS ⊕ DS ⇔ DT ⊕ DT , then thereexists a lens dl ˜: DS ⊕ DS ⇔ DT ⊕ DT . Proof.
Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n ′ i .Let DT = h TQ | . . . | TQ m i .Let DT = h TQ | . . . | TQ m ′ i .Let dl = (h sql | . . . | sql n + m i , σ ) So DS ⊕ DS = h SQ | . . . | SQ n + n ′ i , where SQ i = (cid:26) SQ i if i ≤ n SQ i − n if i > n So DT ⊕ DT = h TQ σ ( ) | . . . | TQ σ ( m + m ′ ) i , where TQ σ ( i ) = (cid:26) TQ i if i ≤ m TQ i − m if i > m By inversion sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i Consider the permutation σ ′ ( i ) = (cid:26) σ ( i + m ) if σ ( i ) ≤ m ′ σ ( i − m ) if σ ( i ) > m ′ Consider the lens sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ′ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ′ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ′ ( ) | . . . | TQ σ ′ ( n ) i So TQ σ ′ ( i ) = (cid:26) TQ σ ( i + m ) = TQ i if σ ( i ) ≤ m ′ TQ σ ( i − m ) = TQ i if σ ( i ) > m So h TQ σ ′ ( ) | . . . | TQ σ ′ ( m + m ′ ) i = DT ⊕ DT .Furthermore, The semantics are the same, as permutation has no impact on the semantics ofDNF lenses. (cid:3) Lemma 106 (Left Unrolling of iterate ) . If iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ is an atom lens, then dl ′ = h[( ϵ , ϵ )]i ⊕ ( dl ⊙ D( iterate ( dl ))) ˜: h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) ⇔ h[ ϵ ]i ⊕ ( DT ⊙ D( DT ∗ )) is a DNF Lenswith [[ iterate ( dl )]] = [[ dl ′ ]] Proof. So DS ∗ and DT ∗ are strongly unambiguous atoms.As such, this means DS ∗ ! , DT ∗ ! , DS is strongly unambiguous, and DT is strongly unambiguous.Want to show: because DS ∗ ! , DS · ! D( DS ∗ ) . Let s , s ∈ L( DS ) . Let t , t ∈ L( DS ∗ ) . Let s · t = s · t .This is s · t · . . . · t n and s · t · . . . · t n ′ . where each substring is in L( DS ) . By unambiguousiteration, n = n ′ , and s = s , t i = t i , so s = s and t = t .As such Lemma 100 applies, so ( dl ⊙ D( iterate ( dl ))) ˜: ( DS ⊙ D( DS ∗ )) ⇔ ( DT ⊙ D( DT ∗ )) . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:93 Want to show: because DS ∗ ! , L(h[ ϵ ]i) ∩ L( DS ⊙ D( DS ∗ )) = ∅ . ϵ is the only element of L(h[ ϵ ]i) . ϵ < L( DS ⊙ D( DS ∗ )) , as it cannot be in L( DS ) . Otherwise if ϵ ∈ L( DS ) , then for all s · . . . · s n = ϵ · s · . . . · s n , betraying unambiguous iteration.As such Lemma 102 applies, so h[( ϵ , ϵ )]i ⊕ ( dl ⊙ D( iterate ( dl ))) ˜: h[( ϵ , ϵ )]i ⊕ ( DS ⊙ D( DS ∗ )) ⇔h[( ϵ , ϵ )]i ⊕ ( DT ⊙ D( DT ∗ )) . [[h[( ϵ , ϵ )]i ⊕ ( dl ⊙ D( iterate ( dl )))]] = {( s , t ) | ( s , t ) ∈ [[h[( ϵ , ϵ )]i]] ∨ ( s , t ) ∈ [[ dl ⊙ D( iterate ( dl ))]]} = {( s , t ) | ( s , t ) ∈ [[h[( ϵ , ϵ )]i]]} ∪ {( s , t ) | ( s , t ) ∈ [[ dl ⊙ D( iterate ( dl ))]]} . By the definition of ⊙ and iterate , this equals {( ϵ , ϵ )} ∪ {( s · . . . · s n , t · . . . · t n ) | n ≥ ∧ ( s i , t i ) ∈ [[ dl ]]} . Through combiningthe zero case and the one case, this is {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ dl ]]} = [[ iterate ( al )]] . (cid:3) Lemma 107 (Right Unrolling of iterate ) . If iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ is an atom lens, then dl ′ = h[( ϵ , ϵ )]i ⊕ (D( iterate ( dl )) ⊙ dl ) ˜: h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ) ⇔ h[ ϵ ]i ⊕ (D( DT ∗ ) ⊙ DT ) is a DNF Lenswith [[ iterate ( dl )]] = [[ dl ′ ]] Proof.
This is proven symmetrically to Lemma 106. (cid:3)
Lemma 108 (Left Unrolling of iterate
DNF) . If D( iterate ( dl )) is a DNF lens, then dl ′ = h[( ϵ , ϵ )]i ⊕( dl ⊙ D( iterate ( dl ))) is a DNF Lens with [[ iterate ( dl )]] = [[ dl ′ ]] Proof.
This is through a combination of Lemma 106, and Lemma 103. (cid:3)
Lemma 109 (Right Unrolling of iterate
DNF) . If D( iterate ( dl )) is a DNF lens, then dl ′ = h[( ϵ , ϵ )]i ⊕(D( iterate ( dl )) ⊙ dl ) is a DNF Lens with [[ iterate ( dl )]] = [[D( dl ′ )]] Proof.
This is through a combination of Lemma 107, and Lemma 103. (cid:3)
Lemma 110 (Expressibility of Adjacency Swapping Permutation of Separated Concat List) . Letfor all i ∈ [ n ] , dl i ˜: DS i ⇔ DT i Let σ i be an adjacency swapping permutation, where 1 ≤ i < n .There exists a DNF lens dl ˜: h[ $ ]i DS ⊙ h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ DS n ⊙ h[ $ ]i ⇔ h[ $ ]i ⊙ DT σ i ( ) ⊙ . . . ⊙ DT σ i ( n ) ⊙ h[ $ ]i , where [[ DS ]] = {( $ · s · $ · . . . · $ s n · $, $ · t σ i ( ) · $ · . . . · $ · t σ i ( n ) · $ ) | ( s i , t i ) ∈ [[ dl i ]]} . Proof. As DS i and DT i are strongly unambiguous, by Lemma 17, and from Lemma 88, we havethat · ! (h[ $ ]i DS , h[ $ ]i , . . . , h[ $ ]i , h[ $ ]i , DS n , h[ $ ]i) and · ! (h[ $ ]i DT σ i ( ) , h[ $ ]i , . . . , h[ $ ]i , DT σ i ( n ) , h[ $ ]i) Consider the lens h[( $, $ )]i ⊙ dl ⊙ . . . ⊙((h[( $, $ )]i ⊙ dl i ) s (h[( $, $ )]i ⊙ dl i + )) ⊙ . . . ⊙ dl n ⊙ h[( $, $ )]i ,which by Lemma 100 and Lemma 101. h[( $, $ )]i ⊙ dl ⊙ . . . ⊙ ((h[( $, $ )]i ⊙ dl i ) s (h[( $, $ )]i ⊙ dl i + )) ⊙ . . . ⊙ dl n ⊙ h[( $, $ )]i ˜: h[ $ ]i ⊙ DS ⊙ h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ DS n ⊙ h[ $ ]i ⇔ h[ $ ]i ⊙ DS ⊙ h[ $ ]i ⊙ . . . ⊙h[ $ ]i ⊙ DT i + ⊙ h[ $ ]i ⊙ DT i h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ DS n ⊙ h[ $ ]i as desired.Also by Lemma 101, the semantics are as desired. (cid:3) Lemma 111 (Expressibility of Permutation of Separated Concat List) . Let for all i ∈ [ n ] , dl i ˜: DS i ⇔ DT i Let σ be a permutation, where 1 ≤ i < n . There exists a DNF lens dl ˜: h[ $ ]i DS ⊙ h[ $ ]i ⊙ . . . ⊙h[ $ ]i ⊙ h[ $ ]i DS n h[ $ ]i ⇔ h[ $ ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙ h[ $ ]i , where [[ DS ]] = {( $ · s · $ · . . . · $ s n · $, $ · t σ ( ) · $ · . . . · $ · t σ ( n ) · $ ) | ( s i , t i ) ∈ [[ dl i ]]} . Proof. As DS i and DT i are strongly unambiguous, by Lemma 17, and as h[ $ ]i · ! L , and L · ! h[ $ ]i ,for all L , we have that h[ $ ]i ⊙ DS ⊙ h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ h[ $ ]i DS n h[ $ ]i is strongly unambiguous.From algebra, σ can be decomposed into a series of σ i j ◦ . . . ◦ σ i .We proceed by induction Case j = . σ = id .Through repeated application of ⊙ , h[( $, $ )]i ⊙ dl ⊙ . . . ⊙ dl n ⊙ h[( $, $ )]i ˜: h[ $ ]i DS ⊙ h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ h[ $ ]i DS n h[ $ ]i ⇔ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) , where [[ DS ]] = {( $ · s · $ · . . . · $ s n · $, $ · t · $ · . . . · $ · t n · $ ) | ( s i , t i ) ∈ [[ dl i ]]} , Vol. 1, No. 1, Article 1. Publication date: October 2017. :94 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case j > . σ = σ i j ◦ . . . ◦ σ i . σ ′ = σ i j − ◦ . . . ◦ σ i . σ = σ i j ◦ σ ′ .By IH there exists a DNF lens dl ˜: h[ $ ]i DS ⊙h[ $ ]i⊙ . . . ⊙h[ $ ]i⊙h[ $ ]i DS n h[ $ ]i ⇔ h[ $ ]i⊙ DT σ ′ ( ) ⊙ . . . ⊙ DT σ ′ ( n ) ⊙ h[ $ ]i , where [[ DS ]] = {( $ · s · $ · . . . · $ s n · $, $ · t σ ′ ( ) · $ · . . . · $ · t σ ′ ( n ) · $ ) | ( s i , t i ) ∈ [[ dl i ]]} As DT i are strongly unambiguous, by Lemma 15, there exists an identity lens dl ′ i ˜: DT i ⇔ DT i ,for each DT i .By Lemma 110, there exists a DNF lens dl ′ ˜: h[ $ ]i DT σ ′ ( ) ⊙h[ $ ]i⊙ . . . ⊙h[ $ ]i⊙h[ $ ]i DT σ ′ ( n ) h[ $ ]i ⇔ DT σ ij ( σ ′ ( )) ⊙ . . . ⊙ DT σ ij ( σ ′ ( n )) , where [[ DS ]] = {( $ · t σ ′ ( ) · $ · . . . · $ t σ ′ ( n ) · $, $ · t σ ij ( σ ′ ( )) · $ · . . . · $ · t σ ij ( σ ′ ( n )) · $ ) | ( t σ ′ ( i ) , t σ ′ ( i ) ) ∈ [[ dl i ]]} .So, by Lemma 14, there exists a DNF lens dl ˜: h[ $ ]i DS ⊙ h[ $ ]i ⊙ . . . ⊙ h[ $ ]i ⊙ h[ $ ]i DS n h[ $ ]i ⇔h[ $ ]i⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙h[ $ ]i , where [[ DS ]] = {( $ · s · $ · . . . · $ s n · $, $ · t σ ( ) · $ · . . . · $ · t σ ( n ) · $ ) | ( s i , t i ) ∈[[ dl i ]]} (cid:3) Lemma 112 (Expressibility of Concat Permutation) . Let for all i ∈ [ n ] , dl i ˜: DS i ⇔ DT i . Let · ! ( s , DS , . . . , DT n , s n ) . Let σ be a permutation. Let · ! ( t , DT σ ( n ) , . . . , DT σ ( n ) , t n ) . There exists aDNF lens dl ˜: h[ s ]i ⊙ DS ⊙ h[ s ]i ⊙ . . . ⊙ h[ s n − ]i ⊙ DS n ⊙ h[ s n ]i ⇔ h[ s ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙h[ s n ]i , where [[ DS ]] = {( s · s ′ · s · . . . · s n − s ′ n · s n , t · t ′ σ ( ) · t · . . . · t n − · t ′ σ ( n ) · t n ) | ( s ′ i , t ′ i ) ∈ [[ dl i ]]} . Proof.
By Lemma 17, DS i and DT i are strongly unambiguous.By Lemma 15, there exists dl ′ i ˜: DS i ⇔ DS i , which are the identity transformations.By Lemma 15, there exists dl ′′ i ˜: DT i ⇔ DT i , which are the identity transformations.Consider the lenses [( s i , $ )] ˜: [ s i ] ⇔ [ $ ]h[( s i , $ )]i ˜: h[ s i ]i ⇔ h[ $ ]i[( $, t i )] ˜: [ $ ] ⇔ [ t i ]h[( $, t i )]i ˜: h[ $ ]i ⇔ h[ t i ]i Because · ! ( $, DS , . . . , DS n , $ ) , through repeated application of Lemma 100, h[( s , $ )]i ⊙ dl ′ ⊙ . . . ⊙ dl ′ n ⊙ h[( s n , $ )]i ˜: h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h[ s n ]i ⇔ h[ $ ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h $ i , with semantics [[h[( s , $ )]i ⊙ dl ′ ⊙ . . . ⊙ dl ′ n ⊙ h[( s n , $ )]i]] = {( s · s ′ · . . . · s ′ n · s n , $ · s ′ · . . . · s ′ n · $ ) | s i ∈ L( DS i )} Because · ! ( $, DT σ ( ) , . . . , DT σ ( n ) , $ ) , through repeated application of Lemma 100, h[( $, t )]i ⊙ dl ′′ σ ( ) ⊙ . . . ⊙ dl ′′ σ ( n ) ⊙ h[( $, t n )]i ˜: h[ $ ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙ h $ i ⇔ h[ t ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙ h[ t n ]i , with semantics [[h[( $, t )]i ⊙ dl ′′ σ ( ) ⊙ . . . ⊙ dl ′′ σ ( n ) ⊙ h[( $, t n )]i]] = {( $ · t ′ σ ( ) · . . . · t ′ σ ( n ) · $, t · t ′ σ ( ) · . . . · t ′ σ ( n ) · t n ) | s i ∈ L( DT i )} By Lemma 111, there exists a lens dl ˜: h[ $ ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h $ i ⇔ h[ $ ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙ h $ i , with semantics [[ dl ]] = {( $ · s ′ · $ · . . . · $ s ′ n · $, $ · t ′ σ ( ) · $ · . . . · $ · t ′ σ ( n ) · $ ) | ( s ′ i , t ′ i ) ∈ [[ dl i ]]} .By Lemma 14, there exists a lens dl ′ ˜: h[ s ]i ⊙ DS ⊙ . . . ⊙ DS n ⊙ h[ s n ]i ⇔ h[ t ]i ⊙ DT σ ( ) ⊙ . . . ⊙ DT σ ( n ) ⊙ h[ t n ]i . The semantics, through running the strings through, is {( s · s ′ · s · . . . · s n − s ′ n · s n , t · t ′ σ ( ) · t · . . . · t n − · t ′ σ ( n ) · t n ) | ( s ′ i , t ′ i ) ∈ [[ dl i ]]} . (cid:3) Lemma 113 (Identity Transformation on Adjacent Swapping Or) . Let DS , . . . , DS n be stronglyunambiguous DNF regular expressions, where j , k ⇒ L( DS i ) = L( DS j ) .Let σ i be an adjacent swapping permutation.There exists a lens dl ˜: DS ⊕ . . . ⊕ DS n ⇔ DS σ i ( ) ⊕ . . . ⊕ DS σ i ( n ) , such that [[ dl ]] = {( s , s ) | s ∈L( DS ⊕ . . . ⊕ DS n )} . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:95 Proof.
As each DNF regular expression is strongly unambiguous, there exists a DNF lens dl j ˜: DS j ⇔ DS j such that [[ dl j ]] = {( s , s ) | s ∈ L( DS j )} . By assumption, L( DS i )∩ L( DS i + ) = ∅ , soby Lemma 105, there exists dl ′ ˜: DS i ⊕ DT i ⇔ DT i ⊕ DS i . By repeated application of Lemma 102, dl ⊕ . . . ⊕ dl i − ⊕ dl ′ ⊕ dl i + ⊕ . . . ⊕ dl n ˜: DS ⊕ . . . ⊕ DS n ⇔ DS ⊕ . . . ⊕ DS i + ⊕ DS i ⊕ . . . ⊕ DS n .Because each of the lenses included in this is the identity lens, the overall lens is the identitylens. (cid:3) Lemma 114 (Identity Transformation on Or Permutations) . Let DS , . . . , DS n be strongly unam-biguous DNF regular expressions, where j , k ⇒ L( DS i ) = L( DS j ) .Let σ be a permutation.There exists a lens dl ˜: DS ⊕ . . . ⊕ DS n ⇔ DS σ ( ) ⊕ . . . ⊕ DS σ ( n ) , such that [[ dl ]] = {( s , s ) | s ∈L( DS ⊕ . . . ⊕ DS n )} . Proof.
