1.1 --- a/doc-src/IsarRef/IsaMakefile Sun May 04 21:34:44 2008 +0200
1.2 +++ b/doc-src/IsarRef/IsaMakefile Mon May 05 15:23:21 2008 +0200
1.3 @@ -22,7 +22,7 @@
1.4 Thy: $(LOG)/HOL-Thy.gz
1.5
1.6 $(LOG)/HOL-Thy.gz: Thy/ROOT.ML ../antiquote_setup.ML Thy/intro.thy \
1.7 - Thy/pure.thy Thy/syntax.thy Thy/Quick_Reference.thy
1.8 + Thy/syntax.thy Thy/pure.thy Thy/Generic.thy Thy/Quick_Reference.thy
1.9 @$(USEDIR) HOL Thy
1.10
1.11
2.1 --- a/doc-src/IsarRef/Makefile Sun May 04 21:34:44 2008 +0200
2.2 +++ b/doc-src/IsarRef/Makefile Mon May 05 15:23:21 2008 +0200
2.3 @@ -14,7 +14,7 @@
2.4 NAME = isar-ref
2.5
2.6 FILES = isar-ref.tex Thy/document/intro.tex basics.tex Thy/document/syntax.tex \
2.7 - Thy/document/pure.tex generic.tex logics.tex Thy/document/Quick_Reference.tex \
2.8 + Thy/document/pure.tex Thy/document/Generic.tex logics.tex Thy/document/Quick_Reference.tex \
2.9 conversion.tex \
2.10 ../isar.sty ../rail.sty ../railsetup.sty ../proof.sty \
2.11 ../iman.sty ../extra.sty ../ttbox.sty ../manual.bib
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2 +++ b/doc-src/IsarRef/Thy/Generic.thy Mon May 05 15:23:21 2008 +0200
3.3 @@ -0,0 +1,2062 @@
3.4 +(* $Id$ *)
3.5 +
3.6 +theory Generic
3.7 +imports CPure
3.8 +begin
3.9 +
3.10 +chapter {* Generic tools and packages \label{ch:gen-tools} *}
3.11 +
3.12 +section {* Specification commands *}
3.13 +
3.14 +subsection {* Derived specifications *}
3.15 +
3.16 +text {*
3.17 + \begin{matharray}{rcll}
3.18 + @{command_def "axiomatization"} & : & \isarkeep{local{\dsh}theory} & (axiomatic!)\\
3.19 + @{command_def "definition"} & : & \isarkeep{local{\dsh}theory} \\
3.20 + @{attribute_def "defn"} & : & \isaratt \\
3.21 + @{command_def "abbreviation"} & : & \isarkeep{local{\dsh}theory} \\
3.22 + @{command_def "print_abbrevs"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.23 + @{command_def "notation"} & : & \isarkeep{local{\dsh}theory} \\
3.24 + @{command_def "no_notation"} & : & \isarkeep{local{\dsh}theory} \\
3.25 + \end{matharray}
3.26 +
3.27 + These specification mechanisms provide a slightly more abstract view
3.28 + than the underlying primitives of @{command "consts"}, @{command
3.29 + "defs"} (see \secref{sec:consts}), and @{command "axioms"} (see
3.30 + \secref{sec:axms-thms}). In particular, type-inference is commonly
3.31 + available, and result names need not be given.
3.32 +
3.33 + \begin{rail}
3.34 + 'axiomatization' target? fixes? ('where' specs)?
3.35 + ;
3.36 + 'definition' target? (decl 'where')? thmdecl? prop
3.37 + ;
3.38 + 'abbreviation' target? mode? (decl 'where')? prop
3.39 + ;
3.40 + ('notation' | 'no\_notation') target? mode? (nameref structmixfix + 'and')
3.41 + ;
3.42 +
3.43 + fixes: ((name ('::' type)? mixfix? | vars) + 'and')
3.44 + ;
3.45 + specs: (thmdecl? props + 'and')
3.46 + ;
3.47 + decl: name ('::' type)? mixfix?
3.48 + ;
3.49 + \end{rail}
3.50 +
3.51 + \begin{descr}
3.52 +
3.53 + \item [@{command "axiomatization"}~@{text "c\<^sub>1 \<dots> c\<^sub>m
3.54 + \<WHERE> \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"}] introduces several constants
3.55 + simultaneously and states axiomatic properties for these. The
3.56 + constants are marked as being specified once and for all, which
3.57 + prevents additional specifications being issued later on.
3.58 +
3.59 + Note that axiomatic specifications are only appropriate when
3.60 + declaring a new logical system. Normal applications should only use
3.61 + definitional mechanisms!
3.62 +
3.63 + \item [@{command "definition"}~@{text "c \<WHERE> eq"}] produces an
3.64 + internal definition @{text "c \<equiv> t"} according to the specification
3.65 + given as @{text eq}, which is then turned into a proven fact. The
3.66 + given proposition may deviate from internal meta-level equality
3.67 + according to the rewrite rules declared as @{attribute defn} by the
3.68 + object-logic. This typically covers object-level equality @{text "x
3.69 + = t"} and equivalence @{text "A \<leftrightarrow> B"}. End-users normally need not
3.70 + change the @{attribute defn} setup.
3.71 +
3.72 + Definitions may be presented with explicit arguments on the LHS, as
3.73 + well as additional conditions, e.g.\ @{text "f x y = t"} instead of
3.74 + @{text "f \<equiv> \<lambda>x y. t"} and @{text "y \<noteq> 0 \<Longrightarrow> g x y = u"} instead of an
3.75 + unrestricted @{text "g \<equiv> \<lambda>x y. u"}.
3.76 +
3.77 + \item [@{command "abbreviation"}~@{text "c \<WHERE> eq"}] introduces
3.78 + a syntactic constant which is associated with a certain term
3.79 + according to the meta-level equality @{text eq}.
3.80 +
3.81 + Abbreviations participate in the usual type-inference process, but
3.82 + are expanded before the logic ever sees them. Pretty printing of
3.83 + terms involves higher-order rewriting with rules stemming from
3.84 + reverted abbreviations. This needs some care to avoid overlapping
3.85 + or looping syntactic replacements!
3.86 +
3.87 + The optional @{text mode} specification restricts output to a
3.88 + particular print mode; using ``@{text input}'' here achieves the
3.89 + effect of one-way abbreviations. The mode may also include an
3.90 + ``@{keyword "output"}'' qualifier that affects the concrete syntax
3.91 + declared for abbreviations, cf.\ @{command "syntax"} in
3.92 + \secref{sec:syn-trans}.
3.93 +
3.94 + \item [@{command "print_abbrevs"}] prints all constant abbreviations
3.95 + of the current context.
3.96 +
3.97 + \item [@{command "notation"}~@{text "c (mx)"}] associates mixfix
3.98 + syntax with an existing constant or fixed variable. This is a
3.99 + robust interface to the underlying @{command "syntax"} primitive
3.100 + (\secref{sec:syn-trans}). Type declaration and internal syntactic
3.101 + representation of the given entity is retrieved from the context.
3.102 +
3.103 + \item [@{command "no_notation"}] is similar to @{command
3.104 + "notation"}, but removes the specified syntax annotation from the
3.105 + present context.
3.106 +
3.107 + \end{descr}
3.108 +
3.109 + All of these specifications support local theory targets (cf.\
3.110 + \secref{sec:target}).
3.111 +*}
3.112 +
3.113 +
3.114 +subsection {* Generic declarations *}
3.115 +
3.116 +text {*
3.117 + Arbitrary operations on the background context may be wrapped-up as
3.118 + generic declaration elements. Since the underlying concept of local
3.119 + theories may be subject to later re-interpretation, there is an
3.120 + additional dependency on a morphism that tells the difference of the
3.121 + original declaration context wrt.\ the application context
3.122 + encountered later on. A fact declaration is an important special
3.123 + case: it consists of a theorem which is applied to the context by
3.124 + means of an attribute.
3.125 +
3.126 + \begin{matharray}{rcl}
3.127 + @{command_def "declaration"} & : & \isarkeep{local{\dsh}theory} \\
3.128 + @{command_def "declare"} & : & \isarkeep{local{\dsh}theory} \\
3.129 + \end{matharray}
3.130 +
3.131 + \begin{rail}
3.132 + 'declaration' target? text
3.133 + ;
3.134 + 'declare' target? (thmrefs + 'and')
3.135 + ;
3.136 + \end{rail}
3.137 +
3.138 + \begin{descr}
3.139 +
3.140 + \item [@{command "declaration"}~@{text d}] adds the declaration
3.141 + function @{text d} of ML type @{ML_type declaration}, to the current
3.142 + local theory under construction. In later application contexts, the
3.143 + function is transformed according to the morphisms being involved in
3.144 + the interpretation hierarchy.
3.145 +
3.146 + \item [@{command "declare"}~@{text thms}] declares theorems to the
3.147 + current local theory context. No theorem binding is involved here,
3.148 + unlike @{command "theorems"} or @{command "lemmas"} (cf.\
3.149 + \secref{sec:axms-thms}), so @{command "declare"} only has the effect
3.150 + of applying attributes as included in the theorem specification.
3.151 +
3.152 + \end{descr}
3.153 +*}
3.154 +
3.155 +
3.156 +subsection {* Local theory targets \label{sec:target} *}
3.157 +
3.158 +text {*
3.159 + A local theory target is a context managed separately within the
3.160 + enclosing theory. Contexts may introduce parameters (fixed
3.161 + variables) and assumptions (hypotheses). Definitions and theorems
3.162 + depending on the context may be added incrementally later on. Named
3.163 + contexts refer to locales (cf.\ \secref{sec:locale}) or type classes
3.164 + (cf.\ \secref{sec:class}); the name ``@{text "-"}'' signifies the
3.165 + global theory context.
3.166 +
3.167 + \begin{matharray}{rcll}
3.168 + @{command_def "context"} & : & \isartrans{theory}{local{\dsh}theory} \\
3.169 + @{command_def "end"} & : & \isartrans{local{\dsh}theory}{theory} \\
3.170 + \end{matharray}
3.171 +
3.172 + \indexouternonterm{target}
3.173 + \begin{rail}
3.174 + 'context' name 'begin'
3.175 + ;
3.176 +
3.177 + target: '(' 'in' name ')'
3.178 + ;
3.179 + \end{rail}
3.180 +
3.181 + \begin{descr}
3.182 +
3.183 + \item [@{command "context"}~@{text "c \<BEGIN>"}] recommences an
3.184 + existing locale or class context @{text c}. Note that locale and
3.185 + class definitions allow to include the @{keyword_ref "begin"}
3.186 + keyword as well, in order to continue the local theory immediately
3.187 + after the initial specification.
3.188 +
3.189 + \item [@{command "end"}] concludes the current local theory and
3.190 + continues the enclosing global theory. Note that a non-local
3.191 + @{command "end"} has a different meaning: it concludes the theory
3.192 + itself (\secref{sec:begin-thy}).
3.193 +
3.194 + \item [@{text "(\<IN> c)"}] given after any local theory command
3.195 + specifies an immediate target, e.g.\ ``@{command
3.196 + "definition"}~@{text "(\<IN> c) \<dots>"}'' or ``@{command
3.197 + "theorem"}~@{text "(\<IN> c) \<dots>"}''. This works both in a local or
3.198 + global theory context; the current target context will be suspended
3.199 + for this command only. Note that @{text "(\<IN> -)"} will always
3.200 + produce a global result independently of the current target context.
3.201 +
3.202 + \end{descr}
3.203 +
3.204 + The exact meaning of results produced within a local theory context
3.205 + depends on the underlying target infrastructure (locale, type class
3.206 + etc.). The general idea is as follows, considering a context named
3.207 + @{text c} with parameter @{text x} and assumption @{text "A[x]"}.
3.208 +
3.209 + Definitions are exported by introducing a global version with
3.210 + additional arguments; a syntactic abbreviation links the long form
3.211 + with the abstract version of the target context. For example,
3.212 + @{text "a \<equiv> t[x]"} becomes @{text "c.a ?x \<equiv> t[?x]"} at the theory
3.213 + level (for arbitrary @{text "?x"}), together with a local
3.214 + abbreviation @{text "c \<equiv> c.a x"} in the target context (for the
3.215 + fixed parameter @{text x}).
3.216 +
3.217 + Theorems are exported by discharging the assumptions and
3.218 + generalizing the parameters of the context. For example, @{text "a:
3.219 + B[x]"} becomes @{text "c.a: A[?x] \<Longrightarrow> B[?x]"} (again for arbitrary
3.220 + @{text "?x"}).
3.221 +*}
3.222 +
3.223 +
3.224 +subsection {* Locales \label{sec:locale} *}
3.225 +
3.226 +text {*
3.227 + Locales are named local contexts, consisting of a list of
3.228 + declaration elements that are modeled after the Isar proof context
3.229 + commands (cf.\ \secref{sec:proof-context}).
3.230 +*}
3.231 +
3.232 +
3.233 +subsubsection {* Locale specifications *}
3.234 +
3.235 +text {*
3.236 + \begin{matharray}{rcl}
3.237 + @{command_def "locale"} & : & \isartrans{theory}{local{\dsh}theory} \\
3.238 + @{command_def "print_locale"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.239 + @{command_def "print_locales"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.240 + @{method_def intro_locales} & : & \isarmeth \\
3.241 + @{method_def unfold_locales} & : & \isarmeth \\
3.242 + \end{matharray}
3.243 +
3.244 + \indexouternonterm{contextexpr}\indexouternonterm{contextelem}
3.245 + \indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes}
3.246 + \indexisarelem{defines}\indexisarelem{notes}\indexisarelem{includes}
3.247 + \begin{rail}
3.248 + 'locale' ('(open)')? name ('=' localeexpr)? 'begin'?
3.249 + ;
3.250 + 'print\_locale' '!'? localeexpr
3.251 + ;
3.252 + localeexpr: ((contextexpr '+' (contextelem+)) | contextexpr | (contextelem+))
3.253 + ;
3.254 +
3.255 + contextexpr: nameref | '(' contextexpr ')' |
3.256 + (contextexpr (name mixfix? +)) | (contextexpr + '+')
3.257 + ;
3.258 + contextelem: fixes | constrains | assumes | defines | notes
3.259 + ;
3.260 + fixes: 'fixes' ((name ('::' type)? structmixfix? | vars) + 'and')
3.261 + ;
3.262 + constrains: 'constrains' (name '::' type + 'and')
3.263 + ;
3.264 + assumes: 'assumes' (thmdecl? props + 'and')
3.265 + ;
3.266 + defines: 'defines' (thmdecl? prop proppat? + 'and')
3.267 + ;
3.268 + notes: 'notes' (thmdef? thmrefs + 'and')
3.269 + ;
3.270 + includes: 'includes' contextexpr
3.271 + ;
3.272 + \end{rail}
3.273 +
3.274 + \begin{descr}
3.275 +
3.276 + \item [@{command "locale"}~@{text "loc = import + body"}] defines a
3.277 + new locale @{text loc} as a context consisting of a certain view of
3.278 + existing locales (@{text import}) plus some additional elements
3.279 + (@{text body}). Both @{text import} and @{text body} are optional;
3.280 + the degenerate form @{command "locale"}~@{text loc} defines an empty
3.281 + locale, which may still be useful to collect declarations of facts
3.282 + later on. Type-inference on locale expressions automatically takes
3.283 + care of the most general typing that the combined context elements
3.284 + may acquire.
3.285 +
3.286 + The @{text import} consists of a structured context expression,
3.287 + consisting of references to existing locales, renamed contexts, or
3.288 + merged contexts. Renaming uses positional notation: @{text "c
3.289 + x\<^sub>1 \<dots> x\<^sub>n"} means that (a prefix of) the fixed
3.290 + parameters of context @{text c} are named @{text "x\<^sub>1, \<dots>,
3.291 + x\<^sub>n"}; a ``@{text _}'' (underscore) means to skip that
3.292 + position. Renaming by default deletes concrete syntax, but new
3.293 + syntax may by specified with a mixfix annotation. An exeption of
3.294 + this rule is the special syntax declared with ``@{text
3.295 + "(\<STRUCTURE>)"}'' (see below), which is neither deleted nor can it
3.296 + be changed. Merging proceeds from left-to-right, suppressing any
3.297 + duplicates stemming from different paths through the import
3.298 + hierarchy.
3.299 +
3.300 + The @{text body} consists of basic context elements, further context
3.301 + expressions may be included as well.
3.302 +
3.303 + \begin{descr}
3.304 +
3.305 + \item [@{element "fixes"}~@{text "x :: \<tau> (mx)"}] declares a local
3.306 + parameter of type @{text \<tau>} and mixfix annotation @{text mx} (both
3.307 + are optional). The special syntax declaration ``@{text
3.308 + "(\<STRUCTURE>)"}'' means that @{text x} may be referenced
3.309 + implicitly in this context.
3.310 +
3.311 + \item [@{element "constrains"}~@{text "x :: \<tau>"}] introduces a type
3.312 + constraint @{text \<tau>} on the local parameter @{text x}.
3.313 +
3.314 + \item [@{element "assumes"}~@{text "a: \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"}]
3.315 + introduces local premises, similar to @{command "assume"} within a
3.316 + proof (cf.\ \secref{sec:proof-context}).
3.317 +
3.318 + \item [@{element "defines"}~@{text "a: x \<equiv> t"}] defines a previously
3.319 + declared parameter. This is close to @{command "def"} within a
3.320 + proof (cf.\ \secref{sec:proof-context}), but @{element "defines"}
3.321 + takes an equational proposition instead of variable-term pair. The
3.322 + left-hand side of the equation may have additional arguments, e.g.\
3.323 + ``@{element "defines"}~@{text "f x\<^sub>1 \<dots> x\<^sub>n \<equiv> t"}''.
3.324 +
3.325 + \item [@{element "notes"}~@{text "a = b\<^sub>1 \<dots> b\<^sub>n"}]
3.326 + reconsiders facts within a local context. Most notably, this may
3.327 + include arbitrary declarations in any attribute specifications
3.328 + included here, e.g.\ a local @{attribute simp} rule.
3.329 +
3.330 + \item [@{element "includes"}~@{text c}] copies the specified context
3.331 + in a statically scoped manner. Only available in the long goal
3.332 + format of \secref{sec:goals}.
3.333 +
3.334 + In contrast, the initial @{text import} specification of a locale
3.335 + expression maintains a dynamic relation to the locales being
3.336 + referenced (benefiting from any later fact declarations in the
3.337 + obvious manner).
3.338 +
3.339 + \end{descr}
3.340 +
3.341 + Note that ``@{text "(\<IS> p\<^sub>1 \<dots> p\<^sub>n)"}'' patterns given
3.342 + in the syntax of @{element "assumes"} and @{element "defines"} above
3.343 + are illegal in locale definitions. In the long goal format of
3.344 + \secref{sec:goals}, term bindings may be included as expected,
3.345 + though.
3.346 +
3.347 + \medskip By default, locale specifications are ``closed up'' by
3.348 + turning the given text into a predicate definition @{text
3.349 + loc_axioms} and deriving the original assumptions as local lemmas
3.350 + (modulo local definitions). The predicate statement covers only the
3.351 + newly specified assumptions, omitting the content of included locale
3.352 + expressions. The full cumulative view is only provided on export,
3.353 + involving another predicate @{text loc} that refers to the complete
3.354 + specification text.
3.355 +
3.356 + In any case, the predicate arguments are those locale parameters
3.357 + that actually occur in the respective piece of text. Also note that
3.358 + these predicates operate at the meta-level in theory, but the locale
3.359 + packages attempts to internalize statements according to the
3.360 + object-logic setup (e.g.\ replacing @{text \<And>} by @{text \<forall>}, and
3.361 + @{text "\<Longrightarrow>"} by @{text "\<longrightarrow>"} in HOL; see also
3.362 + \secref{sec:object-logic}). Separate introduction rules @{text
3.363 + loc_axioms.intro} and @{text loc.intro} are provided as well.
3.364 +
3.365 + The @{text "(open)"} option of a locale specification prevents both
3.366 + the current @{text loc_axioms} and cumulative @{text loc} predicate
3.367 + constructions. Predicates are also omitted for empty specification
3.368 + texts.
3.369 +
3.370 + \item [@{command "print_locale"}~@{text "import + body"}] prints the
3.371 + specified locale expression in a flattened form. The notable
3.372 + special case @{command "print_locale"}~@{text loc} just prints the
3.373 + contents of the named locale, but keep in mind that type-inference
3.374 + will normalize type variables according to the usual alphabetical
3.375 + order. The command omits @{element "notes"} elements by default.
3.376 + Use @{command "print_locale"}@{text "!"} to get them included.
3.377 +
3.378 + \item [@{command "print_locales"}] prints the names of all locales
3.379 + of the current theory.
3.380 +
3.381 + \item [@{method intro_locales} and @{method unfold_locales}]
3.382 + repeatedly expand all introduction rules of locale predicates of the
3.383 + theory. While @{method intro_locales} only applies the @{text
3.384 + loc.intro} introduction rules and therefore does not decend to
3.385 + assumptions, @{method unfold_locales} is more aggressive and applies
3.386 + @{text loc_axioms.intro} as well. Both methods are aware of locale
3.387 + specifications entailed by the context, both from target and
3.388 + @{element "includes"} statements, and from interpretations (see
3.389 + below). New goals that are entailed by the current context are
3.390 + discharged automatically.
3.391 +
3.392 + \end{descr}
3.393 +*}
3.394 +
3.395 +
3.396 +subsubsection {* Interpretation of locales *}
3.397 +
3.398 +text {*
3.399 + Locale expressions (more precisely, \emph{context expressions}) may
3.400 + be instantiated, and the instantiated facts added to the current
3.401 + context. This requires a proof of the instantiated specification
3.402 + and is called \emph{locale interpretation}. Interpretation is
3.403 + possible in theories and locales (command @{command
3.404 + "interpretation"}) and also within a proof body (@{command
3.405 + "interpret"}).
3.406 +
3.407 + \begin{matharray}{rcl}
3.408 + @{command_def "interpretation"} & : & \isartrans{theory}{proof(prove)} \\
3.409 + @{command_def "interpret"} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
3.410 + @{command_def "print_interps"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.411 + \end{matharray}
3.412 +
3.413 + \indexouternonterm{interp}
3.414 + \begin{rail}
3.415 + 'interpretation' (interp | name ('<' | subseteq) contextexpr)
3.416 + ;
3.417 + 'interpret' interp
3.418 + ;
3.419 + 'print\_interps' '!'? name
3.420 + ;
3.421 + instantiation: ('[' (inst+) ']')?
3.422 + ;
3.423 + interp: thmdecl? \\ (contextexpr instantiation |
3.424 + name instantiation 'where' (thmdecl? prop + 'and'))
3.425 + ;
3.426 + \end{rail}
3.427 +
3.428 + \begin{descr}
3.429 +
3.430 + \item [@{command "interpretation"}~@{text "expr insts \<WHERE> eqns"}]
3.431 +
3.432 + The first form of @{command "interpretation"} interprets @{text
3.433 + expr} in the theory. The instantiation is given as a list of terms
3.434 + @{text insts} and is positional. All parameters must receive an
3.435 + instantiation term --- with the exception of defined parameters.
3.436 + These are, if omitted, derived from the defining equation and other
3.437 + instantiations. Use ``@{text _}'' to omit an instantiation term.
3.438 + Free variables are automatically generalized.
3.439 +
3.440 + The command generates proof obligations for the instantiated
3.441 + specifications (assumes and defines elements). Once these are
3.442 + discharged by the user, instantiated facts are added to the theory
3.443 + in a post-processing phase.
3.444 +
3.445 + Additional equations, which are unfolded in facts during
3.446 + post-processing, may be given after the keyword @{keyword "where"}.
3.447 + This is useful for interpreting concepts introduced through
3.448 + definition specification elements. The equations must be proved.
3.449 + Note that if equations are present, the context expression is
3.450 + restricted to a locale name.
3.451 +
3.452 + The command is aware of interpretations already active in the
3.453 + theory. No proof obligations are generated for those, neither is
3.454 + post-processing applied to their facts. This avoids duplication of
3.455 + interpreted facts, in particular. Note that, in the case of a
3.456 + locale with import, parts of the interpretation may already be
3.457 + active. The command will only generate proof obligations and
3.458 + process facts for new parts.
3.459 +
3.460 + The context expression may be preceded by a name and/or attributes.
3.461 + These take effect in the post-processing of facts. The name is used
3.462 + to prefix fact names, for example to avoid accidental hiding of
3.463 + other facts. Attributes are applied after attributes of the
3.464 + interpreted facts.
3.465 +
3.466 + Adding facts to locales has the effect of adding interpreted facts
3.467 + to the theory for all active interpretations also. That is,
3.468 + interpretations dynamically participate in any facts added to
3.469 + locales.
3.470 +
3.471 + \item [@{command "interpretation"}~@{text "name \<subseteq> expr"}]
3.472 +
3.473 + This form of the command interprets @{text expr} in the locale
3.474 + @{text name}. It requires a proof that the specification of @{text
3.475 + name} implies the specification of @{text expr}. As in the
3.476 + localized version of the theorem command, the proof is in the
3.477 + context of @{text name}. After the proof obligation has been
3.478 + dischared, the facts of @{text expr} become part of locale @{text
3.479 + name} as \emph{derived} context elements and are available when the
3.480 + context @{text name} is subsequently entered. Note that, like
3.481 + import, this is dynamic: facts added to a locale part of @{text
3.482 + expr} after interpretation become also available in @{text name}.
3.483 + Like facts of renamed context elements, facts obtained by
3.484 + interpretation may be accessed by prefixing with the parameter
3.485 + renaming (where the parameters are separated by ``@{text _}'').
3.486 +
3.487 + Unlike interpretation in theories, instantiation is confined to the
3.488 + renaming of parameters, which may be specified as part of the
3.489 + context expression @{text expr}. Using defined parameters in @{text
3.490 + name} one may achieve an effect similar to instantiation, though.
3.491 +
3.492 + Only specification fragments of @{text expr} that are not already
3.493 + part of @{text name} (be it imported, derived or a derived fragment
3.494 + of the import) are considered by interpretation. This enables
3.495 + circular interpretations.
3.496 +
3.497 + If interpretations of @{text name} exist in the current theory, the
3.498 + command adds interpretations for @{text expr} as well, with the same
3.499 + prefix and attributes, although only for fragments of @{text expr}
3.500 + that are not interpreted in the theory already.
3.501 +
3.502 + \item [@{command "interpret"}~@{text "expr insts \<WHERE> eqns"}]
3.503 + interprets @{text expr} in the proof context and is otherwise
3.504 + similar to interpretation in theories. Free variables in
3.505 + instantiations are not generalized, however.
3.506 +
3.507 + \item [@{command "print_interps"}~@{text loc}] prints the
3.508 + interpretations of a particular locale @{text loc} that are active
3.509 + in the current context, either theory or proof context. The
3.510 + exclamation point argument triggers printing of \emph{witness}
3.511 + theorems justifying interpretations. These are normally omitted
3.512 + from the output.
3.513 +
3.514 + \end{descr}
3.515 +
3.516 + \begin{warn}
3.517 + Since attributes are applied to interpreted theorems,
3.518 + interpretation may modify the context of common proof tools, e.g.\
3.519 + the Simplifier or Classical Reasoner. Since the behavior of such
3.520 + automated reasoning tools is \emph{not} stable under
3.521 + interpretation morphisms, manual declarations might have to be
3.522 + issued.
3.523 + \end{warn}
3.524 +
3.525 + \begin{warn}
3.526 + An interpretation in a theory may subsume previous
3.527 + interpretations. This happens if the same specification fragment
3.528 + is interpreted twice and the instantiation of the second
3.529 + interpretation is more general than the interpretation of the
3.530 + first. A warning is issued, since it is likely that these could
3.531 + have been generalized in the first place. The locale package does
3.532 + not attempt to remove subsumed interpretations.
3.533 + \end{warn}
3.534 +*}
3.535 +
3.536 +
3.537 +subsection {* Classes \label{sec:class} *}
3.538 +
3.539 +text {*
3.540 + A class is a particular locale with \emph{exactly one} type variable
3.541 + @{text \<alpha>}. Beyond the underlying locale, a corresponding type class
3.542 + is established which is interpreted logically as axiomatic type
3.543 + class \cite{Wenzel:1997:TPHOL} whose logical content are the
3.544 + assumptions of the locale. Thus, classes provide the full
3.545 + generality of locales combined with the commodity of type classes
3.546 + (notably type-inference). See \cite{isabelle-classes} for a short
3.547 + tutorial.
3.548 +
3.549 + \begin{matharray}{rcl}
3.550 + @{command_def "class"} & : & \isartrans{theory}{local{\dsh}theory} \\
3.551 + @{command_def "instantiation"} & : & \isartrans{theory}{local{\dsh}theory} \\
3.552 + @{command_def "instance"} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
3.553 + @{command_def "subclass"} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
3.554 + @{command_def "print_classes"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.555 + @{method_def intro_classes} & : & \isarmeth \\
3.556 + \end{matharray}
3.557 +
3.558 + \begin{rail}
3.559 + 'class' name '=' ((superclassexpr '+' (contextelem+)) | superclassexpr | (contextelem+)) \\
3.560 + 'begin'?
3.561 + ;
3.562 + 'instantiation' (nameref + 'and') '::' arity 'begin'
3.563 + ;
3.564 + 'instance'
3.565 + ;
3.566 + 'subclass' target? nameref
3.567 + ;
3.568 + 'print\_classes'
3.569 + ;
3.570 +
3.571 + superclassexpr: nameref | (nameref '+' superclassexpr)
3.572 + ;
3.573 + \end{rail}
3.574 +
3.575 + \begin{descr}
3.576 +
3.577 + \item [@{command "class"}~@{text "c = superclasses + body"}] defines
3.578 + a new class @{text c}, inheriting from @{text superclasses}. This
3.579 + introduces a locale @{text c} with import of all locales @{text
3.580 + superclasses}.
3.581 +
3.582 + Any @{element "fixes"} in @{text body} are lifted to the global
3.583 + theory level (\emph{class operations} @{text "f\<^sub>1, \<dots>,
3.584 + f\<^sub>n"} of class @{text c}), mapping the local type parameter
3.585 + @{text \<alpha>} to a schematic type variable @{text "?\<alpha> :: c"}.
3.586 +
3.587 + Likewise, @{element "assumes"} in @{text body} are also lifted,
3.588 + mapping each local parameter @{text "f :: \<tau>[\<alpha>]"} to its
3.589 + corresponding global constant @{text "f :: \<tau>[?\<alpha> :: c]"}. The
3.590 + corresponding introduction rule is provided as @{text
3.591 + c_class_axioms.intro}. This rule should be rarely needed directly
3.592 + --- the @{method intro_classes} method takes care of the details of
3.593 + class membership proofs.
3.594 +
3.595 + \item [@{command "instantiation"}~@{text "t :: (s\<^sub>1, \<dots>,
3.596 + s\<^sub>n) s \<BEGIN>"}] opens a theory target (cf.\
3.597 + \secref{sec:target}) which allows to specify class operations @{text
3.598 + "f\<^sub>1, \<dots>, f\<^sub>n"} corresponding to sort @{text s} at the
3.599 + particular type instance @{text "(\<alpha>\<^sub>1 :: s\<^sub>1, \<dots>,
3.600 + \<alpha>\<^sub>n :: s\<^sub>n) t"}. An plain @{command "instance"} command
3.601 + in the target body poses a goal stating these type arities. The
3.602 + target is concluded by an @{command_ref "end"} command.
3.603 +
3.604 + Note that a list of simultaneous type constructors may be given;
3.605 + this corresponds nicely to mutual recursive type definitions, e.g.\
3.606 + in Isabelle/HOL.
3.607 +
3.608 + \item [@{command "instance"}] in an instantiation target body sets
3.609 + up a goal stating the type arities claimed at the opening @{command
3.610 + "instantiation"}. The proof would usually proceed by @{method
3.611 + intro_classes}, and then establish the characteristic theorems of
3.612 + the type classes involved. After finishing the proof, the
3.613 + background theory will be augmented by the proven type arities.
3.614 +
3.615 + \item [@{command "subclass"}~@{text c}] in a class context for class
3.616 + @{text d} sets up a goal stating that class @{text c} is logically
3.617 + contained in class @{text d}. After finishing the proof, class
3.618 + @{text d} is proven to be subclass @{text c} and the locale @{text
3.619 + c} is interpreted into @{text d} simultaneously.
3.620 +
3.621 + \item [@{command "print_classes"}] prints all classes in the current
3.622 + theory.
3.623 +
3.624 + \item [@{method intro_classes}] repeatedly expands all class
3.625 + introduction rules of this theory. Note that this method usually
3.626 + needs not be named explicitly, as it is already included in the
3.627 + default proof step (e.g.\ of @{command "proof"}). In particular,
3.628 + instantiation of trivial (syntactic) classes may be performed by a
3.629 + single ``@{command ".."}'' proof step.
3.630 +
3.631 + \end{descr}
3.632 +*}
3.633 +
3.634 +
3.635 +subsubsection {* The class target *}
3.636 +
3.637 +text {*
3.638 + %FIXME check
3.639 +
3.640 + A named context may refer to a locale (cf.\ \secref{sec:target}).
3.641 + If this locale is also a class @{text c}, apart from the common
3.642 + locale target behaviour the following happens.
3.643 +
3.644 + \begin{itemize}
3.645 +
3.646 + \item Local constant declarations @{text "g[\<alpha>]"} referring to the
3.647 + local type parameter @{text \<alpha>} and local parameters @{text "f[\<alpha>]"}
3.648 + are accompanied by theory-level constants @{text "g[?\<alpha> :: c]"}
3.649 + referring to theory-level class operations @{text "f[?\<alpha> :: c]"}.
3.650 +
3.651 + \item Local theorem bindings are lifted as are assumptions.
3.652 +
3.653 + \item Local syntax refers to local operations @{text "g[\<alpha>]"} and
3.654 + global operations @{text "g[?\<alpha> :: c]"} uniformly. Type inference
3.655 + resolves ambiguities. In rare cases, manual type annotations are
3.656 + needed.
3.657 +
3.658 + \end{itemize}
3.659 +*}
3.660 +
3.661 +
3.662 +subsection {* Axiomatic type classes \label{sec:axclass} *}
3.663 +
3.664 +text {*
3.665 + \begin{matharray}{rcl}
3.666 + @{command_def "axclass"} & : & \isartrans{theory}{theory} \\
3.667 + @{command_def "instance"} & : & \isartrans{theory}{proof(prove)} \\
3.668 + \end{matharray}
3.669 +
3.670 + Axiomatic type classes are Isabelle/Pure's primitive
3.671 + \emph{definitional} interface to type classes. For practical
3.672 + applications, you should consider using classes
3.673 + (cf.~\secref{sec:classes}) which provide high level interface.
3.674 +
3.675 + \begin{rail}
3.676 + 'axclass' classdecl (axmdecl prop +)
3.677 + ;
3.678 + 'instance' (nameref ('<' | subseteq) nameref | nameref '::' arity)
3.679 + ;
3.680 + \end{rail}
3.681 +
3.682 + \begin{descr}
3.683 +
3.684 + \item [@{command "axclass"}~@{text "c \<subseteq> c\<^sub>1, \<dots>, c\<^sub>n
3.685 + axms"}] defines an axiomatic type class as the intersection of
3.686 + existing classes, with additional axioms holding. Class axioms may
3.687 + not contain more than one type variable. The class axioms (with
3.688 + implicit sort constraints added) are bound to the given names.
3.689 + Furthermore a class introduction rule is generated (being bound as
3.690 + @{text c_class.intro}); this rule is employed by method @{method
3.691 + intro_classes} to support instantiation proofs of this class.
3.692 +
3.693 + The ``class axioms'' are stored as theorems according to the given
3.694 + name specifications, adding @{text "c_class"} as name space prefix;
3.695 + the same facts are also stored collectively as @{text
3.696 + c_class.axioms}.
3.697 +
3.698 + \item [@{command "instance"}~@{text "c\<^sub>1 \<subseteq> c\<^sub>2"} and
3.699 + @{command "instance"}~@{text "t :: (s\<^sub>1, \<dots>, s\<^sub>n) s"}]
3.700 + setup a goal stating a class relation or type arity. The proof
3.701 + would usually proceed by @{method intro_classes}, and then establish
3.702 + the characteristic theorems of the type classes involved. After
3.703 + finishing the proof, the theory will be augmented by a type
3.704 + signature declaration corresponding to the resulting theorem.
3.705 +
3.706 + \end{descr}
3.707 +*}
3.708 +
3.709 +
3.710 +subsection {* Arbitrary overloading *}
3.711 +
3.712 +text {*
3.713 + Isabelle/Pure's definitional schemes support certain forms of
3.714 + overloading (see \secref{sec:consts}). At most occassions
3.715 + overloading will be used in a Haskell-like fashion together with
3.716 + type classes by means of @{command "instantiation"} (see
3.717 + \secref{sec:class}). Sometimes low-level overloading is desirable.
3.718 + The @{command "overloading"} target provides a convenient view for
3.719 + end-users.
3.720 +
3.721 + \begin{matharray}{rcl}
3.722 + @{command_def "overloading"} & : & \isartrans{theory}{local{\dsh}theory} \\
3.723 + \end{matharray}
3.724 +
3.725 + \begin{rail}
3.726 + 'overloading' \\
3.727 + ( string ( '==' | equiv ) term ( '(' 'unchecked' ')' )? + ) 'begin'
3.728 + \end{rail}
3.729 +
3.730 + \begin{descr}
3.731 +
3.732 + \item [@{command "overloading"}~@{text "x\<^sub>1 \<equiv> c\<^sub>1 ::
3.733 + \<tau>\<^sub>1 \<AND> \<dots> x\<^sub>n \<equiv> c\<^sub>n :: \<tau>\<^sub>n} \<BEGIN>"}]
3.734 + opens a theory target (cf.\ \secref{sec:target}) which allows to
3.735 + specify constants with overloaded definitions. These are identified
3.736 + by an explicitly given mapping from variable names @{text
3.737 + "x\<^sub>i"} to constants @{text "c\<^sub>i"} at particular type
3.738 + instances. The definitions themselves are established using common
3.739 + specification tools, using the names @{text "x\<^sub>i"} as
3.740 + reference to the corresponding constants. The target is concluded
3.741 + by @{command "end"}.
3.742 +
3.743 + A @{text "(unchecked)"} option disables global dependency checks for
3.744 + the corresponding definition, which is occasionally useful for
3.745 + exotic overloading. It is at the discretion of the user to avoid
3.746 + malformed theory specifications!
3.747 +
3.748 + \end{descr}
3.749 +*}
3.750 +
3.751 +
3.752 +subsection {* Configuration options *}
3.753 +
3.754 +text {*
3.755 + Isabelle/Pure maintains a record of named configuration options
3.756 + within the theory or proof context, with values of type @{ML_type
3.757 + bool}, @{ML_type int}, or @{ML_type string}. Tools may declare
3.758 + options in ML, and then refer to these values (relative to the
3.759 + context). Thus global reference variables are easily avoided. The
3.760 + user may change the value of a configuration option by means of an
3.761 + associated attribute of the same name. This form of context
3.762 + declaration works particularly well with commands such as @{command
3.763 + "declare"} or @{command "using"}.
3.764 +
3.765 + For historical reasons, some tools cannot take the full proof
3.766 + context into account and merely refer to the background theory.
3.767 + This is accommodated by configuration options being declared as
3.768 + ``global'', which may not be changed within a local context.
3.769 +
3.770 + \begin{matharray}{rcll}
3.771 + @{command_def "print_configs"} & : & \isarkeep{theory~|~proof} \\
3.772 + \end{matharray}
3.773 +
3.774 + \begin{rail}
3.775 + name ('=' ('true' | 'false' | int | name))?
3.776 + \end{rail}
3.777 +
3.778 + \begin{descr}
3.779 +
3.780 + \item [@{command "print_configs"}] prints the available
3.781 + configuration options, with names, types, and current values.
3.782 +
3.783 + \item [@{text "name = value"}] as an attribute expression modifies
3.784 + the named option, with the syntax of the value depending on the
3.785 + option's type. For @{ML_type bool} the default value is @{text
3.786 + true}. Any attempt to change a global option in a local context is
3.787 + ignored.
3.788 +
3.789 + \end{descr}
3.790 +*}
3.791 +
3.792 +
3.793 +section {* Derived proof schemes *}
3.794 +
3.795 +subsection {* Generalized elimination \label{sec:obtain} *}
3.796 +
3.797 +text {*
3.798 + \begin{matharray}{rcl}
3.799 + @{command_def "obtain"} & : & \isartrans{proof(state)}{proof(prove)} \\
3.800 + @{command_def "guess"}@{text "\<^sup>*"} & : & \isartrans{proof(state)}{proof(prove)} \\
3.801 + \end{matharray}
3.802 +
3.803 + Generalized elimination means that additional elements with certain
3.804 + properties may be introduced in the current context, by virtue of a
3.805 + locally proven ``soundness statement''. Technically speaking, the
3.806 + @{command "obtain"} language element is like a declaration of
3.807 + @{command "fix"} and @{command "assume"} (see also see
3.808 + \secref{sec:proof-context}), together with a soundness proof of its
3.809 + additional claim. According to the nature of existential reasoning,
3.810 + assumptions get eliminated from any result exported from the context
3.811 + later, provided that the corresponding parameters do \emph{not}
3.812 + occur in the conclusion.
3.813 +
3.814 + \begin{rail}
3.815 + 'obtain' parname? (vars + 'and') 'where' (props + 'and')
3.816 + ;
3.817 + 'guess' (vars + 'and')
3.818 + ;
3.819 + \end{rail}
3.820 +
3.821 + The derived Isar command @{command "obtain"} is defined as follows
3.822 + (where @{text "b\<^sub>1, \<dots>, b\<^sub>k"} shall refer to (optional)
3.823 + facts indicated for forward chaining).
