doc-src/IsarRef/Thy/document/HOL_Specific.tex
author blanchet
Mon, 27 Jun 2011 14:56:37 +0200
changeset 44440 36ba44fe0781
parent 44141 bc72c1ccc89e
child 44785 64819f353c53
permissions -rw-r--r--
document "meson" and "metis" in HOL specific section of the Isar ref manual
     1 %
     2 \begin{isabellebody}%
     3 \def\isabellecontext{HOL{\isaliteral{5F}{\isacharunderscore}}Specific}%
     4 %
     5 \isadelimtheory
     6 %
     7 \endisadelimtheory
     8 %
     9 \isatagtheory
    10 \isacommand{theory}\isamarkupfalse%
    11 \ HOL{\isaliteral{5F}{\isacharunderscore}}Specific\isanewline
    12 \isakeyword{imports}\ Base\ Main\isanewline
    13 \isakeyword{begin}%
    14 \endisatagtheory
    15 {\isafoldtheory}%
    16 %
    17 \isadelimtheory
    18 %
    19 \endisadelimtheory
    20 %
    21 \isamarkupchapter{Isabelle/HOL \label{ch:hol}%
    22 }
    23 \isamarkuptrue%
    24 %
    25 \isamarkupsection{Higher-Order Logic%
    26 }
    27 \isamarkuptrue%
    28 %
    29 \begin{isamarkuptext}%
    30 Isabelle/HOL is based on Higher-Order Logic, a polymorphic
    31   version of Church's Simple Theory of Types.  HOL can be best
    32   understood as a simply-typed version of classical set theory.  The
    33   logic was first implemented in Gordon's HOL system
    34   \cite{mgordon-hol}.  It extends Church's original logic
    35   \cite{church40} by explicit type variables (naive polymorphism) and
    36   a sound axiomatization scheme for new types based on subsets of
    37   existing types.
    38 
    39   Andrews's book \cite{andrews86} is a full description of the
    40   original Church-style higher-order logic, with proofs of correctness
    41   and completeness wrt.\ certain set-theoretic interpretations.  The
    42   particular extensions of Gordon-style HOL are explained semantically
    43   in two chapters of the 1993 HOL book \cite{pitts93}.
    44 
    45   Experience with HOL over decades has demonstrated that higher-order
    46   logic is widely applicable in many areas of mathematics and computer
    47   science.  In a sense, Higher-Order Logic is simpler than First-Order
    48   Logic, because there are fewer restrictions and special cases.  Note
    49   that HOL is \emph{weaker} than FOL with axioms for ZF set theory,
    50   which is traditionally considered the standard foundation of regular
    51   mathematics, but for most applications this does not matter.  If you
    52   prefer ML to Lisp, you will probably prefer HOL to ZF.
    53 
    54   \medskip The syntax of HOL follows \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}{\isaliteral{22}{\isachardoublequote}}}-calculus and
    55   functional programming.  Function application is curried.  To apply
    56   the function \isa{f} of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{3}}{\isaliteral{22}{\isachardoublequote}}} to the
    57   arguments \isa{a} and \isa{b} in HOL, you simply write \isa{{\isaliteral{22}{\isachardoublequote}}f\ a\ b{\isaliteral{22}{\isachardoublequote}}} (as in ML or Haskell).  There is no ``apply'' operator; the
    58   existing application of the Pure \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}{\isaliteral{22}{\isachardoublequote}}}-calculus is re-used.
    59   Note that in HOL \isa{{\isaliteral{22}{\isachardoublequote}}f\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{2C}{\isacharcomma}}\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} means ``\isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} applied to
    60   the pair \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}a{\isaliteral{2C}{\isacharcomma}}\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} (which is notation for \isa{{\isaliteral{22}{\isachardoublequote}}Pair\ a\ b{\isaliteral{22}{\isachardoublequote}}}).  The latter typically introduces extra formal efforts that can
    61   be avoided by currying functions by default.  Explicit tuples are as
    62   infrequent in HOL formalizations as in good ML or Haskell programs.
    63 
    64   \medskip Isabelle/HOL has a distinct feel, compared to other
    65   object-logics like Isabelle/ZF.  It identifies object-level types
    66   with meta-level types, taking advantage of the default
    67   type-inference mechanism of Isabelle/Pure.  HOL fully identifies
    68   object-level functions with meta-level functions, with native
    69   abstraction and application.
    70 
    71   These identifications allow Isabelle to support HOL particularly
    72   nicely, but they also mean that HOL requires some sophistication
    73   from the user.  In particular, an understanding of Hindley-Milner
    74   type-inference with type-classes, which are both used extensively in
    75   the standard libraries and applications.  Beginners can set
    76   \hyperlink{attribute.show-types}{\mbox{\isa{show{\isaliteral{5F}{\isacharunderscore}}types}}} or even \hyperlink{attribute.show-sorts}{\mbox{\isa{show{\isaliteral{5F}{\isacharunderscore}}sorts}}} to get more
    77   explicit information about the result of type-inference.%
    78 \end{isamarkuptext}%
    79 \isamarkuptrue%
    80 %
    81 \isamarkupsection{Inductive and coinductive definitions \label{sec:hol-inductive}%
    82 }
    83 \isamarkuptrue%
    84 %
    85 \begin{isamarkuptext}%
    86 An \emph{inductive definition} specifies the least predicate
    87   or set \isa{R} closed under given rules: applying a rule to
    88   elements of \isa{R} yields a result within \isa{R}.  For
    89   example, a structural operational semantics is an inductive
    90   definition of an evaluation relation.
    91 
    92   Dually, a \emph{coinductive definition} specifies the greatest
    93   predicate or set \isa{R} that is consistent with given rules:
    94   every element of \isa{R} can be seen as arising by applying a rule
    95   to elements of \isa{R}.  An important example is using
    96   bisimulation relations to formalise equivalence of processes and
    97   infinite data structures.
    98   
    99   Both inductive and coinductive definitions are based on the
   100   Knaster-Tarski fixed-point theorem for complete lattices.  The
   101   collection of introduction rules given by the user determines a
   102   functor on subsets of set-theoretic relations.  The required
   103   monotonicity of the recursion scheme is proven as a prerequisite to
   104   the fixed-point definition and the resulting consequences.  This
   105   works by pushing inclusion through logical connectives and any other
   106   operator that might be wrapped around recursive occurrences of the
   107   defined relation: there must be a monotonicity theorem of the form
   108   \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ B{\isaliteral{22}{\isachardoublequote}}}, for each premise \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C4D3E}{\isasymM}}\ R\ t{\isaliteral{22}{\isachardoublequote}}} in an
   109   introduction rule.  The default rule declarations of Isabelle/HOL
   110   already take care of most common situations.
   111 
   112   \begin{matharray}{rcl}
   113     \indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   114     \indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductive-set}{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   115     \indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   116     \indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductive-set}{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   117     \indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isa{attribute} \\
   118   \end{matharray}
   119 
   120   \begin{railoutput}
   121 \rail@begin{10}{}
   122 \rail@bar
   123 \rail@term{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}}[]
   124 \rail@nextbar{1}
   125 \rail@term{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
   126 \rail@nextbar{2}
   127 \rail@term{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}}[]
   128 \rail@nextbar{3}
   129 \rail@term{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
   130 \rail@endbar
   131 \rail@bar
   132 \rail@nextbar{1}
   133 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   134 \rail@endbar
   135 \rail@cr{5}
   136 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   137 \rail@bar
   138 \rail@nextbar{6}
   139 \rail@term{\isa{\isakeyword{for}}}[]
   140 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   141 \rail@endbar
   142 \rail@bar
   143 \rail@nextbar{6}
   144 \rail@term{\isa{\isakeyword{where}}}[]
   145 \rail@nont{\isa{clauses}}[]
   146 \rail@endbar
   147 \rail@cr{8}
   148 \rail@bar
   149 \rail@nextbar{9}
   150 \rail@term{\isa{\isakeyword{monos}}}[]
   151 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
   152 \rail@endbar
   153 \rail@end
   154 \rail@begin{3}{\isa{clauses}}
   155 \rail@plus
   156 \rail@bar
   157 \rail@nextbar{1}
   158 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   159 \rail@endbar
   160 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   161 \rail@nextplus{2}
   162 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
   163 \rail@endplus
   164 \rail@end
   165 \rail@begin{3}{}
   166 \rail@term{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}}[]
   167 \rail@bar
   168 \rail@nextbar{1}
   169 \rail@term{\isa{add}}[]
   170 \rail@nextbar{2}
   171 \rail@term{\isa{del}}[]
   172 \rail@endbar
   173 \rail@end
   174 \end{railoutput}
   175 
   176 
   177   \begin{description}
   178 
   179   \item \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}} define (co)inductive predicates from the introduction
   180   rules.
   181 
   182   The propositions given as \isa{{\isaliteral{22}{\isachardoublequote}}clauses{\isaliteral{22}{\isachardoublequote}}} in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part are either rules of the usual \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C416E643E}{\isasymAnd}}{\isaliteral{2F}{\isacharslash}}{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}{\isaliteral{22}{\isachardoublequote}}} format
   183   (with arbitrary nesting), or equalities using \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C65717569763E}{\isasymequiv}}{\isaliteral{22}{\isachardoublequote}}}.  The
   184   latter specifies extra-logical abbreviations in the sense of
   185   \indexref{}{command}{abbreviation}\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}.  Introducing abstract syntax
   186   simultaneously with the actual introduction rules is occasionally
   187   useful for complex specifications.
   188 
   189   The optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of
   190   the (co)inductive predicates that remain fixed throughout the
   191   definition, in contrast to arguments of the relation that may vary
   192   in each occurrence within the given \isa{{\isaliteral{22}{\isachardoublequote}}clauses{\isaliteral{22}{\isachardoublequote}}}.
   193 
   194   The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} declaration contains additional
   195   \emph{monotonicity theorems}, which are required for each operator
   196   applied to a recursive set in the introduction rules.
   197 
   198   \item \hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}} and \hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}} are wrappers for to the previous commands for
   199   native HOL predicates.  This allows to define (co)inductive sets,
   200   where multiple arguments are simulated via tuples.
   201 
   202   \item \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} declares monotonicity rules in the
   203   context.  These rule are involved in the automated monotonicity
   204   proof of the above inductive and coinductive definitions.
   205 
   206   \end{description}%
   207 \end{isamarkuptext}%
   208 \isamarkuptrue%
   209 %
   210 \isamarkupsubsection{Derived rules%
   211 }
   212 \isamarkuptrue%
   213 %
   214 \begin{isamarkuptext}%
   215 A (co)inductive definition of \isa{R} provides the following
   216   main theorems:
   217 
   218   \begin{description}
   219 
   220   \item \isa{R{\isaliteral{2E}{\isachardot}}intros} is the list of introduction rules as proven
   221   theorems, for the recursive predicates (or sets).  The rules are
   222   also available individually, using the names given them in the
   223   theory file;
   224 
   225   \item \isa{R{\isaliteral{2E}{\isachardot}}cases} is the case analysis (or elimination) rule;
   226 
   227   \item \isa{R{\isaliteral{2E}{\isachardot}}induct} or \isa{R{\isaliteral{2E}{\isachardot}}coinduct} is the (co)induction
   228   rule.
   229 
   230   \end{description}
   231 
   232   When several predicates \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} are
   233   defined simultaneously, the list of introduction rules is called
   234   \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}intros{\isaliteral{22}{\isachardoublequote}}}, the case analysis rules are
   235   called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2E}{\isachardot}}cases{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}cases{\isaliteral{22}{\isachardoublequote}}}, and the list
   236   of mutual induction rules is called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}inducts{\isaliteral{22}{\isachardoublequote}}}.%
   237 \end{isamarkuptext}%
   238 \isamarkuptrue%
   239 %
   240 \isamarkupsubsection{Monotonicity theorems%
   241 }
   242 \isamarkuptrue%
   243 %
   244 \begin{isamarkuptext}%
   245 The context maintains a default set of theorems that are used
   246   in monotonicity proofs.  New rules can be declared via the
   247   \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute.  See the main Isabelle/HOL
   248   sources for some examples.  The general format of such monotonicity
   249   theorems is as follows:
   250 
   251   \begin{itemize}
   252 
   253   \item Theorems of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ B{\isaliteral{22}{\isachardoublequote}}}, for proving
   254   monotonicity of inductive definitions whose introduction rules have
   255   premises involving terms such as \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C4D3E}{\isasymM}}\ R\ t{\isaliteral{22}{\isachardoublequote}}}.
   256 
   257   \item Monotonicity theorems for logical operators, which are of the
   258   general form \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}.  For example, in
   259   the case of the operator \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6F723E}{\isasymor}}{\isaliteral{22}{\isachardoublequote}}}, the corresponding theorem is
   260   \[
   261   \infer{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}
   262   \]
   263 
   264   \item De Morgan style equations for reasoning about the ``polarity''
   265   of expressions, e.g.
   266   \[
   267   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ P{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
   268   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ Q{\isaliteral{22}{\isachardoublequote}}}
   269   \]
   270 
   271   \item Equations for reducing complex operators to more primitive
   272   ones whose monotonicity can easily be proved, e.g.
   273   \[
   274   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
   275   \isa{{\isaliteral{22}{\isachardoublequote}}Ball\ A\ P\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ x{\isaliteral{22}{\isachardoublequote}}}
   276   \]
   277 
   278   \end{itemize}%
   279 \end{isamarkuptext}%
   280 \isamarkuptrue%
   281 %
   282 \isamarkupsubsubsection{Examples%
   283 }
   284 \isamarkuptrue%
   285 %
   286 \begin{isamarkuptext}%
   287 The finite powerset operator can be defined inductively like this:%
   288 \end{isamarkuptext}%
   289 \isamarkuptrue%
   290 \isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}\isamarkupfalse%
   291 \ Fin\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ set\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ set\ set{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{for}\ A\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ set{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   292 \isakeyword{where}\isanewline
   293 \ \ empty{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{7D}{\isacharbraceright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   294 {\isaliteral{7C}{\isacharbar}}\ insert{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}a\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ insert\ a\ B\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A{\isaliteral{22}{\isachardoublequoteclose}}%
   295 \begin{isamarkuptext}%
   296 The accessible part of a relation is defined as follows:%
   297 \end{isamarkuptext}%
   298 \isamarkuptrue%
   299 \isacommand{inductive}\isamarkupfalse%
   300 \ acc\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   301 \ \ \isakeyword{for}\ r\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{28}{\isacharparenleft}}\isakeyword{infix}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C707265633E}{\isasymprec}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isadigit{5}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
   302 \isakeyword{where}\ acc{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C416E643E}{\isasymAnd}}y{\isaliteral{2E}{\isachardot}}\ y\ {\isaliteral{5C3C707265633E}{\isasymprec}}\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ acc\ r\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ acc\ r\ x{\isaliteral{22}{\isachardoublequoteclose}}%
   303 \begin{isamarkuptext}%
   304 Common logical connectives can be easily characterized as
   305 non-recursive inductive definitions with parameters, but without
   306 arguments.%
   307 \end{isamarkuptext}%
   308 \isamarkuptrue%
   309 \isacommand{inductive}\isamarkupfalse%
   310 \ AND\ \isakeyword{for}\ A\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ bool\isanewline
   311 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ AND\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   312 \isanewline
   313 \isacommand{inductive}\isamarkupfalse%
   314 \ OR\ \isakeyword{for}\ A\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ bool\isanewline
   315 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ OR\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   316 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ OR\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   317 \isanewline
   318 \isacommand{inductive}\isamarkupfalse%
   319 \ EXISTS\ \isakeyword{for}\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   320 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}B\ a\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ EXISTS\ B{\isaliteral{22}{\isachardoublequoteclose}}%
   321 \begin{isamarkuptext}%
   322 Here the \isa{{\isaliteral{22}{\isachardoublequote}}cases{\isaliteral{22}{\isachardoublequote}}} or \isa{{\isaliteral{22}{\isachardoublequote}}induct{\isaliteral{22}{\isachardoublequote}}} rules produced by
   323   the \hyperlink{command.inductive}{\mbox{\isa{\isacommand{inductive}}}} package coincide with the expected
   324   elimination rules for Natural Deduction.  Already in the original
   325   article by Gerhard Gentzen \cite{Gentzen:1935} there is a hint that
   326   each connective can be characterized by its introductions, and the
   327   elimination can be constructed systematically.%
   328 \end{isamarkuptext}%
   329 \isamarkuptrue%
   330 %
   331 \isamarkupsection{Recursive functions \label{sec:recursion}%
   332 }
   333 \isamarkuptrue%
   334 %
   335 \begin{isamarkuptext}%
   336 \begin{matharray}{rcl}
   337     \indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   338     \indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   339     \indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   340     \indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   341   \end{matharray}
   342 
   343   \begin{railoutput}
   344 \rail@begin{2}{}
   345 \rail@term{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}}[]
   346 \rail@bar
   347 \rail@nextbar{1}
   348 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   349 \rail@endbar
   350 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   351 \rail@term{\isa{\isakeyword{where}}}[]
   352 \rail@nont{\isa{equations}}[]
   353 \rail@end
   354 \rail@begin{4}{}
   355 \rail@bar
   356 \rail@term{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}}[]
   357 \rail@nextbar{1}
   358 \rail@term{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}}[]
   359 \rail@endbar
   360 \rail@bar
   361 \rail@nextbar{1}
   362 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   363 \rail@endbar
   364 \rail@bar
   365 \rail@nextbar{1}
   366 \rail@nont{\isa{functionopts}}[]
   367 \rail@endbar
   368 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   369 \rail@cr{3}
   370 \rail@term{\isa{\isakeyword{where}}}[]
   371 \rail@nont{\isa{equations}}[]
   372 \rail@end
   373 \rail@begin{3}{\isa{equations}}
   374 \rail@plus
   375 \rail@bar
   376 \rail@nextbar{1}
   377 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   378 \rail@endbar
   379 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   380 \rail@nextplus{2}
   381 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
   382 \rail@endplus
   383 \rail@end
   384 \rail@begin{3}{\isa{functionopts}}
   385 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   386 \rail@plus
   387 \rail@bar
   388 \rail@term{\isa{sequential}}[]
   389 \rail@nextbar{1}
   390 \rail@term{\isa{domintros}}[]
   391 \rail@endbar
   392 \rail@nextplus{2}
   393 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
   394 \rail@endplus
   395 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   396 \rail@end
   397 \rail@begin{2}{}
   398 \rail@term{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}}[]
   399 \rail@bar
   400 \rail@nextbar{1}
   401 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   402 \rail@endbar
   403 \rail@end
   404 \end{railoutput}
   405 
   406 
   407   \begin{description}
   408 
   409   \item \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} defines primitive recursive
   410   functions over datatypes (see also \indexref{HOL}{command}{datatype}\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} and
   411   \indexref{HOL}{command}{rep\_datatype}\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}).  The given \isa{equations}
   412   specify reduction rules that are produced by instantiating the
   413   generic combinator for primitive recursion that is available for
   414   each datatype.