From algebra, there exists a decomposition of σ into adjacency switching permutations σ = σ i j ◦ . . . ◦ σ i .We prove this by induction on n ! Case j = . σ = id As each DS i there exists an identity transformation dl i ˜: DS i ⇔ DS i .By repeated application of Lemma 102, dl ⊕ . . . ⊕ dl n ˜: DS ⊕ . . . ⊕ DS n ⇔ DS ⊕ . . . ⊕ DS n with semantics of the identity, as each of the lenses that built it up have identity semantics. Case j > . σ = σ i j ◦ . . . ◦ σ i Define σ ′ = σ i j − ◦ . . . ◦ σ i By IH, there exists a DNF lens dl ˜: DS ⊕ . . . ⊕ DS n ⇔ DS σ ′ ( ) ⊕ . . . ⊕ DS σ ′ ( n ) .By Lemma 113, there exists a lens dl ′ ˜: DS σ ′ ( ) ⊕ . . . ⊕ DS σ ′ ( n ) ⇔ DS ( σ ij ◦ σ ′ )( ) ⊕ . . . ⊕ DS ( σ ij ◦ σ ′ )( n ) ,so dl ′ ˜: DS σ ′ ( ) ⊕ . . . ⊕ DS σ ′ ( n ) ⇔ DS σ ( ) ⊕ . . . ⊕ DS σ ( n ) , where dl has the identity semantics.By Lemma 14, there exists dl ′′ ˜: DS ⊕ . . . ⊕ DS n ⇔ DS σ ( ) ⊕ . . . ⊕ DS σ ( n ) . As each of itscomponent transformations has identity semantics identity, it too has identity semantics. (cid:3) Lemma 115 (Or Permutating Lenses) . Let n a natural number, and for all i ∈ [ n ] , dl i ˜: DS i ⇔ DT i . Let i , j ⇒ DS i ∩ DS j = ∅ and i , j ⇒ DT i ∩ DT j = ∅ . Let σ be a permutation. There existsa lens dl ˜: DS ⊕ . . . ⊕ DS n ⇔ DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) such that [[ dl ]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ dl i ]]} Proof.
By Lemma 102, there exists dl ⊕ . . . ⊕ dl n ˜: DS ⊕ . . . ⊕ DS n ⇔ DT ⊕ . . . ⊕ DT n with [[ dl ⊕ . . . ⊕ dl n ]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ dl i ]]} . By Lemma 114, there exists a lens dl ′ ˜: DT ⊕ . . . ⊕ DT n ⇔ DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) , with [[ dl ′ ]] = {( s , s ) | s ∈ L( DT ⊕ . . . ⊕ DT n )} . By Lemma 14,there exists dl ′′ ˜: DS ⊕ . . . ⊕ DS n ⇔ DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) with semantics {( s , t ) | ∃ s ′ . ( s , s ′ ) ∈[[ dl ⊕ . . . ⊕ dl n ]] ∧ ( s ′ , t ) ∈ [[ dl ′ ]]} . As dl ′ is merely the identity, this has the desired semantics. (cid:3) Lemma 116 (Propagation of Unambiguity to Subcomponents ⊕ ) . If DS ⊕ DT is strongly unam-biguous, then DS is strongly unambiguous, DT is strongly unambiguous, and L( DS ) ∩ L( DT ) = ∅ . Proof.
Let DS = h SQ | . . . | SQ n i .Let DT = h TQ | . . . | TQ m i . DS ⊕ DT = h SQ | . . . | SQ n | TQ | . . . | TQ m i .This means that, as it is strongly unambiguous, all of the sequences are pairwise disjoint, andeach sequence is strongly unambiguous. By Lemma 10, this means that all of the sequences in DS are pairwise disjoint, all the sequences in DT are pairwise disjoint, and L( DS ) ∩ L( DT ) = ∅ . (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :96 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Lemma 117 (Reordering of ⊕ Right) . If there exists a DNF lens dl ˜: DS ⊕ . . . ⊕ DS n ⇔ DT ⊕ . . . ⊕ DT n , then for all permutations σ ∈ S n , there exists a DNF lens dl ′ ˜: DS ⊕ . . . ⊕ DS n ⇔ DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) where [[ dl ′ ]] = [[ dl ]] . Proof.
From Lemma 17, DT ⊕ . . . ⊕ DT n is strongly unambiguous. By repeated application ofLemma 116, i , j ⇒ DT i ∩ DT j = {} , and each DT i is strongly unambiguous.This means Lemma 114 applies, so there exists a DNF lens dl ′ ˜: DT ⊕ . . . ⊕ DT n ⇔ DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) such that [[ dl ′ ]] is the identity semantics.So, by composing dl with dl ′ from Lemma 14, we get dl ′′ ˜: DS ⊕ . . . ⊕ DS n ⇔ DT σ ( ⊕ . . . ⊕ DT σ ( n ) , which has [[ dl ′′ ]] = [[ dl ]] as dl ′ has identitysemantics. (cid:3) Lemma 118. If DS ⊙ ( DS ⊕ DS ) is strongly unambiguous, then there exists a lens dl ˜: DS ⊙( DS ⊕ DS ) ⇔ ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) . Proof. If L( DS ⊙ ( DS ⊕ DS )) = {} , then this is trivial, as DS ⊙ ( DS ⊕ DS ) = {} .Assume the language is nonempty. Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i .Let DS = h SQ | . . . | SQ n i . DS ⊕ DS = h SQ | . . . | SQ n | SQ | . . . | SQ n i . DS ⊙ ( DS ⊕ DS ) = h SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . | SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i .As this is strongly unambiguous, SQ i ⊙ SQ SQ j , k is strongly unambiguous for all i , j , k . Further-more, by strong unambiguity, if ( i , j , k ) , ( i , j , k ) , then SQ i ⊙ SQ SQ j , k ∩ SQ i ⊙ SQ SQ j , k DS ⊙ DS = h SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i . DS ⊙ DS = h SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n i . ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) = h SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | . . . | SQ n ⊙ SQ SQ | . . . | SQ n ⊙ SQ SQ n | SQ ⊙ SQ SQ | . . . SQ ⊙ SQ SQ n | . . . SQ n ⊙ SQ SQ | . . . SQ n ⊙ SQ SQ n i From before, if ( i , j , k ) , ( i , j , k ) , then SQ i ⊙ SQ SQ j , k ∩ SQ i ⊙ SQ SQ j , k = {} .As SQ i ⊙ SQ SQ j , k is strongly unambiguous, there exists sql i , j , k ˜: SQ i ⊙ SQ SQ j , k ⇔ SQ i ⊙ SQ SQ j , k , from Lemma 15.There exists a unique permutation σ that sends SQ i ⊙ SQ SQ j , k in DS ⊙ ( DS ⊕ DS ) to SQ i ⊙ SQ SQ j , k in ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) . As a permutation is merely a bijective between a finite numberof elements. Note, this permutation is not necessarily the identity permutation. In particular, thesequence at position n +
1, if such a sequence exists, in DS ⊙ ( DS ⊕ DS ) is SQ ⊙ SQ SQ .However, the sequence at position n +
1, if such a sequence exists, in ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) ,is SQ ⊙ SQ SQ .Consider the derivation sql ˜: SQ i ⊙ SQ SQ j , k ⇔ SQ i ⊙ SQ SQ j , k ( i , j , k ) , ( i , j , k ) ⇒ ( SQ i ⊙ SQ SQ j , k ) ∩ ( SQ i ⊙ SQ SQ j , k ) = {}( i , j , k ) , ( i , j , k ) ⇒ ( SQ i ⊙ SQ SQ j , k ) ∩ ( SQ i ⊙ SQ SQ j , k ) = {} σ ∈ S n × n × n (h sql | . . . | sql n | sql | . . . | sql n | . . . | sql n ,2,1 | . . . | sql n ,2, n | sql n ,3,1 | . . . | sql n ,3, n i , σ ) ˜: DS ⊙ ( DS ⊕ DS ) ⇔ ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) Furthermore, as each sql has the identity transformation, then as σ has no impact on semantics,the total DNF lens has the identity transformation. (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:97 Lemma 119. If ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) is strongly unambiguous, then there exists a lens dl ˜: ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) ⇔ DS ⊙ ( DS ⊕ DS ) . Proof.
By Lemma 40, DS ⊙( DS ⊕ DS ) is strongly unambiguous. So by Lemma 118, there existsan identity lens dl ˜: ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) ⇔ DS ⊙ ( DS ⊕ DS ) . As rewriteless DNF lenses areclosed under inversion, there exists a lens dl − ˜: DS ⊙( DS ⊕ DS ) ⇔ ( DS ⊙ DS )⊕( DS ⊙ DS ) . (cid:3) Lemma 120. If ( DS ⊕ DS ) ⊙ DS is strongly unambiguous, then there exists a lens dl ˜: ( DS ⊕ DS ) ⊙ DS ⇔ ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) . Proof.
By Lemma 35, ( DS ⊕ DS ) ⊙ DS = ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) , so by Lemma 15, thereis an identity lens between them. (cid:3) Lemma 121. If ( DS ⊕ DS ) ⊙ DS is strongly unambiguous, then there exists a lens dl ˜: ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) ⇔ ( DS ⊕ DS ) ⊙ DS . Proof.
By Lemma 35, ( DS ⊕ DS ) ⊙ DS = ( DS ⊙ DS ) ⊕ ( DS ⊙ DS ) , so by Lemma 15, thereis an identity lens between them. (cid:3) B.10 Rewrite Property Maintenance
Here the proof of bisimilarity and confluence on parallel rewrites with respect to the property ofhaving a lens’s semantics is presented. First a proof must be presented on Parallel Rewrites’ abilityto be built up from smaller parts through concatenation. Because of the lack of a distributivity rule,this is only maintained up to an identity lens, we cannot merely concatenate the two rewrittenparts. With this, bisimilarity is proven, as is confluence.
Lemma 122 ( → k Maintained Under ⊙ up to id ) . Let DS be strongly unambiguous. Let DT bestrongly unambiguous. Let L( DS ) · ! L( DT ) . If DS → k ∗ DS ′ , DT → k ∗ DT ′ , and DS ⊙ DT → k ∗ DS ′′ suchthat there exists a rewriteless DNF lens dl ˜: DS ′ ⊙ DT ′ ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} . Proof.
Because L( DS ) · ! L( DT ) , DS ⊙ DT is strongly unambiguous.By induction on the derivation of → k ∗ DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n DT = h TQ | . . . | SQ m i ∀ i . TQ i = [ t i ,0 · B i ,1 · . . . · B i , m i · t i , m i ] ∀ i , j . B i , j → k A DT i , j ∀ i . DT i = h[ t i ,0 ]i ⊙ DT i ,1 ⊙ . . . ⊙ DT i , n i ⊙ h[ t i , n i ]i DT → k DT ⊕ . . . ⊕ DT n Define A ′′ i , j , k = (cid:26) A i , k if k ≤ n i B j , k − n i if i > n i Define s ′′ i , j , k = s i , k if k < n i s i , n i · t j ,0 if k = n i t j , k − n i if i > n Define n i , j = n i + m j .Define SQ ′′ i , j = [ s ′′ i , j ,0 · A ′′ i , j ,1 · . . . · A ′′ i , j , n i , j · s ′′ i , j , n i , j ] . By inspection, SQ ′′ i , j = SQ i ⊙ SQ SQ j .Define DS ′′ = h SQ ′′ | . . . | SQ ′′ n , m i . By inspection, DS ′′ = DS ⊙ DT .Define DS ′′ i , j , k = (cid:26) DS i , k if k ≤ n i DT j , k − n i if i > n i . By inspection A ′′ i , j , k → k DS ′′ i , j , k . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :98 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Define DS ′′ i , j as h[ s ′′ i , j ,0 ]i ⊙ DS ′′ i , j ,1 ⊙ . . . ⊙ DS i , j , n i , j ⊙ h[ s i , j , n i , j ]i . By inspection, DS ′′ i , j = DS i ⊙ DS j This means that DS ′′ ⊕ . . . ⊕ DS ′′ m ⊕ . . . ⊕ DS ′′ n ,1 ⊕ . . . ⊕ DS ′′ n , m = ( DS ⊙ DT ) ⊕ . . . ⊕ ( DS ⊙ DT m ) ⊕ . . . ⊕ ( DS n ⊙ DT ) ⊕ . . . ⊕ ( DS n ⊙ DT m ) By repeated application of Lemma 119 and Lemma 121,there exists a DNF lens dl ˜: DS ′′ ⊕ . . . ⊕ DS ′′ n , m ⇔ ( DS ⊕ . . . ⊕ DS n ) ⊙ ( DT ⊕ . . . ⊕ DT m ) , so dl ˜: DS ′′ ⊕ . . . ⊕ DS ′′ n , m ⇔ DS ′ ⊙ DT ′ .Consider the derivation DS ′′ = h SQ ′′ | . . . | SQ ′′ n , m i ∀ i , j . SQ ′′ i , j = [ s ′′ i , j ,0 · A ′′ i , j ,1 · . . . · A ′′ i , j , n i , j · s ′′ i , j , n i , j ] ∀ i , j . A ′′ i , j → k A DS ′′ i , j ∀ i , j . DS ′′ i , j = h[ s ′′ i , j ,0 ]i ⊙ DS ′′ i , j ,1 ⊙ . . . ⊙ DS ′′ i , j , n i , j ⊙ h[ s ′′ i , j , n i , j ]i DS ′′ → k DS ′′ ⊕ . . . ⊕ DS ′′ n , m DS ⊙ DT → k DS ′′ ⊕ . . . ⊕ DS ′′ n , m , DS ′′ ⊕ . . . ⊕ DS ′′ n , m If DS → k DS ′ and DT → k DT ′ , then DS ⊙ DS → k DS ′′ such that there exists a rewriteless DNF lens dl ˜: DS ⊙ DT ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} , as desired. (cid:3) Lemma 123 (Swap’s Unimportance For Identity) . (1) If DS is strongly unambiguous and DS → k swap DS then there exists a DS such that DS → k DS and there exists a lens l ˜: DS ⇔ DS such that [[ l ]] = {( s , s ) | s ∈ L( DS )} (2) If A is strongly unambiguous and A → k swapA DS then there exists a DS such that A → k A DS and there exists a lens l ˜: DS ⇔ DS such that [[ l ]] = {( s , s ) | s ∈ L( A )} Proof.
By mutual induction on the derivation of → k swap . Case
Atom Unrollstar L ) . Let A → k swapA DS , and the last step of the derivation is an applicationof Atom Unrollstar R . That means A = DS ∗ and DS = h[ ϵ ]i ⊕ ( DS ⊙ D( DS ∗ )) .Consider an application of → k A ’s Atom Unrollstar R . A → k DS . By Lemma 15, there exists aDNF lens dl ˜: DS ⇔ DS and [[ dl ]] = {( s , s ) | s ∈ L( A )} . Case . Let A → k swapA DS , and the last step of the derivation is an appli-cation of Atom Unrollstar L . That means A = DS ∗ and DS = D( DS ′ ) , whereConsider an application of → k A ’s Atom Unrollstar R . A → k DS . By Lemma 15, there exists aDNF lens dl ˜: DS ⇔ DS and [[ dl ]] = {( s , s ) | s ∈ L( A )} . Case
Parallel Swap Atom Structural Rewrite ) . Let A → k swapA DS , and the last step of thederivation is an application of Parallel Swap Atom Structural Rewrite . That means A = DS ∗ and DS = D( DS ′ ∗ ) , and DS → k swapA DS ′ .By IH, there exists DS ′ such that DS → k DS ′ , and there exists a rewriteless DNF lens dl ˜: DS ′ ⇔ DS ′ .By Parallel Swap Atom Structural Rewrite , A → k A D( DS ′ ∗ ) .By Lemma 104, D( iterate ( dl )) ˜: D( DS ∗ ) ⇔ D( DS ∗ ) , with [[D( iterate ( dl ))]] = {( s . . . s n , t . . . t n ) | ( s i , t i ) ∈ [[ dl ]]} = {( s . . . s n , s . . . s n ) | ( s i , s i ) ∈ L( DS )} = {( s , s ) | s ∈ L( A ))} Case
Parallel Swap DNF Structural Rewrite ) . Let DS → k swap DS ′ , and the last step of thederivation is an application of Parallel Swap DNF Structural Rewrite . DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k swapA DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k swap DS ⊕ . . . ⊕ DS n and DS ′ = DS ⊕ ⊕ . . . ⊕ DS n . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:99 There exists lenses By IH, there exist DT i , j and dl i , j , such that A i , j → k DT i , j , dl i , j ˜: DS i , j ⇔ DT i , j ,and [[ dl i , j ]] = {( s , s ) | s ∈ L( A i , j )} .Define DT i = h[ s i ,0 ]i ⊙ DT i ,1 ⊙ . . . ⊙ DT i , n i ⊙ h[ s i , n i ]i .Define DT = DT ⊕ . . . ⊕ DT n By repeated application of Lemma 100, there exists a lens dl i = (h([( s i ,0 , s i ,0 )] , id )i , id ) ⊙ dl i ,1 ⊙ . . . ⊙ dl i , n i ⊙ (h([( s i , n i , s i , n i )] , id )i , id ) ˜: h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i ⇔ h[ s i ,0 ]i ⊙ DT i ,1 ⊙ . . . ⊙ DT i , n i ⊙ h[ s i , n i ]i By pushing around the definitions of ⊙ , this becomes dl i ˜: DS i ⇔ DT i and [[ dl i ]] = {( s , s ) | s ∈L( SQ i )} .By repeated applications of Lemma 102, there exists a lens dl = dl ⊕ . . . ⊕ dl n ˜: DS ⊕ . . . ⊕ DS n ⇔ DT ⊕ . . . ⊕ DT n .By pushing around the definitions of ⊕ , this becomes dl ˜: DS ′ ⇔ DT , and [[ dl ]] = {( s , s ) | s ∈L( DS )} Furthermore, DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k DT i , j ∀ i . DT i = h[ s i ,0 ]i ⊙ DT i ,1 ⊙ . . . ⊙ DT i , n i ⊙ h[ s i , n i ]i DS → k DT ⊕ . . . ⊕ DT n Case
Identity Rewrite ) . Let DS → k swap DS , and the last step of the derivation is an applicationof Identity Rewrite .This means DS → k swap DS Consider the application of → k ’s Identity Rewrite , DS → k DS .By Lemma 15, there exists a DNF lens dl ˜: DS ⇔ DS and [[ dl ]] = {( s , s ) | s ∈ L( DS )} . Case
DNF Reorder ) . Let DS → k swap DS , and the last step of the derivation is an application of DNF Reorder .Let DS = h SQ | . . . | SQ n i . This means that there exists a σ such that DS = h SQ σ ( ) | . . . | SQ σ ( n ) i .Consider DS → k DS . By Lemma 15, there exists sequence lenses sql i such that sql i ˜: SQ i ⇔ SQ i and [[ sql i ]] = {( s , s ) | s ∈ L( SQ i )} Consider (h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h SQ σ ( ) | . . . | SQ σ ( n ) i , which is typed asdesired. [[(h sql | . . . | sql n i , σ )]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ sql i ]]} = {( s , s ) | ∃ i . s ∈ L( SQ i )} = {( s , s ) | s ∈L( DS )} (cid:3) Definition 18.