3.824 + \begin{matharray}{l}
3.825 + @{text "\<langle>facts b\<^sub>1 \<dots> b\<^sub>k\<rangle>"} \\
3.826 + @{command "obtain"}~@{text "x\<^sub>1 \<dots> x\<^sub>m \<WHERE> a: \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n \<langle>proof\<rangle> \<equiv>"} \\[1ex]
3.827 + \quad @{command "have"}~@{text "\<And>thesis. (\<And>x\<^sub>1 \<dots> x\<^sub>m. \<phi>\<^sub>1 \<Longrightarrow> \<dots> \<phi>\<^sub>n \<Longrightarrow> thesis) \<Longrightarrow> thesis"} \\
3.828 + \quad @{command "proof"}~@{text succeed} \\
3.829 + \qquad @{command "fix"}~@{text thesis} \\
3.830 + \qquad @{command "assume"}~@{text "that [Pure.intro?]: \<And>x\<^sub>1 \<dots> x\<^sub>m. \<phi>\<^sub>1 \<Longrightarrow> \<dots> \<phi>\<^sub>n \<Longrightarrow> thesis"} \\
3.831 + \qquad @{command "then"}~@{command "show"}~@{text thesis} \\
3.832 + \quad\qquad @{command "apply"}~@{text -} \\
3.833 + \quad\qquad @{command "using"}~@{text "b\<^sub>1 \<dots> b\<^sub>k \<langle>proof\<rangle>"} \\
3.834 + \quad @{command "qed"} \\
3.835 + \quad @{command "fix"}~@{text "x\<^sub>1 \<dots> x\<^sub>m"}~@{command "assume"}@{text "\<^sup>* a: \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"} \\
3.836 + \end{matharray}
3.837 +
3.838 + Typically, the soundness proof is relatively straight-forward, often
3.839 + just by canonical automated tools such as ``@{command "by"}~@{text
3.840 + simp}'' or ``@{command "by"}~@{text blast}''. Accordingly, the
3.841 + ``@{text that}'' reduction above is declared as simplification and
3.842 + introduction rule.
3.843 +
3.844 + In a sense, @{command "obtain"} represents at the level of Isar
3.845 + proofs what would be meta-logical existential quantifiers and
3.846 + conjunctions. This concept has a broad range of useful
3.847 + applications, ranging from plain elimination (or introduction) of
3.848 + object-level existential and conjunctions, to elimination over
3.849 + results of symbolic evaluation of recursive definitions, for
3.850 + example. Also note that @{command "obtain"} without parameters acts
3.851 + much like @{command "have"}, where the result is treated as a
3.852 + genuine assumption.
3.853 +
3.854 + An alternative name to be used instead of ``@{text that}'' above may
3.855 + be given in parentheses.
3.856 +
3.857 + \medskip The improper variant @{command "guess"} is similar to
3.858 + @{command "obtain"}, but derives the obtained statement from the
3.859 + course of reasoning! The proof starts with a fixed goal @{text
3.860 + thesis}. The subsequent proof may refine this to anything of the
3.861 + form like @{text "\<And>x\<^sub>1 \<dots> x\<^sub>m. \<phi>\<^sub>1 \<Longrightarrow> \<dots>
3.862 + \<phi>\<^sub>n \<Longrightarrow> thesis"}, but must not introduce new subgoals. The
3.863 + final goal state is then used as reduction rule for the obtain
3.864 + scheme described above. Obtained parameters @{text "x\<^sub>1, \<dots>,
3.865 + x\<^sub>m"} are marked as internal by default, which prevents the
3.866 + proof context from being polluted by ad-hoc variables. The variable
3.867 + names and type constraints given as arguments for @{command "guess"}
3.868 + specify a prefix of obtained parameters explicitly in the text.
3.869 +
3.870 + It is important to note that the facts introduced by @{command
3.871 + "obtain"} and @{command "guess"} may not be polymorphic: any
3.872 + type-variables occurring here are fixed in the present context!
3.873 +*}
3.874 +
3.875 +
3.876 +subsection {* Calculational reasoning \label{sec:calculation} *}
3.877 +
3.878 +text {*
3.879 + \begin{matharray}{rcl}
3.880 + @{command_def "also"} & : & \isartrans{proof(state)}{proof(state)} \\
3.881 + @{command_def "finally"} & : & \isartrans{proof(state)}{proof(chain)} \\
3.882 + @{command_def "moreover"} & : & \isartrans{proof(state)}{proof(state)} \\
3.883 + @{command_def "ultimately"} & : & \isartrans{proof(state)}{proof(chain)} \\
3.884 + @{command_def "print_trans_rules"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.885 + @{attribute trans} & : & \isaratt \\
3.886 + @{attribute sym} & : & \isaratt \\
3.887 + @{attribute symmetric} & : & \isaratt \\
3.888 + \end{matharray}
3.889 +
3.890 + Calculational proof is forward reasoning with implicit application
3.891 + of transitivity rules (such those of @{text "="}, @{text "\<le>"},
3.892 + @{text "<"}). Isabelle/Isar maintains an auxiliary fact register
3.893 + @{fact_ref calculation} for accumulating results obtained by
3.894 + transitivity composed with the current result. Command @{command
3.895 + "also"} updates @{fact calculation} involving @{fact this}, while
3.896 + @{command "finally"} exhibits the final @{fact calculation} by
3.897 + forward chaining towards the next goal statement. Both commands
3.898 + require valid current facts, i.e.\ may occur only after commands
3.899 + that produce theorems such as @{command "assume"}, @{command
3.900 + "note"}, or some finished proof of @{command "have"}, @{command
3.901 + "show"} etc. The @{command "moreover"} and @{command "ultimately"}
3.902 + commands are similar to @{command "also"} and @{command "finally"},
3.903 + but only collect further results in @{fact calculation} without
3.904 + applying any rules yet.
3.905 +
3.906 + Also note that the implicit term abbreviation ``@{text "\<dots>"}'' has
3.907 + its canonical application with calculational proofs. It refers to
3.908 + the argument of the preceding statement. (The argument of a curried
3.909 + infix expression happens to be its right-hand side.)
3.910 +
3.911 + Isabelle/Isar calculations are implicitly subject to block structure
3.912 + in the sense that new threads of calculational reasoning are
3.913 + commenced for any new block (as opened by a local goal, for
3.914 + example). This means that, apart from being able to nest
3.915 + calculations, there is no separate \emph{begin-calculation} command
3.916 + required.
3.917 +
3.918 + \medskip The Isar calculation proof commands may be defined as
3.919 + follows:\footnote{We suppress internal bookkeeping such as proper
3.920 + handling of block-structure.}
3.921 +
3.922 + \begin{matharray}{rcl}
3.923 + @{command "also"}@{text "\<^sub>0"} & \equiv & @{command "note"}~@{text "calculation = this"} \\
3.924 + @{command "also"}@{text "\<^sub>n\<^sub>+\<^sub>1"} & \equiv & @{command "note"}~@{text "calculation = trans [OF calculation this]"} \\[0.5ex]
3.925 + @{command "finally"} & \equiv & @{command "also"}~@{command "from"}~@{text calculation} \\[0.5ex]
3.926 + @{command "moreover"} & \equiv & @{command "note"}~@{text "calculation = calculation this"} \\
3.927 + @{command "ultimately"} & \equiv & @{command "moreover"}~@{command "from"}~@{text calculation} \\
3.928 + \end{matharray}
3.929 +
3.930 + \begin{rail}
3.931 + ('also' | 'finally') ('(' thmrefs ')')?
3.932 + ;
3.933 + 'trans' (() | 'add' | 'del')
3.934 + ;
3.935 + \end{rail}
3.936 +
3.937 + \begin{descr}
3.938 +
3.939 + \item [@{command "also"}~@{text "(a\<^sub>1 \<dots> a\<^sub>n)"}]
3.940 + maintains the auxiliary @{fact calculation} register as follows.
3.941 + The first occurrence of @{command "also"} in some calculational
3.942 + thread initializes @{fact calculation} by @{fact this}. Any
3.943 + subsequent @{command "also"} on the same level of block-structure
3.944 + updates @{fact calculation} by some transitivity rule applied to
3.945 + @{fact calculation} and @{fact this} (in that order). Transitivity
3.946 + rules are picked from the current context, unless alternative rules
3.947 + are given as explicit arguments.
3.948 +
3.949 + \item [@{command "finally"}~@{text "(a\<^sub>1 \<dots> a\<^sub>n)"}]
3.950 + maintaining @{fact calculation} in the same way as @{command
3.951 + "also"}, and concludes the current calculational thread. The final
3.952 + result is exhibited as fact for forward chaining towards the next
3.953 + goal. Basically, @{command "finally"} just abbreviates @{command
3.954 + "also"}~@{command "from"}~@{fact calculation}. Typical idioms for
3.955 + concluding calculational proofs are ``@{command "finally"}~@{command
3.956 + "show"}~@{text ?thesis}~@{command "."}'' and ``@{command
3.957 + "finally"}~@{command "have"}~@{text \<phi>}~@{command "."}''.
3.958 +
3.959 + \item [@{command "moreover"} and @{command "ultimately"}] are
3.960 + analogous to @{command "also"} and @{command "finally"}, but collect
3.961 + results only, without applying rules.
3.962 +
3.963 + \item [@{command "print_trans_rules"}] prints the list of
3.964 + transitivity rules (for calculational commands @{command "also"} and
3.965 + @{command "finally"}) and symmetry rules (for the @{attribute
3.966 + symmetric} operation and single step elimination patters) of the
3.967 + current context.
3.968 +
3.969 + \item [@{attribute trans}] declares theorems as transitivity rules.
3.970 +
3.971 + \item [@{attribute sym}] declares symmetry rules, as well as
3.972 + @{attribute "Pure.elim?"} rules.
3.973 +
3.974 + \item [@{attribute symmetric}] resolves a theorem with some rule
3.975 + declared as @{attribute sym} in the current context. For example,
3.976 + ``@{command "assume"}~@{text "[symmetric]: x = y"}'' produces a
3.977 + swapped fact derived from that assumption.
3.978 +
3.979 + In structured proof texts it is often more appropriate to use an
3.980 + explicit single-step elimination proof, such as ``@{command
3.981 + "assume"}~@{text "x = y"}~@{command "then"}~@{command "have"}~@{text
3.982 + "y = x"}~@{command ".."}''.
3.983 +
3.984 + \end{descr}
3.985 +*}
3.986 +
3.987 +
3.988 +section {* Proof tools *}
3.989 +
3.990 +subsection {* Miscellaneous methods and attributes \label{sec:misc-meth-att} *}
3.991 +
3.992 +text {*
3.993 + \begin{matharray}{rcl}
3.994 + @{method_def unfold} & : & \isarmeth \\
3.995 + @{method_def fold} & : & \isarmeth \\
3.996 + @{method_def insert} & : & \isarmeth \\[0.5ex]
3.997 + @{method_def erule}@{text "\<^sup>*"} & : & \isarmeth \\
3.998 + @{method_def drule}@{text "\<^sup>*"} & : & \isarmeth \\
3.999 + @{method_def frule}@{text "\<^sup>*"} & : & \isarmeth \\
3.1000 + @{method_def succeed} & : & \isarmeth \\
3.1001 + @{method_def fail} & : & \isarmeth \\
3.1002 + \end{matharray}
3.1003 +
3.1004 + \begin{rail}
3.1005 + ('fold' | 'unfold' | 'insert') thmrefs
3.1006 + ;
3.1007 + ('erule' | 'drule' | 'frule') ('('nat')')? thmrefs
3.1008 + ;
3.1009 + \end{rail}
3.1010 +
3.1011 + \begin{descr}
3.1012 +
3.1013 + \item [@{method unfold}~@{text "a\<^sub>1 \<dots> a\<^sub>n"} and @{method
3.1014 + fold}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] expand (or fold back) the
3.1015 + given definitions throughout all goals; any chained facts provided
3.1016 + are inserted into the goal and subject to rewriting as well.
3.1017 +
3.1018 + \item [@{method insert}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] inserts
3.1019 + theorems as facts into all goals of the proof state. Note that
3.1020 + current facts indicated for forward chaining are ignored.
3.1021 +
3.1022 + \item [@{method erule}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}, @{method
3.1023 + drule}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}, and @{method frule}~@{text
3.1024 + "a\<^sub>1 \<dots> a\<^sub>n"}] are similar to the basic @{method rule}
3.1025 + method (see \secref{sec:pure-meth-att}), but apply rules by
3.1026 + elim-resolution, destruct-resolution, and forward-resolution,
3.1027 + respectively \cite{isabelle-ref}. The optional natural number
3.1028 + argument (default 0) specifies additional assumption steps to be
3.1029 + performed here.
3.1030 +
3.1031 + Note that these methods are improper ones, mainly serving for
3.1032 + experimentation and tactic script emulation. Different modes of
3.1033 + basic rule application are usually expressed in Isar at the proof
3.1034 + language level, rather than via implicit proof state manipulations.
3.1035 + For example, a proper single-step elimination would be done using
3.1036 + the plain @{method rule} method, with forward chaining of current
3.1037 + facts.
3.1038 +
3.1039 + \item [@{method succeed}] yields a single (unchanged) result; it is
3.1040 + the identity of the ``@{text ","}'' method combinator (cf.\
3.1041 + \secref{sec:syn-meth}).
3.1042 +
3.1043 + \item [@{method fail}] yields an empty result sequence; it is the
3.1044 + identity of the ``@{text "|"}'' method combinator (cf.\
3.1045 + \secref{sec:syn-meth}).
3.1046 +
3.1047 + \end{descr}
3.1048 +
3.1049 + \begin{matharray}{rcl}
3.1050 + @{attribute_def tagged} & : & \isaratt \\
3.1051 + @{attribute_def untagged} & : & \isaratt \\[0.5ex]
3.1052 + @{attribute_def THEN} & : & \isaratt \\
3.1053 + @{attribute_def COMP} & : & \isaratt \\[0.5ex]
3.1054 + @{attribute_def unfolded} & : & \isaratt \\
3.1055 + @{attribute_def folded} & : & \isaratt \\[0.5ex]
3.1056 + @{attribute_def rotated} & : & \isaratt \\
3.1057 + @{attribute_def (Pure) elim_format} & : & \isaratt \\
3.1058 + @{attribute_def standard}@{text "\<^sup>*"} & : & \isaratt \\
3.1059 + @{attribute_def no_vars}@{text "\<^sup>*"} & : & \isaratt \\
3.1060 + \end{matharray}
3.1061 +
3.1062 + \begin{rail}
3.1063 + 'tagged' nameref
3.1064 + ;
3.1065 + 'untagged' name
3.1066 + ;
3.1067 + ('THEN' | 'COMP') ('[' nat ']')? thmref
3.1068 + ;
3.1069 + ('unfolded' | 'folded') thmrefs
3.1070 + ;
3.1071 + 'rotated' ( int )?
3.1072 + \end{rail}
3.1073 +
3.1074 + \begin{descr}
3.1075 +
3.1076 + \item [@{attribute tagged}~@{text "name arg"} and @{attribute
3.1077 + untagged}~@{text name}] add and remove \emph{tags} of some theorem.
3.1078 + Tags may be any list of string pairs that serve as formal comment.
3.1079 + The first string is considered the tag name, the second its
3.1080 + argument. Note that @{attribute untagged} removes any tags of the
3.1081 + same name.
3.1082 +
3.1083 + \item [@{attribute THEN}~@{text a} and @{attribute COMP}~@{text a}]
3.1084 + compose rules by resolution. @{attribute THEN} resolves with the
3.1085 + first premise of @{text a} (an alternative position may be also
3.1086 + specified); the @{attribute COMP} version skips the automatic
3.1087 + lifting process that is normally intended (cf.\ @{ML "op RS"} and
3.1088 + @{ML "op COMP"} in \cite[\S5]{isabelle-ref}).
3.1089 +
3.1090 + \item [@{attribute unfolded}~@{text "a\<^sub>1 \<dots> a\<^sub>n"} and
3.1091 + @{attribute folded}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] expand and fold
3.1092 + back again the given definitions throughout a rule.
3.1093 +
3.1094 + \item [@{attribute rotated}~@{text n}] rotate the premises of a
3.1095 + theorem by @{text n} (default 1).
3.1096 +
3.1097 + \item [@{attribute Pure.elim_format}] turns a destruction rule into
3.1098 + elimination rule format, by resolving with the rule @{prop [source]
3.1099 + "PROP A \<Longrightarrow> (PROP A \<Longrightarrow> PROP B) \<Longrightarrow> PROP B"}.
3.1100 +
3.1101 + Note that the Classical Reasoner (\secref{sec:classical}) provides
3.1102 + its own version of this operation.
3.1103 +
3.1104 + \item [@{attribute standard}] puts a theorem into the standard form
3.1105 + of object-rules at the outermost theory level. Note that this
3.1106 + operation violates the local proof context (including active
3.1107 + locales).
3.1108 +
3.1109 + \item [@{attribute no_vars}] replaces schematic variables by free
3.1110 + ones; this is mainly for tuning output of pretty printed theorems.
3.1111 +
3.1112 + \end{descr}
3.1113 +*}
3.1114 +
3.1115 +
3.1116 +subsection {* Further tactic emulations \label{sec:tactics} *}
3.1117 +
3.1118 +text {*
3.1119 + The following improper proof methods emulate traditional tactics.
3.1120 + These admit direct access to the goal state, which is normally
3.1121 + considered harmful! In particular, this may involve both numbered
3.1122 + goal addressing (default 1), and dynamic instantiation within the
3.1123 + scope of some subgoal.
3.1124 +
3.1125 + \begin{warn}
3.1126 + Dynamic instantiations refer to universally quantified parameters
3.1127 + of a subgoal (the dynamic context) rather than fixed variables and
3.1128 + term abbreviations of a (static) Isar context.
3.1129 + \end{warn}
3.1130 +
3.1131 + Tactic emulation methods, unlike their ML counterparts, admit
3.1132 + simultaneous instantiation from both dynamic and static contexts.
3.1133 + If names occur in both contexts goal parameters hide locally fixed
3.1134 + variables. Likewise, schematic variables refer to term
3.1135 + abbreviations, if present in the static context. Otherwise the
3.1136 + schematic variable is interpreted as a schematic variable and left
3.1137 + to be solved by unification with certain parts of the subgoal.
3.1138 +
3.1139 + Note that the tactic emulation proof methods in Isabelle/Isar are
3.1140 + consistently named @{text foo_tac}. Note also that variable names
3.1141 + occurring on left hand sides of instantiations must be preceded by a
3.1142 + question mark if they coincide with a keyword or contain dots. This
3.1143 + is consistent with the attribute @{attribute "where"} (see
3.1144 + \secref{sec:pure-meth-att}).
3.1145 +
3.1146 + \begin{matharray}{rcl}
3.1147 + @{method_def rule_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1148 + @{method_def erule_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1149 + @{method_def drule_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1150 + @{method_def frule_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1151 + @{method_def cut_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1152 + @{method_def thin_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1153 + @{method_def subgoal_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1154 + @{method_def rename_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1155 + @{method_def rotate_tac}@{text "\<^sup>*"} & : & \isarmeth \\
3.1156 + @{method_def tactic}@{text "\<^sup>*"} & : & \isarmeth \\
3.1157 + \end{matharray}
3.1158 +
3.1159 + \begin{rail}
3.1160 + ( 'rule\_tac' | 'erule\_tac' | 'drule\_tac' | 'frule\_tac' | 'cut\_tac' | 'thin\_tac' ) goalspec?
3.1161 + ( insts thmref | thmrefs )
3.1162 + ;
3.1163 + 'subgoal\_tac' goalspec? (prop +)
3.1164 + ;
3.1165 + 'rename\_tac' goalspec? (name +)
3.1166 + ;
3.1167 + 'rotate\_tac' goalspec? int?
3.1168 + ;
3.1169 + 'tactic' text
3.1170 + ;
3.1171 +
3.1172 + insts: ((name '=' term) + 'and') 'in'
3.1173 + ;
3.1174 + \end{rail}
3.1175 +
3.1176 +\begin{descr}
3.1177 +
3.1178 + \item [@{method rule_tac} etc.] do resolution of rules with explicit
3.1179 + instantiation. This works the same way as the ML tactics @{ML
3.1180 + res_inst_tac} etc. (see \cite[\S3]{isabelle-ref}).
3.1181 +
3.1182 + Multiple rules may be only given if there is no instantiation; then
3.1183 + @{method rule_tac} is the same as @{ML resolve_tac} in ML (see
3.1184 + \cite[\S3]{isabelle-ref}).
3.1185 +
3.1186 + \item [@{method cut_tac}] inserts facts into the proof state as
3.1187 + assumption of a subgoal, see also @{ML cut_facts_tac} in
3.1188 + \cite[\S3]{isabelle-ref}. Note that the scope of schematic
3.1189 + variables is spread over the main goal statement. Instantiations
3.1190 + may be given as well, see also ML tactic @{ML cut_inst_tac} in
3.1191 + \cite[\S3]{isabelle-ref}.
3.1192 +
3.1193 + \item [@{method thin_tac}~@{text \<phi>}] deletes the specified
3.1194 + assumption from a subgoal; note that @{text \<phi>} may contain schematic
3.1195 + variables. See also @{ML thin_tac} in \cite[\S3]{isabelle-ref}.
3.1196 +
3.1197 + \item [@{method subgoal_tac}~@{text \<phi>}] adds @{text \<phi>} as an
3.1198 + assumption to a subgoal. See also @{ML subgoal_tac} and @{ML
3.1199 + subgoals_tac} in \cite[\S3]{isabelle-ref}.
3.1200 +
3.1201 + \item [@{method rename_tac}~@{text "x\<^sub>1 \<dots> x\<^sub>n"}] renames
3.1202 + parameters of a goal according to the list @{text "x\<^sub>1, \<dots>,
3.1203 + x\<^sub>n"}, which refers to the \emph{suffix} of variables.
3.1204 +
3.1205 + \item [@{method rotate_tac}~@{text n}] rotates the assumptions of a
3.1206 + goal by @{text n} positions: from right to left if @{text n} is
3.1207 + positive, and from left to right if @{text n} is negative; the
3.1208 + default value is 1. See also @{ML rotate_tac} in
3.1209 + \cite[\S3]{isabelle-ref}.
3.1210 +
3.1211 + \item [@{method tactic}~@{text "text"}] produces a proof method from
3.1212 + any ML text of type @{ML_type tactic}. Apart from the usual ML
3.1213 + environment and the current implicit theory context, the ML code may
3.1214 + refer to the following locally bound values:
3.1215 +
3.1216 +%FIXME check
3.1217 +{\footnotesize\begin{verbatim}
3.1218 +val ctxt : Proof.context
3.1219 +val facts : thm list
3.1220 +val thm : string -> thm
3.1221 +val thms : string -> thm list
3.1222 +\end{verbatim}}
3.1223 +
3.1224 + Here @{ML_text ctxt} refers to the current proof context, @{ML_text
3.1225 + facts} indicates any current facts for forward-chaining, and @{ML
3.1226 + thm}~/~@{ML thms} retrieve named facts (including global theorems)
3.1227 + from the context.
3.1228 +
3.1229 + \end{descr}
3.1230 +*}
3.1231 +
3.1232 +
3.1233 +subsection {* The Simplifier \label{sec:simplifier} *}
3.1234 +
3.1235 +subsubsection {* Simplification methods *}
3.1236 +
3.1237 +text {*
3.1238 + \begin{matharray}{rcl}
3.1239 + @{method_def simp} & : & \isarmeth \\
3.1240 + @{method_def simp_all} & : & \isarmeth \\
3.1241 + \end{matharray}
3.1242 +
3.1243 + \indexouternonterm{simpmod}
3.1244 + \begin{rail}
3.1245 + ('simp' | 'simp\_all') ('!' ?) opt? (simpmod *)
3.1246 + ;
3.1247 +
3.1248 + opt: '(' ('no\_asm' | 'no\_asm\_simp' | 'no\_asm\_use' | 'asm\_lr' | 'depth\_limit' ':' nat) ')'
3.1249 + ;
3.1250 + simpmod: ('add' | 'del' | 'only' | 'cong' (() | 'add' | 'del') |
3.1251 + 'split' (() | 'add' | 'del')) ':' thmrefs
3.1252 + ;
3.1253 + \end{rail}
3.1254 +
3.1255 + \begin{descr}
3.1256 +
3.1257 + \item [@{method simp}] invokes the Simplifier, after declaring
3.1258 + additional rules according to the arguments given. Note that the
3.1259 + \railtterm{only} modifier first removes all other rewrite rules,
3.1260 + congruences, and looper tactics (including splits), and then behaves
3.1261 + like \railtterm{add}.
3.1262 +
3.1263 + \medskip The \railtterm{cong} modifiers add or delete Simplifier
3.1264 + congruence rules (see also \cite{isabelle-ref}), the default is to
3.1265 + add.
3.1266 +
3.1267 + \medskip The \railtterm{split} modifiers add or delete rules for the
3.1268 + Splitter (see also \cite{isabelle-ref}), the default is to add.
3.1269 + This works only if the Simplifier method has been properly setup to
3.1270 + include the Splitter (all major object logics such HOL, HOLCF, FOL,
3.1271 + ZF do this already).
3.1272 +
3.1273 + \item [@{method simp_all}] is similar to @{method simp}, but acts on
3.1274 + all goals (backwards from the last to the first one).
3.1275 +
3.1276 + \end{descr}
3.1277 +
3.1278 + By default the Simplifier methods take local assumptions fully into
3.1279 + account, using equational assumptions in the subsequent
3.1280 + normalization process, or simplifying assumptions themselves (cf.\
3.1281 + @{ML asm_full_simp_tac} in \cite[\S10]{isabelle-ref}). In
3.1282 + structured proofs this is usually quite well behaved in practice:
3.1283 + just the local premises of the actual goal are involved, additional
3.1284 + facts may be inserted via explicit forward-chaining (via @{command
3.1285 + "then"}, @{command "from"}, @{command "using"} etc.). The full
3.1286 + context of premises is only included if the ``@{text "!"}'' (bang)
3.1287 + argument is given, which should be used with some care, though.
3.1288 +
3.1289 + Additional Simplifier options may be specified to tune the behavior
3.1290 + further (mostly for unstructured scripts with many accidental local
3.1291 + facts): ``@{text "(no_asm)"}'' means assumptions are ignored
3.1292 + completely (cf.\ @{ML simp_tac}), ``@{text "(no_asm_simp)"}'' means
3.1293 + assumptions are used in the simplification of the conclusion but are
3.1294 + not themselves simplified (cf.\ @{ML asm_simp_tac}), and ``@{text
3.1295 + "(no_asm_use)"}'' means assumptions are simplified but are not used
3.1296 + in the simplification of each other or the conclusion (cf.\ @{ML
3.1297 + full_simp_tac}). For compatibility reasons, there is also an option
3.1298 + ``@{text "(asm_lr)"}'', which means that an assumption is only used
3.1299 + for simplifying assumptions which are to the right of it (cf.\ @{ML
3.1300 + asm_lr_simp_tac}).
3.1301 +
3.1302 + Giving an option ``@{text "(depth_limit: n)"}'' limits the number of
3.1303 + recursive invocations of the simplifier during conditional
3.1304 + rewriting.
3.1305 +
3.1306 + \medskip The Splitter package is usually configured to work as part
3.1307 + of the Simplifier. The effect of repeatedly applying @{ML
3.1308 + split_tac} can be simulated by ``@{text "(simp only: split:
3.1309 + a\<^sub>1 \<dots> a\<^sub>n)"}''. There is also a separate @{text split}
3.1310 + method available for single-step case splitting.
3.1311 +*}
3.1312 +
3.1313 +
3.1314 +subsubsection {* Declaring rules *}
3.1315 +
3.1316 +text {*
3.1317 + \begin{matharray}{rcl}
3.1318 + @{command_def "print_simpset"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.1319 + @{attribute_def simp} & : & \isaratt \\
3.1320 + @{attribute_def cong} & : & \isaratt \\
3.1321 + @{attribute_def split} & : & \isaratt \\
3.1322 + \end{matharray}
3.1323 +
3.1324 + \begin{rail}
3.1325 + ('simp' | 'cong' | 'split') (() | 'add' | 'del')
3.1326 + ;
3.1327 + \end{rail}
3.1328 +
3.1329 + \begin{descr}
3.1330 +
3.1331 + \item [@{command "print_simpset"}] prints the collection of rules
3.1332 + declared to the Simplifier, which is also known as ``simpset''
3.1333 + internally \cite{isabelle-ref}.
3.1334 +
3.1335 + \item [@{attribute simp}] declares simplification rules.
3.1336 +
3.1337 + \item [@{attribute cong}] declares congruence rules.
3.1338 +
3.1339 + \item [@{attribute split}] declares case split rules.
3.1340 +
3.1341 + \end{descr}
3.1342 +*}
3.1343 +
3.1344 +
3.1345 +subsubsection {* Simplification procedures *}
3.1346 +
3.1347 +text {*
3.1348 + \begin{matharray}{rcl}
3.1349 + @{command_def "simproc_setup"} & : & \isarkeep{local{\dsh}theory} \\
3.1350 + simproc & : & \isaratt \\
3.1351 + \end{matharray}
3.1352 +
3.1353 + \begin{rail}
3.1354 + 'simproc\_setup' name '(' (term + '|') ')' '=' text \\ ('identifier' (nameref+))?
3.1355 + ;
3.1356 +
3.1357 + 'simproc' (('add' ':')? | 'del' ':') (name+)
3.1358 + ;
3.1359 + \end{rail}
3.1360 +
3.1361 + \begin{descr}
3.1362 +
3.1363 + \item [@{command "simproc_setup"}] defines a named simplification
3.1364 + procedure that is invoked by the Simplifier whenever any of the
3.1365 + given term patterns match the current redex. The implementation,
3.1366 + which is provided as ML source text, needs to be of type @{ML_type
3.1367 + "morphism -> simpset -> cterm -> thm option"}, where the @{ML_type
3.1368 + cterm} represents the current redex @{text r} and the result is
3.1369 + supposed to be some proven rewrite rule @{text "r \<equiv> r'"} (or a
3.1370 + generalized version), or @{ML NONE} to indicate failure. The
3.1371 + @{ML_type simpset} argument holds the full context of the current
3.1372 + Simplifier invocation, including the actual Isar proof context. The
3.1373 + @{ML_type morphism} informs about the difference of the original
3.1374 + compilation context wrt.\ the one of the actual application later
3.1375 + on. The optional @{keyword "identifier"} specifies theorems that
3.1376 + represent the logical content of the abstract theory of this
3.1377 + simproc.
3.1378 +
3.1379 + Morphisms and identifiers are only relevant for simprocs that are
3.1380 + defined within a local target context, e.g.\ in a locale.
3.1381 +
3.1382 + \item [@{text "simproc add: name"} and @{text "simproc del: name"}]
3.1383 + add or delete named simprocs to the current Simplifier context. The
3.1384 + default is to add a simproc. Note that @{command "simproc_setup"}
3.1385 + already adds the new simproc to the subsequent context.
3.1386 +
3.1387 + \end{descr}
3.1388 +*}
3.1389 +
3.1390 +
3.1391 +subsubsection {* Forward simplification *}
3.1392 +
3.1393 +text {*
3.1394 + \begin{matharray}{rcl}
3.1395 + @{attribute_def simplified} & : & \isaratt \\
3.1396 + \end{matharray}
3.1397 +
3.1398 + \begin{rail}
3.1399 + 'simplified' opt? thmrefs?
3.1400 + ;
3.1401 +
3.1402 + opt: '(' (noasm | noasmsimp | noasmuse) ')'
3.1403 + ;
3.1404 + \end{rail}
3.1405 +
3.1406 + \begin{descr}
3.1407 +
3.1408 + \item [@{attribute simplified}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}]
3.1409 + causes a theorem to be simplified, either by exactly the specified
3.1410 + rules @{text "a\<^sub>1, \<dots>, a\<^sub>n"}, or the implicit Simplifier
3.1411 + context if no arguments are given. The result is fully simplified
3.1412 + by default, including assumptions and conclusion; the options @{text
3.1413 + no_asm} etc.\ tune the Simplifier in the same way as the for the
3.1414 + @{text simp} method.
3.1415 +
3.1416 + Note that forward simplification restricts the simplifier to its
3.1417 + most basic operation of term rewriting; solver and looper tactics
3.1418 + \cite{isabelle-ref} are \emph{not} involved here. The @{text
3.1419 + simplified} attribute should be only rarely required under normal
3.1420 + circumstances.
3.1421 +
3.1422 + \end{descr}
3.1423 +*}
3.1424 +
3.1425 +
3.1426 +subsubsection {* Low-level equational reasoning *}
3.1427 +
3.1428 +text {*
3.1429 + \begin{matharray}{rcl}
3.1430 + @{method_def subst}@{text "\<^sup>*"} & : & \isarmeth \\
3.1431 + @{method_def hypsubst}@{text "\<^sup>*"} & : & \isarmeth \\
3.1432 + @{method_def split}@{text "\<^sup>*"} & : & \isarmeth \\
3.1433 + \end{matharray}
3.1434 +
3.1435 + \begin{rail}
3.1436 + 'subst' ('(' 'asm' ')')? ('(' (nat+) ')')? thmref
3.1437 + ;
3.1438 + 'split' ('(' 'asm' ')')? thmrefs
3.1439 + ;
3.1440 + \end{rail}
3.1441 +
3.1442 + These methods provide low-level facilities for equational reasoning
3.1443 + that are intended for specialized applications only. Normally,
3.1444 + single step calculations would be performed in a structured text
3.1445 + (see also \secref{sec:calculation}), while the Simplifier methods
3.1446 + provide the canonical way for automated normalization (see
3.1447 + \secref{sec:simplifier}).
3.1448 +
3.1449 + \begin{descr}
3.1450 +
3.1451 + \item [@{method subst}~@{text eq}] performs a single substitution
3.1452 + step using rule @{text eq}, which may be either a meta or object
3.1453 + equality.
3.1454 +
3.1455 + \item [@{method subst}~@{text "(asm) eq"}] substitutes in an
3.1456 + assumption.
3.1457 +
3.1458 + \item [@{method subst}~@{text "(i \<dots> j) eq"}] performs several
3.1459 + substitutions in the conclusion. The numbers @{text i} to @{text j}
3.1460 + indicate the positions to substitute at. Positions are ordered from
3.1461 + the top of the term tree moving down from left to right. For
3.1462 + example, in @{text "(a + b) + (c + d)"} there are three positions
3.1463 + where commutativity of @{text "+"} is applicable: 1 refers to the
3.1464 + whole term, 2 to @{text "a + b"} and 3 to @{text "c + d"}.
3.1465 +
3.1466 + If the positions in the list @{text "(i \<dots> j)"} are non-overlapping
3.1467 + (e.g.\ @{text "(2 3)"} in @{text "(a + b) + (c + d)"}) you may
3.1468 + assume all substitutions are performed simultaneously. Otherwise
3.1469 + the behaviour of @{text subst} is not specified.
3.1470 +
3.1471 + \item [@{method subst}~@{text "(asm) (i \<dots> j) eq"}] performs the
3.1472 + substitutions in the assumptions. Positions @{text "1 \<dots> i\<^sub>1"}
3.1473 + refer to assumption 1, positions @{text "i\<^sub>1 + 1 \<dots> i\<^sub>2"}
3.1474 + to assumption 2, and so on.
3.1475 +
3.1476 + \item [@{method hypsubst}] performs substitution using some
3.1477 + assumption; this only works for equations of the form @{text "x =
3.1478 + t"} where @{text x} is a free or bound variable.
3.1479 +
3.1480 + \item [@{method split}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] performs
3.1481 + single-step case splitting using the given rules. By default,
3.1482 + splitting is performed in the conclusion of a goal; the @{text
3.1483 + "(asm)"} option indicates to operate on assumptions instead.
3.1484 +
3.1485 + Note that the @{method simp} method already involves repeated
3.1486 + application of split rules as declared in the current context.
3.1487 +
3.1488 + \end{descr}
3.1489 +*}
3.1490 +
3.1491 +
3.1492 +subsection {* The Classical Reasoner \label{sec:classical} *}
3.1493 +
3.1494 +subsubsection {* Basic methods *}
3.1495 +
3.1496 +text {*
3.1497 + \begin{matharray}{rcl}
3.1498 + @{method_def rule} & : & \isarmeth \\
3.1499 + @{method_def contradiction} & : & \isarmeth \\
3.1500 + @{method_def intro} & : & \isarmeth \\
3.1501 + @{method_def elim} & : & \isarmeth \\
3.1502 + \end{matharray}
3.1503 +
3.1504 + \begin{rail}
3.1505 + ('rule' | 'intro' | 'elim') thmrefs?
3.1506 + ;
3.1507 + \end{rail}
3.1508 +
3.1509 + \begin{descr}
3.1510 +
3.1511 + \item [@{method rule}] as offered by the Classical Reasoner is a
3.1512 + refinement over the primitive one (see \secref{sec:pure-meth-att}).
3.1513 + Both versions essentially work the same, but the classical version
3.1514 + observes the classical rule context in addition to that of
3.1515 + Isabelle/Pure.
3.1516 +
3.1517 + Common object logics (HOL, ZF, etc.) declare a rich collection of
3.1518 + classical rules (even if these would qualify as intuitionistic
3.1519 + ones), but only few declarations to the rule context of
3.1520 + Isabelle/Pure (\secref{sec:pure-meth-att}).
3.1521 +
3.1522 + \item [@{method contradiction}] solves some goal by contradiction,
3.1523 + deriving any result from both @{text "\<not> A"} and @{text A}. Chained
3.1524 + facts, which are guaranteed to participate, may appear in either
3.1525 + order.
3.1526 +
3.1527 + \item [@{attribute intro} and @{attribute elim}] repeatedly refine
3.1528 + some goal by intro- or elim-resolution, after having inserted any
3.1529 + chained facts. Exactly the rules given as arguments are taken into
3.1530 + account; this allows fine-tuned decomposition of a proof problem, in
3.1531 + contrast to common automated tools.
3.1532 +
3.1533 + \end{descr}
3.1534 +*}
3.1535 +
3.1536 +
3.1537 +subsubsection {* Automated methods *}
3.1538 +
3.1539 +text {*
3.1540 + \begin{matharray}{rcl}
3.1541 + @{method_def blast} & : & \isarmeth \\
3.1542 + @{method_def fast} & : & \isarmeth \\
3.1543 + @{method_def slow} & : & \isarmeth \\
3.1544 + @{method_def best} & : & \isarmeth \\
3.1545 + @{method_def safe} & : & \isarmeth \\
3.1546 + @{method_def clarify} & : & \isarmeth \\
3.1547 + \end{matharray}
3.1548 +
3.1549 + \indexouternonterm{clamod}
3.1550 + \begin{rail}
3.1551 + 'blast' ('!' ?) nat? (clamod *)
3.1552 + ;
3.1553 + ('fast' | 'slow' | 'best' | 'safe' | 'clarify') ('!' ?) (clamod *)
3.1554 + ;
3.1555 +
3.1556 + clamod: (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del') ':' thmrefs
3.1557 + ;
3.1558 + \end{rail}
3.1559 +
3.1560 + \begin{descr}
3.1561 +
3.1562 + \item [@{method blast}] refers to the classical tableau prover (see
3.1563 + @{ML blast_tac} in \cite[\S11]{isabelle-ref}). The optional
3.1564 + argument specifies a user-supplied search bound (default 20).
3.1565 +
3.1566 + \item [@{method fast}, @{method slow}, @{method best}, @{method
3.1567 + safe}, and @{method clarify}] refer to the generic classical
3.1568 + reasoner. See @{ML fast_tac}, @{ML slow_tac}, @{ML best_tac}, @{ML
3.1569 + safe_tac}, and @{ML clarify_tac} in \cite[\S11]{isabelle-ref} for
3.1570 + more information.
3.1571 +
3.1572 + \end{descr}
3.1573 +
3.1574 + Any of the above methods support additional modifiers of the context
3.1575 + of classical rules. Their semantics is analogous to the attributes
3.1576 + given before. Facts provided by forward chaining are inserted into
3.1577 + the goal before commencing proof search. The ``@{text
3.1578 + "!"}''~argument causes the full context of assumptions to be
3.1579 + included as well.
3.1580 +*}
3.1581 +
3.1582 +
3.1583 +subsubsection {* Combined automated methods \label{sec:clasimp} *}
3.1584 +
3.1585 +text {*
3.1586 + \begin{matharray}{rcl}
3.1587 + @{method_def auto} & : & \isarmeth \\
3.1588 + @{method_def force} & : & \isarmeth \\
3.1589 + @{method_def clarsimp} & : & \isarmeth \\
3.1590 + @{method_def fastsimp} & : & \isarmeth \\
3.1591 + @{method_def slowsimp} & : & \isarmeth \\
3.1592 + @{method_def bestsimp} & : & \isarmeth \\
3.1593 + \end{matharray}
3.1594 +
3.1595 + \indexouternonterm{clasimpmod}
3.1596 + \begin{rail}
3.1597 + 'auto' '!'? (nat nat)? (clasimpmod *)
3.1598 + ;
3.1599 + ('force' | 'clarsimp' | 'fastsimp' | 'slowsimp' | 'bestsimp') '!'? (clasimpmod *)
3.1600 + ;
3.1601 +
3.1602 + clasimpmod: ('simp' (() | 'add' | 'del' | 'only') |
3.1603 + ('cong' | 'split') (() | 'add' | 'del') |
3.1604 + 'iff' (((() | 'add') '?'?) | 'del') |
3.1605 + (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del')) ':' thmrefs
3.1606 + \end{rail}
3.1607 +
3.1608 + \begin{descr}
3.1609 +
3.1610 + \item [@{method auto}, @{method force}, @{method clarsimp}, @{method
3.1611 + fastsimp}, @{method slowsimp}, and @{method bestsimp}] provide
3.1612 + access to Isabelle's combined simplification and classical reasoning
3.1613 + tactics. These correspond to @{ML auto_tac}, @{ML force_tac}, @{ML
3.1614 + clarsimp_tac}, and Classical Reasoner tactics with the Simplifier
3.1615 + added as wrapper, see \cite[\S11]{isabelle-ref} for more
3.1616 + information. The modifier arguments correspond to those given in
3.1617 + \secref{sec:simplifier} and \secref{sec:classical}. Just note that
3.1618 + the ones related to the Simplifier are prefixed by \railtterm{simp}
3.1619 + here.