   415 
   416   Each equation needs to be of the form:
   417 
   418   \begin{isabelle}%
   419 {\isaliteral{22}{\isachardoublequote}}f\ x\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ x\isaliteral{5C3C5E7375623E}{}\isactrlsub m\ {\isaliteral{28}{\isacharparenleft}}C\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{29}{\isacharparenright}}\ z\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ z\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3D}{\isacharequal}}\ rhs{\isaliteral{22}{\isachardoublequote}}%
   420 \end{isabelle}
   421 
   422   such that \isa{C} is a datatype constructor, \isa{rhs} contains
   423   only the free variables on the left-hand side (or from the context),
   424   and all recursive occurrences of \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} in \isa{{\isaliteral{22}{\isachardoublequote}}rhs{\isaliteral{22}{\isachardoublequote}}} are of
   425   the form \isa{{\isaliteral{22}{\isachardoublequote}}f\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}} for some \isa{i}.  At most one
   426   reduction rule for each constructor can be given.  The order does
   427   not matter.  For missing constructors, the function is defined to
   428   return a default value, but this equation is made difficult to
   429   access for users.
   430 
   431   The reduction rules are declared as \hyperlink{attribute.simp}{\mbox{\isa{simp}}} by default,
   432   which enables standard proof methods like \hyperlink{method.simp}{\mbox{\isa{simp}}} and
   433   \hyperlink{method.auto}{\mbox{\isa{auto}}} to normalize expressions of \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} applied to
   434   datatype constructions, by simulating symbolic computation via
   435   rewriting.
   436 
   437   \item \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} defines functions by general
   438   wellfounded recursion. A detailed description with examples can be
   439   found in \cite{isabelle-function}. The function is specified by a
   440   set of (possibly conditional) recursive equations with arbitrary
   441   pattern matching. The command generates proof obligations for the
   442   completeness and the compatibility of patterns.
   443 
   444   The defined function is considered partial, and the resulting
   445   simplification rules (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}psimps{\isaliteral{22}{\isachardoublequote}}}) and induction rule
   446   (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}pinduct{\isaliteral{22}{\isachardoublequote}}}) are guarded by a generated domain
   447   predicate \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{5F}{\isacharunderscore}}dom{\isaliteral{22}{\isachardoublequote}}}. The \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}
   448   command can then be used to establish that the function is total.
   449 
   450   \item \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} is a shorthand notation for ``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}sequential{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}, followed by automated
   451   proof attempts regarding pattern matching and termination.  See
   452   \cite{isabelle-function} for further details.
   453 
   454   \item \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}~\isa{f} commences a
   455   termination proof for the previously defined function \isa{f}.  If
   456   this is omitted, the command refers to the most recent function
   457   definition.  After the proof is closed, the recursive equations and
   458   the induction principle is established.
   459 
   460   \end{description}
   461 
   462   Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}
   463   command accommodate reasoning by induction (cf.\ \hyperlink{method.induct}{\mbox{\isa{induct}}}):
   464   rule \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}induct{\isaliteral{22}{\isachardoublequote}}} refers to a specific induction rule, with
   465   parameters named according to the user-specified equations. Cases
   466   are numbered starting from 1.  For \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}, the
   467   induction principle coincides with structural recursion on the
   468   datatype where the recursion is carried out.
   469 
   470   The equations provided by these packages may be referred later as
   471   theorem list \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, where \isa{f} is the (collective)
   472   name of the functions defined.  Individual equations may be named
   473   explicitly as well.
   474 
   475   The \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} command accepts the following
   476   options.
   477 
   478   \begin{description}
   479 
   480   \item \isa{sequential} enables a preprocessor which disambiguates
   481   overlapping patterns by making them mutually disjoint.  Earlier
   482   equations take precedence over later ones.  This allows to give the
   483   specification in a format very similar to functional programming.
   484   Note that the resulting simplification and induction rules
   485   correspond to the transformed specification, not the one given
   486   originally. This usually means that each equation given by the user
   487   may result in several theorems.  Also note that this automatic
   488   transformation only works for ML-style datatype patterns.
   489 
   490   \item \isa{domintros} enables the automated generation of
   491   introduction rules for the domain predicate. While mostly not
   492   needed, they can be helpful in some proofs about partial functions.
   493 
   494   \end{description}%
   495 \end{isamarkuptext}%
   496 \isamarkuptrue%
   497 %
   498 \isamarkupsubsubsection{Example: evaluation of expressions%
   499 }
   500 \isamarkuptrue%
   501 %
   502 \begin{isamarkuptext}%
   503 Subsequently, we define mutual datatypes for arithmetic and
   504   boolean expressions, and use \hyperlink{command.primrec}{\mbox{\isa{\isacommand{primrec}}}} for evaluation
   505   functions that follow the same recursive structure.%
   506 \end{isamarkuptext}%
   507 \isamarkuptrue%
   508 \isacommand{datatype}\isamarkupfalse%
   509 \ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{3D}{\isacharequal}}\isanewline
   510 \ \ \ \ IF\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   511 \ \ {\isaliteral{7C}{\isacharbar}}\ Sum\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   512 \ \ {\isaliteral{7C}{\isacharbar}}\ Diff\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   513 \ \ {\isaliteral{7C}{\isacharbar}}\ Var\ {\isaliteral{27}{\isacharprime}}a\isanewline
   514 \ \ {\isaliteral{7C}{\isacharbar}}\ Num\ nat\isanewline
   515 \isakeyword{and}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{3D}{\isacharequal}}\isanewline
   516 \ \ \ \ Less\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   517 \ \ {\isaliteral{7C}{\isacharbar}}\ And\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   518 \ \ {\isaliteral{7C}{\isacharbar}}\ Neg\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}%
   519 \begin{isamarkuptext}%
   520 \medskip Evaluation of arithmetic and boolean expressions%
   521 \end{isamarkuptext}%
   522 \isamarkuptrue%
   523 \isacommand{primrec}\isamarkupfalse%
   524 \ evala\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   525 \ \ \isakeyword{and}\ evalb\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   526 \isakeyword{where}\isanewline
   527 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}IF\ b\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}if\ evalb\ env\ b\ then\ evala\ env\ a{\isadigit{1}}\ else\ evala\ env\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   528 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Sum\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isadigit{1}}\ {\isaliteral{2B}{\isacharplus}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   529 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Diff\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isadigit{1}}\ {\isaliteral{2D}{\isacharminus}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   530 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Var\ v{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ env\ v{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   531 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Num\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   532 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}Less\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}evala\ env\ a{\isadigit{1}}\ {\isaliteral{3C}{\isacharless}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   533 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}And\ b{\isadigit{1}}\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}evalb\ env\ b{\isadigit{1}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ evalb\ env\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   534 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}Neg\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ evalb\ env\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   535 \begin{isamarkuptext}%
   536 Since the value of an expression depends on the value of its
   537   variables, the functions \isa{evala} and \isa{evalb} take an
   538   additional parameter, an \emph{environment} that maps variables to
   539   their values.
   540 
   541   \medskip Substitution on expressions can be defined similarly.  The
   542   mapping \isa{f} of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} given as a
   543   parameter is lifted canonically on the types \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} and
   544   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequote}}}, respectively.%
   545 \end{isamarkuptext}%
   546 \isamarkuptrue%
   547 \isacommand{primrec}\isamarkupfalse%
   548 \ substa\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   549 \ \ \isakeyword{and}\ substb\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   550 \isakeyword{where}\isanewline
   551 \ \ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}IF\ b\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ IF\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   552 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Sum\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Sum\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   553 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Diff\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Diff\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   554 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Var\ v{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ f\ v{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   555 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Num\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Num\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   556 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}Less\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Less\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   557 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}And\ b{\isadigit{1}}\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ And\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   558 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}Neg\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Neg\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   559 \begin{isamarkuptext}%
   560 In textbooks about semantics one often finds substitution
   561   theorems, which express the relationship between substitution and
   562   evaluation.  For \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequote}}}, we can prove
   563   such a theorem by mutual induction, followed by simplification.%
   564 \end{isamarkuptext}%
   565 \isamarkuptrue%
   566 \isacommand{lemma}\isamarkupfalse%
   567 \ subst{\isaliteral{5F}{\isacharunderscore}}one{\isaliteral{3A}{\isacharcolon}}\isanewline
   568 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}substa\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ {\isaliteral{28}{\isacharparenleft}}env\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   569 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}substb\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evalb\ {\isaliteral{28}{\isacharparenleft}}env\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   570 %
   571 \isadelimproof
   572 \ \ %
   573 \endisadelimproof
   574 %
   575 \isatagproof
   576 \isacommand{by}\isamarkupfalse%
   577 \ {\isaliteral{28}{\isacharparenleft}}induct\ a\ \isakeyword{and}\ b{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   578 \endisatagproof
   579 {\isafoldproof}%
   580 %
   581 \isadelimproof
   582 \isanewline
   583 %
   584 \endisadelimproof
   585 \isanewline
   586 \isacommand{lemma}\isamarkupfalse%
   587 \ subst{\isaliteral{5F}{\isacharunderscore}}all{\isaliteral{3A}{\isacharcolon}}\isanewline
   588 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}substa\ s\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ evala\ env\ {\isaliteral{28}{\isacharparenleft}}s\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   589 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}substb\ s\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evalb\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ evala\ env\ {\isaliteral{28}{\isacharparenleft}}s\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   590 %
   591 \isadelimproof
   592 \ \ %
   593 \endisadelimproof
   594 %
   595 \isatagproof
   596 \isacommand{by}\isamarkupfalse%
   597 \ {\isaliteral{28}{\isacharparenleft}}induct\ a\ \isakeyword{and}\ b{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   598 \endisatagproof
   599 {\isafoldproof}%
   600 %
   601 \isadelimproof
   602 %
   603 \endisadelimproof
   604 %
   605 \isamarkupsubsubsection{Example: a substitution function for terms%
   606 }
   607 \isamarkuptrue%
   608 %
   609 \begin{isamarkuptext}%
   610 Functions on datatypes with nested recursion are also defined
   611   by mutual primitive recursion.%
   612 \end{isamarkuptext}%
   613 \isamarkuptrue%
   614 \isacommand{datatype}\isamarkupfalse%
   615 \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{22}{\isachardoublequoteopen}}term{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{3D}{\isacharequal}}\ Var\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{7C}{\isacharbar}}\ App\ {\isaliteral{27}{\isacharprime}}b\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequoteclose}}%
   616 \begin{isamarkuptext}%
   617 A substitution function on type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequote}}} can be
   618   defined as follows, by working simultaneously on \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequote}}}:%
   619 \end{isamarkuptext}%
   620 \isamarkuptrue%
   621 \isacommand{primrec}\isamarkupfalse%
   622 \ subst{\isaliteral{5F}{\isacharunderscore}}term\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{and}\isanewline
   623 \ \ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   624 \isakeyword{where}\isanewline
   625 \ \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ {\isaliteral{28}{\isacharparenleft}}Var\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ f\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   626 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ {\isaliteral{28}{\isacharparenleft}}App\ b\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ App\ b\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ ts{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   627 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   628 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ {\isaliteral{28}{\isacharparenleft}}t\ {\isaliteral{23}{\isacharhash}}\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ t\ {\isaliteral{23}{\isacharhash}}\ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ ts{\isaliteral{22}{\isachardoublequoteclose}}%
   629 \begin{isamarkuptext}%
   630 The recursion scheme follows the structure of the unfolded
   631   definition of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequote}}}.  To prove properties of this
   632   substitution function, mutual induction is needed:%
   633 \end{isamarkuptext}%
   634 \isamarkuptrue%
   635 \isacommand{lemma}\isamarkupfalse%
   636 \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{2}}\ t{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{and}\isanewline
   637 \ \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ ts\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f{\isadigit{1}}\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f{\isadigit{2}}\ ts{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   638 %
   639 \isadelimproof
   640 \ \ %
   641 \endisadelimproof
   642 %
   643 \isatagproof
   644 \isacommand{by}\isamarkupfalse%
   645 \ {\isaliteral{28}{\isacharparenleft}}induct\ t\ \isakeyword{and}\ ts{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   646 \endisatagproof
   647 {\isafoldproof}%
   648 %
   649 \isadelimproof
   650 %
   651 \endisadelimproof
   652 %
   653 \isamarkupsubsubsection{Example: a map function for infinitely branching trees%
   654 }
   655 \isamarkuptrue%
   656 %
   657 \begin{isamarkuptext}%
   658 Defining functions on infinitely branching datatypes by
   659   primitive recursion is just as easy.%
   660 \end{isamarkuptext}%
   661 \isamarkuptrue%
   662 \isacommand{datatype}\isamarkupfalse%
   663 \ {\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{3D}{\isacharequal}}\ Atom\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{7C}{\isacharbar}}\ Branch\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ tree{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   664 \isanewline
   665 \isacommand{primrec}\isamarkupfalse%
   666 \ map{\isaliteral{5F}{\isacharunderscore}}tree\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ tree{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   667 \isakeyword{where}\isanewline
   668 \ \ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}Atom\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Atom\ {\isaliteral{28}{\isacharparenleft}}f\ a{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   669 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}Branch\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Branch\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}ts\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   670 \begin{isamarkuptext}%
   671 Note that all occurrences of functions such as \isa{ts}
   672   above must be applied to an argument.  In particular, \isa{{\isaliteral{22}{\isachardoublequote}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ ts{\isaliteral{22}{\isachardoublequote}}} is not allowed here.%
   673 \end{isamarkuptext}%
   674 \isamarkuptrue%
   675 %
   676 \begin{isamarkuptext}%
   677 Here is a simple composition lemma for \isa{map{\isaliteral{5F}{\isacharunderscore}}tree}:%
   678 \end{isamarkuptext}%
   679 \isamarkuptrue%
   680 \isacommand{lemma}\isamarkupfalse%
   681 \ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ g\ {\isaliteral{28}{\isacharparenleft}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ map{\isaliteral{5F}{\isacharunderscore}}tree\ {\isaliteral{28}{\isacharparenleft}}g\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   682 %
   683 \isadelimproof
   684 \ \ %
   685 \endisadelimproof
   686 %
   687 \isatagproof
   688 \isacommand{by}\isamarkupfalse%
   689 \ {\isaliteral{28}{\isacharparenleft}}induct\ t{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   690 \endisatagproof
   691 {\isafoldproof}%
   692 %
   693 \isadelimproof
   694 %
   695 \endisadelimproof
   696 %
   697 \isamarkupsubsection{Proof methods related to recursive definitions%
   698 }
   699 \isamarkuptrue%
   700 %
   701 \begin{isamarkuptext}%
   702 \begin{matharray}{rcl}
   703     \indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.pat-completeness}{\hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}}} & : & \isa{method} \\
   704     \indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isa{method} \\
   705     \indexdef{HOL}{method}{lexicographic\_order}\hypertarget{method.HOL.lexicographic-order}{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}} & : & \isa{method} \\
   706     \indexdef{HOL}{method}{size\_change}\hypertarget{method.HOL.size-change}{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}} & : & \isa{method} \\
   707   \end{matharray}
   708 
   709   \begin{railoutput}
   710 \rail@begin{1}{}
   711 \rail@term{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}}[]
   712 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   713 \rail@end
   714 \rail@begin{2}{}
   715 \rail@term{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}}[]
   716 \rail@plus
   717 \rail@nextplus{1}
   718 \rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   719 \rail@endplus
   720 \rail@end
   721 \rail@begin{2}{}
   722 \rail@term{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}}[]
   723 \rail@nont{\isa{orders}}[]
   724 \rail@plus
   725 \rail@nextplus{1}
   726 \rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   727 \rail@endplus
   728 \rail@end
   729 \rail@begin{4}{\isa{orders}}
   730 \rail@plus
   731 \rail@nextplus{1}
   732 \rail@bar
   733 \rail@term{\isa{max}}[]
   734 \rail@nextbar{2}
   735 \rail@term{\isa{min}}[]
   736 \rail@nextbar{3}
   737 \rail@term{\isa{ms}}[]
   738 \rail@endbar
   739 \rail@endplus
   740 \rail@end
   741 \end{railoutput}
   742 
   743 
   744   \begin{description}
   745 
   746   \item \hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}} is a specialized method to
   747   solve goals regarding the completeness of pattern matching, as
   748   required by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} package (cf.\
   749   \cite{isabelle-function}).
   750 
   751   \item \hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R} introduces a termination
   752   proof using the relation \isa{R}.  The resulting proof state will
   753   contain goals expressing that \isa{R} is wellfounded, and that the
   754   arguments of recursive calls decrease with respect to \isa{R}.
   755   Usually, this method is used as the initial proof step of manual
   756   termination proofs.
   757 
   758   \item \hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}} attempts a fully
   759   automated termination proof by searching for a lexicographic
   760   combination of size measures on the arguments of the function. The
   761   method accepts the same arguments as the \hyperlink{method.auto}{\mbox{\isa{auto}}} method,
   762   which it uses internally to prove local descents.  The \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}} modifiers are accepted (as for \hyperlink{method.auto}{\mbox{\isa{auto}}}).
   763 
   764   In case of failure, extensive information is printed, which can help
   765   to analyse the situation (cf.\ \cite{isabelle-function}).
   766 
   767   \item \hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}} also works on termination goals,
   768   using a variation of the size-change principle, together with a
   769   graph decomposition technique (see \cite{krauss_phd} for details).
   770   Three kinds of orders are used internally: \isa{max}, \isa{min},
   771   and \isa{ms} (multiset), which is only available when the theory
   772   \isa{Multiset} is loaded. When no order kinds are given, they are
   773   tried in order. The search for a termination proof uses SAT solving
   774   internally.
   775 
   776   For local descent proofs, the \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}} modifiers are
   777   accepted (as for \hyperlink{method.auto}{\mbox{\isa{auto}}}).
   778 
   779   \end{description}%
   780 \end{isamarkuptext}%
   781 \isamarkuptrue%
   782 %
   783 \isamarkupsubsection{Functions with explicit partiality%
   784 }
   785 \isamarkuptrue%
   786 %
   787 \begin{isamarkuptext}%
   788 \begin{matharray}{rcl}
   789     \indexdef{HOL}{command}{partial\_function}\hypertarget{command.HOL.partial-function}{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   790     \indexdef{HOL}{attribute}{partial\_function\_mono}\hypertarget{attribute.HOL.partial-function-mono}{\hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}}} & : & \isa{attribute} \\
   791   \end{matharray}
   792 
   793   \begin{railoutput}
   794 \rail@begin{5}{}
   795 \rail@term{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}}[]
   796 \rail@bar
   797 \rail@nextbar{1}
   798 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   799 \rail@endbar
   800 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   801 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
   802 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   803 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   804 \rail@cr{3}
   805 \rail@term{\isa{\isakeyword{where}}}[]
   806 \rail@bar
   807 \rail@nextbar{4}
   808 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   809 \rail@endbar
   810 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   811 \rail@end
   812 \end{railoutput}
   813 
   814 
   815   \begin{description}
   816 
   817   \item \hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}mode{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} defines
   818   recursive functions based on fixpoints in complete partial
   819   orders. No termination proof is required from the user or
   820   constructed internally. Instead, the possibility of non-termination
   821   is modelled explicitly in the result type, which contains an
   822   explicit bottom element.
   823 
   824   Pattern matching and mutual recursion are currently not supported.
   825   Thus, the specification consists of a single function described by a
   826   single recursive equation.
   827 
   828   There are no fixed syntactic restrictions on the body of the
   829   function, but the induced functional must be provably monotonic
   830   wrt.\ the underlying order.  The monotonicitity proof is performed
   831   internally, and the definition is rejected when it fails. The proof
   832   can be influenced by declaring hints using the
   833   \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} attribute.