Let l be a lens. Define the binary relation, l ⇐⇒⊆ DNF × DNF , as DS l ⇐⇒ DT if, andonly if there exists a DNF Lens dl such that dl ˜: DS ⇔ DT , and [[ dl ]] = [[ l ]] . DS id ⇐⇒ DT is shorthandfor DS id DS ⇐ = ⇒ DT . Lemma 124. (1) Let dl ˜: DS ⇔ DT and DS → k DS ′ . There exists some DT ′ , dl ′ such that DT → k DT ′ , dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ]] = [[ dl ′ ]] .(2) Let al ˜: A ⇔ B and A → k A DS . There exists some DT , dl , such that B → k A DT , dl ′ ˜: DS ⇔ DT ,and [[ dl ]] = [[ al ]] . Proof.
By mutual induction on the derivation of → k and → k A , Vol. 1, No. 1, Article 1. Publication date: October 2017. :100 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Case
Atom Unrollstar L ) . Let al ˜: A ⇔ B , and A → k A DS through an application of AtomUnrollstar L . By inversion, there exists a derivation of dl ˜: DS ′ ⇔ DT ′ DS ′∗ ! DT ′∗ ! iterate ( dl ) ˜: DS ′∗ ⇔ DT ′∗ Where iterate ( dl ) = al , DS ′∗ = A , and DT ′∗ = B .As Atom Unrollstar L was applied, DS = h[ ϵ ]i ⊕ ( DS ′ ⊙ h[ DS ′∗ ]i) .Consider applying Atom Unrollstar L to DT ′∗ . DT ′∗ → k A h[ ϵ ]i ⊕ ( DT ′ ⊙ h[ DT ′∗ ]i) Consider the lenses [( ϵ , ϵ )]h[( ϵ , ϵ )]i iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ [ iterate ( dl )] ˜: [ DS ∗ ] ⇔ [ DT ∗ ]h[ iterate ( dl )]i ˜: h[ DS ∗ ]i ⇔ h[ DT ∗ ]i As DS ∗ ! , L( DS ) · ! L(h[ DS ∗ ]i) . As DS ∗ ! , ϵ < L( DS ) . This means ϵ < L( DS ⊙ h[ DS ∗ ]i) , so L(h[ ϵ ]i) ∩L( DS ⊙ h[ DS ∗ ]i) = ∅ Because of this, by Lemma 100 and Lemma 102, there exists the typing for the lens h[( ϵ , ϵ )]i ⊕( dl ⊙ h[ iterate ( dl )]i) ˜: h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) ⇔ h[ ϵ ]i ⊕ ( DT ⊙ h[ DT ∗ ]i) , which is the desired typing. [[h[( ϵ , ϵ )]i ⊕ ( dl ⊙ h[ iterate ( dl )]i)]] = {( s , t ) | ( s , t ) ∈ [[h[( ϵ , ϵ )]i]]∨( s , t ) ∈ [[ dl ⊙ h[ iterate ( dl )]i]]} = {( ϵ , ϵ )} ∪ {( s , t ) | ( s , t ) ∈ [[ dl ⊙ h[ iterate ( dl )]i]]} = {( ϵ , ϵ )} ∪ {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]]∧ ( s , t ) ∈ [[h[ iterate ( dl )]i]]} = {( ϵ , ϵ )} ∪ {( s · ( s · . . . · s n ) , t · ( t · . . . · s n ))| ( s , t ) ∈ [[ dl ]] ∧ n ≥ ∧ ∀ i ∈ [ n ] . ( s i , t i ) ∈ [[ dl ]]} = {( ϵ , ϵ )} ∪ {( s · . . . · s n , t · . . . · t n ) | n ≥ ∧ ∀ i ∈ [ n ] . ( s i , t i ) ∈ [[ dl ]]} = {( s · . . . · s n , t · . . . · t n ) | n ≥ ∧ ∀ i ∈ [ n ] . ( s i , t i ) ∈ [[ dl ]]} = [[ iterate ( dl )]] Case
Atom Unrollstar R ) . Let al ˜: A ⇔ B , and A → k A DS through an application of AtomUnrollstar R . Case
Parallel Atom Structural Rewrite ) . Let al ˜: A ⇔ B , and A → k A DS through an appli-cation of Parallel Atom Structural Rewrite . By inversion, there exists a derivation of dl ˜: DS ′ ⇔ DT ′ DS ′∗ ! DT ′∗ ! iterate ( dl ) ˜: DS ′∗ ⇔ DT ′∗ Where iterate ( dl ) = al , DS ′∗ = A , and DT ′∗ = B .As Parallel Atom Structural Rewrite was applied, DS ′ → k DS ′′ , and DS = h[ DS ′′∗ ]i . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:101 By induction hypothesis, there exists some dl ′ , DT ′′ , such that dl ′ ˜: DS ′ ⇔ DS ′′ , and [[ dl ′ ]] = [[ dl ]] . Because L( DS ′′ ) = L( DS ′ ) and L( DT ′′ ) = L( DT ′ ) , DS ′′∗ ! and DT ′′∗ ! .Consider the typing dl ′ ˜: DS ′′ ⇔ DT ′′ DS ′′∗ ! DT ′′∗ ! iterate ( dl ′ ) ˜: DS ′′∗ ⇔ DT ′′∗ [ iterate ( dl ′ )] ˜: [ DS ′′∗ ] ⇔ [ DT ′′∗ ]h[ iterate ( dl ′ )]i ˜: h[ DS ′′∗ ]i ⇔ h[ DT ′′∗ ]i This is the desired typing. The semantics are as desired as well. [[h[ iterate ( dl ′ )]i]] = {( s · . . . · s n , t · . . . · t n ) | n ≥ ∧ ∀ i ∈ [ n ]( s i , t i ) ∈ [[ dl ′ ]]} = {( s · . . . · s n , t · . . . · t n ) | n ≥ ∧ ∀ i ∈ [ n ]( s i , t i ) ∈ [[ dl ]]} = [[ al ]] Case
DNF Reorder ) . Let dl ˜: DS ⇔ DT , and DS → k DS ′ through an application of DNF Reorder . Case
Parallel DNF Structural Rewrite ) . Let dl ˜: DS ⇔ DT , and DS → k DS ′ through anapplication of Parallel DNF Structural Rewrite . Case
Identity Rewrite ) . Let dl ˜: DS ⇔ DT , and DS → k DS ′ through an application of IdentityRewrite . (cid:3) Lemma 125. (1) Let dl ˜: DS ⇔ DT and DT → k DT ′ .There exists some DS ′ , dl ′ such that DS → k DS ′ , dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ]] = [[ dl ′ ]] .(2) Let al ˜: A ⇔ B and B → k A DT .There exists some DS , dl , such that A → k A DS , dl ′ ˜: DS ⇔ DT , and [[ dl ]] = [[ al ]] . Proof.
This can be proven symmetrically to Lemma 124. (cid:3)
Lemma 126.
For all lenses l : S ⇔ T , bisimilar l ⇐⇒( → k ) , over the set of strongly unambiguousDNF regular expressions. Proof.
Let DS , DT be strongly unambiguous DNF regular expressions, with DS l ⇐⇒ DT . Sothere exists a rewriteless DNF lens dl ˜: DS ⇔ DT where [[ dl ]] = [[ l ]] .Let DS → k DS ′ . By Lemma 126, there exists dl ′ , DT ′ such that DT → k DT ′ , dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ′ ]] = [[ dl ]] = [[ l ]] , so DS ′ l ⇐⇒ DT ′ .Let DT → k DT ′ . By Lemma 126, there exists dl ′ , DS ′ such that DS → k DS ′ , dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ′ ]] = [[ dl ]] = [[ l ]] , so DS ′ l ⇐⇒ DT ′ . (cid:3) Lemma 127.
For all lenses l : S ⇔ T , bisimilar l ⇐⇒( → k ∗ ) , over the set of strongly unambiguousDNF regular expressions. Proof.
By Lemma 3 and Lemma 126. (cid:3)
Corollary 2 (Bisimilarity in Star Sequential) . By Lemma 127 and Theorem 9. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :102 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Lemma 128 ( → k Maintained Under ⊙ up to id on the left) . Let DS be strongly unambiguous. Let DT be strongly unambiguous. Let L( DS ) · ! L( DT ) . If DS → k ∗ DS ′ , then DS ⊙ DT → k ∗ DS ′′ such thatthere exists a rewriteless DNF lens dl ˜: DS ′ ⊙ DT ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} . Proof. As L( DS ) · ! L( DT ) , DS ⊙ DT is strongly unambiguous.We proceed by induction on the derivation of → k ∗ . Case
Reflexivity ) . DS → k ∗ DS By reflexivity DS ⊙ DT → k ∗ DS ⊙ DT Furthermore, as DS ⊙ DT is strongly unambiguous, there exists a lens dl ˜: DS ⊙ DT ⇔ DS ⊙ DT . Case
Base ) . DS → k DS ′ DS → k ∗ DS ′ So DS → k DS ′ , and by Identity Rewrite , DT → k DT .So Lemma 122 says that there exists DS ′′ such that DS ⊙ DT → k DS ′′ DS ⊙ DT → k ∗ DS ′′ where there exists a DNF lens dl ˜: DS ′ ⊙ DT ⇔ DS ′′ such that [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} . Case
Transitivity ) . DS → k ∗ DS DS → k ∗ DS ′ DS → k ∗ DS ′ By IH, there exists DS ′′ such that DS ⊙ DT → k ∗ DS ′′ , and there exists a DNF lens dl ˜: DS ⊙ DT ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} .By IH, there exists DS ′′ such that DS ⊙ DT → k ∗ DS ′′ , and there exists a DNF lens dl ˜: DS ′ ⊙ DT ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} .By Lemma 127, as DS ⊙ DT → k ∗ DS ′′ , then there exists DS ′ , dl ′ such that DS ′′ → k ∗ DS ′ , and dl ′ ˜: DS ′′ ⇔ DS ′′ ⇔ DS ′ , with the same semantics as dl .So dl ˜: DS ′ ⊙ DT ⇔ DS ′′ , and dl ′ ˜: DS ′′ ⇔ DS ′′ ⇔ DS ′ . By Lemma 14, there exists a DNF lens, dl ′ ˜: DS ′ ⊙ DT ⇔ DS ′ . As both the lenses in the composition are the identity lens, this lens is theidentity lens, so [[ dl ′ ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} Furthermore DS ⊙ DT → k ∗ DS ′′ DS ′′ → k ∗ DS ′ DS ⊙ DT → k ∗ DS ′ (cid:3) Lemma 129 ( → k Maintained Under ⊙ up to id on the right) . Let DS be strongly unambiguous. Let DT be strongly unambiguous. Let L( DT ) · ! L( DS ) . If DS → k ∗ DS ′ , then DT ⊙ DS → k ∗ DS ′′ such thatthere exists a rewriteless DNF lens dl ˜: DT ⊙ DS ′ ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} . Proof.
This is done symmetrically to Lemma 128. (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:103
Lemma 130 ( → k Maintained Under ⊙ up to id ) . Let DS be strongly unambiguous. Let DT bestrongly unambiguous. Let L( DT ) · ! L( DS ) . Let DS → k ∗ DS ′ . Let DT → k ∗ DT ′ . Then DS ⊙ DT → k ∗ DS ′′ such that there exists a rewriteless DNF lens dl ˜: DS ′ ⊙ DT ′ ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈L( DS ⊙ DT )} . Proof.
By Lemma 129, there exists a DNF lens dl ˜: DS ⊙ DT ′ ⇔ DS , such that DS ⊙ DT → k ∗ DS and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} .By Lemma 128, there exists a DNF lens dl ˜: DS ′ ⊙ DT ′ ⇔ DS , such that DS ⊙ DT ′ → k ∗ DS and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} .By Lemma 127, as DS ⊙ DT ′ → k ∗ DS , there exists a DNF lens dl ′ ˜: DS ⇔ DS ′ with [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} and DS → k ∗ DS ′ So dl ˜: DS ′ ⊙ DT ′ ⇔ DS , and dl ′ ˜: DS ⇔ DS ′ . By Lemma 14, there exists a DNF lens, dl ′ ˜: DS ′ ⊙ DT ′ ⇔ DS ′ . As both the lenses in the composition are the identity lens, this lens is theidentity lens, so [[ dl ′ ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} Furthermore DS ⊙ DT → k ∗ DS DS → k ∗ DS ′ DS ⊙ DT → k ∗ DS ′ (cid:3) Corollary 3 ( → ∗ Maintained Under ⊙ ) . Let DS be strongly unambiguous. Let DT be stronglyunambiguous. Let L( DT ) · ! L( DS ) . Let DS → ∗ DS ′ . Let DT → ∗ DT ′ . Then DS ⊙ DT → ∗ DS ′′ such thatthere exists a rewriteless DNF lens dl ˜: DS ′ ⊙ DT ′ ⇔ DS ′′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS ⊙ DT )} . Proof.
From Theorem 9 applied to Lemma 130. (cid:3)
Lemma 131 (Pre-Confluence of Parallel Rewriting Without Reordering) . • If dl ˜: DS ⇔ DT , DS → k DS ′ , and DT → k DT ′ , then(1) There exists a DS ′′ such that DS ′ → k DS ′′ (2) There exists a DT ′′ such that DT ′ → k DT ′′ (3) There exists a dl ′ ˜: DS ′′ ⇔ DS ′′ such that [[ dl ′ ]] = [[ dl ]] . • If al ˜: A ⇔ B , A → k A DS , and B → k A DT , then(1) There exists a DS ′ such that DS → k DS ′ (2) There exists a DT ′ such that DT → k DT ′ (3) There exists a dl ˜: DS ′ ⇔ DT ′ such that [[ dl ]] = [[ al ]] Proof.