3.1620 +
3.1621 + Facts provided by forward chaining are inserted into the goal before
3.1622 + doing the search. The ``@{text "!"}'' argument causes the full
3.1623 + context of assumptions to be included as well.
3.1624 +
3.1625 + \end{descr}
3.1626 +*}
3.1627 +
3.1628 +
3.1629 +subsubsection {* Declaring rules *}
3.1630 +
3.1631 +text {*
3.1632 + \begin{matharray}{rcl}
3.1633 + @{command_def "print_claset"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.1634 + @{attribute_def intro} & : & \isaratt \\
3.1635 + @{attribute_def elim} & : & \isaratt \\
3.1636 + @{attribute_def dest} & : & \isaratt \\
3.1637 + @{attribute_def rule} & : & \isaratt \\
3.1638 + @{attribute_def iff} & : & \isaratt \\
3.1639 + \end{matharray}
3.1640 +
3.1641 + \begin{rail}
3.1642 + ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
3.1643 + ;
3.1644 + 'rule' 'del'
3.1645 + ;
3.1646 + 'iff' (((() | 'add') '?'?) | 'del')
3.1647 + ;
3.1648 + \end{rail}
3.1649 +
3.1650 + \begin{descr}
3.1651 +
3.1652 + \item [@{command "print_claset"}] prints the collection of rules
3.1653 + declared to the Classical Reasoner, which is also known as
3.1654 + ``claset'' internally \cite{isabelle-ref}.
3.1655 +
3.1656 + \item [@{attribute intro}, @{attribute elim}, and @{attribute dest}]
3.1657 + declare introduction, elimination, and destruction rules,
3.1658 + respectively. By default, rules are considered as \emph{unsafe}
3.1659 + (i.e.\ not applied blindly without backtracking), while ``@{text
3.1660 + "!"}'' classifies as \emph{safe}. Rule declarations marked by
3.1661 + ``@{text "?"}'' coincide with those of Isabelle/Pure, cf.\
3.1662 + \secref{sec:pure-meth-att} (i.e.\ are only applied in single steps
3.1663 + of the @{method rule} method). The optional natural number
3.1664 + specifies an explicit weight argument, which is ignored by automated
3.1665 + tools, but determines the search order of single rule steps.
3.1666 +
3.1667 + \item [@{attribute rule}~@{text del}] deletes introduction,
3.1668 + elimination, or destruction rules from the context.
3.1669 +
3.1670 + \item [@{attribute iff}] declares logical equivalences to the
3.1671 + Simplifier and the Classical reasoner at the same time.
3.1672 + Non-conditional rules result in a ``safe'' introduction and
3.1673 + elimination pair; conditional ones are considered ``unsafe''. Rules
3.1674 + with negative conclusion are automatically inverted (using @{text
3.1675 + "\<not>"} elimination internally).
3.1676 +
3.1677 + The ``@{text "?"}'' version of @{attribute iff} declares rules to
3.1678 + the Isabelle/Pure context only, and omits the Simplifier
3.1679 + declaration.
3.1680 +
3.1681 + \end{descr}
3.1682 +*}
3.1683 +
3.1684 +
3.1685 +subsubsection {* Classical operations *}
3.1686 +
3.1687 +text {*
3.1688 + \begin{matharray}{rcl}
3.1689 + @{attribute_def swapped} & : & \isaratt \\
3.1690 + \end{matharray}
3.1691 +
3.1692 + \begin{descr}
3.1693 +
3.1694 + \item [@{attribute swapped}] turns an introduction rule into an
3.1695 + elimination, by resolving with the classical swap principle @{text
3.1696 + "(\<not> B \<Longrightarrow> A) \<Longrightarrow> (\<not> A \<Longrightarrow> B)"}.
3.1697 +
3.1698 + \end{descr}
3.1699 +*}
3.1700 +
3.1701 +
3.1702 +subsection {* Proof by cases and induction \label{sec:cases-induct} *}
3.1703 +
3.1704 +subsubsection {* Rule contexts *}
3.1705 +
3.1706 +text {*
3.1707 + \begin{matharray}{rcl}
3.1708 + @{command_def "case"} & : & \isartrans{proof(state)}{proof(state)} \\
3.1709 + @{command_def "print_cases"}@{text "\<^sup>*"} & : & \isarkeep{proof} \\
3.1710 + @{attribute_def case_names} & : & \isaratt \\
3.1711 + @{attribute_def case_conclusion} & : & \isaratt \\
3.1712 + @{attribute_def params} & : & \isaratt \\
3.1713 + @{attribute_def consumes} & : & \isaratt \\
3.1714 + \end{matharray}
3.1715 +
3.1716 + The puristic way to build up Isar proof contexts is by explicit
3.1717 + language elements like @{command "fix"}, @{command "assume"},
3.1718 + @{command "let"} (see \secref{sec:proof-context}). This is adequate
3.1719 + for plain natural deduction, but easily becomes unwieldy in concrete
3.1720 + verification tasks, which typically involve big induction rules with
3.1721 + several cases.
3.1722 +
3.1723 + The @{command "case"} command provides a shorthand to refer to a
3.1724 + local context symbolically: certain proof methods provide an
3.1725 + environment of named ``cases'' of the form @{text "c: x\<^sub>1, \<dots>,
3.1726 + x\<^sub>m, \<phi>\<^sub>1, \<dots>, \<phi>\<^sub>n"}; the effect of
3.1727 + ``@{command "case"}@{text c}'' is then equivalent to ``@{command
3.1728 + "fix"}~@{text "x\<^sub>1 \<dots> x\<^sub>m"}~@{command "assume"}~@{text
3.1729 + "c: \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"}''. Term bindings may be
3.1730 + covered as well, notably @{variable ?case} for the main conclusion.
3.1731 +
3.1732 + By default, the ``terminology'' @{text "x\<^sub>1, \<dots>, x\<^sub>m"} of
3.1733 + a case value is marked as hidden, i.e.\ there is no way to refer to
3.1734 + such parameters in the subsequent proof text. After all, original
3.1735 + rule parameters stem from somewhere outside of the current proof
3.1736 + text. By using the explicit form ``@{command "case"}~@{text "(c
3.1737 + y\<^sub>1 \<dots> y\<^sub>m)"}'' instead, the proof author is able to
3.1738 + chose local names that fit nicely into the current context.
3.1739 +
3.1740 + \medskip It is important to note that proper use of @{command
3.1741 + "case"} does not provide means to peek at the current goal state,
3.1742 + which is not directly observable in Isar! Nonetheless, goal
3.1743 + refinement commands do provide named cases @{text "goal\<^sub>i"}
3.1744 + for each subgoal @{text "i = 1, \<dots>, n"} of the resulting goal state.
3.1745 + Using this extra feature requires great care, because some bits of
3.1746 + the internal tactical machinery intrude the proof text. In
3.1747 + particular, parameter names stemming from the left-over of automated
3.1748 + reasoning tools are usually quite unpredictable.
3.1749 +
3.1750 + Under normal circumstances, the text of cases emerge from standard
3.1751 + elimination or induction rules, which in turn are derived from
3.1752 + previous theory specifications in a canonical way (say from
3.1753 + @{command "inductive"} definitions).
3.1754 +
3.1755 + \medskip Proper cases are only available if both the proof method
3.1756 + and the rules involved support this. By using appropriate
3.1757 + attributes, case names, conclusions, and parameters may be also
3.1758 + declared by hand. Thus variant versions of rules that have been
3.1759 + derived manually become ready to use in advanced case analysis
3.1760 + later.
3.1761 +
3.1762 + \begin{rail}
3.1763 + 'case' (caseref | '(' caseref ((name | underscore) +) ')')
3.1764 + ;
3.1765 + caseref: nameref attributes?
3.1766 + ;
3.1767 +
3.1768 + 'case\_names' (name +)
3.1769 + ;
3.1770 + 'case\_conclusion' name (name *)
3.1771 + ;
3.1772 + 'params' ((name *) + 'and')
3.1773 + ;
3.1774 + 'consumes' nat?
3.1775 + ;
3.1776 + \end{rail}
3.1777 +
3.1778 + \begin{descr}
3.1779 +
3.1780 + \item [@{command "case"}~@{text "(c x\<^sub>1 \<dots> x\<^sub>m)"}]
3.1781 + invokes a named local context @{text "c: x\<^sub>1, \<dots>, x\<^sub>m,
3.1782 + \<phi>\<^sub>1, \<dots>, \<phi>\<^sub>m"}, as provided by an appropriate
3.1783 + proof method (such as @{method_ref cases} and @{method_ref induct}).
3.1784 + The command ``@{command "case"}~@{text "(c x\<^sub>1 \<dots>
3.1785 + x\<^sub>m)"}'' abbreviates ``@{command "fix"}~@{text "x\<^sub>1 \<dots>
3.1786 + x\<^sub>m"}~@{command "assume"}~@{text "c: \<phi>\<^sub>1 \<dots>
3.1787 + \<phi>\<^sub>n"}''.
3.1788 +
3.1789 + \item [@{command "print_cases"}] prints all local contexts of the
3.1790 + current state, using Isar proof language notation.
3.1791 +
3.1792 + \item [@{attribute case_names}~@{text "c\<^sub>1 \<dots> c\<^sub>k"}]
3.1793 + declares names for the local contexts of premises of a theorem;
3.1794 + @{text "c\<^sub>1, \<dots>, c\<^sub>k"} refers to the \emph{suffix} of the
3.1795 + list of premises.
3.1796 +
3.1797 + \item [@{attribute case_conclusion}~@{text "c d\<^sub>1 \<dots>
3.1798 + d\<^sub>k"}] declares names for the conclusions of a named premise
3.1799 + @{text c}; here @{text "d\<^sub>1, \<dots>, d\<^sub>k"} refers to the
3.1800 + prefix of arguments of a logical formula built by nesting a binary
3.1801 + connective (e.g.\ @{text "\<or>"}).
3.1802 +
3.1803 + Note that proof methods such as @{method induct} and @{method
3.1804 + coinduct} already provide a default name for the conclusion as a
3.1805 + whole. The need to name subformulas only arises with cases that
3.1806 + split into several sub-cases, as in common co-induction rules.
3.1807 +
3.1808 + \item [@{attribute params}~@{text "p\<^sub>1 \<dots> p\<^sub>m \<AND> \<dots>
3.1809 + q\<^sub>1 \<dots> q\<^sub>n"}] renames the innermost parameters of
3.1810 + premises @{text "1, \<dots>, n"} of some theorem. An empty list of names
3.1811 + may be given to skip positions, leaving the present parameters
3.1812 + unchanged.
3.1813 +
3.1814 + Note that the default usage of case rules does \emph{not} directly
3.1815 + expose parameters to the proof context.
3.1816 +
3.1817 + \item [@{attribute consumes}~@{text n}] declares the number of
3.1818 + ``major premises'' of a rule, i.e.\ the number of facts to be
3.1819 + consumed when it is applied by an appropriate proof method. The
3.1820 + default value of @{attribute consumes} is @{text "n = 1"}, which is
3.1821 + appropriate for the usual kind of cases and induction rules for
3.1822 + inductive sets (cf.\ \secref{sec:hol-inductive}). Rules without any
3.1823 + @{attribute consumes} declaration given are treated as if
3.1824 + @{attribute consumes}~@{text 0} had been specified.
3.1825 +
3.1826 + Note that explicit @{attribute consumes} declarations are only
3.1827 + rarely needed; this is already taken care of automatically by the
3.1828 + higher-level @{attribute cases}, @{attribute induct}, and
3.1829 + @{attribute coinduct} declarations.
3.1830 +
3.1831 + \end{descr}
3.1832 +*}
3.1833 +
3.1834 +
3.1835 +subsubsection {* Proof methods *}
3.1836 +
3.1837 +text {*
3.1838 + \begin{matharray}{rcl}
3.1839 + @{method_def cases} & : & \isarmeth \\
3.1840 + @{method_def induct} & : & \isarmeth \\
3.1841 + @{method_def coinduct} & : & \isarmeth \\
3.1842 + \end{matharray}
3.1843 +
3.1844 + The @{method cases}, @{method induct}, and @{method coinduct}
3.1845 + methods provide a uniform interface to common proof techniques over
3.1846 + datatypes, inductive predicates (or sets), recursive functions etc.
3.1847 + The corresponding rules may be specified and instantiated in a
3.1848 + casual manner. Furthermore, these methods provide named local
3.1849 + contexts that may be invoked via the @{command "case"} proof command
3.1850 + within the subsequent proof text. This accommodates compact proof
3.1851 + texts even when reasoning about large specifications.
3.1852 +
3.1853 + The @{method induct} method also provides some additional
3.1854 + infrastructure in order to be applicable to structure statements
3.1855 + (either using explicit meta-level connectives, or including facts
3.1856 + and parameters separately). This avoids cumbersome encoding of
3.1857 + ``strengthened'' inductive statements within the object-logic.
3.1858 +
3.1859 + \begin{rail}
3.1860 + 'cases' (insts * 'and') rule?
3.1861 + ;
3.1862 + 'induct' (definsts * 'and') \\ arbitrary? taking? rule?
3.1863 + ;
3.1864 + 'coinduct' insts taking rule?
3.1865 + ;
3.1866 +
3.1867 + rule: ('type' | 'pred' | 'set') ':' (nameref +) | 'rule' ':' (thmref +)
3.1868 + ;
3.1869 + definst: name ('==' | equiv) term | inst
3.1870 + ;
3.1871 + definsts: ( definst *)
3.1872 + ;
3.1873 + arbitrary: 'arbitrary' ':' ((term *) 'and' +)
3.1874 + ;
3.1875 + taking: 'taking' ':' insts
3.1876 + ;
3.1877 + \end{rail}
3.1878 +
3.1879 + \begin{descr}
3.1880 +
3.1881 + \item [@{method cases}~@{text "insts R"}] applies method @{method
3.1882 + rule} with an appropriate case distinction theorem, instantiated to
3.1883 + the subjects @{text insts}. Symbolic case names are bound according
3.1884 + to the rule's local contexts.
3.1885 +
3.1886 + The rule is determined as follows, according to the facts and
3.1887 + arguments passed to the @{method cases} method:
3.1888 +
3.1889 + \medskip
3.1890 + \begin{tabular}{llll}
3.1891 + facts & & arguments & rule \\\hline
3.1892 + & @{method cases} & & classical case split \\
3.1893 + & @{method cases} & @{text t} & datatype exhaustion (type of @{text t}) \\
3.1894 + @{text "\<turnstile> A t"} & @{method cases} & @{text "\<dots>"} & inductive predicate/set elimination (of @{text A}) \\
3.1895 + @{text "\<dots>"} & @{method cases} & @{text "\<dots> rule: R"} & explicit rule @{text R} \\
3.1896 + \end{tabular}
3.1897 + \medskip
3.1898 +
3.1899 + Several instantiations may be given, referring to the \emph{suffix}
3.1900 + of premises of the case rule; within each premise, the \emph{prefix}
3.1901 + of variables is instantiated. In most situations, only a single
3.1902 + term needs to be specified; this refers to the first variable of the
3.1903 + last premise (it is usually the same for all cases).
3.1904 +
3.1905 + \item [@{method induct}~@{text "insts R"}] is analogous to the
3.1906 + @{method cases} method, but refers to induction rules, which are
3.1907 + determined as follows:
3.1908 +
3.1909 + \medskip
3.1910 + \begin{tabular}{llll}
3.1911 + facts & & arguments & rule \\\hline
3.1912 + & @{method induct} & @{text "P x \<dots>"} & datatype induction (type of @{text x}) \\
3.1913 + @{text "\<turnstile> A x"} & @{method induct} & @{text "\<dots>"} & predicate/set induction (of @{text A}) \\
3.1914 + @{text "\<dots>"} & @{method induct} & @{text "\<dots> rule: R"} & explicit rule @{text R} \\
3.1915 + \end{tabular}
3.1916 + \medskip
3.1917 +
3.1918 + Several instantiations may be given, each referring to some part of
3.1919 + a mutual inductive definition or datatype --- only related partial
3.1920 + induction rules may be used together, though. Any of the lists of
3.1921 + terms @{text "P, x, \<dots>"} refers to the \emph{suffix} of variables
3.1922 + present in the induction rule. This enables the writer to specify
3.1923 + only induction variables, or both predicates and variables, for
3.1924 + example.
3.1925 +
3.1926 + Instantiations may be definitional: equations @{text "x \<equiv> t"}
3.1927 + introduce local definitions, which are inserted into the claim and
3.1928 + discharged after applying the induction rule. Equalities reappear
3.1929 + in the inductive cases, but have been transformed according to the
3.1930 + induction principle being involved here. In order to achieve
3.1931 + practically useful induction hypotheses, some variables occurring in
3.1932 + @{text t} need to be fixed (see below).
3.1933 +
3.1934 + The optional ``@{text "arbitrary: x\<^sub>1 \<dots> x\<^sub>m"}''
3.1935 + specification generalizes variables @{text "x\<^sub>1, \<dots>,
3.1936 + x\<^sub>m"} of the original goal before applying induction. Thus
3.1937 + induction hypotheses may become sufficiently general to get the
3.1938 + proof through. Together with definitional instantiations, one may
3.1939 + effectively perform induction over expressions of a certain
3.1940 + structure.
3.1941 +
3.1942 + The optional ``@{text "taking: t\<^sub>1 \<dots> t\<^sub>n"}''
3.1943 + specification provides additional instantiations of a prefix of
3.1944 + pending variables in the rule. Such schematic induction rules
3.1945 + rarely occur in practice, though.
3.1946 +
3.1947 + \item [@{method coinduct}~@{text "inst R"}] is analogous to the
3.1948 + @{method induct} method, but refers to coinduction rules, which are
3.1949 + determined as follows:
3.1950 +
3.1951 + \medskip
3.1952 + \begin{tabular}{llll}
3.1953 + goal & & arguments & rule \\\hline
3.1954 + & @{method coinduct} & @{text "x \<dots>"} & type coinduction (type of @{text x}) \\
3.1955 + @{text "A x"} & @{method coinduct} & @{text "\<dots>"} & predicate/set coinduction (of @{text A}) \\
3.1956 + @{text "\<dots>"} & @{method coinduct} & @{text "\<dots> R"} & explicit rule @{text R} \\
3.1957 + \end{tabular}
3.1958 +
3.1959 + Coinduction is the dual of induction. Induction essentially
3.1960 + eliminates @{text "A x"} towards a generic result @{text "P x"},
3.1961 + while coinduction introduces @{text "A x"} starting with @{text "B
3.1962 + x"}, for a suitable ``bisimulation'' @{text B}. The cases of a
3.1963 + coinduct rule are typically named after the predicates or sets being
3.1964 + covered, while the conclusions consist of several alternatives being
3.1965 + named after the individual destructor patterns.
3.1966 +
3.1967 + The given instantiation refers to the \emph{suffix} of variables
3.1968 + occurring in the rule's major premise, or conclusion if unavailable.
3.1969 + An additional ``@{text "taking: t\<^sub>1 \<dots> t\<^sub>n"}''
3.1970 + specification may be required in order to specify the bisimulation
3.1971 + to be used in the coinduction step.
3.1972 +
3.1973 + \end{descr}
3.1974 +
3.1975 + Above methods produce named local contexts, as determined by the
3.1976 + instantiated rule as given in the text. Beyond that, the @{method
3.1977 + induct} and @{method coinduct} methods guess further instantiations
3.1978 + from the goal specification itself. Any persisting unresolved
3.1979 + schematic variables of the resulting rule will render the the
3.1980 + corresponding case invalid. The term binding @{variable ?case} for
3.1981 + the conclusion will be provided with each case, provided that term
3.1982 + is fully specified.
3.1983 +
3.1984 + The @{command "print_cases"} command prints all named cases present
3.1985 + in the current proof state.
3.1986 +
3.1987 + \medskip Despite the additional infrastructure, both @{method cases}
3.1988 + and @{method coinduct} merely apply a certain rule, after
3.1989 + instantiation, while conforming due to the usual way of monotonic
3.1990 + natural deduction: the context of a structured statement @{text
3.1991 + "\<And>x\<^sub>1 \<dots> x\<^sub>m. \<phi>\<^sub>1 \<Longrightarrow> \<dots> \<phi>\<^sub>n \<Longrightarrow> \<dots>"}
3.1992 + reappears unchanged after the case split.
3.1993 +
3.1994 + The @{method induct} method is fundamentally different in this
3.1995 + respect: the meta-level structure is passed through the
3.1996 + ``recursive'' course involved in the induction. Thus the original
3.1997 + statement is basically replaced by separate copies, corresponding to
3.1998 + the induction hypotheses and conclusion; the original goal context
3.1999 + is no longer available. Thus local assumptions, fixed parameters
3.2000 + and definitions effectively participate in the inductive rephrasing
3.2001 + of the original statement.
3.2002 +
3.2003 + In induction proofs, local assumptions introduced by cases are split
3.2004 + into two different kinds: @{text hyps} stemming from the rule and
3.2005 + @{text prems} from the goal statement. This is reflected in the
3.2006 + extracted cases accordingly, so invoking ``@{command "case"}~@{text
3.2007 + c}'' will provide separate facts @{text c.hyps} and @{text c.prems},
3.2008 + as well as fact @{text c} to hold the all-inclusive list.
3.2009 +
3.2010 + \medskip Facts presented to either method are consumed according to
3.2011 + the number of ``major premises'' of the rule involved, which is
3.2012 + usually 0 for plain cases and induction rules of datatypes etc.\ and
3.2013 + 1 for rules of inductive predicates or sets and the like. The
3.2014 + remaining facts are inserted into the goal verbatim before the
3.2015 + actual @{text cases}, @{text induct}, or @{text coinduct} rule is
3.2016 + applied.
3.2017 +*}
3.2018 +
3.2019 +
3.2020 +subsubsection {* Declaring rules *}
3.2021 +
3.2022 +text {*
3.2023 + \begin{matharray}{rcl}
3.2024 + @{command_def "print_induct_rules"}@{text "\<^sup>*"} & : & \isarkeep{theory~|~proof} \\
3.2025 + @{attribute_def cases} & : & \isaratt \\
3.2026 + @{attribute_def induct} & : & \isaratt \\
3.2027 + @{attribute_def coinduct} & : & \isaratt \\
3.2028 + \end{matharray}
3.2029 +
3.2030 + \begin{rail}
3.2031 + 'cases' spec
3.2032 + ;
3.2033 + 'induct' spec
3.2034 + ;
3.2035 + 'coinduct' spec
3.2036 + ;
3.2037 +
3.2038 + spec: ('type' | 'pred' | 'set') ':' nameref
3.2039 + ;
3.2040 + \end{rail}
3.2041 +
3.2042 + \begin{descr}
3.2043 +
3.2044 + \item [@{command "print_induct_rules"}] prints cases and induct
3.2045 + rules for predicates (or sets) and types of the current context.
3.2046 +
3.2047 + \item [@{attribute cases}, @{attribute induct}, and @{attribute
3.2048 + coinduct}] (as attributes) augment the corresponding context of
3.2049 + rules for reasoning about (co)inductive predicates (or sets) and
3.2050 + types, using the corresponding methods of the same name. Certain
3.2051 + definitional packages of object-logics usually declare emerging
3.2052 + cases and induction rules as expected, so users rarely need to
3.2053 + intervene.
3.2054 +
3.2055 + Manual rule declarations usually refer to the @{attribute
3.2056 + case_names} and @{attribute params} attributes to adjust names of
3.2057 + cases and parameters of a rule; the @{attribute consumes}
3.2058 + declaration is taken care of automatically: @{attribute
3.2059 + consumes}~@{text 0} is specified for ``type'' rules and @{attribute
3.2060 + consumes}~@{text 1} for ``predicate'' / ``set'' rules.
3.2061 +
3.2062 + \end{descr}
3.2063 +*}
3.2064 +
3.2065 +end
4.1 --- a/doc-src/IsarRef/Thy/ROOT.ML Sun May 04 21:34:44 2008 +0200
4.2 +++ b/doc-src/IsarRef/Thy/ROOT.ML Mon May 05 15:23:21 2008 +0200
4.3 @@ -5,4 +5,5 @@
4.4 use_thy "intro";
4.5 use_thy "syntax";
4.6 use_thy "pure";
4.7 +use_thy "Generic";
4.8 use_thy "Quick_Reference";
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
5.2 +++ b/doc-src/IsarRef/Thy/document/Generic.tex Mon May 05 15:23:21 2008 +0200
5.3 @@ -0,0 +1,2062 @@
5.4 +%
5.5 +\begin{isabellebody}%
5.6 +\def\isabellecontext{Generic}%
5.7 +%
5.8 +\isadelimtheory
5.9 +\isanewline
5.10 +\isanewline
5.11 +%
5.12 +\endisadelimtheory
5.13 +%
5.14 +\isatagtheory
5.15 +\isacommand{theory}\isamarkupfalse%
5.16 +\ Generic\isanewline
5.17 +\isakeyword{imports}\ CPure\isanewline
5.18 +\isakeyword{begin}%
5.19 +\endisatagtheory
5.20 +{\isafoldtheory}%
5.21 +%
5.22 +\isadelimtheory
5.23 +%
5.24 +\endisadelimtheory
5.25 +%
5.26 +\isamarkupchapter{Generic tools and packages \label{ch:gen-tools}%
5.27 +}
5.28 +\isamarkuptrue%
5.29 +%
5.30 +\isamarkupsection{Specification commands%
5.31 +}
5.32 +\isamarkuptrue%
5.33 +%
5.34 +\isamarkupsubsection{Derived specifications%
5.35 +}
5.36 +\isamarkuptrue%
5.37 +%
5.38 +\begin{isamarkuptext}%
5.39 +\begin{matharray}{rcll}
5.40 + \indexdef{}{command}{axiomatization}\mbox{\isa{\isacommand{axiomatization}}} & : & \isarkeep{local{\dsh}theory} & (axiomatic!)\\
5.41 + \indexdef{}{command}{definition}\mbox{\isa{\isacommand{definition}}} & : & \isarkeep{local{\dsh}theory} \\
5.42 + \indexdef{}{attribute}{defn}\mbox{\isa{defn}} & : & \isaratt \\
5.43 + \indexdef{}{command}{abbreviation}\mbox{\isa{\isacommand{abbreviation}}} & : & \isarkeep{local{\dsh}theory} \\
5.44 + \indexdef{}{command}{print-abbrevs}\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.45 + \indexdef{}{command}{notation}\mbox{\isa{\isacommand{notation}}} & : & \isarkeep{local{\dsh}theory} \\
5.46 + \indexdef{}{command}{no-notation}\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}} & : & \isarkeep{local{\dsh}theory} \\
5.47 + \end{matharray}
5.48 +
5.49 + These specification mechanisms provide a slightly more abstract view
5.50 + than the underlying primitives of \mbox{\isa{\isacommand{consts}}}, \mbox{\isa{\isacommand{defs}}} (see \secref{sec:consts}), and \mbox{\isa{\isacommand{axioms}}} (see
5.51 + \secref{sec:axms-thms}). In particular, type-inference is commonly
5.52 + available, and result names need not be given.
5.53 +
5.54 + \begin{rail}
5.55 + 'axiomatization' target? fixes? ('where' specs)?
5.56 + ;
5.57 + 'definition' target? (decl 'where')? thmdecl? prop
5.58 + ;
5.59 + 'abbreviation' target? mode? (decl 'where')? prop
5.60 + ;
5.61 + ('notation' | 'no\_notation') target? mode? (nameref structmixfix + 'and')
5.62 + ;
5.63 +
5.64 + fixes: ((name ('::' type)? mixfix? | vars) + 'and')
5.65 + ;
5.66 + specs: (thmdecl? props + 'and')
5.67 + ;
5.68 + decl: name ('::' type)? mixfix?
5.69 + ;
5.70 + \end{rail}
5.71 +
5.72 + \begin{descr}
5.73 +
5.74 + \item [\mbox{\isa{\isacommand{axiomatization}}}~\isa{c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub m\ {\isasymWHERE}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n}] introduces several constants
5.75 + simultaneously and states axiomatic properties for these. The
5.76 + constants are marked as being specified once and for all, which
5.77 + prevents additional specifications being issued later on.
5.78 +
5.79 + Note that axiomatic specifications are only appropriate when
5.80 + declaring a new logical system. Normal applications should only use
5.81 + definitional mechanisms!
5.82 +
5.83 + \item [\mbox{\isa{\isacommand{definition}}}~\isa{c\ {\isasymWHERE}\ eq}] produces an
5.84 + internal definition \isa{c\ {\isasymequiv}\ t} according to the specification
5.85 + given as \isa{eq}, which is then turned into a proven fact. The
5.86 + given proposition may deviate from internal meta-level equality
5.87 + according to the rewrite rules declared as \mbox{\isa{defn}} by the
5.88 + object-logic. This typically covers object-level equality \isa{x\ {\isacharequal}\ t} and equivalence \isa{A\ {\isasymleftrightarrow}\ B}. End-users normally need not
5.89 + change the \mbox{\isa{defn}} setup.
5.90 +
5.91 + Definitions may be presented with explicit arguments on the LHS, as
5.92 + well as additional conditions, e.g.\ \isa{f\ x\ y\ {\isacharequal}\ t} instead of
5.93 + \isa{f\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t} and \isa{y\ {\isasymnoteq}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ g\ x\ y\ {\isacharequal}\ u} instead of an
5.94 + unrestricted \isa{g\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ u}.
5.95 +
5.96 + \item [\mbox{\isa{\isacommand{abbreviation}}}~\isa{c\ {\isasymWHERE}\ eq}] introduces
5.97 + a syntactic constant which is associated with a certain term
5.98 + according to the meta-level equality \isa{eq}.
5.99 +
5.100 + Abbreviations participate in the usual type-inference process, but
5.101 + are expanded before the logic ever sees them. Pretty printing of
5.102 + terms involves higher-order rewriting with rules stemming from
5.103 + reverted abbreviations. This needs some care to avoid overlapping
5.104 + or looping syntactic replacements!
5.105 +
5.106 + The optional \isa{mode} specification restricts output to a
5.107 + particular print mode; using ``\isa{input}'' here achieves the
5.108 + effect of one-way abbreviations. The mode may also include an
5.109 + ``\mbox{\isa{\isakeyword{output}}}'' qualifier that affects the concrete syntax
5.110 + declared for abbreviations, cf.\ \mbox{\isa{\isacommand{syntax}}} in
5.111 + \secref{sec:syn-trans}.
5.112 +
5.113 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}] prints all constant abbreviations
5.114 + of the current context.
5.115 +
5.116 + \item [\mbox{\isa{\isacommand{notation}}}~\isa{c\ {\isacharparenleft}mx{\isacharparenright}}] associates mixfix
5.117 + syntax with an existing constant or fixed variable. This is a
5.118 + robust interface to the underlying \mbox{\isa{\isacommand{syntax}}} primitive
5.119 + (\secref{sec:syn-trans}). Type declaration and internal syntactic
5.120 + representation of the given entity is retrieved from the context.
5.121 +
5.122 + \item [\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}}] is similar to \mbox{\isa{\isacommand{notation}}}, but removes the specified syntax annotation from the
5.123 + present context.
5.124 +
5.125 + \end{descr}
5.126 +
5.127 + All of these specifications support local theory targets (cf.\
5.128 + \secref{sec:target}).%
5.129 +\end{isamarkuptext}%
5.130 +\isamarkuptrue%
5.131 +%
5.132 +\isamarkupsubsection{Generic declarations%
5.133 +}
5.134 +\isamarkuptrue%
5.135 +%
5.136 +\begin{isamarkuptext}%
5.137 +Arbitrary operations on the background context may be wrapped-up as
5.138 + generic declaration elements. Since the underlying concept of local
5.139 + theories may be subject to later re-interpretation, there is an
5.140 + additional dependency on a morphism that tells the difference of the
5.141 + original declaration context wrt.\ the application context
5.142 + encountered later on. A fact declaration is an important special
5.143 + case: it consists of a theorem which is applied to the context by
5.144 + means of an attribute.
5.145 +
5.146 + \begin{matharray}{rcl}
5.147 + \indexdef{}{command}{declaration}\mbox{\isa{\isacommand{declaration}}} & : & \isarkeep{local{\dsh}theory} \\
5.148 + \indexdef{}{command}{declare}\mbox{\isa{\isacommand{declare}}} & : & \isarkeep{local{\dsh}theory} \\
5.149 + \end{matharray}
5.150 +
5.151 + \begin{rail}
5.152 + 'declaration' target? text
5.153 + ;
5.154 + 'declare' target? (thmrefs + 'and')
5.155 + ;
5.156 + \end{rail}
5.157 +
5.158 + \begin{descr}
5.159 +
5.160 + \item [\mbox{\isa{\isacommand{declaration}}}~\isa{d}] adds the declaration
5.161 + function \isa{d} of ML type \verb|declaration|, to the current
5.162 + local theory under construction. In later application contexts, the
5.163 + function is transformed according to the morphisms being involved in
5.164 + the interpretation hierarchy.
5.165 +
5.166 + \item [\mbox{\isa{\isacommand{declare}}}~\isa{thms}] declares theorems to the
5.167 + current local theory context. No theorem binding is involved here,
5.168 + unlike \mbox{\isa{\isacommand{theorems}}} or \mbox{\isa{\isacommand{lemmas}}} (cf.\
5.169 + \secref{sec:axms-thms}), so \mbox{\isa{\isacommand{declare}}} only has the effect
5.170 + of applying attributes as included in the theorem specification.
5.171 +
5.172 + \end{descr}%
5.173 +\end{isamarkuptext}%
5.174 +\isamarkuptrue%
5.175 +%
5.176 +\isamarkupsubsection{Local theory targets \label{sec:target}%
5.177 +}
5.178 +\isamarkuptrue%
5.179 +%
5.180 +\begin{isamarkuptext}%
5.181 +A local theory target is a context managed separately within the
5.182 + enclosing theory. Contexts may introduce parameters (fixed
5.183 + variables) and assumptions (hypotheses). Definitions and theorems
5.184 + depending on the context may be added incrementally later on. Named
5.185 + contexts refer to locales (cf.\ \secref{sec:locale}) or type classes
5.186 + (cf.\ \secref{sec:class}); the name ``\isa{{\isacharminus}}'' signifies the
5.187 + global theory context.
5.188 +
5.189 + \begin{matharray}{rcll}
5.190 + \indexdef{}{command}{context}\mbox{\isa{\isacommand{context}}} & : & \isartrans{theory}{local{\dsh}theory} \\
5.191 + \indexdef{}{command}{end}\mbox{\isa{\isacommand{end}}} & : & \isartrans{local{\dsh}theory}{theory} \\
5.192 + \end{matharray}
5.193 +
5.194 + \indexouternonterm{target}
5.195 + \begin{rail}
5.196 + 'context' name 'begin'
5.197 + ;
5.198 +
5.199 + target: '(' 'in' name ')'
5.200 + ;
5.201 + \end{rail}
5.202 +
5.203 + \begin{descr}
5.204 +
5.205 + \item [\mbox{\isa{\isacommand{context}}}~\isa{c\ {\isasymBEGIN}}] recommences an
5.206 + existing locale or class context \isa{c}. Note that locale and
5.207 + class definitions allow to include the \indexref{}{keyword}{begin}\mbox{\isa{\isakeyword{begin}}}
5.208 + keyword as well, in order to continue the local theory immediately
5.209 + after the initial specification.
5.210 +
5.211 + \item [\mbox{\isa{\isacommand{end}}}] concludes the current local theory and
5.212 + continues the enclosing global theory. Note that a non-local
5.213 + \mbox{\isa{\isacommand{end}}} has a different meaning: it concludes the theory
5.214 + itself (\secref{sec:begin-thy}).
5.215 +
5.216 + \item [\isa{{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}}] given after any local theory command
5.217 + specifies an immediate target, e.g.\ ``\mbox{\isa{\isacommand{definition}}}~\isa{{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}}'' or ``\mbox{\isa{\isacommand{theorem}}}~\isa{{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}}''. This works both in a local or
5.218 + global theory context; the current target context will be suspended
5.219 + for this command only. Note that \isa{{\isacharparenleft}{\isasymIN}\ {\isacharminus}{\isacharparenright}} will always
5.220 + produce a global result independently of the current target context.
5.221 +
5.222 + \end{descr}
5.223 +
5.224 + The exact meaning of results produced within a local theory context
5.225 + depends on the underlying target infrastructure (locale, type class
5.226 + etc.). The general idea is as follows, considering a context named
5.227 + \isa{c} with parameter \isa{x} and assumption \isa{A{\isacharbrackleft}x{\isacharbrackright}}.
5.228 +
5.229 + Definitions are exported by introducing a global version with
5.230 + additional arguments; a syntactic abbreviation links the long form
5.231 + with the abstract version of the target context. For example,
5.232 + \isa{a\ {\isasymequiv}\ t{\isacharbrackleft}x{\isacharbrackright}} becomes \isa{c{\isachardot}a\ {\isacharquery}x\ {\isasymequiv}\ t{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}} at the theory
5.233 + level (for arbitrary \isa{{\isacharquery}x}), together with a local
5.234 + abbreviation \isa{c\ {\isasymequiv}\ c{\isachardot}a\ x} in the target context (for the
5.235 + fixed parameter \isa{x}).
5.236 +
5.237 + Theorems are exported by discharging the assumptions and
5.238 + generalizing the parameters of the context. For example, \isa{a{\isacharcolon}\ B{\isacharbrackleft}x{\isacharbrackright}} becomes \isa{c{\isachardot}a{\isacharcolon}\ A{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}\ {\isasymLongrightarrow}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}} (again for arbitrary
5.239 + \isa{{\isacharquery}x}).%
5.240 +\end{isamarkuptext}%
5.241 +\isamarkuptrue%
5.242 +%
5.243 +\isamarkupsubsection{Locales \label{sec:locale}%
5.244 +}
5.245 +\isamarkuptrue%
5.246 +%
5.247 +\begin{isamarkuptext}%
5.248 +Locales are named local contexts, consisting of a list of
5.249 + declaration elements that are modeled after the Isar proof context
5.250 + commands (cf.\ \secref{sec:proof-context}).%
5.251 +\end{isamarkuptext}%
5.252 +\isamarkuptrue%
5.253 +%
5.254 +\isamarkupsubsubsection{Locale specifications%
5.255 +}
5.256 +\isamarkuptrue%
5.257 +%
5.258 +\begin{isamarkuptext}%
5.259 +\begin{matharray}{rcl}
5.260 + \indexdef{}{command}{locale}\mbox{\isa{\isacommand{locale}}} & : & \isartrans{theory}{local{\dsh}theory} \\
5.261 + \indexdef{}{command}{print-locale}\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.262 + \indexdef{}{command}{print-locales}\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.263 + \indexdef{}{method}{intro-locales}\mbox{\isa{intro{\isacharunderscore}locales}} & : & \isarmeth \\
5.264 + \indexdef{}{method}{unfold-locales}\mbox{\isa{unfold{\isacharunderscore}locales}} & : & \isarmeth \\
5.265 + \end{matharray}
5.266 +
5.267 + \indexouternonterm{contextexpr}\indexouternonterm{contextelem}
5.268 + \indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes}
5.269 + \indexisarelem{defines}\indexisarelem{notes}\indexisarelem{includes}
5.270 + \begin{rail}
5.271 + 'locale' ('(open)')? name ('=' localeexpr)? 'begin'?
5.272 + ;
5.273 + 'print\_locale' '!'? localeexpr
5.274 + ;
5.275 + localeexpr: ((contextexpr '+' (contextelem+)) | contextexpr | (contextelem+))
5.276 + ;
5.277 +
5.278 + contextexpr: nameref | '(' contextexpr ')' |
5.279 + (contextexpr (name mixfix? +)) | (contextexpr + '+')
5.280 + ;
5.281 + contextelem: fixes | constrains | assumes | defines | notes
5.282 + ;
5.283 + fixes: 'fixes' ((name ('::' type)? structmixfix? | vars) + 'and')
5.284 + ;
5.285 + constrains: 'constrains' (name '::' type + 'and')
5.286 + ;
5.287 + assumes: 'assumes' (thmdecl? props + 'and')
5.288 + ;
5.289 + defines: 'defines' (thmdecl? prop proppat? + 'and')
5.290 + ;
5.291 + notes: 'notes' (thmdef? thmrefs + 'and')
5.292 + ;
5.293 + includes: 'includes' contextexpr
5.294 + ;
5.295 + \end{rail}
5.296 +
5.297 + \begin{descr}
5.298 +
5.299 + \item [\mbox{\isa{\isacommand{locale}}}~\isa{loc\ {\isacharequal}\ import\ {\isacharplus}\ body}] defines a
5.300 + new locale \isa{loc} as a context consisting of a certain view of
5.301 + existing locales (\isa{import}) plus some additional elements
5.302 + (\isa{body}). Both \isa{import} and \isa{body} are optional;
5.303 + the degenerate form \mbox{\isa{\isacommand{locale}}}~\isa{loc} defines an empty
5.304 + locale, which may still be useful to collect declarations of facts
5.305 + later on. Type-inference on locale expressions automatically takes
5.306 + care of the most general typing that the combined context elements
5.307 + may acquire.