   834 
   835   The mandatory \isa{mode} argument specifies the mode of operation
   836   of the command, which directly corresponds to a complete partial
   837   order on the result type. By default, the following modes are
   838   defined:
   839 
   840   \begin{description}
   841   \item \isa{option} defines functions that map into the \isa{option} type. Here, the value \isa{None} is used to model a
   842   non-terminating computation. Monotonicity requires that if \isa{None} is returned by a recursive call, then the overall result
   843   must also be \isa{None}. This is best achieved through the use of
   844   the monadic operator \isa{{\isaliteral{22}{\isachardoublequote}}Option{\isaliteral{2E}{\isachardot}}bind{\isaliteral{22}{\isachardoublequote}}}.
   845 
   846   \item \isa{tailrec} defines functions with an arbitrary result
   847   type and uses the slightly degenerated partial order where \isa{{\isaliteral{22}{\isachardoublequote}}undefined{\isaliteral{22}{\isachardoublequote}}} is the bottom element.  Now, monotonicity requires that
   848   if \isa{undefined} is returned by a recursive call, then the
   849   overall result must also be \isa{undefined}. In practice, this is
   850   only satisfied when each recursive call is a tail call, whose result
   851   is directly returned. Thus, this mode of operation allows the
   852   definition of arbitrary tail-recursive functions.
   853   \end{description}
   854 
   855   Experienced users may define new modes by instantiating the locale
   856   \isa{{\isaliteral{22}{\isachardoublequote}}partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}definitions{\isaliteral{22}{\isachardoublequote}}} appropriately.
   857 
   858   \item \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} declares rules for
   859   use in the internal monononicity proofs of partial function
   860   definitions.
   861 
   862   \end{description}%
   863 \end{isamarkuptext}%
   864 \isamarkuptrue%
   865 %
   866 \isamarkupsubsection{Old-style recursive function definitions (TFL)%
   867 }
   868 \isamarkuptrue%
   869 %
   870 \begin{isamarkuptext}%
   871 The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.
   872 
   873   \begin{matharray}{rcl}
   874     \indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   875     \indexdef{HOL}{command}{recdef\_tc}\hypertarget{command.HOL.recdef-tc}{\hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   876   \end{matharray}
   877 
   878   \begin{railoutput}
   879 \rail@begin{5}{}
   880 \rail@term{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}}[]
   881 \rail@bar
   882 \rail@nextbar{1}
   883 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   884 \rail@term{\isa{\isakeyword{permissive}}}[]
   885 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   886 \rail@endbar
   887 \rail@cr{3}
   888 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
   889 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   890 \rail@plus
   891 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   892 \rail@nextplus{4}
   893 \rail@endplus
   894 \rail@bar
   895 \rail@nextbar{4}
   896 \rail@nont{\isa{hints}}[]
   897 \rail@endbar
   898 \rail@end
   899 \rail@begin{2}{}
   900 \rail@nont{\isa{recdeftc}}[]
   901 \rail@bar
   902 \rail@nextbar{1}
   903 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   904 \rail@endbar
   905 \rail@nont{\isa{tc}}[]
   906 \rail@end
   907 \rail@begin{2}{\isa{hints}}
   908 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   909 \rail@term{\isa{\isakeyword{hints}}}[]
   910 \rail@plus
   911 \rail@nextplus{1}
   912 \rail@cnont{\isa{recdefmod}}[]
   913 \rail@endplus
   914 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   915 \rail@end
   916 \rail@begin{4}{\isa{recdefmod}}
   917 \rail@bar
   918 \rail@bar
   919 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}[]
   920 \rail@nextbar{1}
   921 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}[]
   922 \rail@nextbar{2}
   923 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}[]
   924 \rail@endbar
   925 \rail@bar
   926 \rail@nextbar{1}
   927 \rail@term{\isa{add}}[]
   928 \rail@nextbar{2}
   929 \rail@term{\isa{del}}[]
   930 \rail@endbar
   931 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
   932 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
   933 \rail@nextbar{3}
   934 \rail@nont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   935 \rail@endbar
   936 \rail@end
   937 \rail@begin{2}{\isa{tc}}
   938 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
   939 \rail@bar
   940 \rail@nextbar{1}
   941 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   942 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
   943 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   944 \rail@endbar
   945 \rail@end
   946 \end{railoutput}
   947 
   948 
   949   \begin{description}
   950 
   951   \item \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} defines general well-founded
   952   recursive functions (using the TFL package), see also
   953   \cite{isabelle-HOL}.  The ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}permissive{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option tells
   954   TFL to recover from failed proof attempts, returning unfinished
   955   results.  The \isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}, \isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}, and \isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf} hints refer to auxiliary rules to be used in the internal
   956   automated proof process of TFL.  Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}
   957   declarations may be given to tune the context of the Simplifier
   958   (cf.\ \secref{sec:simplifier}) and Classical reasoner (cf.\
   959   \secref{sec:classical}).
   960 
   961   \item \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}c\ {\isaliteral{28}{\isacharparenleft}}i{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} recommences the
   962   proof for leftover termination condition number \isa{i} (default
   963   1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of
   964   constant \isa{c}.
   965 
   966   Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish
   967   its internal proofs without manual intervention.
   968 
   969   \end{description}
   970 
   971   \medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared
   972   globally, using the following attributes.
   973 
   974   \begin{matharray}{rcl}
   975     \indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdef-simp}{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}} & : & \isa{attribute} \\
   976     \indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdef-cong}{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}} & : & \isa{attribute} \\
   977     \indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdef-wf}{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}} & : & \isa{attribute} \\
   978   \end{matharray}
   979 
   980   \begin{railoutput}
   981 \rail@begin{3}{}
   982 \rail@bar
   983 \rail@term{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}}[]
   984 \rail@nextbar{1}
   985 \rail@term{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}}[]
   986 \rail@nextbar{2}
   987 \rail@term{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}}[]
   988 \rail@endbar
   989 \rail@bar
   990 \rail@nextbar{1}
   991 \rail@term{\isa{add}}[]
   992 \rail@nextbar{2}
   993 \rail@term{\isa{del}}[]
   994 \rail@endbar
   995 \rail@end
   996 \end{railoutput}%
   997 \end{isamarkuptext}%
   998 \isamarkuptrue%
   999 %
  1000 \isamarkupsection{Datatypes \label{sec:hol-datatype}%
  1001 }
  1002 \isamarkuptrue%
  1003 %
  1004 \begin{isamarkuptext}%
  1005 \begin{matharray}{rcl}
  1006     \indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  1007     \indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.rep-datatype}{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  1008   \end{matharray}
  1009 
  1010   \begin{railoutput}
  1011 \rail@begin{2}{}
  1012 \rail@term{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}}[]
  1013 \rail@plus
  1014 \rail@nont{\isa{spec}}[]
  1015 \rail@nextplus{1}
  1016 \rail@cterm{\isa{\isakeyword{and}}}[]
  1017 \rail@endplus
  1018 \rail@end
  1019 \rail@begin{3}{}
  1020 \rail@term{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
  1021 \rail@bar
  1022 \rail@nextbar{1}
  1023 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1024 \rail@plus
  1025 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1026 \rail@nextplus{2}
  1027 \rail@endplus
  1028 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1029 \rail@endbar
  1030 \rail@plus
  1031 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1032 \rail@nextplus{1}
  1033 \rail@endplus
  1034 \rail@end
  1035 \rail@begin{2}{\isa{spec}}
  1036 \rail@bar
  1037 \rail@nextbar{1}
  1038 \rail@nont{\hyperlink{syntax.parname}{\mbox{\isa{parname}}}}[]
  1039 \rail@endbar
  1040 \rail@nont{\hyperlink{syntax.typespec}{\mbox{\isa{typespec}}}}[]
  1041 \rail@bar
  1042 \rail@nextbar{1}
  1043 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1044 \rail@endbar
  1045 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1046 \rail@plus
  1047 \rail@nont{\isa{cons}}[]
  1048 \rail@nextplus{1}
  1049 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
  1050 \rail@endplus
  1051 \rail@end
  1052 \rail@begin{2}{\isa{cons}}
  1053 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1054 \rail@plus
  1055 \rail@nextplus{1}
  1056 \rail@cnont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1057 \rail@endplus
  1058 \rail@bar
  1059 \rail@nextbar{1}
  1060 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1061 \rail@endbar
  1062 \rail@end
  1063 \end{railoutput}
  1064 
  1065 
  1066   \begin{description}
  1067 
  1068   \item \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} defines inductive datatypes in
  1069   HOL.
  1070 
  1071   \item \hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}} represents existing types as
  1072   datatypes.
  1073 
  1074   For foundational reasons, some basic types such as \isa{nat}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{2B}{\isacharplus}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{22}{\isachardoublequote}}}, \isa{bool} and \isa{unit} are
  1075   introduced by more primitive means using \indexref{}{command}{typedef}\hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}}.  To
  1076   recover the rich infrastructure of \hyperlink{command.datatype}{\mbox{\isa{\isacommand{datatype}}}} (e.g.\ rules
  1077   for \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} and the primitive recursion
  1078   combinators), such types may be represented as actual datatypes
  1079   later.  This is done by specifying the constructors of the desired
  1080   type, and giving a proof of the induction rule, distinctness and
  1081   injectivity of constructors.
  1082 
  1083   For example, see \verb|~~/src/HOL/Sum_Type.thy| for the
  1084   representation of the primitive sum type as fully-featured datatype.
  1085 
  1086   \end{description}
  1087 
  1088   The generated rules for \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.cases}{\mbox{\isa{cases}}} provide
  1089   case names according to the given constructors, while parameters are
  1090   named after the types (see also \secref{sec:cases-induct}).
  1091 
  1092   See \cite{isabelle-HOL} for more details on datatypes, but beware of
  1093   the old-style theory syntax being used there!  Apart from proper
  1094   proof methods for case-analysis and induction, there are also
  1095   emulations of ML tactics \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} available, see \secref{sec:hol-induct-tac}; these admit
  1096   to refer directly to the internal structure of subgoals (including
  1097   internally bound parameters).%
  1098 \end{isamarkuptext}%
  1099 \isamarkuptrue%
  1100 %
  1101 \isamarkupsubsubsection{Examples%
  1102 }
  1103 \isamarkuptrue%
  1104 %
  1105 \begin{isamarkuptext}%
  1106 We define a type of finite sequences, with slightly different
  1107   names than the existing \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ list{\isaliteral{22}{\isachardoublequote}}} that is already in \hyperlink{theory.Main}{\mbox{\isa{Main}}}:%
  1108 \end{isamarkuptext}%
  1109 \isamarkuptrue%
  1110 \isacommand{datatype}\isamarkupfalse%
  1111 \ {\isaliteral{27}{\isacharprime}}a\ seq\ {\isaliteral{3D}{\isacharequal}}\ Empty\ {\isaliteral{7C}{\isacharbar}}\ Seq\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ seq{\isaliteral{22}{\isachardoublequoteclose}}%
  1112 \begin{isamarkuptext}%
  1113 We can now prove some simple lemma by structural induction:%
  1114 \end{isamarkuptext}%
  1115 \isamarkuptrue%
  1116 \isacommand{lemma}\isamarkupfalse%
  1117 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ xs\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ xs{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1118 %
  1119 \isadelimproof
  1120 %
  1121 \endisadelimproof
  1122 %
  1123 \isatagproof
  1124 \isacommand{proof}\isamarkupfalse%
  1125 \ {\isaliteral{28}{\isacharparenleft}}induct\ xs\ arbitrary{\isaliteral{3A}{\isacharcolon}}\ x{\isaliteral{29}{\isacharparenright}}\isanewline
  1126 \ \ \isacommand{case}\isamarkupfalse%
  1127 \ Empty%
  1128 \begin{isamarkuptxt}%
  1129 This case can be proved using the simplifier: the freeness
  1130     properties of the datatype are already declared as \hyperlink{attribute.simp}{\mbox{\isa{simp}}} rules.%
  1131 \end{isamarkuptxt}%
  1132 \isamarkuptrue%
  1133 \ \ \isacommand{show}\isamarkupfalse%
  1134 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ Empty\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Empty{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1135 \ \ \ \ \isacommand{by}\isamarkupfalse%
  1136 \ simp\isanewline
  1137 \isacommand{next}\isamarkupfalse%
  1138 \isanewline
  1139 \ \ \isacommand{case}\isamarkupfalse%
  1140 \ {\isaliteral{28}{\isacharparenleft}}Seq\ y\ ys{\isaliteral{29}{\isacharparenright}}%
  1141 \begin{isamarkuptxt}%
  1142 The step case is proved similarly.%
  1143 \end{isamarkuptxt}%
  1144 \isamarkuptrue%
  1145 \ \ \isacommand{show}\isamarkupfalse%
  1146 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ {\isaliteral{28}{\isacharparenleft}}Seq\ y\ ys{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Seq\ y\ ys{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1147 \ \ \ \ \isacommand{using}\isamarkupfalse%
  1148 \ {\isaliteral{60}{\isacharbackquoteopen}}Seq\ y\ ys\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ ys{\isaliteral{60}{\isacharbackquoteclose}}\ \isacommand{by}\isamarkupfalse%
  1149 \ simp\isanewline
  1150 \isacommand{qed}\isamarkupfalse%
  1151 %
  1152 \endisatagproof
  1153 {\isafoldproof}%
  1154 %
  1155 \isadelimproof
  1156 %
  1157 \endisadelimproof
  1158 %
  1159 \begin{isamarkuptext}%
  1160 Here is a more succinct version of the same proof:%
  1161 \end{isamarkuptext}%
  1162 \isamarkuptrue%
  1163 \isacommand{lemma}\isamarkupfalse%
  1164 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ xs\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ xs{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1165 %
  1166 \isadelimproof
  1167 \ \ %
  1168 \endisadelimproof
  1169 %
  1170 \isatagproof
  1171 \isacommand{by}\isamarkupfalse%
  1172 \ {\isaliteral{28}{\isacharparenleft}}induct\ xs\ arbitrary{\isaliteral{3A}{\isacharcolon}}\ x{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
  1173 \endisatagproof
  1174 {\isafoldproof}%
  1175 %
  1176 \isadelimproof
  1177 %
  1178 \endisadelimproof
  1179 %
  1180 \isamarkupsection{Records \label{sec:hol-record}%
  1181 }
  1182 \isamarkuptrue%
  1183 %
  1184 \begin{isamarkuptext}%
  1185 In principle, records merely generalize the concept of tuples, where
  1186   components may be addressed by labels instead of just position.  The
  1187   logical infrastructure of records in Isabelle/HOL is slightly more
  1188   advanced, though, supporting truly extensible record schemes.  This
  1189   admits operations that are polymorphic with respect to record
  1190   extension, yielding ``object-oriented'' effects like (single)
  1191   inheritance.  See also \cite{NaraschewskiW-TPHOLs98} for more
  1192   details on object-oriented verification and record subtyping in HOL.%
  1193 \end{isamarkuptext}%
  1194 \isamarkuptrue%
  1195 %
  1196 \isamarkupsubsection{Basic concepts%
  1197 }
  1198 \isamarkuptrue%
  1199 %
  1200 \begin{isamarkuptext}%
  1201 Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
  1202   at the level of terms and types.  The notation is as follows:
  1203 
  1204   \begin{center}
  1205   \begin{tabular}{l|l|l}
  1206     & record terms & record types \\ \hline
  1207     fixed & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1208     schematic & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} &
  1209       \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ M{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1210   \end{tabular}
  1211   \end{center}
  1212 
  1213   \noindent The ASCII representation of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{7C}{\isacharbar}}\ x\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{7C}{\isacharbar}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}.
  1214 
  1215   A fixed record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} has field \isa{x} of value
  1216   \isa{a} and field \isa{y} of value \isa{b}.  The corresponding
  1217   type is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, assuming that \isa{{\isaliteral{22}{\isachardoublequote}}a\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{22}{\isachardoublequote}}}
  1218   and \isa{{\isaliteral{22}{\isachardoublequote}}b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{22}{\isachardoublequote}}}.
  1219 
  1220   A record scheme like \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} contains fields
  1221   \isa{x} and \isa{y} as before, but also possibly further fields
  1222   as indicated by the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' notation (which is actually part
  1223   of the syntax).  The improper field ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' of a record
  1224   scheme is called the \emph{more part}.  Logically it is just a free
  1225   variable, which is occasionally referred to as ``row variable'' in
  1226   the literature.  The more part of a record scheme may be
  1227   instantiated by zero or more further components.  For example, the
  1228   previous scheme may get instantiated to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{27}{\isacharprime}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, where \isa{m{\isaliteral{27}{\isacharprime}}} refers to a different more part.
  1229   Fixed records are special instances of record schemes, where
  1230   ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' is properly terminated by the \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ unit{\isaliteral{22}{\isachardoublequote}}}
  1231   element.  In fact, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is just an abbreviation
  1232   for \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
  1233 
  1234   \medskip Two key observations make extensible records in a simply
  1235   typed language like HOL work out:
  1236 
  1237   \begin{enumerate}
  1238 
  1239   \item the more part is internalized, as a free term or type
  1240   variable,
  1241 
  1242   \item field names are externalized, they cannot be accessed within
  1243   the logic as first-class values.
  1244 
  1245   \end{enumerate}
  1246 
  1247   \medskip In Isabelle/HOL record types have to be defined explicitly,
  1248   fixing their field names and types, and their (optional) parent
  1249   record.  Afterwards, records may be formed using above syntax, while
  1250   obeying the canonical order of fields as given by their declaration.
  1251   The record package provides several standard operations like
  1252   selectors and updates.  The common setup for various generic proof
  1253   tools enable succinct reasoning patterns.  See also the Isabelle/HOL
  1254   tutorial \cite{isabelle-hol-book} for further instructions on using
  1255   records in practice.%
  1256 \end{isamarkuptext}%
  1257 \isamarkuptrue%
  1258 %
  1259 \isamarkupsubsection{Record specifications%
  1260 }
  1261 \isamarkuptrue%
  1262 %
  1263 \begin{isamarkuptext}%
  1264 \begin{matharray}{rcl}
  1265     \indexdef{HOL}{command}{record}\hypertarget{command.HOL.record}{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  1266   \end{matharray}
  1267 
  1268   \begin{railoutput}
  1269 \rail@begin{4}{}
  1270 \rail@term{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}}[]
  1271 \rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
  1272 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1273 \rail@cr{2}
  1274 \rail@bar
  1275 \rail@nextbar{3}
  1276 \rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1277 \rail@term{\isa{{\isaliteral{2B}{\isacharplus}}}}[]
  1278 \rail@endbar
  1279 \rail@plus
  1280 \rail@nont{\hyperlink{syntax.constdecl}{\mbox{\isa{constdecl}}}}[]
  1281 \rail@nextplus{3}
  1282 \rail@endplus
  1283 \rail@end
  1284 \end{railoutput}
  1285 
  1286 
  1287   \begin{description}
  1288 
  1289   \item \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{2B}{\isacharplus}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} defines extensible record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}},
  1290   derived from the optional parent record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} by adding new
  1291   field components \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} etc.
  1292 
  1293   The type variables of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} need to be
  1294   covered by the (distinct) parameters \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{22}{\isachardoublequote}}}.  Type constructor \isa{t} has to be new, while \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} needs to specify an instance of an existing record type.  At
  1295   least one new field \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} has to be specified.
  1296   Basically, field names need to belong to a unique record.  This is
  1297   not a real restriction in practice, since fields are qualified by
  1298   the record name internally.