By mutual induction on the derivation of → k and → k A . We will split into cases by thelast step taken in each derivation. Case
Atom Unrollstar L , Atom Unrollstar L ) . Let al : A ⇔ B . Let A = DS ′∗ and DT ′∗ → k A h[ ϵ ]i⊕( DS ′ ⊙ h[ DS ′∗ ]i) through an application of Atom Unrollstar L . Let B = DT ∗ and DT ∗ → k A h[ ϵ ]i ⊕( DT ⊙ h[ DT ∗ ]i) through an application of Atom Unrollstar L .(1) Consider using Identity Rewrite h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) → k h[ ϵ ]i ⊕ ( DS ⊙ h[ DS ∗ ]i) (2) Consider using Identity Rewrite h[ ϵ ]i ⊕ ( DT ⊙ h[ DT ∗ ]i) → k h[ ϵ ]i ⊕ ( DT ⊙ h[ DT ∗ ]i) (3) By inversion, al = dl ∗ , and dl ˜: DS ⇔ DT .By Lemma 100, Lemma 102, and Lemma 104 h[( ϵ , ϵ )]i ⊕ ( dl ′ ⊙ D( iterate ( dl ′ ))) ˜: h[ ϵ ]i ⊕( DS ′ ⊙ D( DS ′∗ )) ⇔ h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ )) , which is the desired typing. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :104 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic By Lemma 106, [[h[( ϵ , ϵ )]i ⊕ ( dl ′ ⊙ D( iterate ( dl ′ )))]] = [[ al ]] , which is the desired seman-tics. Case
Atom Unrollstar L , Atom Unrollstar R ) . Let al : A ⇔ B . Let A = DS ′∗ and DT ′∗ → k A h[ ϵ ]i⊕( DS ′ ⊙ D( DS ′∗ )) through an application of Atom Unrollstar L . Let B = DT ∗ and DT ∗ → k A h[ ϵ ]i ⊕(D( DT ∗ ) ⊙ DT ) through an application of Atom Unrollstar R .(1) DS ′∗ → k A h[ ϵ ]i ⊕ (D( DS ′∗ ) ⊙ DS ′ )D( DS ′∗ ) → k h[ ϵ ]i ⊕ (D( DS ′∗ ) ⊙ DS ′ ) DS ′ → k DS ′ By Lemma 122 there exists a DS such that DS ′ ⊙ D( DS ′∗ ) → k DS , and there exists dl ˜: DS ⇔ DS ′ ⊙ (h[ ϵ ]i ⊕ (D( DS ′∗ ) ⊙ DS ′ )) where dl has identity semantics. h[ ϵ ]i → k h[ ϵ ]i So by Lemma 51, h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ )) → k h[ ϵ ]i ⊕ DS .Furthermore, as h[( ϵ , ϵ )]i ˜: h[ ϵ ]i ⇔ h[ ϵ ]i has identity semantics, through Lemma 51 weget h[( ϵ , ϵ )]i ⊕ dl ˜: h[ ϵ ]i ⊕ DS ⇔ h[ ϵ ]i ⊕ ( DS ′ ⊙ (h[ ϵ ]i ⊕ (D( DS ′∗ ) ⊙ DS ′ ))) , which hasthe identity semantics.(2) DT ′∗ → k A h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ ))D( DT ′∗ ) → k h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ )) DT ′ → k DT ′ By Lemma 122 there exists a DT such that DT ′ ⊙ D( DT ′∗ ) → k DT , and there exists dl ˜: (h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ ))) ⊙ DT ′ ⇔ DT where dl has identity semantics. h[ ϵ ]i → k h[ ϵ ]i So by Lemma 51, h[ ϵ ]i ⊕ (D( DT ′∗ ) ⊙ DT ′ ) → k h[ ϵ ]i ⊕ DT .Furthermore, as h[( ϵ , ϵ )]i ˜: h[ ϵ ]i ⇔ h[ ϵ ]i has identity semantics, through Lemma 51 weget h[( ϵ , ϵ )]i ⊕ dl ˜: h[ ϵ ]i ⊕ ((h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ ))) ⊙ DT ′ ) ⇔ h[ ϵ ]i ⊕ DT , which hasthe identity semantics.(3) As al ˜: DS ′∗ ⇔ DT ′∗ , by inversion, al = iterate ( dl ) , and dl ˜: DS ′ ⇔ DT ′ .Let dl ′ = h[( ϵ , ϵ )]i ⊕ ( dl ⊙ D( iterate ( dl ))) By Lemma 107, [[ dl ′ ]] = [[ al ]] , and dl ′ ˜: h[ ϵ ]i ⊕( DS ′ ⊙ D( DS ∗ )) ⇔ h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ∗ )) .Let dl ′′ = h[( ϵ , ϵ )]i ⊕ (D( iterate ( dl )) ⊙ dl ) By Lemma 109, [[ dl ′′ ]] = [[D( al )]] , and dl ′′ ˜: h[ ϵ ]i ⊕ (D( DS ∗ ) ⊙ DS ′ ) ⇔ h[ ϵ ]i ⊕ (D( DT ∗ ) ⊙ DT ′ ) .Consider the DNF lens dl ′′′ = h[( ϵ , ϵ )]i ⊕ ( dl ⊙ dl ′′ ) . dl ′′′ ˜: h[ ϵ ]i ⊕ ( DS ′ ⊙ (h[ ϵ ]i ⊕(D( DS ∗ ) ⊙ DS ′ ))) ⇔ h[ ϵ ]i ⊕ ( DT ′ ⊙ (h[ ϵ ]i ⊕ (D( DT ∗ ) ⊙ DT ′ ))) , where dl ′′′ has the samesemantics as dl ′ , as dl ′′ has the same semantics as D( al ) .By Lemma 118, there exists dl ˜: h[ ϵ ]i ⊕ ( DT ′ ⊙ (h[ ϵ ]i ⊕ (D( DT ∗ ) ⊙ DT ′ ))) ⇔ h[ ϵ ]i ⊕( DT ′ ⊙ h[ ϵ ]i) ⊕ ( DT ′ ⊙ D( DT ∗ ) ⊙ DT ′ ) .By Lemma 121, there exists dl ˜: h[ ϵ ]i ⊕ (h[ ϵ ]i ⊙ DT ′ ) ⊕ ( DT ′ ⊙ D( DT ∗ ) ⊙ DT ′ ) ⇔h[ ϵ ]i ⊕ ((h[ ϵ ]i ⊕ DT ′ ⊙ D( DT ∗ )) ⊙ DT ′ ) .Consider the composition of h[( ϵ , ϵ )]i ⊕ dl , dl ′′′ , dl , dl , and h[( ϵ , ϵ )]i ⊕ dl , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:105 Because of Lemma 14, there exists a lens dl ˜: h[ ϵ ]i ⊕ DS ⇔ h[ ϵ ]i ⊕ DT . Furthermore,as all lenses except dl ′′′ are the identity lens, [[ dl ]] = [[ dl ′′′ ]] = [[ al ]] . Case
Atom Unrollstar L , Parallel Atom Structural Rewrite ) . Let al : A ⇔ B . Let A = DS ∗ and DT ∗ → k A h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ )) through an application of Atom Unrollstar L . Let B = DT ∗ and DT → k DT ′ DT ∗ → k A D( DT ′ ) through an application of Parallel Atom Structural Rewrite .From inversion, al = iterate ( dl ) , and dl ˜: DS ⇔ DT .From Lemma 127, there exists DN FReдex ′ such that DS → k DS ′ , such that there exists a lens dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ′ ]] = [[ dl ]] (1) DS ′∗ → k A h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ ))D( DS ′∗ ) → k h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ )) (2) DT → k DT ′ DT ∗ → k A D( DT ′∗ )D( DS ∗ ) → k D( DS ′∗ ) By Lemma 122 there exists a DT such that DT ⊙ D( DT ∗ ) → k DT , and there exists dl ˜: DT ′ ⊙ D( DT ′∗ ) ⇔ DT where dl has identity semantics. h[ ϵ ]i → k h[ ϵ ]i So by Lemma 51, h[ ϵ ]i ⊕ ( DT ⊙ D( DT ∗ )) → k h[ ϵ ]i ⊕ DT .Furthermore, as h[( ϵ , ϵ )]i ˜: h[ ϵ ]i ⇔ h[ ϵ ]i has identity semantics, through Lemma 51we get h[( ϵ , ϵ )]i ⊕ dl ˜: h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ )) ⇔ h[ ϵ ]i ⊕ DT , which has the identitysemantics.(3) Let dl ′′ = h[( ϵ , ϵ )]i ⊕ ( dl ′ ⊙ D( iterate ( dl ′ ))) By Lemma 107, [[ dl ′′ ]] = [[ iterate ( dl ′ )]] = [[ al ]] and dl ′′ ˜: h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ )) ⇔ h[ ϵ ]i ⊕ ( DT ′ ⊙ D( DT ′∗ )) .By Lemma 14, we can compose lenses, so consider dl ′′′ , the composition of the lenses dl ′′ and h[( ϵ , ϵ )]i ⊕ dl . dl ′′′ ˜: h[ ϵ ]i ⊕ ( DS ′ ⊙ D( DS ′∗ )) ⇔ h[ ϵ ]i ⊕ DT . Furthermore, as alllenses in the composition except dl ′′′ are the identity, [[ dl ′′′ ]] = [[ dl ]] = [[ al ]] . Case
Atom Unrollstar R , Atom Unrollstar L ) . This is easily transformed into the case of (
AtomUnrollstar L , Atom Unrollstar R ), and the solution to that case transformed to a solution of thiscase, through two applications of Lemma 18 Case
Atom Unrollstar R , Atom Unrollstar R ) . This proceeds in the same way as (
Atom Unrollstar L , AtomUnrollstar L ). Case
Atom Unrollstar R , Parallel Atom Structural Rewrite ) . This proceeds in the sameway as (
Atom Unrollstar L , Parallel Atom Structural Rewrite ) Case
Parallel Atom Structural Rewrite , Atom Unrollstar L ) . This is easily transformedinto the case of (
Atom Unrollstar L , Parallel Atom Structural Rewrite ), and the solution tothat case transformed to a solution of this case, through two applications of Lemma 18 , Vol. 1, No. 1, Article 1. Publication date: October 2017. :106 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Case
Parallel Atom Structural Rewrite , Atom Unrollstar R ) . This is easily transformedinto the case of (
Atom Unrollstar R , Parallel Atom Structural Rewrite ), and the solution tothat case transformed to a solution of this case, through two applications of Lemma 18
Case
Parallel Atom Structural Rewrite , Parallel Atom Structural Rewrite ) . Let al : A ⇔ B . Let A = DS ∗ and DS → k DS ′ DS ∗ → k D( DS ′ ) through an application of Atom Unrollstar L . Let B = DT ∗ and DT → k DT ′ DT ∗ → k A D( DT ′ ) through an application of Parallel Atom Structural Rewrite .From inversion, al = iterate ( dl ) , and dl ˜: DS ⇔ DT .By IH, there exists DS ′′ , DT ′′ , and dl ′′ such that DS ′ → k DS ′′ , DT ′ → k DT ′′ , and dl ′′ ˜: DS ′′ ⇔ DT ′′ with [[ dl ′′ ]] = [[ dl ]] .(1) DS ′ → k DS ′′ DS ′∗ → k A D( DS ′′∗ )D( DS ′∗ ) → k D( DS ′′∗ ) (2) DT ′ → k DT ′′ DT ′∗ → k A D( DT ′′∗ )D( DT ′∗ ) → k D( DT ′′∗ ) (3) As [[ dl ]] = [[ dl ′′ ]] , [[ al ]] = [[ iterate ( dl )]] = [[ iterate ( DNFLens ′′ )]] . Furthermore, as L( DS ′′ ) = L( DS ) and L( DT ′′ ) = L( DS ′′ ) , DT ′′∗ ! and DS ′′∗ ! . This means iterate ( dl ′′ ) ˜: DS ′′∗ ⇔ DT ′′∗ From Lemma 103, [[ iterate ( dl ′′ )]] = [[D( iterate ( dl ′′ ))]] , and D( iterate ( iterate ( dl ′′ ))) ˜: D( DS ′′∗ ) ⇔ D( DT ′′∗ ) . Case
10 (
Identity Rewrite , Identity Rewrite ) . Let dl : DS ⇔ DT . Let DS → k DS through anapplication of Atom Unrollstar L . Let DT → k DT through an application of Atom Unrollstar L .(1) DS → k DS (2) DT → k DT (3) dl ˜: DS ⇔ DT , and [[ dl ]] = [[ dl ]] . Case
11 (
Identity Rewrite , Parallel DNF Structural Rewrite ) . Let dl : DS ⇔ DT . Let DS → k DS through an application of Atom Unrollstar L . Let DT → k DT ′ through an applicationof Parallel DNF Structural Rewrite .By Lemma 126, there exists dl ′ , DS ′ such that DS → k DS ′ , dl ′ ˜: DS ′ ⇔ DT ′ , [[ dl ]] = [[ dl ′ ]] (1) DS → k DS ′ (2) DS ′ → k DS ′ (3) dl ′ ˜: DS ′ ⇔ DT ′ and [[ dl ]] = [[ dl ′ ]] , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:107 Case
12 (
Parallel DNF Structural Rewrite , Identity Rewrite ) . This is easily transformed intothe case of (
Identity Rewrite , Parallel DNF Structural Rewrite ), and the solution to that casetransformed to a solution of this case, through two applications of Lemma 18
Case
13 (
Parallel DNF Structural Rewrite , Parallel DNF Structural Rewrite ) . Let dl : DS ⇔ DT . Let DS → k DS ′ through an application of Parallel DNF Structural Rewrite . Let DT → k DT ′ through an application of Parallel DNF Structural Rewrite .By inversion, sql ˜: SQ ⇔ TQ . . . sql n ˜: SQ n ⇔ TQ n σ ∈ S n i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ ( ) | . . . | TQ σ ( n ) i Also by inversion al i ,1 ˜: A ⇔ B i ,1 . . . al i , n i ˜: A n ⇔ B i , n i σ i ∈ S n i · ! [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] · ! [ t i ,0 · B i , σ i ( ) · . . . · B i , σ i ( n i ) · t i , n i ]([( s i ,0 , t i ,0 ) · al i ,1 · . . . · al i , n i · ( s i , n i , t i , n i )] , σ i ) ˜: [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ⇔ [ t i ,0 · B i , σ i ( ) · . . . · B i , σ i ( n i ) · t i , n i ] where dl = h sql | . . . | sql n i , σ ) , sql i = ([( s i ,0 , t i ,0 ) · al i ,1 · . . . · al i , n i · ( s i , n i , t i , n i )] , σ i ) , DS = h SQ | . . . | SQ n i , DT = h TQ σ ( ) | . . . | TQ σ ( n ) i , SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] , and TQ i = [ t i ,0 · B i , σ i ( ) · . . . · B i , σ i ( n i ) · t i , n i ] DS = h SQ | . . . | SQ n i ∀ i . SQ i = [ s i ,0 · A i ,1 · . . . · A i , n i · s i , n i ] ∀ i , j . A i , j → k A DS i , j ∀ i . DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i DS → k DS ⊕ . . . ⊕ DS n DT = h TQ σ ( ) | . . . | TQ σ ( n ) i ∀ i . TQ σ ( i ) = [ t σ ( i ) ,0 · B σ ( i ) , σ i ( ) · . . . · B σ ( i ) , σ i ( n i ) · t σ ( i ) , n i ] ∀ i , j . B σ ( i ) , σ i ( j ) → k A DT σ ( i ) , σ i ( j ) ∀ i . DT σ ( i ) = h[ s σ ( i ) ,0 ]i ⊙ DS σ ( i ) , σ i ( ) ⊙ . . . ⊙ DS σ ( i ) , σ i ( n i ) ⊙ h[ s σ ( i ) , n i ]i DT → k DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) By IH, as A i , j → k DS i , j , B i , j → k DT i , j , and al i , j ˜: A i , j ⇔ B i , j , then there exists DS ′ i , j , DT ′ i , j , and dl i , j such that DS i , j → k DS ′ i , j , DT i , j → k DT ′ i , j , and dl i , j ˜: DS i , j ⇔ DT i , j , where [[ dl i , j ]] = [[ al i , j ]] .(1) DS i , j → k DS ′ i , j , for all i , j . h[ s i , j ]i → k h[ s i , j ]i Define DS ′ i = h[ s i ,0 ]i ⊙ DS ′ i ,1 ⊙ . . . ⊙ DS ′ i , n i ⊙ h[ s i , n i ]i .By repeated application of Lemma 122, there exists DS ′′ i such that DS i = h[ s i ,0 ]i ⊙ DS i ,1 ⊙ . . . ⊙ DS i , n i ⊙ h[ s i , n i ]i → k DS ′′ i , and there exists dl i such that dl i ˜: DS ′′ i ⇔ DS ′ i , and dl i hasthe identity semantics on L( DS i ) .By repeated application of Lemma 122, DS ⊕ . . . ⊕ DS n → k DS ′ ⊕ . . . ⊕ DS ′ n . Furthermore,through application of Lemma 102, dl ⊕ . . . ⊕ dl n ˜: DS ′′ ⊕ . . . ⊕ DS ′′ n ⇔ DS ′ ⊕ . . . ⊕ DS ′ n .(2) DT σ ( i ) , σ i ( j ) → k DT ′ σ ( i ) , σ i ( j ) , for all i , j . h[ s σ ( i ) , j ]i → k h[ s σ ( i ) , j ]i Define DT ′ σ ( i ) = h[ s σ ( i ) ,0 ]i ⊙ DS ′ σ ( i ) , σ i ( ) ⊙ . . . ⊙ DS ′ σ ( i ) , σ i ( n i ) ⊙ h[ s σ ( i ) , σ i ( n i ) ]i . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :108 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic By repeated application of Lemma 122, there exists DT ′′ σ ( i ) such that DT σ ( i ) = h[ t σ ( i ) ,0 ]i⊙ DT σ ( i ) , σ i ( ) ⊙ . . . ⊙ DT σ ( i ) , σ i ( n i ) ⊙ h[ t σ ( i ) , n i ]i → k DT ′′ i , and there exists dl ′ σ ( i ) such that dl ′ σ ( i ) ˜: DT ′ σ ( i ) ⇔ DT ′′ σ ( i ) , and dl ′ σ ( i ) has the identity semantics on L( DT σ ( i ) ) .By repeated application of Lemma 51, DT σ ( ) ⊕ . . . ⊕ DT σ ( n ) → k DT ′′ σ ( ) ⊕ . . . ⊕ DT ′′ σ ( n ) .Furthermore, through application of Lemma 102, dl ′ σ ( ) ⊕ . . . ⊕ dl ′ σ ( n ) ˜: DT ′ σ ( ) ⊕ . . . ⊕ DT ′ σ ( n ) ⇔ DT ′′ σ ( ) ⊕ . . . ⊕ DT ′′ σ ( ) .(3) As L( A i , j ) = L( DS ′ i , j ) , and L( B i , j ) = L( DT ′ i , j ) , then · ! ( s i ,0 , DS ′ i ,1 , . . . , DS ′ i , n i , s i , n i ) . and · ! ( t i ,0 , DT ′ i , σ i ( ) , . . . , DT ′ i , σ i ( n i ) , t i , n i ) . Then by Lemma 112, with the permutation σ i , thereexists a DNF lens dl i ˜: DS ′ i ⇔ DT ′ i , with [[ dl i ]] = {( s i ,0 s ′ i ,1 . . . s ′ i , n i s i , n i , t i ,0 t ′ i , σ i ( ) . . . t ′ i , σ i ( n i ) t i , n i ) | ( s ′ i , j , t ′ i , j ) ∈ [[ dl i , j ]]} = {( s i ,0 s ′ i ,1 . . . s ′ i , n i s i , n i , t i ,0 t ′ i , σ i ( ) . . . t ′ i , σ i ( n i ) t i , n i ) | ( s ′ i , j , t ′ i , j ) ∈ [[ al i , j ]]} = [[ sql i ]] .As L( DS ′ i ) = L( SQ i ) , i , j ⇒ L( DS i ) ∩ L( DS j ) = {} . By Lemma 115, with thepermutation σ , there exists a DNF lens dl = ˜: DS ′ ⊕ . . . ⊕ DS ′ n ⇔ DT ′ σ ( ) ⊕ . . . ⊕ DT ′ σ ( n ) ,with [[ dl ]] = {( s , t ) | ∃ i . ( s , t ) ∈ [[ dl i ]]} = {( s , t ) | ∃ i . ( s , t ) ∈ [[ sql i ]]} = [[ dl ]] .Consider the dl ′ , the composition of dl ⊕ . . . ⊕ dl n , dl , and dl ′ ⊕ . . . ⊕ dl n , dl ′ ˜: DS ′′ ⊕ . . . ⊕ DS ′′ n ⇔ DT ′′ ⊕ . . . ⊕ DS ′′ n . Furthermore, all but dl are identity, [[ dl ′′′ ]] = [[ dl ]] = [[ dl ]] . (cid:3) Theorem 11 (Confluence of Parallel Rewriting Without Reordering) . For all lenses l : S ⇔ T , confluent l ⇐⇒( → k ) . Proof.
Let DS l ⇐⇒ DT . This means there exists some dl ˜: DS ⇔ DT such that [[ dl ]] = [[ l ]] . Let DS → k DS ′ and DT → k DT ′ . From Lemma 131, there exists a DS ′′ , DT ′′ , dl ′ such that DS ′ → k DS ′′ , DT ′ → k DT ′′ , dl ′ : DS ′′ ⇔ DT ′′ , and [[ dl ′ ]] = [[ dl ]] . Because [[ dl ′ ]] = [[ dl ]] = [[ l ]] , DS ′′ l ⇐⇒ DT ′′ . (cid:3) Lemma 132 (Identity is a left propagator) . If l : S ⇔ T is a lens, then id S ⇐⇒ is a left propagator for l ⇐⇒ with respect to → k . Proof. If l : S ⇔ T is a lens, by Lemma 16, S is strongly unambiguous. By Lemma 45, ⇓ S isstrongly unambiguous. As such, id S : S ⇔ S . Consider id S ⇐⇒ .By Lemma 126, bisimilar idS ⇐⇒( → k ) .By Theorem 11, confluent idS ⇐⇒( → k ) .Let DS id S ⇐⇒ DS , and DS id S ⇐⇒ DS . So there exists dl , dl such that dl ˜: DS ⇔ DS and dl ˜: DS ⇔ DS , where [[ dl ]] = [[ id S ]] = [[ dl ]] . By Lemma 14, there exists dl ˜: DS ⇔ DS , withsemantics [[ dl ]] = [[ id S ]] , as the semantics of each side of the composition was the identity relationon L( S ) . This means DS id S ⇐⇒ DS .Let DS id S ⇐⇒ DT . So there exists dl ˜: DS ⇔ DT . By Lemma 12, [[ l ]] is a bijection between L( S ) and L( T ) . As [[ dl ]] = [[ l ]] , [[ dl ]] is a bijection between L( S ) and L( T ) . [[ dl ]] is a bijection between L( DS ) and L( DT ) , by Lemma 13, so L( DS ) = L( S ) and L( DT ) = L( T ) . As DS is strongly unambiguous,there exists an identity lens by Lemma 15 id L ˜: DS ⇔ DS , such that [[ id L ]] = {( s , s ) | s ∈ L( DS )} = {( s , s ) | s ∈ L( S )} = [[ id S ]] . This means DS id S ⇐⇒ DS . As DT is strongly unambiguous, there exists an , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:109 identity lens id R ˜: DT ⇔ DT , such that [[ id R ]] = {( s , s ) | s ∈ L( DT )} = {( s , s ) | s ∈ L( T )} = [[ id T ]] .This means DT id S ⇐⇒ DT .Let DS l ⇐⇒ DT . This means there exists dl ˜: DS ⇔ DT . This means that DS is strongly unam-biguous, so there exists a DNF lens dl ′ ˜: DS ⇔ DS , with [[ dl ′ ]] = {( s , s ) | s ∈ L( DS )} . By the samelogic as above, L( DS ) = L( S ) , so [[ dl ′ ]] = {( s , s ) | s ∈ L( S )} = [[ id S ]] . (cid:3) Lemma 133 (Identity is a right propagator) . If l : S ⇔ T is a lens, then id T ⇐⇒ is a right propagatorfor l ⇐⇒ with respect to → k . Proof.
By a symmetric argument to Lemma 132. (cid:3)
Lemma 134 (Confluence of Starred Parallel Rewriting Without Reordering) . For all lenses l : S ⇔ T , confluent l ⇐⇒( → k ∗ ) . Proof.
By Lemma 126 For all lenses l : S ⇔ T , bisimilar l ⇐⇒( → k ) . For all lenses l : S ⇔ T , confluent l ⇐⇒( → k ) . By Lemma 132, id S ⇐⇒ is a left propagator for l ⇐⇒ . By Lemma 133, id S ⇐⇒ is a rightpropagator for l ⇐⇒ . By Theorem 6, confluent l ⇐⇒( → k ∗ ) . (cid:3) Corollary 4.
For all lenses l , confluent l ⇐⇒(→ ∗ ) Proof.
By Theorem 11, and Theorem 6, for all lenses l , confluent l ⇐⇒( → k ∗ ) . By Theorem 9, forall lenses l , confluent l ⇐⇒(→ ∗ ) . (cid:3) B.11 Completeness
Finally, with all the above machinery, all parts of confluence can be proven. The final statementis a quick one, with the bulk of the work done by proving a lemma involving rewrites and lensexpressibility.
Lemma 135.
Let DS be strongly unambiguous, and let DS ≡ →k swap DT . There exists dl , DS ′ , DT ′ such that DS → ∗ DS ′ , DT ′ → ∗ DT ′ , dl ˜: DS ′ ⇔ DT ′ , and [[ dl ]] = {( s , s ) | s ∈ L( DS )} . Proof.
Proof by induction on the typing of ≡ →k swap Case
Reflexivity ) . Let DS ≡ →k swap DT through an application of Reflexivity . That means DT = DS .Consider DS → ∗ DS , and DT → ∗ DS through applications of Reflexivity .Then, by Lemma 15, there exists a lens dl ˜: DS ⇔ DS such that [[ dl ]] = {( s , s ) | s ∈ L( DS )} Case
Base ) . Let DS ≡ →k swap DT through an application of Base . That means DS → k swap DT . DT → ∗ DT through an application of Reflexivity .By Lemma 123, there exists a DNF regular expression, DS ′ , and a DNF lens dl , such that DS → DS ′ , dl ˜: DS ′ ⇔ DT , and [[ dl ]] = {( s , s ) | s ∈ L( DS )} . Through an application of Base , DS → k ∗ DS ′ .From Theorem 9, DS → ∗ DS ′ , as desired. Case
Symmetry ) . Let DS ≡ →k swap DT through an application of Symmetry . That means DT ≡ →k swap DS .By IH, there exists DNF regular expressions DT ′ , DS ′ , and a DNF lens dl such that DT → ∗ DT ′ , DS → ∗ DS ′ , dl ˜: DT ′ ⇔ DS ′ , and [[ DT ′ ]] = {( s , s ) | s ∈ L( DT )} .Because ≡ →k swap is equivalent to ≡ s , L( DS ) = L( DT ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :110 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic By Lemma 18, there exists dl ′ ˜: DS ′ ⇔ DT ′ , and [[ dl ′ ]] = {( s , s ) | s ∈ L( DS )} , as desired. Case
Transitivity ) . Let DS ≡ →k swap DT through an application of Transitivity . That meansthere exists DS ′ such that DS ≡ →k swap DS ′ and DS ′ ≡ →k swap DT .By IH, there exists DNF regular expressions DS , DS , and a DNF lens dl such that DS → ∗ DS , DS ′ → ∗ DS , and dl ˜: DS ⇔ DS .By IH, there exists DNF regular expressions DS , DS , and a DNF lens dl such that DS ′ → ∗ DS , DT → ∗ DS , and dl ˜: DS ⇔ DS .By Lemma 15, there exists a lens dl id ˜: DS ′ ⇔ DS ′ , where [[ dl id ]] = {( s , s ) | s ∈ L( DS ′ )} .Because DS ′ id ⇐⇒ DS ′ , and by Corollary 4, there exists DS and DS , such that DS → ∗ DS , DS → ∗ DS , and DS id ⇐⇒ DS . That means there exists dl id ˜: DS ⇔ DS , where [[ dl id ]] = {( s , s ) | s ∈ L( DS ′ )} .By Corollary 2, as DS → ∗ DS , and dl ˜: DS ⇔ DS . Because DS → ∗ DS , there exists a DNFlens dl , and DNF regular expression DS such that DS → ∗ DS , dl ˜: DS ⇔ DS , and [[ dl ]] = {( s , s ) | s ∈ L( DS )} .By Corollary 2, as DS → ∗ DS , and dl ˜: DS ⇔ DS . Because DS → ∗ DS , there exists a DNFlens dl , and DNF regular expression DS such that DS → ∗ DS , dl ˜: DS ⇔ DS , and [[ dl ]] = {( s , s ) | s ∈ L( DS ′ )} .So there are lenses dl ˜: DS ⇔ DS , dl id ˜: DS ⇔ DS , and dl ˜: DS ⇔ DS , so by Lemma 14,there exists a lens dl ˜: DS ⇔ DS . Because all of these have the semantics of the identity lenson DNF regular expressions with the same language, [[ dl ]] = {( s , s ) | s ∈ L( DS )} .Furthermore, DS → ∗ DS and DS → ∗ DS , so DS → ∗ DS . DT → ∗ DS and DS → ∗ DS , so DT → ∗ DS ,as desired. (cid:3) Lemma 136.
Let S ≡ s T , and let S be strongly unambiguous. There exists dl , DS , DT such that dl ˜: DS ⇔ DT , ⇓ S → ∗ DS , ⇓ T → ∗ DT , and [[ dl ]] = {( s , s ) | s ∈ L( S )} Proof.
From Lemma 8, as S ≡ s T , ⇓ S ≡ →k swap ⇓ T . Because S is strongly unambiguous, byLemma 45, ⇓ S is strongly unambiguous. Because of this, from Lemma 135, there exists DS , DT ,and dl such that ⇓ S → ∗ DS , ⇓ T → ∗ DT , and [[ dl ]]{( s , s ) | s ∈ L(⇓ S )} . From Theorem 1, L(⇓ S ) = L( S ) ,as desired. (cid:3) Lemma 137. If l : S ⇔ T then there exists dl , DS , DT such that dl ˜: DS ⇔ DT , ⇓ S → ∗ DS , ⇓ T → ∗ DT , and [[ dl ]] = [[ l ]] Proof.
By induction of the typing derivation of l : S ⇔ T .Let the last typing rule be an instance of Iterate Lens . l : S ⇔ Titerate ( l ) : S ∗ ⇔ T ∗ By IH, there exists dl , DS , DT such that dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:111 By Lemma 104, h[ iterate ( dl )]i ˜: h[ DS ∗ ]i ⇔ h[ DT ∗ ]i . By Corollary 1, h[⇓ S ∗ ]i→ ∗ h[ DS ∗ ]i and h[⇓ T ∗ ]i→ ∗ h[ DT ∗ ]i . From this, we get h[ iterate ( dl )]i ˜: h[ DS ∗ ]i ⇔ h[ DT ∗ ]i h[⇓ S ∗ ]i→ ∗ h[ DS ∗ ]i h[⇓ T ∗ ]i→ ∗ h[ DT ∗ ]ih[ iterate ( dl )]i : ⇓ S ∗ ⇔⇓ T ∗ By Lemma 104, [[h[ iterate ( dl )]i]] = {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ dl ]]} = {( s · . . . · s n , t · . . . · t n ) | ( s i , t i ) ∈ [[ l ]]} = [[ iterate ( l )]] Let the last typing rule be an instance of
Constant Lens . const ( s , s ) Consider DNF Lens Derivation [( s , s )] ˜: [ s ] ⇔ [ s ]h[( s , s )]i ˜: h[ s ]i ⇔ h[ s ]i h[ s ]i→ ∗ h[ s ]i h[ s ]i→ ∗ h[ s ]ih[( s , s )]i : h[ s ]i ⇔ h[ s ]i[[h[( s , s )]i]] = {( s , s )} = [[ const ( s , s )]] Let the last typing rule be an instance of
Concat Lens . l : S ⇔ T l : S ⇔ T concat ( l , l ) : S · S ⇔ T · T By IH, there exists dl , DS , DT , dl , DS , and DT such that dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] From Lemma 100, dl ⊙ dl ˜: DS ⊙ DS ⇔ DT ⊙ DT .By Corollary 3, and Lemma 11, there exists a DNF regular expression, DS L , and a DNF lens, dl L ,such that dl L ˜: DS L ⇔ DS ⊙ DS , where [[ dl L ]] = {( s , s ) | s ∈ L(⇓ ( DS ⊙ DS ))} . Furthermore, ⇓( DS ⊙ DS )→ ∗ DS L .By Corollary 3, there exists a DNF regular expression, DS R , and a DNF lens, dl R , such that dl R ˜: DT ⊙ DT ⇔ DS R , where [[ dl R ]] = {( s , s ) | s ∈ L(⇓ ( DT ⊙ DT ))} Furthermore, ⇓ ( DT ⊙ DT )→ ∗ DS R .By Lemma 14, as dl L ˜: DS L ⇔ DS ⊙ DS , dl ⊙ dl ˜: DS ⊙ DS ⇔ DT ⊙ DT , and dl R ˜: DT ⊙ DT ⇔ DS R there exists a DNF Lens dl ˜: DS L ⇔ DS R , with semantics of the composition of thethree lenses. Because the left and right lenses are the identity lenses, [[ dl ]] = [[ dl ⊙ dl ]] . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :112 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic By Lemma 100, [[ dl ]] = [[ dl ⊙ dl ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ]]} = {( s · s , t · t ) | ( s , t ) ∈ [[ l ]] ∧ ( s , t ) ∈ [[ l ]]} = [[ concat ( l , l )]] . dl ˜: DS L ⇔ DS R ⇓( S · S )→ ∗ DS L ⇓( T · T ) ⇔ DS L [[ dl ]] = [[ concat ( l , l )]] Let the last typing rule be an instance of
Or Lens . l : S ⇔ T l : S ⇔ T or ( l , l ) : S | S ⇔ T | T By IH, there exists dl , DS , DT , dl , DS , and DT such that dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] From Lemma 102, dl ⊕ dl ˜: DS ⊕ DS ⇔ DT ⊕ DT . By Lemma 76, ⇓ S | S → ∗ DS ⊕ DS and ⇓ T | T → ∗ DT ⊕ DT .By Lemma 102, [[ dl ⊕ dl ]] = {( s , t ) | ( s , t ) ∈ [[ dl ]] ∨ ( s , t ) ∈ [[ dl ]]} = {( s , t ) | ( s , t ) ∈ [[ l ]] ∨ ( s , t ) ∈[[ l ]]} = [[ or ( l , l )]] . l ⊕ l ˜: DS ⊕ DS ⇔ DT ⊕ DT ⇓( S | S )→ ∗ DS ⊕ DS ⇓( T | T )→ ∗ DT ⊕ DT [[ dl ⊕ dl ]] = [[ or ( l , l )]] Let the last typing rule be an instance of
Swap Lens . l : S ⇔ T l : S ⇔ T swap ( l , l ) : S · S ⇔ T · T , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:113 By IH, there exists dl , DS , DT , dl , DS , and DT such that. dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] From Lemma 101, dl s dl ˜: DS ⊙ DS ⇔ DT ⊙ DT .By Corollary 3, and Lemma 11, there exists a DNF regular expression, DS L , and a DNF lens, dl L ,such that dl L ˜: DS L ⇔ DS ⊙ DS , where [[ dl L ]] = {( s , s ) | s ∈ L(⇓ ( DS ⊙ DS ))} . Furthermore, ⇓( DS ⊙ DS )→ ∗ DS L .By Corollary 3, there exists a DNF regular expression, DS R , and a DNF lens, dl R , such that dl R ˜: DT ⊙ DT ⇔ DS R , where [[ dl R ]] = {( s , s ) | s ∈ L(⇓ ( DT ⊙ DT ))} Furthermore, ⇓ ( DT ⊙ DT )→ ∗ DS R .By Lemma 14, as dl L ˜: DS L ⇔ DS ⊙ DS , dl s dl ˜: DS ⊙ DS ⇔ DT ⊙ DT , and dl R ˜: DT ⊙ DT ⇔ DS R there exists a DNF Lens dl ˜: DS L ⇔ DS R , with semantics of the composition of thethree lenses. Because the left and right lenses are the identity lenses, [[ dl ]] = [[ dl s dl ]] .By Lemma 101, [[ dl ]] = [[ dl s dl ]] = {( s · s , t · t ) | ( s , t ) ∈ [[ dl ]] ∧ ( s , t ) ∈ [[ dl ]]} = {( s · s , t · t ) | ( s , t ) ∈ [[ l ]] ∧ ( s , t ) ∈ [[ l ]]} = [[ swap ( l , l )]] . dl ˜: DS L ⇔ DS R ⇓( S · S )→ ∗ DS L ⇓( T · T )→ ∗ DS R [[ dl ]] = [[ swap ( l , l )]] Let the last rule be an instance of
Compose Lens . l : S ⇔ S l : S ⇔ S l ; l : S ⇔ S By induction assumption, there exists dl , DS , DS , dl , DT , and DS such that , Vol. 1, No. 1, Article 1. Publication date: October 2017. :114 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic dl ˜: DS ⇔ DS ⇓ S → ∗ DS ⇓ S → ∗ DS [[ dl ]] = [[ l ]] dl ˜: DS ⇔ DS ⇓ S → ∗ DS ′ ⇓ S → ∗ DS [[ dl ]] = [[ l ]] From Lemma 15, there exists a rewriteless dnf lens dl id ˜: ⇓ S ⇔⇓ S where [[ dl id ]] = {( s , s ) | s ∈L( S )} . From Corollary 4, we know that, as ⇓ S → ∗ DS and as ⇓ S → ∗ DT , there must exist some DS ′ , DT ′ such that DS → ∗ DS ′ and DT → ∗ DT ′ and there exists a rewriteless dnf lens dl ′ id ˜: DS ′ ⇔ DT ′ where [[ dl ′ id ]] = {( s , s ) | s ∈ L( S )} . From Corollary 2 and Corollary 2, there exists DS ′ , DS ′ , dl ′ , and dl ′ such that DS → ∗ DS ′ , DS → ∗ DS ′ , dl ′ ˜: DS ′ ⇔ DS ′ , dl ′ ˜: DT ′ ⇔ DS ′ , [[ dl ]] = [[ dl ′ ]] and [[ dl ]] = [[ dl ′ ]] . From Lemma 14 rewriteless DNF lenses are closed under composition, so thereexists a rewriteless DNF lens dl ′ ˜: DS ′ ⇔ DS ′ where [[ dl ′ ]] = [[ dl ′ ]]◦[[ dl ′ id ]]◦[[ dl ′ ]] = [[ dl ′ ]]◦[[ dl ′ ]] = [[ l ]] ◦ [[ l ]] = [[ l ◦ l ]] . Furthermore, ⇓ S → ∗ DS → ∗ DS ′ so ⇓ S → ∗ DS . ⇓ S → ∗ DS → ∗ DS ′ so ⇓ S → ∗ DS ′ . dl ′ ˜: DS ′ ⇔ DS ′ ⇓ S → ∗ DS ′ ⇓ S → ∗ DS ′ [[ dl ′ ]] = [[ l ; l ]] Let the last rule be an instance of
Rewrite Regex Lens . l : S ⇔ T S ≡ S ′ T ≡ T ′ l : S ′ ⇔ T ′ By IH, there exists dl , DS , DT such that dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DT [[ dl ]] = [[ l ]] As S ′ ≡ s S , and S is strongly unambiguous, from Lemma 136 there exists a rewriteless DNF lens dl S ′ , S ˜: DS ′ ⇔ DS such that ⇓ S → ∗ DS , ⇓ S ′ → ∗ DS ′ , and [[ dl S ′ , S ]] = {( s , s ) | s ∈ L(⇓ S )} .As T ≡ s T ′ , and T is strongly unambiguous, from Lemma 136 there exists a rewriteless DNFlens dl T , T ′ ˜: DT ⇔ DT ′ such that ⇓ T → ∗ DT , ⇓ T ′ → ∗ DT ′ , and [[ dl T , T ′ ]] = {( s , s ) | s ∈ L(⇓ T )} . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:115 From Lemma 15, there exists a lens dl ⇓ S ˜: ⇓ S ⇔⇓ S . As ⇓ S → ∗ DS and ⇓ S → ∗ DS , by Corollary 4,there exists some ˜ dl ⇓ S ˜: ˜ DS ⇔ ˜ DS , such that DS → ∗ ˜ DS , DS → ∗ ˜ DS , and [[ ˜ dl ⇓ S ]] = [[ dl ⇓ S ]] . FromCorollary 2, there exists a ˜ dl S ′ , S ˜: ˜ DS ′ ⇔ ˜ DS such that DS ′ → ∗ ˜ DS ′ and [[ ˜ dl S ′ , S ]] = [[ dl S ′ , S ]] From Lemma 15, there exists a lens dl ⇓ T ˜: ⇓ T ⇔⇓ T . As ⇓ T → ∗ DT and ⇓ T → ∗ DT , by Corollary 4,there exists some ˜ dl ⇓ T ˜: ˜ DT ⇔ ˜ DT , such that DT → ∗ ˜ DT , DT → ∗ ˜ DT , and [[ ˜ dl ⇓ T ]] = [[ dl ⇓ T ]] . FromCorollary 2, there exists a ˜ dl T , T ′ ˜: ˜ DT ⇔ ˜ DT ′ such that DT ′ → ∗ ˜ DT ′ and [[ ˜ dl T ′ , T ]] = [[ dl T ′ , T ]] .As DS → ∗ ˜ DS and DT → ∗ ˜ DT , by Corollary 4 there exists a lens dl ˜: DS ⇔ DT such that ˜ DS → ∗ DS ,˜ DT → ∗ DT , and [[ dl ]] = [[ dl ]] .From Corollary 2, there exists ˜ dl ⇓ S ˜: ˜ DS ⇔ DS such that ˜ DS → ∗ ˜ DS and [[ ˜ dl ⇓ S ]] = [[ ˜ dl ⇓ S ]] . FromCorollary 2, there exists ˜ dl S ′ , S ˜: ˜ DS ′ ⇔ ˜ DS such that ˜ DS ′ → ∗ ˜ DS ′ and [[ ˜ dl S ′ , S ]] = [[ ˜ dl S ′ , S ]] .From Corollary 2, there exists ˜ dl ⇓ T ˜: DT ⇔ ˜ DT such that ˜ DT → ∗ ˜ DT and [[ ˜ dl ⇓ T ]] = [[ ˜ dl ⇓ T ]] . FromCorollary 2, there exists ˜ dl T , T ′ ˜: ˜ DT ⇔ ˜ DT ′ such that ˜ DT ′ → ∗ ˜ DT ′ and [[ ˜ dl T , T ′ ]] = [[ ˜ dl T , T ′ ]] .From Lemma 14, there exists a lens dl ˜: ˜ DS ′ ⇔ ˜ DT ′ . Because the semantics of all lenses inthe composition for dl were all the identity relation, [[ dl ]] = [[ dl ]] . Furthermore, ⇓ S ′ → ∗ ˜ DS ′ and ⇓ T ′ → ∗ ˜ DT ′ , so we have dl ˜: ˜ DS ′ ⇔ ˜ DT ′ ⇓ S ′ → ∗ ˜ DS ′ ⇓ T ′ → ∗ ˜ DT ′ [[ dl ]] = [[ l ]] (cid:3) Theorem 12.
If there exists a derivation for l : S ⇔ T , then there exists a DNF lens dl such that dl : (⇓ S ) ⇔ (⇓ T ) and [[ l ]] = [[ dl ]] . Proof.
By Lemma 137, there exists dl , DS , DT such that dl ˜: DS ⇔ DT , ⇓ S → ∗ DS , ⇓ T → ∗ DT ,and [[ dl ]] = [[ l ]] . Because of that, we have the derivation dl ˜: DS ⇔ DT ⇓ S → ∗ DS ⇓ T → ∗ DTdl : ⇓ S ⇔⇓ T (cid:3) B.12 Algorithm Correctness
We use an auxiliary data structure of a set-of-examples-parse-tree to define the orderings.
Definition 19.
We use il to denote list of ints. Definition 20.
We use ils to denote a set of int lists.
Definition 21.
We use sils to denote a set of string and int list pairs. We also require that the intlists are distinct.
Definition 22.
To get the strings out of sils , we use projectstrings . In particular, projectstrings ({( s , il ) , . . . , ( s n , il n )}) = { s , . . . , s n } . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :116 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Definition 23.
To get the int lists out of sils , we use projectils . In particular, projectils ({( s , il ) , . . . , ( s n , il n )}) = { il , . . . , il n } . Definition 24.
Define an exampled atom, exampled sequence, and exampled DNF regular expres-sion as: EA , EB :: = ( EDS ∗ , ils ) ESQ , ETQ :: = ([ s · EA · . . . · EA n · s n ] , ils ) EDS , EDT :: = (h ESQ | . . . | ESQ n i , ils ) Intuitively, an exampled regular expression is a DNF regular expression, with the parse trees fora number of strings which match it embedded.We build the typing derivation of the form sils ∈ DS EDS to express that the strings projectstrings ( sils ) , labelled by the identifiers projectils ( sils ) when they have their parse trees em-bedded in DS , generate EDS . Similarly for SQ and ESQ , and A and EA . Definition 25. {( s , 1 :: il ) , . . . , ( s n , n :: il ) , . . . , ( s m ,1 , 1 :: il m ) , . . . , ( s m , n m , n m :: il m )} ∈ DS EDS {( s · . . . · s n , il ) , . . . , ( s m ,1 · . . . · s m , n m , il m )} ∈ DS ∗ ( EDS ∗ , { il , . . . , il m }){( s , il ) , . . . , ( s m ,1 , il m )} ∈ A EA . . . {( s n , il ) , . . . , ( s m , n , il m )} ∈ A n EA n {( s ′ · s · . . . · s n · s ′ n , il ) , . . . , ( s ′ · s m ,1 · . . . · s m , n · s ′ n , il m )} ∈ [ s ′ · A · . . . · A n · s ′ n ] ([ s ′ · EA · . . . · EA n · s ′ n ] , { il , . . . , il m }) sils ∈ SQ ESQ . . . sils n ∈ SQ n ESQ n Ø i ∈[ n ] sils i ∈ h SQ | . . . | SQ n i (h ESQ | . . . | ESQ n i , projectils ( Ø i ∈[ n ] sils i )) This is a big typing derivation, and we feel it is clear that, when a DNF regular expression isstrongly unambiguous, this typing derivation is unique for a given set of strings and DNF regularexpression, so it is functional from the first two arguments of the derivation. Furthermore, wecan perform this function by doing case analysis on all the possible ways the string is split up(though it is slow). We perform this function by performing this embedding the function into aNFA matching algorithm. We elide these details.
Definition 26.
Define
EmbedExamples as the function from DNF Regex DS and intlist labelledexamples sils to exampled DNF regex, such that sils ∈ DS EmbedExamples ( sils , DS ) Now, we are going to build up the machinery to define an ordering on exampled DNF regularexpressions, exampled sequences, and exampled atoms. We need to define some general orderingsfirst.
Definition 27.
Let ≤ be an ordering on A . Let [ x , . . . , x n ] be a list of A s. Define sorting ([ x ; . . . ; x n ] , ≤) as a permutation σ ∈ S n such that σ ( i ) ≤ σ ( j ) ⇒ x σ ( i ) ≤ x σ ( j ) . Definition 28.
Let ≤ be an ordering on A . Let [ x ; . . . ; x n ] be a list of A s. Define sort ([ x ; . . . ; x n ] , ≤) = [ x σ ( ) ; . . . ; x σ ( n ) ] where σ = sorting ([ x ; . . . ; x n ] , ≤) . Definition 29.
Let ≤ be an ordering on A . Let ≤ be an ordering on A . Define the productordering (≤ , ≤ ) on A × A as the lexicographic ordering on the two elements. Definition 30.
Let ≤ be an ordering on A . We write [≤] for the lexicographic ordering on A List . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:117 Property 2. [ x ; . . . ; x n ][≤][ y ; . . . ; y m ] and [ y ; . . . ; y m ][≤][ x ; . . . ; x n ] if, and only if n = m andfor all i ∈ [ n ] x i ≤ y i and y i ≤ x i Definition 31.
Let ≤ be an ordering on A . Define {≤} as the ordering on A List as: [ x ; . . . ; x n ]{≤}[ y ; . . . ; y m ] if sort ( x ; . . . ; x n , ≤)[≤] sort ( y ; . . . ; y m , ≤) . We also use {≤} to operate on sets, byfirst converting the set to a list, then using that ordering. Definition 32.
Define an ordering on int list sets, ≤ intlistset , as {[≤]} , where ≤ is the usual onintegers. Lemma 138. If [ x ; . . . ; x n ]{≤}[ y ; . . . ; y m ] , [ y ; . . . ; y m ]{≤}[ x ; . . . ; x n ] , σ = sorting ([ x ; . . . ; x n ] , ≤) and σ = sorting ([ y ; . . . ; y m ] , ≤) , then n = m , x i ≤ y ( σ − ◦ σ )( i ) , and y ( σ − ◦ σ )( i ) ≤ x i Proof.
Let σ = sorting ([ x ; . . . ; x n ] , ≤) and σ = sorting ([ y ; . . . ; y m ] , ≤) This means that [ x σ ( ) ; . . . ; x σ ( n ) ][≤][ y σ ( ) ; . . . ; y σ ( m ) ] and [ y σ ( ) ; . . . ; y σ ( m ) ][≤][ x σ ( ) ; . . . ; x σ ( n ) ] .By the above property about dictionary orderings, this means that n = m and x σ ( i ) ≤ y σ ( i ) and y σ ( i ) ≤ x σ ( i ) Consider the permutation σ = σ − ◦ σ . We know x σ ( i ) ≤ y σ ( i ) and y σ ( i ) ≤ x σ ( i ) . By re-ordering through the permutation σ − , we get x σ − ◦ σ ( i ) ≤ y σ − ◦ σ ( i ) and y σ − ◦ σ ( i ) ≤ x σ − ◦ σ ( i ) . Bysimplifying we get x i ≤ y σ ( i ) and y σ ( i ) ≤ x i (cid:3) Lemma 139. [ x ; . . . ; x n ]{≤}[ y ; . . . ; y m ] and [ y ; . . . ; y m ]{≤}[ x ; . . . ; x n ] if, and only if, n = m and there exists a permutation σ such that x i ≤ y σ ( i ) and y σ ( i ) ≤ x i Proof.
Case ⇒ ) . By Lemma 138.
Case ⇐ ) . Let n = m and σ be a permutation such that x i ≤ y σ ( i ) and y σ ( i ) ≤ x i .We know the number of equivalence classes in the two lists is equal, as otherwise there wouldbe some equivalence class in one that is not in the other, a contradiction with the assumption.We proceed by induction on the number of equivalence classes:Base Case: no equivalence classes, no elements, trivially true.Induction Step: Let there be n + σ = sorting ([ x ; . . . ; x n ] ,) and σ = sorting ([ y ; . . . ; y n ] ,).Consider the largest equivalence class. We know that all except that equivalence class mustmap to each other, so when we remove that equivalence class, we get that all except the largestelements are ordered with {≤} , by IH. Adding those elements back in, we know they must go at theend. Furthermore, they must have the same number of elements on each side k , else we contradictthe assumption. This means that in sort ([ x ; . . . ; x n ] , a ) nd sort ([ y ; . . . ; y n ] ,) are ordered such thatthe j th element in the x list is equivalent to the j th element in the y list, until the end, but the last k elements are all equivalent as they are all the largest equivalence class, so we are done. (cid:3) Now we can define what ≤ exs Atom , ≤ exs Seq and ≤ exs DN F are, mutually. , Vol. 1, No. 1, Article 1. Publication date: October 2017. :118 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic
Definition 33. • We say ( EDS ∗ , ils ) ≤ exs Atom ( EDT ∗ , ils ) if ( EDS , ils )(≤ exs DN F , ≤ intlistset )( EDT , ils ) . • We say ([ s · EA · . . . · EA n · s n ] , ils ) ≤ exs Seq ([ t · EB · . . . · EB m · t n ] , ils ) if ([ EA ; . . . ; EA n ] , ils )([≤ exs Atom ] , ≤ intlistset )([ EB ; . . . ; EB m ] , ils ) . • We say (h ESQ | . . . | ESQ n i , ils ) ≤ exs DN F (h ETQ | . . . | ETQ n i , ils ) if ([ ESQ ; . . . ; ESQ n ] , ils )([≤ exs Seq ] , ≤ intlistset )([ ETQ ; . . . ; ETQ m ] , ils ) .Now, using this we provide the more formal definition of algorithm, with the formal use of theexamples in Algorithm 4. We do not include information about user defined data types. Lemma 140. • Let A and B be strongly unambiguous atoms. Let sils be a string int list set. Let sils be astring int list set. Let EA and EB be exampled atoms. Let sils ∈ A EA . Let sils ∈ B EB . If RigidSynthAtom ( EA , EB ) returns an atom lens, Some al , then projectils ( sils ) = projectils ( sils ) , al ˜: A ⇔ B , and for each ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ al ]] . • Let SQ and TQ be strongly unambiguous sequences. Let sils be a string int list set. Let sils be a string int list set.Let ESQ and
ETQ be exampled sequences. Let sils ∈ SQ ESQ . Let sils ∈ TQ ETQ . If
RigidSynthSeq ( ESQ , ETQ ) returns a sequence lens, Some sql , then projectils ( sils ) = projectils ( sils ) . sql ˜: SQ ⇔ TQ , and for each ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ sql ]] . • Let DS and DT be strongly unambiguous DNF regular expressions. Let sils be a string intlist set. Let sils be a string int list set. Let EDS and
EDT be exampled DNF regular expres-sions. Let sils ∈ EDS
EDS . Let sils ∈ EDT
EDT . If
RigidSynthInternal ( EDS , EDT ) returns a DNF lens, Some dl , then projectils ( sils ) = projectils ( sils ) , dl ˜: DS ⇔ DT , and foreach ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ dl ]] . Proof.
Case . Unfolding definitions.Let sils = {( s ′ , il ′ ) , . . . , ( s ′ m , il ′ m ′ )} .Let sils = {( t ′ , il ′′ ) , . . . , ( t ′ m ′′ , il ′′ m ′′ )} By inverison on sils ∈ A EA and sils ∈ B EB , we know that {( s ′ , 1 :: il ′ ) ; . . . ; ( s ′ n ′ , n ′ :: il ′ ) ; . . . ; ( s ′ m ′ ,1 , 1 :: il ′ m ′ ) ; . . . ; ( s ′ m ′ , n ′ m ′ , n ′ m ′ :: il ′ m ′ )} ∈ DS EDS , {( t ′ , 1 :: il ′′ ) ; . . . ; ( t ′ n ′′ , n ′′ :: il ′′ ) ; . . . ; ( t ′ m ′′ ,1 , 1 :: il ′′ m ′′ ) ; . . . ; ( s ′ m ′′ , n ′′ m ′′ , n ′′ m ′′ :: il ′′ m ′′ )} ∈ DT EDT , s ′ i ,1 · . . . · s ′ i , n ′ i = s i , t ′ i ,1 · . . . · t ′ i , n ′′ i = t i , EA = ( EDS ∗ , { il ′ , . . . , il ′ m }) , and EB = ( EDT ∗ , { il ′′ , . . . , il ′′ m }) As RigidSynthAtom returns, then it must return iterate ( RigidSynthInternal ( EDS , EDT )) .By IH that means that projectils ({( s ′ , 1 :: il ′ ) ; . . . ; ( s ′ n ′ , n ′ :: il ′ ) ; . . . ; ( s ′ m ′ ,1 , 1 :: il ′ m ′ ) ; . . . ; ( s ′ m ′ , n ′ m ′ , n ′ m ′ :: il ′ m ′ )}) = projectils ({( t ′ , 1 :: il ′′ ) ; . . . ; ( t ′ n ′′ , n ′′ :: il ′′ ) ; . . . ; ( t ′ m ′′ ,1 , 1 :: il ′′ m ′′ ) ; . . . ; ( s ′ m ′′ , n ′′ m ′′ , n ′′ m ′′ :: il ′′ m ′′ )}) ,So, by reindexing, projectils ({( s , 1 :: il ) ; . . . ; ( s n , n :: il ) ; . . . ; ( s m ,1 , 1 :: il m ) ; . . . ; ( s m , n m , n m :: il m )}) = projectils ({( t , 1 :: il ) ; . . . ; ( t n , n :: il ) ; . . . ; ( t m ,1 , 1 :: il m ) ; . . . ; ( s m , n m , n m :: il m )}) , , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:119 Algorithm 4
RigidSynth function RigidSynthAtom (( EDS ∗ , ils ) , ( EDT ∗ , ils ) ) if ils intlistset ils ∨ ils intlistset ils then return None match RigidSynthInternal ( EDS , EDT ) with | Some dl → return iterate ( dl ) | None → return None function RigidSynthSeq ( ESQ , ETQ ) ([ s · EA · . . . · EA n · s n ] , ils ) ← ESQ ([ t · EB · . . . · EB m · t m ] , ils ) ← ETQ if ils intlistset ils ∨ ils intlistset ils then return None if n , m then return None σ ← sorting (≤ exs Atom , [ EA · . . . · EA n ]) σ ← sorting (≤ exs Atom , [ EB · . . . · EB n ]) σ ← σ − ◦ σ EABs ← Zip ([ EA · . . . · EA n ] , [ EB σ ( ) · . . . · EB σ ( n ) ]) alos ← Map ( RigidSynthAtom , EABs ) match AllSome ( alos ) with | Some [ al · . . . · al n ] → return Some ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ − ) | None → return None function
RigidSynthInternal ( EDS , EDT ) (h ESQ | . . . | ESQ n i , ils ) ← EDS (h ETQ | . . . | ETQ m i , ils ) ← EDT if ils intlistset ils ∨ ils intlistset ils then return None if n , m then return None σ ← sorting (≤ exs Seq , [ ESQ | . . . | ESQ n ]) σ ← sorting (≤ exs Seq , [ ETQ | . . . | ETQ n ]) σ ← σ − ◦ σ ESTQs ← Zip ([ ESQ | . . . | ESQ n ] , [ ETQ σ ( ) | . . . | ETQ σ ( n ) ]) sqlos ← Map ( RigidSynthSeq , ESTQs ) match AllSome ( sqlos ) with | Some [ sql | . . . | sql n ] → return Some (h sql | . . . | sql n i , σ − ) | None → return None function
RigidSynth ( DS , DT , exs ) [( s , t ) ; . . . ; ( s n , t n )] ← exs EDS ← EmbedExamples ([([ ] , s ) ; . . . ; ([ n ] , s n )] , DS ) EDT ← EmbedExamples ([([ ] , t ) ; . . . ; ([ n ] , t n )] , DT ) return RigidSynthInternal ( EDS , EDT ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :120 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic sils = {( s , il ) , . . . , ( s m , il m )} , and sils = {( t , il ) , . . . , ( t m , il m )} , so we have projectils ({( s , il ) , . . . , ( s m , il m )}) = projectils ({( t , il ) , . . . , ( t m , il m )}) , as desired. (also we know bythe condition which returns None )Furthermore, by IH, for all i , j , we have ( s i , j , t i , j ) ∈ [[ dl ]] . This means that ( s i ,1 · . . . · s i , n i , t i ,1 · . . . · t i , n i ) ∈ [[ dl ]] for all i , so ( s i , t i ) ∈ [[ dl ]] for all i .Furthermore, by IH, dl ˜: DS ⇔ DT . Thusly, as A and B are strongly unambiguous, DS and DT are unambiguously iterable, so we have dl ˜: DS ⇔ DT DS ∗ ! DT ∗ ! iterate ( dl ) ˜: DS ∗ ⇔ DT ∗ Case . Unfolding definitions.Let sils = {( s ′′ , il ′ ) , . . . , ( s ′′ m ′ , il ′ m ′ )} .Let sils = {( t ′′ , il ′′ ) , . . . , ( t ′′ m ′′ , il ′′ m ′′ )} By inverison on sils ∈ SQ ESQ and sils ∈ TQ ETQ , we know that {( s ′′ i , il ′ ) ; . . . ; ( s ′′ m ′ , i , il ′ m ′ )} ∈ A i EA i , {( t ′′ i , il ′′ ) ; . . . ; ( t ′′ m ′′ , i , il ′′ m ′′ )} ∈ B i EB i , s ′ · s ′′ i ,1 · . . . · s ′′ i , n · s ′ n = s i , t ′ · t ′′ i ,1 · . . . · t ′′ i , n ′ · t ′ n ′ = t ′′ i , ESQ = ([ s ′ · EA · . . . · EA n · s ′ n ] , { il ′ , . . . , il ′ m ′ }) , and ETQ = ([ s ′ · EB · . . . · EB n ′ · s ′ n ′ ] , { il ′′ , . . . , il ′′ m ′′ }) Let σ = sorting ([ EA ; . . . ; EA n ] ,). Let σ = sorting ([ EA ; . . . ; EA n ] ,). Let σ = σ − ◦ σ .As RigidSynthSeq returns,
AllSome ( alos ) must be true, which means that for each i ∈ [ n ] , RigidSynthAtom ( EA i , EB σ ( i ) ) returns a lens, al i .By IH, that means that projectils ({( s ′′ i , il ′ ) ; . . . ; ( s ′′ m ′ , i , il ′ m ′ )}) = projectils ({( t ′′ σ ( i ) , il ′′ ) ; . . . ; ( t ′′ m ′′ , σ ( i ) , il ′′ m ′′ )}) , which immediately implies that m ′ = m ′′ .So, by reindexing, and aligning the int lists, projectils ({( s i , il ) ; . . . ; ( s m , i , il m )}) = projectils ({( t σ ( i ) , il ) ; . . . ; ( t m , σ ( i ) , il m )}) , sils = {( s , il ) , . . . , ( s m , il m )} , and sils = {( t , il ) , . . . , ( t m , il m )} , so we have projectils ({( s , il ) , . . . , ( s m , il m )}) = projectils ({( t , il ) , . . . , ( t m , il m )}) , as desired. (also we know by the condition which returns None )Furthermore, by IH, for all ( i , j ) we have ( s i , j , t i , σ ( j ) ) ∈ [[ al j ]] . By the definition of sequence lenssemantics, ( s ′ · s i ,1 · . . . · s i , n s ′ n , t ′ · t i , σ − ( σ ( )) · . . . · t i , σ − ( σ ( n )) · t ′ n ) ∈ [[([( s ′ , t ′ )· al · . . . · al n ·( s ′ n , t ′ n )] , σ − )]] .By simplifying, we get ( s ′ · s i ,1 · . . . · s i , n s ′ n , t ′ · t i ,1 · . . . · t i , n · t ′ n ) ∈ [[([( s ′ , t ′ )· al · . . . · al n ·( s ′ n , t ′ n )] , σ − )]] .By simplifying even more, we gets ( s i , t i ) ∈ [[([( s ′ , t ′ ) · al · . . . · al n · ( s ′ n , t ′ n )] , σ − )]] , as desired.Furthermore, by IH, al i ˜: A i ⇔ B σ ( i ) . Thusly, as SQ and TQ are strongly unambiguous, they aresequence unambiguously concatenable, so we have: al i ˜: A i ⇔ B σ ( i ) · ! ( s ′ ; A ; . . . ; A n ; s ′ n ) · ! ( t ′ ; B σ − ( σ ( )) ; . . . ; B σ − ( σ ( n )) ; t ′ n )([( s ′ , t ′ ) · al · . . . · al n · ( s ′ n , t ′ n )] , σ − ) ˜: [ s ′ · A · . . . · A n · s ′ n ] ⇔ [ s ′ · B σ − ( σ ( )) · . . . · B σ − ( σ ( n )) · s ′ n ] Which, by simplifying is: , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:121 al i ˜: A i ⇔ B σ ( i ) · ! ( s ′ ; A ; . . . ; A n ; s ′ n ) · ! ( t ′ ; B ; . . . ; B n ; t ′ n )([( s ′ , t ′ ) · al · . . . · al n · ( s ′ n , t ′ n )] , σ − ) ˜: [ s ′ · A · . . . · A n · s ′ n ] ⇔ [ s ′ · B · . . . · B n · s ′ n ] As desired.
Case . Unfolding definitions.Let sils = {( s ′′ , il ′ ) , . . . , ( s ′′ m ′ , il ′ m ′ )} .Let sils = {( t ′′ , il ′′ ) , . . . , ( t ′′ m ′′ , il ′′ m ′′ )} By inverison on sils ∈ DS EDS and sils ∈ DT EDT , we know that S i = {( s ′ i ,1 , il ′ i ,1 ) ; . . . ; ( s ′ i , m ′ i , il ′ i , m ′ i )} , S ′ i = {( t ′ i ,1 , il ′′ i ,1 ) ; . . . ; ( t ′ i , m ′′ i , il ′′ i , m ′′ i )} , S i ∈ SQ i ESQ i , S ′ i ∈ TQ i ETQ i , Ð i ∈[ n ] S i = sils , Ð i ∈[ n ] S ′ i = sils , EDS = h ESQ | . . . | ESQ n i , and EDT = h ETQ | . . . | ETQ n i Let σ = sorting ([ EA ; . . . ; EA n ] ,). Let σ = sorting ([ EA ; . . . ; EA n ] ,). Let σ = σ − ◦ σ .As RigidSynthInternal returns,
AllSome ( sqlos ) must be true, which means that for each i ∈[ n ] , RigidSynthSeq ( ESQ i , ETQ σ ( i ) ) returns a lens, sql i .By IH, that means that projectils ( S i ) = projectils ( S ′ σ ( i ) ) . This means that, projectils ( sils ) = projectils ( sils ) ,as they are each the union of all these sets. We also know this through the fact wereturn a value, as desired. This immediately implies that m ′ = m ′′ . Furthermore, we can use thisto reindex S i as S i = {( s i ,1 , il i ,1 ) ; . . . ; ( s i , m i , il i , m i )} , and S ′ i as S ′ σ ( i ) = {( t i ,1 , il i ,1 ) ; . . . ; ( t i , m i , il i , m i )} .Furthermore, by IH, for all ( i , j ) we have ( s i , j , t i , j ) ∈ [[ sql i ]] . By the definition of dnf lens seman-tics, [[(h sql | . . . | sql n i , σ − )]] = Ð i ∈[ n ] [[ sql i ]] . Let ( s i , t i ) arbitrary from sils and sils sharing thesame int list il i . By them being the union of all S i and S ′ i , there exists some i ′ , j such that s i = s i , j and t i = t i , j . As such, ( s i , t i ) ∈ [[(h sql | . . . | sql n i , σ − )]] , as desired.Furthermore, by IH, sql i ˜: SQ i ⇔ TQ σ ( i ) . Thusly, as DS and DT are strongly unambiguous, theyare pairwise disjoint in sequences, so we have: sql i ˜: SQ i ⇔ TQ σ ( i ) i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ − ) ˜: h SQ | . . . | SQ n i ⇔ h TQ σ − ( σ ( )) | . . . | TQ σ − ( σ ( n )) i Which, by simplifying is: sql i ˜: SQ i ⇔ TQ σ ( i ) i , j ⇒ L( SQ i ) ∩ L( SQ j ) = ∅ i , j ⇒ L( TQ i ) ∩ L( TQ j ) = ∅(h sql | . . . | sql n i , σ − ) ˜: h SQ | . . . | SQ n i ⇔ h TQ | . . . | TQ n i As desired. (cid:3)
Lemma 141.
Let DS and DT be strongly unambiguous DNF regular expressions. Let [( s , t ) ; . . . ; ( s m , t m )] be a list of input-output examples. If RigidSynth ( EDS , EDT ) returns a DNFlens, Some dl , then dl ˜: DS ⇔ DT , and ( s i , t i ) ∈ [[ dl ]] . Proof.
Let [( s , t ) ; . . . ; ( s n , t n )] = exs .Let EDS = EmbedExamples ([([ ] , s ) ; . . . ; ([ n ] , s n )] , DS ) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :122 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Let
EDT = EmbedExamples ([([ ] , t ) ; . . . ; ([ n ] , t n )] , DT ) This means that [([ ] , s ) ; . . . ; ([ n ] , s n )] ∈ DS EDS and [([ ] , t ) ; . . . ; ([ n ] , t n )] ∈ DT EDT .As
RigidSynth returns a lens, then
RigidSynthInternal ( EDS , EDT ) must return a lens.By the above statements, Lemma 140 applies, so the DNF lens returned by it satisfies dl ˜: DS ⇔ DT , and ( s i , t i ) ∈ [[ dl ]] .As dl ˜: DS ⇔ DT , we know that DS and DT are strongly unambiguous.As such the conditions for Lemma 143 apply so EDS ≤ exs DN F
EDT and
EDT ≤ exs DN F
EDS .By Lemma 144, that means that
RigidSynthInternal ( EDS , EDT ) returns a DNF lens, so thenso too does RigidSynth .Let DS and DT be strongly unambiguous DNF regular expressions. Let sils be a string int listset. Let sils be a string int list set. Let EDS and
EDT be exampled DNF regular expressions. Let sils ∈ EDS
EDS . Let sils ∈ EDT
EDT . If
RigidSynthInternal ( EDS , EDT ) returns asequence lens, Some dl , then projectils ( sils ) = projectils ( sils ) , dl ˜: DS ⇔ DT , and for each ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ dl ]] . (cid:3) Lemma 142.
Let DS and DT be strongly unambiguous DNF regular expressions. Let [( s , t ) ; . . . ; ( s m , t m )] be a list of input-output examples. If SynthDNFLens ( EDS , EDT ) returns aDNF lens, Some dl , then dl : DS ⇔ DT , and ( s i , t i ) ∈ [[ dl ]] . Proof. If SynthDNFLens returns, then there must be some ( S ′ , T ′ ) popped from the queuewhich returned a DNF lens dl = RigidSynthInternal ( S ′ , T ′ ) . These regular expressions are suchthat DS → DS ∗ DS ′ and DT → DS ∗ DT ′ , as the regular expressions are always either the originals, orhave been added to the queue from an expansion on a previously popped element. Inductively,everything in the queue is an expansion on DS or DT .As DS and DT are strongly unambiguous DNF regular expressions, DS → DS ∗ DS ′ means that DS ′ is strongly unambiguous, and similarly for DT and DT ′ .So, by Lemma 141, dl ˜: DS ′ ⇔ DT ′ . Furthermore, for each ( s i , t i ) pair in the examples ( s i , t i ) ∈[[ dl ]] .Lastly, we can then build the typing derivation: dl ˜: DS ′ ⇔ DT ′ DS → DS ∗ DS ′ DT → DS ∗ DT ′ dl ˜: DS ⇔ DT (cid:3) Theorem 13.
For all lenses l , regular expressions S and T , and examples exs , if l = SynthLens ( S , T , exs ) , then l : S ⇔ T and for all ( s , t ) in exs , ( s , t ) ∈ [[ l ]] . Proof. As SynthLens returns, then
SynthDNFLens ( DS , DT ) returns, where DS = ⇓ S and DT = ⇓ T . As Validate ( S , T , exs ) does not error out, then we know S and T are strongly unambigu-ous, and exs matches them. This then means that DS and DT are also strongly unambiguous.As such, by Lemma 142, we know that dl = SynthDNFLens ( DS , DT ) returns, that dl : DS ⇔ DS ,and that for each ( s , t ) in the examples, ( s , t ) ∈ [[ dl ]] . By Theorem 2, there exists S ′ and T ′ suchthat ⇑ dl and ⇓ S ′ = DS and ⇓ T ′ = DT and [[⇑ dl ]] = [[ dl ]] .As ⇓ S = ⇓ S ′ and ⇓ T = ⇓ T ′ , we have S ≡ s S ′ and T ≡ s T ′ . ⇑ dl : S ′ ⇔ T ′ S ≡ s S ′ T ≡ s T ′ ⇑ dl : S ⇔ T , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:123 Furthermore, as [[ dl ]] = [[⇑ dl ]] , we have for each ( s , t ) in the examples, ( s , t ) ∈ [[⇑ dl ]] , asdesired. (cid:3) Lemma 143. • Let A and B be strongly unambiguous atoms. Let sils be a string int list set. Let sils be astring int list set. Let projectils ( sils ) = projectils ( sils ) . Let EA and EB be exampled atoms.Let sils ∈ A EA . Let sils ∈ B EB . If al ˜: A ⇔ B , and for each ( s , t ) pair with thesame int list in sils and sils , ( s , t ) ∈ [[ al ]] , then EA ≤ exs Atom EB and EB ≤ exs Atom EA . • Let SQ and TQ be strongly unambiguous sequences. Let sils be a string int list set. Let sils be a string int list set. Let projectils ( sils ) = projectils ( sils ) . Let ESQ and
ETQ be exampledsequences. Let sils ∈ SQ ESQ . Let sils ∈ TQ ETQ . If sql ˜: SQ ⇔ TQ , and for each ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ sql ]] , then ESQ ≤ exs Seq
ETQ and
ETQ ≤ exs Seq
ESQ . • Let DS and DT be strongly unambiguous DNF regular expressions. Let sils be a string intlist set. Let sils be a string int list set. Let projectils ( sils ) = projectils ( sils ) . Let EDS and
EDT be exampled DNF regular expressions. Let sils ∈ EDS
EDS . Let sils ∈ EDT
EDT . If dl ˜: DS ⇔ DT , and for each ( s , t ) pair with the same int list in sils and sils , ( s , t ) ∈ [[ dl ]] , then EDS ≤ exs DN F
EDT and
EDT ≤ exs DN F
EDS . Proof.
We proceed by mutual induction
Case . Unfolding definitions.Let sils = {( s , il ) , . . . , ( s m , il m )} .Let sils = {( t , il ) , . . . , ( t m , il m )} By inversion on al ˜: A ⇔ B , we know DS ∗ = A , DT ∗ = B , iterate ( dl ) = al , and dl ˜: DS ⇔ DT .By inversion on [[ iterate ( dl )]] , there exist s · . . . · s n = s through s m ,1 · . . . · s m , n m = s m and t · . . . · t n = t through t m ,1 · . . . · s m , n m = t m such that ( s i , j , t i , j ) ∈ [[ dl ]] .Furthermore, this means that s i , j ∈ L( DS ) and t i , j ∈ L( DT ) .By inverison on sils ∈ A EA and sils ∈ B EB , we know that {( s ′ , 1 :: il ) ; . . . ; ( s ′ n ′ , n ′ :: il ) ; . . . ; ( s ′ m ,1 , 1 :: il m ) ; . . . ; ( s ′ m , n ′ m , n ′ m :: il m )} ∈ DS EDS , {( t ′ , 1 :: il ) ; . . . ; ( t ′ n ′′ , n ′′ :: il ) ; . . . ; ( t ′ m ,1 , 1 :: il m ) ; . . . ; ( s ′ m , n ′′ m , n ′′ m :: il m )} ∈ DT EDT , s ′ i ,1 · . . . · s ′ i , n ′ i = s i , t ′ i ,1 · . . . · t ′ i , n ′′ i = s i , EA = ( EDS ∗ , { il , . . . , il m }) , and EB = ( EDT ∗ , { il , . . . , il m }) As A and B are strongly unambiguous, n i = n ′ i = n ′′ i , s i , j = s ′ i , j , t i , j = t ′ i , j , and DS and DT arestrongly unambiguous.By inspection projectils ({( s , 1 :: il ) ; . . . ; ( s n , n :: il ) ; . . . ; ( s m ,1 , 1 :: il m ) ; . . . ; ( s m , n m , n m :: il m )}) = projectils ({( t , 1 :: il ) ; . . . ; ( t n , n :: il ) ; . . . ; ( t m ,1 , 1 :: il m ) ; . . . ; ( s m , n m , n m :: il m )}) Using the above facts, we have satisfied the preconditions to use the IH, so
EDS ≤ exs DN F
EDT and
EDT ≤ exs DN F
EDS .Furthermore, { il , . . . , il m } ≤ intlistset { il , . . . , il m } , so EA ≤ exs Atom EB and EB ≤ exs Atom EA . Case . Unfolding definitions.Let sils = {( s , il ) , . . . , ( s m , il m )} .Let sils = {( t , il ) , . . . , ( t m , il m )} By inversion on sql ˜: SQ ⇔ TQ , we know [ s ′ · A · . . . · A n · s ′ n ] = SQ , [ t ′ · B σ ( ) · . . . · B σ ( n ) · t ′ n ] = TQ , ([( s ′ , t ′ ) · al · . . . · al n · ( s ′ n , t ′ n )] , σ ) = sql , and al i ˜: A i ⇔ B i . , Vol. 1, No. 1, Article 1. Publication date: October 2017. :124 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic By inversion on [[([( s ′ , t ′ ) · al · . . . · al n ·( s ′ n , t ′ n )] , σ )]] , there exist s ′ · s · . . . · s n · s ′ n = s through s ′ · s m ,1 · . . . · s m , n · s ′ n = s m and t ′ · t σ ( ) · . . . · t σ ( n ) · t ′ n = t through t ′ · t m , σ ( ) · . . . · s m , σ ( n ) · t ′ n = t m such that ( s i , j , t i , j ) ∈ [[ al j ]] .Furthermore, this means that s i , j ∈ L( A j ) and t i , j ∈ L( B j ) .By inverison on sils ∈ SQ ESQ and sils ∈ TQ ETQ , we know that {( s ′′ i , il ) ; . . . ; ( s ′′ m , i , il m )} ∈ A i EA i , {( t ′′ i , il ) ; . . . ; ( t ′′ m , i , il m )} ∈ B i EB i , s ′ · s ′′ i ,1 · . . . · s ′′ i , n · s ′ n = s i , t ′ · t ′′ i ,1 · . . . · t ′′ i , n · t ′ n = t i , ESQ = ([ s ′ · EA · . . . · EA n · s ′ n ] , { il , . . . , il m }) , and ETQ = ([ s ′ · EB σ ( ) · . . . · EB σ ( n ) · s ′ n ] , { il , . . . , il m }) As SQ and TQ are strongly unambiguous, s i , j = s ′′ i , j , t i , j = t ′′ i , j , and A i and B i are stronglyunambiguous.By inspection projectils ({( s i , il ) ; . . . ; ( s m , i , il m )}) = projectils ({( t i , il ) ; . . . ; ( t m , i , il m )}) Using the above facts, we have satisfied the preconditions to use the IH, so EA i ≤ exs Atom EB i and EB i ≤ exs Atom EA i .As such, from Lemma 139, [ EA ; . . . ; EA n ]{≤ exs Atom }[ EB σ ( ) ; . . . ; EB σ ( n ) ] .This means that, as { il , . . . , il m } ≤ intlistset { il , . . . , il m } , we have ([ EA ; . . . ; EA n ] , { il , . . . , il m })({≤ exs Atom } , ≤ intlistset )([ EB σ ( ) ; . . . ; EB σ ( n ) ] , { il , . . . , il m }) . Which meansthat ESQ ≤ exs Seq
ETQ . Case . Unfolding definitions.Let sils = {( s , il ) , . . . , ( s m , il m )} .Let sils = {( t , il ) , . . . , ( t m , il m )} By inversion on dl ˜: DS ⇔ DT , we know h SQ | . . . | SQ n i = DS , h TQ σ ( ) | . . . | TQ σ ( n ) i = DT , (h( sql | . . . | sql n i , σ ) = sql , and sql i ˜: SQ i ⇔ TQ i .By inversion on [[(h( sql | . . . | sql n i , σ )]] , there exist {( s , t ) , . . . , ( s m , t m )} = S through {( s n ,1 , t n ,1 ) , . . . , ( s n , m n , t n , m n )} = S n such that Ð i ∈[ n ] S i = {( s , t ) , . . . , ( s m , t m )} , such that S i ⊂[[ sql i ]] , also with this reindexing Furthermore, this means that s i , j ∈ L( SQ i ) and t i , j ∈ L( TQ i ) .By inverison on sils ∈ DS EDS and sils ∈ DT EDT , we know that {( s ′ i ,1 , il ′ i ,1 ) ; . . . ; ( s ′ i , m ′ i , il ′ i , m ′ i )} ∈ SQ i ESQ i , {( t ′ i , il ′′ i ,1 ) ; . . . ; ( t ′ i , m ′′ i , il ′′ i , m ′′ i )} ∈ TQ i ETQ i , Ð i ∈[ n ] { s ′ i ,1 , . . . , s ′ i , m ′ i } = { s , . . . , s m } Ð i ∈[ n ] { t ′ i ,1 , . . . , t ′ i , m ′′ i } = { t , . . . , t m } EDS = (h ESQ | . . . | ESQ n i , { il , . . . , il m }) , and EDT = (h ETQ σ ( ) | . . . | ETQ σ ( n ) i , { il , . . . , il m }) As DS and DT are strongly unambiguous, { s i ,1 , . . . , s i , m i } = { s ′ i ,1 , . . . , s ′ i , m ′ i } , { t i ,1 , . . . , t i , m i } = { t ′ i ,1 , . . . , t ′ i , m ′ i } ,By aligning with their int lists (which are unique), we get ils i = {( s ′ i ,1 , il ′ i ,1 ) ; . . . ; ( s ′ i , m ′ i , il ′ i , m ′ i )} = {( s i ,1 , il i ,1 ) ; . . . ; ( s i , m i , il i , m i )} and ils ′ i = {( t ′ i , il ′′ i ,1 ) ; . . . ; ( t ′ i , m ′′ i , il ′′ i , m ′′ i )} = {( t i , il i ,1 ) ; . . . ; ( t i , m i , il i , m i )} By inspection projectils ({( s i ,1 , il i ,1 ) ; . . . ; ( s i , m i , il i , m i )}) = projectils ({( t i , il i ,1 ) ; . . . ; ( t i , m i , il i , m i )}) Using the above facts, we have satisfied the preconditions to use the IH, so
ESQ i ≤ exs Seq
ETQ i and ETQ i ≤ exs Seq
ESQ i .As such, from Lemma 139, [ ESQ ; . . . ; ESQ n ]{≤ exs Seq }[ ETQ σ ( ) ; . . . ; ETQ σ ( n ) ] . , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:125 This means that, as { il , . . . , il m } ≤ intlistset { il , . . . , il m } , we have ([ ESQ ; . . . ; ESQ n ] , { il , . . . , il m })({≤ exs Seq } , ≤ intlistset )([ ETQ σ ( ) ; . . . ; ETQ σ ( n ) ] , { il , . . . , il m }) . Whichmeans that EDS ≤ exs DN F
EDT . (cid:3) Lemma 144. • Let EA and EB be exampled atoms. If EA ≤ exs Atom EB and EB ≤ exs Atom EA , then RigidSynthAtom returns an atom lens. • Let
ESQ and
ETQ be exampled atoms. If
ESQ ≤ exs Seq
ETQ and
ETQ ≤ exs Seq
ESQ , then
RigidSynthSeq returns a sequence lens. • Let
EDS and
EDT be exampled atoms. If
EDS ≤ exs DN F
EDT and
EDT ≤ exs DN F
EDS , then
RigidSynthInternal returns a DNF lens.
Proof.
Case . Let ( EDS ∗ , ils ) = EA Let ( EDT ∗ , ils ′ ) = EB . As EA ≤ exs Atom EB , we have EDS ≤ exs DN F
EDT . By IH, this means that
RigidSynthInternal ( EDS , EDT ) returns a DNF lens, dl , this meansthat the match goes to the first, returning iterate ( dl ) , an atom lens. Case . Let ([ s · EA · . . . · EA n · s n ] , ils ) = ESQ and ([ t · EB · . . . · EB m · t m ] , ils ′ ) = ETQ .Let σ = sorting ([ EA ; . . . ; EA n ] ,) Let σ = sorting ([ EB ; . . . ; EB m ] ,) As ESQ ≤ exs Seq
ETQ and
ETQ ≤ exs Seq
ESQ , we know n = m . By Lemma 138 σ = σ − ◦ σ is such that EA i ≤ EB σ ( i ) and EB σ ( i ) ≤ EA i .By IH, this means that calling RigidSynthAtom ( EA i , EB σ ( i ) ) returns an atom lens, al i . As such, AllSome on all these atom lens options returns a list of atom lenses. This then returns the sequencelens ([( s , t ) · al · . . . · al n · ( s n , t n )] , σ − ) . Case . Let (h ESQ | . . . | ESQ n i , ils ) = EDS and (h ETQ | . . . | EB m i , ils ′ ) = ETQ .Let σ = sorting ([ ESQ ; . . . ; ESQ n ] ,) Let σ = sorting ([ ETQ ; . . . ; ETQ m ] ,) As EDS ≤ exs DN F
EDT and
ETQ ≤ exs DN F
EDS , we know n = m . By Lemma 138 σ = σ − ◦ σ is such that EA i ≤ EB σ ( i ) and EB σ ( i ) ≤ EA i .By IH, this means that calling RigidSynthSeq ( ESQ i , ETQ σ ( i ) ) returns a sequence lens, sql i . Assuch, AllSome on all these sequence lens options returns a list of sequence lenses. This thenreturns the DNF lens (h sql | . . . | sql n i , σ − ) . (cid:3) Lemma 145.
Let DS and DT be DNF regexes. Let exs be a set of string pairs. If there exists a DNFlens dl ˜: DS ⇔ DT such that exs ∈ [[ dl ]] , then RigidSynth ( DS , DT , exs ) returns a DNF lens. Proof.
Let [( s , t ) ; . . . ; ( s n , t n )] = exs .Let EDS = EmbedExamples ([([ ] , s ) ; . . . ; ([ n ] , s n )] , DS ) Let
EDT = EmbedExamples ([([ ] , t ) ; . . . ; ([ n ] , t n )] , DT ) We know that
EmbedExamples doesn’t fail, as each s i ∈ L( DS ) and each t i ∈ L( DT ) .This means that [([ ] , s ) ; . . . ; ([ n ] , s n )] ∈ DS EDS and [([ ] , t ) ; . . . ; ([ n ] , t n )] ∈ DT EDT .As dl ˜: DS ⇔ DT , we know that DS and DT are strongly unambiguous.As such the conditions for Lemma 143 apply so EDS ≤ exs DN F
EDT and
EDT ≤ exs DN F
EDS .By Lemma 144, that means that
RigidSynthInternal ( EDS , EDT ) returns a DNF lens, so thenso too does RigidSynth . (cid:3) , Vol. 1, No. 1, Article 1. Publication date: October 2017. :126 Anders Miltner, Kathleen Fisher, Benjamin C. Pierce, David Walker, and Steve Zdancewic Lemma 146.
Given DNF regular expressions DS and DT , and a set of examples exs , if there existsa DNF lens dl such that dl : DS ⇔ DT and for all ( s , t ) in exs , ( s , t ) ∈ [[ dl ]] , then SynthDNFLens ( DS , DT , exs ) will return a DNF lens. Proof. If dl : DS ⇔ DT , then there exist DNF regular expressions DS ′ and DT ′ such that dl ˜: DS ′ ⇔ DT ′ , DS → DS ∗ DS ′ , and DT → DS ∗ DT ′ .However, we may not perform the same single rewrites as DS → DS ∗ DT , because we infer certainexpansions, which are then taken earlier. However, confluence allows us to reorganize the orderof the expansions (though this may possibly increase the total number of expansions, and changethe ultimate DNF lens), as was done in the retype case of DNF completeness.As such, we know that, there exist two DNF regular expressions DS ′′ and DT ′′ , and a DNF lens dl ′ such that DS → DS ∗ DS ′′ , DT → DS ∗ DT ′′ , dl ′ ˜: DS ′′ ⇔ DT ′′ , [[ dl ′ ]] = [[ dl ]] , and ( DS ′′ , DT ′′ ) areenumerated by the queue.If there are any ( DS ′′′ , DT ′′′ ) pairs enumerated before ( DS ′′ , DT ′′ ) such that RigidSynth ( DS ′′′ , DT ′′′ ) returns a lens, then that lens is returned, and we are done.If not, eventually ( DS ′′ , DT ′′ ) are enumerated.By Lemma 145, as dl ′ ˜: DS ′′ ⇔ DT ′′ , RigidSynth ( DS ′′ , DT ′′ ) returns. This is then immediatelyreturned by SynthDNFLens . (cid:3) Theorem 14.
Given regular expressions S and T , and a set of examples exs , if there exists a lens l such that l : S ⇔ T and for all ( s , t ) in exs , ( s , t ) ∈ [[ l ]] , then SynthLens ( S , T , exs ) will return alens. Proof.
Let l : S ⇔ T . By Theorem 3, there exists a DNF lens dl : ⇓ S ⇔⇓ T , such that [[ dl ]] = [[ l ]] .In particular, this means that exs ⊂ [[ dl ]] . This means, from Lemma 146, SynthDNFLens (⇓ S , ⇓ T ) returns a lens, dl ′′ . From Theorem 2, we can then convert using ⇑ , to get a lens which we return. (cid:3) B.13 Additional Proofs
In the paper, some claims were made that aren’t necessarily the main theorems. In this area weprove those claims.
Definition 34.
Let → be a rewrite rule on regular expressions. We define → ⇓ as the rewriterelation on DNF regular expressions defined by ⇓ S → ⇓ ⇓ T if S → T . Definition 35.
We overload l ⇐⇒ to extend to regular expressions with rewriteless DNF lensesafter conversion to DNF form. In particular, S l ⇐⇒ T if there exists dl such that [[ dl ]] = [[ l ]] and dl ˜: (⇓ S ) ⇔ (⇓ T ) . Lemma 147. confluent l ⇐⇒(→) implies confluent l ⇐⇒(→ ⇓ ) . Proof.
Let dl ˜: DS ⇔ DT , with [[ dl ]] = [[ l ]] . Let DS → ⇓ DS and DT → ⇓ DT . This means thatthere exists S , T , S , and T such that S → S , T → T , ⇓ S = DS , ⇓ T = DT , ⇓ S = DS , and ⇓ T = DT . This means, as confluent l ⇐⇒(→) , there exists S , T such that there exists dl ˜: ⇓ S ⇔⇓ T where [[ dl ]] = [[ dl ]] , S → S and T → T . This means that DS → ⇓ ⇓ S , and DT → ⇓ ⇓ S , and asbefore there exists dl ˜: ⇓ S ⇔⇓ T where [[ dl ]] = [[ dl ]] . As such, confluent l ⇐⇒(→ ⇓ ) . (cid:3) Lemma 148. confluent l ⇐⇒(→ ⇓ ) implies confluent l ⇐⇒(→) . Proof.
Let dl ˜: ⇓ S ⇔⇓ T . Let S → S and T → T . This means that ⇓ S → ⇓ ⇓ S and ⇓ T → ⇓ ⇓ T . As confluent l ⇐⇒(→ ⇓ ) , then there exists dl , DS and DT such that ⇓ S → ⇓ DS , , Vol. 1, No. 1, Article 1. Publication date: October 2017. ynthesizing Bijective Lenses 1:127 ⇓ T → ⇓ DT , dl ˜: DS ⇔ DT , and [[ dl ]] = [[ dl ]] . This means that DS = ⇓ S , DT = ⇓ T . As such, dl ˜: ⇓ S ⇔⇓ T , so confluent l ⇐⇒(→) . (cid:3) Lemma 149. If bisimilar l ⇐⇒(→) , then bisimilar l ⇐⇒(→ ⇓ ) . Proof.
Let dl ˜: DS ⇔ DT , with [[ dl ]] = [[ l ]] . Let DS → ⇓ DS . This means that there exists S and S such that S → S , ⇓ S = DS , and ⇓ S = DS . This means, as confluent l ⇐⇒(→) , there exists T such that there exists dl ˜: ⇓ S ⇔⇓ T where [[ dl ]] = [[ dl ]] , and ⇑ DT → T . Symmetrically for if DT → ⇓ DT , so bisimilar l ⇐⇒(→ ⇓ ) . (cid:3) Lemma 150. If bisimilar l ⇐⇒(→ ⇓ ) , then bisimilar l ⇐⇒(→) . Proof.
Let dl ˜: ⇓ S ⇔⇓ T , with [[ dl ]] = [[ l ]] . Let S → S . This means that ⇓ S → ⇓ ⇓ S . This meansthat, as bisimilar l ⇐⇒(→ ⇓ ) there exists DT , dl such that ⇓ T → ⇓ DT , and dl ˜: ⇓ S ⇔ DT , and [[ dl ]] = [[ dl ]] . As ⇓ T → ⇓ DT , we have DT = ⇓ T , where T → T . Symmetrically for if T → T ,so bisimilar l ⇐⇒(→) . (cid:3) Lemma 151. If → doesn’t introduce ambiguity, then neither does → ⇓ . Proof.
Let DS → ⇓ DT , where DS is strongly unambiguous. This means DS = ⇓ S and DT = ⇓ T ,and S → T . As ⇓ S is strongly unambiguous iff S is, S is strongly unambiguous. By assumption,we now have T is strongly unambiguous, so then ⇓ T also is. (cid:3) Lemma 152. If → ⇓ doesn’t introduce ambiguity, then neither does → . Proof.