5.308 +
5.309 + The \isa{import} consists of a structured context expression,
5.310 + consisting of references to existing locales, renamed contexts, or
5.311 + merged contexts. Renaming uses positional notation: \isa{c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n} means that (a prefix of) the fixed
5.312 + parameters of context \isa{c} are named \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub n}; a ``\isa{{\isacharunderscore}}'' (underscore) means to skip that
5.313 + position. Renaming by default deletes concrete syntax, but new
5.314 + syntax may by specified with a mixfix annotation. An exeption of
5.315 + this rule is the special syntax declared with ``\isa{{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}}'' (see below), which is neither deleted nor can it
5.316 + be changed. Merging proceeds from left-to-right, suppressing any
5.317 + duplicates stemming from different paths through the import
5.318 + hierarchy.
5.319 +
5.320 + The \isa{body} consists of basic context elements, further context
5.321 + expressions may be included as well.
5.322 +
5.323 + \begin{descr}
5.324 +
5.325 + \item [\mbox{\isa{fixes}}~\isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isacharparenleft}mx{\isacharparenright}}] declares a local
5.326 + parameter of type \isa{{\isasymtau}} and mixfix annotation \isa{mx} (both
5.327 + are optional). The special syntax declaration ``\isa{{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}}'' means that \isa{x} may be referenced
5.328 + implicitly in this context.
5.329 +
5.330 + \item [\mbox{\isa{constrains}}~\isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}] introduces a type
5.331 + constraint \isa{{\isasymtau}} on the local parameter \isa{x}.
5.332 +
5.333 + \item [\mbox{\isa{assumes}}~\isa{a{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n}]
5.334 + introduces local premises, similar to \mbox{\isa{\isacommand{assume}}} within a
5.335 + proof (cf.\ \secref{sec:proof-context}).
5.336 +
5.337 + \item [\mbox{\isa{defines}}~\isa{a{\isacharcolon}\ x\ {\isasymequiv}\ t}] defines a previously
5.338 + declared parameter. This is close to \mbox{\isa{\isacommand{def}}} within a
5.339 + proof (cf.\ \secref{sec:proof-context}), but \mbox{\isa{defines}}
5.340 + takes an equational proposition instead of variable-term pair. The
5.341 + left-hand side of the equation may have additional arguments, e.g.\
5.342 + ``\mbox{\isa{defines}}~\isa{f\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ t}''.
5.343 +
5.344 + \item [\mbox{\isa{notes}}~\isa{a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}]
5.345 + reconsiders facts within a local context. Most notably, this may
5.346 + include arbitrary declarations in any attribute specifications
5.347 + included here, e.g.\ a local \mbox{\isa{simp}} rule.
5.348 +
5.349 + \item [\mbox{\isa{includes}}~\isa{c}] copies the specified context
5.350 + in a statically scoped manner. Only available in the long goal
5.351 + format of \secref{sec:goals}.
5.352 +
5.353 + In contrast, the initial \isa{import} specification of a locale
5.354 + expression maintains a dynamic relation to the locales being
5.355 + referenced (benefiting from any later fact declarations in the
5.356 + obvious manner).
5.357 +
5.358 + \end{descr}
5.359 +
5.360 + Note that ``\isa{{\isacharparenleft}{\isasymIS}\ p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub n{\isacharparenright}}'' patterns given
5.361 + in the syntax of \mbox{\isa{assumes}} and \mbox{\isa{defines}} above
5.362 + are illegal in locale definitions. In the long goal format of
5.363 + \secref{sec:goals}, term bindings may be included as expected,
5.364 + though.
5.365 +
5.366 + \medskip By default, locale specifications are ``closed up'' by
5.367 + turning the given text into a predicate definition \isa{loc{\isacharunderscore}axioms} and deriving the original assumptions as local lemmas
5.368 + (modulo local definitions). The predicate statement covers only the
5.369 + newly specified assumptions, omitting the content of included locale
5.370 + expressions. The full cumulative view is only provided on export,
5.371 + involving another predicate \isa{loc} that refers to the complete
5.372 + specification text.
5.373 +
5.374 + In any case, the predicate arguments are those locale parameters
5.375 + that actually occur in the respective piece of text. Also note that
5.376 + these predicates operate at the meta-level in theory, but the locale
5.377 + packages attempts to internalize statements according to the
5.378 + object-logic setup (e.g.\ replacing \isa{{\isasymAnd}} by \isa{{\isasymforall}}, and
5.379 + \isa{{\isasymLongrightarrow}} by \isa{{\isasymlongrightarrow}} in HOL; see also
5.380 + \secref{sec:object-logic}). Separate introduction rules \isa{loc{\isacharunderscore}axioms{\isachardot}intro} and \isa{loc{\isachardot}intro} are provided as well.
5.381 +
5.382 + The \isa{{\isacharparenleft}open{\isacharparenright}} option of a locale specification prevents both
5.383 + the current \isa{loc{\isacharunderscore}axioms} and cumulative \isa{loc} predicate
5.384 + constructions. Predicates are also omitted for empty specification
5.385 + texts.
5.386 +
5.387 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}~\isa{import\ {\isacharplus}\ body}] prints the
5.388 + specified locale expression in a flattened form. The notable
5.389 + special case \mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}~\isa{loc} just prints the
5.390 + contents of the named locale, but keep in mind that type-inference
5.391 + will normalize type variables according to the usual alphabetical
5.392 + order. The command omits \mbox{\isa{notes}} elements by default.
5.393 + Use \mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}\isa{{\isacharbang}} to get them included.
5.394 +
5.395 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}] prints the names of all locales
5.396 + of the current theory.
5.397 +
5.398 + \item [\mbox{\isa{intro{\isacharunderscore}locales}} and \mbox{\isa{unfold{\isacharunderscore}locales}}]
5.399 + repeatedly expand all introduction rules of locale predicates of the
5.400 + theory. While \mbox{\isa{intro{\isacharunderscore}locales}} only applies the \isa{loc{\isachardot}intro} introduction rules and therefore does not decend to
5.401 + assumptions, \mbox{\isa{unfold{\isacharunderscore}locales}} is more aggressive and applies
5.402 + \isa{loc{\isacharunderscore}axioms{\isachardot}intro} as well. Both methods are aware of locale
5.403 + specifications entailed by the context, both from target and
5.404 + \mbox{\isa{includes}} statements, and from interpretations (see
5.405 + below). New goals that are entailed by the current context are
5.406 + discharged automatically.
5.407 +
5.408 + \end{descr}%
5.409 +\end{isamarkuptext}%
5.410 +\isamarkuptrue%
5.411 +%
5.412 +\isamarkupsubsubsection{Interpretation of locales%
5.413 +}
5.414 +\isamarkuptrue%
5.415 +%
5.416 +\begin{isamarkuptext}%
5.417 +Locale expressions (more precisely, \emph{context expressions}) may
5.418 + be instantiated, and the instantiated facts added to the current
5.419 + context. This requires a proof of the instantiated specification
5.420 + and is called \emph{locale interpretation}. Interpretation is
5.421 + possible in theories and locales (command \mbox{\isa{\isacommand{interpretation}}}) and also within a proof body (\mbox{\isa{\isacommand{interpret}}}).
5.422 +
5.423 + \begin{matharray}{rcl}
5.424 + \indexdef{}{command}{interpretation}\mbox{\isa{\isacommand{interpretation}}} & : & \isartrans{theory}{proof(prove)} \\
5.425 + \indexdef{}{command}{interpret}\mbox{\isa{\isacommand{interpret}}} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
5.426 + \indexdef{}{command}{print-interps}\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.427 + \end{matharray}
5.428 +
5.429 + \indexouternonterm{interp}
5.430 + \begin{rail}
5.431 + 'interpretation' (interp | name ('<' | subseteq) contextexpr)
5.432 + ;
5.433 + 'interpret' interp
5.434 + ;
5.435 + 'print\_interps' '!'? name
5.436 + ;
5.437 + instantiation: ('[' (inst+) ']')?
5.438 + ;
5.439 + interp: thmdecl? \\ (contextexpr instantiation |
5.440 + name instantiation 'where' (thmdecl? prop + 'and'))
5.441 + ;
5.442 + \end{rail}
5.443 +
5.444 + \begin{descr}
5.445 +
5.446 + \item [\mbox{\isa{\isacommand{interpretation}}}~\isa{expr\ insts\ {\isasymWHERE}\ eqns}]
5.447 +
5.448 + The first form of \mbox{\isa{\isacommand{interpretation}}} interprets \isa{expr} in the theory. The instantiation is given as a list of terms
5.449 + \isa{insts} and is positional. All parameters must receive an
5.450 + instantiation term --- with the exception of defined parameters.
5.451 + These are, if omitted, derived from the defining equation and other
5.452 + instantiations. Use ``\isa{{\isacharunderscore}}'' to omit an instantiation term.
5.453 + Free variables are automatically generalized.
5.454 +
5.455 + The command generates proof obligations for the instantiated
5.456 + specifications (assumes and defines elements). Once these are
5.457 + discharged by the user, instantiated facts are added to the theory
5.458 + in a post-processing phase.
5.459 +
5.460 + Additional equations, which are unfolded in facts during
5.461 + post-processing, may be given after the keyword \mbox{\isa{\isakeyword{where}}}.
5.462 + This is useful for interpreting concepts introduced through
5.463 + definition specification elements. The equations must be proved.
5.464 + Note that if equations are present, the context expression is
5.465 + restricted to a locale name.
5.466 +
5.467 + The command is aware of interpretations already active in the
5.468 + theory. No proof obligations are generated for those, neither is
5.469 + post-processing applied to their facts. This avoids duplication of
5.470 + interpreted facts, in particular. Note that, in the case of a
5.471 + locale with import, parts of the interpretation may already be
5.472 + active. The command will only generate proof obligations and
5.473 + process facts for new parts.
5.474 +
5.475 + The context expression may be preceded by a name and/or attributes.
5.476 + These take effect in the post-processing of facts. The name is used
5.477 + to prefix fact names, for example to avoid accidental hiding of
5.478 + other facts. Attributes are applied after attributes of the
5.479 + interpreted facts.
5.480 +
5.481 + Adding facts to locales has the effect of adding interpreted facts
5.482 + to the theory for all active interpretations also. That is,
5.483 + interpretations dynamically participate in any facts added to
5.484 + locales.
5.485 +
5.486 + \item [\mbox{\isa{\isacommand{interpretation}}}~\isa{name\ {\isasymsubseteq}\ expr}]
5.487 +
5.488 + This form of the command interprets \isa{expr} in the locale
5.489 + \isa{name}. It requires a proof that the specification of \isa{name} implies the specification of \isa{expr}. As in the
5.490 + localized version of the theorem command, the proof is in the
5.491 + context of \isa{name}. After the proof obligation has been
5.492 + dischared, the facts of \isa{expr} become part of locale \isa{name} as \emph{derived} context elements and are available when the
5.493 + context \isa{name} is subsequently entered. Note that, like
5.494 + import, this is dynamic: facts added to a locale part of \isa{expr} after interpretation become also available in \isa{name}.
5.495 + Like facts of renamed context elements, facts obtained by
5.496 + interpretation may be accessed by prefixing with the parameter
5.497 + renaming (where the parameters are separated by ``\isa{{\isacharunderscore}}'').
5.498 +
5.499 + Unlike interpretation in theories, instantiation is confined to the
5.500 + renaming of parameters, which may be specified as part of the
5.501 + context expression \isa{expr}. Using defined parameters in \isa{name} one may achieve an effect similar to instantiation, though.
5.502 +
5.503 + Only specification fragments of \isa{expr} that are not already
5.504 + part of \isa{name} (be it imported, derived or a derived fragment
5.505 + of the import) are considered by interpretation. This enables
5.506 + circular interpretations.
5.507 +
5.508 + If interpretations of \isa{name} exist in the current theory, the
5.509 + command adds interpretations for \isa{expr} as well, with the same
5.510 + prefix and attributes, although only for fragments of \isa{expr}
5.511 + that are not interpreted in the theory already.
5.512 +
5.513 + \item [\mbox{\isa{\isacommand{interpret}}}~\isa{expr\ insts\ {\isasymWHERE}\ eqns}]
5.514 + interprets \isa{expr} in the proof context and is otherwise
5.515 + similar to interpretation in theories. Free variables in
5.516 + instantiations are not generalized, however.
5.517 +
5.518 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}~\isa{loc}] prints the
5.519 + interpretations of a particular locale \isa{loc} that are active
5.520 + in the current context, either theory or proof context. The
5.521 + exclamation point argument triggers printing of \emph{witness}
5.522 + theorems justifying interpretations. These are normally omitted
5.523 + from the output.
5.524 +
5.525 + \end{descr}
5.526 +
5.527 + \begin{warn}
5.528 + Since attributes are applied to interpreted theorems,
5.529 + interpretation may modify the context of common proof tools, e.g.\
5.530 + the Simplifier or Classical Reasoner. Since the behavior of such
5.531 + automated reasoning tools is \emph{not} stable under
5.532 + interpretation morphisms, manual declarations might have to be
5.533 + issued.
5.534 + \end{warn}
5.535 +
5.536 + \begin{warn}
5.537 + An interpretation in a theory may subsume previous
5.538 + interpretations. This happens if the same specification fragment
5.539 + is interpreted twice and the instantiation of the second
5.540 + interpretation is more general than the interpretation of the
5.541 + first. A warning is issued, since it is likely that these could
5.542 + have been generalized in the first place. The locale package does
5.543 + not attempt to remove subsumed interpretations.
5.544 + \end{warn}%
5.545 +\end{isamarkuptext}%
5.546 +\isamarkuptrue%
5.547 +%
5.548 +\isamarkupsubsection{Classes \label{sec:class}%
5.549 +}
5.550 +\isamarkuptrue%
5.551 +%
5.552 +\begin{isamarkuptext}%
5.553 +A class is a particular locale with \emph{exactly one} type variable
5.554 + \isa{{\isasymalpha}}. Beyond the underlying locale, a corresponding type class
5.555 + is established which is interpreted logically as axiomatic type
5.556 + class \cite{Wenzel:1997:TPHOL} whose logical content are the
5.557 + assumptions of the locale. Thus, classes provide the full
5.558 + generality of locales combined with the commodity of type classes
5.559 + (notably type-inference). See \cite{isabelle-classes} for a short
5.560 + tutorial.
5.561 +
5.562 + \begin{matharray}{rcl}
5.563 + \indexdef{}{command}{class}\mbox{\isa{\isacommand{class}}} & : & \isartrans{theory}{local{\dsh}theory} \\
5.564 + \indexdef{}{command}{instantiation}\mbox{\isa{\isacommand{instantiation}}} & : & \isartrans{theory}{local{\dsh}theory} \\
5.565 + \indexdef{}{command}{instance}\mbox{\isa{\isacommand{instance}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
5.566 + \indexdef{}{command}{subclass}\mbox{\isa{\isacommand{subclass}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
5.567 + \indexdef{}{command}{print-classes}\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.568 + \indexdef{}{method}{intro-classes}\mbox{\isa{intro{\isacharunderscore}classes}} & : & \isarmeth \\
5.569 + \end{matharray}
5.570 +
5.571 + \begin{rail}
5.572 + 'class' name '=' ((superclassexpr '+' (contextelem+)) | superclassexpr | (contextelem+)) \\
5.573 + 'begin'?
5.574 + ;
5.575 + 'instantiation' (nameref + 'and') '::' arity 'begin'
5.576 + ;
5.577 + 'instance'
5.578 + ;
5.579 + 'subclass' target? nameref
5.580 + ;
5.581 + 'print\_classes'
5.582 + ;
5.583 +
5.584 + superclassexpr: nameref | (nameref '+' superclassexpr)
5.585 + ;
5.586 + \end{rail}
5.587 +
5.588 + \begin{descr}
5.589 +
5.590 + \item [\mbox{\isa{\isacommand{class}}}~\isa{c\ {\isacharequal}\ superclasses\ {\isacharplus}\ body}] defines
5.591 + a new class \isa{c}, inheriting from \isa{superclasses}. This
5.592 + introduces a locale \isa{c} with import of all locales \isa{superclasses}.
5.593 +
5.594 + Any \mbox{\isa{fixes}} in \isa{body} are lifted to the global
5.595 + theory level (\emph{class operations} \isa{f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n} of class \isa{c}), mapping the local type parameter
5.596 + \isa{{\isasymalpha}} to a schematic type variable \isa{{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c}.
5.597 +
5.598 + Likewise, \mbox{\isa{assumes}} in \isa{body} are also lifted,
5.599 + mapping each local parameter \isa{f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} to its
5.600 + corresponding global constant \isa{f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}}. The
5.601 + corresponding introduction rule is provided as \isa{c{\isacharunderscore}class{\isacharunderscore}axioms{\isachardot}intro}. This rule should be rarely needed directly
5.602 + --- the \mbox{\isa{intro{\isacharunderscore}classes}} method takes care of the details of
5.603 + class membership proofs.
5.604 +
5.605 + \item [\mbox{\isa{\isacommand{instantiation}}}~\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s\ {\isasymBEGIN}}] opens a theory target (cf.\
5.606 + \secref{sec:target}) which allows to specify class operations \isa{f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n} corresponding to sort \isa{s} at the
5.607 + particular type instance \isa{{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub n{\isacharparenright}\ t}. An plain \mbox{\isa{\isacommand{instance}}} command
5.608 + in the target body poses a goal stating these type arities. The
5.609 + target is concluded by an \indexref{}{command}{end}\mbox{\isa{\isacommand{end}}} command.
5.610 +
5.611 + Note that a list of simultaneous type constructors may be given;
5.612 + this corresponds nicely to mutual recursive type definitions, e.g.\
5.613 + in Isabelle/HOL.
5.614 +
5.615 + \item [\mbox{\isa{\isacommand{instance}}}] in an instantiation target body sets
5.616 + up a goal stating the type arities claimed at the opening \mbox{\isa{\isacommand{instantiation}}}. The proof would usually proceed by \mbox{\isa{intro{\isacharunderscore}classes}}, and then establish the characteristic theorems of
5.617 + the type classes involved. After finishing the proof, the
5.618 + background theory will be augmented by the proven type arities.
5.619 +
5.620 + \item [\mbox{\isa{\isacommand{subclass}}}~\isa{c}] in a class context for class
5.621 + \isa{d} sets up a goal stating that class \isa{c} is logically
5.622 + contained in class \isa{d}. After finishing the proof, class
5.623 + \isa{d} is proven to be subclass \isa{c} and the locale \isa{c} is interpreted into \isa{d} simultaneously.
5.624 +
5.625 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}] prints all classes in the current
5.626 + theory.
5.627 +
5.628 + \item [\mbox{\isa{intro{\isacharunderscore}classes}}] repeatedly expands all class
5.629 + introduction rules of this theory. Note that this method usually
5.630 + needs not be named explicitly, as it is already included in the
5.631 + default proof step (e.g.\ of \mbox{\isa{\isacommand{proof}}}). In particular,
5.632 + instantiation of trivial (syntactic) classes may be performed by a
5.633 + single ``\mbox{\isa{\isacommand{{\isachardot}{\isachardot}}}}'' proof step.
5.634 +
5.635 + \end{descr}%
5.636 +\end{isamarkuptext}%
5.637 +\isamarkuptrue%
5.638 +%
5.639 +\isamarkupsubsubsection{The class target%
5.640 +}
5.641 +\isamarkuptrue%
5.642 +%
5.643 +\begin{isamarkuptext}%
5.644 +%FIXME check
5.645 +
5.646 + A named context may refer to a locale (cf.\ \secref{sec:target}).
5.647 + If this locale is also a class \isa{c}, apart from the common
5.648 + locale target behaviour the following happens.
5.649 +
5.650 + \begin{itemize}
5.651 +
5.652 + \item Local constant declarations \isa{g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} referring to the
5.653 + local type parameter \isa{{\isasymalpha}} and local parameters \isa{f{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}}
5.654 + are accompanied by theory-level constants \isa{g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}}
5.655 + referring to theory-level class operations \isa{f{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}}.
5.656 +
5.657 + \item Local theorem bindings are lifted as are assumptions.
5.658 +
5.659 + \item Local syntax refers to local operations \isa{g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} and
5.660 + global operations \isa{g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}} uniformly. Type inference
5.661 + resolves ambiguities. In rare cases, manual type annotations are
5.662 + needed.
5.663 +
5.664 + \end{itemize}%
5.665 +\end{isamarkuptext}%
5.666 +\isamarkuptrue%
5.667 +%
5.668 +\isamarkupsubsection{Axiomatic type classes \label{sec:axclass}%
5.669 +}
5.670 +\isamarkuptrue%
5.671 +%
5.672 +\begin{isamarkuptext}%
5.673 +\begin{matharray}{rcl}
5.674 + \indexdef{}{command}{axclass}\mbox{\isa{\isacommand{axclass}}} & : & \isartrans{theory}{theory} \\
5.675 + \indexdef{}{command}{instance}\mbox{\isa{\isacommand{instance}}} & : & \isartrans{theory}{proof(prove)} \\
5.676 + \end{matharray}
5.677 +
5.678 + Axiomatic type classes are Isabelle/Pure's primitive
5.679 + \emph{definitional} interface to type classes. For practical
5.680 + applications, you should consider using classes
5.681 + (cf.~\secref{sec:classes}) which provide high level interface.
5.682 +
5.683 + \begin{rail}
5.684 + 'axclass' classdecl (axmdecl prop +)
5.685 + ;
5.686 + 'instance' (nameref ('<' | subseteq) nameref | nameref '::' arity)
5.687 + ;
5.688 + \end{rail}
5.689 +
5.690 + \begin{descr}
5.691 +
5.692 + \item [\mbox{\isa{\isacommand{axclass}}}~\isa{c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ axms}] defines an axiomatic type class as the intersection of
5.693 + existing classes, with additional axioms holding. Class axioms may
5.694 + not contain more than one type variable. The class axioms (with
5.695 + implicit sort constraints added) are bound to the given names.
5.696 + Furthermore a class introduction rule is generated (being bound as
5.697 + \isa{c{\isacharunderscore}class{\isachardot}intro}); this rule is employed by method \mbox{\isa{intro{\isacharunderscore}classes}} to support instantiation proofs of this class.
5.698 +
5.699 + The ``class axioms'' are stored as theorems according to the given
5.700 + name specifications, adding \isa{c{\isacharunderscore}class} as name space prefix;
5.701 + the same facts are also stored collectively as \isa{c{\isacharunderscore}class{\isachardot}axioms}.
5.702 +
5.703 + \item [\mbox{\isa{\isacommand{instance}}}~\isa{c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}} and
5.704 + \mbox{\isa{\isacommand{instance}}}~\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s}]
5.705 + setup a goal stating a class relation or type arity. The proof
5.706 + would usually proceed by \mbox{\isa{intro{\isacharunderscore}classes}}, and then establish
5.707 + the characteristic theorems of the type classes involved. After
5.708 + finishing the proof, the theory will be augmented by a type
5.709 + signature declaration corresponding to the resulting theorem.
5.710 +
5.711 + \end{descr}%
5.712 +\end{isamarkuptext}%
5.713 +\isamarkuptrue%
5.714 +%
5.715 +\isamarkupsubsection{Arbitrary overloading%
5.716 +}
5.717 +\isamarkuptrue%
5.718 +%
5.719 +\begin{isamarkuptext}%
5.720 +Isabelle/Pure's definitional schemes support certain forms of
5.721 + overloading (see \secref{sec:consts}). At most occassions
5.722 + overloading will be used in a Haskell-like fashion together with
5.723 + type classes by means of \mbox{\isa{\isacommand{instantiation}}} (see
5.724 + \secref{sec:class}). Sometimes low-level overloading is desirable.
5.725 + The \mbox{\isa{\isacommand{overloading}}} target provides a convenient view for
5.726 + end-users.
5.727 +
5.728 + \begin{matharray}{rcl}
5.729 + \indexdef{}{command}{overloading}\mbox{\isa{\isacommand{overloading}}} & : & \isartrans{theory}{local{\dsh}theory} \\
5.730 + \end{matharray}
5.731 +
5.732 + \begin{rail}
5.733 + 'overloading' \\
5.734 + ( string ( '==' | equiv ) term ( '(' 'unchecked' ')' )? + ) 'begin'
5.735 + \end{rail}
5.736 +
5.737 + \begin{descr}
5.738 +
5.739 + \item [\mbox{\isa{\isacommand{overloading}}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymequiv}\ c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub {\isadigit{1}}\ {\isasymAND}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub n{\isacharbraceright}\ {\isasymBEGIN}}]
5.740 + opens a theory target (cf.\ \secref{sec:target}) which allows to
5.741 + specify constants with overloaded definitions. These are identified
5.742 + by an explicitly given mapping from variable names \isa{x\isactrlsub i} to constants \isa{c\isactrlsub i} at particular type
5.743 + instances. The definitions themselves are established using common
5.744 + specification tools, using the names \isa{x\isactrlsub i} as
5.745 + reference to the corresponding constants. The target is concluded
5.746 + by \mbox{\isa{\isacommand{end}}}.
5.747 +
5.748 + A \isa{{\isacharparenleft}unchecked{\isacharparenright}} option disables global dependency checks for
5.749 + the corresponding definition, which is occasionally useful for
5.750 + exotic overloading. It is at the discretion of the user to avoid
5.751 + malformed theory specifications!
5.752 +
5.753 + \end{descr}%
5.754 +\end{isamarkuptext}%
5.755 +\isamarkuptrue%
5.756 +%
5.757 +\isamarkupsubsection{Configuration options%
5.758 +}
5.759 +\isamarkuptrue%
5.760 +%
5.761 +\begin{isamarkuptext}%
5.762 +Isabelle/Pure maintains a record of named configuration options
5.763 + within the theory or proof context, with values of type \verb|bool|, \verb|int|, or \verb|string|. Tools may declare
5.764 + options in ML, and then refer to these values (relative to the
5.765 + context). Thus global reference variables are easily avoided. The
5.766 + user may change the value of a configuration option by means of an
5.767 + associated attribute of the same name. This form of context
5.768 + declaration works particularly well with commands such as \mbox{\isa{\isacommand{declare}}} or \mbox{\isa{\isacommand{using}}}.
5.769 +
5.770 + For historical reasons, some tools cannot take the full proof
5.771 + context into account and merely refer to the background theory.
5.772 + This is accommodated by configuration options being declared as
5.773 + ``global'', which may not be changed within a local context.
5.774 +
5.775 + \begin{matharray}{rcll}
5.776 + \indexdef{}{command}{print-configs}\mbox{\isa{\isacommand{print{\isacharunderscore}configs}}} & : & \isarkeep{theory~|~proof} \\
5.777 + \end{matharray}
5.778 +
5.779 + \begin{rail}
5.780 + name ('=' ('true' | 'false' | int | name))?
5.781 + \end{rail}
5.782 +
5.783 + \begin{descr}
5.784 +
5.785 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}configs}}}] prints the available
5.786 + configuration options, with names, types, and current values.
5.787 +
5.788 + \item [\isa{name\ {\isacharequal}\ value}] as an attribute expression modifies
5.789 + the named option, with the syntax of the value depending on the
5.790 + option's type. For \verb|bool| the default value is \isa{true}. Any attempt to change a global option in a local context is
5.791 + ignored.
5.792 +
5.793 + \end{descr}%
5.794 +\end{isamarkuptext}%
5.795 +\isamarkuptrue%
5.796 +%
5.797 +\isamarkupsection{Derived proof schemes%
5.798 +}
5.799 +\isamarkuptrue%
5.800 +%
5.801 +\isamarkupsubsection{Generalized elimination \label{sec:obtain}%
5.802 +}
5.803 +\isamarkuptrue%
5.804 +%
5.805 +\begin{isamarkuptext}%
5.806 +\begin{matharray}{rcl}
5.807 + \indexdef{}{command}{obtain}\mbox{\isa{\isacommand{obtain}}} & : & \isartrans{proof(state)}{proof(prove)} \\
5.808 + \indexdef{}{command}{guess}\mbox{\isa{\isacommand{guess}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isartrans{proof(state)}{proof(prove)} \\
5.809 + \end{matharray}
5.810 +
5.811 + Generalized elimination means that additional elements with certain
5.812 + properties may be introduced in the current context, by virtue of a
5.813 + locally proven ``soundness statement''. Technically speaking, the
5.814 + \mbox{\isa{\isacommand{obtain}}} language element is like a declaration of
5.815 + \mbox{\isa{\isacommand{fix}}} and \mbox{\isa{\isacommand{assume}}} (see also see
5.816 + \secref{sec:proof-context}), together with a soundness proof of its
5.817 + additional claim. According to the nature of existential reasoning,
5.818 + assumptions get eliminated from any result exported from the context
5.819 + later, provided that the corresponding parameters do \emph{not}
5.820 + occur in the conclusion.
5.821 +
5.822 + \begin{rail}
5.823 + 'obtain' parname? (vars + 'and') 'where' (props + 'and')
5.824 + ;
5.825 + 'guess' (vars + 'and')
5.826 + ;
5.827 + \end{rail}
5.828 +
5.829 + The derived Isar command \mbox{\isa{\isacommand{obtain}}} is defined as follows
5.830 + (where \isa{b\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ b\isactrlsub k} shall refer to (optional)
5.831 + facts indicated for forward chaining).
5.832 + \begin{matharray}{l}
5.833 + \isa{{\isasymlangle}facts\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub k{\isasymrangle}} \\
5.834 + \mbox{\isa{\isacommand{obtain}}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m\ {\isasymWHERE}\ a{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ \ {\isasymlangle}proof{\isasymrangle}\ {\isasymequiv}} \\[1ex]
5.835 + \quad \mbox{\isa{\isacommand{have}}}~\isa{{\isasymAnd}thesis{\isachardot}\ {\isacharparenleft}{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ thesis{\isacharparenright}\ {\isasymLongrightarrow}\ thesis} \\
5.836 + \quad \mbox{\isa{\isacommand{proof}}}~\isa{succeed} \\
5.837 + \qquad \mbox{\isa{\isacommand{fix}}}~\isa{thesis} \\
5.838 + \qquad \mbox{\isa{\isacommand{assume}}}~\isa{that\ {\isacharbrackleft}Pure{\isachardot}intro{\isacharquery}{\isacharbrackright}{\isacharcolon}\ {\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ thesis} \\
5.839 + \qquad \mbox{\isa{\isacommand{then}}}~\mbox{\isa{\isacommand{show}}}~\isa{thesis} \\
5.840 + \quad\qquad \mbox{\isa{\isacommand{apply}}}~\isa{{\isacharminus}} \\
5.841 + \quad\qquad \mbox{\isa{\isacommand{using}}}~\isa{b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub k\ \ {\isasymlangle}proof{\isasymrangle}} \\
5.842 + \quad \mbox{\isa{\isacommand{qed}}} \\
5.843 + \quad \mbox{\isa{\isacommand{fix}}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m}~\mbox{\isa{\isacommand{assume}}}\isa{\isactrlsup {\isacharasterisk}\ a{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n} \\
5.844 + \end{matharray}
5.845 +
5.846 + Typically, the soundness proof is relatively straight-forward, often
5.847 + just by canonical automated tools such as ``\mbox{\isa{\isacommand{by}}}~\isa{simp}'' or ``\mbox{\isa{\isacommand{by}}}~\isa{blast}''. Accordingly, the
5.848 + ``\isa{that}'' reduction above is declared as simplification and
5.849 + introduction rule.
5.850 +
5.851 + In a sense, \mbox{\isa{\isacommand{obtain}}} represents at the level of Isar
5.852 + proofs what would be meta-logical existential quantifiers and
5.853 + conjunctions. This concept has a broad range of useful
5.854 + applications, ranging from plain elimination (or introduction) of
5.855 + object-level existential and conjunctions, to elimination over
5.856 + results of symbolic evaluation of recursive definitions, for
5.857 + example. Also note that \mbox{\isa{\isacommand{obtain}}} without parameters acts
5.858 + much like \mbox{\isa{\isacommand{have}}}, where the result is treated as a
5.859 + genuine assumption.
5.860 +
5.861 + An alternative name to be used instead of ``\isa{that}'' above may
5.862 + be given in parentheses.
5.863 +
5.864 + \medskip The improper variant \mbox{\isa{\isacommand{guess}}} is similar to
5.865 + \mbox{\isa{\isacommand{obtain}}}, but derives the obtained statement from the
5.866 + course of reasoning! The proof starts with a fixed goal \isa{thesis}. The subsequent proof may refine this to anything of the
5.867 + form like \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ thesis}, but must not introduce new subgoals. The
5.868 + final goal state is then used as reduction rule for the obtain
5.869 + scheme described above. Obtained parameters \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m} are marked as internal by default, which prevents the
5.870 + proof context from being polluted by ad-hoc variables. The variable
5.871 + names and type constraints given as arguments for \mbox{\isa{\isacommand{guess}}}
5.872 + specify a prefix of obtained parameters explicitly in the text.
5.873 +
5.874 + It is important to note that the facts introduced by \mbox{\isa{\isacommand{obtain}}} and \mbox{\isa{\isacommand{guess}}} may not be polymorphic: any
5.875 + type-variables occurring here are fixed in the present context!%
5.876 +\end{isamarkuptext}%
5.877 +\isamarkuptrue%
5.878 +%
5.879 +\isamarkupsubsection{Calculational reasoning \label{sec:calculation}%
5.880 +}
5.881 +\isamarkuptrue%
5.882 +%
5.883 +\begin{isamarkuptext}%
5.884 +\begin{matharray}{rcl}
5.885 + \indexdef{}{command}{also}\mbox{\isa{\isacommand{also}}} & : & \isartrans{proof(state)}{proof(state)} \\
5.886 + \indexdef{}{command}{finally}\mbox{\isa{\isacommand{finally}}} & : & \isartrans{proof(state)}{proof(chain)} \\
5.887 + \indexdef{}{command}{moreover}\mbox{\isa{\isacommand{moreover}}} & : & \isartrans{proof(state)}{proof(state)} \\
5.888 + \indexdef{}{command}{ultimately}\mbox{\isa{\isacommand{ultimately}}} & : & \isartrans{proof(state)}{proof(chain)} \\
5.889 + \indexdef{}{command}{print-trans-rules}\mbox{\isa{\isacommand{print{\isacharunderscore}trans{\isacharunderscore}rules}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.890 + \mbox{\isa{trans}} & : & \isaratt \\
5.891 + \mbox{\isa{sym}} & : & \isaratt \\
5.892 + \mbox{\isa{symmetric}} & : & \isaratt \\
5.893 + \end{matharray}
5.894 +
5.895 + Calculational proof is forward reasoning with implicit application
5.896 + of transitivity rules (such those of \isa{{\isacharequal}}, \isa{{\isasymle}},
5.897 + \isa{{\isacharless}}). Isabelle/Isar maintains an auxiliary fact register
5.898 + \indexref{}{fact}{calculation}\mbox{\isa{calculation}} for accumulating results obtained by
5.899 + transitivity composed with the current result. Command \mbox{\isa{\isacommand{also}}} updates \mbox{\isa{calculation}} involving \mbox{\isa{this}}, while
5.900 + \mbox{\isa{\isacommand{finally}}} exhibits the final \mbox{\isa{calculation}} by
5.901 + forward chaining towards the next goal statement. Both commands
5.902 + require valid current facts, i.e.\ may occur only after commands
5.903 + that produce theorems such as \mbox{\isa{\isacommand{assume}}}, \mbox{\isa{\isacommand{note}}}, or some finished proof of \mbox{\isa{\isacommand{have}}}, \mbox{\isa{\isacommand{show}}} etc. The \mbox{\isa{\isacommand{moreover}}} and \mbox{\isa{\isacommand{ultimately}}}
5.904 + commands are similar to \mbox{\isa{\isacommand{also}}} and \mbox{\isa{\isacommand{finally}}},
5.905 + but only collect further results in \mbox{\isa{calculation}} without
5.906 + applying any rules yet.
5.907 +
5.908 + Also note that the implicit term abbreviation ``\isa{{\isasymdots}}'' has
5.909 + its canonical application with calculational proofs. It refers to
5.910 + the argument of the preceding statement. (The argument of a curried
5.911 + infix expression happens to be its right-hand side.)
5.912 +
5.913 + Isabelle/Isar calculations are implicitly subject to block structure
5.914 + in the sense that new threads of calculational reasoning are
5.915 + commenced for any new block (as opened by a local goal, for
5.916 + example). This means that, apart from being able to nest
5.917 + calculations, there is no separate \emph{begin-calculation} command
5.918 + required.
5.919 +
5.920 + \medskip The Isar calculation proof commands may be defined as
5.921 + follows:\footnote{We suppress internal bookkeeping such as proper
5.922 + handling of block-structure.}
5.923 +
5.924 + \begin{matharray}{rcl}
5.925 + \mbox{\isa{\isacommand{also}}}\isa{\isactrlsub {\isadigit{0}}} & \equiv & \mbox{\isa{\isacommand{note}}}~\isa{calculation\ {\isacharequal}\ this} \\
5.926 + \mbox{\isa{\isacommand{also}}}\isa{\isactrlsub n\isactrlsub {\isacharplus}\isactrlsub {\isadigit{1}}} & \equiv & \mbox{\isa{\isacommand{note}}}~\isa{calculation\ {\isacharequal}\ trans\ {\isacharbrackleft}OF\ calculation\ this{\isacharbrackright}} \\[0.5ex]
5.927 + \mbox{\isa{\isacommand{finally}}} & \equiv & \mbox{\isa{\isacommand{also}}}~\mbox{\isa{\isacommand{from}}}~\isa{calculation} \\[0.5ex]
5.928 + \mbox{\isa{\isacommand{moreover}}} & \equiv & \mbox{\isa{\isacommand{note}}}~\isa{calculation\ {\isacharequal}\ calculation\ this} \\
5.929 + \mbox{\isa{\isacommand{ultimately}}} & \equiv & \mbox{\isa{\isacommand{moreover}}}~\mbox{\isa{\isacommand{from}}}~\isa{calculation} \\
5.930 + \end{matharray}
5.931 +
5.932 + \begin{rail}
5.933 + ('also' | 'finally') ('(' thmrefs ')')?
5.934 + ;
5.935 + 'trans' (() | 'add' | 'del')
5.936 + ;
5.937 + \end{rail}
5.938 +
5.939 + \begin{descr}
5.940 +
5.941 + \item [\mbox{\isa{\isacommand{also}}}~\isa{{\isacharparenleft}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharparenright}}]
5.942 + maintains the auxiliary \mbox{\isa{calculation}} register as follows.
5.943 + The first occurrence of \mbox{\isa{\isacommand{also}}} in some calculational
5.944 + thread initializes \mbox{\isa{calculation}} by \mbox{\isa{this}}. Any
5.945 + subsequent \mbox{\isa{\isacommand{also}}} on the same level of block-structure
5.946 + updates \mbox{\isa{calculation}} by some transitivity rule applied to
5.947 + \mbox{\isa{calculation}} and \mbox{\isa{this}} (in that order). Transitivity
5.948 + rules are picked from the current context, unless alternative rules
5.949 + are given as explicit arguments.
5.950 +
5.951 + \item [\mbox{\isa{\isacommand{finally}}}~\isa{{\isacharparenleft}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharparenright}}]
5.952 + maintaining \mbox{\isa{calculation}} in the same way as \mbox{\isa{\isacommand{also}}}, and concludes the current calculational thread. The final
5.953 + result is exhibited as fact for forward chaining towards the next
5.954 + goal. Basically, \mbox{\isa{\isacommand{finally}}} just abbreviates \mbox{\isa{\isacommand{also}}}~\mbox{\isa{\isacommand{from}}}~\mbox{\isa{calculation}}. Typical idioms for
5.955 + concluding calculational proofs are ``\mbox{\isa{\isacommand{finally}}}~\mbox{\isa{\isacommand{show}}}~\isa{{\isacharquery}thesis}~\mbox{\isa{\isacommand{{\isachardot}}}}'' and ``\mbox{\isa{\isacommand{finally}}}~\mbox{\isa{\isacommand{have}}}~\isa{{\isasymphi}}~\mbox{\isa{\isacommand{{\isachardot}}}}''.
5.956 +
5.957 + \item [\mbox{\isa{\isacommand{moreover}}} and \mbox{\isa{\isacommand{ultimately}}}] are
5.958 + analogous to \mbox{\isa{\isacommand{also}}} and \mbox{\isa{\isacommand{finally}}}, but collect
5.959 + results only, without applying rules.
5.960 +
5.961 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}trans{\isacharunderscore}rules}}}] prints the list of
5.962 + transitivity rules (for calculational commands \mbox{\isa{\isacommand{also}}} and
5.963 + \mbox{\isa{\isacommand{finally}}}) and symmetry rules (for the \mbox{\isa{symmetric}} operation and single step elimination patters) of the
5.964 + current context.
5.965 +
5.966 + \item [\mbox{\isa{trans}}] declares theorems as transitivity rules.
5.967 +
5.968 + \item [\mbox{\isa{sym}}] declares symmetry rules, as well as
5.969 + \mbox{\isa{Pure{\isachardot}elim{\isacharquery}}} rules.
5.970 +
5.971 + \item [\mbox{\isa{symmetric}}] resolves a theorem with some rule
5.972 + declared as \mbox{\isa{sym}} in the current context. For example,
5.973 + ``\mbox{\isa{\isacommand{assume}}}~\isa{{\isacharbrackleft}symmetric{\isacharbrackright}{\isacharcolon}\ x\ {\isacharequal}\ y}'' produces a
5.974 + swapped fact derived from that assumption.
5.975 +
5.976 + In structured proof texts it is often more appropriate to use an
5.977 + explicit single-step elimination proof, such as ``\mbox{\isa{\isacommand{assume}}}~\isa{x\ {\isacharequal}\ y}~\mbox{\isa{\isacommand{then}}}~\mbox{\isa{\isacommand{have}}}~\isa{y\ {\isacharequal}\ x}~\mbox{\isa{\isacommand{{\isachardot}{\isachardot}}}}''.
5.978 +
5.979 + \end{descr}%
5.980 +\end{isamarkuptext}%
5.981 +\isamarkuptrue%
5.982 +%
5.983 +\isamarkupsection{Proof tools%
5.984 +}
5.985 +\isamarkuptrue%
5.986 +%
5.987 +\isamarkupsubsection{Miscellaneous methods and attributes \label{sec:misc-meth-att}%
5.988 +}
5.989 +\isamarkuptrue%
5.990 +%
5.991 +\begin{isamarkuptext}%
5.992 +\begin{matharray}{rcl}
5.993 + \indexdef{}{method}{unfold}\mbox{\isa{unfold}} & : & \isarmeth \\
5.994 + \indexdef{}{method}{fold}\mbox{\isa{fold}} & : & \isarmeth \\
5.995 + \indexdef{}{method}{insert}\mbox{\isa{insert}} & : & \isarmeth \\[0.5ex]
5.996 + \indexdef{}{method}{erule}\mbox{\isa{erule}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.997 + \indexdef{}{method}{drule}\mbox{\isa{drule}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.998 + \indexdef{}{method}{frule}\mbox{\isa{frule}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.999 + \indexdef{}{method}{succeed}\mbox{\isa{succeed}} & : & \isarmeth \\
5.1000 + \indexdef{}{method}{fail}\mbox{\isa{fail}} & : & \isarmeth \\
5.1001 + \end{matharray}
5.1002 +
5.1003 + \begin{rail}
5.1004 + ('fold' | 'unfold' | 'insert') thmrefs
5.1005 + ;
5.1006 + ('erule' | 'drule' | 'frule') ('('nat')')? thmrefs
5.1007 + ;
5.1008 + \end{rail}
5.1009 +
5.1010 + \begin{descr}
5.1011 +
5.1012 + \item [\mbox{\isa{unfold}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n} and \mbox{\isa{fold}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] expand (or fold back) the
5.1013 + given definitions throughout all goals; any chained facts provided
5.1014 + are inserted into the goal and subject to rewriting as well.
5.1015 +
5.1016 + \item [\mbox{\isa{insert}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] inserts
5.1017 + theorems as facts into all goals of the proof state. Note that
5.1018 + current facts indicated for forward chaining are ignored.
5.1019 +
5.1020 + \item [\mbox{\isa{erule}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}, \mbox{\isa{drule}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}, and \mbox{\isa{frule}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] are similar to the basic \mbox{\isa{rule}}
5.1021 + method (see \secref{sec:pure-meth-att}), but apply rules by
5.1022 + elim-resolution, destruct-resolution, and forward-resolution,
5.1023 + respectively \cite{isabelle-ref}. The optional natural number
5.1024 + argument (default 0) specifies additional assumption steps to be
5.1025 + performed here.
5.1026 +
5.1027 + Note that these methods are improper ones, mainly serving for
5.1028 + experimentation and tactic script emulation. Different modes of
5.1029 + basic rule application are usually expressed in Isar at the proof
5.1030 + language level, rather than via implicit proof state manipulations.
5.1031 + For example, a proper single-step elimination would be done using
5.1032 + the plain \mbox{\isa{rule}} method, with forward chaining of current
5.1033 + facts.
5.1034 +
5.1035 + \item [\mbox{\isa{succeed}}] yields a single (unchanged) result; it is
5.1036 + the identity of the ``\isa{{\isacharcomma}}'' method combinator (cf.\
5.1037 + \secref{sec:syn-meth}).
5.1038 +
5.1039 + \item [\mbox{\isa{fail}}] yields an empty result sequence; it is the
5.1040 + identity of the ``\isa{{\isacharbar}}'' method combinator (cf.\
5.1041 + \secref{sec:syn-meth}).
5.1042 +
5.1043 + \end{descr}
5.1044 +
5.1045 + \begin{matharray}{rcl}
5.1046 + \indexdef{}{attribute}{tagged}\mbox{\isa{tagged}} & : & \isaratt \\
5.1047 + \indexdef{}{attribute}{untagged}\mbox{\isa{untagged}} & : & \isaratt \\[0.5ex]
5.1048 + \indexdef{}{attribute}{THEN}\mbox{\isa{THEN}} & : & \isaratt \\
5.1049 + \indexdef{}{attribute}{COMP}\mbox{\isa{COMP}} & : & \isaratt \\[0.5ex]
5.1050 + \indexdef{}{attribute}{unfolded}\mbox{\isa{unfolded}} & : & \isaratt \\
5.1051 + \indexdef{}{attribute}{folded}\mbox{\isa{folded}} & : & \isaratt \\[0.5ex]
5.1052 + \indexdef{}{attribute}{rotated}\mbox{\isa{rotated}} & : & \isaratt \\
5.1053 + \indexdef{Pure}{attribute}{elim-format}\mbox{\isa{elim{\isacharunderscore}format}} & : & \isaratt \\
5.1054 + \indexdef{}{attribute}{standard}\mbox{\isa{standard}}\isa{\isactrlsup {\isacharasterisk}} & : & \isaratt \\
5.1055 + \indexdef{}{attribute}{no-vars}\mbox{\isa{no{\isacharunderscore}vars}}\isa{\isactrlsup {\isacharasterisk}} & : & \isaratt \\
5.1056 + \end{matharray}
5.1057 +
5.1058 + \begin{rail}
5.1059 + 'tagged' nameref
5.1060 + ;
5.1061 + 'untagged' name
5.1062 + ;
5.1063 + ('THEN' | 'COMP') ('[' nat ']')? thmref
5.1064 + ;
5.1065 + ('unfolded' | 'folded') thmrefs
5.1066 + ;
5.1067 + 'rotated' ( int )?
5.1068 + \end{rail}
5.1069 +
5.1070 + \begin{descr}
5.1071 +
5.1072 + \item [\mbox{\isa{tagged}}~\isa{name\ arg} and \mbox{\isa{untagged}}~\isa{name}] add and remove \emph{tags} of some theorem.
5.1073 + Tags may be any list of string pairs that serve as formal comment.
5.1074 + The first string is considered the tag name, the second its
5.1075 + argument. Note that \mbox{\isa{untagged}} removes any tags of the
5.1076 + same name.
5.1077 +
5.1078 + \item [\mbox{\isa{THEN}}~\isa{a} and \mbox{\isa{COMP}}~\isa{a}]
5.1079 + compose rules by resolution. \mbox{\isa{THEN}} resolves with the
5.1080 + first premise of \isa{a} (an alternative position may be also
5.1081 + specified); the \mbox{\isa{COMP}} version skips the automatic
5.1082 + lifting process that is normally intended (cf.\ \verb|op RS| and
5.1083 + \verb|op COMP| in \cite[\S5]{isabelle-ref}).
5.1084 +
5.1085 + \item [\mbox{\isa{unfolded}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n} and
5.1086 + \mbox{\isa{folded}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] expand and fold
5.1087 + back again the given definitions throughout a rule.
5.1088 +
5.1089 + \item [\mbox{\isa{rotated}}~\isa{n}] rotate the premises of a
5.1090 + theorem by \isa{n} (default 1).
5.1091 +
5.1092 + \item [\mbox{\isa{Pure{\isachardot}elim{\isacharunderscore}format}}] turns a destruction rule into
5.1093 + elimination rule format, by resolving with the rule \isa{{\isachardoublequote}PROP\ A\ {\isasymLongrightarrow}\ {\isacharparenleft}PROP\ A\ {\isasymLongrightarrow}\ PROP\ B{\isacharparenright}\ {\isasymLongrightarrow}\ PROP\ B{\isachardoublequote}}.
5.1094 +
5.1095 + Note that the Classical Reasoner (\secref{sec:classical}) provides
5.1096 + its own version of this operation.
5.1097 +
5.1098 + \item [\mbox{\isa{standard}}] puts a theorem into the standard form
5.1099 + of object-rules at the outermost theory level. Note that this
5.1100 + operation violates the local proof context (including active
5.1101 + locales).
5.1102 +
5.1103 + \item [\mbox{\isa{no{\isacharunderscore}vars}}] replaces schematic variables by free
5.1104 + ones; this is mainly for tuning output of pretty printed theorems.
5.1105 +
5.1106 + \end{descr}%
5.1107 +\end{isamarkuptext}%
5.1108 +\isamarkuptrue%
5.1109 +%
5.1110 +\isamarkupsubsection{Further tactic emulations \label{sec:tactics}%
5.1111 +}
5.1112 +\isamarkuptrue%
5.1113 +%
5.1114 +\begin{isamarkuptext}%
5.1115 +The following improper proof methods emulate traditional tactics.
5.1116 + These admit direct access to the goal state, which is normally
5.1117 + considered harmful! In particular, this may involve both numbered
5.1118 + goal addressing (default 1), and dynamic instantiation within the
5.1119 + scope of some subgoal.
5.1120 +
5.1121 + \begin{warn}
5.1122 + Dynamic instantiations refer to universally quantified parameters
5.1123 + of a subgoal (the dynamic context) rather than fixed variables and
5.1124 + term abbreviations of a (static) Isar context.
5.1125 + \end{warn}
5.1126 +
5.1127 + Tactic emulation methods, unlike their ML counterparts, admit
5.1128 + simultaneous instantiation from both dynamic and static contexts.
5.1129 + If names occur in both contexts goal parameters hide locally fixed
5.1130 + variables. Likewise, schematic variables refer to term
5.1131 + abbreviations, if present in the static context. Otherwise the
5.1132 + schematic variable is interpreted as a schematic variable and left
5.1133 + to be solved by unification with certain parts of the subgoal.
5.1134 +
5.1135 + Note that the tactic emulation proof methods in Isabelle/Isar are
5.1136 + consistently named \isa{foo{\isacharunderscore}tac}. Note also that variable names
5.1137 + occurring on left hand sides of instantiations must be preceded by a
5.1138 + question mark if they coincide with a keyword or contain dots. This
5.1139 + is consistent with the attribute \mbox{\isa{where}} (see
5.1140 + \secref{sec:pure-meth-att}).
5.1141 +
5.1142 + \begin{matharray}{rcl}
5.1143 + \indexdef{}{method}{rule-tac}\mbox{\isa{rule{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1144 + \indexdef{}{method}{erule-tac}\mbox{\isa{erule{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1145 + \indexdef{}{method}{drule-tac}\mbox{\isa{drule{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1146 + \indexdef{}{method}{frule-tac}\mbox{\isa{frule{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1147 + \indexdef{}{method}{cut-tac}\mbox{\isa{cut{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1148 + \indexdef{}{method}{thin-tac}\mbox{\isa{thin{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1149 + \indexdef{}{method}{subgoal-tac}\mbox{\isa{subgoal{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1150 + \indexdef{}{method}{rename-tac}\mbox{\isa{rename{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1151 + \indexdef{}{method}{rotate-tac}\mbox{\isa{rotate{\isacharunderscore}tac}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1152 + \indexdef{}{method}{tactic}\mbox{\isa{tactic}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1153 + \end{matharray}
5.1154 +
5.1155 + \begin{rail}
5.1156 + ( 'rule\_tac' | 'erule\_tac' | 'drule\_tac' | 'frule\_tac' | 'cut\_tac' | 'thin\_tac' ) goalspec?
5.1157 + ( insts thmref | thmrefs )
5.1158 + ;
5.1159 + 'subgoal\_tac' goalspec? (prop +)
5.1160 + ;
5.1161 + 'rename\_tac' goalspec? (name +)
5.1162 + ;
5.1163 + 'rotate\_tac' goalspec? int?
5.1164 + ;
5.1165 + 'tactic' text
5.1166 + ;
5.1167 +
5.1168 + insts: ((name '=' term) + 'and') 'in'
5.1169 + ;
5.1170 + \end{rail}
5.1171 +
5.1172 +\begin{descr}
5.1173 +
5.1174 + \item [\mbox{\isa{rule{\isacharunderscore}tac}} etc.] do resolution of rules with explicit
5.1175 + instantiation. This works the same way as the ML tactics \verb|res_inst_tac| etc. (see \cite[\S3]{isabelle-ref}).
5.1176 +
5.1177 + Multiple rules may be only given if there is no instantiation; then
5.1178 + \mbox{\isa{rule{\isacharunderscore}tac}} is the same as \verb|resolve_tac| in ML (see
5.1179 + \cite[\S3]{isabelle-ref}).
5.1180 +
5.1181 + \item [\mbox{\isa{cut{\isacharunderscore}tac}}] inserts facts into the proof state as
5.1182 + assumption of a subgoal, see also \verb|cut_facts_tac| in
5.1183 + \cite[\S3]{isabelle-ref}. Note that the scope of schematic
5.1184 + variables is spread over the main goal statement. Instantiations
5.1185 + may be given as well, see also ML tactic \verb|cut_inst_tac| in
5.1186 + \cite[\S3]{isabelle-ref}.
5.1187 +
5.1188 + \item [\mbox{\isa{thin{\isacharunderscore}tac}}~\isa{{\isasymphi}}] deletes the specified
5.1189 + assumption from a subgoal; note that \isa{{\isasymphi}} may contain schematic
5.1190 + variables. See also \verb|thin_tac| in \cite[\S3]{isabelle-ref}.
5.1191 +
5.1192 + \item [\mbox{\isa{subgoal{\isacharunderscore}tac}}~\isa{{\isasymphi}}] adds \isa{{\isasymphi}} as an
5.1193 + assumption to a subgoal. See also \verb|subgoal_tac| and \verb|subgoals_tac| in \cite[\S3]{isabelle-ref}.
5.1194 +
5.1195 + \item [\mbox{\isa{rename{\isacharunderscore}tac}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n}] renames
5.1196 + parameters of a goal according to the list \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub n}, which refers to the \emph{suffix} of variables.
5.1197 +
5.1198 + \item [\mbox{\isa{rotate{\isacharunderscore}tac}}~\isa{n}] rotates the assumptions of a
5.1199 + goal by \isa{n} positions: from right to left if \isa{n} is
5.1200 + positive, and from left to right if \isa{n} is negative; the
5.1201 + default value is 1. See also \verb|rotate_tac| in
5.1202 + \cite[\S3]{isabelle-ref}.
5.1203 +
5.1204 + \item [\mbox{\isa{tactic}}~\isa{text}] produces a proof method from
5.1205 + any ML text of type \verb|tactic|. Apart from the usual ML
5.1206 + environment and the current implicit theory context, the ML code may
5.1207 + refer to the following locally bound values:
5.1208 +
5.1209 +%FIXME check
5.1210 +{\footnotesize\begin{verbatim}
5.1211 +val ctxt : Proof.context
5.1212 +val facts : thm list
5.1213 +val thm : string -> thm
5.1214 +val thms : string -> thm list
5.1215 +\end{verbatim}}
5.1216 +
5.1217 + Here \verb|ctxt| refers to the current proof context, \verb|facts| indicates any current facts for forward-chaining, and \verb|thm|~/~\verb|thms| retrieve named facts (including global theorems)
5.1218 + from the context.
5.1219 +
5.1220 + \end{descr}%
5.1221 +\end{isamarkuptext}%
5.1222 +\isamarkuptrue%
5.1223 +%
5.1224 +\isamarkupsubsection{The Simplifier \label{sec:simplifier}%
5.1225 +}
5.1226 +\isamarkuptrue%
5.1227 +%
5.1228 +\isamarkupsubsubsection{Simplification methods%
5.1229 +}
5.1230 +\isamarkuptrue%
5.1231 +%
5.1232 +\begin{isamarkuptext}%
5.1233 +\begin{matharray}{rcl}
5.1234 + \indexdef{}{method}{simp}\mbox{\isa{simp}} & : & \isarmeth \\
5.1235 + \indexdef{}{method}{simp-all}\mbox{\isa{simp{\isacharunderscore}all}} & : & \isarmeth \\
5.1236 + \end{matharray}
5.1237 +
5.1238 + \indexouternonterm{simpmod}
5.1239 + \begin{rail}
5.1240 + ('simp' | 'simp\_all') ('!' ?) opt? (simpmod *)
5.1241 + ;
5.1242 +
5.1243 + opt: '(' ('no\_asm' | 'no\_asm\_simp' | 'no\_asm\_use' | 'asm\_lr' | 'depth\_limit' ':' nat) ')'
5.1244 + ;
5.1245 + simpmod: ('add' | 'del' | 'only' | 'cong' (() | 'add' | 'del') |
5.1246 + 'split' (() | 'add' | 'del')) ':' thmrefs
5.1247 + ;
5.1248 + \end{rail}
5.1249 +
5.1250 + \begin{descr}
5.1251 +
5.1252 + \item [\mbox{\isa{simp}}] invokes the Simplifier, after declaring
5.1253 + additional rules according to the arguments given. Note that the
5.1254 + \railtterm{only} modifier first removes all other rewrite rules,
5.1255 + congruences, and looper tactics (including splits), and then behaves
5.1256 + like \railtterm{add}.
5.1257 +
5.1258 + \medskip The \railtterm{cong} modifiers add or delete Simplifier
5.1259 + congruence rules (see also \cite{isabelle-ref}), the default is to
5.1260 + add.
5.1261 +
5.1262 + \medskip The \railtterm{split} modifiers add or delete rules for the
5.1263 + Splitter (see also \cite{isabelle-ref}), the default is to add.
5.1264 + This works only if the Simplifier method has been properly setup to
5.1265 + include the Splitter (all major object logics such HOL, HOLCF, FOL,
5.1266 + ZF do this already).
5.1267 +
5.1268 + \item [\mbox{\isa{simp{\isacharunderscore}all}}] is similar to \mbox{\isa{simp}}, but acts on
5.1269 + all goals (backwards from the last to the first one).
5.1270 +
5.1271 + \end{descr}
5.1272 +
5.1273 + By default the Simplifier methods take local assumptions fully into
5.1274 + account, using equational assumptions in the subsequent
5.1275 + normalization process, or simplifying assumptions themselves (cf.\
5.1276 + \verb|asm_full_simp_tac| in \cite[\S10]{isabelle-ref}). In
5.1277 + structured proofs this is usually quite well behaved in practice:
5.1278 + just the local premises of the actual goal are involved, additional
5.1279 + facts may be inserted via explicit forward-chaining (via \mbox{\isa{\isacommand{then}}}, \mbox{\isa{\isacommand{from}}}, \mbox{\isa{\isacommand{using}}} etc.). The full
5.1280 + context of premises is only included if the ``\isa{{\isacharbang}}'' (bang)
5.1281 + argument is given, which should be used with some care, though.
5.1282 +
5.1283 + Additional Simplifier options may be specified to tune the behavior
5.1284 + further (mostly for unstructured scripts with many accidental local
5.1285 + facts): ``\isa{{\isacharparenleft}no{\isacharunderscore}asm{\isacharparenright}}'' means assumptions are ignored
5.1286 + completely (cf.\ \verb|simp_tac|), ``\isa{{\isacharparenleft}no{\isacharunderscore}asm{\isacharunderscore}simp{\isacharparenright}}'' means
5.1287 + assumptions are used in the simplification of the conclusion but are
5.1288 + not themselves simplified (cf.\ \verb|asm_simp_tac|), and ``\isa{{\isacharparenleft}no{\isacharunderscore}asm{\isacharunderscore}use{\isacharparenright}}'' means assumptions are simplified but are not used
5.1289 + in the simplification of each other or the conclusion (cf.\ \verb|full_simp_tac|). For compatibility reasons, there is also an option
5.1290 + ``\isa{{\isacharparenleft}asm{\isacharunderscore}lr{\isacharparenright}}'', which means that an assumption is only used
5.1291 + for simplifying assumptions which are to the right of it (cf.\ \verb|asm_lr_simp_tac|).
5.1292 +
5.1293 + Giving an option ``\isa{{\isacharparenleft}depth{\isacharunderscore}limit{\isacharcolon}\ n{\isacharparenright}}'' limits the number of
5.1294 + recursive invocations of the simplifier during conditional
5.1295 + rewriting.
5.1296 +
5.1297 + \medskip The Splitter package is usually configured to work as part
5.1298 + of the Simplifier. The effect of repeatedly applying \verb|split_tac| can be simulated by ``\isa{{\isacharparenleft}simp\ only{\isacharcolon}\ split{\isacharcolon}\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharparenright}}''. There is also a separate \isa{split}
5.1299 + method available for single-step case splitting.%
5.1300 +\end{isamarkuptext}%
5.1301 +\isamarkuptrue%
5.1302 +%
5.1303 +\isamarkupsubsubsection{Declaring rules%
5.1304 +}
5.1305 +\isamarkuptrue%
5.1306 +%
5.1307 +\begin{isamarkuptext}%
5.1308 +\begin{matharray}{rcl}
5.1309 + \indexdef{}{command}{print-simpset}\mbox{\isa{\isacommand{print{\isacharunderscore}simpset}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.1310 + \indexdef{}{attribute}{simp}\mbox{\isa{simp}} & : & \isaratt \\
5.1311 + \indexdef{}{attribute}{cong}\mbox{\isa{cong}} & : & \isaratt \\
5.1312 + \indexdef{}{attribute}{split}\mbox{\isa{split}} & : & \isaratt \\
5.1313 + \end{matharray}
5.1314 +
5.1315 + \begin{rail}
5.1316 + ('simp' | 'cong' | 'split') (() | 'add' | 'del')
5.1317 + ;
5.1318 + \end{rail}
5.1319 +
5.1320 + \begin{descr}
5.1321 +
5.1322 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}simpset}}}] prints the collection of rules
5.1323 + declared to the Simplifier, which is also known as ``simpset''
5.1324 + internally \cite{isabelle-ref}.
5.1325 +
5.1326 + \item [\mbox{\isa{simp}}] declares simplification rules.
5.1327 +
5.1328 + \item [\mbox{\isa{cong}}] declares congruence rules.
5.1329 +
5.1330 + \item [\mbox{\isa{split}}] declares case split rules.
5.1331 +
5.1332 + \end{descr}%
5.1333 +\end{isamarkuptext}%
5.1334 +\isamarkuptrue%
5.1335 +%
5.1336 +\isamarkupsubsubsection{Simplification procedures%
5.1337 +}
5.1338 +\isamarkuptrue%
5.1339 +%
5.1340 +\begin{isamarkuptext}%
5.1341 +\begin{matharray}{rcl}
5.1342 + \indexdef{}{command}{simproc-setup}\mbox{\isa{\isacommand{simproc{\isacharunderscore}setup}}} & : & \isarkeep{local{\dsh}theory} \\
5.1343 + simproc & : & \isaratt \\
5.1344 + \end{matharray}
5.1345 +
5.1346 + \begin{rail}
5.1347 + 'simproc\_setup' name '(' (term + '|') ')' '=' text \\ ('identifier' (nameref+))?
5.1348 + ;
5.1349 +
5.1350 + 'simproc' (('add' ':')? | 'del' ':') (name+)
5.1351 + ;
5.1352 + \end{rail}
5.1353 +
5.1354 + \begin{descr}
5.1355 +
5.1356 + \item [\mbox{\isa{\isacommand{simproc{\isacharunderscore}setup}}}] defines a named simplification
5.1357 + procedure that is invoked by the Simplifier whenever any of the
5.1358 + given term patterns match the current redex. The implementation,
5.1359 + which is provided as ML source text, needs to be of type \verb|morphism -> simpset -> cterm -> thm option|, where the \verb|cterm| represents the current redex \isa{r} and the result is
5.1360 + supposed to be some proven rewrite rule \isa{r\ {\isasymequiv}\ r{\isacharprime}} (or a
5.1361 + generalized version), or \verb|NONE| to indicate failure. The
5.1362 + \verb|simpset| argument holds the full context of the current
5.1363 + Simplifier invocation, including the actual Isar proof context. The
5.1364 + \verb|morphism| informs about the difference of the original
5.1365 + compilation context wrt.\ the one of the actual application later
5.1366 + on. The optional \mbox{\isa{\isakeyword{identifier}}} specifies theorems that
5.1367 + represent the logical content of the abstract theory of this
5.1368 + simproc.
5.1369 +
5.1370 + Morphisms and identifiers are only relevant for simprocs that are
5.1371 + defined within a local target context, e.g.\ in a locale.
5.1372 +
5.1373 + \item [\isa{simproc\ add{\isacharcolon}\ name} and \isa{simproc\ del{\isacharcolon}\ name}]
5.1374 + add or delete named simprocs to the current Simplifier context. The
5.1375 + default is to add a simproc. Note that \mbox{\isa{\isacommand{simproc{\isacharunderscore}setup}}}
5.1376 + already adds the new simproc to the subsequent context.
5.1377 +
5.1378 + \end{descr}%
5.1379 +\end{isamarkuptext}%
5.1380 +\isamarkuptrue%
5.1381 +%
5.1382 +\isamarkupsubsubsection{Forward simplification%
5.1383 +}
5.1384 +\isamarkuptrue%
5.1385 +%
5.1386 +\begin{isamarkuptext}%
5.1387 +\begin{matharray}{rcl}
5.1388 + \indexdef{}{attribute}{simplified}\mbox{\isa{simplified}} & : & \isaratt \\
5.1389 + \end{matharray}
5.1390 +
5.1391 + \begin{rail}
5.1392 + 'simplified' opt? thmrefs?
5.1393 + ;
5.1394 +
5.1395 + opt: '(' (noasm | noasmsimp | noasmuse) ')'
5.1396 + ;
5.1397 + \end{rail}
5.1398 +
5.1399 + \begin{descr}
5.1400 +
5.1401 + \item [\mbox{\isa{simplified}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}]
5.1402 + causes a theorem to be simplified, either by exactly the specified
5.1403 + rules \isa{a\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ a\isactrlsub n}, or the implicit Simplifier
5.1404 + context if no arguments are given. The result is fully simplified
5.1405 + by default, including assumptions and conclusion; the options \isa{no{\isacharunderscore}asm} etc.\ tune the Simplifier in the same way as the for the
5.1406 + \isa{simp} method.
5.1407 +
5.1408 + Note that forward simplification restricts the simplifier to its
5.1409 + most basic operation of term rewriting; solver and looper tactics
5.1410 + \cite{isabelle-ref} are \emph{not} involved here. The \isa{simplified} attribute should be only rarely required under normal
5.1411 + circumstances.
5.1412 +
5.1413 + \end{descr}%
5.1414 +\end{isamarkuptext}%
5.1415 +\isamarkuptrue%
5.1416 +%
5.1417 +\isamarkupsubsubsection{Low-level equational reasoning%
5.1418 +}
5.1419 +\isamarkuptrue%
5.1420 +%
5.1421 +\begin{isamarkuptext}%
5.1422 +\begin{matharray}{rcl}
5.1423 + \indexdef{}{method}{subst}\mbox{\isa{subst}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1424 + \indexdef{}{method}{hypsubst}\mbox{\isa{hypsubst}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1425 + \indexdef{}{method}{split}\mbox{\isa{split}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarmeth \\
5.1426 + \end{matharray}
5.1427 +
5.1428 + \begin{rail}
5.1429 + 'subst' ('(' 'asm' ')')? ('(' (nat+) ')')? thmref
5.1430 + ;
5.1431 + 'split' ('(' 'asm' ')')? thmrefs
5.1432 + ;
5.1433 + \end{rail}
5.1434 +
5.1435 + These methods provide low-level facilities for equational reasoning
5.1436 + that are intended for specialized applications only. Normally,
5.1437 + single step calculations would be performed in a structured text
5.1438 + (see also \secref{sec:calculation}), while the Simplifier methods
5.1439 + provide the canonical way for automated normalization (see
5.1440 + \secref{sec:simplifier}).
5.1441 +
5.1442 + \begin{descr}
5.1443 +
5.1444 + \item [\mbox{\isa{subst}}~\isa{eq}] performs a single substitution
5.1445 + step using rule \isa{eq}, which may be either a meta or object
5.1446 + equality.
5.1447 +
5.1448 + \item [\mbox{\isa{subst}}~\isa{{\isacharparenleft}asm{\isacharparenright}\ eq}] substitutes in an
5.1449 + assumption.
5.1450 +
5.1451 + \item [\mbox{\isa{subst}}~\isa{{\isacharparenleft}i\ {\isasymdots}\ j{\isacharparenright}\ eq}] performs several
5.1452 + substitutions in the conclusion. The numbers \isa{i} to \isa{j}
5.1453 + indicate the positions to substitute at. Positions are ordered from
5.1454 + the top of the term tree moving down from left to right. For
5.1455 + example, in \isa{{\isacharparenleft}a\ {\isacharplus}\ b{\isacharparenright}\ {\isacharplus}\ {\isacharparenleft}c\ {\isacharplus}\ d{\isacharparenright}} there are three positions
5.1456 + where commutativity of \isa{{\isacharplus}} is applicable: 1 refers to the
5.1457 + whole term, 2 to \isa{a\ {\isacharplus}\ b} and 3 to \isa{c\ {\isacharplus}\ d}.
5.1458 +
5.1459 + If the positions in the list \isa{{\isacharparenleft}i\ {\isasymdots}\ j{\isacharparenright}} are non-overlapping
5.1460 + (e.g.\ \isa{{\isacharparenleft}{\isadigit{2}}\ {\isadigit{3}}{\isacharparenright}} in \isa{{\isacharparenleft}a\ {\isacharplus}\ b{\isacharparenright}\ {\isacharplus}\ {\isacharparenleft}c\ {\isacharplus}\ d{\isacharparenright}}) you may
5.1461 + assume all substitutions are performed simultaneously. Otherwise
5.1462 + the behaviour of \isa{subst} is not specified.
5.1463 +
5.1464 + \item [\mbox{\isa{subst}}~\isa{{\isacharparenleft}asm{\isacharparenright}\ {\isacharparenleft}i\ {\isasymdots}\ j{\isacharparenright}\ eq}] performs the
5.1465 + substitutions in the assumptions. Positions \isa{{\isadigit{1}}\ {\isasymdots}\ i\isactrlsub {\isadigit{1}}}
5.1466 + refer to assumption 1, positions \isa{i\isactrlsub {\isadigit{1}}\ {\isacharplus}\ {\isadigit{1}}\ {\isasymdots}\ i\isactrlsub {\isadigit{2}}}
5.1467 + to assumption 2, and so on.
5.1468 +
5.1469 + \item [\mbox{\isa{hypsubst}}] performs substitution using some
5.1470 + assumption; this only works for equations of the form \isa{x\ {\isacharequal}\ t} where \isa{x} is a free or bound variable.
5.1471 +
5.1472 + \item [\mbox{\isa{split}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] performs
5.1473 + single-step case splitting using the given rules. By default,
5.1474 + splitting is performed in the conclusion of a goal; the \isa{{\isacharparenleft}asm{\isacharparenright}} option indicates to operate on assumptions instead.
5.1475 +
5.1476 + Note that the \mbox{\isa{simp}} method already involves repeated
5.1477 + application of split rules as declared in the current context.
5.1478 +
5.1479 + \end{descr}%
5.1480 +\end{isamarkuptext}%
5.1481 +\isamarkuptrue%
5.1482 +%
5.1483 +\isamarkupsubsection{The Classical Reasoner \label{sec:classical}%
5.1484 +}
5.1485 +\isamarkuptrue%
5.1486 +%
5.1487 +\isamarkupsubsubsection{Basic methods%
5.1488 +}
5.1489 +\isamarkuptrue%
5.1490 +%
5.1491 +\begin{isamarkuptext}%
5.1492 +\begin{matharray}{rcl}
5.1493 + \indexdef{}{method}{rule}\mbox{\isa{rule}} & : & \isarmeth \\
5.1494 + \indexdef{}{method}{contradiction}\mbox{\isa{contradiction}} & : & \isarmeth \\
5.1495 + \indexdef{}{method}{intro}\mbox{\isa{intro}} & : & \isarmeth \\
5.1496 + \indexdef{}{method}{elim}\mbox{\isa{elim}} & : & \isarmeth \\
5.1497 + \end{matharray}
5.1498 +
5.1499 + \begin{rail}
5.1500 + ('rule' | 'intro' | 'elim') thmrefs?
5.1501 + ;
5.1502 + \end{rail}
5.1503 +
5.1504 + \begin{descr}
5.1505 +
5.1506 + \item [\mbox{\isa{rule}}] as offered by the Classical Reasoner is a
5.1507 + refinement over the primitive one (see \secref{sec:pure-meth-att}).
5.1508 + Both versions essentially work the same, but the classical version
5.1509 + observes the classical rule context in addition to that of
5.1510 + Isabelle/Pure.
5.1511 +
5.1512 + Common object logics (HOL, ZF, etc.) declare a rich collection of
5.1513 + classical rules (even if these would qualify as intuitionistic
5.1514 + ones), but only few declarations to the rule context of
5.1515 + Isabelle/Pure (\secref{sec:pure-meth-att}).
5.1516 +
5.1517 + \item [\mbox{\isa{contradiction}}] solves some goal by contradiction,
5.1518 + deriving any result from both \isa{{\isasymnot}\ A} and \isa{A}. Chained
5.1519 + facts, which are guaranteed to participate, may appear in either
5.1520 + order.
5.1521 +
5.1522 + \item [\mbox{\isa{intro}} and \mbox{\isa{elim}}] repeatedly refine
5.1523 + some goal by intro- or elim-resolution, after having inserted any
5.1524 + chained facts. Exactly the rules given as arguments are taken into
5.1525 + account; this allows fine-tuned decomposition of a proof problem, in
5.1526 + contrast to common automated tools.
5.1527 +
5.1528 + \end{descr}%
5.1529 +\end{isamarkuptext}%
5.1530 +\isamarkuptrue%
5.1531 +%
5.1532 +\isamarkupsubsubsection{Automated methods%
5.1533 +}
5.1534 +\isamarkuptrue%
5.1535 +%
5.1536 +\begin{isamarkuptext}%
5.1537 +\begin{matharray}{rcl}
5.1538 + \indexdef{}{method}{blast}\mbox{\isa{blast}} & : & \isarmeth \\
5.1539 + \indexdef{}{method}{fast}\mbox{\isa{fast}} & : & \isarmeth \\
5.1540 + \indexdef{}{method}{slow}\mbox{\isa{slow}} & : & \isarmeth \\
5.1541 + \indexdef{}{method}{best}\mbox{\isa{best}} & : & \isarmeth \\
5.1542 + \indexdef{}{method}{safe}\mbox{\isa{safe}} & : & \isarmeth \\
5.1543 + \indexdef{}{method}{clarify}\mbox{\isa{clarify}} & : & \isarmeth \\
5.1544 + \end{matharray}
5.1545 +
5.1546 + \indexouternonterm{clamod}
5.1547 + \begin{rail}
5.1548 + 'blast' ('!' ?) nat? (clamod *)
5.1549 + ;
5.1550 + ('fast' | 'slow' | 'best' | 'safe' | 'clarify') ('!' ?) (clamod *)
5.1551 + ;
5.1552 +
5.1553 + clamod: (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del') ':' thmrefs
5.1554 + ;
5.1555 + \end{rail}
5.1556 +
5.1557 + \begin{descr}
5.1558 +
5.1559 + \item [\mbox{\isa{blast}}] refers to the classical tableau prover (see
5.1560 + \verb|blast_tac| in \cite[\S11]{isabelle-ref}). The optional
5.1561 + argument specifies a user-supplied search bound (default 20).
5.1562 +
5.1563 + \item [\mbox{\isa{fast}}, \mbox{\isa{slow}}, \mbox{\isa{best}}, \mbox{\isa{safe}}, and \mbox{\isa{clarify}}] refer to the generic classical
5.1564 + reasoner. See \verb|fast_tac|, \verb|slow_tac|, \verb|best_tac|, \verb|safe_tac|, and \verb|clarify_tac| in \cite[\S11]{isabelle-ref} for
5.1565 + more information.
5.1566 +
5.1567 + \end{descr}
5.1568 +
5.1569 + Any of the above methods support additional modifiers of the context
5.1570 + of classical rules. Their semantics is analogous to the attributes
5.1571 + given before. Facts provided by forward chaining are inserted into
5.1572 + the goal before commencing proof search. The ``\isa{{\isacharbang}}''~argument causes the full context of assumptions to be
5.1573 + included as well.%
5.1574 +\end{isamarkuptext}%
5.1575 +\isamarkuptrue%
5.1576 +%
5.1577 +\isamarkupsubsubsection{Combined automated methods \label{sec:clasimp}%
5.1578 +}
5.1579 +\isamarkuptrue%
5.1580 +%
5.1581 +\begin{isamarkuptext}%
5.1582 +\begin{matharray}{rcl}
5.1583 + \indexdef{}{method}{auto}\mbox{\isa{auto}} & : & \isarmeth \\
5.1584 + \indexdef{}{method}{force}\mbox{\isa{force}} & : & \isarmeth \\
5.1585 + \indexdef{}{method}{clarsimp}\mbox{\isa{clarsimp}} & : & \isarmeth \\
5.1586 + \indexdef{}{method}{fastsimp}\mbox{\isa{fastsimp}} & : & \isarmeth \\
5.1587 + \indexdef{}{method}{slowsimp}\mbox{\isa{slowsimp}} & : & \isarmeth \\
5.1588 + \indexdef{}{method}{bestsimp}\mbox{\isa{bestsimp}} & : & \isarmeth \\
5.1589 + \end{matharray}
5.1590 +
5.1591 + \indexouternonterm{clasimpmod}
5.1592 + \begin{rail}
5.1593 + 'auto' '!'? (nat nat)? (clasimpmod *)
5.1594 + ;
5.1595 + ('force' | 'clarsimp' | 'fastsimp' | 'slowsimp' | 'bestsimp') '!'? (clasimpmod *)
5.1596 + ;
5.1597 +
5.1598 + clasimpmod: ('simp' (() | 'add' | 'del' | 'only') |
5.1599 + ('cong' | 'split') (() | 'add' | 'del') |
5.1600 + 'iff' (((() | 'add') '?'?) | 'del') |
5.1601 + (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del')) ':' thmrefs
5.1602 + \end{rail}
5.1603 +
5.1604 + \begin{descr}
5.1605 +
5.1606 + \item [\mbox{\isa{auto}}, \mbox{\isa{force}}, \mbox{\isa{clarsimp}}, \mbox{\isa{fastsimp}}, \mbox{\isa{slowsimp}}, and \mbox{\isa{bestsimp}}] provide
5.1607 + access to Isabelle's combined simplification and classical reasoning
5.1608 + tactics. These correspond to \verb|auto_tac|, \verb|force_tac|, \verb|clarsimp_tac|, and Classical Reasoner tactics with the Simplifier
5.1609 + added as wrapper, see \cite[\S11]{isabelle-ref} for more
5.1610 + information. The modifier arguments correspond to those given in
5.1611 + \secref{sec:simplifier} and \secref{sec:classical}. Just note that
5.1612 + the ones related to the Simplifier are prefixed by \railtterm{simp}
5.1613 + here.
5.1614 +
5.1615 + Facts provided by forward chaining are inserted into the goal before
5.1616 + doing the search. The ``\isa{{\isacharbang}}'' argument causes the full
5.1617 + context of assumptions to be included as well.
5.1618 +
5.1619 + \end{descr}%
5.1620 +\end{isamarkuptext}%
5.1621 +\isamarkuptrue%
5.1622 +%
5.1623 +\isamarkupsubsubsection{Declaring rules%
5.1624 +}
5.1625 +\isamarkuptrue%
5.1626 +%
5.1627 +\begin{isamarkuptext}%
5.1628 +\begin{matharray}{rcl}
5.1629 + \indexdef{}{command}{print-claset}\mbox{\isa{\isacommand{print{\isacharunderscore}claset}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.1630 + \indexdef{}{attribute}{intro}\mbox{\isa{intro}} & : & \isaratt \\
5.1631 + \indexdef{}{attribute}{elim}\mbox{\isa{elim}} & : & \isaratt \\
5.1632 + \indexdef{}{attribute}{dest}\mbox{\isa{dest}} & : & \isaratt \\
5.1633 + \indexdef{}{attribute}{rule}\mbox{\isa{rule}} & : & \isaratt \\
5.1634 + \indexdef{}{attribute}{iff}\mbox{\isa{iff}} & : & \isaratt \\
5.1635 + \end{matharray}
5.1636 +
5.1637 + \begin{rail}
5.1638 + ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
5.1639 + ;
5.1640 + 'rule' 'del'
5.1641 + ;
5.1642 + 'iff' (((() | 'add') '?'?) | 'del')
5.1643 + ;
5.1644 + \end{rail}
5.1645 +
5.1646 + \begin{descr}
5.1647 +
5.1648 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}claset}}}] prints the collection of rules
5.1649 + declared to the Classical Reasoner, which is also known as
5.1650 + ``claset'' internally \cite{isabelle-ref}.
5.1651 +
5.1652 + \item [\mbox{\isa{intro}}, \mbox{\isa{elim}}, and \mbox{\isa{dest}}]
5.1653 + declare introduction, elimination, and destruction rules,
5.1654 + respectively. By default, rules are considered as \emph{unsafe}
5.1655 + (i.e.\ not applied blindly without backtracking), while ``\isa{{\isacharbang}}'' classifies as \emph{safe}. Rule declarations marked by
5.1656 + ``\isa{{\isacharquery}}'' coincide with those of Isabelle/Pure, cf.\
5.1657 + \secref{sec:pure-meth-att} (i.e.\ are only applied in single steps
5.1658 + of the \mbox{\isa{rule}} method). The optional natural number
5.1659 + specifies an explicit weight argument, which is ignored by automated
5.1660 + tools, but determines the search order of single rule steps.
5.1661 +
5.1662 + \item [\mbox{\isa{rule}}~\isa{del}] deletes introduction,
5.1663 + elimination, or destruction rules from the context.
5.1664 +
5.1665 + \item [\mbox{\isa{iff}}] declares logical equivalences to the
5.1666 + Simplifier and the Classical reasoner at the same time.
5.1667 + Non-conditional rules result in a ``safe'' introduction and
5.1668 + elimination pair; conditional ones are considered ``unsafe''. Rules
5.1669 + with negative conclusion are automatically inverted (using \isa{{\isasymnot}} elimination internally).
5.1670 +
5.1671 + The ``\isa{{\isacharquery}}'' version of \mbox{\isa{iff}} declares rules to
5.1672 + the Isabelle/Pure context only, and omits the Simplifier
5.1673 + declaration.