  1299 
  1300   The parent record specification \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} is optional; if omitted
  1301   \isa{t} becomes a root record.  The hierarchy of all records
  1302   declared within a theory context forms a forest structure, i.e.\ a
  1303   set of trees starting with a root record each.  There is no way to
  1304   merge multiple parent records!
  1305 
  1306   For convenience, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is made a
  1307   type abbreviation for the fixed record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, likewise is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{5F}{\isacharunderscore}}scheme{\isaliteral{22}{\isachardoublequote}}} made an abbreviation for
  1308   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
  1309 
  1310   \end{description}%
  1311 \end{isamarkuptext}%
  1312 \isamarkuptrue%
  1313 %
  1314 \isamarkupsubsection{Record operations%
  1315 }
  1316 \isamarkuptrue%
  1317 %
  1318 \begin{isamarkuptext}%
  1319 Any record definition of the form presented above produces certain
  1320   standard operations.  Selectors and updates are provided for any
  1321   field, including the improper one ``\isa{more}''.  There are also
  1322   cumulative record constructor functions.  To simplify the
  1323   presentation below, we assume for now that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is a root record with fields \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}}.
  1324 
  1325   \medskip \textbf{Selectors} and \textbf{updates} are available for
  1326   any field (including ``\isa{more}''):
  1327 
  1328   \begin{matharray}{lll}
  1329     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
  1330     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1331   \end{matharray}
  1332 
  1333   There is special syntax for application of updates: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} abbreviates term \isa{{\isaliteral{22}{\isachardoublequote}}x{\isaliteral{5F}{\isacharunderscore}}update\ a\ r{\isaliteral{22}{\isachardoublequote}}}.  Further notation for
  1334   repeated updates is also available: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} may be written \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.  Note that
  1335   because of postfix notation the order of fields shown here is
  1336   reverse than in the actual term.  Since repeated updates are just
  1337   function applications, fields may be freely permuted in \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, as far as logical equality is concerned.
  1338   Thus commutativity of independent updates can be proven within the
  1339   logic for any two fields, but not as a general theorem.
  1340 
  1341   \medskip The \textbf{make} operation provides a cumulative record
  1342   constructor function:
  1343 
  1344   \begin{matharray}{lll}
  1345     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1346   \end{matharray}
  1347 
  1348   \medskip We now reconsider the case of non-root records, which are
  1349   derived of some parent.  In general, the latter may depend on
  1350   another parent as well, resulting in a list of \emph{ancestor
  1351   records}.  Appending the lists of fields of all ancestors results in
  1352   a certain field prefix.  The record package automatically takes care
  1353   of this by lifting operations over this context of ancestor fields.
  1354   Assuming that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} has ancestor
  1355   fields \isa{{\isaliteral{22}{\isachardoublequote}}b\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ b\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{22}{\isachardoublequote}}},
  1356   the above record operations will get the following types:
  1357 
  1358   \medskip
  1359   \begin{tabular}{lll}
  1360     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
  1361     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1362     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1363   \end{tabular}
  1364   \medskip
  1365 
  1366   \noindent Some further operations address the extension aspect of a
  1367   derived record scheme specifically: \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} produces a
  1368   record fragment consisting of exactly the new fields introduced here
  1369   (the result may serve as a more part elsewhere); \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}
  1370   takes a fixed record and adds a given more part; \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} restricts a record scheme to a fixed record.
  1371 
  1372   \medskip
  1373   \begin{tabular}{lll}
  1374     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1375     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1376     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1377   \end{tabular}
  1378   \medskip
  1379 
  1380   \noindent Note that \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} coincide
  1381   for root records.%
  1382 \end{isamarkuptext}%
  1383 \isamarkuptrue%
  1384 %
  1385 \isamarkupsubsection{Derived rules and proof tools%
  1386 }
  1387 \isamarkuptrue%
  1388 %
  1389 \begin{isamarkuptext}%
  1390 The record package proves several results internally, declaring
  1391   these facts to appropriate proof tools.  This enables users to
  1392   reason about record structures quite conveniently.  Assume that
  1393   \isa{t} is a record type as specified above.
  1394 
  1395   \begin{enumerate}
  1396 
  1397   \item Standard conversions for selectors or updates applied to
  1398   record constructor terms are made part of the default Simplifier
  1399   context; thus proofs by reduction of basic operations merely require
  1400   the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments.  These rules
  1401   are available as \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, too.
  1402 
  1403   \item Selectors applied to updated records are automatically reduced
  1404   by an internal simplification procedure, which is also part of the
  1405   standard Simplifier setup.
  1406 
  1407   \item Inject equations of a form analogous to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{27}{\isacharprime}}{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ x\ {\isaliteral{3D}{\isacharequal}}\ x{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ y\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} are declared to the Simplifier and Classical
  1408   Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules.  These rules are available as
  1409   \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}iffs{\isaliteral{22}{\isachardoublequote}}}.
  1410 
  1411   \item The introduction rule for record equality analogous to \isa{{\isaliteral{22}{\isachardoublequote}}x\ r\ {\isaliteral{3D}{\isacharequal}}\ x\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ y\ r\ {\isaliteral{3D}{\isacharequal}}\ y\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ {\isaliteral{3D}{\isacharequal}}\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} is declared to the Simplifier,
  1412   and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}''.
  1413   The rule is called \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}equality{\isaliteral{22}{\isachardoublequote}}}.
  1414 
  1415   \item Representations of arbitrary record expressions as canonical
  1416   constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,
  1417   \secref{sec:cases-induct}).  Several variations are available, for
  1418   fixed records, record schemes, more parts etc.
  1419 
  1420   The generic proof methods are sufficiently smart to pick the most
  1421   sensible rule according to the type of the indicated record
  1422   expression: users just need to apply something like ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}cases\ r{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' to a certain proof problem.
  1423 
  1424   \item The derived record operations \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} are \emph{not}
  1425   treated automatically, but usually need to be expanded by hand,
  1426   using the collective fact \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}defs{\isaliteral{22}{\isachardoublequote}}}.
  1427 
  1428   \end{enumerate}%
  1429 \end{isamarkuptext}%
  1430 \isamarkuptrue%
  1431 %
  1432 \isamarkupsubsubsection{Examples%
  1433 }
  1434 \isamarkuptrue%
  1435 %
  1436 \begin{isamarkuptext}%
  1437 See \verb|~~/src/HOL/ex/Records.thy|, for example.%
  1438 \end{isamarkuptext}%
  1439 \isamarkuptrue%
  1440 %
  1441 \isamarkupsection{Adhoc tuples%
  1442 }
  1443 \isamarkuptrue%
  1444 %
  1445 \begin{isamarkuptext}%
  1446 \begin{matharray}{rcl}
  1447     \indexdef{HOL}{attribute}{split\_format}\hypertarget{attribute.HOL.split-format}{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{attribute} \\
  1448   \end{matharray}
  1449 
  1450   \begin{railoutput}
  1451 \rail@begin{2}{}
  1452 \rail@term{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}[]
  1453 \rail@bar
  1454 \rail@nextbar{1}
  1455 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1456 \rail@term{\isa{complete}}[]
  1457 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1458 \rail@endbar
  1459 \rail@end
  1460 \end{railoutput}
  1461 
  1462 
  1463   \begin{description}
  1464 
  1465   \item \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}\ \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}complete{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} causes
  1466   arguments in function applications to be represented canonically
  1467   according to their tuple type structure.
  1468 
  1469   Note that this operation tends to invent funny names for new local
  1470   parameters introduced.
  1471 
  1472   \end{description}%
  1473 \end{isamarkuptext}%
  1474 \isamarkuptrue%
  1475 %
  1476 \isamarkupsection{Typedef axiomatization \label{sec:hol-typedef}%
  1477 }
  1478 \isamarkuptrue%
  1479 %
  1480 \begin{isamarkuptext}%
  1481 A Gordon/HOL-style type definition is a certain axiom scheme
  1482   that identifies a new type with a subset of an existing type.  More
  1483   precisely, the new type is defined by exhibiting an existing type
  1484   \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}}, a set \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ set{\isaliteral{22}{\isachardoublequote}}}, and a theorem that proves
  1485   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A{\isaliteral{22}{\isachardoublequote}}}.  Thus \isa{A} is a non-empty subset of \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}}, and the new type denotes this subset.  New functions are
  1486   postulated that establish an isomorphism between the new type and
  1487   the subset.  In general, the type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} may involve type
  1488   variables \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} which means that the type definition
  1489   produces a type constructor \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} depending on
  1490   those type arguments.
  1491 
  1492   The axiomatization can be considered a ``definition'' in the sense
  1493   of the particular set-theoretic interpretation of HOL
  1494   \cite{pitts93}, where the universe of types is required to be
  1495   downwards-closed wrt.\ arbitrary non-empty subsets.  Thus genuinely
  1496   new types introduced by \hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}} stay within the range
  1497   of HOL models by construction.  Note that \indexref{}{command}{type\_synonym}\hyperlink{command.type-synonym}{\mbox{\isa{\isacommand{type{\isaliteral{5F}{\isacharunderscore}}synonym}}}} from Isabelle/Pure merely introduces syntactic
  1498   abbreviations, without any logical significance.
  1499   
  1500   \begin{matharray}{rcl}
  1501     \indexdef{HOL}{command}{typedef}\hypertarget{command.HOL.typedef}{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  1502   \end{matharray}
  1503 
  1504   \begin{railoutput}
  1505 \rail@begin{2}{}
  1506 \rail@term{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}}[]
  1507 \rail@bar
  1508 \rail@nextbar{1}
  1509 \rail@nont{\isa{alt{\isaliteral{5F}{\isacharunderscore}}name}}[]
  1510 \rail@endbar
  1511 \rail@nont{\isa{abs{\isaliteral{5F}{\isacharunderscore}}type}}[]
  1512 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1513 \rail@nont{\isa{rep{\isaliteral{5F}{\isacharunderscore}}set}}[]
  1514 \rail@end
  1515 \rail@begin{3}{\isa{alt{\isaliteral{5F}{\isacharunderscore}}name}}
  1516 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1517 \rail@bar
  1518 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1519 \rail@nextbar{1}
  1520 \rail@term{\isa{\isakeyword{open}}}[]
  1521 \rail@nextbar{2}
  1522 \rail@term{\isa{\isakeyword{open}}}[]
  1523 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1524 \rail@endbar
  1525 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1526 \rail@end
  1527 \rail@begin{2}{\isa{abs{\isaliteral{5F}{\isacharunderscore}}type}}
  1528 \rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
  1529 \rail@bar
  1530 \rail@nextbar{1}
  1531 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1532 \rail@endbar
  1533 \rail@end
  1534 \rail@begin{2}{\isa{rep{\isaliteral{5F}{\isacharunderscore}}set}}
  1535 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1536 \rail@bar
  1537 \rail@nextbar{1}
  1538 \rail@term{\isa{\isakeyword{morphisms}}}[]
  1539 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1540 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1541 \rail@endbar
  1542 \rail@end
  1543 \end{railoutput}
  1544 
  1545 
  1546   \begin{description}
  1547 
  1548   \item \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ A{\isaliteral{22}{\isachardoublequote}}}
  1549   axiomatizes a type definition in the background theory of the
  1550   current context, depending on a non-emptiness result of the set
  1551   \isa{A} that needs to be proven here.  The set \isa{A} may
  1552   contain type variables \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} as specified on the LHS,
  1553   but no term variables.
  1554 
  1555   Even though a local theory specification, the newly introduced type
  1556   constructor cannot depend on parameters or assumptions of the
  1557   context: this is structurally impossible in HOL.  In contrast, the
  1558   non-emptiness proof may use local assumptions in unusual situations,
  1559   which could result in different interpretations in target contexts:
  1560   the meaning of the bijection between the representing set \isa{A}
  1561   and the new type \isa{t} may then change in different application
  1562   contexts.
  1563 
  1564   By default, \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}} defines both a type
  1565   constructor \isa{t} for the new type, and a term constant \isa{t} for the representing set within the old type.  Use the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}open{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option to suppress a separate constant definition
  1566   altogether.  The injection from type to set is called \isa{Rep{\isaliteral{5F}{\isacharunderscore}}t},
  1567   its inverse \isa{Abs{\isaliteral{5F}{\isacharunderscore}}t}, unless explicit \hyperlink{keyword.HOL.morphisms}{\mbox{\isa{\isakeyword{morphisms}}}} specification provides alternative names.
  1568 
  1569   The core axiomatization uses the locale predicate \isa{type{\isaliteral{5F}{\isacharunderscore}}definition} as defined in Isabelle/HOL.  Various basic
  1570   consequences of that are instantiated accordingly, re-using the
  1571   locale facts with names derived from the new type constructor.  Thus
  1572   the generic \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep} is turned into the specific
  1573   \isa{{\isaliteral{22}{\isachardoublequote}}Rep{\isaliteral{5F}{\isacharunderscore}}t{\isaliteral{22}{\isachardoublequote}}}, for example.
  1574 
  1575   Theorems \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep}, \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}inverse}, and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}inverse}
  1576   provide the most basic characterization as a corresponding
  1577   injection/surjection pair (in both directions).  The derived rules
  1578   \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}inject} and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}inject} provide a more convenient version of
  1579   injectivity, suitable for automated proof tools (e.g.\ in
  1580   declarations involving \hyperlink{attribute.simp}{\mbox{\isa{simp}}} or \hyperlink{attribute.iff}{\mbox{\isa{iff}}}).
  1581   Furthermore, the rules \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}cases}~/ \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}induct}, and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}cases}~/
  1582   \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}induct} provide alternative views on
  1583   surjectivity.  These rules are already declared as set or type rules
  1584   for the generic \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} methods,
  1585   respectively.
  1586 
  1587   An alternative name for the set definition (and other derived
  1588   entities) may be specified in parentheses; the default is to use
  1589   \isa{t} directly.
  1590 
  1591   \end{description}
  1592 
  1593   \begin{warn}
  1594   If you introduce a new type axiomatically, i.e.\ via \indexref{}{command}{typedecl}\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}} and \indexref{}{command}{axiomatization}\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}, the minimum requirement
  1595   is that it has a non-empty model, to avoid immediate collapse of the
  1596   HOL logic.  Moreover, one needs to demonstrate that the
  1597   interpretation of such free-form axiomatizations can coexist with
  1598   that of the regular \indexdef{}{command}{typedef}\hypertarget{command.typedef}{\hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}}} scheme, and any extension
  1599   that other people might have introduced elsewhere (e.g.\ in HOLCF
  1600   \cite{MuellerNvOS99}).
  1601   \end{warn}%
  1602 \end{isamarkuptext}%
  1603 \isamarkuptrue%
  1604 %
  1605 \isamarkupsubsubsection{Examples%
  1606 }
  1607 \isamarkuptrue%
  1608 %
  1609 \begin{isamarkuptext}%
  1610 Type definitions permit the introduction of abstract data
  1611   types in a safe way, namely by providing models based on already
  1612   existing types.  Given some abstract axiomatic description \isa{P}
  1613   of a type, this involves two steps:
  1614 
  1615   \begin{enumerate}
  1616 
  1617   \item Find an appropriate type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} and subset \isa{A} which
  1618   has the desired properties \isa{P}, and make a type definition
  1619   based on this representation.
  1620 
  1621   \item Prove that \isa{P} holds for \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} by lifting \isa{P}
  1622   from the representation.
  1623 
  1624   \end{enumerate}
  1625 
  1626   You can later forget about the representation and work solely in
  1627   terms of the abstract properties \isa{P}.
  1628 
  1629   \medskip The following trivial example pulls a three-element type
  1630   into existence within the formal logical environment of HOL.%
  1631 \end{isamarkuptext}%
  1632 \isamarkuptrue%
  1633 \isacommand{typedef}\isamarkupfalse%
  1634 \ three\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ False{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}False{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1635 %
  1636 \isadelimproof
  1637 \ \ %
  1638 \endisadelimproof
  1639 %
  1640 \isatagproof
  1641 \isacommand{by}\isamarkupfalse%
  1642 \ blast%
  1643 \endisatagproof
  1644 {\isafoldproof}%
  1645 %
  1646 \isadelimproof
  1647 \isanewline
  1648 %
  1649 \endisadelimproof
  1650 \isanewline
  1651 \isacommand{definition}\isamarkupfalse%
  1652 \ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1653 \isacommand{definition}\isamarkupfalse%
  1654 \ {\isaliteral{22}{\isachardoublequoteopen}}Two\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ False{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1655 \isacommand{definition}\isamarkupfalse%
  1656 \ {\isaliteral{22}{\isachardoublequoteopen}}Three\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}False{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1657 \isanewline
  1658 \isacommand{lemma}\isamarkupfalse%
  1659 \ three{\isaliteral{5F}{\isacharunderscore}}distinct{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Two{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}Two\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1660 %
  1661 \isadelimproof
  1662 \ \ %
  1663 \endisadelimproof
  1664 %
  1665 \isatagproof
  1666 \isacommand{by}\isamarkupfalse%
  1667 \ {\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all\ add{\isaliteral{3A}{\isacharcolon}}\ One{\isaliteral{5F}{\isacharunderscore}}def\ Two{\isaliteral{5F}{\isacharunderscore}}def\ Three{\isaliteral{5F}{\isacharunderscore}}def\ Abs{\isaliteral{5F}{\isacharunderscore}}three{\isaliteral{5F}{\isacharunderscore}}inject\ three{\isaliteral{5F}{\isacharunderscore}}def{\isaliteral{29}{\isacharparenright}}%
  1668 \endisatagproof
  1669 {\isafoldproof}%
  1670 %
  1671 \isadelimproof
  1672 \isanewline
  1673 %
  1674 \endisadelimproof
  1675 \isanewline
  1676 \isacommand{lemma}\isamarkupfalse%
  1677 \ three{\isaliteral{5F}{\isacharunderscore}}cases{\isaliteral{3A}{\isacharcolon}}\isanewline
  1678 \ \ \isakeyword{fixes}\ x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ three\ \isakeyword{obtains}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ One{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ Two{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1679 %
  1680 \isadelimproof
  1681 \ \ %
  1682 \endisadelimproof
  1683 %
  1684 \isatagproof
  1685 \isacommand{by}\isamarkupfalse%
  1686 \ {\isaliteral{28}{\isacharparenleft}}cases\ x{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}auto\ simp{\isaliteral{3A}{\isacharcolon}}\ One{\isaliteral{5F}{\isacharunderscore}}def\ Two{\isaliteral{5F}{\isacharunderscore}}def\ Three{\isaliteral{5F}{\isacharunderscore}}def\ Abs{\isaliteral{5F}{\isacharunderscore}}three{\isaliteral{5F}{\isacharunderscore}}inject\ three{\isaliteral{5F}{\isacharunderscore}}def{\isaliteral{29}{\isacharparenright}}%
  1687 \endisatagproof
  1688 {\isafoldproof}%
  1689 %
  1690 \isadelimproof
  1691 %
  1692 \endisadelimproof
  1693 %
  1694 \begin{isamarkuptext}%
  1695 Note that such trivial constructions are better done with
  1696   derived specification mechanisms such as \hyperlink{command.datatype}{\mbox{\isa{\isacommand{datatype}}}}:%
  1697 \end{isamarkuptext}%
  1698 \isamarkuptrue%
  1699 \isacommand{datatype}\isamarkupfalse%
  1700 \ three{\isaliteral{27}{\isacharprime}}\ {\isaliteral{3D}{\isacharequal}}\ One{\isaliteral{27}{\isacharprime}}\ {\isaliteral{7C}{\isacharbar}}\ Two{\isaliteral{27}{\isacharprime}}\ {\isaliteral{7C}{\isacharbar}}\ Three{\isaliteral{27}{\isacharprime}}%
  1701 \begin{isamarkuptext}%
  1702 This avoids re-doing basic definitions and proofs from the
  1703   primitive \hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}} above.%
  1704 \end{isamarkuptext}%
  1705 \isamarkuptrue%
  1706 %
  1707 \isamarkupsection{Functorial structure of types%
  1708 }
  1709 \isamarkuptrue%
  1710 %
  1711 \begin{isamarkuptext}%
  1712 \begin{matharray}{rcl}
  1713     \indexdef{HOL}{command}{enriched\_type}\hypertarget{command.HOL.enriched-type}{\hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}
  1714   \end{matharray}
  1715 
  1716   \begin{railoutput}
  1717 \rail@begin{2}{}
  1718 \rail@term{\hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}}[]
  1719 \rail@bar
  1720 \rail@nextbar{1}
  1721 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1722 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  1723 \rail@endbar
  1724 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1725 \rail@end
  1726 \end{railoutput}
  1727 
  1728 
  1729   \begin{description}
  1730 
  1731   \item \hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}prefix{\isaliteral{3A}{\isacharcolon}}\ m{\isaliteral{22}{\isachardoublequote}}} allows to
  1732   prove and register properties about the functorial structure of type
  1733   constructors.  These properties then can be used by other packages
  1734   to deal with those type constructors in certain type constructions.
  1735   Characteristic theorems are noted in the current local theory.  By
  1736   default, they are prefixed with the base name of the type
  1737   constructor, an explicit prefix can be given alternatively.
  1738 
  1739   The given term \isa{{\isaliteral{22}{\isachardoublequote}}m{\isaliteral{22}{\isachardoublequote}}} is considered as \emph{mapper} for the
  1740   corresponding type constructor and must conform to the following
  1741   type pattern:
  1742 
  1743   \begin{matharray}{lll}
  1744     \isa{{\isaliteral{22}{\isachardoublequote}}m{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} &
  1745       \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} \\
  1746   \end{matharray}
  1747 
  1748   \noindent where \isa{t} is the type constructor, \isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}} are distinct
  1749   type variables free in the local theory and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}},
  1750   \ldots, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub k{\isaliteral{22}{\isachardoublequote}}} is a subsequence of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}}, \ldots,
  1751   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}}.
  1752 
  1753   \end{description}%
  1754 \end{isamarkuptext}%
  1755 \isamarkuptrue%
  1756 %
  1757 \isamarkupsection{Arithmetic proof support%
  1758 }
  1759 \isamarkuptrue%
  1760 %
  1761 \begin{isamarkuptext}%
  1762 \begin{matharray}{rcl}
  1763     \indexdef{HOL}{method}{arith}\hypertarget{method.HOL.arith}{\hyperlink{method.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{method} \\
  1764     \indexdef{HOL}{attribute}{arith}\hypertarget{attribute.HOL.arith}{\hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{attribute} \\
  1765     \indexdef{HOL}{attribute}{arith\_split}\hypertarget{attribute.HOL.arith-split}{\hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isaliteral{5F}{\isacharunderscore}}split}}}} & : & \isa{attribute} \\
  1766   \end{matharray}
  1767 
  1768   The \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} method decides linear arithmetic problems
  1769   (on types \isa{nat}, \isa{int}, \isa{real}).  Any current
  1770   facts are inserted into the goal before running the procedure.
  1771 
  1772   The \hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}} attribute declares facts that are
  1773   always supplied to the arithmetic provers implicitly.
  1774 
  1775   The \hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isaliteral{5F}{\isacharunderscore}}split}}} attribute declares case split
  1776   rules to be expanded before \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} is invoked.
  1777 
  1778   Note that a simpler (but faster) arithmetic prover is
  1779   already invoked by the Simplifier.%
  1780 \end{isamarkuptext}%
  1781 \isamarkuptrue%
  1782 %
  1783 \isamarkupsection{Intuitionistic proof search%
  1784 }
  1785 \isamarkuptrue%
  1786 %
  1787 \begin{isamarkuptext}%
  1788 \begin{matharray}{rcl}
  1789     \indexdef{HOL}{method}{iprover}\hypertarget{method.HOL.iprover}{\hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}}} & : & \isa{method} \\
  1790   \end{matharray}
  1791 
  1792   \begin{railoutput}
  1793 \rail@begin{2}{}
  1794 \rail@term{\hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}}}[]
  1795 \rail@plus
  1796 \rail@nextplus{1}
  1797 \rail@cnont{\hyperlink{syntax.rulemod}{\mbox{\isa{rulemod}}}}[]
  1798 \rail@endplus
  1799 \rail@end
  1800 \end{railoutput}
  1801 
  1802 
  1803   The \hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}} method performs intuitionistic proof
  1804   search, depending on specifically declared rules from the context,
  1805   or given as explicit arguments.  Chained facts are inserted into the
  1806   goal before commencing proof search.
  1807 
  1808   Rules need to be classified as \hyperlink{attribute.Pure.intro}{\mbox{\isa{intro}}},
  1809   \hyperlink{attribute.Pure.elim}{\mbox{\isa{elim}}}, or \hyperlink{attribute.Pure.dest}{\mbox{\isa{dest}}}; here the
  1810   ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{21}{\isacharbang}}{\isaliteral{22}{\isachardoublequote}}}'' indicator refers to ``safe'' rules, which may be
  1811   applied aggressively (without considering back-tracking later).
  1812   Rules declared with ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}'' are ignored in proof search (the
  1813   single-step \hyperlink{method.Pure.rule}{\mbox{\isa{rule}}} method still observes these).  An
  1814   explicit weight annotation may be given as well; otherwise the
  1815   number of rule premises will be taken into account here.%
  1816 \end{isamarkuptext}%
  1817 \isamarkuptrue%
  1818 %
  1819 \isamarkupsection{Model Elimination and Resolution%
  1820 }
  1821 \isamarkuptrue%
  1822 %
  1823 \begin{isamarkuptext}%
  1824 \begin{matharray}{rcl}
  1825     \indexdef{HOL}{method}{meson}\hypertarget{method.HOL.meson}{\hyperlink{method.HOL.meson}{\mbox{\isa{meson}}}} & : & \isa{method} \\
  1826     \indexdef{HOL}{method}{metis}\hypertarget{method.HOL.metis}{\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}} & : & \isa{method} \\
  1827   \end{matharray}
  1828 
  1829   \begin{railoutput}
  1830 \rail@begin{2}{}
  1831 \rail@term{\hyperlink{method.HOL.meson}{\mbox{\isa{meson}}}}[]
  1832 \rail@bar
  1833 \rail@nextbar{1}
  1834 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1835 \rail@endbar
  1836 \rail@end
  1837 \rail@begin{5}{}
  1838 \rail@term{\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}}[]
  1839 \rail@bar
  1840 \rail@nextbar{1}
  1841 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1842 \rail@bar
  1843 \rail@term{\isa{partial{\isaliteral{5F}{\isacharunderscore}}types}}[]
  1844 \rail@nextbar{2}
  1845 \rail@term{\isa{full{\isaliteral{5F}{\isacharunderscore}}types}}[]
  1846 \rail@nextbar{3}
  1847 \rail@term{\isa{no{\isaliteral{5F}{\isacharunderscore}}types}}[]
  1848 \rail@nextbar{4}
  1849 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1850 \rail@endbar
  1851 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1852 \rail@endbar
  1853 \rail@bar
  1854 \rail@nextbar{1}
  1855 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1856 \rail@endbar
  1857 \rail@end
  1858 \end{railoutput}
  1859 
  1860 
  1861   The \hyperlink{method.HOL.meson}{\mbox{\isa{meson}}} method implements Loveland's model elimination
  1862   procedure \cite{loveland-78}. See \verb|~~/src/HOL/ex/Meson_Test.thy| for
  1863   examples.
  1864 
  1865   The \hyperlink{method.HOL.metis}{\mbox{\isa{metis}}} method combines ordered resolution and ordered
  1866   paramodulation to find first-order (or mildly higher-order) proofs. The first
  1867   optional argument specifies a type encoding; see the Sledgehammer manual
  1868   \cite{isabelle-sledgehammer} for details. The \verb|~~/src/HOL/Metis_Examples| directory contains several small theories
  1869   developed to a large extent using Metis.%
  1870 \end{isamarkuptext}%
  1871 \isamarkuptrue%
  1872 %
  1873 \isamarkupsection{Coherent Logic%
  1874 }
  1875 \isamarkuptrue%
  1876 %
  1877 \begin{isamarkuptext}%
  1878 \begin{matharray}{rcl}
  1879     \indexdef{HOL}{method}{coherent}\hypertarget{method.HOL.coherent}{\hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}}} & : & \isa{method} \\
  1880   \end{matharray}
  1881 
  1882   \begin{railoutput}
  1883 \rail@begin{2}{}
  1884 \rail@term{\hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}}}[]
  1885 \rail@bar
  1886 \rail@nextbar{1}
  1887 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1888 \rail@endbar
  1889 \rail@end
  1890 \end{railoutput}
  1891 
  1892 
  1893   The \hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}} method solves problems of
  1894   \emph{Coherent Logic} \cite{Bezem-Coquand:2005}, which covers
  1895   applications in confluence theory, lattice theory and projective
  1896   geometry.  See \verb|~~/src/HOL/ex/Coherent.thy| for some
  1897   examples.%
  1898 \end{isamarkuptext}%
  1899 \isamarkuptrue%
  1900 %
  1901 \isamarkupsection{Proving propositions%
  1902 }
  1903 \isamarkuptrue%
  1904 %
  1905 \begin{isamarkuptext}%
  1906 In addition to the standard proof methods, a number of diagnosis
  1907   tools search for proofs and provide an Isar proof snippet on success.
  1908   These tools are available via the following commands.
  1909 
  1910   \begin{matharray}{rcl}
  1911     \indexdef{HOL}{command}{solve\_direct}\hypertarget{command.HOL.solve-direct}{\hyperlink{command.HOL.solve-direct}{\mbox{\isa{\isacommand{solve{\isaliteral{5F}{\isacharunderscore}}direct}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  1912     \indexdef{HOL}{command}{try}\hypertarget{command.HOL.try}{\hyperlink{command.HOL.try}{\mbox{\isa{\isacommand{try}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  1913     \indexdef{HOL}{command}{try\_methods}\hypertarget{command.HOL.try-methods}{\hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  1914     \indexdef{HOL}{command}{sledgehammer}\hypertarget{command.HOL.sledgehammer}{\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  1915     \indexdef{HOL}{command}{sledgehammer\_params}\hypertarget{command.HOL.sledgehammer-params}{\hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}}
  1916   \end{matharray}
  1917 
  1918   \begin{railoutput}
  1919 \rail@begin{1}{}
  1920 \rail@term{\hyperlink{command.HOL.try}{\mbox{\isa{\isacommand{try}}}}}[]
  1921 \rail@end
  1922 \rail@begin{6}{}
  1923 \rail@term{\hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}}}[]
  1924 \rail@bar
  1925 \rail@nextbar{1}
  1926 \rail@plus
  1927 \rail@bar
  1928 \rail@term{\isa{simp}}[]
  1929 \rail@nextbar{2}
  1930 \rail@term{\isa{intro}}[]
  1931 \rail@nextbar{3}
  1932 \rail@term{\isa{elim}}[]
  1933 \rail@nextbar{4}
  1934 \rail@term{\isa{dest}}[]
  1935 \rail@endbar
  1936 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  1937 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1938 \rail@nextplus{5}
  1939 \rail@endplus
  1940 \rail@endbar
  1941 \rail@bar
  1942 \rail@nextbar{1}
  1943 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  1944 \rail@endbar
  1945 \rail@end
  1946 \rail@begin{2}{}
  1947 \rail@term{\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}}[]
  1948 \rail@bar
  1949 \rail@nextbar{1}
  1950 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  1951 \rail@nont{\isa{args}}[]
  1952 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  1953 \rail@endbar
  1954 \rail@bar
  1955 \rail@nextbar{1}
  1956 \rail@nont{\isa{facts}}[]
  1957 \rail@endbar
  1958 \rail@bar
  1959 \rail@nextbar{1}
  1960 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  1961 \rail@endbar
  1962 \rail@end
  1963 \rail@begin{2}{}
  1964 \rail@term{\hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  1965 \rail@bar
  1966 \rail@nextbar{1}
  1967 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  1968 \rail@nont{\isa{args}}[]
  1969 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  1970 \rail@endbar
  1971 \rail@end
  1972 \rail@begin{2}{\isa{args}}
  1973 \rail@plus
  1974 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1975 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1976 \rail@nont{\isa{value}}[]
  1977 \rail@nextplus{1}
  1978 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
  1979 \rail@endplus
  1980 \rail@end
  1981 \rail@begin{5}{\isa{facts}}
  1982 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1983 \rail@bar
  1984 \rail@nextbar{1}
  1985 \rail@plus
  1986 \rail@bar
  1987 \rail@nextbar{2}
  1988 \rail@bar
  1989 \rail@term{\isa{add}}[]
  1990 \rail@nextbar{3}
  1991 \rail@term{\isa{del}}[]
  1992 \rail@endbar
  1993 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  1994 \rail@endbar
  1995 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1996 \rail@nextplus{4}
  1997 \rail@endplus
  1998 \rail@endbar
  1999 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2000 \rail@end
  2001 \end{railoutput}
  2002  % FIXME check args "value"
  2003 
  2004   \begin{description}
  2005 
  2006   \item \hyperlink{command.HOL.solve-direct}{\mbox{\isa{\isacommand{solve{\isaliteral{5F}{\isacharunderscore}}direct}}}} checks whether the current subgoals can
  2007     be solved directly by an existing theorem. Duplicate lemmas can be detected
  2008     in this way.
  2009 
  2010   \item \hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}} attempts to prove a subgoal using a combination
  2011     of standard proof methods (\isa{auto}, \isa{simp}, \isa{blast}, etc.).
  2012     Additional facts supplied via \isa{{\isaliteral{22}{\isachardoublequote}}simp{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}intro{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}},
  2013     \isa{{\isaliteral{22}{\isachardoublequote}}elim{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}, and \isa{{\isaliteral{22}{\isachardoublequote}}dest{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} are passed to the appropriate proof
  2014     methods.
  2015 
  2016   \item \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}} attempts to prove a subgoal using external
  2017     automatic provers (resolution provers and SMT solvers). See the Sledgehammer
  2018     manual \cite{isabelle-sledgehammer} for details.
  2019 
  2020   \item \hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2021     \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}} configuration options persistently.
  2022 
  2023   \end{description}%
  2024 \end{isamarkuptext}%
  2025 \isamarkuptrue%
  2026 %
  2027 \isamarkupsection{Checking and refuting propositions%
  2028 }
  2029 \isamarkuptrue%
  2030 %
  2031 \begin{isamarkuptext}%
  2032 Identifying incorrect propositions usually involves evaluation of
  2033   particular assignments and systematic counterexample search.  This
  2034   is supported by the following commands.
  2035 
  2036   \begin{matharray}{rcl}
  2037     \indexdef{HOL}{command}{value}\hypertarget{command.HOL.value}{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2038     \indexdef{HOL}{command}{quickcheck}\hypertarget{command.HOL.quickcheck}{\hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2039     \indexdef{HOL}{command}{refute}\hypertarget{command.HOL.refute}{\hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2040     \indexdef{HOL}{command}{nitpick}\hypertarget{command.HOL.nitpick}{\hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2041     \indexdef{HOL}{command}{quickcheck\_params}\hypertarget{command.HOL.quickcheck-params}{\hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2042     \indexdef{HOL}{command}{refute\_params}\hypertarget{command.HOL.refute-params}{\hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2043     \indexdef{HOL}{command}{nitpick\_params}\hypertarget{command.HOL.nitpick-params}{\hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}}
  2044   \end{matharray}
  2045 
  2046   \begin{railoutput}
  2047 \rail@begin{2}{}
  2048 \rail@term{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}[]
  2049 \rail@bar
  2050 \rail@nextbar{1}
  2051 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2052 \rail@nont{\isa{name}}[]
  2053 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2054 \rail@endbar
  2055 \rail@bar
  2056 \rail@nextbar{1}
  2057 \rail@nont{\isa{modes}}[]
  2058 \rail@endbar
  2059 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2060 \rail@end
  2061 \rail@begin{3}{}
  2062 \rail@bar
  2063 \rail@term{\hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}}[]
  2064 \rail@nextbar{1}
  2065 \rail@term{\hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}}}[]
  2066 \rail@nextbar{2}
  2067 \rail@term{\hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}}}[]
  2068 \rail@endbar
  2069 \rail@bar
  2070 \rail@nextbar{1}
  2071 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2072 \rail@nont{\isa{args}}[]
  2073 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2074 \rail@endbar
  2075 \rail@bar
  2076 \rail@nextbar{1}
  2077 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2078 \rail@endbar
  2079 \rail@end
  2080 \rail@begin{3}{}
  2081 \rail@bar
  2082 \rail@term{\hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2083 \rail@nextbar{1}
  2084 \rail@term{\hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2085 \rail@nextbar{2}
  2086 \rail@term{\hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2087 \rail@endbar
  2088 \rail@bar
  2089 \rail@nextbar{1}
  2090 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2091 \rail@nont{\isa{args}}[]
  2092 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2093 \rail@endbar
  2094 \rail@end
  2095 \rail@begin{2}{\isa{modes}}
  2096 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2097 \rail@plus
  2098 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2099 \rail@nextplus{1}
  2100 \rail@endplus
  2101 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2102 \rail@end
  2103 \rail@begin{2}{\isa{args}}
  2104 \rail@plus
  2105 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2106 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2107 \rail@nont{\isa{value}}[]
  2108 \rail@nextplus{1}
  2109 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
  2110 \rail@endplus
  2111 \rail@end
  2112 \end{railoutput}
  2113  % FIXME check "value"
  2114 
  2115   \begin{description}
  2116 
  2117   \item \hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}~\isa{t} evaluates and prints a
  2118     term; optionally \isa{modes} can be specified, which are
  2119     appended to the current print mode; see \secref{sec:print-modes}.
  2120     Internally, the evaluation is performed by registered evaluators,
  2121     which are invoked sequentially until a result is returned.
  2122     Alternatively a specific evaluator can be selected using square
  2123     brackets; typical evaluators use the current set of code equations
  2124     to normalize and include \isa{simp} for fully symbolic
  2125     evaluation using the simplifier, \isa{nbe} for
  2126     \emph{normalization by evaluation} and \emph{code} for code
  2127     generation in SML.
  2128 
  2129   \item \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}} tests the current goal for
  2130     counterexamples using a series of assignments for its
  2131     free variables; by default the first subgoal is tested, an other
  2132     can be selected explicitly using an optional goal index.
  2133     Assignments can be chosen exhausting the search space upto a given
  2134     size or using a fixed number of random assignments in the search space.
  2135     By default, quickcheck uses exhaustive testing.
  2136     A number of configuration options are supported for
  2137     \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}, notably:
  2138 
  2139     \begin{description}
  2140 
  2141     \item[\isa{tester}] specifies how to explore the search space
  2142       (e.g. exhaustive or random).