5.1674 +
5.1675 + \end{descr}%
5.1676 +\end{isamarkuptext}%
5.1677 +\isamarkuptrue%
5.1678 +%
5.1679 +\isamarkupsubsubsection{Classical operations%
5.1680 +}
5.1681 +\isamarkuptrue%
5.1682 +%
5.1683 +\begin{isamarkuptext}%
5.1684 +\begin{matharray}{rcl}
5.1685 + \indexdef{}{attribute}{swapped}\mbox{\isa{swapped}} & : & \isaratt \\
5.1686 + \end{matharray}
5.1687 +
5.1688 + \begin{descr}
5.1689 +
5.1690 + \item [\mbox{\isa{swapped}}] turns an introduction rule into an
5.1691 + elimination, by resolving with the classical swap principle \isa{{\isacharparenleft}{\isasymnot}\ B\ {\isasymLongrightarrow}\ A{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymnot}\ A\ {\isasymLongrightarrow}\ B{\isacharparenright}}.
5.1692 +
5.1693 + \end{descr}%
5.1694 +\end{isamarkuptext}%
5.1695 +\isamarkuptrue%
5.1696 +%
5.1697 +\isamarkupsubsection{Proof by cases and induction \label{sec:cases-induct}%
5.1698 +}
5.1699 +\isamarkuptrue%
5.1700 +%
5.1701 +\isamarkupsubsubsection{Rule contexts%
5.1702 +}
5.1703 +\isamarkuptrue%
5.1704 +%
5.1705 +\begin{isamarkuptext}%
5.1706 +\begin{matharray}{rcl}
5.1707 + \indexdef{}{command}{case}\mbox{\isa{\isacommand{case}}} & : & \isartrans{proof(state)}{proof(state)} \\
5.1708 + \indexdef{}{command}{print-cases}\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{proof} \\
5.1709 + \indexdef{}{attribute}{case-names}\mbox{\isa{case{\isacharunderscore}names}} & : & \isaratt \\
5.1710 + \indexdef{}{attribute}{case-conclusion}\mbox{\isa{case{\isacharunderscore}conclusion}} & : & \isaratt \\
5.1711 + \indexdef{}{attribute}{params}\mbox{\isa{params}} & : & \isaratt \\
5.1712 + \indexdef{}{attribute}{consumes}\mbox{\isa{consumes}} & : & \isaratt \\
5.1713 + \end{matharray}
5.1714 +
5.1715 + The puristic way to build up Isar proof contexts is by explicit
5.1716 + language elements like \mbox{\isa{\isacommand{fix}}}, \mbox{\isa{\isacommand{assume}}},
5.1717 + \mbox{\isa{\isacommand{let}}} (see \secref{sec:proof-context}). This is adequate
5.1718 + for plain natural deduction, but easily becomes unwieldy in concrete
5.1719 + verification tasks, which typically involve big induction rules with
5.1720 + several cases.
5.1721 +
5.1722 + The \mbox{\isa{\isacommand{case}}} command provides a shorthand to refer to a
5.1723 + local context symbolically: certain proof methods provide an
5.1724 + environment of named ``cases'' of the form \isa{c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub n}; the effect of
5.1725 + ``\mbox{\isa{\isacommand{case}}}\isa{c}'' is then equivalent to ``\mbox{\isa{\isacommand{fix}}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m}~\mbox{\isa{\isacommand{assume}}}~\isa{c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n}''. Term bindings may be
5.1726 + covered as well, notably \mbox{\isa{{\isacharquery}case}} for the main conclusion.
5.1727 +
5.1728 + By default, the ``terminology'' \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m} of
5.1729 + a case value is marked as hidden, i.e.\ there is no way to refer to
5.1730 + such parameters in the subsequent proof text. After all, original
5.1731 + rule parameters stem from somewhere outside of the current proof
5.1732 + text. By using the explicit form ``\mbox{\isa{\isacommand{case}}}~\isa{{\isacharparenleft}c\ y\isactrlsub {\isadigit{1}}\ {\isasymdots}\ y\isactrlsub m{\isacharparenright}}'' instead, the proof author is able to
5.1733 + chose local names that fit nicely into the current context.
5.1734 +
5.1735 + \medskip It is important to note that proper use of \mbox{\isa{\isacommand{case}}} does not provide means to peek at the current goal state,
5.1736 + which is not directly observable in Isar! Nonetheless, goal
5.1737 + refinement commands do provide named cases \isa{goal\isactrlsub i}
5.1738 + for each subgoal \isa{i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n} of the resulting goal state.
5.1739 + Using this extra feature requires great care, because some bits of
5.1740 + the internal tactical machinery intrude the proof text. In
5.1741 + particular, parameter names stemming from the left-over of automated
5.1742 + reasoning tools are usually quite unpredictable.
5.1743 +
5.1744 + Under normal circumstances, the text of cases emerge from standard
5.1745 + elimination or induction rules, which in turn are derived from
5.1746 + previous theory specifications in a canonical way (say from
5.1747 + \mbox{\isa{\isacommand{inductive}}} definitions).
5.1748 +
5.1749 + \medskip Proper cases are only available if both the proof method
5.1750 + and the rules involved support this. By using appropriate
5.1751 + attributes, case names, conclusions, and parameters may be also
5.1752 + declared by hand. Thus variant versions of rules that have been
5.1753 + derived manually become ready to use in advanced case analysis
5.1754 + later.
5.1755 +
5.1756 + \begin{rail}
5.1757 + 'case' (caseref | '(' caseref ((name | underscore) +) ')')
5.1758 + ;
5.1759 + caseref: nameref attributes?
5.1760 + ;
5.1761 +
5.1762 + 'case\_names' (name +)
5.1763 + ;
5.1764 + 'case\_conclusion' name (name *)
5.1765 + ;
5.1766 + 'params' ((name *) + 'and')
5.1767 + ;
5.1768 + 'consumes' nat?
5.1769 + ;
5.1770 + \end{rail}
5.1771 +
5.1772 + \begin{descr}
5.1773 +
5.1774 + \item [\mbox{\isa{\isacommand{case}}}~\isa{{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}}]
5.1775 + invokes a named local context \isa{c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub m}, as provided by an appropriate
5.1776 + proof method (such as \indexref{}{method}{cases}\mbox{\isa{cases}} and \indexref{}{method}{induct}\mbox{\isa{induct}}).
5.1777 + The command ``\mbox{\isa{\isacommand{case}}}~\isa{{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}}'' abbreviates ``\mbox{\isa{\isacommand{fix}}}~\isa{x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m}~\mbox{\isa{\isacommand{assume}}}~\isa{c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n}''.
5.1778 +
5.1779 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}] prints all local contexts of the
5.1780 + current state, using Isar proof language notation.
5.1781 +
5.1782 + \item [\mbox{\isa{case{\isacharunderscore}names}}~\isa{c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub k}]
5.1783 + declares names for the local contexts of premises of a theorem;
5.1784 + \isa{c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub k} refers to the \emph{suffix} of the
5.1785 + list of premises.
5.1786 +
5.1787 + \item [\mbox{\isa{case{\isacharunderscore}conclusion}}~\isa{c\ d\isactrlsub {\isadigit{1}}\ {\isasymdots}\ d\isactrlsub k}] declares names for the conclusions of a named premise
5.1788 + \isa{c}; here \isa{d\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlsub k} refers to the
5.1789 + prefix of arguments of a logical formula built by nesting a binary
5.1790 + connective (e.g.\ \isa{{\isasymor}}).
5.1791 +
5.1792 + Note that proof methods such as \mbox{\isa{induct}} and \mbox{\isa{coinduct}} already provide a default name for the conclusion as a
5.1793 + whole. The need to name subformulas only arises with cases that
5.1794 + split into several sub-cases, as in common co-induction rules.
5.1795 +
5.1796 + \item [\mbox{\isa{params}}~\isa{p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub m\ {\isasymAND}\ {\isasymdots}\ q\isactrlsub {\isadigit{1}}\ {\isasymdots}\ q\isactrlsub n}] renames the innermost parameters of
5.1797 + premises \isa{{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n} of some theorem. An empty list of names
5.1798 + may be given to skip positions, leaving the present parameters
5.1799 + unchanged.
5.1800 +
5.1801 + Note that the default usage of case rules does \emph{not} directly
5.1802 + expose parameters to the proof context.
5.1803 +
5.1804 + \item [\mbox{\isa{consumes}}~\isa{n}] declares the number of
5.1805 + ``major premises'' of a rule, i.e.\ the number of facts to be
5.1806 + consumed when it is applied by an appropriate proof method. The
5.1807 + default value of \mbox{\isa{consumes}} is \isa{n\ {\isacharequal}\ {\isadigit{1}}}, which is
5.1808 + appropriate for the usual kind of cases and induction rules for
5.1809 + inductive sets (cf.\ \secref{sec:hol-inductive}). Rules without any
5.1810 + \mbox{\isa{consumes}} declaration given are treated as if
5.1811 + \mbox{\isa{consumes}}~\isa{{\isadigit{0}}} had been specified.
5.1812 +
5.1813 + Note that explicit \mbox{\isa{consumes}} declarations are only
5.1814 + rarely needed; this is already taken care of automatically by the
5.1815 + higher-level \mbox{\isa{cases}}, \mbox{\isa{induct}}, and
5.1816 + \mbox{\isa{coinduct}} declarations.
5.1817 +
5.1818 + \end{descr}%
5.1819 +\end{isamarkuptext}%
5.1820 +\isamarkuptrue%
5.1821 +%
5.1822 +\isamarkupsubsubsection{Proof methods%
5.1823 +}
5.1824 +\isamarkuptrue%
5.1825 +%
5.1826 +\begin{isamarkuptext}%
5.1827 +\begin{matharray}{rcl}
5.1828 + \indexdef{}{method}{cases}\mbox{\isa{cases}} & : & \isarmeth \\
5.1829 + \indexdef{}{method}{induct}\mbox{\isa{induct}} & : & \isarmeth \\
5.1830 + \indexdef{}{method}{coinduct}\mbox{\isa{coinduct}} & : & \isarmeth \\
5.1831 + \end{matharray}
5.1832 +
5.1833 + The \mbox{\isa{cases}}, \mbox{\isa{induct}}, and \mbox{\isa{coinduct}}
5.1834 + methods provide a uniform interface to common proof techniques over
5.1835 + datatypes, inductive predicates (or sets), recursive functions etc.
5.1836 + The corresponding rules may be specified and instantiated in a
5.1837 + casual manner. Furthermore, these methods provide named local
5.1838 + contexts that may be invoked via the \mbox{\isa{\isacommand{case}}} proof command
5.1839 + within the subsequent proof text. This accommodates compact proof
5.1840 + texts even when reasoning about large specifications.
5.1841 +
5.1842 + The \mbox{\isa{induct}} method also provides some additional
5.1843 + infrastructure in order to be applicable to structure statements
5.1844 + (either using explicit meta-level connectives, or including facts
5.1845 + and parameters separately). This avoids cumbersome encoding of
5.1846 + ``strengthened'' inductive statements within the object-logic.
5.1847 +
5.1848 + \begin{rail}
5.1849 + 'cases' (insts * 'and') rule?
5.1850 + ;
5.1851 + 'induct' (definsts * 'and') \\ arbitrary? taking? rule?
5.1852 + ;
5.1853 + 'coinduct' insts taking rule?
5.1854 + ;
5.1855 +
5.1856 + rule: ('type' | 'pred' | 'set') ':' (nameref +) | 'rule' ':' (thmref +)
5.1857 + ;
5.1858 + definst: name ('==' | equiv) term | inst
5.1859 + ;
5.1860 + definsts: ( definst *)
5.1861 + ;
5.1862 + arbitrary: 'arbitrary' ':' ((term *) 'and' +)
5.1863 + ;
5.1864 + taking: 'taking' ':' insts
5.1865 + ;
5.1866 + \end{rail}
5.1867 +
5.1868 + \begin{descr}
5.1869 +
5.1870 + \item [\mbox{\isa{cases}}~\isa{insts\ R}] applies method \mbox{\isa{rule}} with an appropriate case distinction theorem, instantiated to
5.1871 + the subjects \isa{insts}. Symbolic case names are bound according
5.1872 + to the rule's local contexts.
5.1873 +
5.1874 + The rule is determined as follows, according to the facts and
5.1875 + arguments passed to the \mbox{\isa{cases}} method:
5.1876 +
5.1877 + \medskip
5.1878 + \begin{tabular}{llll}
5.1879 + facts & & arguments & rule \\\hline
5.1880 + & \mbox{\isa{cases}} & & classical case split \\
5.1881 + & \mbox{\isa{cases}} & \isa{t} & datatype exhaustion (type of \isa{t}) \\
5.1882 + \isa{{\isasymturnstile}\ A\ t} & \mbox{\isa{cases}} & \isa{{\isasymdots}} & inductive predicate/set elimination (of \isa{A}) \\
5.1883 + \isa{{\isasymdots}} & \mbox{\isa{cases}} & \isa{{\isasymdots}\ rule{\isacharcolon}\ R} & explicit rule \isa{R} \\
5.1884 + \end{tabular}
5.1885 + \medskip
5.1886 +
5.1887 + Several instantiations may be given, referring to the \emph{suffix}
5.1888 + of premises of the case rule; within each premise, the \emph{prefix}
5.1889 + of variables is instantiated. In most situations, only a single
5.1890 + term needs to be specified; this refers to the first variable of the
5.1891 + last premise (it is usually the same for all cases).
5.1892 +
5.1893 + \item [\mbox{\isa{induct}}~\isa{insts\ R}] is analogous to the
5.1894 + \mbox{\isa{cases}} method, but refers to induction rules, which are
5.1895 + determined as follows:
5.1896 +
5.1897 + \medskip
5.1898 + \begin{tabular}{llll}
5.1899 + facts & & arguments & rule \\\hline
5.1900 + & \mbox{\isa{induct}} & \isa{P\ x\ {\isasymdots}} & datatype induction (type of \isa{x}) \\
5.1901 + \isa{{\isasymturnstile}\ A\ x} & \mbox{\isa{induct}} & \isa{{\isasymdots}} & predicate/set induction (of \isa{A}) \\
5.1902 + \isa{{\isasymdots}} & \mbox{\isa{induct}} & \isa{{\isasymdots}\ rule{\isacharcolon}\ R} & explicit rule \isa{R} \\
5.1903 + \end{tabular}
5.1904 + \medskip
5.1905 +
5.1906 + Several instantiations may be given, each referring to some part of
5.1907 + a mutual inductive definition or datatype --- only related partial
5.1908 + induction rules may be used together, though. Any of the lists of
5.1909 + terms \isa{P{\isacharcomma}\ x{\isacharcomma}\ {\isasymdots}} refers to the \emph{suffix} of variables
5.1910 + present in the induction rule. This enables the writer to specify
5.1911 + only induction variables, or both predicates and variables, for
5.1912 + example.
5.1913 +
5.1914 + Instantiations may be definitional: equations \isa{x\ {\isasymequiv}\ t}
5.1915 + introduce local definitions, which are inserted into the claim and
5.1916 + discharged after applying the induction rule. Equalities reappear
5.1917 + in the inductive cases, but have been transformed according to the
5.1918 + induction principle being involved here. In order to achieve
5.1919 + practically useful induction hypotheses, some variables occurring in
5.1920 + \isa{t} need to be fixed (see below).
5.1921 +
5.1922 + The optional ``\isa{arbitrary{\isacharcolon}\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m}''
5.1923 + specification generalizes variables \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m} of the original goal before applying induction. Thus
5.1924 + induction hypotheses may become sufficiently general to get the
5.1925 + proof through. Together with definitional instantiations, one may
5.1926 + effectively perform induction over expressions of a certain
5.1927 + structure.
5.1928 +
5.1929 + The optional ``\isa{taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n}''
5.1930 + specification provides additional instantiations of a prefix of
5.1931 + pending variables in the rule. Such schematic induction rules
5.1932 + rarely occur in practice, though.
5.1933 +
5.1934 + \item [\mbox{\isa{coinduct}}~\isa{inst\ R}] is analogous to the
5.1935 + \mbox{\isa{induct}} method, but refers to coinduction rules, which are
5.1936 + determined as follows:
5.1937 +
5.1938 + \medskip
5.1939 + \begin{tabular}{llll}
5.1940 + goal & & arguments & rule \\\hline
5.1941 + & \mbox{\isa{coinduct}} & \isa{x\ {\isasymdots}} & type coinduction (type of \isa{x}) \\
5.1942 + \isa{A\ x} & \mbox{\isa{coinduct}} & \isa{{\isasymdots}} & predicate/set coinduction (of \isa{A}) \\
5.1943 + \isa{{\isasymdots}} & \mbox{\isa{coinduct}} & \isa{{\isasymdots}\ R} & explicit rule \isa{R} \\
5.1944 + \end{tabular}
5.1945 +
5.1946 + Coinduction is the dual of induction. Induction essentially
5.1947 + eliminates \isa{A\ x} towards a generic result \isa{P\ x},
5.1948 + while coinduction introduces \isa{A\ x} starting with \isa{B\ x}, for a suitable ``bisimulation'' \isa{B}. The cases of a
5.1949 + coinduct rule are typically named after the predicates or sets being
5.1950 + covered, while the conclusions consist of several alternatives being
5.1951 + named after the individual destructor patterns.
5.1952 +
5.1953 + The given instantiation refers to the \emph{suffix} of variables
5.1954 + occurring in the rule's major premise, or conclusion if unavailable.
5.1955 + An additional ``\isa{taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n}''
5.1956 + specification may be required in order to specify the bisimulation
5.1957 + to be used in the coinduction step.
5.1958 +
5.1959 + \end{descr}
5.1960 +
5.1961 + Above methods produce named local contexts, as determined by the
5.1962 + instantiated rule as given in the text. Beyond that, the \mbox{\isa{induct}} and \mbox{\isa{coinduct}} methods guess further instantiations
5.1963 + from the goal specification itself. Any persisting unresolved
5.1964 + schematic variables of the resulting rule will render the the
5.1965 + corresponding case invalid. The term binding \mbox{\isa{{\isacharquery}case}} for
5.1966 + the conclusion will be provided with each case, provided that term
5.1967 + is fully specified.
5.1968 +
5.1969 + The \mbox{\isa{\isacommand{print{\isacharunderscore}cases}}} command prints all named cases present
5.1970 + in the current proof state.
5.1971 +
5.1972 + \medskip Despite the additional infrastructure, both \mbox{\isa{cases}}
5.1973 + and \mbox{\isa{coinduct}} merely apply a certain rule, after
5.1974 + instantiation, while conforming due to the usual way of monotonic
5.1975 + natural deduction: the context of a structured statement \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ {\isasymdots}}
5.1976 + reappears unchanged after the case split.
5.1977 +
5.1978 + The \mbox{\isa{induct}} method is fundamentally different in this
5.1979 + respect: the meta-level structure is passed through the
5.1980 + ``recursive'' course involved in the induction. Thus the original
5.1981 + statement is basically replaced by separate copies, corresponding to
5.1982 + the induction hypotheses and conclusion; the original goal context
5.1983 + is no longer available. Thus local assumptions, fixed parameters
5.1984 + and definitions effectively participate in the inductive rephrasing
5.1985 + of the original statement.
5.1986 +
5.1987 + In induction proofs, local assumptions introduced by cases are split
5.1988 + into two different kinds: \isa{hyps} stemming from the rule and
5.1989 + \isa{prems} from the goal statement. This is reflected in the
5.1990 + extracted cases accordingly, so invoking ``\mbox{\isa{\isacommand{case}}}~\isa{c}'' will provide separate facts \isa{c{\isachardot}hyps} and \isa{c{\isachardot}prems},
5.1991 + as well as fact \isa{c} to hold the all-inclusive list.
5.1992 +
5.1993 + \medskip Facts presented to either method are consumed according to
5.1994 + the number of ``major premises'' of the rule involved, which is
5.1995 + usually 0 for plain cases and induction rules of datatypes etc.\ and
5.1996 + 1 for rules of inductive predicates or sets and the like. The
5.1997 + remaining facts are inserted into the goal verbatim before the
5.1998 + actual \isa{cases}, \isa{induct}, or \isa{coinduct} rule is
5.1999 + applied.%
5.2000 +\end{isamarkuptext}%
5.2001 +\isamarkuptrue%
5.2002 +%
5.2003 +\isamarkupsubsubsection{Declaring rules%
5.2004 +}
5.2005 +\isamarkuptrue%
5.2006 +%
5.2007 +\begin{isamarkuptext}%
5.2008 +\begin{matharray}{rcl}
5.2009 + \indexdef{}{command}{print-induct-rules}\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}\isa{\isactrlsup {\isacharasterisk}} & : & \isarkeep{theory~|~proof} \\
5.2010 + \indexdef{}{attribute}{cases}\mbox{\isa{cases}} & : & \isaratt \\
5.2011 + \indexdef{}{attribute}{induct}\mbox{\isa{induct}} & : & \isaratt \\
5.2012 + \indexdef{}{attribute}{coinduct}\mbox{\isa{coinduct}} & : & \isaratt \\
5.2013 + \end{matharray}
5.2014 +
5.2015 + \begin{rail}
5.2016 + 'cases' spec
5.2017 + ;
5.2018 + 'induct' spec
5.2019 + ;
5.2020 + 'coinduct' spec
5.2021 + ;
5.2022 +
5.2023 + spec: ('type' | 'pred' | 'set') ':' nameref
5.2024 + ;
5.2025 + \end{rail}
5.2026 +
5.2027 + \begin{descr}
5.2028 +
5.2029 + \item [\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}] prints cases and induct
5.2030 + rules for predicates (or sets) and types of the current context.
5.2031 +
5.2032 + \item [\mbox{\isa{cases}}, \mbox{\isa{induct}}, and \mbox{\isa{coinduct}}] (as attributes) augment the corresponding context of
5.2033 + rules for reasoning about (co)inductive predicates (or sets) and
5.2034 + types, using the corresponding methods of the same name. Certain
5.2035 + definitional packages of object-logics usually declare emerging
5.2036 + cases and induction rules as expected, so users rarely need to
5.2037 + intervene.
5.2038 +
5.2039 + Manual rule declarations usually refer to the \mbox{\isa{case{\isacharunderscore}names}} and \mbox{\isa{params}} attributes to adjust names of
5.2040 + cases and parameters of a rule; the \mbox{\isa{consumes}}
5.2041 + declaration is taken care of automatically: \mbox{\isa{consumes}}~\isa{{\isadigit{0}}} is specified for ``type'' rules and \mbox{\isa{consumes}}~\isa{{\isadigit{1}}} for ``predicate'' / ``set'' rules.
5.2042 +
5.2043 + \end{descr}%
5.2044 +\end{isamarkuptext}%
5.2045 +\isamarkuptrue%
5.2046 +%
5.2047 +\isadelimtheory
5.2048 +%
5.2049 +\endisadelimtheory
5.2050 +%
5.2051 +\isatagtheory
5.2052 +\isacommand{end}\isamarkupfalse%
5.2053 +%
5.2054 +\endisatagtheory
5.2055 +{\isafoldtheory}%
5.2056 +%
5.2057 +\isadelimtheory
5.2058 +%
5.2059 +\endisadelimtheory
5.2060 +\isanewline
5.2061 +\end{isabellebody}%
5.2062 +%%% Local Variables:
5.2063 +%%% mode: latex
5.2064 +%%% TeX-master: "root"
5.2065 +%%% End:
6.1 --- a/doc-src/IsarRef/Thy/document/session.tex Sun May 04 21:34:44 2008 +0200
6.2 +++ b/doc-src/IsarRef/Thy/document/session.tex Mon May 05 15:23:21 2008 +0200
6.3 @@ -4,6 +4,8 @@
6.4
6.5 \input{pure.tex}
6.6
6.7 +\input{Generic.tex}
6.8 +
6.9 \input{Quick_Reference.tex}
6.10
6.11 %%% Local Variables:
7.1 --- a/doc-src/IsarRef/generic.tex Sun May 04 21:34:44 2008 +0200
7.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
7.3 @@ -1,1930 +0,0 @@
7.4 -\chapter{Generic tools and packages}\label{ch:gen-tools}
7.5 -
7.6 -\section{Specification commands}
7.7 -
7.8 -\subsection{Derived specifications}
7.9 -
7.10 -\indexisarcmd{axiomatization}
7.11 -\indexisarcmd{definition}\indexisaratt{defn}
7.12 -\indexisarcmd{abbreviation}\indexisarcmd{print-abbrevs}
7.13 -\indexisarcmd{notation}\indexisarcmd{no-notation}
7.14 -\begin{matharray}{rcll}
7.15 - \isarcmd{axiomatization} & : & \isarkeep{local{\dsh}theory} & (axiomatic!)\\
7.16 - \isarcmd{definition} & : & \isarkeep{local{\dsh}theory} \\
7.17 - defn & : & \isaratt \\
7.18 - \isarcmd{abbreviation} & : & \isarkeep{local{\dsh}theory} \\
7.19 - \isarcmd{print_abbrevs}^* & : & \isarkeep{theory~|~proof} \\
7.20 - \isarcmd{notation} & : & \isarkeep{local{\dsh}theory} \\
7.21 - \isarcmd{no_notation} & : & \isarkeep{local{\dsh}theory} \\
7.22 -\end{matharray}
7.23 -
7.24 -These specification mechanisms provide a slightly more abstract view
7.25 -than the underlying primitives of $\CONSTS$, $\DEFS$ (see
7.26 -\S\ref{sec:consts}), and $\isarkeyword{axioms}$ (see
7.27 -\S\ref{sec:axms-thms}). In particular, type-inference is commonly
7.28 -available, and result names need not be given.
7.29 -
7.30 -\begin{rail}
7.31 - 'axiomatization' target? fixes? ('where' specs)?
7.32 - ;
7.33 - 'definition' target? (decl 'where')? thmdecl? prop
7.34 - ;
7.35 - 'abbreviation' target? mode? (decl 'where')? prop
7.36 - ;
7.37 - ('notation' | 'no\_notation') target? mode? (nameref structmixfix + 'and')
7.38 - ;
7.39 -
7.40 - fixes: ((name ('::' type)? mixfix? | vars) + 'and')
7.41 - ;
7.42 - specs: (thmdecl? props + 'and')
7.43 - ;
7.44 - decl: name ('::' type)? mixfix?
7.45 - ;
7.46 -\end{rail}
7.47 -
7.48 -\begin{descr}
7.49 -
7.50 -\item $\isarkeyword{axiomatization} ~ c@1 \dots c@n ~
7.51 - \isarkeyword{where} ~ A@1 \dots A@m$ introduces several constants
7.52 - simultaneously and states axiomatic properties for these. The
7.53 - constants are marked as being specified once and for all, which
7.54 - prevents additional specifications being issued later on.
7.55 -
7.56 - Note that axiomatic specifications are only appropriate when
7.57 - declaring a new logical system. Normal applications should only use
7.58 - definitional mechanisms!
7.59 -
7.60 -\item $\isarkeyword{definition}~c~\isarkeyword{where}~eq$ produces an
7.61 - internal definition $c \equiv t$ according to the specification
7.62 - given as $eq$, which is then turned into a proven fact. The given
7.63 - proposition may deviate from internal meta-level equality according
7.64 - to the rewrite rules declared as $defn$ by the object-logic. This
7.65 - typically covers object-level equality $x = t$ and equivalence $A
7.66 - \leftrightarrow B$. Users normally need not change the $defn$
7.67 - setup.
7.68 -
7.69 - Definitions may be presented with explicit arguments on the LHS, as
7.70 - well as additional conditions, e.g.\ $f\;x\;y = t$ instead of $f
7.71 - \equiv \lambda x\;y. t$ and $y \not= 0 \Imp g\;x\;y = u$ instead of
7.72 - an unguarded $g \equiv \lambda x\;y. u$.
7.73 -
7.74 -\item $\isarkeyword{abbreviation}~c~\isarkeyword{where}~eq$ introduces
7.75 - a syntactic constant which is associated with a certain term
7.76 - according to the meta-level equality $eq$.
7.77 -
7.78 - Abbreviations participate in the usual type-inference process, but
7.79 - are expanded before the logic ever sees them. Pretty printing of
7.80 - terms involves higher-order rewriting with rules stemming from
7.81 - reverted abbreviations. This needs some care to avoid overlapping
7.82 - or looping syntactic replacements!
7.83 -
7.84 - The optional $mode$ specification restricts output to a particular
7.85 - print mode; using ``$input$'' here achieves the effect of one-way
7.86 - abbreviations. The mode may also include an ``$output$'' qualifier
7.87 - that affects the concrete syntax declared for abbreviations, cf.\
7.88 - $\isarkeyword{syntax}$ in \S\ref{sec:syn-trans}.
7.89 -
7.90 -\item $\isarkeyword{print_abbrevs}$ prints all constant abbreviations
7.91 - of the current context.
7.92 -
7.93 -\item $\isarkeyword{notation}~c~mx$ associates mixfix syntax with an
7.94 - existing constant or fixed variable. This is a robust interface to
7.95 - the underlying $\isarkeyword{syntax}$ primitive
7.96 - (\S\ref{sec:syn-trans}). Type declaration and internal syntactic
7.97 - representation of the given entity is retrieved from the context.
7.98 -
7.99 -\item $\isarkeyword{no_notation}$ is similar to
7.100 - $\isarkeyword{notation}$, but removes the specified syntax
7.101 - annotation from the present context.
7.102 -
7.103 -\end{descr}
7.104 -
7.105 -All of these specifications support local theory targets (cf.\
7.106 -\S\ref{sec:target}).
7.107 -
7.108 -
7.109 -\subsection{Generic declarations}
7.110 -
7.111 -Arbitrary operations on the background context may be wrapped-up as
7.112 -generic declaration elements. Since the underlying concept of local
7.113 -theories may be subject to later re-interpretation, there is an
7.114 -additional dependency on a morphism that tells the difference of the
7.115 -original declaration context wrt.\ the application context encountered
7.116 -later on. A fact declaration is an important special case: it
7.117 -consists of a theorem which is applied to the context by means of an
7.118 -attribute.
7.119 -
7.120 -\indexisarcmd{declaration}\indexisarcmd{declare}
7.121 -\begin{matharray}{rcl}
7.122 - \isarcmd{declaration} & : & \isarkeep{local{\dsh}theory} \\
7.123 - \isarcmd{declare} & : & \isarkeep{local{\dsh}theory} \\
7.124 -\end{matharray}
7.125 -
7.126 -\begin{rail}
7.127 - 'declaration' target? text
7.128 - ;
7.129 - 'declare' target? (thmrefs + 'and')
7.130 - ;
7.131 -\end{rail}
7.132 -
7.133 -\begin{descr}
7.134 -
7.135 -\item [$\isarkeyword{declaration}~d$] adds the declaration function
7.136 - $d$ of ML type \verb,declaration, to the current local theory under
7.137 - construction. In later application contexts, the function is
7.138 - transformed according to the morphisms being involved in the
7.139 - interpretation hierarchy.
7.140 -
7.141 -\item [$\isarkeyword{declare}~thms$] declares theorems to the current
7.142 - local theory context. No theorem binding is involved here, unlike
7.143 - $\isarkeyword{theorems}$ or $\isarkeyword{lemmas}$ (cf.\
7.144 - \S\ref{sec:axms-thms}), so $\isarkeyword{declare}$ only has the
7.145 - effect of applying attributes as included in the theorem
7.146 - specification.
7.147 -
7.148 -\end{descr}
7.149 -
7.150 -
7.151 -\subsection{Local theory targets}\label{sec:target}
7.152 -
7.153 -A local theory target is a context managed separately within the
7.154 -enclosing theory. Contexts may introduce parameters (fixed variables)
7.155 -and assumptions (hypotheses). Definitions and theorems depending on
7.156 -the context may be added incrementally later on. Named contexts refer
7.157 -to locales (cf.\ \S\ref{sec:locale}) or type classes (cf.\
7.158 -\S\ref{sec:class}); the name ``$-$'' signifies the global theory
7.159 -context.
7.160 -
7.161 -\indexisarcmd{context}\indexisarcmd{end}
7.162 -\begin{matharray}{rcll}
7.163 - \isarcmd{context} & : & \isartrans{theory}{local{\dsh}theory} \\
7.164 - \isarcmd{end} & : & \isartrans{local{\dsh}theory}{theory} \\
7.165 -\end{matharray}
7.166 -
7.167 -\indexouternonterm{target}
7.168 -\begin{rail}
7.169 - 'context' name 'begin'
7.170 - ;
7.171 -
7.172 - target: '(' 'in' name ')'
7.173 - ;
7.174 -\end{rail}
7.175 -
7.176 -\begin{descr}
7.177 -
7.178 -\item $\isarkeyword{context}~c~\isarkeyword{begin}$ recommences an
7.179 - existing locale or class context $c$. Note that locale and class
7.180 - definitions allow to include the $\isarkeyword{begin}$ keyword as
7.181 - well, in order to continue the local theory immediately after the
7.182 - initial specification.
7.183 -
7.184 -\item $\END$ concludes the current local theory and continues the
7.185 - enclosing global theory. Note that a non-local $\END$ has a
7.186 - different meaning: it concludes the theory itself
7.187 - (\S\ref{sec:begin-thy}).
7.188 -
7.189 -\item $(\IN~loc)$ given after any local theory command specifies an
7.190 - immediate target, e.g.\
7.191 - ``$\isarkeyword{definition}~(\IN~loc)~\dots$'' or
7.192 - ``$\THEOREMNAME~(\IN~loc)~\dots$''. This works both in a local or
7.193 - global theory context; the current target context will be suspended
7.194 - for this command only. Note that $(\IN~-)$ will always produce a
7.195 - global result independently of the current target context.
7.196 -
7.197 -\end{descr}
7.198 -
7.199 -The exact meaning of results produced within a local theory context
7.200 -depends on the underlying target infrastructure (locale, type class
7.201 -etc.). The general idea is as follows, considering a context named
7.202 -$c$ with parameter $x$ and assumption $A[x]$.
7.203 -
7.204 -Definitions are exported by introducing a global version with
7.205 -additional arguments; a syntactic abbreviation links the long form
7.206 -with the abstract version of the target context. For example, $a
7.207 -\equiv t[x]$ becomes $c\dtt a \; ?x \equiv t[?x]$ at the theory level
7.208 -(for arbitrary $?x$), together with a local abbreviation $c \equiv
7.209 -c\dtt a\; x$ in the target context (for fixed $x$).
7.210 -
7.211 -Theorems are exported by discharging the assumptions and generalizing
7.212 -the parameters of the context. For example, $a: B[x]$ becomes $c\dtt
7.213 -a: A[?x] \Imp B[?x]$ (for arbitrary $?x$).
7.214 -
7.215 -
7.216 -\subsection{Locales}\label{sec:locale}
7.217 -
7.218 -Locales are named local contexts, consisting of a list of declaration elements
7.219 -that are modeled after the Isar proof context commands (cf.\
7.220 -\S\ref{sec:proof-context}).
7.221 -
7.222 -
7.223 -\subsubsection{Locale specifications}
7.224 -
7.225 -\indexisarcmd{locale}\indexisarcmd{print-locale}\indexisarcmd{print-locales}
7.226 -\begin{matharray}{rcl}
7.227 - \isarcmd{locale} & : & \isartrans{theory}{local{\dsh}theory} \\
7.228 - \isarcmd{print_locale}^* & : & \isarkeep{theory~|~proof} \\
7.229 - \isarcmd{print_locales}^* & : & \isarkeep{theory~|~proof} \\
7.230 - intro_locales & : & \isarmeth \\
7.231 - unfold_locales & : & \isarmeth \\
7.232 -\end{matharray}
7.233 -
7.234 -\indexouternonterm{contextexpr}\indexouternonterm{contextelem}
7.235 -\indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes}
7.236 -\indexisarelem{defines}\indexisarelem{notes}\indexisarelem{includes}
7.237 -
7.238 -\begin{rail}
7.239 - 'locale' ('(open)')? name ('=' localeexpr)? 'begin'?
7.240 - ;
7.241 - 'print\_locale' '!'? localeexpr
7.242 - ;
7.243 - localeexpr: ((contextexpr '+' (contextelem+)) | contextexpr | (contextelem+))
7.244 - ;
7.245 -
7.246 - contextexpr: nameref | '(' contextexpr ')' |
7.247 - (contextexpr (name mixfix? +)) | (contextexpr + '+')
7.248 - ;
7.249 - contextelem: fixes | constrains | assumes | defines | notes
7.250 - ;
7.251 - fixes: 'fixes' ((name ('::' type)? structmixfix? | vars) + 'and')
7.252 - ;
7.253 - constrains: 'constrains' (name '::' type + 'and')
7.254 - ;
7.255 - assumes: 'assumes' (thmdecl? props + 'and')
7.256 - ;
7.257 - defines: 'defines' (thmdecl? prop proppat? + 'and')
7.258 - ;
7.259 - notes: 'notes' (thmdef? thmrefs + 'and')
7.260 - ;
7.261 - includes: 'includes' contextexpr
7.262 - ;
7.263 -\end{rail}
7.264 -
7.265 -\begin{descr}
7.266 -
7.267 -\item [$\LOCALE~loc~=~import~+~body$] defines a new locale $loc$ as a context
7.268 - consisting of a certain view of existing locales ($import$) plus some
7.269 - additional elements ($body$). Both $import$ and $body$ are optional; the
7.270 - degenerate form $\LOCALE~loc$ defines an empty locale, which may still be
7.271 - useful to collect declarations of facts later on. Type-inference on locale
7.272 - expressions automatically takes care of the most general typing that the
7.273 - combined context elements may acquire.
7.274 -
7.275 - The $import$ consists of a structured context expression, consisting of
7.276 - references to existing locales, renamed contexts, or merged contexts.
7.277 - Renaming uses positional notation: $c~\vec x$ means that (a prefix of) the
7.278 - fixed parameters of context $c$ are named according to $\vec x$; a
7.279 - ``\texttt{_}'' (underscore) \indexisarthm{_@\texttt{_}} means to skip that
7.280 - position. Renaming by default deletes existing syntax. Optionally,
7.281 - new syntax may by specified with a mixfix annotation. Note that the
7.282 - special syntax declared with ``$(structure)$'' (see below) is
7.283 - neither deleted nor can it be changed.
7.284 - Merging proceeds from left-to-right, suppressing any duplicates stemming
7.285 - from different paths through the import hierarchy.
7.286 -
7.287 - The $body$ consists of basic context elements, further context expressions
7.288 - may be included as well.
7.289 -
7.290 - \begin{descr}
7.291 -
7.292 - \item [$\FIXES{~x::\tau~(mx)}$] declares a local parameter of type $\tau$
7.293 - and mixfix annotation $mx$ (both are optional). The special syntax
7.294 - declaration ``$(structure)$'' means that $x$ may be referenced
7.295 - implicitly in this context.
7.296 -
7.297 - \item [$\CONSTRAINS{~x::\tau}$] introduces a type constraint $\tau$
7.298 - on the local parameter $x$.
7.299 -
7.300 - \item [$\ASSUMES{a}{\vec\phi}$] introduces local premises, similar to
7.301 - $\ASSUMENAME$ within a proof (cf.\ \S\ref{sec:proof-context}).
7.302 -
7.303 - \item [$\DEFINES{a}{x \equiv t}$] defines a previously declared parameter.
7.304 - This is close to $\DEFNAME$ within a proof (cf.\
7.305 - \S\ref{sec:proof-context}), but $\DEFINESNAME$ takes an equational
7.306 - proposition instead of variable-term pair. The left-hand side of the
7.307 - equation may have additional arguments, e.g.\ ``$\DEFINES{}{f~\vec x
7.308 - \equiv t}$''.
7.309 -
7.310 - \item [$\NOTES{a}{\vec b}$] reconsiders facts within a local context. Most
7.311 - notably, this may include arbitrary declarations in any attribute
7.312 - specifications included here, e.g.\ a local $simp$ rule.
7.313 -
7.314 - \item [$\INCLUDES{c}$] copies the specified context in a statically scoped
7.315 - manner. Only available in the long goal format of \S\ref{sec:goals}.
7.316 -
7.317 - In contrast, the initial $import$ specification of a locale expression
7.318 - maintains a dynamic relation to the locales being referenced (benefiting
7.319 - from any later fact declarations in the obvious manner).
7.320 - \end{descr}
7.321 -
7.322 - Note that ``$\IS{p}$'' patterns given in the syntax of $\ASSUMESNAME$ and
7.323 - $\DEFINESNAME$ above are illegal in locale definitions. In the long goal
7.324 - format of \S\ref{sec:goals}, term bindings may be included as expected,
7.325 - though.
7.326 -
7.327 - \medskip By default, locale specifications are ``closed up'' by turning the
7.328 - given text into a predicate definition $loc_axioms$ and deriving the
7.329 - original assumptions as local lemmas (modulo local definitions). The
7.330 - predicate statement covers only the newly specified assumptions, omitting
7.331 - the content of included locale expressions. The full cumulative view is
7.332 - only provided on export, involving another predicate $loc$ that refers to
7.333 - the complete specification text.
7.334 -
7.335 - In any case, the predicate arguments are those locale parameters that
7.336 - actually occur in the respective piece of text. Also note that these
7.337 - predicates operate at the meta-level in theory, but the locale packages
7.338 - attempts to internalize statements according to the object-logic setup
7.339 - (e.g.\ replacing $\Forall$ by $\forall$, and $\Imp$ by $\imp$ in HOL; see
7.340 - also \S\ref{sec:object-logic}). Separate introduction rules
7.341 - $loc_axioms.intro$ and $loc.intro$ are declared as well.
7.342 -
7.343 - The $(open)$ option of a locale specification prevents both the current
7.344 - $loc_axioms$ and cumulative $loc$ predicate constructions. Predicates are
7.345 - also omitted for empty specification texts.
7.346 -
7.347 -\item [$\isarkeyword{print_locale}~import~+~body$] prints the specified locale
7.348 - expression in a flattened form. The notable special case
7.349 - $\isarkeyword{print_locale}~loc$ just prints the contents of the named
7.350 - locale, but keep in mind that type-inference will normalize type variables
7.351 - according to the usual alphabetical order. The command omits
7.352 - $\isarkeyword{notes}$ elements by default. Use
7.353 - $\isarkeyword{print_locale}!$ to get them included.
7.354 -
7.355 -\item [$\isarkeyword{print_locales}$] prints the names of all locales of the
7.356 - current theory.
7.357 -
7.358 -\item [$intro_locales$ and $unfold_locales$] repeatedly expand
7.359 - all introduction rules of locale predicates of the theory. While
7.360 - $intro_locales$ only applies the $loc.intro$ introduction rules and
7.361 - therefore does not decend to assumptions, $unfold_locales$ is more
7.362 - aggressive and applies $loc_axioms.intro$ as well. Both methods are
7.363 - aware of locale specifications entailed by the context, both from
7.364 - target and $\isarkeyword{includes}$ statements, and from
7.365 - interpretations (see below). New goals that are entailed by the
7.366 - current context are discharged automatically.
7.367 -
7.368 -\end{descr}
7.369 -
7.370 -
7.371 -\subsubsection{Interpretation of locales}
7.372 -
7.373 -Locale expressions (more precisely, \emph{context expressions}) may be
7.374 -instantiated, and the instantiated facts added to the current context.
7.375 -This requires a proof of the instantiated specification and is called
7.376 -\emph{locale interpretation}. Interpretation is possible in theories
7.377 -and locales (command $\isarcmd{interpretation}$) and also in proof
7.378 -contexts ($\isarcmd{interpret}$).
7.379 -
7.380 -\indexisarcmd{interpretation}\indexisarcmd{interpret}
7.381 -\indexisarcmd{print-interps}
7.382 -\begin{matharray}{rcl}
7.383 - \isarcmd{interpretation} & : & \isartrans{theory}{proof(prove)} \\
7.384 - \isarcmd{interpret} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
7.385 - \isarcmd{print_interps}^* & : & \isarkeep{theory~|~proof} \\
7.386 -\end{matharray}
7.387 -
7.388 -\indexouternonterm{interp}
7.389 -
7.390 -\railalias{printinterps}{print\_interps}
7.391 -\railterm{printinterps}
7.392 -
7.393 -\begin{rail}
7.394 - 'interpretation' (interp | name ('<' | subseteq) contextexpr)
7.395 - ;
7.396 - 'interpret' interp
7.397 - ;
7.398 - printinterps '!'? name
7.399 - ;
7.400 - instantiation: ('[' (inst+) ']')?
7.401 - ;
7.402 - interp: thmdecl? \\ (contextexpr instantiation |
7.403 - name instantiation 'where' (thmdecl? prop + 'and'))
7.404 - ;
7.405 -\end{rail}
7.406 -
7.407 -
7.408 -\begin{descr}
7.409 -
7.410 -\item [$\isarcmd{interpretation}~expr~insts~\isarkeyword{where}~eqns$]
7.411 -
7.412 - The first form of $\isarcmd{interpretation}$ interprets $expr$ in
7.413 - the theory. The instantiation is given as a list of terms $insts$
7.414 - and is positional. All parameters must receive an instantiation
7.415 - term --- with the exception of defined parameters. These are, if
7.416 - omitted, derived from the defining equation and other
7.417 - instantiations. Use ``\_'' to omit an instantiation term. Free
7.418 - variables are automatically generalized.
7.419 -
7.420 - The command generates proof obligations for the instantiated
7.421 - specifications (assumes and defines elements). Once these are
7.422 - discharged by the user, instantiated facts are added to the theory in
7.423 - a post-processing phase.
7.424 -
7.425 - Additional equations, which are unfolded in facts during
7.426 - post-processing, may be given after the keyword
7.427 - $\isarkeyword{where}$. This is useful for interpreting concepts
7.428 - introduced through definition specification elements. The equations
7.429 - must be proved. Note that if equations are present, the context
7.430 - expression is restricted to a locale name.
7.431 -
7.432 - The command is aware of interpretations already active in the
7.433 - theory. No proof obligations are generated for those, neither is
7.434 - post-processing applied to their facts. This avoids duplication of
7.435 - interpreted facts, in particular. Note that, in the case of a
7.436 - locale with import, parts of the interpretation may already be
7.437 - active. The command will only generate proof obligations and process
7.438 - facts for new parts.
7.439 -
7.440 - The context expression may be preceded by a name and/or attributes.
7.441 - These take effect in the post-processing of facts. The name is used
7.442 - to prefix fact names, for example to avoid accidental hiding of
7.443 - other facts. Attributes are applied after attributes of the
7.444 - interpreted facts.
7.445 -
7.446 - Adding facts to locales has the
7.447 - effect of adding interpreted facts to the theory for all active
7.448 - interpretations also. That is, interpretations dynamically
7.449 - participate in any facts added to locales.
7.450 -
7.451 -\item [$\isarcmd{interpretation}~name~\subseteq~expr$]
7.452 -
7.453 - This form of the command interprets $expr$ in the locale $name$. It
7.454 - requires a proof that the specification of $name$ implies the
7.455 - specification of $expr$. As in the localized version of the theorem
7.456 - command, the proof is in the context of $name$. After the proof
7.457 - obligation has been dischared, the facts of $expr$
7.458 - become part of locale $name$ as \emph{derived} context elements and
7.459 - are available when the context $name$ is subsequently entered.
7.460 - Note that, like import, this is dynamic: facts added to a locale
7.461 - part of $expr$ after interpretation become also available in
7.462 - $name$. Like facts
7.463 - of renamed context elements, facts obtained by interpretation may be
7.464 - accessed by prefixing with the parameter renaming (where the parameters
7.465 - are separated by `\_').
7.466 -
7.467 - Unlike interpretation in theories, instantiation is confined to the
7.468 - renaming of parameters, which may be specified as part of the context
7.469 - expression $expr$. Using defined parameters in $name$ one may
7.470 - achieve an effect similar to instantiation, though.
7.471 -
7.472 - Only specification fragments of $expr$ that are not already part of
7.473 - $name$ (be it imported, derived or a derived fragment of the import)
7.474 - are considered by interpretation. This enables circular
7.475 - interpretations.
7.476 -
7.477 - If interpretations of $name$ exist in the current theory, the
7.478 - command adds interpretations for $expr$ as well, with the same
7.479 - prefix and attributes, although only for fragments of $expr$ that
7.480 - are not interpreted in the theory already.
7.481 -
7.482 -\item [$\isarcmd{interpret}~expr~insts~\isarkeyword{where}~eqns$]
7.483 - interprets $expr$ in the proof context and is otherwise similar to
7.484 - interpretation in theories. Free variables in instantiations are not
7.485 - generalized, however.
7.486 -
7.487 -\item [$\isarcmd{print_interps}~loc$]
7.488 - prints the interpretations of a particular locale $loc$ that are
7.489 - active in the current context, either theory or proof context. The
7.490 - exclamation point argument triggers printing of
7.491 - \emph{witness} theorems justifying interpretations. These are
7.492 - normally omitted from the output.
7.493 -
7.494 -
7.495 -\end{descr}
7.496 -
7.497 -\begin{warn}
7.498 - Since attributes are applied to interpreted theorems, interpretation
7.499 - may modify the context of common proof tools, e.g.\ the Simplifier
7.500 - or Classical Reasoner. Since the behavior of such automated
7.501 - reasoning tools is \emph{not} stable under interpretation morphisms,
7.502 - manual declarations might have to be issued.
7.503 -\end{warn}
7.504 -
7.505 -\begin{warn}
7.506 - An interpretation in a theory may subsume previous interpretations.
7.507 - This happens if the same specification fragment is interpreted twice
7.508 - and the instantiation of the second interpretation is more general
7.509 - than the interpretation of the first. A warning is issued, since it
7.510 - is likely that these could have been generalized in the first place.
7.511 - The locale package does not attempt to remove subsumed
7.512 - interpretations.
7.513 -\end{warn}
7.514 -
7.515 -
7.516 -\subsection{Classes}\label{sec:class}
7.517 -
7.518 -A class is a peculiarity of a locale with \emph{exactly one} type variable.
7.519 -Beyond the underlying locale, a corresponding type class is established which
7.520 -is interpreted logically as axiomatic type class \cite{Wenzel:1997:TPHOL}
7.521 -whose logical content are the assumptions of the locale. Thus, classes provide
7.522 -the full generality of locales combined with the commodity of type classes
7.523 -(notably type-inference). See \cite{isabelle-classes} for a short tutorial.
7.524 -
7.525 -\indexisarcmd{class}\indexisarcmd{instantiation}\indexisarcmd{subclass}\indexisarcmd{class}\indexisarcmd{print-classes}
7.526 -\begin{matharray}{rcl}
7.527 - \isarcmd{class} & : & \isartrans{theory}{local{\dsh}theory} \\
7.528 - \isarcmd{instantiation} & : & \isartrans{theory}{local{\dsh}theory} \\
7.529 - \isarcmd{instance} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
7.530 - \isarcmd{subclass} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
7.531 - \isarcmd{print_classes}^* & : & \isarkeep{theory~|~proof} \\
7.532 - intro_classes & : & \isarmeth
7.533 -\end{matharray}
7.534 -
7.535 -\begin{rail}
7.536 - 'class' name '=' ((superclassexpr '+' (contextelem+)) | superclassexpr | (contextelem+)) \\
7.537 - 'begin'?
7.538 - ;
7.539 - 'instantiation' (nameref + 'and') '::' arity 'begin'
7.540 - ;
7.541 - 'instance'
7.542 - ;
7.543 - 'subclass' target? nameref
7.544 - ;
7.545 - 'print\_classes'
7.546 - ;
7.547 -
7.548 - superclassexpr: nameref | (nameref '+' superclassexpr)
7.549 - ;
7.550 -\end{rail}
7.551 -
7.552 -\begin{descr}
7.553 -
7.554 -\item [$\CLASS~c = superclasses~+~body$] defines a new class $c$,
7.555 - inheriting from $superclasses$. This introduces a locale $c$
7.556 - inheriting from all the locales $superclasses$. Correspondingly,
7.557 - a type class $c$, inheriting from type classes $superclasses$.
7.558 - $\FIXESNAME$ in $body$ are lifted to the global theory level
7.559 - (\emph{class operations} $\vec f$ of class $c$),
7.560 - mapping the local type parameter $\alpha$ to a schematic
7.561 - type variable $?\alpha::c$.
7.562 - $\ASSUMESNAME$ in $body$ are also lifted, mapping each local parameter
7.563 - $f::\tau [\alpha]$ to its corresponding global constant
7.564 - $f::\tau [?\alpha::c]$.
7.565 - A suitable introduction rule is provided as $c_class_axioms.intro$.
7.566 - Explicit references to this should rarely be needed; mostly
7.567 - this rules will be applied implicitly by the $intro_classes$ method.
7.568 -
7.569 -\item [$\INSTANTIATION~\vec t~::~(\vec s)~s~\isarkeyword{begin}$]
7.570 - opens a theory target (cf.\S\ref{sec:target}) which allows to specify
7.571 - class operations $\vec f$ corresponding to sort $s$ at particular
7.572 - type instances $\vec{\alpha::s}~t$ for each $t$ in $\vec t$.
7.573 - An $\INSTANCE$ command in the target body sets up a goal stating
7.574 - the type arities given after the $\INSTANTIATION$ keyword.
7.575 - The possibility to give a list of type constructors with same arity
7.576 - nicely corresponds to mutual recursive type definitions in Isabelle/HOL.
7.577 - The target is concluded by an $\isarkeyword{end}$ keyword.
7.578 -
7.579 -\item [$\INSTANCE$] in an instantiation target body sets up a goal stating
7.580 - the type arities claimed at the opening $\INSTANTIATION$ keyword.
7.581 - The proof would usually proceed by $intro_classes$, and then establish the
7.582 - characteristic theorems of the type classes involved.
7.583 - After finishing the proof, the background theory will be
7.584 - augmented by the proven type arities.
7.585 -
7.586 -\item [$\SUBCLASS~c$] in a class context for class $d$
7.587 - sets up a goal stating that class $c$ is logically
7.588 - contained in class $d$. After finishing the proof, class $d$ is proven
7.589 - to be subclass $c$ and the locale $c$ is interpreted into $d$ simultaneously.
7.590 -
7.591 -\item [$\isarkeyword{print_classes}$] prints all classes
7.592 - in the current theory.
7.593 -
7.594 -\item [$intro_classes$] repeatedly expands all class introduction rules of
7.595 - this theory. Note that this method usually needs not be named explicitly,
7.596 - as it is already included in the default proof step (of $\PROOFNAME$ etc.).
7.597 - In particular, instantiation of trivial (syntactic) classes may be performed
7.598 - by a single ``$\DDOT$'' proof step.
7.599 -
7.600 -\end{descr}
7.601 -
7.602 -
7.603 -\subsubsection{Class target}
7.604 -
7.605 -A named context may refer to a locale (cf.~\S\ref{sec:target}). If this
7.606 -locale is also a class $c$, beside the common locale target behaviour
7.607 -the following occurs:
7.608 -
7.609 -\begin{itemize}
7.610 - \item Local constant declarations $g [\alpha]$ referring to the local type
7.611 - parameter $\alpha$ and local parameters $\vec f [\alpha]$ are accompagnied
7.612 - by theory-level constants $g [?\alpha::c]$ referring to theory-level
7.613 - class operations $\vec f [?\alpha::c]$
7.614 - \item Local theorem bindings are lifted as are assumptions.
7.615 - \item Local syntax refers to local operations $g [\alpha]$ and
7.616 - global operations $g [?\alpha::c]$ uniformly. Type inference
7.617 - resolves ambiguities; in rare cases, manual type annotations are needed.
7.618 -\end{itemize}
7.619 -
7.620 -
7.621 -\subsection{Axiomatic type classes}\label{sec:axclass}
7.622 -
7.623 -\indexisarcmd{axclass}\indexisarmeth{intro-classes}
7.624 -\begin{matharray}{rcl}
7.625 - \isarcmd{axclass} & : & \isartrans{theory}{theory} \\
7.626 - \isarcmd{instance} & : & \isartrans{theory}{proof(prove)} \\
7.627 -\end{matharray}
7.628 -
7.629 -Axiomatic type classes are Isabelle/Pure's primitive \emph{definitional} interface
7.630 -to type classes. For practical applications, you should consider using classes
7.631 -(cf.~\S\ref{sec:classes}) which provide a convenient user interface.
7.632 -
7.633 -\begin{rail}
7.634 - 'axclass' classdecl (axmdecl prop +)
7.635 - ;
7.636 - 'instance' (nameref ('<' | subseteq) nameref | nameref '::' arity)
7.637 - ;
7.638 -\end{rail}
7.639 -
7.640 -\begin{descr}
7.641 -
7.642 -\item [$\AXCLASS~c \subseteq \vec c~~axms$] defines an axiomatic type class as
7.643 - the intersection of existing classes, with additional axioms holding. Class
7.644 - axioms may not contain more than one type variable. The class axioms (with
7.645 - implicit sort constraints added) are bound to the given names. Furthermore
7.646 - a class introduction rule is generated (being bound as
7.647 - $c_class{\dtt}intro$); this rule is employed by method $intro_classes$ to
7.648 - support instantiation proofs of this class.
7.649 -
7.650 - The ``axioms'' are stored as theorems according to the given name
7.651 - specifications, adding the class name $c$ as name space prefix; the same
7.652 - facts are also stored collectively as $c_class{\dtt}axioms$.
7.653 -
7.654 -\item [$\INSTANCE~c@1 \subseteq c@2$ and $\INSTANCE~t :: (\vec s)s$] setup a
7.655 - goal stating a class relation or type arity. The proof would usually
7.656 - proceed by $intro_classes$, and then establish the characteristic theorems
7.657 - of the type classes involved. After finishing the proof, the theory will be
7.658 - augmented by a type signature declaration corresponding to the resulting
7.659 - theorem.
7.660 -
7.661 -\end{descr}
7.662 -
7.663 -
7.664 -\subsection{Arbitrary overloading}
7.665 -
7.666 -Isabelle/Pure's definitional schemes support certain forms of overloading
7.667 -(see \S\ref{sec:consts}). At most occassions overloading will be used
7.668 -in a Haskell-like fashion together with type classes by means of
7.669 -$\isarcmd{instantiation}$ (see \S\ref{sec:class}). However in some cases
7.670 -low-level overloaded definitions are desirable, together with some specification
7.671 -tool. A convenient user-view is provided by the $\isarcmd{overloading}$ target.
7.672 -
7.673 -\indexisarcmd{overloading}
7.674 -\begin{matharray}{rcl}
7.675 - \isarcmd{overloading} & : & \isartrans{theory}{local{\dsh}theory} \\
7.676 -\end{matharray}
7.677 -
7.678 -\begin{rail}
7.679 - 'overloading' \\
7.680 - ( string ( '==' | equiv ) term ( '(' 'unchecked' ')' )? + ) 'begin'
7.681 -\end{rail}
7.682 -
7.683 -\begin{descr}
7.684 -
7.685 -\item [$\OVERLOADING~\vec{v \equiv f :: \tau}~\isarkeyword{begin}$]
7.686 - opens a theory target (cf.\S\ref{sec:target}) which allows to specify
7.687 - constants with overloaded definitions. These are identified
7.688 - by an explicitly given mapping from variable names $v$ to
7.689 - constants $f$ at a particular type instance $\tau$. The definitions
7.690 - themselves are established using common specification tools,
7.691 - using the names $v$ as reference to the corresponding constants.
7.692 - A $(unchecked)$ option disables global dependency checks for the corresponding
7.693 - definition, which is occasionally useful for exotic overloading. It
7.694 - is at the discretion of the user to avoid malformed theory
7.695 - specifications! The target is concluded by an $\isarkeyword{end}$ keyword.
7.696 -
7.697 -\end{descr}
7.698 -
7.699 -
7.700 -\subsection{Configuration options}
7.701 -
7.702 -Isabelle/Pure maintains a record of named configuration options within the
7.703 -theory or proof context, with values of type $bool$, $int$, or $string$.
7.704 -Tools may declare options in ML, and then refer to these values (relative to
7.705 -the context). Thus global reference variables are easily avoided. The user
7.706 -may change the value of a configuration option by means of an associated
7.707 -attribute of the same name. This form of context declaration works
7.708 -particularly well with commands such as $\isarkeyword{declare}$ or
7.709 -$\isarkeyword{using}$.
7.710 -
7.711 -For historical reasons, some tools cannot take the full proof context
7.712 -into account and merely refer to the background theory. This is
7.713 -accommodated by configuration options being declared as ``global'',
7.714 -which may not be changed within a local context.
7.715 -
7.716 -\indexisarcmd{print-configs}
7.717 -\begin{matharray}{rcll}
7.718 - \isarcmd{print_configs} & : & \isarkeep{theory~|~proof} \\
7.719 -\end{matharray}
7.720 -
7.721 -\begin{rail}
7.722 - name ('=' ('true' | 'false' | int | name))?
7.723 -\end{rail}
7.724 -
7.725 -\begin{descr}
7.726 -
7.727 -\item [$\isarkeyword{print_configs}$] prints the available configuration
7.728 - options, with names, types, and current values.
7.729 -
7.730 -\item [$name = value$] as an attribute expression modifies the named option,
7.731 - with the syntax of the value depending on the option's type. For $bool$ the
7.732 - default value is $true$. Any attempt to change a global option in a local
7.733 - context is ignored.
7.734 -
7.735 -\end{descr}
7.736 -
7.737 -
7.738 -\section{Derived proof schemes}
7.739 -
7.740 -\subsection{Generalized elimination}\label{sec:obtain}
7.741 -
7.742 -\indexisarcmd{obtain}\indexisarcmd{guess}
7.743 -\begin{matharray}{rcl}
7.744 - \isarcmd{obtain} & : & \isartrans{proof(state)}{proof(prove)} \\
7.745 - \isarcmd{guess}^* & : & \isartrans{proof(state)}{proof(prove)} \\
7.746 -\end{matharray}
7.747 -
7.748 -Generalized elimination means that additional elements with certain properties
7.749 -may be introduced in the current context, by virtue of a locally proven
7.750 -``soundness statement''. Technically speaking, the $\OBTAINNAME$ language
7.751 -element is like a declaration of $\FIXNAME$ and $\ASSUMENAME$ (see also see
7.752 -\S\ref{sec:proof-context}), together with a soundness proof of its additional
7.753 -claim. According to the nature of existential reasoning, assumptions get
7.754 -eliminated from any result exported from the context later, provided that the
7.755 -corresponding parameters do \emph{not} occur in the conclusion.
7.756 -
7.757 -\begin{rail}
7.758 - 'obtain' parname? (vars + 'and') 'where' (props + 'and')
7.759 - ;
7.760 - 'guess' (vars + 'and')
7.761 - ;
7.762 -\end{rail}
7.763 -
7.764 -$\OBTAINNAME$ is defined as a derived Isar command as follows, where $\vec b$
7.765 -shall refer to (optional) facts indicated for forward chaining.
7.766 -\begin{matharray}{l}
7.767 - \langle facts~\vec b\rangle \\
7.768 - \OBTAIN{\vec x}{a}{\vec \phi}~~\langle proof\rangle \equiv {} \\[1ex]
7.769 - \quad \HAVE{}{\All{thesis} (\All{\vec x} \vec\phi \Imp thesis) \Imp thesis} \\
7.770 - \quad \PROOF{succeed} \\
7.771 - \qquad \FIX{thesis} \\
7.772 - \qquad \ASSUME{that~[intro?]}{\All{\vec x} \vec\phi \Imp thesis} \\
7.773 - \qquad \THUS{}{thesis} \\
7.774 - \quad\qquad \APPLY{-} \\
7.775 - \quad\qquad \USING{\vec b}~~\langle proof\rangle \\
7.776 - \quad \QED{} \\
7.777 - \quad \FIX{\vec x}~\ASSUMENAME^\ast~a\colon~\vec\phi \\
7.778 -\end{matharray}
7.779 -
7.780 -Typically, the soundness proof is relatively straight-forward, often just by
7.781 -canonical automated tools such as ``$\BY{simp}$'' or ``$\BY{blast}$''.
7.782 -Accordingly, the ``$that$'' reduction above is declared as simplification and
7.783 -introduction rule.
7.784 -
7.785 -In a sense, $\OBTAINNAME$ represents at the level of Isar proofs what would be
7.786 -meta-logical existential quantifiers and conjunctions. This concept has a
7.787 -broad range of useful applications, ranging from plain elimination (or
7.788 -introduction) of object-level existential and conjunctions, to elimination
7.789 -over results of symbolic evaluation of recursive definitions, for example.
7.790 -Also note that $\OBTAINNAME$ without parameters acts much like $\HAVENAME$,
7.791 -where the result is treated as a genuine assumption.
7.792 -
7.793 -An alternative name to be used instead of ``$that$'' above may be
7.794 -given in parentheses.
7.795 -
7.796 -\medskip
7.797 -
7.798 -The improper variant $\isarkeyword{guess}$ is similar to $\OBTAINNAME$, but
7.799 -derives the obtained statement from the course of reasoning! The proof starts
7.800 -with a fixed goal $thesis$. The subsequent proof may refine this to anything
7.801 -of the form like $\All{\vec x} \vec\phi \Imp thesis$, but must not introduce
7.802 -new subgoals. The final goal state is then used as reduction rule for the
7.803 -obtain scheme described above. Obtained parameters $\vec x$ are marked as
7.804 -internal by default, which prevents the proof context from being polluted by
7.805 -ad-hoc variables. The variable names and type constraints given as arguments
7.806 -for $\isarkeyword{guess}$ specify a prefix of obtained parameters explicitly
7.807 -in the text.
7.808 -
7.809 -It is important to note that the facts introduced by $\OBTAINNAME$ and
7.810 -$\isarkeyword{guess}$ may not be polymorphic: any type-variables occurring
7.811 -here are fixed in the present context!
7.812 -
7.813 -
7.814 -\subsection{Calculational reasoning}\label{sec:calculation}
7.815 -
7.816 -\indexisarcmd{also}\indexisarcmd{finally}
7.817 -\indexisarcmd{moreover}\indexisarcmd{ultimately}
7.818 -\indexisarcmd{print-trans-rules}
7.819 -\indexisaratt{trans}\indexisaratt{sym}\indexisaratt{symmetric}
7.820 -\begin{matharray}{rcl}
7.821 - \isarcmd{also} & : & \isartrans{proof(state)}{proof(state)} \\
7.822 - \isarcmd{finally} & : & \isartrans{proof(state)}{proof(chain)} \\
7.823 - \isarcmd{moreover} & : & \isartrans{proof(state)}{proof(state)} \\
7.824 - \isarcmd{ultimately} & : & \isartrans{proof(state)}{proof(chain)} \\
7.825 - \isarcmd{print_trans_rules}^* & : & \isarkeep{theory~|~proof} \\
7.826 - trans & : & \isaratt \\
7.827 - sym & : & \isaratt \\
7.828 - symmetric & : & \isaratt \\
7.829 -\end{matharray}
7.830 -
7.831 -Calculational proof is forward reasoning with implicit application of
7.832 -transitivity rules (such those of $=$, $\leq$, $<$). Isabelle/Isar maintains
7.833 -an auxiliary register $calculation$\indexisarthm{calculation} for accumulating
7.834 -results obtained by transitivity composed with the current result. Command
7.835 -$\ALSO$ updates $calculation$ involving $this$, while $\FINALLY$ exhibits the
7.836 -final $calculation$ by forward chaining towards the next goal statement. Both
7.837 -commands require valid current facts, i.e.\ may occur only after commands that
7.838 -produce theorems such as $\ASSUMENAME$, $\NOTENAME$, or some finished proof of
7.839 -$\HAVENAME$, $\SHOWNAME$ etc. The $\MOREOVER$ and $\ULTIMATELY$ commands are
7.840 -similar to $\ALSO$ and $\FINALLY$, but only collect further results in
7.841 -$calculation$ without applying any rules yet.
7.842 -
7.843 -Also note that the implicit term abbreviation ``$\dots$'' has its canonical
7.844 -application with calculational proofs. It refers to the argument of the
7.845 -preceding statement. (The argument of a curried infix expression happens to be
7.846 -its right-hand side.)
7.847 -
7.848 -Isabelle/Isar calculations are implicitly subject to block structure in the
7.849 -sense that new threads of calculational reasoning are commenced for any new
7.850 -block (as opened by a local goal, for example). This means that, apart from
7.851 -being able to nest calculations, there is no separate \emph{begin-calculation}
7.852 -command required.
7.853 -
7.854 -\medskip
7.855 -
7.856 -The Isar calculation proof commands may be defined as follows:\footnote{We
7.857 - suppress internal bookkeeping such as proper handling of block-structure.}
7.858 -\begin{matharray}{rcl}
7.859 - \ALSO@0 & \equiv & \NOTE{calculation}{this} \\
7.860 - \ALSO@{n+1} & \equiv & \NOTE{calculation}{trans~[OF~calculation~this]} \\[0.5ex]
7.861 - \FINALLY & \equiv & \ALSO~\FROM{calculation} \\
7.862 - \MOREOVER & \equiv & \NOTE{calculation}{calculation~this} \\
7.863 - \ULTIMATELY & \equiv & \MOREOVER~\FROM{calculation} \\
7.864 -\end{matharray}
7.865 -
7.866 -\begin{rail}
7.867 - ('also' | 'finally') ('(' thmrefs ')')?
7.868 - ;
7.869 - 'trans' (() | 'add' | 'del')
7.870 - ;
7.871 -\end{rail}
7.872 -
7.873 -\begin{descr}
7.874 -
7.875 -\item [$\ALSO~(\vec a)$] maintains the auxiliary $calculation$ register as
7.876 - follows. The first occurrence of $\ALSO$ in some calculational thread
7.877 - initializes $calculation$ by $this$. Any subsequent $\ALSO$ on the same
7.878 - level of block-structure updates $calculation$ by some transitivity rule
7.879 - applied to $calculation$ and $this$ (in that order). Transitivity rules are
7.880 - picked from the current context, unless alternative rules are given as
7.881 - explicit arguments.
7.882 -
7.883 -\item [$\FINALLY~(\vec a)$] maintaining $calculation$ in the same way as
7.884 - $\ALSO$, and concludes the current calculational thread. The final result
7.885 - is exhibited as fact for forward chaining towards the next goal. Basically,
7.886 - $\FINALLY$ just abbreviates $\ALSO~\FROM{calculation}$. Note that
7.887 - ``$\FINALLY~\SHOW{}{\Var{thesis}}~\DOT$'' and
7.888 - ``$\FINALLY~\HAVE{}{\phi}~\DOT$'' are typical idioms for concluding
7.889 - calculational proofs.
7.890 -
7.891 -\item [$\MOREOVER$ and $\ULTIMATELY$] are analogous to $\ALSO$ and $\FINALLY$,
7.892 - but collect results only, without applying rules.
7.893 -
7.894 -\item [$\isarkeyword{print_trans_rules}$] prints the list of transitivity
7.895 - rules (for calculational commands $\ALSO$ and $\FINALLY$) and symmetry rules
7.896 - (for the $symmetric$ operation and single step elimination patters) of the
7.897 - current context.
7.898 -
7.899 -\item [$trans$] declares theorems as transitivity rules.
7.900 -
7.901 -\item [$sym$] declares symmetry rules.
7.902 -
7.903 -\item [$symmetric$] resolves a theorem with some rule declared as $sym$ in the
7.904 - current context. For example, ``$\ASSUME{[symmetric]}{x = y}$'' produces a
7.905 - swapped fact derived from that assumption.
7.906 -
7.907 - In structured proof texts it is often more appropriate to use an explicit
7.908 - single-step elimination proof, such as ``$\ASSUME{}{x = y}~\HENCE{}{y =
7.909 - x}~\DDOT$''. The very same rules known to $symmetric$ are declared as
7.910 - $elim?$ as well.
7.911 -
7.912 -\end{descr}
7.913 -
7.914 -
7.915 -\section{Proof tools}
7.916 -
7.917 -\subsection{Miscellaneous methods and attributes}\label{sec:misc-meth-att}
7.918 -
7.919 -\indexisarmeth{unfold}\indexisarmeth{fold}\indexisarmeth{insert}
7.920 -\indexisarmeth{erule}\indexisarmeth{drule}\indexisarmeth{frule}
7.921 -\indexisarmeth{fail}\indexisarmeth{succeed}
7.922 -\begin{matharray}{rcl}
7.923 - unfold & : & \isarmeth \\
7.924 - fold & : & \isarmeth \\
7.925 - insert & : & \isarmeth \\[0.5ex]
7.926 - erule^* & : & \isarmeth \\
7.927 - drule^* & : & \isarmeth \\
7.928 - frule^* & : & \isarmeth \\
7.929 - succeed & : & \isarmeth \\
7.930 - fail & : & \isarmeth \\
7.931 -\end{matharray}
7.932 -
7.933 -\begin{rail}
7.934 - ('fold' | 'unfold' | 'insert') thmrefs
7.935 - ;
7.936 - ('erule' | 'drule' | 'frule') ('('nat')')? thmrefs
7.937 - ;
7.938 -\end{rail}
7.939 -
7.940 -\begin{descr}
7.941 -
7.942 -\item [$unfold~\vec a$ and $fold~\vec a$] expand (or fold back again)
7.943 - the given definitions throughout all goals; any chained facts
7.944 - provided are inserted into the goal and subject to rewriting as
7.945 - well.
7.946 -
7.947 -\item [$insert~\vec a$] inserts theorems as facts into all goals of the proof
7.948 - state. Note that current facts indicated for forward chaining are ignored.
7.949 -
7.950 -\item [$erule~\vec a$, $drule~\vec a$, and $frule~\vec a$] are similar to the
7.951 - basic $rule$ method (see \S\ref{sec:pure-meth-att}), but apply rules by
7.952 - elim-resolution, destruct-resolution, and forward-resolution, respectively
7.953 - \cite{isabelle-ref}. The optional natural number argument (default $0$)
7.954 - specifies additional assumption steps to be performed here.
7.955 -
7.956 - Note that these methods are improper ones, mainly serving for
7.957 - experimentation and tactic script emulation. Different modes of basic rule
7.958 - application are usually expressed in Isar at the proof language level,
7.959 - rather than via implicit proof state manipulations. For example, a proper
7.960 - single-step elimination would be done using the plain $rule$ method, with
7.961 - forward chaining of current facts.
7.962 -
7.963 -\item [$succeed$] yields a single (unchanged) result; it is the identity of
7.964 - the ``\texttt{,}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
7.965 -
7.966 -\item [$fail$] yields an empty result sequence; it is the identity of the
7.967 - ``\texttt{|}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
7.968 -
7.969 -\end{descr}
7.970 -
7.971 -\indexisaratt{tagged}\indexisaratt{untagged}
7.972 -\indexisaratt{THEN}\indexisaratt{COMP}
7.973 -\indexisaratt{unfolded}\indexisaratt{folded}
7.974 -\indexisaratt{standard}\indexisarattof{Pure}{elim-format}
7.975 -\indexisaratt{no-vars}
7.976 -\begin{matharray}{rcl}
7.977 - tagged & : & \isaratt \\
7.978 - untagged & : & \isaratt \\[0.5ex]
7.979 - THEN & : & \isaratt \\
7.980 - COMP & : & \isaratt \\[0.5ex]
7.981 - unfolded & : & \isaratt \\
7.982 - folded & : & \isaratt \\[0.5ex]
7.983 - rotated & : & \isaratt \\
7.984 - elim_format & : & \isaratt \\
7.985 - standard^* & : & \isaratt \\
7.986 - no_vars^* & : & \isaratt \\
7.987 -\end{matharray}
7.988 -
7.989 -\begin{rail}
7.990 - 'tagged' nameref
7.991 - ;
7.992 - 'untagged' name
7.993 - ;
7.994 - ('THEN' | 'COMP') ('[' nat ']')? thmref
7.995 - ;
7.996 - ('unfolded' | 'folded') thmrefs
7.997 - ;
7.998 - 'rotated' ( int )?
7.999 -\end{rail}
7.1000 -
7.1001 -\begin{descr}
7.1002 -
7.1003 -\item [$tagged~name~arg$ and $untagged~name$] add and remove $tags$ of some
7.1004 - theorem. Tags may be any list of strings that serve as comment for some
7.1005 - tools (e.g.\ $\LEMMANAME$ causes the tag ``$lemma$'' to be added to the
7.1006 - result). The first string is considered the tag name, the second its
7.1007 - argument. Note that $untagged$ removes any tags of the same name.
7.1008 -
7.1009 -\item [$THEN~a$ and $COMP~a$] compose rules by resolution. $THEN$ resolves
7.1010 - with the first premise of $a$ (an alternative position may be also
7.1011 - specified); the $COMP$ version skips the automatic lifting process that is
7.1012 - normally intended (cf.\ \texttt{RS} and \texttt{COMP} in
7.1013 - \cite[\S5]{isabelle-ref}).
7.1014 -
7.1015 -\item [$unfolded~\vec a$ and $folded~\vec a$] expand and fold back
7.1016 - again the given definitions throughout a rule.
7.1017 -
7.1018 -\item [$rotated~n$] rotate the premises of a theorem by $n$ (default 1).
7.1019 -
7.1020 -\item [$elim_format$] turns a destruction rule into elimination rule format,
7.1021 - by resolving with the rule $\PROP A \Imp (\PROP A \Imp \PROP B) \Imp \PROP
7.1022 - B$.
7.1023 -
7.1024 - Note that the Classical Reasoner (\S\ref{sec:classical}) provides its own
7.1025 - version of this operation.
7.1026 -
7.1027 -\item [$standard$] puts a theorem into the standard form of object-rules at
7.1028 - the outermost theory level. Note that this operation violates the local
7.1029 - proof context (including active locales).
7.1030 -
7.1031 -\item [$no_vars$] replaces schematic variables by free ones; this is mainly
7.1032 - for tuning output of pretty printed theorems.
7.1033 -
7.1034 -\end{descr}
7.1035 -
7.1036 -
7.1037 -\subsection{Further tactic emulations}\label{sec:tactics}
7.1038 -
7.1039 -The following improper proof methods emulate traditional tactics. These admit
7.1040 -direct access to the goal state, which is normally considered harmful! In
7.1041 -particular, this may involve both numbered goal addressing (default 1), and
7.1042 -dynamic instantiation within the scope of some subgoal.
7.1043 -
7.1044 -\begin{warn}
7.1045 - Dynamic instantiations refer to universally quantified parameters of
7.1046 - a subgoal (the dynamic context) rather than fixed variables and term
7.1047 - abbreviations of a (static) Isar context.
7.1048 -\end{warn}
7.1049 -
7.1050 -Tactic emulation methods, unlike their ML counterparts, admit
7.1051 -simultaneous instantiation from both dynamic and static contexts. If
7.1052 -names occur in both contexts goal parameters hide locally fixed
7.1053 -variables. Likewise, schematic variables refer to term abbreviations,
7.1054 -if present in the static context. Otherwise the schematic variable is
7.1055 -interpreted as a schematic variable and left to be solved by unification
7.1056 -with certain parts of the subgoal.
7.1057 -
7.1058 -Note that the tactic emulation proof methods in Isabelle/Isar are consistently
7.1059 -named $foo_tac$. Note also that variable names occurring on left hand sides
7.1060 -of instantiations must be preceded by a question mark if they coincide with
7.1061 -a keyword or contain dots.
7.1062 -This is consistent with the attribute $where$ (see \S\ref{sec:pure-meth-att}).
7.1063 -
7.1064 -\indexisarmeth{rule-tac}\indexisarmeth{erule-tac}
7.1065 -\indexisarmeth{drule-tac}\indexisarmeth{frule-tac}
7.1066 -\indexisarmeth{cut-tac}\indexisarmeth{thin-tac}
7.1067 -\indexisarmeth{subgoal-tac}\indexisarmeth{rename-tac}
7.1068 -\indexisarmeth{rotate-tac}\indexisarmeth{tactic}
7.1069 -\begin{matharray}{rcl}
7.1070 - rule_tac^* & : & \isarmeth \\
7.1071 - erule_tac^* & : & \isarmeth \\
7.1072 - drule_tac^* & : & \isarmeth \\
7.1073 - frule_tac^* & : & \isarmeth \\
7.1074 - cut_tac^* & : & \isarmeth \\
7.1075 - thin_tac^* & : & \isarmeth \\
7.1076 - subgoal_tac^* & : & \isarmeth \\
7.1077 - rename_tac^* & : & \isarmeth \\
7.1078 - rotate_tac^* & : & \isarmeth \\
7.1079 - tactic^* & : & \isarmeth \\
7.1080 -\end{matharray}
7.1081 -
7.1082 -\railalias{ruletac}{rule\_tac}
7.1083 -\railterm{ruletac}
7.1084 -
7.1085 -\railalias{eruletac}{erule\_tac}
7.1086 -\railterm{eruletac}
7.1087 -
7.1088 -\railalias{druletac}{drule\_tac}
7.1089 -\railterm{druletac}
7.1090 -
7.1091 -\railalias{fruletac}{frule\_tac}
7.1092 -\railterm{fruletac}
7.1093 -
7.1094 -\railalias{cuttac}{cut\_tac}
7.1095 -\railterm{cuttac}
7.1096 -
7.1097 -\railalias{thintac}{thin\_tac}
7.1098 -\railterm{thintac}
7.1099 -
7.1100 -\railalias{subgoaltac}{subgoal\_tac}
7.1101 -\railterm{subgoaltac}
7.1102 -
7.1103 -\railalias{renametac}{rename\_tac}
7.1104 -\railterm{renametac}
7.1105 -
7.1106 -\railalias{rotatetac}{rotate\_tac}
7.1107 -\railterm{rotatetac}
7.1108 -
7.1109 -\begin{rail}
7.1110 - ( ruletac | eruletac | druletac | fruletac | cuttac | thintac ) goalspec?
7.1111 - ( insts thmref | thmrefs )
7.1112 - ;
7.1113 - subgoaltac goalspec? (prop +)
7.1114 - ;
7.1115 - renametac goalspec? (name +)
7.1116 - ;
7.1117 - rotatetac goalspec? int?
7.1118 - ;
7.1119 - 'tactic' text
7.1120 - ;
7.1121 -
7.1122 - insts: ((name '=' term) + 'and') 'in'
7.1123 - ;
7.1124 -\end{rail}
7.1125 -
7.1126 -\begin{descr}
7.1127 -
7.1128 -\item [$rule_tac$ etc.] do resolution of rules with explicit instantiation.
7.1129 - This works the same way as the ML tactics \texttt{res_inst_tac} etc. (see
7.1130 - \cite[\S3]{isabelle-ref}).
7.1131 -
7.1132 - Multiple rules may be only given if there is no instantiation; then
7.1133 - $rule_tac$ is the same as \texttt{resolve_tac} in ML (see
7.1134 - \cite[\S3]{isabelle-ref}).
7.1135 -
7.1136 -\item [$cut_tac$] inserts facts into the proof state as assumption of a
7.1137 - subgoal, see also \texttt{cut_facts_tac} in \cite[\S3]{isabelle-ref}. Note
7.1138 - that the scope of schematic variables is spread over the main goal
7.1139 - statement. Instantiations may be given as well, see also ML tactic
7.1140 - \texttt{cut_inst_tac} in \cite[\S3]{isabelle-ref}.
7.1141 -
7.1142 -\item [$thin_tac~\phi$] deletes the specified assumption from a subgoal; note
7.1143 - that $\phi$ may contain schematic variables. See also \texttt{thin_tac} in
7.1144 - \cite[\S3]{isabelle-ref}.
7.1145 -
7.1146 -\item [$subgoal_tac~\phi$] adds $\phi$ as an assumption to a subgoal. See
7.1147 - also \texttt{subgoal_tac} and \texttt{subgoals_tac} in
7.1148 - \cite[\S3]{isabelle-ref}.
7.1149 -
7.1150 -\item [$rename_tac~\vec x$] renames parameters of a goal according to the list
7.1151 - $\vec x$, which refers to the \emph{suffix} of variables.
7.1152 -
7.1153 -\item [$rotate_tac~n$] rotates the assumptions of a goal by $n$ positions:
7.1154 - from right to left if $n$ is positive, and from left to right if $n$ is
7.1155 - negative; the default value is $1$. See also \texttt{rotate_tac} in
7.1156 - \cite[\S3]{isabelle-ref}.
7.1157 -
7.1158 -\item [$tactic~text$] produces a proof method from any ML text of type
7.1159 - \texttt{tactic}. Apart from the usual ML environment and the current
7.1160 - implicit theory context, the ML code may refer to the following locally
7.1161 - bound values:
7.1162 -
7.1163 -{\footnotesize\begin{verbatim}
7.1164 -val ctxt : Proof.context
7.1165 -val facts : thm list
7.1166 -val thm : string -> thm
7.1167 -val thms : string -> thm list
7.1168 -\end{verbatim}}
7.1169 - Here \texttt{ctxt} refers to the current proof context, \texttt{facts}
7.1170 - indicates any current facts for forward-chaining, and
7.1171 - \texttt{thm}~/~\texttt{thms} retrieve named facts (including global
7.1172 - theorems) from the context.
7.1173 -\end{descr}
7.1174 -
7.1175 -
7.1176 -\subsection{The Simplifier}\label{sec:simplifier}
7.1177 -
7.1178 -\subsubsection{Simplification methods}
7.1179 -
7.1180 -\indexisarmeth{simp}\indexisarmeth{simp-all}
7.1181 -\begin{matharray}{rcl}
7.1182 - simp & : & \isarmeth \\
7.1183 - simp_all & : & \isarmeth \\
7.1184 -\end{matharray}
7.1185 -
7.1186 -\indexouternonterm{simpmod}
7.1187 -\begin{rail}
7.1188 - ('simp' | 'simp\_all') ('!' ?) opt? (simpmod *)
7.1189 - ;
7.1190 -
7.1191 - opt: '(' ('no\_asm' | 'no\_asm\_simp' | 'no\_asm\_use' | 'asm\_lr' | 'depth\_limit' ':' nat) ')'
7.1192 - ;
7.1193 - simpmod: ('add' | 'del' | 'only' | 'cong' (() | 'add' | 'del') |
7.1194 - 'split' (() | 'add' | 'del')) ':' thmrefs
7.1195 - ;
7.1196 -\end{rail}
7.1197 -
7.1198 -\begin{descr}
7.1199 -
7.1200 -\item [$simp$] invokes Isabelle's simplifier, after declaring additional rules
7.1201 - according to the arguments given. Note that the \railtterm{only} modifier
7.1202 - first removes all other rewrite rules, congruences, and looper tactics
7.1203 - (including splits), and then behaves like \railtterm{add}.
7.1204 -
7.1205 - \medskip The \railtterm{cong} modifiers add or delete Simplifier congruence
7.1206 - rules (see also \cite{isabelle-ref}), the default is to add.
7.1207 -
7.1208 - \medskip The \railtterm{split} modifiers add or delete rules for the
7.1209 - Splitter (see also \cite{isabelle-ref}), the default is to add. This works
7.1210 - only if the Simplifier method has been properly setup to include the
7.1211 - Splitter (all major object logics such HOL, HOLCF, FOL, ZF do this already).
7.1212 -
7.1213 -\item [$simp_all$] is similar to $simp$, but acts on all goals (backwards from
7.1214 - the last to the first one).
7.1215 -
7.1216 -\end{descr}
7.1217 -
7.1218 -By default the Simplifier methods take local assumptions fully into account,
7.1219 -using equational assumptions in the subsequent normalization process, or
7.1220 -simplifying assumptions themselves (cf.\ \texttt{asm_full_simp_tac} in
7.1221 -\cite[\S10]{isabelle-ref}). In structured proofs this is usually quite well
7.1222 -behaved in practice: just the local premises of the actual goal are involved,
7.1223 -additional facts may be inserted via explicit forward-chaining (using $\THEN$,
7.1224 -$\FROMNAME$ etc.). The full context of assumptions is only included if the
7.1225 -``$!$'' (bang) argument is given, which should be used with some care, though.
7.1226 -
7.1227 -Additional Simplifier options may be specified to tune the behavior further
7.1228 -(mostly for unstructured scripts with many accidental local facts):
7.1229 -``$(no_asm)$'' means assumptions are ignored completely (cf.\
7.1230 -\texttt{simp_tac}), ``$(no_asm_simp)$'' means assumptions are used in the
7.1231 -simplification of the conclusion but are not themselves simplified (cf.\
7.1232 -\texttt{asm_simp_tac}), and ``$(no_asm_use)$'' means assumptions are
7.1233 -simplified but are not used in the simplification of each other or the
7.1234 -conclusion (cf.\ \texttt{full_simp_tac}). For compatibility reasons, there is
7.1235 -also an option ``$(asm_lr)$'', which means that an assumption is only used for
7.1236 -simplifying assumptions which are to the right of it (cf.\
7.1237 -\texttt{asm_lr_simp_tac}). Giving an option ``$(depth_limit: n)$'' limits the
7.1238 -number of recursive invocations of the simplifier during conditional
7.1239 -rewriting.
7.1240 -
7.1241 -\medskip
7.1242 -
7.1243 -The Splitter package is usually configured to work as part of the Simplifier.
7.1244 -The effect of repeatedly applying \texttt{split_tac} can be simulated by
7.1245 -``$(simp~only\colon~split\colon~\vec a)$''. There is also a separate $split$
7.1246 -method available for single-step case splitting.
7.1247 -
7.1248 -
7.1249 -\subsubsection{Declaring rules}
7.1250 -
7.1251 -\indexisarcmd{print-simpset}
7.1252 -\indexisaratt{simp}\indexisaratt{split}\indexisaratt{cong}
7.1253 -\begin{matharray}{rcl}
7.1254 - \isarcmd{print_simpset}^* & : & \isarkeep{theory~|~proof} \\
7.1255 - simp & : & \isaratt \\
7.1256 - cong & : & \isaratt \\
7.1257 - split & : & \isaratt \\
7.1258 -\end{matharray}
7.1259 -
7.1260 -\begin{rail}
7.1261 - ('simp' | 'cong' | 'split') (() | 'add' | 'del')
7.1262 - ;
7.1263 -\end{rail}
7.1264 -
7.1265 -\begin{descr}
7.1266 -
7.1267 -\item [$\isarcmd{print_simpset}$] prints the collection of rules declared to
7.1268 - the Simplifier, which is also known as ``simpset'' internally
7.1269 - \cite{isabelle-ref}. This is a diagnostic command; $undo$ does not apply.
7.1270 -
7.1271 -\item [$simp$] declares simplification rules.
7.1272 -
7.1273 -\item [$cong$] declares congruence rules.
7.1274 -
7.1275 -\item [$split$] declares case split rules.
7.1276 -
7.1277 -\end{descr}
7.1278 -
7.1279 -
7.1280 -\subsubsection{Simplification procedures}
7.1281 -
7.1282 -\indexisarcmd{simproc-setup}
7.1283 -\indexisaratt{simproc}
7.1284 -\begin{matharray}{rcl}
7.1285 - \isarcmd{simproc_setup} & : & \isarkeep{local{\dsh}theory} \\
7.1286 - simproc & : & \isaratt \\
7.1287 -\end{matharray}
7.1288 -
7.1289 -\begin{rail}
7.1290 - 'simproc\_setup' name '(' (term + '|') ')' '=' text \\ ('identifier' (nameref+))?
7.1291 - ;
7.1292 -
7.1293 - 'simproc' (('add' ':')? | 'del' ':') (name+)
7.1294 - ;
7.1295 -\end{rail}
7.1296 -
7.1297 -\begin{descr}
7.1298 -
7.1299 -\item [$\isarcmd{simproc_setup}$] defines a named simplification
7.1300 - procedure that is invoked by the Simplifier whenever any of the
7.1301 - given term patterns match the current redex. The implementation,
7.1302 - which is provided as ML source text, needs to be of type
7.1303 - \verb,morphism -> simpset -> cterm -> thm option,, where the
7.1304 - \verb,cterm, represents the current redex $r$ and the result is
7.1305 - supposed to be some proven rewrite rule $r \equiv r'$ (or a
7.1306 - generalized version), or \verb,NONE, to indicate failure. The
7.1307 - \verb,simpset, argument holds the full context of the current
7.1308 - Simplifier invocation, including the actual Isar proof context. The
7.1309 - \verb,morphism, informs about the difference of the original
7.1310 - compilation context wrt.\ the one of the actual application later
7.1311 - on. The optional $\isarkeyword{identifier}$ specifies theorems that
7.1312 - represent the logical content of the abstract theory of this
7.1313 - simproc.
7.1314 -
7.1315 - Morphisms and identifiers are only relevant for simprocs that are
7.1316 - defined within a local target context, e.g.\ in a locale.
7.1317 -
7.1318 -\item [$simproc\;add\colon\;name$ and $simproc\;del\colon\;name$] add
7.1319 - or delete named simprocs to the current Simplifier context. The
7.1320 - default is to add a simproc. Note that $\isarcmd{simproc_setup}$
7.1321 - already adds the new simproc to the subsequent context.
7.1322 -
7.1323 -\end{descr}
7.1324 -
7.1325 -\subsubsection{Forward simplification}
7.1326 -
7.1327 -\indexisaratt{simplified}
7.1328 -\begin{matharray}{rcl}
7.1329 - simplified & : & \isaratt \\
7.1330 -\end{matharray}
7.1331 -
7.1332 -\begin{rail}
7.1333 - 'simplified' opt? thmrefs?
7.1334 - ;
7.1335 -
7.1336 - opt: '(' (noasm | noasmsimp | noasmuse) ')'
7.1337 - ;
7.1338 -\end{rail}
7.1339 -
7.1340 -\begin{descr}
7.1341 -
7.1342 -\item [$simplified~\vec a$] causes a theorem to be simplified, either by
7.1343 - exactly the specified rules $\vec a$, or the implicit Simplifier context if
7.1344 - no arguments are given. The result is fully simplified by default,
7.1345 - including assumptions and conclusion; the options $no_asm$ etc.\ tune the
7.1346 - Simplifier in the same way as the for the $simp$ method.
7.1347 -
7.1348 - Note that forward simplification restricts the simplifier to its most basic
7.1349 - operation of term rewriting; solver and looper tactics \cite{isabelle-ref}
7.1350 - are \emph{not} involved here. The $simplified$ attribute should be only
7.1351 - rarely required under normal circumstances.
7.1352 -
7.1353 -\end{descr}
7.1354 -
7.1355 -
7.1356 -\subsubsection{Low-level equational reasoning}
7.1357 -
7.1358 -\indexisarmeth{subst}\indexisarmeth{hypsubst}\indexisarmeth{split}
7.1359 -\begin{matharray}{rcl}
7.1360 - subst^* & : & \isarmeth \\
7.1361 - hypsubst^* & : & \isarmeth \\
7.1362 - split^* & : & \isarmeth \\
7.1363 -\end{matharray}
7.1364 -
7.1365 -\begin{rail}
7.1366 - 'subst' ('(' 'asm' ')')? ('(' (nat+) ')')? thmref
7.1367 - ;
7.1368 - 'split' ('(' 'asm' ')')? thmrefs
7.1369 - ;
7.1370 -\end{rail}
7.1371 -
7.1372 -These methods provide low-level facilities for equational reasoning that are
7.1373 -intended for specialized applications only. Normally, single step
7.1374 -calculations would be performed in a structured text (see also
7.1375 -\S\ref{sec:calculation}), while the Simplifier methods provide the canonical
7.1376 -way for automated normalization (see \S\ref{sec:simplifier}).
7.1377 -
7.1378 -\begin{descr}
7.1379 -
7.1380 -\item [$subst~eq$] performs a single substitution step using rule $eq$, which
7.1381 - may be either a meta or object equality.
7.1382 -
7.1383 -\item [$subst~(asm)~eq$] substitutes in an assumption.
7.1384 -
7.1385 -\item [$subst~(i \dots j)~eq$] performs several substitutions in the
7.1386 -conclusion. The numbers $i$ to $j$ indicate the positions to substitute at.
7.1387 -Positions are ordered from the top of the term tree moving down from left to
7.1388 -right. For example, in $(a+b)+(c+d)$ there are three positions where
7.1389 -commutativity of $+$ is applicable: 1 refers to the whole term, 2 to $a+b$
7.1390 -and 3 to $c+d$. If the positions in the list $(i \dots j)$ are
7.1391 -non-overlapping (e.g. $(2~3)$ in $(a+b)+(c+d)$) you may assume all
7.1392 -substitutions are performed simultaneously. Otherwise the behaviour of
7.1393 -$subst$ is not specified.
7.1394 -
7.1395 -\item [$subst~(asm)~(i \dots j)~eq$] performs the substitutions in the
7.1396 -assumptions. Positions $1 \dots i@1$ refer
7.1397 -to assumption 1, positions $i@1+1 \dots i@2$ to assumption 2, and so on.
7.1398 -
7.1399 -\item [$hypsubst$] performs substitution using some assumption; this only
7.1400 - works for equations of the form $x = t$ where $x$ is a free or bound
7.1401 - variable.
7.1402 -
7.1403 -\item [$split~\vec a$] performs single-step case splitting using rules $thms$.
7.1404 - By default, splitting is performed in the conclusion of a goal; the $asm$
7.1405 - option indicates to operate on assumptions instead.
7.1406 -
7.1407 - Note that the $simp$ method already involves repeated application of split
7.1408 - rules as declared in the current context.
7.1409 -\end{descr}
7.1410 -
7.1411 -
7.1412 -\subsection{The Classical Reasoner}\label{sec:classical}
7.1413 -
7.1414 -\subsubsection{Basic methods}
7.1415 -
7.1416 -\indexisarmeth{rule}\indexisarmeth{default}\indexisarmeth{contradiction}
7.1417 -\indexisarmeth{intro}\indexisarmeth{elim}
7.1418 -\begin{matharray}{rcl}
7.1419 - rule & : & \isarmeth \\
7.1420 - contradiction & : & \isarmeth \\
7.1421 - intro & : & \isarmeth \\
7.1422 - elim & : & \isarmeth \\
7.1423 -\end{matharray}
7.1424 -
7.1425 -\begin{rail}
7.1426 - ('rule' | 'intro' | 'elim') thmrefs?
7.1427 - ;
7.1428 -\end{rail}
7.1429 -
7.1430 -\begin{descr}
7.1431 -
7.1432 -\item [$rule$] as offered by the classical reasoner is a refinement over the
7.1433 - primitive one (see \S\ref{sec:pure-meth-att}). Both versions essentially
7.1434 - work the same, but the classical version observes the classical rule context
7.1435 - in addition to that of Isabelle/Pure.
7.1436 -
7.1437 - Common object logics (HOL, ZF, etc.) declare a rich collection of classical
7.1438 - rules (even if these would qualify as intuitionistic ones), but only few
7.1439 - declarations to the rule context of Isabelle/Pure
7.1440 - (\S\ref{sec:pure-meth-att}).
7.1441 -
7.1442 -\item [$contradiction$] solves some goal by contradiction, deriving any result
7.1443 - from both $\lnot A$ and $A$. Chained facts, which are guaranteed to
7.1444 - participate, may appear in either order.
7.1445 -
7.1446 -\item [$intro$ and $elim$] repeatedly refine some goal by intro- or
7.1447 - elim-resolution, after having inserted any chained facts. Exactly the rules
7.1448 - given as arguments are taken into account; this allows fine-tuned
7.1449 - decomposition of a proof problem, in contrast to common automated tools.
7.1450 -
7.1451 -\end{descr}
7.1452 -
7.1453 -
7.1454 -\subsubsection{Automated methods}
7.1455 -
7.1456 -\indexisarmeth{blast}\indexisarmeth{fast}\indexisarmeth{slow}
7.1457 -\indexisarmeth{best}\indexisarmeth{safe}\indexisarmeth{clarify}
7.1458 -\begin{matharray}{rcl}
7.1459 - blast & : & \isarmeth \\
7.1460 - fast & : & \isarmeth \\
7.1461 - slow & : & \isarmeth \\
7.1462 - best & : & \isarmeth \\
7.1463 - safe & : & \isarmeth \\
7.1464 - clarify & : & \isarmeth \\
7.1465 -\end{matharray}
7.1466 -
7.1467 -\indexouternonterm{clamod}
7.1468 -\begin{rail}
7.1469 - 'blast' ('!' ?) nat? (clamod *)
7.1470 - ;
7.1471 - ('fast' | 'slow' | 'best' | 'safe' | 'clarify') ('!' ?) (clamod *)
7.1472 - ;
7.1473 -
7.1474 - clamod: (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del') ':' thmrefs
7.1475 - ;
7.1476 -\end{rail}
7.1477 -
7.1478 -\begin{descr}
7.1479 -\item [$blast$] refers to the classical tableau prover (see \texttt{blast_tac}
7.1480 - in \cite[\S11]{isabelle-ref}). The optional argument specifies a
7.1481 - user-supplied search bound (default 20).
7.1482 -\item [$fast$, $slow$, $best$, $safe$, and $clarify$] refer to the generic
7.1483 - classical reasoner. See \texttt{fast_tac}, \texttt{slow_tac},
7.1484 - \texttt{best_tac}, \texttt{safe_tac}, and \texttt{clarify_tac} in
7.1485 - \cite[\S11]{isabelle-ref} for more information.
7.1486 -\end{descr}
7.1487 -
7.1488 -Any of the above methods support additional modifiers of the context of
7.1489 -classical rules. Their semantics is analogous to the attributes given before.
7.1490 -Facts provided by forward chaining are inserted into the goal before
7.1491 -commencing proof search. The ``!''~argument causes the full context of
7.1492 -assumptions to be included as well.
7.1493 -
7.1494 -
7.1495 -\subsubsection{Combined automated methods}\label{sec:clasimp}
7.1496 -
7.1497 -\indexisarmeth{auto}\indexisarmeth{force}\indexisarmeth{clarsimp}
7.1498 -\indexisarmeth{fastsimp}\indexisarmeth{slowsimp}\indexisarmeth{bestsimp}
7.1499 -\begin{matharray}{rcl}
7.1500 - auto & : & \isarmeth \\
7.1501 - force & : & \isarmeth \\
7.1502 - clarsimp & : & \isarmeth \\
7.1503 - fastsimp & : & \isarmeth \\
7.1504 - slowsimp & : & \isarmeth \\
7.1505 - bestsimp & : & \isarmeth \\
7.1506 -\end{matharray}
7.1507 -
7.1508 -\indexouternonterm{clasimpmod}
7.1509 -\begin{rail}
7.1510 - 'auto' '!'? (nat nat)? (clasimpmod *)
7.1511 - ;
7.1512 - ('force' | 'clarsimp' | 'fastsimp' | 'slowsimp' | 'bestsimp') '!'? (clasimpmod *)
7.1513 - ;
7.1514 -
7.1515 - clasimpmod: ('simp' (() | 'add' | 'del' | 'only') |
7.1516 - ('cong' | 'split') (() | 'add' | 'del') |
7.1517 - 'iff' (((() | 'add') '?'?) | 'del') |
7.1518 - (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del')) ':' thmrefs
7.1519 -\end{rail}
7.1520 -
7.1521 -\begin{descr}
7.1522 -\item [$auto$, $force$, $clarsimp$, $fastsimp$, $slowsimp$, and $bestsimp$]
7.1523 - provide access to Isabelle's combined simplification and classical reasoning
7.1524 - tactics. These correspond to \texttt{auto_tac}, \texttt{force_tac},
7.1525 - \texttt{clarsimp_tac}, and Classical Reasoner tactics with the Simplifier
7.1526 - added as wrapper, see \cite[\S11]{isabelle-ref} for more information. The
7.1527 - modifier arguments correspond to those given in \S\ref{sec:simplifier} and
7.1528 - \S\ref{sec:classical}. Just note that the ones related to the Simplifier
7.1529 - are prefixed by \railtterm{simp} here.
7.1530 -
7.1531 - Facts provided by forward chaining are inserted into the goal before doing
7.1532 - the search. The ``!''~argument causes the full context of assumptions to be
7.1533 - included as well.
7.1534 -\end{descr}
7.1535 -
7.1536 -
7.1537 -\subsubsection{Declaring rules}
7.1538 -
7.1539 -\indexisarcmd{print-claset}
7.1540 -\indexisaratt{intro}\indexisaratt{elim}\indexisaratt{dest}
7.1541 -\indexisaratt{iff}\indexisaratt{rule}
7.1542 -\begin{matharray}{rcl}
7.1543 - \isarcmd{print_claset}^* & : & \isarkeep{theory~|~proof} \\
7.1544 - intro & : & \isaratt \\
7.1545 - elim & : & \isaratt \\
7.1546 - dest & : & \isaratt \\
7.1547 - rule & : & \isaratt \\
7.1548 - iff & : & \isaratt \\
7.1549 -\end{matharray}
7.1550 -
7.1551 -\begin{rail}
7.1552 - ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
7.1553 - ;
7.1554 - 'rule' 'del'
7.1555 - ;
7.1556 - 'iff' (((() | 'add') '?'?) | 'del')
7.1557 - ;
7.1558 -\end{rail}
7.1559 -
7.1560 -\begin{descr}
7.1561 -
7.1562 -\item [$\isarcmd{print_claset}$] prints the collection of rules declared to
7.1563 - the Classical Reasoner, which is also known as ``claset'' internally
7.1564 - \cite{isabelle-ref}. This is a diagnostic command; $undo$ does not apply.
7.1565 -
7.1566 -\item [$intro$, $elim$, and $dest$] declare introduction, elimination, and
7.1567 - destruction rules, respectively. By default, rules are considered as
7.1568 - \emph{unsafe} (i.e.\ not applied blindly without backtracking), while a
7.1569 - single ``!'' classifies as \emph{safe}. Rule declarations marked by ``?''
7.1570 - coincide with those of Isabelle/Pure, cf.\ \S\ref{sec:pure-meth-att} (i.e.\
7.1571 - are only applied in single steps of the $rule$ method). The optional
7.1572 - natural number specifies an explicit weight argument, which is ignored by
7.1573 - automated tools, but determines the search order of single rule steps.
7.1574 -
7.1575 -\item [$rule~del$] deletes introduction, elimination, or destruction rules from
7.1576 - the context.
7.1577 -
7.1578 -\item [$iff$] declares logical equivalences to the Simplifier and the
7.1579 - Classical reasoner at the same time. Non-conditional rules result in a
7.1580 - ``safe'' introduction and elimination pair; conditional ones are considered
7.1581 - ``unsafe''. Rules with negative conclusion are automatically inverted
7.1582 - (using $\lnot$ elimination internally).
7.1583 -
7.1584 - The ``?'' version of $iff$ declares rules to the Isabelle/Pure context only,
7.1585 - and omits the Simplifier declaration.
7.1586 -
7.1587 -\end{descr}
7.1588 -
7.1589 -
7.1590 -\subsubsection{Classical operations}
7.1591 -
7.1592 -\indexisaratt{swapped}
7.1593 -
7.1594 -\begin{matharray}{rcl}
7.1595 - swapped & : & \isaratt \\
7.1596 -\end{matharray}
7.1597 -
7.1598 -\begin{descr}
7.1599 -
7.1600 -\item [$swapped$] turns an introduction rule into an elimination, by resolving
7.1601 - with the classical swap principle $(\lnot B \Imp A) \Imp (\lnot A \Imp B)$.
7.1602 -
7.1603 -\end{descr}
7.1604 -
7.1605 -
7.1606 -\subsection{Proof by cases and induction}\label{sec:cases-induct}
7.1607 -
7.1608 -\subsubsection{Rule contexts}
7.1609 -
7.1610 -\indexisarcmd{case}\indexisarcmd{print-cases}
7.1611 -\indexisaratt{case-names}\indexisaratt{case-conclusion}
7.1612 -\indexisaratt{params}\indexisaratt{consumes}
7.1613 -\begin{matharray}{rcl}
7.1614 - \isarcmd{case} & : & \isartrans{proof(state)}{proof(state)} \\
7.1615 - \isarcmd{print_cases}^* & : & \isarkeep{proof} \\
7.1616 - case_names & : & \isaratt \\
7.1617 - case_conclusion & : & \isaratt \\
7.1618 - params & : & \isaratt \\
7.1619 - consumes & : & \isaratt \\
7.1620 -\end{matharray}
7.1621 -
7.1622 -The puristic way to build up Isar proof contexts is by explicit language
7.1623 -elements like $\FIXNAME$, $\ASSUMENAME$, $\LET$ (see
7.1624 -\S\ref{sec:proof-context}). This is adequate for plain natural deduction, but
7.1625 -easily becomes unwieldy in concrete verification tasks, which typically
7.1626 -involve big induction rules with several cases.
7.1627 -
7.1628 -The $\CASENAME$ command provides a shorthand to refer to a local context
7.1629 -symbolically: certain proof methods provide an environment of named ``cases''
7.1630 -of the form $c\colon \vec x, \vec \phi$; the effect of ``$\CASE{c}$'' is then
7.1631 -equivalent to ``$\FIX{\vec x}~\ASSUME{c}{\vec\phi}$''. Term bindings may be
7.1632 -covered as well, notably $\Var{case}$ for the main conclusion.
7.1633 -
7.1634 -By default, the ``terminology'' $\vec x$ of a case value is marked as hidden,
7.1635 -i.e.\ there is no way to refer to such parameters in the subsequent proof
7.1636 -text. After all, original rule parameters stem from somewhere outside of the
7.1637 -current proof text. By using the explicit form ``$\CASE{(c~\vec y)}$''
7.1638 -instead, the proof author is able to chose local names that fit nicely into
7.1639 -the current context.
7.1640 -
7.1641 -\medskip
7.1642 -
7.1643 -It is important to note that proper use of $\CASENAME$ does not provide means
7.1644 -to peek at the current goal state, which is not directly observable in Isar!
7.1645 -Nonetheless, goal refinement commands do provide named cases $goal@i$ for each
7.1646 -subgoal $i = 1, \dots, n$ of the resulting goal state. Using this feature
7.1647 -requires great care, because some bits of the internal tactical machinery
7.1648 -intrude the proof text. In particular, parameter names stemming from the
7.1649 -left-over of automated reasoning tools are usually quite unpredictable.
7.1650 -
7.1651 -Under normal circumstances, the text of cases emerge from standard elimination
7.1652 -or induction rules, which in turn are derived from previous theory
7.1653 -specifications in a canonical way (say from $\isarkeyword{inductive}$
7.1654 -definitions).
7.1655 -
7.1656 -\medskip Proper cases are only available if both the proof method and the
7.1657 -rules involved support this. By using appropriate attributes, case names,
7.1658 -conclusions, and parameters may be also declared by hand. Thus variant
7.1659 -versions of rules that have been derived manually become ready to use in
7.1660 -advanced case analysis later.
7.1661 -
7.1662 -\begin{rail}
7.1663 - 'case' (caseref | '(' caseref ((name | underscore) +) ')')
7.1664 - ;
7.1665 - caseref: nameref attributes?
7.1666 - ;
7.1667 -
7.1668 - 'case\_names' (name +)
7.1669 - ;
7.1670 - 'case\_conclusion' name (name *)
7.1671 - ;
7.1672 - 'params' ((name *) + 'and')
7.1673 - ;
7.1674 - 'consumes' nat?
7.1675 - ;
7.1676 -\end{rail}
7.1677 -
7.1678 -\begin{descr}
7.1679 -
7.1680 -\item [$\CASE{(c~\vec x)}$] invokes a named local context $c\colon \vec x,
7.1681 - \vec \phi$, as provided by an appropriate proof method (such as $cases$ and
7.1682 - $induct$). The command ``$\CASE{(c~\vec x)}$'' abbreviates ``$\FIX{\vec
7.1683 - x}~\ASSUME{c}{\vec\phi}$''.
7.1684 -
7.1685 -\item [$\isarkeyword{print_cases}$] prints all local contexts of the current
7.1686 - state, using Isar proof language notation. This is a diagnostic command;
7.1687 - $undo$ does not apply.
7.1688 -
7.1689 -\item [$case_names~\vec c$] declares names for the local contexts of premises
7.1690 - of a theorem; $\vec c$ refers to the \emph{suffix} of the list of premises.
7.1691 -
7.1692 -\item [$case_conclusion~c~\vec d$] declares names for the conclusions of a
7.1693 - named premise $c$; here $\vec d$ refers to the prefix of arguments of a
7.1694 - logical formula built by nesting a binary connective (e.g.\ $\lor$).
7.1695 -
7.1696 - Note that proof methods such as $induct$ and $coinduct$ already provide a
7.1697 - default name for the conclusion as a whole. The need to name subformulas
7.1698 - only arises with cases that split into several sub-cases, as in common
7.1699 - co-induction rules.
7.1700 -
7.1701 -\item [$params~\vec p@1 \dots \vec p@n$] renames the innermost parameters of
7.1702 - premises $1, \dots, n$ of some theorem. An empty list of names may be given
7.1703 - to skip positions, leaving the present parameters unchanged.
7.1704 -
7.1705 - Note that the default usage of case rules does \emph{not} directly expose
7.1706 - parameters to the proof context.
7.1707 -
7.1708 -\item [$consumes~n$] declares the number of ``major premises'' of a rule,
7.1709 - i.e.\ the number of facts to be consumed when it is applied by an
7.1710 - appropriate proof method. The default value of $consumes$ is $n = 1$, which
7.1711 - is appropriate for the usual kind of cases and induction rules for inductive
7.1712 - sets (cf.\ \S\ref{sec:hol-inductive}). Rules without any $consumes$
7.1713 - declaration given are treated as if $consumes~0$ had been specified.
7.1714 -
7.1715 - Note that explicit $consumes$ declarations are only rarely needed; this is
7.1716 - already taken care of automatically by the higher-level $cases$, $induct$,
7.1717 - and $coinduct$ declarations.
7.1718 -
7.1719 -\end{descr}
7.1720 -
7.1721 -
7.1722 -\subsubsection{Proof methods}
7.1723 -
7.1724 -\indexisarmeth{cases}\indexisarmeth{induct}\indexisarmeth{coinduct}
7.1725 -\begin{matharray}{rcl}
7.1726 - cases & : & \isarmeth \\
7.1727 - induct & : & \isarmeth \\
7.1728 - coinduct & : & \isarmeth \\
7.1729 -\end{matharray}
7.1730 -
7.1731 -The $cases$, $induct$, and $coinduct$ methods provide a uniform
7.1732 -interface to common proof techniques over datatypes, inductive
7.1733 -predicates (or sets), recursive functions etc. The corresponding
7.1734 -rules may be specified and instantiated in a casual manner.
7.1735 -Furthermore, these methods provide named local contexts that may be
7.1736 -invoked via the $\CASENAME$ proof command within the subsequent proof
7.1737 -text. This accommodates compact proof texts even when reasoning about
7.1738 -large specifications.
7.1739 -
7.1740 -The $induct$ method also provides some additional infrastructure in order to
7.1741 -be applicable to structure statements (either using explicit meta-level
7.1742 -connectives, or including facts and parameters separately). This avoids
7.1743 -cumbersome encoding of ``strengthened'' inductive statements within the
7.1744 -object-logic.
7.1745 -
7.1746 -\begin{rail}
7.1747 - 'cases' (insts * 'and') rule?
7.1748 - ;
7.1749 - 'induct' (definsts * 'and') \\ arbitrary? taking? rule?
7.1750 - ;
7.1751 - 'coinduct' insts taking rule?
7.1752 - ;
7.1753 -
7.1754 - rule: ('type' | 'pred' | 'set') ':' (nameref +) | 'rule' ':' (thmref +)
7.1755 - ;
7.1756 - definst: name ('==' | equiv) term | inst
7.1757 - ;
7.1758 - definsts: ( definst *)
7.1759 - ;
7.1760 - arbitrary: 'arbitrary' ':' ((term *) 'and' +)
7.1761 - ;
7.1762 - taking: 'taking' ':' insts
7.1763 - ;
7.1764 -\end{rail}
7.1765 -
7.1766 -\begin{descr}
7.1767 -
7.1768 -\item [$cases~insts~R$] applies method $rule$ with an appropriate case
7.1769 - distinction theorem, instantiated to the subjects $insts$. Symbolic case
7.1770 - names are bound according to the rule's local contexts.
7.1771 -
7.1772 - The rule is determined as follows, according to the facts and arguments
7.1773 - passed to the $cases$ method:
7.1774 - \begin{matharray}{llll}
7.1775 - \Text{facts} & & \Text{arguments} & \Text{rule} \\\hline
7.1776 - & cases & & \Text{classical case split} \\
7.1777 - & cases & t & \Text{datatype exhaustion (type of $t$)} \\
7.1778 - \edrv A\; t & cases & \dots & \Text{inductive predicate/set elimination (of $A$)} \\
7.1779 - \dots & cases & \dots ~ R & \Text{explicit rule $R$} \\
7.1780 - \end{matharray}
7.1781 -
7.1782 - Several instantiations may be given, referring to the \emph{suffix} of
7.1783 - premises of the case rule; within each premise, the \emph{prefix} of
7.1784 - variables is instantiated. In most situations, only a single term needs to
7.1785 - be specified; this refers to the first variable of the last premise (it is
7.1786 - usually the same for all cases).
7.1787 -
7.1788 -\item [$induct~insts~R$] is analogous to the $cases$ method, but refers to
7.1789 - induction rules, which are determined as follows:
7.1790 - \begin{matharray}{llll}
7.1791 - \Text{facts} & & \Text{arguments} & \Text{rule} \\\hline
7.1792 - & induct & P ~ x ~ \dots & \Text{datatype induction (type of $x$)} \\
7.1793 - \edrv A\; x & induct & \dots & \Text{predicate/set induction (of $A$)} \\
7.1794 - \dots & induct & \dots ~ R & \Text{explicit rule $R$} \\
7.1795 - \end{matharray}
7.1796 -
7.1797 - Several instantiations may be given, each referring to some part of
7.1798 - a mutual inductive definition or datatype --- only related partial
7.1799 - induction rules may be used together, though. Any of the lists of
7.1800 - terms $P, x, \dots$ refers to the \emph{suffix} of variables present
7.1801 - in the induction rule. This enables the writer to specify only
7.1802 - induction variables, or both predicates and variables, for example.
7.1803 -
7.1804 - Instantiations may be definitional: equations $x \equiv t$ introduce local
7.1805 - definitions, which are inserted into the claim and discharged after applying
7.1806 - the induction rule. Equalities reappear in the inductive cases, but have
7.1807 - been transformed according to the induction principle being involved here.
7.1808 - In order to achieve practically useful induction hypotheses, some variables
7.1809 - occurring in $t$ need to be fixed (see below).
7.1810 -
7.1811 - The optional ``$arbitrary\colon \vec x$'' specification generalizes
7.1812 - variables $\vec x$ of the original goal before applying induction. Thus
7.1813 - induction hypotheses may become sufficiently general to get the proof
7.1814 - through. Together with definitional instantiations, one may effectively
7.1815 - perform induction over expressions of a certain structure.
7.1816 -
7.1817 - The optional ``$taking\colon \vec t$'' specification provides additional
7.1818 - instantiations of a prefix of pending variables in the rule. Such schematic
7.1819 - induction rules rarely occur in practice, though.
7.1820 -
7.1821 -\item [$coinduct~inst~R$] is analogous to the $induct$ method, but refers to
7.1822 - coinduction rules, which are determined as follows:
7.1823 - \begin{matharray}{llll}
7.1824 - \Text{goal} & & \Text{arguments} & \Text{rule} \\\hline
7.1825 - & coinduct & x ~ \dots & \Text{type coinduction (type of $x$)} \\
7.1826 - A\; x & coinduct & \dots & \Text{predicate/set coinduction (of $A$)} \\
7.1827 - \dots & coinduct & \dots ~ R & \Text{explicit rule $R$} \\
7.1828 - \end{matharray}
7.1829 -
7.1830 - Coinduction is the dual of induction. Induction essentially
7.1831 - eliminates $A\; x$ towards a generic result $P\; x$, while
7.1832 - coinduction introduces $A\; x$ starting with $B\; x$, for a suitable
7.1833 - ``bisimulation'' $B$. The cases of a coinduct rule are typically
7.1834 - named after the predicates or sets being covered, while the
7.1835 - conclusions consist of several alternatives being named after the
7.1836 - individual destructor patterns.
7.1837 -
7.1838 - The given instantiation refers to the \emph{suffix} of variables
7.1839 - occurring in the rule's major premise, or conclusion if unavailable.
7.1840 - An additional ``$taking: \vec t$'' specification may be required in
7.1841 - order to specify the bisimulation to be used in the coinduction
7.1842 - step.
7.1843 -
7.1844 -\end{descr}
7.1845 -
7.1846 -Above methods produce named local contexts, as determined by the instantiated
7.1847 -rule as given in the text. Beyond that, the $induct$ and $coinduct$ methods
7.1848 -guess further instantiations from the goal specification itself. Any
7.1849 -persisting unresolved schematic variables of the resulting rule will render
7.1850 -the the corresponding case invalid. The term binding
7.1851 -$\Var{case}$\indexisarvar{case} for the conclusion will be provided with each
7.1852 -case, provided that term is fully specified.
7.1853 -
7.1854 -The $\isarkeyword{print_cases}$ command prints all named cases present in the
7.1855 -current proof state.
7.1856 -
7.1857 -\medskip
7.1858 -
7.1859 -Despite the additional infrastructure, both $cases$ and $coinduct$ merely
7.1860 -apply a certain rule, after instantiation, while conforming due to the usual
7.1861 -way of monotonic natural deduction: the context of a structured statement
7.1862 -$\All{\vec x} \vec\phi \Imp \dots$ reappears unchanged after the case split.
7.1863 -
7.1864 -The $induct$ method is significantly different in this respect: the meta-level
7.1865 -structure is passed through the ``recursive'' course involved in the
7.1866 -induction. Thus the original statement is basically replaced by separate
7.1867 -copies, corresponding to the induction hypotheses and conclusion; the original
7.1868 -goal context is no longer available. Thus local assumptions, fixed parameters
7.1869 -and definitions effectively participate in the inductive rephrasing of the
7.1870 -original statement.
7.1871 -
7.1872 -In induction proofs, local assumptions introduced by cases are split into two
7.1873 -different kinds: $hyps$ stemming from the rule and $prems$ from the goal
7.1874 -statement. This is reflected in the extracted cases accordingly, so invoking
7.1875 -``$\isarcmd{case}~c$'' will provide separate facts $c\mathord.hyps$ and
7.1876 -$c\mathord.prems$, as well as fact $c$ to hold the all-inclusive list.
7.1877 -
7.1878 -\medskip
7.1879 -
7.1880 -Facts presented to either method are consumed according to the number
7.1881 -of ``major premises'' of the rule involved, which is usually $0$ for
7.1882 -plain cases and induction rules of datatypes etc.\ and $1$ for rules
7.1883 -of inductive predicates or sets and the like. The remaining facts are
7.1884 -inserted into the goal verbatim before the actual $cases$, $induct$,
7.1885 -or $coinduct$ rule is applied.
7.1886 -
7.1887 -
7.1888 -\subsubsection{Declaring rules}
7.1889 -
7.1890 -\indexisarcmd{print-induct-rules}\indexisaratt{cases}\indexisaratt{induct}\indexisaratt{coinduct}
7.1891 -\begin{matharray}{rcl}
7.1892 - \isarcmd{print_induct_rules}^* & : & \isarkeep{theory~|~proof} \\
7.1893 - cases & : & \isaratt \\
7.1894 - induct & : & \isaratt \\
7.1895 - coinduct & : & \isaratt \\
7.1896 -\end{matharray}
7.1897 -
7.1898 -\begin{rail}
7.1899 - 'cases' spec
7.1900 - ;
7.1901 - 'induct' spec
7.1902 - ;
7.1903 - 'coinduct' spec
7.1904 - ;
7.1905 -
7.1906 - spec: ('type' | 'pred' | 'set') ':' nameref
7.1907 - ;
7.1908 -\end{rail}
7.1909 -
7.1910 -\begin{descr}
7.1911 -
7.1912 -\item [$\isarkeyword{print_induct_rules}$] prints cases and induct
7.1913 - rules for predicates (or sets) and types of the current context.
7.1914 -
7.1915 -\item [$cases$, $induct$, and $coinduct$] (as attributes) augment the
7.1916 - corresponding context of rules for reasoning about (co)inductive
7.1917 - predicates (or sets) and types, using the corresponding methods of
7.1918 - the same name. Certain definitional packages of object-logics
7.1919 - usually declare emerging cases and induction rules as expected, so
7.1920 - users rarely need to intervene.
7.1921 -
7.1922 - Manual rule declarations usually refer to the $case_names$ and
7.1923 - $params$ attributes to adjust names of cases and parameters of a
7.1924 - rule; the $consumes$ declaration is taken care of automatically:
7.1925 - $consumes~0$ is specified for ``type'' rules and $consumes~1$ for
7.1926 - ``predicate'' / ``set'' rules.
7.1927 -
7.1928 -\end{descr}
7.1929 -
7.1930 -%%% Local Variables:
7.1931 -%%% mode: latex
7.1932 -%%% TeX-master: "isar-ref"
7.1933 -%%% End:
8.1 --- a/doc-src/IsarRef/isar-ref.tex Sun May 04 21:34:44 2008 +0200
8.2 +++ b/doc-src/IsarRef/isar-ref.tex Mon May 05 15:23:21 2008 +0200
8.3 @@ -72,7 +72,7 @@
8.4 \input{basics.tex}
8.5 \input{Thy/document/syntax.tex}
8.6 \input{Thy/document/pure.tex}
8.7 -\input{generic.tex}
8.8 +\input{Thy/document/Generic.tex}
8.9 \input{logics.tex}
8.10
8.11 \appendix