  2143       An unknown configuration option is treated as an argument to tester,
  2144       making \isa{{\isaliteral{22}{\isachardoublequote}}tester\ {\isaliteral{3D}{\isacharequal}}{\isaliteral{22}{\isachardoublequote}}} optional.
  2145     \item[\isa{size}] specifies the maximum size of the search space
  2146     for assignment values.
  2147 
  2148     \item[\isa{eval}] takes a term or a list of terms and evaluates
  2149       these terms under the variable assignment found by quickcheck.
  2150 
  2151     \item[\isa{iterations}] sets how many sets of assignments are
  2152     generated for each particular size.
  2153 
  2154     \item[\isa{no{\isaliteral{5F}{\isacharunderscore}}assms}] specifies whether assumptions in
  2155     structured proofs should be ignored.
  2156 
  2157     \item[\isa{timeout}] sets the time limit in seconds.
  2158 
  2159     \item[\isa{default{\isaliteral{5F}{\isacharunderscore}}type}] sets the type(s) generally used to
  2160     instantiate type variables.
  2161 
  2162     \item[\isa{report}] if set quickcheck reports how many tests
  2163     fulfilled the preconditions.
  2164 
  2165     \item[\isa{quiet}] if not set quickcheck informs about the
  2166     current size for assignment values.
  2167 
  2168     \item[\isa{expect}] can be used to check if the user's
  2169     expectation was met (\isa{no{\isaliteral{5F}{\isacharunderscore}}expectation}, \isa{no{\isaliteral{5F}{\isacharunderscore}}counterexample}, or \isa{counterexample}).
  2170 
  2171     \end{description}
  2172 
  2173     These option can be given within square brackets.
  2174 
  2175   \item \hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2176     \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}} configuration options persistently.
  2177 
  2178   \item \hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}} tests the current goal for
  2179     counterexamples using a reduction to SAT. The following configuration
  2180     options are supported:
  2181 
  2182     \begin{description}
  2183 
  2184     \item[\isa{minsize}] specifies the minimum size (cardinality) of the
  2185       models to search for.
  2186 
  2187     \item[\isa{maxsize}] specifies the maximum size (cardinality) of the
  2188       models to search for. Nonpositive values mean $\infty$.
  2189 
  2190     \item[\isa{maxvars}] specifies the maximum number of Boolean variables
  2191     to use when transforming the term into a propositional formula.
  2192     Nonpositive values mean $\infty$.
  2193 
  2194     \item[\isa{satsolver}] specifies the SAT solver to use.
  2195 
  2196     \item[\isa{no{\isaliteral{5F}{\isacharunderscore}}assms}] specifies whether assumptions in
  2197     structured proofs should be ignored.
  2198 
  2199     \item[\isa{maxtime}] sets the time limit in seconds.
  2200 
  2201     \item[\isa{expect}] can be used to check if the user's
  2202     expectation was met (\isa{genuine}, \isa{potential},
  2203     \isa{none}, or \isa{unknown}).
  2204 
  2205     \end{description}
  2206 
  2207     These option can be given within square brackets.
  2208 
  2209   \item \hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2210     \hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}} configuration options persistently.
  2211 
  2212   \item \hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}} tests the current goal for counterexamples
  2213     using a reduction to first-order relational logic. See the Nitpick manual
  2214     \cite{isabelle-nitpick} for details.
  2215 
  2216   \item \hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2217     \hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}} configuration options persistently.
  2218 
  2219   \end{description}%
  2220 \end{isamarkuptext}%
  2221 \isamarkuptrue%
  2222 %
  2223 \isamarkupsection{Unstructured case analysis and induction \label{sec:hol-induct-tac}%
  2224 }
  2225 \isamarkuptrue%
  2226 %
  2227 \begin{isamarkuptext}%
  2228 The following tools of Isabelle/HOL support cases analysis and
  2229   induction in unstructured tactic scripts; see also
  2230   \secref{sec:cases-induct} for proper Isar versions of similar ideas.
  2231 
  2232   \begin{matharray}{rcl}
  2233     \indexdef{HOL}{method}{case\_tac}\hypertarget{method.HOL.case-tac}{\hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2234     \indexdef{HOL}{method}{induct\_tac}\hypertarget{method.HOL.induct-tac}{\hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2235     \indexdef{HOL}{method}{ind\_cases}\hypertarget{method.HOL.ind-cases}{\hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2236     \indexdef{HOL}{command}{inductive\_cases}\hypertarget{command.HOL.inductive-cases}{\hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
  2237   \end{matharray}
  2238 
  2239   \begin{railoutput}
  2240 \rail@begin{2}{}
  2241 \rail@term{\hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}}}[]
  2242 \rail@bar
  2243 \rail@nextbar{1}
  2244 \rail@nont{\hyperlink{syntax.goal-spec}{\mbox{\isa{goal{\isaliteral{5F}{\isacharunderscore}}spec}}}}[]
  2245 \rail@endbar
  2246 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2247 \rail@bar
  2248 \rail@nextbar{1}
  2249 \rail@nont{\isa{rule}}[]
  2250 \rail@endbar
  2251 \rail@end
  2252 \rail@begin{3}{}
  2253 \rail@term{\hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}}}[]
  2254 \rail@bar
  2255 \rail@nextbar{1}
  2256 \rail@nont{\hyperlink{syntax.goal-spec}{\mbox{\isa{goal{\isaliteral{5F}{\isacharunderscore}}spec}}}}[]
  2257 \rail@endbar
  2258 \rail@bar
  2259 \rail@nextbar{1}
  2260 \rail@plus
  2261 \rail@nont{\hyperlink{syntax.insts}{\mbox{\isa{insts}}}}[]
  2262 \rail@nextplus{2}
  2263 \rail@cterm{\isa{\isakeyword{and}}}[]
  2264 \rail@endplus
  2265 \rail@endbar
  2266 \rail@bar
  2267 \rail@nextbar{1}
  2268 \rail@nont{\isa{rule}}[]
  2269 \rail@endbar
  2270 \rail@end
  2271 \rail@begin{3}{}
  2272 \rail@term{\hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}}}[]
  2273 \rail@plus
  2274 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  2275 \rail@nextplus{1}
  2276 \rail@endplus
  2277 \rail@bar
  2278 \rail@nextbar{1}
  2279 \rail@term{\isa{\isakeyword{for}}}[]
  2280 \rail@plus
  2281 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2282 \rail@nextplus{2}
  2283 \rail@endplus
  2284 \rail@endbar
  2285 \rail@end
  2286 \rail@begin{3}{}
  2287 \rail@term{\hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}}}[]
  2288 \rail@plus
  2289 \rail@bar
  2290 \rail@nextbar{1}
  2291 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
  2292 \rail@endbar
  2293 \rail@plus
  2294 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  2295 \rail@nextplus{1}
  2296 \rail@endplus
  2297 \rail@nextplus{2}
  2298 \rail@cterm{\isa{\isakeyword{and}}}[]
  2299 \rail@endplus
  2300 \rail@end
  2301 \rail@begin{1}{\isa{rule}}
  2302 \rail@term{\isa{rule}}[]
  2303 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  2304 \rail@nont{\hyperlink{syntax.thmref}{\mbox{\isa{thmref}}}}[]
  2305 \rail@end
  2306 \end{railoutput}
  2307 
  2308 
  2309   \begin{description}
  2310 
  2311   \item \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} admit
  2312   to reason about inductive types.  Rules are selected according to
  2313   the declarations by the \hyperlink{attribute.cases}{\mbox{\isa{cases}}} and \hyperlink{attribute.induct}{\mbox{\isa{induct}}}
  2314   attributes, cf.\ \secref{sec:cases-induct}.  The \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} package already takes care of this.
  2315 
  2316   These unstructured tactics feature both goal addressing and dynamic
  2317   instantiation.  Note that named rule cases are \emph{not} provided
  2318   as would be by the proper \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} proof
  2319   methods (see \secref{sec:cases-induct}).  Unlike the \hyperlink{method.induct}{\mbox{\isa{induct}}} method, \hyperlink{method.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} does not handle structured rule
  2320   statements, only the compact object-logic conclusion of the subgoal
  2321   being addressed.
  2322 
  2323   \item \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} and \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}} provide an interface to the internal \verb|mk_cases| operation.  Rules are simplified in an unrestricted
  2324   forward manner.
  2325 
  2326   While \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} is a proof method to apply the
  2327   result immediately as elimination rules, \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}} provides case split theorems at the theory level
  2328   for later use.  The \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} argument of the \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} method allows to specify a list of variables that should
  2329   be generalized before applying the resulting rule.
  2330 
  2331   \end{description}%
  2332 \end{isamarkuptext}%
  2333 \isamarkuptrue%
  2334 %
  2335 \isamarkupsection{Executable code%
  2336 }
  2337 \isamarkuptrue%
  2338 %
  2339 \begin{isamarkuptext}%
  2340 For validation purposes, it is often useful to \emph{execute}
  2341   specifications.  In principle, execution could be simulated by
  2342   Isabelle's inference kernel, i.e. by a combination of resolution and
  2343   simplification.  Unfortunately, this approach is rather inefficient.
  2344   A more efficient way of executing specifications is to translate
  2345   them into a functional programming language such as ML.
  2346 
  2347   Isabelle provides two generic frameworks to support code generation
  2348   from executable specifications.  Isabelle/HOL instantiates these
  2349   mechanisms in a way that is amenable to end-user applications.%
  2350 \end{isamarkuptext}%
  2351 \isamarkuptrue%
  2352 %
  2353 \isamarkupsubsection{The new code generator (F. Haftmann)%
  2354 }
  2355 \isamarkuptrue%
  2356 %
  2357 \begin{isamarkuptext}%
  2358 This framework generates code from functional programs
  2359   (including overloading using type classes) to SML \cite{SML}, OCaml
  2360   \cite{OCaml}, Haskell \cite{haskell-revised-report} and Scala
  2361   \cite{scala-overview-tech-report}.  Conceptually, code generation is
  2362   split up in three steps: \emph{selection} of code theorems,
  2363   \emph{translation} into an abstract executable view and
  2364   \emph{serialization} to a specific \emph{target language}.
  2365   Inductive specifications can be executed using the predicate
  2366   compiler which operates within HOL.  See \cite{isabelle-codegen} for
  2367   an introduction.
  2368 
  2369   \begin{matharray}{rcl}
  2370     \indexdef{HOL}{command}{export\_code}\hypertarget{command.HOL.export-code}{\hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2371     \indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isa{attribute} \\
  2372     \indexdef{HOL}{command}{code\_abort}\hypertarget{command.HOL.code-abort}{\hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2373     \indexdef{HOL}{command}{code\_datatype}\hypertarget{command.HOL.code-datatype}{\hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2374     \indexdef{HOL}{command}{print\_codesetup}\hypertarget{command.HOL.print-codesetup}{\hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codesetup}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2375     \indexdef{HOL}{attribute}{code\_inline}\hypertarget{attribute.HOL.code-inline}{\hyperlink{attribute.HOL.code-inline}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}inline}}}} & : & \isa{attribute} \\
  2376     \indexdef{HOL}{attribute}{code\_post}\hypertarget{attribute.HOL.code-post}{\hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}}} & : & \isa{attribute} \\
  2377     \indexdef{HOL}{command}{print\_codeproc}\hypertarget{command.HOL.print-codeproc}{\hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codeproc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2378     \indexdef{HOL}{command}{code\_thms}\hypertarget{command.HOL.code-thms}{\hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2379     \indexdef{HOL}{command}{code\_deps}\hypertarget{command.HOL.code-deps}{\hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2380     \indexdef{HOL}{command}{code\_const}\hypertarget{command.HOL.code-const}{\hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2381     \indexdef{HOL}{command}{code\_type}\hypertarget{command.HOL.code-type}{\hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2382     \indexdef{HOL}{command}{code\_class}\hypertarget{command.HOL.code-class}{\hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2383     \indexdef{HOL}{command}{code\_instance}\hypertarget{command.HOL.code-instance}{\hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2384     \indexdef{HOL}{command}{code\_reserved}\hypertarget{command.HOL.code-reserved}{\hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2385     \indexdef{HOL}{command}{code\_monad}\hypertarget{command.HOL.code-monad}{\hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2386     \indexdef{HOL}{command}{code\_include}\hypertarget{command.HOL.code-include}{\hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2387     \indexdef{HOL}{command}{code\_modulename}\hypertarget{command.HOL.code-modulename}{\hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2388     \indexdef{HOL}{command}{code\_reflect}\hypertarget{command.HOL.code-reflect}{\hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}}
  2389   \end{matharray}
  2390 
  2391   \begin{railoutput}
  2392 \rail@begin{11}{}
  2393 \rail@term{\hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}}}[]
  2394 \rail@plus
  2395 \rail@nont{\isa{constexpr}}[]
  2396 \rail@nextplus{1}
  2397 \rail@endplus
  2398 \rail@cr{3}
  2399 \rail@bar
  2400 \rail@nextbar{4}
  2401 \rail@plus
  2402 \rail@term{\isa{\isakeyword{in}}}[]
  2403 \rail@nont{\isa{target}}[]
  2404 \rail@bar
  2405 \rail@nextbar{5}
  2406 \rail@term{\isa{\isakeyword{module{\isaliteral{5F}{\isacharunderscore}}name}}}[]
  2407 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2408 \rail@endbar
  2409 \rail@cr{7}
  2410 \rail@bar
  2411 \rail@nextbar{8}
  2412 \rail@term{\isa{\isakeyword{file}}}[]
  2413 \rail@bar
  2414 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2415 \rail@nextbar{9}
  2416 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2417 \rail@endbar
  2418 \rail@endbar
  2419 \rail@bar
  2420 \rail@nextbar{8}
  2421 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2422 \rail@nont{\isa{args}}[]
  2423 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2424 \rail@endbar
  2425 \rail@nextplus{10}
  2426 \rail@endplus
  2427 \rail@endbar
  2428 \rail@end
  2429 \rail@begin{1}{\isa{const}}
  2430 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2431 \rail@end
  2432 \rail@begin{3}{\isa{constexpr}}
  2433 \rail@bar
  2434 \rail@nont{\isa{const}}[]
  2435 \rail@nextbar{1}
  2436 \rail@term{\isa{name{\isaliteral{2E}{\isachardot}}{\isaliteral{5F}{\isacharunderscore}}}}[]
  2437 \rail@nextbar{2}
  2438 \rail@term{\isa{{\isaliteral{5F}{\isacharunderscore}}}}[]
  2439 \rail@endbar
  2440 \rail@end
  2441 \rail@begin{1}{\isa{typeconstructor}}
  2442 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
  2443 \rail@end
  2444 \rail@begin{1}{\isa{class}}
  2445 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
  2446 \rail@end
  2447 \rail@begin{4}{\isa{target}}
  2448 \rail@bar
  2449 \rail@term{\isa{SML}}[]
  2450 \rail@nextbar{1}
  2451 \rail@term{\isa{OCaml}}[]
  2452 \rail@nextbar{2}
  2453 \rail@term{\isa{Haskell}}[]
  2454 \rail@nextbar{3}
  2455 \rail@term{\isa{Scala}}[]
  2456 \rail@endbar
  2457 \rail@end
  2458 \rail@begin{4}{}
  2459 \rail@term{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}}[]
  2460 \rail@bar
  2461 \rail@nextbar{1}
  2462 \rail@bar
  2463 \rail@term{\isa{del}}[]
  2464 \rail@nextbar{2}
  2465 \rail@term{\isa{abstype}}[]
  2466 \rail@nextbar{3}
  2467 \rail@term{\isa{abstract}}[]
  2468 \rail@endbar
  2469 \rail@endbar
  2470 \rail@end
  2471 \rail@begin{2}{}
  2472 \rail@term{\hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}}}[]
  2473 \rail@plus
  2474 \rail@nont{\isa{const}}[]
  2475 \rail@nextplus{1}
  2476 \rail@endplus
  2477 \rail@end
  2478 \rail@begin{2}{}
  2479 \rail@term{\hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
  2480 \rail@plus
  2481 \rail@nont{\isa{const}}[]
  2482 \rail@nextplus{1}
  2483 \rail@endplus
  2484 \rail@end
  2485 \rail@begin{2}{}
  2486 \rail@term{\hyperlink{attribute.HOL.code-inline}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}inline}}}}[]
  2487 \rail@bar
  2488 \rail@nextbar{1}
  2489 \rail@term{\isa{del}}[]
  2490 \rail@endbar
  2491 \rail@end
  2492 \rail@begin{2}{}
  2493 \rail@term{\hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}}}[]
  2494 \rail@bar
  2495 \rail@nextbar{1}
  2496 \rail@term{\isa{del}}[]
  2497 \rail@endbar
  2498 \rail@end
  2499 \rail@begin{3}{}
  2500 \rail@term{\hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}}}[]
  2501 \rail@bar
  2502 \rail@nextbar{1}
  2503 \rail@plus
  2504 \rail@nont{\isa{constexpr}}[]
  2505 \rail@nextplus{2}
  2506 \rail@endplus
  2507 \rail@endbar
  2508 \rail@end
  2509 \rail@begin{3}{}
  2510 \rail@term{\hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}}}[]
  2511 \rail@bar
  2512 \rail@nextbar{1}
  2513 \rail@plus
  2514 \rail@nont{\isa{constexpr}}[]
  2515 \rail@nextplus{2}
  2516 \rail@endplus
  2517 \rail@endbar
  2518 \rail@end
  2519 \rail@begin{7}{}
  2520 \rail@term{\hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}}}[]
  2521 \rail@plus
  2522 \rail@nont{\isa{const}}[]
  2523 \rail@nextplus{1}
  2524 \rail@cterm{\isa{\isakeyword{and}}}[]
  2525 \rail@endplus
  2526 \rail@cr{3}
  2527 \rail@plus
  2528 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2529 \rail@nont{\isa{target}}[]
  2530 \rail@plus
  2531 \rail@bar
  2532 \rail@nextbar{4}
  2533 \rail@nont{\isa{syntax}}[]
  2534 \rail@endbar
  2535 \rail@nextplus{5}
  2536 \rail@cterm{\isa{\isakeyword{and}}}[]
  2537 \rail@endplus
  2538 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2539 \rail@nextplus{6}
  2540 \rail@endplus
  2541 \rail@end
  2542 \rail@begin{7}{}
  2543 \rail@term{\hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}}}[]
  2544 \rail@plus
  2545 \rail@nont{\isa{typeconstructor}}[]
  2546 \rail@nextplus{1}
  2547 \rail@cterm{\isa{\isakeyword{and}}}[]
  2548 \rail@endplus
  2549 \rail@cr{3}
  2550 \rail@plus
  2551 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2552 \rail@nont{\isa{target}}[]
  2553 \rail@plus
  2554 \rail@bar
  2555 \rail@nextbar{4}
  2556 \rail@nont{\isa{syntax}}[]
  2557 \rail@endbar
  2558 \rail@nextplus{5}
  2559 \rail@cterm{\isa{\isakeyword{and}}}[]
  2560 \rail@endplus
  2561 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2562 \rail@nextplus{6}
  2563 \rail@endplus
  2564 \rail@end
  2565 \rail@begin{9}{}
  2566 \rail@term{\hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}}}[]
  2567 \rail@plus
  2568 \rail@nont{\isa{class}}[]
  2569 \rail@nextplus{1}
  2570 \rail@cterm{\isa{\isakeyword{and}}}[]
  2571 \rail@endplus
  2572 \rail@cr{3}
  2573 \rail@plus
  2574 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2575 \rail@nont{\isa{target}}[]
  2576 \rail@cr{5}
  2577 \rail@plus
  2578 \rail@bar
  2579 \rail@nextbar{6}
  2580 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2581 \rail@endbar
  2582 \rail@nextplus{7}
  2583 \rail@cterm{\isa{\isakeyword{and}}}[]
  2584 \rail@endplus
  2585 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2586 \rail@nextplus{8}
  2587 \rail@endplus
  2588 \rail@end
  2589 \rail@begin{7}{}
  2590 \rail@term{\hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}}}[]
  2591 \rail@plus
  2592 \rail@nont{\isa{typeconstructor}}[]
  2593 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}}}[]
  2594 \rail@nont{\isa{class}}[]
  2595 \rail@nextplus{1}
  2596 \rail@cterm{\isa{\isakeyword{and}}}[]
  2597 \rail@endplus
  2598 \rail@cr{3}
  2599 \rail@plus
  2600 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2601 \rail@nont{\isa{target}}[]
  2602 \rail@plus
  2603 \rail@bar
  2604 \rail@nextbar{4}
  2605 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2606 \rail@endbar
  2607 \rail@nextplus{5}
  2608 \rail@cterm{\isa{\isakeyword{and}}}[]
  2609 \rail@endplus
  2610 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2611 \rail@nextplus{6}
  2612 \rail@endplus
  2613 \rail@end
  2614 \rail@begin{2}{}
  2615 \rail@term{\hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}}}[]
  2616 \rail@nont{\isa{target}}[]
  2617 \rail@plus
  2618 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2619 \rail@nextplus{1}
  2620 \rail@endplus
  2621 \rail@end
  2622 \rail@begin{1}{}
  2623 \rail@term{\hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}}}[]
  2624 \rail@nont{\isa{const}}[]
  2625 \rail@nont{\isa{const}}[]
  2626 \rail@nont{\isa{target}}[]
  2627 \rail@end
  2628 \rail@begin{2}{}
  2629 \rail@term{\hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}}}[]
  2630 \rail@nont{\isa{target}}[]
  2631 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2632 \rail@bar
  2633 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2634 \rail@nextbar{1}
  2635 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2636 \rail@endbar
  2637 \rail@end
  2638 \rail@begin{2}{}
  2639 \rail@term{\hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}}}[]
  2640 \rail@nont{\isa{target}}[]
  2641 \rail@plus
  2642 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2643 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2644 \rail@nextplus{1}
  2645 \rail@endplus
  2646 \rail@end
  2647 \rail@begin{11}{}
  2648 \rail@term{\hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}}}[]
  2649 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2650 \rail@cr{2}
  2651 \rail@bar
  2652 \rail@nextbar{3}
  2653 \rail@term{\isa{\isakeyword{datatypes}}}[]
  2654 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2655 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2656 \rail@bar
  2657 \rail@term{\isa{{\isaliteral{5F}{\isacharunderscore}}}}[]
  2658 \rail@nextbar{4}
  2659 \rail@plus
  2660 \rail@plus
  2661 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2662 \rail@nextplus{5}
  2663 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
  2664 \rail@endplus
  2665 \rail@nextplus{6}
  2666 \rail@cterm{\isa{\isakeyword{and}}}[]
  2667 \rail@endplus
  2668 \rail@endbar
  2669 \rail@endbar
  2670 \rail@cr{8}
  2671 \rail@bar
  2672 \rail@nextbar{9}
  2673 \rail@term{\isa{\isakeyword{functions}}}[]
  2674 \rail@plus
  2675 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2676 \rail@nextplus{10}
  2677 \rail@endplus
  2678 \rail@endbar
  2679 \rail@bar
  2680 \rail@nextbar{9}
  2681 \rail@term{\isa{\isakeyword{file}}}[]
  2682 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2683 \rail@endbar
  2684 \rail@end
  2685 \rail@begin{4}{\isa{syntax}}
  2686 \rail@bar
  2687 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2688 \rail@nextbar{1}
  2689 \rail@bar
  2690 \rail@term{\isa{\isakeyword{infix}}}[]
  2691 \rail@nextbar{2}
  2692 \rail@term{\isa{\isakeyword{infixl}}}[]
  2693 \rail@nextbar{3}
  2694 \rail@term{\isa{\isakeyword{infixr}}}[]
  2695 \rail@endbar
  2696 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2697 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2698 \rail@endbar
  2699 \rail@end
  2700 \end{railoutput}
  2701 
  2702 
  2703   \begin{description}
  2704 
  2705   \item \hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}} generates code for a given list
  2706   of constants in the specified target language(s).  If no
  2707   serialization instruction is given, only abstract code is generated
  2708   internally.
  2709 
  2710   Constants may be specified by giving them literally, referring to
  2711   all executable contants within a certain theory by giving \isa{{\isaliteral{22}{\isachardoublequote}}name{\isaliteral{2E}{\isachardot}}{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}}, or referring to \emph{all} executable constants currently
  2712   available by giving \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}}.
  2713 
  2714   By default, for each involved theory one corresponding name space
  2715   module is generated.  Alternativly, a module name may be specified
  2716   after the \hyperlink{keyword.module-name}{\mbox{\isa{\isakeyword{module{\isaliteral{5F}{\isacharunderscore}}name}}}} keyword; then \emph{all} code is
  2717   placed in this module.
  2718 
  2719   For \emph{SML}, \emph{OCaml} and \emph{Scala} the file specification
  2720   refers to a single file; for \emph{Haskell}, it refers to a whole
  2721   directory, where code is generated in multiple files reflecting the
  2722   module hierarchy.  Omitting the file specification denotes standard
  2723   output.
  2724 
  2725   Serializers take an optional list of arguments in parentheses.  For
  2726   \emph{SML} and \emph{OCaml}, ``\isa{no{\isaliteral{5F}{\isacharunderscore}}signatures}`` omits
  2727   explicit module signatures.
  2728 
  2729   For \emph{Haskell} a module name prefix may be given using the
  2730   ``\isa{{\isaliteral{22}{\isachardoublequote}}root{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}'' argument; ``\isa{string{\isaliteral{5F}{\isacharunderscore}}classes}'' adds a
  2731   ``\verb|deriving (Read, Show)|'' clause to each appropriate
  2732   datatype declaration.
  2733 
  2734   \item \hyperlink{attribute.HOL.code}{\mbox{\isa{code}}} explicitly selects (or with option
  2735   ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' deselects) a code equation for code generation.
  2736   Usually packages introducing code equations provide a reasonable
  2737   default setup for selection.  Variants \isa{{\isaliteral{22}{\isachardoublequote}}code\ abstype{\isaliteral{22}{\isachardoublequote}}} and
  2738   \isa{{\isaliteral{22}{\isachardoublequote}}code\ abstract{\isaliteral{22}{\isachardoublequote}}} declare abstract datatype certificates or
  2739   code equations on abstract datatype representations respectively.
  2740 
  2741   \item \hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}} declares constants which are not
  2742   required to have a definition by means of code equations; if needed
  2743   these are implemented by program abort instead.
  2744 
  2745   \item \hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}} specifies a constructor set
  2746   for a logical type.
  2747 
  2748   \item \hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codesetup}}}} gives an overview on
  2749   selected code equations and code generator datatypes.
  2750 
  2751   \item \hyperlink{attribute.HOL.code-inline}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}inline}}} declares (or with option
  2752   ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' removes) inlining theorems which are applied as
  2753   rewrite rules to any code equation during preprocessing.
  2754 
  2755   \item \hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}} declares (or with option ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' removes) theorems which are applied as rewrite rules to any
  2756   result of an evaluation.
  2757 
  2758   \item \hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codeproc}}}} prints the setup of the code
  2759   generator preprocessor.
  2760 
  2761   \item \hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}} prints a list of theorems
  2762   representing the corresponding program containing all given
  2763   constants after preprocessing.
  2764 
  2765   \item \hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}} visualizes dependencies of
  2766   theorems representing the corresponding program containing all given
  2767   constants after preprocessing.
  2768 
  2769   \item \hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}} associates a list of constants
  2770   with target-specific serializations; omitting a serialization
  2771   deletes an existing serialization.
  2772 
  2773   \item \hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}} associates a list of type
  2774   constructors with target-specific serializations; omitting a
  2775   serialization deletes an existing serialization.
  2776 
  2777   \item \hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}} associates a list of classes
  2778   with target-specific class names; omitting a serialization deletes
  2779   an existing serialization.  This applies only to \emph{Haskell}.
  2780 
  2781   \item \hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}} declares a list of type
  2782   constructor / class instance relations as ``already present'' for a
  2783   given target.  Omitting a ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2D}{\isacharminus}}{\isaliteral{22}{\isachardoublequote}}}'' deletes an existing
  2784   ``already present'' declaration.  This applies only to
  2785   \emph{Haskell}.
  2786 
  2787   \item \hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}} declares a list of names as
  2788   reserved for a given target, preventing it to be shadowed by any
  2789   generated code.
  2790 
  2791   \item \hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}} provides an auxiliary mechanism
  2792   to generate monadic code for Haskell.
  2793 
  2794   \item \hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}} adds arbitrary named content
  2795   (``include'') to generated code.  A ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2D}{\isacharminus}}{\isaliteral{22}{\isachardoublequote}}}'' as last argument
  2796   will remove an already added ``include''.
  2797 
  2798   \item \hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}} declares aliasings from one
  2799   module name onto another.
  2800 
  2801   \item \hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}} without a ``\isa{{\isaliteral{22}{\isachardoublequote}}file{\isaliteral{22}{\isachardoublequote}}}''
  2802   argument compiles code into the system runtime environment and
  2803   modifies the code generator setup that future invocations of system
  2804   runtime code generation referring to one of the ``\isa{{\isaliteral{22}{\isachardoublequote}}datatypes{\isaliteral{22}{\isachardoublequote}}}'' or ``\isa{{\isaliteral{22}{\isachardoublequote}}functions{\isaliteral{22}{\isachardoublequote}}}'' entities use these precompiled
  2805   entities.  With a ``\isa{{\isaliteral{22}{\isachardoublequote}}file{\isaliteral{22}{\isachardoublequote}}}'' argument, the corresponding code
  2806   is generated into that specified file without modifying the code
  2807   generator setup.
  2808 
  2809   \end{description}%
  2810 \end{isamarkuptext}%
  2811 \isamarkuptrue%
  2812 %
  2813 \isamarkupsubsection{The old code generator (S. Berghofer)%
  2814 }
  2815 \isamarkuptrue%
  2816 %
  2817 \begin{isamarkuptext}%
  2818 This framework generates code from both functional and
  2819   relational programs to SML, as explained below.
  2820 
  2821   \begin{matharray}{rcl}
  2822     \indexdef{}{command}{code\_module}\hypertarget{command.code-module}{\hyperlink{command.code-module}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2823     \indexdef{}{command}{code\_library}\hypertarget{command.code-library}{\hyperlink{command.code-library}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}library}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2824     \indexdef{}{command}{consts\_code}\hypertarget{command.consts-code}{\hyperlink{command.consts-code}{\mbox{\isa{\isacommand{consts{\isaliteral{5F}{\isacharunderscore}}code}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2825     \indexdef{}{command}{types\_code}\hypertarget{command.types-code}{\hyperlink{command.types-code}{\mbox{\isa{\isacommand{types{\isaliteral{5F}{\isacharunderscore}}code}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2826     \indexdef{}{attribute}{code}\hypertarget{attribute.code}{\hyperlink{attribute.code}{\mbox{\isa{code}}}} & : & \isa{attribute} \\
  2827   \end{matharray}
  2828 
  2829   \begin{railoutput}
  2830 \rail@begin{11}{}
  2831 \rail@bar
  2832 \rail@term{\hyperlink{command.code-module}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}}}}}[]
  2833 \rail@nextbar{1}
  2834 \rail@term{\hyperlink{command.code-library}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}library}}}}}[]
  2835 \rail@endbar
  2836 \rail@bar
  2837 \rail@nextbar{1}
  2838 \rail@nont{\isa{modespec}}[]
  2839 \rail@endbar
  2840 \rail@bar
  2841 \rail@nextbar{1}
  2842 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2843 \rail@endbar
  2844 \rail@cr{3}
  2845 \rail@bar
  2846 \rail@nextbar{4}
  2847 \rail@term{\isa{\isakeyword{file}}}[]
  2848 \rail@nont{\isa{name}}[]
  2849 \rail@endbar
  2850 \rail@bar
  2851 \rail@nextbar{4}
  2852 \rail@term{\isa{\isakeyword{imports}}}[]
  2853 \rail@plus
  2854 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2855 \rail@nextplus{5}
  2856 \rail@endplus
  2857 \rail@endbar
  2858 \rail@cr{7}
  2859 \rail@term{\isa{\isakeyword{contains}}}[]
  2860 \rail@bar
  2861 \rail@plus
  2862 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2863 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2864 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2865 \rail@nextplus{8}
  2866 \rail@endplus
  2867 \rail@nextbar{9}
  2868 \rail@plus
  2869 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2870 \rail@nextplus{10}
  2871 \rail@endplus
  2872 \rail@endbar
  2873 \rail@end
  2874 \rail@begin{2}{\isa{modespec}}
  2875 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2876 \rail@plus
  2877 \rail@nextplus{1}
  2878 \rail@cnont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2879 \rail@endplus
  2880 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2881 \rail@end
  2882 \rail@begin{2}{}
  2883 \rail@term{\hyperlink{command.HOL.consts-code}{\mbox{\isa{\isacommand{consts{\isaliteral{5F}{\isacharunderscore}}code}}}}}[]
  2884 \rail@plus
  2885 \rail@nont{\isa{codespec}}[]
  2886 \rail@nextplus{1}
  2887 \rail@endplus
  2888 \rail@end
  2889 \rail@begin{2}{\isa{codespec}}
  2890 \rail@nont{\isa{const}}[]
  2891 \rail@nont{\isa{template}}[]
  2892 \rail@bar
  2893 \rail@nextbar{1}
  2894 \rail@nont{\isa{attachment}}[]
  2895 \rail@endbar
  2896 \rail@end
  2897 \rail@begin{2}{}
  2898 \rail@term{\hyperlink{command.HOL.types-code}{\mbox{\isa{\isacommand{types{\isaliteral{5F}{\isacharunderscore}}code}}}}}[]
  2899 \rail@plus
  2900 \rail@nont{\isa{tycodespec}}[]
  2901 \rail@nextplus{1}
  2902 \rail@endplus
  2903 \rail@end
  2904 \rail@begin{2}{\isa{tycodespec}}
  2905 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2906 \rail@nont{\isa{template}}[]
  2907 \rail@bar
  2908 \rail@nextbar{1}
  2909 \rail@nont{\isa{attachment}}[]
  2910 \rail@endbar
  2911 \rail@end
  2912 \rail@begin{1}{\isa{const}}
  2913 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2914 \rail@end
  2915 \rail@begin{1}{\isa{template}}
  2916 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2917 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2918 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2919 \rail@end
  2920 \rail@begin{2}{\isa{attachment}}
  2921 \rail@term{\isa{attach}}[]
  2922 \rail@bar
  2923 \rail@nextbar{1}
  2924 \rail@nont{\isa{modespec}}[]
  2925 \rail@endbar
  2926 \rail@term{\isa{{\isaliteral{7B}{\isacharbraceleft}}}}[]
  2927 \rail@nont{\hyperlink{syntax.text}{\mbox{\isa{text}}}}[]
  2928 \rail@term{\isa{{\isaliteral{7D}{\isacharbraceright}}}}[]
  2929 \rail@end
  2930 \rail@begin{2}{}
  2931 \rail@term{\hyperlink{attribute.code}{\mbox{\isa{code}}}}[]
  2932 \rail@bar
  2933 \rail@nextbar{1}
  2934 \rail@nont{\isa{name}}[]
  2935 \rail@endbar
  2936 \rail@end
  2937 \end{railoutput}%
  2938 \end{isamarkuptext}%
  2939 \isamarkuptrue%
  2940 %
  2941 \isamarkupsubsubsection{Invoking the code generator%
  2942 }
  2943 \isamarkuptrue%
  2944 %
  2945 \begin{isamarkuptext}%
  2946 The code generator is invoked via the \hyperlink{command.code-module}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}}}}
  2947   and \hyperlink{command.code-library}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}library}}}} commands, which correspond to
  2948   \emph{incremental} and \emph{modular} code generation, respectively.
  2949 
  2950   \begin{description}
  2951 
  2952   \item [Modular] For each theory, an ML structure is generated,
  2953   containing the code generated from the constants defined in this
  2954   theory.
  2955 
  2956   \item [Incremental] All the generated code is emitted into the same
  2957   structure.  This structure may import code from previously generated
  2958   structures, which can be specified via \hyperlink{keyword.imports}{\mbox{\isa{\isakeyword{imports}}}}.
  2959   Moreover, the generated structure may also be referred to in later
  2960   invocations of the code generator.
  2961 
  2962   \end{description}
  2963 
  2964   After the \hyperlink{command.code-module}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}}}} and \hyperlink{command.code-library}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}library}}}}
  2965   keywords, the user may specify an optional list of ``modes'' in
  2966   parentheses. These can be used to instruct the code generator to
  2967   emit additional code for special purposes, e.g.\ functions for
  2968   converting elements of generated datatypes to Isabelle terms, or
  2969   test data generators. The list of modes is followed by a module
  2970   name.  The module name is optional for modular code generation, but
  2971   must be specified for incremental code generation.
  2972 
  2973   The code can either be written to a file, in which case a file name
  2974   has to be specified after the \hyperlink{keyword.file}{\mbox{\isa{\isakeyword{file}}}} keyword, or be loaded
  2975   directly into Isabelle's ML environment. In the latter case, the
  2976   \hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}} theory command can be used to inspect the results
  2977   interactively, for example.
  2978 
  2979   The terms from which to generate code can be specified after the
  2980   \hyperlink{keyword.contains}{\mbox{\isa{\isakeyword{contains}}}} keyword, either as a list of bindings, or just
  2981   as a list of terms. In the latter case, the code generator just
  2982   produces code for all constants and types occuring in the term, but
  2983   does not bind the compiled terms to ML identifiers.
  2984 
  2985   Here is an example:%
  2986 \end{isamarkuptext}%
  2987 \isamarkuptrue%
  2988 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}\isamarkupfalse%
  2989 \ Test\isanewline
  2990 \isakeyword{contains}\ test\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}foldl\ op\ {\isaliteral{2B}{\isacharplus}}\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ int{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{2}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{3}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{4}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{5}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}%
  2991 \begin{isamarkuptext}%
  2992 \noindent This binds the result of compiling the given term to
  2993   the ML identifier \verb|Test.test|.%
  2994 \end{isamarkuptext}%
  2995 \isamarkuptrue%
  2996 %
  2997 \isadelimML
  2998 %
  2999 \endisadelimML
  3000 %
  3001 \isatagML
  3002 \isacommand{ML}\isamarkupfalse%
  3003 \ {\isaliteral{7B2A}{\isacharverbatimopen}}\ %
  3004 \isaantiq
  3005 assert{}%
  3006 \endisaantiq
  3007 \ {\isaliteral{28}{\isacharparenleft}}Test{\isaliteral{2E}{\isachardot}}test\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{1}}{\isadigit{5}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2A7D}{\isacharverbatimclose}}%
  3008 \endisatagML
  3009 {\isafoldML}%
  3010 %
  3011 \isadelimML
  3012 %
  3013 \endisadelimML
  3014 %
  3015 \isamarkupsubsubsection{Configuring the code generator%
  3016 }
  3017 \isamarkuptrue%
  3018 %
  3019 \begin{isamarkuptext}%
  3020 When generating code for a complex term, the code generator
  3021   recursively calls itself for all subterms.  When it arrives at a
  3022   constant, the default strategy of the code generator is to look up
  3023   its definition and try to generate code for it.  Constants which
  3024   have no definitions that are immediately executable, may be
  3025   associated with a piece of ML code manually using the \indexref{}{command}{consts\_code}\hyperlink{command.consts-code}{\mbox{\isa{\isacommand{consts{\isaliteral{5F}{\isacharunderscore}}code}}}} command.  It takes a list whose elements consist of a
  3026   constant (given in usual term syntax -- an explicit type constraint
  3027   accounts for overloading), and a mixfix template describing the ML
  3028   code. The latter is very much the same as the mixfix templates used
  3029   when declaring new constants.  The most notable difference is that
  3030   terms may be included in the ML template using antiquotation
  3031   brackets \verb|{|\verb|*|~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2E}{\isachardot}}{\isaliteral{2E}{\isachardot}}{\isaliteral{2E}{\isachardot}}{\isaliteral{22}{\isachardoublequote}}}~\verb|*|\verb|}|.
  3032 
  3033   A similar mechanism is available for types: \indexref{}{command}{types\_code}\hyperlink{command.types-code}{\mbox{\isa{\isacommand{types{\isaliteral{5F}{\isacharunderscore}}code}}}} associates type constructors with specific ML code.
  3034 
  3035   For example, the following declarations copied from \verb|~~/src/HOL/Product_Type.thy| describe how the product type of
  3036   Isabelle/HOL should be compiled to ML.%
  3037 \end{isamarkuptext}%
  3038 \isamarkuptrue%
  3039 \isacommand{typedecl}\isamarkupfalse%
  3040 \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ prod\isanewline
  3041 \isacommand{consts}\isamarkupfalse%
  3042 \ Pair\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ prod{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3043 \isanewline
  3044 \isacommand{types{\isaliteral{5F}{\isacharunderscore}}code}\isamarkupfalse%
  3045 \ prod\ \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5F}{\isacharunderscore}}\ {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{2F}{\isacharslash}}\ {\isaliteral{5F}{\isacharunderscore}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{29}{\isacharparenright}}\isanewline
  3046 \isacommand{consts{\isaliteral{5F}{\isacharunderscore}}code}\isamarkupfalse%
  3047 \ Pair\ \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{2F}{\isacharslash}}\ {\isaliteral{5F}{\isacharunderscore}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{29}{\isacharparenright}}%
  3048 \begin{isamarkuptext}%
  3049 Sometimes, the code associated with a constant or type may
  3050   need to refer to auxiliary functions, which have to be emitted when
  3051   the constant is used. Code for such auxiliary functions can be
  3052   declared using \hyperlink{keyword.attach}{\mbox{\isa{\isakeyword{attach}}}}. For example, the \isa{wfrec}
  3053   function can be implemented as follows:%
  3054 \end{isamarkuptext}%
  3055 \isamarkuptrue%
  3056 \isacommand{consts{\isaliteral{5F}{\isacharunderscore}}code}\isamarkupfalse%
  3057 \ wfrec\ \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6D6F64756C653E}{\isasymmodule}}wfrec{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{29}{\isacharparenright}}\ \ \isanewline
  3058 \isakeyword{attach}\ {\isaliteral{7B2A}{\isacharverbatimopen}}\ fun\ wfrec\ f\ x\ {\isaliteral{3D}{\isacharequal}}\ f\ {\isaliteral{28}{\isacharparenleft}}wfrec\ f{\isaliteral{29}{\isacharparenright}}\ x\ {\isaliteral{2A7D}{\isacharverbatimclose}}%
  3059 \begin{isamarkuptext}%
  3060 If the code containing a call to \isa{wfrec} resides in an
  3061   ML structure different from the one containing the function
  3062   definition attached to \isa{wfrec}, the name of the ML structure
  3063   (followed by a ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2E}{\isachardot}}{\isaliteral{22}{\isachardoublequote}}}'')  is inserted in place of ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6D6F64756C653E}{\isasymmodule}}{\isaliteral{22}{\isachardoublequote}}}'' in the above template.  The ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}''  means that
  3064   the code generator should ignore the first argument of \isa{wfrec}, i.e.\ the termination relation, which is usually not
  3065   executable.
  3066 
  3067   \medskip Another possibility of configuring the code generator is to
  3068   register theorems to be used for code generation. Theorems can be
  3069   registered via the \hyperlink{attribute.code}{\mbox{\isa{code}}} attribute. It takes an optional
  3070   name as an argument, which indicates the format of the
  3071   theorem. Currently supported formats are equations (this is the
  3072   default when no name is specified) and horn clauses (this is
  3073   indicated by the name \texttt{ind}). The left-hand sides of
  3074   equations may only contain constructors and distinct variables,
  3075   whereas horn clauses must have the same format as introduction rules
  3076   of inductive definitions.
  3077 
  3078   The following example specifies three equations from which to
  3079   generate code for \isa{{\isaliteral{22}{\isachardoublequote}}op\ {\isaliteral{3C}{\isacharless}}{\isaliteral{22}{\isachardoublequote}}} on natural numbers (see also
  3080   \verb|~~/src/HOL/Nat.thy|).%
  3081 \end{isamarkuptext}%
  3082 \isamarkuptrue%
  3083 \isacommand{lemma}\isamarkupfalse%
  3084 \ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}Suc\ m\ {\isaliteral{3C}{\isacharless}}\ Suc\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{3C}{\isacharless}}\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3085 \ \ \isakeyword{and}\ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}n{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3C}{\isacharless}}\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ False{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3086 \ \ \isakeyword{and}\ {\isaliteral{5B}{\isacharbrackleft}}code{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{3C}{\isacharless}}\ Suc\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ True{\isaliteral{22}{\isachardoublequoteclose}}%
  3087 \isadelimproof
  3088 \ %
  3089 \endisadelimproof
  3090 %
  3091 \isatagproof
  3092 \isacommand{by}\isamarkupfalse%
  3093 \ simp{\isaliteral{5F}{\isacharunderscore}}all%
  3094 \endisatagproof
  3095 {\isafoldproof}%
  3096 %
  3097 \isadelimproof
  3098 %
  3099 \endisadelimproof
  3100 %
  3101 \isamarkupsubsubsection{Specific HOL code generators%
  3102 }
  3103 \isamarkuptrue%
  3104 %
  3105 \begin{isamarkuptext}%
  3106 The basic code generator framework offered by Isabelle/Pure
  3107   has already been extended with additional code generators for
  3108   specific HOL constructs. These include datatypes, recursive
  3109   functions and inductive relations. The code generator for inductive
  3110   relations can handle expressions of the form \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}t\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ t\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{22}{\isachardoublequote}}}, where \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{22}{\isachardoublequote}}} is an inductively defined relation. If at
  3111   least one of the \isa{{\isaliteral{22}{\isachardoublequote}}t\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} is a dummy pattern ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{22}{\isachardoublequote}}}'',
  3112   the above expression evaluates to a sequence of possible answers. If
  3113   all of the \isa{{\isaliteral{22}{\isachardoublequote}}t\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} are proper terms, the expression evaluates
  3114   to a boolean value.
  3115 
  3116   The following example demonstrates this for beta-reduction on lambda
  3117   terms (see also \verb|~~/src/HOL/Proofs/Lambda/Lambda.thy|).%
  3118 \end{isamarkuptext}%
  3119 \isamarkuptrue%
  3120 \isacommand{datatype}\isamarkupfalse%
  3121 \ dB\ {\isaliteral{3D}{\isacharequal}}\isanewline
  3122 \ \ \ \ Var\ nat\isanewline
  3123 \ \ {\isaliteral{7C}{\isacharbar}}\ App\ dB\ dB\ \ {\isaliteral{28}{\isacharparenleft}}\isakeyword{infixl}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6465677265653E}{\isasymdegree}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isadigit{2}}{\isadigit{0}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
  3124 \ \ {\isaliteral{7C}{\isacharbar}}\ Abs\ dB\isanewline
  3125 \isanewline
  3126 \isacommand{primrec}\isamarkupfalse%
  3127 \ lift\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}dB\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ dB{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3128 \isakeyword{where}\isanewline
  3129 \ \ \ \ {\isaliteral{22}{\isachardoublequoteopen}}lift\ {\isaliteral{28}{\isacharparenleft}}Var\ i{\isaliteral{29}{\isacharparenright}}\ k\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}if\ i\ {\isaliteral{3C}{\isacharless}}\ k\ then\ Var\ i\ else\ Var\ {\isaliteral{28}{\isacharparenleft}}i\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{1}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3130 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}lift\ {\isaliteral{28}{\isacharparenleft}}s\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ t{\isaliteral{29}{\isacharparenright}}\ k\ {\isaliteral{3D}{\isacharequal}}\ lift\ s\ k\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ lift\ t\ k{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3131 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}lift\ {\isaliteral{28}{\isacharparenleft}}Abs\ s{\isaliteral{29}{\isacharparenright}}\ k\ {\isaliteral{3D}{\isacharequal}}\ Abs\ {\isaliteral{28}{\isacharparenleft}}lift\ s\ {\isaliteral{28}{\isacharparenleft}}k\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{1}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3132 \isanewline
  3133 \isacommand{primrec}\isamarkupfalse%
  3134 \ subst\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}dB\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ dB\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ dB{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{27}{\isacharprime}}{\isaliteral{2F}{\isacharslash}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{3}}{\isadigit{0}}{\isadigit{0}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{0}}{\isaliteral{2C}{\isacharcomma}}\ {\isadigit{0}}{\isaliteral{5D}{\isacharbrackright}}\ {\isadigit{3}}{\isadigit{0}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
  3135 \isakeyword{where}\isanewline
  3136 \ \ \ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}Var\ i{\isaliteral{29}{\isacharparenright}}{\isaliteral{5B}{\isacharbrackleft}}s{\isaliteral{2F}{\isacharslash}}k{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\isanewline
  3137 \ \ \ \ \ \ {\isaliteral{28}{\isacharparenleft}}if\ k\ {\isaliteral{3C}{\isacharless}}\ i\ then\ Var\ {\isaliteral{28}{\isacharparenleft}}i\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ else\ if\ i\ {\isaliteral{3D}{\isacharequal}}\ k\ then\ s\ else\ Var\ i{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3138 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}t\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ u{\isaliteral{29}{\isacharparenright}}{\isaliteral{5B}{\isacharbrackleft}}s{\isaliteral{2F}{\isacharslash}}k{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ t{\isaliteral{5B}{\isacharbrackleft}}s{\isaliteral{2F}{\isacharslash}}k{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ u{\isaliteral{5B}{\isacharbrackleft}}s{\isaliteral{2F}{\isacharslash}}k{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3139 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}Abs\ t{\isaliteral{29}{\isacharparenright}}{\isaliteral{5B}{\isacharbrackleft}}s{\isaliteral{2F}{\isacharslash}}k{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ Abs\ {\isaliteral{28}{\isacharparenleft}}t{\isaliteral{5B}{\isacharbrackleft}}lift\ s\ {\isadigit{0}}\ {\isaliteral{2F}{\isacharslash}}\ k{\isaliteral{2B}{\isacharplus}}{\isadigit{1}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3140 \isanewline
  3141 \isacommand{inductive}\isamarkupfalse%
  3142 \ beta\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}dB\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ dB\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{28}{\isacharparenleft}}\isakeyword{infixl}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isadigit{5}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
  3143 \isakeyword{where}\isanewline
  3144 \ \ \ \ beta{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}Abs\ s\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ t\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ s{\isaliteral{5B}{\isacharbrackleft}}t{\isaliteral{2F}{\isacharslash}}{\isadigit{0}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3145 \ \ {\isaliteral{7C}{\isacharbar}}\ appL{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}s\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ t\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ s\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ u\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ t\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ u{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3146 \ \ {\isaliteral{7C}{\isacharbar}}\ appR{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}s\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ t\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ u\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ s\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ u\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ t{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3147 \ \ {\isaliteral{7C}{\isacharbar}}\ abs{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}s\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ t\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ Abs\ s\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ Abs\ t{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3148 \isanewline
  3149 \isacommand{code{\isaliteral{5F}{\isacharunderscore}}module}\isamarkupfalse%
  3150 \ Test\isanewline
  3151 \isakeyword{contains}\isanewline
  3152 \ \ test{\isadigit{1}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}Abs\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ Var\ {\isadigit{0}}\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ Var\ {\isadigit{0}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  3153 \ \ test{\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}Abs\ {\isaliteral{28}{\isacharparenleft}}Abs\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isadigit{0}}\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ Var\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ {\isaliteral{28}{\isacharparenleft}}Abs\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6465677265653E}{\isasymdegree}}\ Var\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isaliteral{5C3C626574613E}{\isasymbeta}}\ {\isaliteral{5F}{\isacharunderscore}}{\isaliteral{22}{\isachardoublequoteclose}}%
  3154 \begin{isamarkuptext}%
  3155 In the above example, \verb|Test.test1| evaluates to a boolean,
  3156   whereas \verb|Test.test2| is a lazy sequence whose elements can be
  3157   inspected separately.%
  3158 \end{isamarkuptext}%
  3159 \isamarkuptrue%
  3160 %
  3161 \isadelimML
  3162 %
  3163 \endisadelimML
  3164 %
  3165 \isatagML
  3166 \isacommand{ML}\isamarkupfalse%
  3167 \ {\isaliteral{7B2A}{\isacharverbatimopen}}\ %
  3168 \isaantiq
  3169 assert{}%
  3170 \endisaantiq
  3171 \ Test{\isaliteral{2E}{\isachardot}}test{\isadigit{1}}\ {\isaliteral{2A7D}{\isacharverbatimclose}}\isanewline
  3172 \isacommand{ML}\isamarkupfalse%
  3173 \ {\isaliteral{7B2A}{\isacharverbatimopen}}\ val\ results\ {\isaliteral{3D}{\isacharequal}}\ DSeq{\isaliteral{2E}{\isachardot}}list{\isaliteral{5F}{\isacharunderscore}}of\ Test{\isaliteral{2E}{\isachardot}}test{\isadigit{2}}\ {\isaliteral{2A7D}{\isacharverbatimclose}}\isanewline
  3174 \isacommand{ML}\isamarkupfalse%
  3175 \ {\isaliteral{7B2A}{\isacharverbatimopen}}\ %
  3176 \isaantiq
  3177 assert{}%
  3178 \endisaantiq
  3179 \ {\isaliteral{28}{\isacharparenleft}}length\ results\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2A7D}{\isacharverbatimclose}}%
  3180 \endisatagML
  3181 {\isafoldML}%
  3182 %
  3183 \isadelimML
  3184 %
  3185 \endisadelimML
  3186 %
  3187 \begin{isamarkuptext}%
  3188 \medskip The theory underlying the HOL code generator is described
  3189   more detailed in \cite{Berghofer-Nipkow:2002}. More examples that
  3190   illustrate the usage of the code generator can be found e.g.\ in
  3191   \verb|~~/src/HOL/MicroJava/J/JListExample.thy| and \verb|~~/src/HOL/MicroJava/JVM/JVMListExample.thy|.%
  3192 \end{isamarkuptext}%
  3193 \isamarkuptrue%
  3194 %
  3195 \isamarkupsection{Definition by specification \label{sec:hol-specification}%
  3196 }
  3197 \isamarkuptrue%
  3198 %
  3199 \begin{isamarkuptext}%
  3200 \begin{matharray}{rcl}
  3201     \indexdef{HOL}{command}{specification}\hypertarget{command.HOL.specification}{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  3202     \indexdef{HOL}{command}{ax\_specification}\hypertarget{command.HOL.ax-specification}{\hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  3203   \end{matharray}
  3204 
  3205   \begin{railoutput}
  3206 \rail@begin{6}{}
  3207 \rail@bar
  3208 \rail@term{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}}[]
  3209 \rail@nextbar{1}
  3210 \rail@term{\hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}}[]
  3211 \rail@endbar
  3212 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  3213 \rail@plus
  3214 \rail@nont{\isa{decl}}[]
  3215 \rail@nextplus{1}
  3216 \rail@endplus
  3217 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  3218 \rail@cr{3}
  3219 \rail@plus
  3220 \rail@bar
  3221 \rail@nextbar{4}
  3222 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
  3223 \rail@endbar
  3224 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  3225 \rail@nextplus{5}
  3226 \rail@endplus
  3227 \rail@end
  3228 \rail@begin{2}{\isa{decl}}
  3229 \rail@bar
  3230 \rail@nextbar{1}
  3231 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  3232 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  3233 \rail@endbar
  3234 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  3235 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  3236 \rail@term{\isa{\isakeyword{overloaded}}}[]
  3237 \rail@bar
  3238 \rail@nextbar{1}
  3239 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  3240 \rail@endbar
  3241 \rail@end
  3242 \end{railoutput}
  3243 
  3244 
  3245   \begin{description}
  3246 
  3247   \item \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}decls\ {\isaliteral{5C3C7068693E}{\isasymphi}}{\isaliteral{22}{\isachardoublequote}}} sets up a
  3248   goal stating the existence of terms with the properties specified to
  3249   hold for the constants given in \isa{decls}.  After finishing the
  3250   proof, the theory will be augmented with definitions for the given
  3251   constants, as well as with theorems stating the properties for these
  3252   constants.
  3253 
  3254   \item \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}decls\ {\isaliteral{5C3C7068693E}{\isasymphi}}{\isaliteral{22}{\isachardoublequote}}} sets up
  3255   a goal stating the existence of terms with the properties specified
  3256   to hold for the constants given in \isa{decls}.  After finishing
  3257   the proof, the theory will be augmented with axioms expressing the
  3258   properties given in the first place.
  3259 
  3260   \item \isa{decl} declares a constant to be defined by the
  3261   specification given.  The definition for the constant \isa{c} is
  3262   bound to the name \isa{c{\isaliteral{5F}{\isacharunderscore}}def} unless a theorem name is given in
  3263   the declaration.  Overloaded constants should be declared as such.
  3264 
  3265   \end{description}
  3266 
  3267   Whether to use \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} or \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}} is to some extent a matter of style.  \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} introduces no new axioms, and so by
  3268   construction cannot introduce inconsistencies, whereas \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}} does introduce axioms, but only after the
  3269   user has explicitly proven it to be safe.  A practical issue must be
  3270   considered, though: After introducing two constants with the same
  3271   properties using \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}, one can prove
  3272   that the two constants are, in fact, equal.  If this might be a
  3273   problem, one should use \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}.%
  3274 \end{isamarkuptext}%
  3275 \isamarkuptrue%
  3276 %
  3277 \isadelimtheory
  3278 %
  3279 \endisadelimtheory
  3280 %
  3281 \isatagtheory
  3282 \isacommand{end}\isamarkupfalse%
  3283 %
  3284 \endisatagtheory
  3285 {\isafoldtheory}%
  3286 %
  3287 \isadelimtheory
  3288 %
  3289 \endisadelimtheory
  3290 \isanewline
  3291 \end{isabellebody}%
  3292 %%% Local Variables:
  3293 %%% mode: latex
  3294 %%% TeX-master: "root"
  3295 %%% End: