1.1 --- a/doc-src/IsarRef/IsaMakefile Fri May 02 16:32:51 2008 +0200
1.2 +++ b/doc-src/IsarRef/IsaMakefile Fri May 02 16:36:05 2008 +0200
1.3 @@ -22,7 +22,7 @@
1.4 Thy: $(LOG)/HOL-Thy.gz
1.5
1.6 $(LOG)/HOL-Thy.gz: Thy/ROOT.ML ../antiquote_setup.ML Thy/intro.thy \
1.7 - Thy/syntax.thy
1.8 + Thy/pure.thy Thy/syntax.thy
1.9 @$(USEDIR) HOL Thy
1.10
1.11
2.1 --- a/doc-src/IsarRef/Makefile Fri May 02 16:32:51 2008 +0200
2.2 +++ b/doc-src/IsarRef/Makefile Fri May 02 16:36:05 2008 +0200
2.3 @@ -13,8 +13,8 @@
2.4
2.5 NAME = isar-ref
2.6
2.7 -FILES = isar-ref.tex Thy/document/intro.tex basics.tex Thy/document/syntax.tex pure.tex \
2.8 - generic.tex logics.tex refcard.tex conversion.tex \
2.9 +FILES = isar-ref.tex Thy/document/intro.tex basics.tex Thy/document/syntax.tex \
2.10 + Thy/document/pure.tex generic.tex logics.tex refcard.tex conversion.tex \
2.11 ../isar.sty ../rail.sty ../railsetup.sty ../proof.sty \
2.12 ../iman.sty ../extra.sty ../ttbox.sty ../manual.bib
2.13
3.1 --- a/doc-src/IsarRef/Thy/ROOT.ML Fri May 02 16:32:51 2008 +0200
3.2 +++ b/doc-src/IsarRef/Thy/ROOT.ML Fri May 02 16:36:05 2008 +0200
3.3 @@ -4,3 +4,4 @@
3.4 use "../../antiquote_setup.ML";
3.5 use_thy "intro";
3.6 use_thy "syntax";
3.7 +use_thy "pure";
4.1 --- a/doc-src/IsarRef/Thy/document/intro.tex Fri May 02 16:32:51 2008 +0200
4.2 +++ b/doc-src/IsarRef/Thy/document/intro.tex Fri May 02 16:36:05 2008 +0200
4.3 @@ -4,6 +4,7 @@
4.4 %
4.5 \isadelimtheory
4.6 \isanewline
4.7 +\isanewline
4.8 %
4.9 \endisadelimtheory
4.10 %
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
5.2 +++ b/doc-src/IsarRef/Thy/document/pure.tex Fri May 02 16:36:05 2008 +0200
5.3 @@ -0,0 +1,1806 @@
5.4 +%
5.5 +\begin{isabellebody}%
5.6 +\def\isabellecontext{pure}%
5.7 +%
5.8 +\isadelimtheory
5.9 +\isanewline
5.10 +\isanewline
5.11 +%
5.12 +\endisadelimtheory
5.13 +%
5.14 +\isatagtheory
5.15 +\isacommand{theory}\isamarkupfalse%
5.16 +\ pure\isanewline
5.17 +\isakeyword{imports}\ CPure\isanewline
5.18 +\isakeyword{begin}%
5.19 +\endisatagtheory
5.20 +{\isafoldtheory}%
5.21 +%
5.22 +\isadelimtheory
5.23 +%
5.24 +\endisadelimtheory
5.25 +%
5.26 +\isamarkupchapter{Basic language elements \label{ch:pure-syntax}%
5.27 +}
5.28 +\isamarkuptrue%
5.29 +%
5.30 +\begin{isamarkuptext}%
5.31 +Subsequently, we introduce the main part of Pure theory and proof
5.32 + commands, together with fundamental proof methods and attributes.
5.33 + \Chref{ch:gen-tools} describes further Isar elements provided by
5.34 + generic tools and packages (such as the Simplifier) that are either
5.35 + part of Pure Isabelle or pre-installed in most object logics.
5.36 + \Chref{ch:logics} refers to object-logic specific elements (mainly
5.37 + for HOL and ZF).
5.38 +
5.39 + \medskip Isar commands may be either \emph{proper} document
5.40 + constructors, or \emph{improper commands}. Some proof methods and
5.41 + attributes introduced later are classified as improper as well.
5.42 + Improper Isar language elements, which are subsequently marked by
5.43 + ``\isa{\isactrlsup {\isacharasterisk}}'', are often helpful when developing proof
5.44 + documents, while their use is discouraged for the final
5.45 + human-readable outcome. Typical examples are diagnostic commands
5.46 + that print terms or theorems according to the current context; other
5.47 + commands emulate old-style tactical theorem proving.%
5.48 +\end{isamarkuptext}%
5.49 +\isamarkuptrue%
5.50 +%
5.51 +\isamarkupsection{Theory commands%
5.52 +}
5.53 +\isamarkuptrue%
5.54 +%
5.55 +\isamarkupsubsection{Defining theories \label{sec:begin-thy}%
5.56 +}
5.57 +\isamarkuptrue%
5.58 +%
5.59 +\begin{isamarkuptext}%
5.60 +\begin{matharray}{rcl}
5.61 + \indexdef{}{command}{header}\isa{\isacommand{header}} & : & \isarkeep{toplevel} \\
5.62 + \indexdef{}{command}{theory}\isa{\isacommand{theory}} & : & \isartrans{toplevel}{theory} \\
5.63 + \indexdef{}{command}{end}\isa{\isacommand{end}} & : & \isartrans{theory}{toplevel} \\
5.64 + \end{matharray}
5.65 +
5.66 + Isabelle/Isar theories are defined via theory, which contain both
5.67 + specifications and proofs; occasionally definitional mechanisms also
5.68 + require some explicit proof.
5.69 +
5.70 + The first ``real'' command of any theory has to be \isa{\isacommand{theory}}, which starts a new theory based on the merge of existing
5.71 + ones. Just preceding the \isa{\isacommand{theory}} keyword, there may be
5.72 + an optional \isa{\isacommand{header}} declaration, which is relevant to
5.73 + document preparation only; it acts very much like a special
5.74 + pre-theory markup command (cf.\ \secref{sec:markup-thy} and
5.75 + \secref{sec:markup-thy}). The \isa{\isacommand{end}} command concludes a
5.76 + theory development; it has to be the very last command of any theory
5.77 + file loaded in batch-mode.
5.78 +
5.79 + \begin{rail}
5.80 + 'header' text
5.81 + ;
5.82 + 'theory' name 'imports' (name +) uses? 'begin'
5.83 + ;
5.84 +
5.85 + uses: 'uses' ((name | parname) +);
5.86 + \end{rail}
5.87 +
5.88 + \begin{descr}
5.89 +
5.90 + \item [\isa{\isacommand{header}}~\isa{text}] provides plain text
5.91 + markup just preceding the formal beginning of a theory. In actual
5.92 + document preparation the corresponding {\LaTeX} macro \verb|\isamarkupheader| may be redefined to produce chapter or section
5.93 + headings. See also \secref{sec:markup-thy} and
5.94 + \secref{sec:markup-prf} for further markup commands.
5.95 +
5.96 + \item [\isa{\isacommand{theory}}~\isa{A\ {\isasymIMPORTS}\ B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n\ {\isasymBEGIN}}] starts a new theory \isa{A} based on the
5.97 + merge of existing theories \isa{B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n}.
5.98 +
5.99 + Due to inclusion of several ancestors, the overall theory structure
5.100 + emerging in an Isabelle session forms a directed acyclic graph
5.101 + (DAG). Isabelle's theory loader ensures that the sources
5.102 + contributing to the development graph are always up-to-date.
5.103 + Changed files are automatically reloaded when processing theory
5.104 + headers.
5.105 +
5.106 + The optional \indexdef{}{keyword}{uses}\isa{\isakeyword{uses}} specification declares additional
5.107 + dependencies on extra files (usually ML sources). Files will be
5.108 + loaded immediately (as ML), unless the name is put in parentheses,
5.109 + which merely documents the dependency to be resolved later in the
5.110 + text (typically via explicit \indexref{}{command}{use}\isa{\isacommand{use}} in the body text,
5.111 + see \secref{sec:ML}).
5.112 +
5.113 + \item [\isa{\isacommand{end}}] concludes the current theory definition or
5.114 + context switch.
5.115 +
5.116 + \end{descr}%
5.117 +\end{isamarkuptext}%
5.118 +\isamarkuptrue%
5.119 +%
5.120 +\isamarkupsubsection{Markup commands \label{sec:markup-thy}%
5.121 +}
5.122 +\isamarkuptrue%
5.123 +%
5.124 +\begin{isamarkuptext}%
5.125 +\begin{matharray}{rcl}
5.126 + \indexdef{}{command}{chapter}\isa{\isacommand{chapter}} & : & \isarkeep{local{\dsh}theory} \\
5.127 + \indexdef{}{command}{section}\isa{\isacommand{section}} & : & \isarkeep{local{\dsh}theory} \\
5.128 + \indexdef{}{command}{subsection}\isa{\isacommand{subsection}} & : & \isarkeep{local{\dsh}theory} \\
5.129 + \indexdef{}{command}{subsubsection}\isa{\isacommand{subsubsection}} & : & \isarkeep{local{\dsh}theory} \\
5.130 + \indexdef{}{command}{text}\isa{\isacommand{text}} & : & \isarkeep{local{\dsh}theory} \\
5.131 + \indexdef{}{command}{text-raw}\isa{\isacommand{text{\isacharunderscore}raw}} & : & \isarkeep{local{\dsh}theory} \\
5.132 + \end{matharray}
5.133 +
5.134 + Apart from formal comments (see \secref{sec:comments}), markup
5.135 + commands provide a structured way to insert text into the document
5.136 + generated from a theory (see \cite{isabelle-sys} for more
5.137 + information on Isabelle's document preparation tools).
5.138 +
5.139 + \begin{rail}
5.140 + ('chapter' | 'section' | 'subsection' | 'subsubsection' | 'text') target? text
5.141 + ;
5.142 + 'text\_raw' text
5.143 + ;
5.144 + \end{rail}
5.145 +
5.146 + \begin{descr}
5.147 +
5.148 + \item [\isa{\isacommand{chapter}}, \isa{\isacommand{section}}, \isa{\isacommand{subsection}}, and \isa{\isacommand{subsubsection}}] mark chapter and
5.149 + section headings.
5.150 +
5.151 + \item [\isa{\isacommand{text}}] specifies paragraphs of plain text.
5.152 +
5.153 + \item [\isa{\isacommand{text{\isacharunderscore}raw}}] inserts {\LaTeX} source into the
5.154 + output, without additional markup. Thus the full range of document
5.155 + manipulations becomes available.
5.156 +
5.157 + \end{descr}
5.158 +
5.159 + The \isa{text} argument of these markup commands (except for
5.160 + \isa{\isacommand{text{\isacharunderscore}raw}}) may contain references to formal entities
5.161 + (``antiquotations'', see also \secref{sec:antiq}). These are
5.162 + interpreted in the present theory context, or the named \isa{target}.
5.163 +
5.164 + Any of these markup elements corresponds to a {\LaTeX} command with
5.165 + the name prefixed by \verb|\isamarkup|. For the sectioning
5.166 + commands this is a plain macro with a single argument, e.g.\
5.167 + \verb|\isamarkupchapter{|\isa{{\isasymdots}}\verb|}| for
5.168 + \isa{\isacommand{chapter}}. The \isa{\isacommand{text}} markup results in a
5.169 + {\LaTeX} environment \verb|\begin{isamarkuptext}|~\isa{{\isasymdots}}~\verb|\end{isamarkuptext}|, while \isa{\isacommand{text{\isacharunderscore}raw}}
5.170 + causes the text to be inserted directly into the {\LaTeX} source.
5.171 +
5.172 + \medskip Additional markup commands are available for proofs (see
5.173 + \secref{sec:markup-prf}). Also note that the \indexref{}{command}{header}\isa{\isacommand{header}} declaration (see \secref{sec:begin-thy}) admits to insert
5.174 + section markup just preceding the actual theory definition.%
5.175 +\end{isamarkuptext}%
5.176 +\isamarkuptrue%
5.177 +%
5.178 +\isamarkupsubsection{Type classes and sorts \label{sec:classes}%
5.179 +}
5.180 +\isamarkuptrue%
5.181 +%
5.182 +\begin{isamarkuptext}%
5.183 +\begin{matharray}{rcll}
5.184 + \indexdef{}{command}{classes}\isa{\isacommand{classes}} & : & \isartrans{theory}{theory} \\
5.185 + \indexdef{}{command}{classrel}\isa{\isacommand{classrel}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
5.186 + \indexdef{}{command}{defaultsort}\isa{\isacommand{defaultsort}} & : & \isartrans{theory}{theory} \\
5.187 + \indexdef{}{command}{class-deps}\isa{\isacommand{class{\isacharunderscore}deps}} & : & \isarkeep{theory~|~proof} \\
5.188 + \end{matharray}
5.189 +
5.190 + \begin{rail}
5.191 + 'classes' (classdecl +)
5.192 + ;
5.193 + 'classrel' (nameref ('<' | subseteq) nameref + 'and')
5.194 + ;
5.195 + 'defaultsort' sort
5.196 + ;
5.197 + \end{rail}
5.198 +
5.199 + \begin{descr}
5.200 +
5.201 + \item [\isa{\isacommand{classes}}~\isa{c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n}]
5.202 + declares class \isa{c} to be a subclass of existing classes \isa{c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n}. Cyclic class structures are not permitted.
5.203 +
5.204 + \item [\isa{\isacommand{classrel}}~\isa{c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}}] states
5.205 + subclass relations between existing classes \isa{c\isactrlsub {\isadigit{1}}} and
5.206 + \isa{c\isactrlsub {\isadigit{2}}}. This is done axiomatically! The \indexref{}{command}{instance}\isa{\isacommand{instance}} command (see \secref{sec:axclass}) provides a way to
5.207 + introduce proven class relations.
5.208 +
5.209 + \item [\isa{\isacommand{defaultsort}}~\isa{s}] makes sort \isa{s} the
5.210 + new default sort for any type variables given without sort
5.211 + constraints. Usually, the default sort would be only changed when
5.212 + defining a new object-logic.
5.213 +
5.214 + \item [\isa{\isacommand{class{\isacharunderscore}deps}}] visualizes the subclass relation,
5.215 + using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
5.216 +
5.217 + \end{descr}%
5.218 +\end{isamarkuptext}%
5.219 +\isamarkuptrue%
5.220 +%
5.221 +\isamarkupsubsection{Primitive types and type abbreviations \label{sec:types-pure}%
5.222 +}
5.223 +\isamarkuptrue%
5.224 +%
5.225 +\begin{isamarkuptext}%
5.226 +\begin{matharray}{rcll}
5.227 + \indexdef{}{command}{types}\isa{\isacommand{types}} & : & \isartrans{theory}{theory} \\
5.228 + \indexdef{}{command}{typedecl}\isa{\isacommand{typedecl}} & : & \isartrans{theory}{theory} \\
5.229 + \indexdef{}{command}{nonterminals}\isa{\isacommand{nonterminals}} & : & \isartrans{theory}{theory} \\
5.230 + \indexdef{}{command}{arities}\isa{\isacommand{arities}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
5.231 + \end{matharray}
5.232 +
5.233 + \begin{rail}
5.234 + 'types' (typespec '=' type infix? +)
5.235 + ;
5.236 + 'typedecl' typespec infix?
5.237 + ;
5.238 + 'nonterminals' (name +)
5.239 + ;
5.240 + 'arities' (nameref '::' arity +)
5.241 + ;
5.242 + \end{rail}
5.243 +
5.244 + \begin{descr}
5.245 +
5.246 + \item [\isa{\isacommand{types}}~\isa{{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t\ {\isacharequal}\ {\isasymtau}}]
5.247 + introduces \emph{type synonym} \isa{{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t}
5.248 + for existing type \isa{{\isasymtau}}. Unlike actual type definitions, as
5.249 + are available in Isabelle/HOL for example, type synonyms are just
5.250 + purely syntactic abbreviations without any logical significance.
5.251 + Internally, type synonyms are fully expanded.
5.252 +
5.253 + \item [\isa{\isacommand{typedecl}}~\isa{{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t}]
5.254 + declares a new type constructor \isa{t}, intended as an actual
5.255 + logical type (of the object-logic, if available).
5.256 +
5.257 + \item [\isa{\isacommand{nonterminals}}~\isa{c}] declares type
5.258 + constructors \isa{c} (without arguments) to act as purely
5.259 + syntactic types, i.e.\ nonterminal symbols of Isabelle's inner
5.260 + syntax of terms or types.
5.261 +
5.262 + \item [\isa{\isacommand{arities}}~\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s}] augments Isabelle's order-sorted signature of types by new type
5.263 + constructor arities. This is done axiomatically! The \indexref{}{command}{instance}\isa{\isacommand{instance}} command (see \S\ref{sec:axclass}) provides a way to
5.264 + introduce proven type arities.
5.265 +
5.266 + \end{descr}%
5.267 +\end{isamarkuptext}%
5.268 +\isamarkuptrue%
5.269 +%
5.270 +\isamarkupsubsection{Primitive constants and definitions \label{sec:consts}%
5.271 +}
5.272 +\isamarkuptrue%
5.273 +%
5.274 +\begin{isamarkuptext}%
5.275 +Definitions essentially express abbreviations within the logic. The
5.276 + simplest form of a definition is \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\ {\isasymequiv}\ t}, where \isa{c} is a newly declared constant. Isabelle also allows derived forms
5.277 + where the arguments of \isa{c} appear on the left, abbreviating a
5.278 + prefix of \isa{{\isasymlambda}}-abstractions, e.g.\ \isa{c\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t} may be
5.279 + written more conveniently as \isa{c\ x\ y\ {\isasymequiv}\ t}. Moreover,
5.280 + definitions may be weakened by adding arbitrary pre-conditions:
5.281 + \isa{A\ {\isasymLongrightarrow}\ c\ x\ y\ {\isasymequiv}\ t}.
5.282 +
5.283 + \medskip The built-in well-formedness conditions for definitional
5.284 + specifications are:
5.285 +
5.286 + \begin{itemize}
5.287 +
5.288 + \item Arguments (on the left-hand side) must be distinct variables.
5.289 +
5.290 + \item All variables on the right-hand side must also appear on the
5.291 + left-hand side.
5.292 +
5.293 + \item All type variables on the right-hand side must also appear on
5.294 + the left-hand side; this prohibits \isa{{\isadigit{0}}\ {\isacharcolon}{\isacharcolon}\ nat\ {\isasymequiv}\ length\ {\isacharparenleft}{\isacharbrackleft}{\isacharbrackright}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ list{\isacharparenright}} for example.
5.295 +
5.296 + \item The definition must not be recursive. Most object-logics
5.297 + provide definitional principles that can be used to express
5.298 + recursion safely.
5.299 +
5.300 + \end{itemize}
5.301 +
5.302 + Overloading means that a constant being declared as \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ decl} may be defined separately on type instances \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n{\isacharparenright}\ t\ decl} for each type constructor \isa{t}. The right-hand side may mention overloaded constants
5.303 + recursively at type instances corresponding to the immediate
5.304 + argument types \isa{{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n}. Incomplete
5.305 + specification patterns impose global constraints on all occurrences,
5.306 + e.g.\ \isa{d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymalpha}} on the left-hand side means that all
5.307 + corresponding occurrences on some right-hand side need to be an
5.308 + instance of this, general \isa{d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymbeta}} will be disallowed.
5.309 +
5.310 + \begin{matharray}{rcl}
5.311 + \indexdef{}{command}{consts}\isa{\isacommand{consts}} & : & \isartrans{theory}{theory} \\
5.312 + \indexdef{}{command}{defs}\isa{\isacommand{defs}} & : & \isartrans{theory}{theory} \\
5.313 + \indexdef{}{command}{constdefs}\isa{\isacommand{constdefs}} & : & \isartrans{theory}{theory} \\
5.314 + \end{matharray}
5.315 +
5.316 + \begin{rail}
5.317 + 'consts' ((name '::' type mixfix?) +)
5.318 + ;
5.319 + 'defs' ('(' 'unchecked'? 'overloaded'? ')')? \\ (axmdecl prop +)
5.320 + ;
5.321 + \end{rail}
5.322 +
5.323 + \begin{rail}
5.324 + 'constdefs' structs? (constdecl? constdef +)
5.325 + ;
5.326 +
5.327 + structs: '(' 'structure' (vars + 'and') ')'
5.328 + ;
5.329 + constdecl: ((name '::' type mixfix | name '::' type | name mixfix) 'where'?) | name 'where'
5.330 + ;
5.331 + constdef: thmdecl? prop
5.332 + ;
5.333 + \end{rail}
5.334 +
5.335 + \begin{descr}
5.336 +
5.337 + \item [\isa{\isacommand{consts}}~\isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}] declares constant
5.338 + \isa{c} to have any instance of type scheme \isa{{\isasymsigma}}. The
5.339 + optional mixfix annotations may attach concrete syntax to the
5.340 + constants declared.
5.341 +
5.342 + \item [\isa{\isacommand{defs}}~\isa{name{\isacharcolon}\ eqn}] introduces \isa{eqn}
5.343 + as a definitional axiom for some existing constant.
5.344 +
5.345 + The \isa{{\isacharparenleft}unchecked{\isacharparenright}} option disables global dependency checks
5.346 + for this definition, which is occasionally useful for exotic
5.347 + overloading. It is at the discretion of the user to avoid malformed
5.348 + theory specifications!
5.349 +
5.350 + The \isa{{\isacharparenleft}overloaded{\isacharparenright}} option declares definitions to be
5.351 + potentially overloaded. Unless this option is given, a warning
5.352 + message would be issued for any definitional equation with a more
5.353 + special type than that of the corresponding constant declaration.
5.354 +
5.355 + \item [\isa{\isacommand{constdefs}}] provides a streamlined combination of
5.356 + constants declarations and definitions: type-inference takes care of
5.357 + the most general typing of the given specification (the optional
5.358 + type constraint may refer to type-inference dummies ``\verb|_|'' as usual). The resulting type declaration needs to agree with
5.359 + that of the specification; overloading is \emph{not} supported here!
5.360 +
5.361 + The constant name may be omitted altogether, if neither type nor
5.362 + syntax declarations are given. The canonical name of the
5.363 + definitional axiom for constant \isa{c} will be \isa{c{\isacharunderscore}def},
5.364 + unless specified otherwise. Also note that the given list of
5.365 + specifications is processed in a strictly sequential manner, with
5.366 + type-checking being performed independently.
5.367 +
5.368 + An optional initial context of \isa{{\isacharparenleft}structure{\isacharparenright}} declarations
5.369 + admits use of indexed syntax, using the special symbol \verb|\<index>| (printed as ``\isa{{\isasymindex}}''). The latter concept is
5.370 + particularly useful with locales (see also \S\ref{sec:locale}).
5.371 +
5.372 + \end{descr}%
5.373 +\end{isamarkuptext}%
5.374 +\isamarkuptrue%
5.375 +%
5.376 +\isamarkupsubsection{Syntax and translations \label{sec:syn-trans}%
5.377 +}
5.378 +\isamarkuptrue%
5.379 +%
5.380 +\begin{isamarkuptext}%
5.381 +\begin{matharray}{rcl}
5.382 + \indexdef{}{command}{syntax}\isa{\isacommand{syntax}} & : & \isartrans{theory}{theory} \\
5.383 + \indexdef{}{command}{no-syntax}\isa{\isacommand{no{\isacharunderscore}syntax}} & : & \isartrans{theory}{theory} \\
5.384 + \indexdef{}{command}{translations}\isa{\isacommand{translations}} & : & \isartrans{theory}{theory} \\
5.385 + \indexdef{}{command}{no-translations}\isa{\isacommand{no{\isacharunderscore}translations}} & : & \isartrans{theory}{theory} \\
5.386 + \end{matharray}
5.387 +
5.388 + \railalias{rightleftharpoons}{\isasymrightleftharpoons}
5.389 + \railterm{rightleftharpoons}
5.390 +
5.391 + \railalias{rightharpoonup}{\isasymrightharpoonup}
5.392 + \railterm{rightharpoonup}
5.393 +
5.394 + \railalias{leftharpoondown}{\isasymleftharpoondown}
5.395 + \railterm{leftharpoondown}
5.396 +
5.397 + \begin{rail}
5.398 + ('syntax' | 'no\_syntax') mode? (constdecl +)
5.399 + ;
5.400 + ('translations' | 'no\_translations') (transpat ('==' | '=>' | '<=' | rightleftharpoons | rightharpoonup | leftharpoondown) transpat +)
5.401 + ;
5.402 +
5.403 + mode: ('(' ( name | 'output' | name 'output' ) ')')
5.404 + ;
5.405 + transpat: ('(' nameref ')')? string
5.406 + ;
5.407 + \end{rail}
5.408 +
5.409 + \begin{descr}
5.410 +
5.411 + \item [\isa{\isacommand{syntax}}~\isa{{\isacharparenleft}mode{\isacharparenright}\ decls}] is similar to
5.412 + \isa{\isacommand{consts}}~\isa{decls}, except that the actual logical
5.413 + signature extension is omitted. Thus the context free grammar of
5.414 + Isabelle's inner syntax may be augmented in arbitrary ways,
5.415 + independently of the logic. The \isa{mode} argument refers to the
5.416 + print mode that the grammar rules belong; unless the \indexref{}{keyword}{output}\isa{\isakeyword{output}} indicator is given, all productions are added both to the
5.417 + input and output grammar.
5.418 +
5.419 + \item [\isa{\isacommand{no{\isacharunderscore}syntax}}~\isa{{\isacharparenleft}mode{\isacharparenright}\ decls}] removes
5.420 + grammar declarations (and translations) resulting from \isa{decls}, which are interpreted in the same manner as for \isa{\isacommand{syntax}} above.
5.421 +
5.422 + \item [\isa{\isacommand{translations}}~\isa{rules}] specifies syntactic
5.423 + translation rules (i.e.\ macros): parse~/ print rules (\isa{{\isasymrightleftharpoons}}),
5.424 + parse rules (\isa{{\isasymrightharpoonup}}), or print rules (\isa{{\isasymleftharpoondown}}).
5.425 + Translation patterns may be prefixed by the syntactic category to be
5.426 + used for parsing; the default is \isa{logic}.
5.427 +
5.428 + \item [\isa{\isacommand{no{\isacharunderscore}translations}}~\isa{rules}] removes syntactic
5.429 + translation rules, which are interpreted in the same manner as for
5.430 + \isa{\isacommand{translations}} above.
5.431 +
5.432 + \end{descr}%
5.433 +\end{isamarkuptext}%
5.434 +\isamarkuptrue%
5.435 +%
5.436 +\isamarkupsubsection{Axioms and theorems \label{sec:axms-thms}%
5.437 +}
5.438 +\isamarkuptrue%
5.439 +%
5.440 +\begin{isamarkuptext}%
5.441 +\begin{matharray}{rcll}
5.442 + \indexdef{}{command}{axioms}\isa{\isacommand{axioms}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
5.443 + \indexdef{}{command}{lemmas}\isa{\isacommand{lemmas}} & : & \isarkeep{local{\dsh}theory} \\
5.444 + \indexdef{}{command}{theorems}\isa{\isacommand{theorems}} & : & isarkeep{local{\dsh}theory} \\
5.445 + \end{matharray}
5.446 +
5.447 + \begin{rail}
5.448 + 'axioms' (axmdecl prop +)
5.449 + ;
5.450 + ('lemmas' | 'theorems') target? (thmdef? thmrefs + 'and')
5.451 + ;
5.452 + \end{rail}
5.453 +
5.454 + \begin{descr}
5.455 +
5.456 + \item [\isa{\isacommand{axioms}}~\isa{a{\isacharcolon}\ {\isasymphi}}] introduces arbitrary
5.457 + statements as axioms of the meta-logic. In fact, axioms are
5.458 + ``axiomatic theorems'', and may be referred later just as any other
5.459 + theorem.
5.460 +
5.461 + Axioms are usually only introduced when declaring new logical
5.462 + systems. Everyday work is typically done the hard way, with proper
5.463 + definitions and proven theorems.
5.464 +
5.465 + \item [\isa{\isacommand{lemmas}}~\isa{a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}]
5.466 + retrieves and stores existing facts in the theory context, or the
5.467 + specified target context (see also \secref{sec:target}). Typical
5.468 + applications would also involve attributes, to declare Simplifier
5.469 + rules, for example.
5.470 +
5.471 + \item [\isa{\isacommand{theorems}}] is essentially the same as \isa{\isacommand{lemmas}}, but marks the result as a different kind of facts.
5.472 +
5.473 + \end{descr}%
5.474 +\end{isamarkuptext}%
5.475 +\isamarkuptrue%
5.476 +%
5.477 +\isamarkupsubsection{Name spaces%
5.478 +}
5.479 +\isamarkuptrue%
5.480 +%
5.481 +\begin{isamarkuptext}%
5.482 +\begin{matharray}{rcl}
5.483 + \indexdef{}{command}{global}\isa{\isacommand{global}} & : & \isartrans{theory}{theory} \\
5.484 + \indexdef{}{command}{local}\isa{\isacommand{local}} & : & \isartrans{theory}{theory} \\
5.485 + \indexdef{}{command}{hide}\isa{\isacommand{hide}} & : & \isartrans{theory}{theory} \\
5.486 + \end{matharray}
5.487 +
5.488 + \begin{rail}
5.489 + 'hide' ('(open)')? name (nameref + )
5.490 + ;
5.491 + \end{rail}
5.492 +
5.493 + Isabelle organizes any kind of name declarations (of types,
5.494 + constants, theorems etc.) by separate hierarchically structured name
5.495 + spaces. Normally the user does not have to control the behavior of
5.496 + name spaces by hand, yet the following commands provide some way to
5.497 + do so.
5.498 +
5.499 + \begin{descr}
5.500 +
5.501 + \item [\isa{\isacommand{global}} and \isa{\isacommand{local}}] change the
5.502 + current name declaration mode. Initially, theories start in
5.503 + \isa{\isacommand{local}} mode, causing all names to be automatically
5.504 + qualified by the theory name. Changing this to \isa{\isacommand{global}}
5.505 + causes all names to be declared without the theory prefix, until
5.506 + \isa{\isacommand{local}} is declared again.
5.507 +
5.508 + Note that global names are prone to get hidden accidently later,
5.509 + when qualified names of the same base name are introduced.
5.510 +
5.511 + \item [\isa{\isacommand{hide}}~\isa{space\ names}] fully removes
5.512 + declarations from a given name space (which may be \isa{class},
5.513 + \isa{type}, \isa{const}, or \isa{fact}); with the \isa{{\isacharparenleft}open{\isacharparenright}} option, only the base name is hidden. Global
5.514 + (unqualified) names may never be hidden.
5.515 +
5.516 + Note that hiding name space accesses has no impact on logical
5.517 + declarations -- they remain valid internally. Entities that are no
5.518 + longer accessible to the user are printed with the special qualifier
5.519 + ``\isa{{\isacharquery}{\isacharquery}}'' prefixed to the full internal name.
5.520 +
5.521 + \end{descr}%
5.522 +\end{isamarkuptext}%
5.523 +\isamarkuptrue%
5.524 +%
5.525 +\isamarkupsubsection{Incorporating ML code \label{sec:ML}%
5.526 +}
5.527 +\isamarkuptrue%
5.528 +%
5.529 +\begin{isamarkuptext}%
5.530 +\begin{matharray}{rcl}
5.531 + \indexdef{}{command}{use}\isa{\isacommand{use}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
5.532 + \indexdef{}{command}{ML}\isa{\isacommand{ML}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
5.533 + \indexdef{}{command}{ML-val}\isa{\isacommand{ML{\isacharunderscore}val}} & : & \isartrans{\cdot}{\cdot} \\
5.534 + \indexdef{}{command}{ML-command}\isa{\isacommand{ML{\isacharunderscore}command}} & : & \isartrans{\cdot}{\cdot} \\
5.535 + \indexdef{}{command}{setup}\isa{\isacommand{setup}} & : & \isartrans{theory}{theory} \\
5.536 + \indexdef{}{command}{method-setup}\isa{\isacommand{method{\isacharunderscore}setup}} & : & \isartrans{theory}{theory} \\
5.537 + \end{matharray}
5.538 +
5.539 + \begin{rail}
5.540 + 'use' name
5.541 + ;
5.542 + ('ML' | 'ML\_val' | 'ML\_command' | 'setup') text
5.543 + ;
5.544 + 'method\_setup' name '=' text text
5.545 + ;
5.546 + \end{rail}
5.547 +
5.548 + \begin{descr}
5.549 +
5.550 + \item [\isa{\isacommand{use}}~\isa{file}] reads and executes ML
5.551 + commands from \isa{file}. The current theory context is passed
5.552 + down to the ML toplevel and may be modified, using \verb|Context.>>| or derived ML commands. The file name is checked with
5.553 + the \indexref{}{keyword}{uses}\isa{\isakeyword{uses}} dependency declaration given in the theory
5.554 + header (see also \secref{sec:begin-thy}).
5.555 +
5.556 + \item [\isa{\isacommand{ML}}~\isa{text}] is similar to \isa{\isacommand{use}}, but executes ML commands directly from the given \isa{text}.
5.557 +
5.558 + \item [\isa{\isacommand{ML{\isacharunderscore}val}} and \isa{\isacommand{ML{\isacharunderscore}command}}] are
5.559 + diagnostic versions of \isa{\isacommand{ML}}, which means that the context
5.560 + may not be updated. \isa{\isacommand{ML{\isacharunderscore}val}} echos the bindings produced
5.561 + at the ML toplevel, but \isa{\isacommand{ML{\isacharunderscore}command}} is silent.
5.562 +
5.563 + \item [\isa{\isacommand{setup}}~\isa{text}] changes the current theory
5.564 + context by applying \isa{text}, which refers to an ML expression
5.565 + of type \verb|theory -> theory|. This enables to initialize
5.566 + any object-logic specific tools and packages written in ML, for
5.567 + example.
5.568 +
5.569 + \item [\isa{\isacommand{method{\isacharunderscore}setup}}~\isa{name\ {\isacharequal}\ text\ description}]
5.570 + defines a proof method in the current theory. The given \isa{text} has to be an ML expression of type \verb|Args.src ->|\isasep\isanewline%
5.571 +\verb| Proof.context -> Proof.method|. Parsing concrete method syntax
5.572 + from \verb|Args.src| input can be quite tedious in general. The
5.573 + following simple examples are for methods without any explicit
5.574 + arguments, or a list of theorems, respectively.
5.575 +
5.576 +%FIXME proper antiquotations
5.577 +{\footnotesize
5.578 +\begin{verbatim}
5.579 + Method.no_args (Method.METHOD (fn facts => foobar_tac))
5.580 + Method.thms_args (fn thms => Method.METHOD (fn facts => foobar_tac))
5.581 + Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => foobar_tac))
5.582 + Method.thms_ctxt_args (fn thms => fn ctxt =>
5.583 + Method.METHOD (fn facts => foobar_tac))
5.584 +\end{verbatim}
5.585 +}
5.586 +
5.587 + Note that mere tactic emulations may ignore the \isa{facts}
5.588 + parameter above. Proper proof methods would do something
5.589 + appropriate with the list of current facts, though. Single-rule
5.590 + methods usually do strict forward-chaining (e.g.\ by using \verb|Drule.multi_resolves|), while automatic ones just insert the facts
5.591 + using \verb|Method.insert_tac| before applying the main tactic.
5.592 +
5.593 + \end{descr}%
5.594 +\end{isamarkuptext}%
5.595 +\isamarkuptrue%
5.596 +%
5.597 +\isamarkupsubsection{Syntax translation functions%
5.598 +}
5.599 +\isamarkuptrue%
5.600 +%
5.601 +\begin{isamarkuptext}%
5.602 +\begin{matharray}{rcl}
5.603 + \indexdef{}{command}{parse-ast-translation}\isa{\isacommand{parse{\isacharunderscore}ast{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.604 + \indexdef{}{command}{parse-translation}\isa{\isacommand{parse{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.605 + \indexdef{}{command}{print-translation}\isa{\isacommand{print{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.606 + \indexdef{}{command}{typed-print-translation}\isa{\isacommand{typed{\isacharunderscore}print{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.607 + \indexdef{}{command}{print-ast-translation}\isa{\isacommand{print{\isacharunderscore}ast{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.608 + \indexdef{}{command}{token-translation}\isa{\isacommand{token{\isacharunderscore}translation}} & : & \isartrans{theory}{theory} \\
5.609 + \end{matharray}
5.610 +
5.611 + \begin{rail}
5.612 + ( 'parse\_ast\_translation' | 'parse\_translation' | 'print\_translation' |
5.613 + 'typed\_print\_translation' | 'print\_ast\_translation' ) ('(advanced)')? text
5.614 + ;
5.615 +
5.616 + 'token\_translation' text
5.617 + ;
5.618 + \end{rail}
5.619 +
5.620 + Syntax translation functions written in ML admit almost arbitrary
5.621 + manipulations of Isabelle's inner syntax. Any of the above commands
5.622 + have a single \railqtok{text} argument that refers to an ML
5.623 + expression of appropriate type, which are as follows by default:
5.624 +
5.625 +%FIXME proper antiquotations
5.626 +\begin{ttbox}
5.627 +val parse_ast_translation : (string * (ast list -> ast)) list
5.628 +val parse_translation : (string * (term list -> term)) list
5.629 +val print_translation : (string * (term list -> term)) list
5.630 +val typed_print_translation :
5.631 + (string * (bool -> typ -> term list -> term)) list
5.632 +val print_ast_translation : (string * (ast list -> ast)) list
5.633 +val token_translation :
5.634 + (string * string * (string -> string * real)) list
5.635 +\end{ttbox}
5.636 +
5.637 + If the \isa{{\isacharparenleft}advanced{\isacharparenright}} option is given, the corresponding
5.638 + translation functions may depend on the current theory or proof
5.639 + context. This allows to implement advanced syntax mechanisms, as
5.640 + translations functions may refer to specific theory declarations or
5.641 + auxiliary proof data.
5.642 +
5.643 + See also \cite[\S8]{isabelle-ref} for more information on the
5.644 + general concept of syntax transformations in Isabelle.
5.645 +
5.646 +%FIXME proper antiquotations
5.647 +\begin{ttbox}
5.648 +val parse_ast_translation:
5.649 + (string * (Context.generic -> ast list -> ast)) list
5.650 +val parse_translation:
5.651 + (string * (Context.generic -> term list -> term)) list
5.652 +val print_translation:
5.653 + (string * (Context.generic -> term list -> term)) list
5.654 +val typed_print_translation:
5.655 + (string * (Context.generic -> bool -> typ -> term list -> term)) list
5.656 +val print_ast_translation:
5.657 + (string * (Context.generic -> ast list -> ast)) list
5.658 +\end{ttbox}%
5.659 +\end{isamarkuptext}%
5.660 +\isamarkuptrue%
5.661 +%
5.662 +\isamarkupsubsection{Oracles%
5.663 +}
5.664 +\isamarkuptrue%
5.665 +%
5.666 +\begin{isamarkuptext}%
5.667 +\begin{matharray}{rcl}
5.668 + \indexdef{}{command}{oracle}\isa{\isacommand{oracle}} & : & \isartrans{theory}{theory} \\
5.669 + \end{matharray}
5.670 +
5.671 + The oracle interface promotes a given ML function \verb|theory -> T -> term| to \verb|theory -> T -> thm|, for some type
5.672 + \verb|T| given by the user. This acts like an infinitary
5.673 + specification of axioms -- there is no internal check of the
5.674 + correctness of the results! The inference kernel records oracle
5.675 + invocations within the internal derivation object of theorems, and
5.676 + the pretty printer attaches ``\isa{{\isacharbrackleft}{\isacharbang}{\isacharbrackright}}'' to indicate results
5.677 + that are not fully checked by Isabelle inferences.
5.678 +
5.679 + \begin{rail}
5.680 + 'oracle' name '(' type ')' '=' text
5.681 + ;
5.682 + \end{rail}
5.683 +
5.684 + \begin{descr}
5.685 +
5.686 + \item [\isa{\isacommand{oracle}}~\isa{name\ {\isacharparenleft}type{\isacharparenright}\ {\isacharequal}\ text}] turns the
5.687 + given ML expression \isa{text} of type \verb|{theory|\isasep\isanewline%
5.688 +\verb| ->|~\isa{type}~\verb|-> term| into an ML function
5.689 + \verb|name| of type \verb|{theory ->|~\isa{type}~\verb|-> thm|.
5.690 +
5.691 + \end{descr}%
5.692 +\end{isamarkuptext}%
5.693 +\isamarkuptrue%
5.694 +%
5.695 +\isamarkupsection{Proof commands%
5.696 +}
5.697 +\isamarkuptrue%
5.698 +%
5.699 +\begin{isamarkuptext}%
5.700 +Proof commands perform transitions of Isar/VM machine
5.701 + configurations, which are block-structured, consisting of a stack of
5.702 + nodes with three main components: logical proof context, current
5.703 + facts, and open goals. Isar/VM transitions are \emph{typed}
5.704 + according to the following three different modes of operation:
5.705 +
5.706 + \begin{descr}
5.707 +
5.708 + \item [\isa{proof{\isacharparenleft}prove{\isacharparenright}}] means that a new goal has just been
5.709 + stated that is now to be \emph{proven}; the next command may refine
5.710 + it by some proof method, and enter a sub-proof to establish the
5.711 + actual result.
5.712 +
5.713 + \item [\isa{proof{\isacharparenleft}state{\isacharparenright}}] is like a nested theory mode: the
5.714 + context may be augmented by \emph{stating} additional assumptions,
5.715 + intermediate results etc.
5.716 +
5.717 + \item [\isa{proof{\isacharparenleft}chain{\isacharparenright}}] is intermediate between \isa{proof{\isacharparenleft}state{\isacharparenright}} and \isa{proof{\isacharparenleft}prove{\isacharparenright}}: existing facts (i.e.\
5.718 + the contents of the special ``\indexref{}{fact}{this}\isa{this}'' register) have been
5.719 + just picked up in order to be used when refining the goal claimed
5.720 + next.
5.721 +
5.722 + \end{descr}
5.723 +
5.724 + The proof mode indicator may be read as a verb telling the writer
5.725 + what kind of operation may be performed next. The corresponding
5.726 + typings of proof commands restricts the shape of well-formed proof
5.727 + texts to particular command sequences. So dynamic arrangements of
5.728 + commands eventually turn out as static texts of a certain structure.
5.729 + \Appref{ap:refcard} gives a simplified grammar of the overall
5.730 + (extensible) language emerging that way.%
5.731 +\end{isamarkuptext}%
5.732 +\isamarkuptrue%
5.733 +%
5.734 +\isamarkupsubsection{Markup commands \label{sec:markup-prf}%
5.735 +}
5.736 +\isamarkuptrue%
5.737 +%
5.738 +\begin{isamarkuptext}%
5.739 +\begin{matharray}{rcl}
5.740 + \indexdef{}{command}{sect}\isa{\isacommand{sect}} & : & \isartrans{proof}{proof} \\
5.741 + \indexdef{}{command}{subsect}\isa{\isacommand{subsect}} & : & \isartrans{proof}{proof} \\
5.742 + \indexdef{}{command}{subsubsect}\isa{\isacommand{subsubsect}} & : & \isartrans{proof}{proof} \\
5.743 + \indexdef{}{command}{txt}\isa{\isacommand{txt}} & : & \isartrans{proof}{proof} \\
5.744 + \indexdef{}{command}{txt-raw}\isa{\isacommand{txt{\isacharunderscore}raw}} & : & \isartrans{proof}{proof} \\
5.745 + \end{matharray}
5.746 +
5.747 + These markup commands for proof mode closely correspond to the ones
5.748 + of theory mode (see \S\ref{sec:markup-thy}).
5.749 +
5.750 + \begin{rail}
5.751 + ('sect' | 'subsect' | 'subsubsect' | 'txt' | 'txt\_raw') text
5.752 + ;
5.753 + \end{rail}%
5.754 +\end{isamarkuptext}%
5.755 +\isamarkuptrue%
5.756 +%
5.757 +\isamarkupsubsection{Context elements \label{sec:proof-context}%
5.758 +}
5.759 +\isamarkuptrue%
5.760 +%
5.761 +\begin{isamarkuptext}%
5.762 +\begin{matharray}{rcl}
5.763 + \indexdef{}{command}{fix}\isa{\isacommand{fix}} & : & \isartrans{proof(state)}{proof(state)} \\
5.764 + \indexdef{}{command}{assume}\isa{\isacommand{assume}} & : & \isartrans{proof(state)}{proof(state)} \\
5.765 + \indexdef{}{command}{presume}\isa{\isacommand{presume}} & : & \isartrans{proof(state)}{proof(state)} \\
5.766 + \indexdef{}{command}{def}\isa{\isacommand{def}} & : & \isartrans{proof(state)}{proof(state)} \\
5.767 + \end{matharray}
5.768 +
5.769 + The logical proof context consists of fixed variables and
5.770 + assumptions. The former closely correspond to Skolem constants, or
5.771 + meta-level universal quantification as provided by the Isabelle/Pure
5.772 + logical framework. Introducing some \emph{arbitrary, but fixed}
5.773 + variable via ``\isa{\isacommand{fix}}~\isa{x} results in a local value
5.774 + that may be used in the subsequent proof as any other variable or
5.775 + constant. Furthermore, any result \isa{{\isasymturnstile}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} exported from
5.776 + the context will be universally closed wrt.\ \isa{x} at the
5.777 + outermost level: \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} (this is expressed in normal
5.778 + form using Isabelle's meta-variables).
5.779 +
5.780 + Similarly, introducing some assumption \isa{{\isasymchi}} has two effects.
5.781 + On the one hand, a local theorem is created that may be used as a
5.782 + fact in subsequent proof steps. On the other hand, any result
5.783 + \isa{{\isasymchi}\ {\isasymturnstile}\ {\isasymphi}} exported from the context becomes conditional wrt.\
5.784 + the assumption: \isa{{\isasymturnstile}\ {\isasymchi}\ {\isasymLongrightarrow}\ {\isasymphi}}. Thus, solving an enclosing goal
5.785 + using such a result would basically introduce a new subgoal stemming
5.786 + from the assumption. How this situation is handled depends on the
5.787 + version of assumption command used: while \isa{\isacommand{assume}}
5.788 + insists on solving the subgoal by unification with some premise of
5.789 + the goal, \isa{\isacommand{presume}} leaves the subgoal unchanged in order
5.790 + to be proved later by the user.
5.791 +
5.792 + Local definitions, introduced by ``\isa{\isacommand{def}}~\isa{x\ {\isasymequiv}\ t}'', are achieved by combining ``\isa{\isacommand{fix}}~\isa{x}'' with
5.793 + another version of assumption that causes any hypothetical equation
5.794 + \isa{x\ {\isasymequiv}\ t} to be eliminated by the reflexivity rule. Thus,
5.795 + exporting some result \isa{x\ {\isasymequiv}\ t\ {\isasymturnstile}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} yields \isa{{\isasymturnstile}\ {\isasymphi}{\isacharbrackleft}t{\isacharbrackright}}.
5.796 +
5.797 + \railalias{equiv}{\isasymequiv}
5.798 + \railterm{equiv}
5.799 +
5.800 + \begin{rail}
5.801 + 'fix' (vars + 'and')
5.802 + ;
5.803 + ('assume' | 'presume') (props + 'and')
5.804 + ;
5.805 + 'def' (def + 'and')
5.806 + ;
5.807 + def: thmdecl? \\ name ('==' | equiv) term termpat?
5.808 + ;
5.809 + \end{rail}
5.810 +
5.811 + \begin{descr}
5.812 +
5.813 + \item [\isa{\isacommand{fix}}~\isa{x}] introduces a local variable
5.814 + \isa{x} that is \emph{arbitrary, but fixed.}
5.815 +
5.816 + \item [\isa{\isacommand{assume}}~\isa{a{\isacharcolon}\ {\isasymphi}} and \isa{\isacommand{presume}}~\isa{a{\isacharcolon}\ {\isasymphi}}] introduce a local fact \isa{{\isasymphi}\ {\isasymturnstile}\ {\isasymphi}} by
5.817 + assumption. Subsequent results applied to an enclosing goal (e.g.\
5.818 + by \indexref{}{command}{show}\isa{\isacommand{show}}) are handled as follows: \isa{\isacommand{assume}} expects to be able to unify with existing premises in the
5.819 + goal, while \isa{\isacommand{presume}} leaves \isa{{\isasymphi}} as new subgoals.
5.820 +
5.821 + Several lists of assumptions may be given (separated by
5.822 + \indexref{}{keyword}{and}\isa{\isakeyword{and}}; the resulting list of current facts consists
5.823 + of all of these concatenated.
5.824 +
5.825 + \item [\isa{\isacommand{def}}~\isa{x\ {\isasymequiv}\ t}] introduces a local
5.826 + (non-polymorphic) definition. In results exported from the context,
5.827 + \isa{x} is replaced by \isa{t}. Basically, ``\isa{\isacommand{def}}~\isa{x\ {\isasymequiv}\ t}'' abbreviates ``\isa{\isacommand{fix}}~\isa{x}~\isa{\isacommand{assume}}~\isa{x\ {\isasymequiv}\ t}'', with the resulting
5.828 + hypothetical equation solved by reflexivity.
5.829 +
5.830 + The default name for the definitional equation is \isa{x{\isacharunderscore}def}.
5.831 + Several simultaneous definitions may be given at the same time.
5.832 +
5.833 + \end{descr}
5.834 +
5.835 + The special name \indexref{}{fact}{prems}\isa{prems} refers to all assumptions of the
5.836 + current context as a list of theorems. This feature should be used
5.837 + with great care! It is better avoided in final proof texts.%
5.838 +\end{isamarkuptext}%
5.839 +\isamarkuptrue%
5.840 +%
5.841 +\isamarkupsubsection{Facts and forward chaining%
5.842 +}
5.843 +\isamarkuptrue%
5.844 +%
5.845 +\begin{isamarkuptext}%
5.846 +\begin{matharray}{rcl}
5.847 + \indexdef{}{command}{note}\isa{\isacommand{note}} & : & \isartrans{proof(state)}{proof(state)} \\
5.848 + \indexdef{}{command}{then}\isa{\isacommand{then}} & : & \isartrans{proof(state)}{proof(chain)} \\
5.849 + \indexdef{}{command}{from}\isa{\isacommand{from}} & : & \isartrans{proof(state)}{proof(chain)} \\
5.850 + \indexdef{}{command}{with}\isa{\isacommand{with}} & : & \isartrans{proof(state)}{proof(chain)} \\
5.851 + \indexdef{}{command}{using}\isa{\isacommand{using}} & : & \isartrans{proof(prove)}{proof(prove)} \\
5.852 + \indexdef{}{command}{unfolding}\isa{\isacommand{unfolding}} & : & \isartrans{proof(prove)}{proof(prove)} \\
5.853 + \end{matharray}
5.854 +
5.855 + New facts are established either by assumption or proof of local
5.856 + statements. Any fact will usually be involved in further proofs,
5.857 + either as explicit arguments of proof methods, or when forward
5.858 + chaining towards the next goal via \isa{\isacommand{then}} (and variants);
5.859 + \isa{\isacommand{from}} and \isa{\isacommand{with}} are composite forms
5.860 + involving \isa{\isacommand{note}}. The \isa{\isacommand{using}} elements
5.861 + augments the collection of used facts \emph{after} a goal has been
5.862 + stated. Note that the special theorem name \indexref{}{fact}{this}\isa{this} refers
5.863 + to the most recently established facts, but only \emph{before}
5.864 + issuing a follow-up claim.
5.865 +
5.866 + \begin{rail}
5.867 + 'note' (thmdef? thmrefs + 'and')
5.868 + ;
5.869 + ('from' | 'with' | 'using' | 'unfolding') (thmrefs + 'and')
5.870 + ;
5.871 + \end{rail}
5.872 +
5.873 + \begin{descr}
5.874 +
5.875 + \item [\isa{\isacommand{note}}~\isa{a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}]
5.876 + recalls existing facts \isa{b\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ b\isactrlsub n}, binding
5.877 + the result as \isa{a}. Note that attributes may be involved as
5.878 + well, both on the left and right hand sides.
5.879 +
5.880 + \item [\isa{\isacommand{then}}] indicates forward chaining by the current
5.881 + facts in order to establish the goal to be claimed next. The
5.882 + initial proof method invoked to refine that will be offered the
5.883 + facts to do ``anything appropriate'' (see also
5.884 + \secref{sec:proof-steps}). For example, method \indexref{}{method}{rule}\isa{rule}
5.885 + (see \secref{sec:pure-meth-att}) would typically do an elimination
5.886 + rather than an introduction. Automatic methods usually insert the
5.887 + facts into the goal state before operation. This provides a simple
5.888 + scheme to control relevance of facts in automated proof search.
5.889 +
5.890 + \item [\isa{\isacommand{from}}~\isa{b}] abbreviates ``\isa{\isacommand{note}}~\isa{b}~\isa{\isacommand{then}}''; thus \isa{\isacommand{then}} is
5.891 + equivalent to ``\isa{\isacommand{from}}~\isa{this}''.
5.892 +
5.893 + \item [\isa{\isacommand{with}}~\isa{b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}]
5.894 + abbreviates ``\isa{\isacommand{from}}~\isa{b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n\ {\isasymAND}\ this}''; thus the forward chaining is from earlier facts together
5.895 + with the current ones.
5.896 +
5.897 + \item [\isa{\isacommand{using}}~\isa{b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}] augments
5.898 + the facts being currently indicated for use by a subsequent
5.899 + refinement step (such as \indexref{}{command}{apply}\isa{\isacommand{apply}} or \indexref{}{command}{proof}\isa{\isacommand{proof}}).
5.900 +
5.901 + \item [\isa{\isacommand{unfolding}}~\isa{b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n}] is
5.902 + structurally similar to \isa{\isacommand{using}}, but unfolds definitional
5.903 + equations \isa{b\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}\ b\isactrlsub n} throughout the goal state
5.904 + and facts.
5.905 +
5.906 + \end{descr}
5.907 +
5.908 + Forward chaining with an empty list of theorems is the same as not
5.909 + chaining at all. Thus ``\isa{\isacommand{from}}~\isa{nothing}'' has no
5.910 + effect apart from entering \isa{prove{\isacharparenleft}chain{\isacharparenright}} mode, since
5.911 + \indexref{}{fact}{nothing}\isa{nothing} is bound to the empty list of theorems.
5.912 +
5.913 + Basic proof methods (such as \indexref{}{method}{rule}\isa{rule}) expect multiple
5.914 + facts to be given in their proper order, corresponding to a prefix
5.915 + of the premises of the rule involved. Note that positions may be
5.916 + easily skipped using something like \isa{\isacommand{from}}~\isa{{\isacharunderscore}\ {\isasymAND}\ a\ {\isasymAND}\ b}, for example. This involves the trivial rule
5.917 + \isa{PROP\ {\isasympsi}\ {\isasymLongrightarrow}\ PROP\ {\isasympsi}}, which is bound in Isabelle/Pure as
5.918 + ``\indexref{}{fact}{-}\isa{{\isacharunderscore}}'' (underscore).
5.919 +
5.920 + Automated methods (such as \isa{simp} or \isa{auto}) just
5.921 + insert any given facts before their usual operation. Depending on
5.922 + the kind of procedure involved, the order of facts is less
5.923 + significant here.%
5.924 +\end{isamarkuptext}%
5.925 +\isamarkuptrue%
5.926 +%
5.927 +\isamarkupsubsection{Goal statements \label{sec:goals}%
5.928 +}
5.929 +\isamarkuptrue%
5.930 +%
5.931 +\begin{isamarkuptext}%
5.932 +\begin{matharray}{rcl}
5.933 + \isarcmd{lemma} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
5.934 + \isarcmd{theorem} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
5.935 + \isarcmd{corollary} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
5.936 + \isarcmd{have} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
5.937 + \isarcmd{show} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
5.938 + \isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\
5.939 + \isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\
5.940 + \isarcmd{print_statement}^* & : & \isarkeep{theory~|~proof} \\
5.941 + \end{matharray}
5.942 +
5.943 + From a theory context, proof mode is entered by an initial goal
5.944 + command such as \isa{\isacommand{lemma}}, \isa{\isacommand{theorem}}, or
5.945 + \isa{\isacommand{corollary}}. Within a proof, new claims may be
5.946 + introduced locally as well; four variants are available here to
5.947 + indicate whether forward chaining of facts should be performed
5.948 + initially (via \indexref{}{command}{then}\isa{\isacommand{then}}), and whether the final result
5.949 + is meant to solve some pending goal.
5.950 +
5.951 + Goals may consist of multiple statements, resulting in a list of
5.952 + facts eventually. A pending multi-goal is internally represented as
5.953 + a meta-level conjunction (printed as \isa{{\isacharampersand}{\isacharampersand}}), which is usually
5.954 + split into the corresponding number of sub-goals prior to an initial
5.955 + method application, via \indexref{}{command}{proof}\isa{\isacommand{proof}}
5.956 + (\secref{sec:proof-steps}) or \indexref{}{command}{apply}\isa{\isacommand{apply}}
5.957 + (\secref{sec:tactic-commands}). The \indexref{}{method}{induct}\isa{induct} method
5.958 + covered in \secref{sec:cases-induct} acts on multiple claims
5.959 + simultaneously.
5.960 +
5.961 + Claims at the theory level may be either in short or long form. A
5.962 + short goal merely consists of several simultaneous propositions
5.963 + (often just one). A long goal includes an explicit context
5.964 + specification for the subsequent conclusion, involving local
5.965 + parameters and assumptions. Here the role of each part of the
5.966 + statement is explicitly marked by separate keywords (see also
5.967 + \secref{sec:locale}); the local assumptions being introduced here
5.968 + are available as \indexref{}{fact}{assms}\isa{assms} in the proof. Moreover, there
5.969 + are two kinds of conclusions: \indexdef{}{element}{shows}\isa{shows} states several
5.970 + simultaneous propositions (essentially a big conjunction), while
5.971 + \indexdef{}{element}{obtains}\isa{obtains} claims several simultaneous simultaneous
5.972 + contexts of (essentially a big disjunction of eliminated parameters
5.973 + and assumptions, cf.\ \secref{sec:obtain}).
5.974 +
5.975 + \begin{rail}
5.976 + ('lemma' | 'theorem' | 'corollary') target? (goal | longgoal)
5.977 + ;
5.978 + ('have' | 'show' | 'hence' | 'thus') goal
5.979 + ;
5.980 + 'print\_statement' modes? thmrefs
5.981 + ;
5.982 +
5.983 + goal: (props + 'and')
5.984 + ;
5.985 + longgoal: thmdecl? (contextelem *) conclusion
5.986 + ;
5.987 + conclusion: 'shows' goal | 'obtains' (parname? case + '|')
5.988 + ;
5.989 + case: (vars + 'and') 'where' (props + 'and')
5.990 + ;
5.991 + \end{rail}
5.992 +
5.993 + \begin{descr}
5.994 +
5.995 + \item [\isa{\isacommand{lemma}}~\isa{a{\isacharcolon}\ {\isasymphi}}] enters proof mode with
5.996 + \isa{{\isasymphi}} as main goal, eventually resulting in some fact \isa{{\isasymturnstile}\ {\isasymphi}} to be put back into the target context. An additional
5.997 + \railnonterm{context} specification may build up an initial proof
5.998 + context for the subsequent claim; this includes local definitions
5.999 + and syntax as well, see the definition of \isa{contextelem} in
5.1000 + \secref{sec:locale}.
5.1001 +
5.1002 + \item [\isa{\isacommand{theorem}}~\isa{a{\isacharcolon}\ {\isasymphi}} and \isa{\isacommand{corollary}}~\isa{a{\isacharcolon}\ {\isasymphi}}] are essentially the same as \isa{\isacommand{lemma}}~\isa{a{\isacharcolon}\ {\isasymphi}}, but the facts are internally marked as
5.1003 + being of a different kind. This discrimination acts like a formal
5.1004 + comment.
5.1005 +
5.1006 + \item [\isa{\isacommand{have}}~\isa{a{\isacharcolon}\ {\isasymphi}}] claims a local goal,
5.1007 + eventually resulting in a fact within the current logical context.
5.1008 + This operation is completely independent of any pending sub-goals of
5.1009 + an enclosing goal statements, so \isa{\isacommand{have}} may be freely
5.1010 + used for experimental exploration of potential results within a
5.1011 + proof body.
5.1012 +
5.1013 + \item [\isa{\isacommand{show}}~\isa{a{\isacharcolon}\ {\isasymphi}}] is like \isa{\isacommand{have}}~\isa{a{\isacharcolon}\ {\isasymphi}} plus a second stage to refine some pending
5.1014 + sub-goal for each one of the finished result, after having been
5.1015 + exported into the corresponding context (at the head of the
5.1016 + sub-proof of this \isa{\isacommand{show}} command).
5.1017 +
5.1018 + To accommodate interactive debugging, resulting rules are printed
5.1019 + before being applied internally. Even more, interactive execution
5.1020 + of \isa{\isacommand{show}} predicts potential failure and displays the
5.1021 + resulting error as a warning beforehand. Watch out for the
5.1022 + following message:
5.1023 +
5.1024 + %FIXME proper antiquitation
5.1025 + \begin{ttbox}
5.1026 + Problem! Local statement will fail to solve any pending goal
5.1027 + \end{ttbox}
5.1028 +
5.1029 + \item [\isa{\isacommand{hence}}] abbreviates ``\isa{\isacommand{then}}~\isa{\isacommand{have}}'', i.e.\ claims a local goal to be proven by forward
5.1030 + chaining the current facts. Note that \isa{\isacommand{hence}} is also
5.1031 + equivalent to ``\isa{\isacommand{from}}~\isa{this}~\isa{\isacommand{have}}''.
5.1032 +
5.1033 + \item [\isa{\isacommand{thus}}] abbreviates ``\isa{\isacommand{then}}~\isa{\isacommand{show}}''. Note that \isa{\isacommand{thus}} is also equivalent to
5.1034 + ``\isa{\isacommand{from}}~\isa{this}~\isa{\isacommand{show}}''.
5.1035 +
5.1036 + \item [\isa{\isacommand{print{\isacharunderscore}statement}}~\isa{a}] prints facts from the
5.1037 + current theory or proof context in long statement form, according to
5.1038 + the syntax for \isa{\isacommand{lemma}} given above.
5.1039 +
5.1040 + \end{descr}
5.1041 +
5.1042 + Any goal statement causes some term abbreviations (such as
5.1043 + \indexref{}{variable}{?thesis}\isa{{\isacharquery}thesis}) to be bound automatically, see also
5.1044 + \secref{sec:term-abbrev}. Furthermore, the local context of a
5.1045 + (non-atomic) goal is provided via the \indexref{}{case}{rule-context}\isa{rule{\isacharunderscore}context} case.
5.1046 +
5.1047 + The optional case names of \indexref{}{element}{obtains}\isa{obtains} have a twofold
5.1048 + meaning: (1) during the of this claim they refer to the the local
5.1049 + context introductions, (2) the resulting rule is annotated
5.1050 + accordingly to support symbolic case splits when used with the
5.1051 + \indexref{}{method}{cases}\isa{cases} method (cf. \secref{sec:cases-induct}).
5.1052 +
5.1053 + \medskip
5.1054 +
5.1055 + \begin{warn}
5.1056 + Isabelle/Isar suffers theory-level goal statements to contain
5.1057 + \emph{unbound schematic variables}, although this does not conform
5.1058 + to the aim of human-readable proof documents! The main problem
5.1059 + with schematic goals is that the actual outcome is usually hard to
5.1060 + predict, depending on the behavior of the proof methods applied
5.1061 + during the course of reasoning. Note that most semi-automated
5.1062 + methods heavily depend on several kinds of implicit rule
5.1063 + declarations within the current theory context. As this would
5.1064 + also result in non-compositional checking of sub-proofs,
5.1065 + \emph{local goals} are not allowed to be schematic at all.
5.1066 + Nevertheless, schematic goals do have their use in Prolog-style
5.1067 + interactive synthesis of proven results, usually by stepwise
5.1068 + refinement via emulation of traditional Isabelle tactic scripts
5.1069 + (see also \secref{sec:tactic-commands}). In any case, users
5.1070 + should know what they are doing.
5.1071 + \end{warn}%
5.1072 +\end{isamarkuptext}%
5.1073 +\isamarkuptrue%
5.1074 +%
5.1075 +\isamarkupsubsection{Initial and terminal proof steps \label{sec:proof-steps}%
5.1076 +}
5.1077 +\isamarkuptrue%
5.1078 +%
5.1079 +\begin{isamarkuptext}%
5.1080 +\begin{matharray}{rcl}
5.1081 + \indexdef{}{command}{proof}\isa{\isacommand{proof}} & : & \isartrans{proof(prove)}{proof(state)} \\
5.1082 + \indexdef{}{command}{qed}\isa{\isacommand{qed}} & : & \isartrans{proof(state)}{proof(state) ~|~ theory} \\
5.1083 + \indexdef{}{command}{by}\isa{\isacommand{by}} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
5.1084 + \indexdef{}{command}{..}\isa{\isacommand{{\isachardot}{\isachardot}}} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
5.1085 + \indexdef{}{command}{.}\isa{\isacommand{{\isachardot}}} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
5.1086 + \indexdef{}{command}{sorry}\isa{\isacommand{sorry}} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
5.1087 + \end{matharray}
5.1088 +
5.1089 + Arbitrary goal refinement via tactics is considered harmful.
5.1090 + Structured proof composition in Isar admits proof methods to be
5.1091 + invoked in two places only.
5.1092 +
5.1093 + \begin{enumerate}
5.1094 +
5.1095 + \item An \emph{initial} refinement step \indexref{}{command}{proof}\isa{\isacommand{proof}}~\isa{m\isactrlsub {\isadigit{1}}} reduces a newly stated goal to a number
5.1096 + of sub-goals that are to be solved later. Facts are passed to
5.1097 + \isa{m\isactrlsub {\isadigit{1}}} for forward chaining, if so indicated by \isa{proof{\isacharparenleft}chain{\isacharparenright}} mode.
5.1098 +
5.1099 + \item A \emph{terminal} conclusion step \indexref{}{command}{qed}\isa{\isacommand{qed}}~\isa{m\isactrlsub {\isadigit{2}}} is intended to solve remaining goals. No facts are
5.1100 + passed to \isa{m\isactrlsub {\isadigit{2}}}.
5.1101 +
5.1102 + \end{enumerate}
5.1103 +
5.1104 + The only other (proper) way to affect pending goals in a proof body
5.1105 + is by \indexref{}{command}{show}\isa{\isacommand{show}}, which involves an explicit statement of
5.1106 + what is to be solved eventually. Thus we avoid the fundamental
5.1107 + problem of unstructured tactic scripts that consist of numerous
5.1108 + consecutive goal transformations, with invisible effects.
5.1109 +
5.1110 + \medskip As a general rule of thumb for good proof style, initial
5.1111 + proof methods should either solve the goal completely, or constitute
5.1112 + some well-understood reduction to new sub-goals. Arbitrary
5.1113 + automatic proof tools that are prone leave a large number of badly
5.1114 + structured sub-goals are no help in continuing the proof document in
5.1115 + an intelligible manner.
5.1116 +
5.1117 + Unless given explicitly by the user, the default initial method is
5.1118 + ``\indexref{}{method}{rule}\isa{rule}'', which applies a single standard elimination
5.1119 + or introduction rule according to the topmost symbol involved.
5.1120 + There is no separate default terminal method. Any remaining goals
5.1121 + are always solved by assumption in the very last step.
5.1122 +
5.1123 + \begin{rail}
5.1124 + 'proof' method?
5.1125 + ;
5.1126 + 'qed' method?
5.1127 + ;
5.1128 + 'by' method method?
5.1129 + ;
5.1130 + ('.' | '..' | 'sorry')
5.1131 + ;
5.1132 + \end{rail}
5.1133 +
5.1134 + \begin{descr}
5.1135 +
5.1136 + \item [\isa{\isacommand{proof}}~\isa{m\isactrlsub {\isadigit{1}}}] refines the goal by
5.1137 + proof method \isa{m\isactrlsub {\isadigit{1}}}; facts for forward chaining are
5.1138 + passed if so indicated by \isa{proof{\isacharparenleft}chain{\isacharparenright}} mode.
5.1139 +
5.1140 + \item [\isa{\isacommand{qed}}~\isa{m\isactrlsub {\isadigit{2}}}] refines any remaining
5.1141 + goals by proof method \isa{m\isactrlsub {\isadigit{2}}} and concludes the
5.1142 + sub-proof by assumption. If the goal had been \isa{show} (or
5.1143 + \isa{thus}), some pending sub-goal is solved as well by the rule
5.1144 + resulting from the result \emph{exported} into the enclosing goal
5.1145 + context. Thus \isa{qed} may fail for two reasons: either \isa{m\isactrlsub {\isadigit{2}}} fails, or the resulting rule does not fit to any
5.1146 + pending goal\footnote{This includes any additional ``strong''
5.1147 + assumptions as introduced by \isa{assume}.} of the enclosing
5.1148 + context. Debugging such a situation might involve temporarily
5.1149 + changing \isa{\isacommand{show}} into \isa{\isacommand{have}}, or weakening the
5.1150 + local context by replacing occurrences of \isa{\isacommand{assume}} by
5.1151 + \isa{\isacommand{presume}}.
5.1152 +
5.1153 + \item [\isa{\isacommand{by}}~\isa{m\isactrlsub {\isadigit{1}}\ m\isactrlsub {\isadigit{2}}}] is a
5.1154 + \emph{terminal proof}\index{proof!terminal}; it abbreviates
5.1155 + \isa{\isacommand{proof}}~\isa{m\isactrlsub {\isadigit{1}}}~\isa{qed}~\isa{m\isactrlsub {\isadigit{2}}}, but with backtracking across both methods. Debugging
5.1156 + an unsuccessful \isa{\isacommand{by}}~\isa{m\isactrlsub {\isadigit{1}}\ m\isactrlsub {\isadigit{2}}}
5.1157 + command can be done by expanding its definition; in many cases
5.1158 + \isa{\isacommand{proof}}~\isa{m\isactrlsub {\isadigit{1}}} (or even \isa{apply}~\isa{m\isactrlsub {\isadigit{1}}}) is already sufficient to see the
5.1159 + problem.
5.1160 +
5.1161 + \item [``\isa{\isacommand{{\isachardot}{\isachardot}}}''] is a \emph{default
5.1162 + proof}\index{proof!default}; it abbreviates \isa{\isacommand{by}}~\isa{rule}.
5.1163 +
5.1164 + \item [``\isa{\isacommand{{\isachardot}}}''] is a \emph{trivial
5.1165 + proof}\index{proof!trivial}; it abbreviates \isa{\isacommand{by}}~\isa{this}.
5.1166 +
5.1167 + \item [\isa{\isacommand{sorry}}] is a \emph{fake proof}\index{proof!fake}
5.1168 + pretending to solve the pending claim without further ado. This
5.1169 + only works in interactive development, or if the \verb|quick_and_dirty| flag is enabled (in ML). Facts emerging from fake
5.1170 + proofs are not the real thing. Internally, each theorem container
5.1171 + is tainted by an oracle invocation, which is indicated as ``\isa{{\isacharbrackleft}{\isacharbang}{\isacharbrackright}}'' in the printed result.
5.1172 +
5.1173 + The most important application of \isa{\isacommand{sorry}} is to support
5.1174 + experimentation and top-down proof development.
5.1175 +
5.1176 + \end{descr}%
5.1177 +\end{isamarkuptext}%
5.1178 +\isamarkuptrue%
5.1179 +%
5.1180 +\isamarkupsubsection{Fundamental methods and attributes \label{sec:pure-meth-att}%
5.1181 +}
5.1182 +\isamarkuptrue%
5.1183 +%
5.1184 +\begin{isamarkuptext}%
5.1185 +The following proof methods and attributes refer to basic logical
5.1186 + operations of Isar. Further methods and attributes are provided by
5.1187 + several generic and object-logic specific tools and packages (see
5.1188 + \chref{ch:gen-tools} and \chref{ch:logics}).
5.1189 +
5.1190 + \begin{matharray}{rcl}
5.1191 + \indexdef{}{method}{-}\isa{{\isacharminus}} & : & \isarmeth \\
5.1192 + \indexdef{}{method}{fact}\isa{fact} & : & \isarmeth \\
5.1193 + \indexdef{}{method}{assumption}\isa{assumption} & : & \isarmeth \\
5.1194 + \indexdef{}{method}{this}\isa{this} & : & \isarmeth \\
5.1195 + \indexdef{}{method}{rule}\isa{rule} & : & \isarmeth \\
5.1196 + \indexdef{}{method}{iprover}\isa{iprover} & : & \isarmeth \\[0.5ex]
5.1197 + \indexdef{}{attribute}{intro}\isa{intro} & : & \isaratt \\
5.1198 + \indexdef{}{attribute}{elim}\isa{elim} & : & \isaratt \\
5.1199 + \indexdef{}{attribute}{dest}\isa{dest} & : & \isaratt \\
5.1200 + \indexdef{}{attribute}{rule}\isa{rule} & : & \isaratt \\[0.5ex]
5.1201 + \indexdef{}{attribute}{OF}\isa{OF} & : & \isaratt \\
5.1202 + \indexdef{}{attribute}{of}\isa{of} & : & \isaratt \\
5.1203 + \indexdef{}{attribute}{where}\isa{where} & : & \isaratt \\
5.1204 + \end{matharray}
5.1205 +
5.1206 + \begin{rail}
5.1207 + 'fact' thmrefs?
5.1208 + ;
5.1209 + 'rule' thmrefs?
5.1210 + ;
5.1211 + 'iprover' ('!' ?) (rulemod *)
5.1212 + ;
5.1213 + rulemod: ('intro' | 'elim' | 'dest') ((('!' | () | '?') nat?) | 'del') ':' thmrefs
5.1214 + ;
5.1215 + ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
5.1216 + ;
5.1217 + 'rule' 'del'
5.1218 + ;
5.1219 + 'OF' thmrefs
5.1220 + ;
5.1221 + 'of' insts ('concl' ':' insts)?
5.1222 + ;
5.1223 + 'where' ((name | var | typefree | typevar) '=' (type | term) * 'and')
5.1224 + ;
5.1225 + \end{rail}
5.1226 +
5.1227 + \begin{descr}
5.1228 +
5.1229 + \item [``\isa{{\isacharminus}}''] does nothing but insert the forward
5.1230 + chaining facts as premises into the goal. Note that command
5.1231 + \indexref{}{command}{proof}\isa{\isacommand{proof}} without any method actually performs a single
5.1232 + reduction step using the \indexref{}{method}{rule}\isa{rule} method; thus a plain
5.1233 + \emph{do-nothing} proof step would be ``\isa{\isacommand{proof}}~\isa{{\isacharminus}}'' rather than \isa{\isacommand{proof}} alone.
5.1234 +
5.1235 + \item [\isa{fact}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] composes
5.1236 + some fact from \isa{a\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ a\isactrlsub n} (or implicitly from
5.1237 + the current proof context) modulo unification of schematic type and
5.1238 + term variables. The rule structure is not taken into account, i.e.\
5.1239 + meta-level implication is considered atomic. This is the same
5.1240 + principle underlying literal facts (cf.\ \secref{sec:syn-att}):
5.1241 + ``\isa{\isacommand{have}}~\isa{{\isasymphi}}~\isa{\isacommand{by}}~\isa{fact}'' is
5.1242 + equivalent to ``\isa{\isacommand{note}}~\verb|`|\isa{{\isasymphi}}\verb|`|'' provided that \isa{{\isasymturnstile}\ {\isasymphi}} is an instance of some known
5.1243 + \isa{{\isasymturnstile}\ {\isasymphi}} in the proof context.
5.1244 +
5.1245 + \item [\isa{assumption}] solves some goal by a single assumption
5.1246 + step. All given facts are guaranteed to participate in the
5.1247 + refinement; this means there may be only 0 or 1 in the first place.
5.1248 + Recall that \isa{\isacommand{qed}} (\secref{sec:proof-steps}) already
5.1249 + concludes any remaining sub-goals by assumption, so structured
5.1250 + proofs usually need not quote the \isa{assumption} method at
5.1251 + all.
5.1252 +
5.1253 + \item [\isa{this}] applies all of the current facts directly as
5.1254 + rules. Recall that ``\isa{\isacommand{{\isachardot}}}'' (dot) abbreviates ``\isa{\isacommand{by}}~\isa{this}''.
5.1255 +
5.1256 + \item [\isa{rule}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] applies some
5.1257 + rule given as argument in backward manner; facts are used to reduce
5.1258 + the rule before applying it to the goal. Thus \isa{rule}
5.1259 + without facts is plain introduction, while with facts it becomes
5.1260 + elimination.
5.1261 +
5.1262 + When no arguments are given, the \isa{rule} method tries to pick
5.1263 + appropriate rules automatically, as declared in the current context
5.1264 + using the \isa{intro}, \isa{elim}, \isa{dest}
5.1265 + attributes (see below). This is the default behavior of \isa{\isacommand{proof}} and ``\isa{\isacommand{{\isachardot}{\isachardot}}}'' (double-dot) steps (see
5.1266 + \secref{sec:proof-steps}).
5.1267 +
5.1268 + \item [\isa{iprover}] performs intuitionistic proof search,
5.1269 + depending on specifically declared rules from the context, or given
5.1270 + as explicit arguments. Chained facts are inserted into the goal
5.1271 + before commencing proof search; ``\isa{iprover}\isa{{\isacharbang}}''
5.1272 + means to include the current \isa{prems} as well.
5.1273 +
5.1274 + Rules need to be classified as \isa{intro}, \isa{elim}, or \isa{dest}; here the ``\isa{{\isacharbang}} indicator refers
5.1275 + to ``safe'' rules, which may be applied aggressively (without
5.1276 + considering back-tracking later). Rules declared with ``\isa{{\isacharquery}}'' are ignored in proof search (the single-step \isa{rule}
5.1277 + method still observes these). An explicit weight annotation may be
5.1278 + given as well; otherwise the number of rule premises will be taken
5.1279 + into account here.
5.1280 +
5.1281 + \item [\isa{intro}, \isa{elim}, and \isa{dest}]
5.1282 + declare introduction, elimination, and destruct rules, to be used
5.1283 + with the \isa{rule} and \isa{iprover} methods. Note that
5.1284 + the latter will ignore rules declared with ``\isa{{\isacharquery}}'', while
5.1285 + ``\isa{{\isacharbang}}'' are used most aggressively.
5.1286 +
5.1287 + The classical reasoner (see \secref{sec:classical}) introduces its
5.1288 + own variants of these attributes; use qualified names to access the
5.1289 + present versions of Isabelle/Pure, i.e.\ \isa{Pure{\isachardot}intro}.
5.1290 +
5.1291 + \item [\isa{rule}~\isa{del}] undeclares introduction,
5.1292 + elimination, or destruct rules.
5.1293 +
5.1294 + \item [\isa{OF}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] applies some
5.1295 + theorem to all of the given rules \isa{a\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ a\isactrlsub n}
5.1296 + (in parallel). This corresponds to the \verb|op MRS| operation in
5.1297 + ML, but note the reversed order. Positions may be effectively
5.1298 + skipped by including ``\verb|_|'' (underscore) as argument.
5.1299 +
5.1300 + \item [\isa{of}~\isa{t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n}] performs
5.1301 + positional instantiation of term variables. The terms \isa{t\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ t\isactrlsub n} are substituted for any schematic
5.1302 + variables occurring in a theorem from left to right; ``\verb|_|'' (underscore) indicates to skip a position. Arguments following
5.1303 + a ``\isa{\isakeyword{concl}}\isa{{\isacharcolon}}'' specification refer to positions
5.1304 + of the conclusion of a rule.
5.1305 +
5.1306 + \item [\isa{where}~\isa{x\isactrlsub {\isadigit{1}}\ {\isacharequal}\ t\isactrlsub {\isadigit{1}}\ {\isasymAND}\ {\isasymdots}\ {\isasymAND}\ x\isactrlsub n\ {\isacharequal}\ t\isactrlsub n}] performs named instantiation of
5.1307 + schematic type and term variables occurring in a theorem. Schematic
5.1308 + variables have to be specified on the left-hand side (e.g.\ \isa{{\isacharquery}x{\isadigit{1}}{\isachardot}{\isadigit{3}}}). The question mark may be omitted if the variable name is
5.1309 + a plain identifier without index. As type instantiations are
5.1310 + inferred from term instantiations, explicit type instantiations are
5.1311 + seldom necessary.
5.1312 +
5.1313 + \end{descr}%
5.1314 +\end{isamarkuptext}%
5.1315 +\isamarkuptrue%
5.1316 +%
5.1317 +\isamarkupsubsection{Term abbreviations \label{sec:term-abbrev}%
5.1318 +}
5.1319 +\isamarkuptrue%
5.1320 +%
5.1321 +\begin{isamarkuptext}%
5.1322 +\begin{matharray}{rcl}
5.1323 + \indexdef{}{command}{let}\isa{\isacommand{let}} & : & \isartrans{proof(state)}{proof(state)} \\
5.1324 + \indexdef{}{keyword}{is}\isa{\isakeyword{is}} & : & syntax \\
5.1325 + \end{matharray}
5.1326 +
5.1327 + Abbreviations may be either bound by explicit \isa{\isacommand{let}}\isa{p\ {\isasymequiv}\ t} statements, or by annotating assumptions or goal statements
5.1328 + with a list of patterns ``\isa{{\isasymIS}\ p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub n}''.
5.1329 + In both cases, higher-order matching is invoked to bind
5.1330 + extra-logical term variables, which may be either named schematic
5.1331 + variables of the form \isa{{\isacharquery}x}, or nameless dummies ``\isa{{\isacharunderscore}}'' (underscore). Note that in the \isa{\isacommand{let}} form the
5.1332 + patterns occur on the left-hand side, while the \isa{\isakeyword{is}}
5.1333 + patterns are in postfix position.
5.1334 +
5.1335 + Polymorphism of term bindings is handled in Hindley-Milner style,
5.1336 + similar to ML. Type variables referring to local assumptions or
5.1337 + open goal statements are \emph{fixed}, while those of finished
5.1338 + results or bound by \isa{\isacommand{let}} may occur in \emph{arbitrary}
5.1339 + instances later. Even though actual polymorphism should be rarely
5.1340 + used in practice, this mechanism is essential to achieve proper
5.1341 + incremental type-inference, as the user proceeds to build up the
5.1342 + Isar proof text from left to right.
5.1343 +
5.1344 + \medskip Term abbreviations are quite different from local
5.1345 + definitions as introduced via \isa{\isacommand{def}} (see
5.1346 + \secref{sec:proof-context}). The latter are visible within the
5.1347 + logic as actual equations, while abbreviations disappear during the
5.1348 + input process just after type checking. Also note that \isa{\isacommand{def}} does not support polymorphism.
5.1349 +
5.1350 + \begin{rail}
5.1351 + 'let' ((term + 'and') '=' term + 'and')
5.1352 + ;
5.1353 + \end{rail}
5.1354 +
5.1355 + The syntax of \isa{\isakeyword{is}} patterns follows \railnonterm{termpat}
5.1356 + or \railnonterm{proppat} (see \secref{sec:term-decls}).
5.1357 +
5.1358 + \begin{descr}
5.1359 +
5.1360 + \item [\isa{\isacommand{let}}~\isa{p\isactrlsub {\isadigit{1}}\ {\isacharequal}\ t\isactrlsub {\isadigit{1}}\ {\isasymAND}\ {\isasymdots}p\isactrlsub n\ {\isacharequal}\ t\isactrlsub n}] binds any text variables in patterns
5.1361 + \isa{p\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ p\isactrlsub n} by simultaneous higher-order
5.1362 + matching against terms \isa{t\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ t\isactrlsub n}.
5.1363 +
5.1364 + \item [\isa{{\isacharparenleft}{\isasymIS}\ p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub n{\isacharparenright}}] resembles \isa{\isacommand{let}}, but matches \isa{p\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ p\isactrlsub n} against the
5.1365 + preceding statement. Also note that \isa{\isakeyword{is}} is not a
5.1366 + separate command, but part of others (such as \isa{\isacommand{assume}},
5.1367 + \isa{\isacommand{have}} etc.).
5.1368 +
5.1369 + \end{descr}
5.1370 +
5.1371 + Some \emph{implicit} term abbreviations\index{term abbreviations}
5.1372 + for goals and facts are available as well. For any open goal,
5.1373 + \indexref{}{variable}{thesis}\isa{thesis} refers to its object-level statement,
5.1374 + abstracted over any meta-level parameters (if present). Likewise,
5.1375 + \indexref{}{variable}{this}\isa{this} is bound for fact statements resulting from
5.1376 + assumptions or finished goals. In case \isa{this} refers to
5.1377 + an object-logic statement that is an application \isa{f\ t}, then
5.1378 + \isa{t} is bound to the special text variable ``\isa{{\isasymdots}}''
5.1379 + (three dots). The canonical application of this convenience are
5.1380 + calculational proofs (see \secref{sec:calculation}).%
5.1381 +\end{isamarkuptext}%
5.1382 +\isamarkuptrue%
5.1383 +%
5.1384 +\isamarkupsubsection{Block structure%
5.1385 +}
5.1386 +\isamarkuptrue%
5.1387 +%
5.1388 +\begin{isamarkuptext}%
5.1389 +\begin{matharray}{rcl}
5.1390 + \indexdef{}{command}{next}\isa{\isacommand{next}} & : & \isartrans{proof(state)}{proof(state)} \\
5.1391 + \indexdef{}{command}{\{}\isa{\isacommand{{\isacharbraceleft}}} & : & \isartrans{proof(state)}{proof(state)} \\
5.1392 + \indexdef{}{command}{\}}\isa{\isacommand{{\isacharbraceright}}} & : & \isartrans{proof(state)}{proof(state)} \\
5.1393 + \end{matharray}
5.1394 +
5.1395 + While Isar is inherently block-structured, opening and closing
5.1396 + blocks is mostly handled rather casually, with little explicit
5.1397 + user-intervention. Any local goal statement automatically opens
5.1398 + \emph{two} internal blocks, which are closed again when concluding
5.1399 + the sub-proof (by \isa{\isacommand{qed}} etc.). Sections of different
5.1400 + context within a sub-proof may be switched via \isa{\isacommand{next}},
5.1401 + which is just a single block-close followed by block-open again.
5.1402 + The effect of \isa{\isacommand{next}} is to reset the local proof context;
5.1403 + there is no goal focus involved here!
5.1404 +
5.1405 + For slightly more advanced applications, there are explicit block
5.1406 + parentheses as well. These typically achieve a stronger forward
5.1407 + style of reasoning.
5.1408 +
5.1409 + \begin{descr}
5.1410 +
5.1411 + \item [\isa{\isacommand{next}}] switches to a fresh block within a
5.1412 + sub-proof, resetting the local context to the initial one.
5.1413 +
5.1414 + \item [\isa{\isacommand{{\isacharbraceleft}}} and \isa{\isacommand{{\isacharbraceright}}}] explicitly open and close
5.1415 + blocks. Any current facts pass through ``\isa{\isacommand{{\isacharbraceleft}}}''
5.1416 + unchanged, while ``\isa{\isacommand{{\isacharbraceright}}}'' causes any result to be
5.1417 + \emph{exported} into the enclosing context. Thus fixed variables
5.1418 + are generalized, assumptions discharged, and local definitions
5.1419 + unfolded (cf.\ \secref{sec:proof-context}). There is no difference
5.1420 + of \isa{\isacommand{assume}} and \isa{\isacommand{presume}} in this mode of
5.1421 + forward reasoning --- in contrast to plain backward reasoning with
5.1422 + the result exported at \isa{\isacommand{show}} time.
5.1423 +
5.1424 + \end{descr}%
5.1425 +\end{isamarkuptext}%
5.1426 +\isamarkuptrue%
5.1427 +%
5.1428 +\isamarkupsubsection{Emulating tactic scripts \label{sec:tactic-commands}%
5.1429 +}
5.1430 +\isamarkuptrue%
5.1431 +%
5.1432 +\begin{isamarkuptext}%
5.1433 +The Isar provides separate commands to accommodate tactic-style
5.1434 + proof scripts within the same system. While being outside the
5.1435 + orthodox Isar proof language, these might come in handy for
5.1436 + interactive exploration and debugging, or even actual tactical proof
5.1437 + within new-style theories (to benefit from document preparation, for
5.1438 + example). See also \secref{sec:tactics} for actual tactics, that
5.1439 + have been encapsulated as proof methods. Proper proof methods may
5.1440 + be used in scripts, too.
5.1441 +
5.1442 + \begin{matharray}{rcl}
5.1443 + \indexdef{}{command}{apply}\isa{\isacommand{apply}}^* & : & \isartrans{proof(prove)}{proof(prove)} \\
5.1444 + \indexdef{}{command}{apply-end}\isa{\isacommand{apply{\isacharunderscore}end}}^* & : & \isartrans{proof(state)}{proof(state)} \\
5.1445 + \indexdef{}{command}{done}\isa{\isacommand{done}}^* & : & \isartrans{proof(prove)}{proof(state)} \\
5.1446 + \indexdef{}{command}{defer}\isa{\isacommand{defer}}^* & : & \isartrans{proof}{proof} \\
5.1447 + \indexdef{}{command}{prefer}\isa{\isacommand{prefer}}^* & : & \isartrans{proof}{proof} \\
5.1448 + \indexdef{}{command}{back}\isa{\isacommand{back}}^* & : & \isartrans{proof}{proof} \\
5.1449 + \end{matharray}
5.1450 +
5.1451 + \begin{rail}
5.1452 + ( 'apply' | 'apply\_end' ) method
5.1453 + ;
5.1454 + 'defer' nat?
5.1455 + ;
5.1456 + 'prefer' nat
5.1457 + ;
5.1458 + \end{rail}
5.1459 +
5.1460 + \begin{descr}
5.1461 +
5.1462 + \item [\isa{\isacommand{apply}}~\isa{m}] applies proof method \isa{m}
5.1463 + in initial position, but unlike \isa{\isacommand{proof}} it retains
5.1464 + ``\isa{proof{\isacharparenleft}prove{\isacharparenright}}'' mode. Thus consecutive method
5.1465 + applications may be given just as in tactic scripts.
5.1466 +
5.1467 + Facts are passed to \isa{m} as indicated by the goal's
5.1468 + forward-chain mode, and are \emph{consumed} afterwards. Thus any
5.1469 + further \isa{\isacommand{apply}} command would always work in a purely
5.1470 + backward manner.
5.1471 +
5.1472 + \item [\isa{\isacommand{apply{\isacharunderscore}end}}~\isa{m}] applies proof method
5.1473 + \isa{m} as if in terminal position. Basically, this simulates a
5.1474 + multi-step tactic script for \isa{\isacommand{qed}}, but may be given
5.1475 + anywhere within the proof body.
5.1476 +
5.1477 + No facts are passed to \isa{m} here. Furthermore, the static
5.1478 + context is that of the enclosing goal (as for actual \isa{\isacommand{qed}}). Thus the proof method may not refer to any assumptions
5.1479 + introduced in the current body, for example.
5.1480 +
5.1481 + \item [\isa{\isacommand{done}}] completes a proof script, provided that
5.1482 + the current goal state is solved completely. Note that actual
5.1483 + structured proof commands (e.g.\ ``\isa{\isacommand{{\isachardot}}}'' or \isa{\isacommand{sorry}}) may be used to conclude proof scripts as well.
5.1484 +
5.1485 + \item [\isa{\isacommand{defer}}~\isa{n} and \isa{\isacommand{prefer}}~\isa{n}] shuffle the list of pending goals: \isa{\isacommand{defer}} puts off
5.1486 + sub-goal \isa{n} to the end of the list (\isa{n\ {\isacharequal}\ {\isadigit{1}}} by
5.1487 + default), while \isa{\isacommand{prefer}} brings sub-goal \isa{n} to the
5.1488 + front.
5.1489 +
5.1490 + \item [\isa{\isacommand{back}}] does back-tracking over the result
5.1491 + sequence of the latest proof command. Basically, any proof command
5.1492 + may return multiple results.
5.1493 +
5.1494 + \end{descr}
5.1495 +
5.1496 + Any proper Isar proof method may be used with tactic script commands
5.1497 + such as \isa{\isacommand{apply}}. A few additional emulations of actual
5.1498 + tactics are provided as well; these would be never used in actual
5.1499 + structured proofs, of course.%
5.1500 +\end{isamarkuptext}%
5.1501 +\isamarkuptrue%
5.1502 +%
5.1503 +\isamarkupsubsection{Meta-linguistic features%
5.1504 +}
5.1505 +\isamarkuptrue%
5.1506 +%
5.1507 +\begin{isamarkuptext}%
5.1508 +\begin{matharray}{rcl}
5.1509 + \indexdef{}{command}{oops}\isa{\isacommand{oops}} & : & \isartrans{proof}{theory} \\
5.1510 + \end{matharray}
5.1511 +
5.1512 + The \isa{\isacommand{oops}} command discontinues the current proof
5.1513 + attempt, while considering the partial proof text as properly
5.1514 + processed. This is conceptually quite different from ``faking''
5.1515 + actual proofs via \indexref{}{command}{sorry}\isa{\isacommand{sorry}} (see
5.1516 + \secref{sec:proof-steps}): \isa{\isacommand{oops}} does not observe the
5.1517 + proof structure at all, but goes back right to the theory level.
5.1518 + Furthermore, \isa{\isacommand{oops}} does not produce any result theorem
5.1519 + --- there is no intended claim to be able to complete the proof
5.1520 + anyhow.
5.1521 +
5.1522 + A typical application of \isa{\isacommand{oops}} is to explain Isar proofs
5.1523 + \emph{within} the system itself, in conjunction with the document
5.1524 + preparation tools of Isabelle described in \cite{isabelle-sys}.
5.1525 + Thus partial or even wrong proof attempts can be discussed in a
5.1526 + logically sound manner. Note that the Isabelle {\LaTeX} macros can
5.1527 + be easily adapted to print something like ``\isa{{\isasymdots}}'' instead of
5.1528 + the keyword ``\isa{\isacommand{oops}}''.
5.1529 +
5.1530 + \medskip The \isa{\isacommand{oops}} command is undo-able, unlike
5.1531 + \indexref{}{command}{kill}\isa{\isacommand{kill}} (see \secref{sec:history}). The effect is to
5.1532 + get back to the theory just before the opening of the proof.%
5.1533 +\end{isamarkuptext}%
5.1534 +\isamarkuptrue%
5.1535 +%
5.1536 +\isamarkupsection{Other commands%
5.1537 +}
5.1538 +\isamarkuptrue%
5.1539 +%
5.1540 +\isamarkupsubsection{Diagnostics%
5.1541 +}
5.1542 +\isamarkuptrue%
5.1543 +%
5.1544 +\begin{isamarkuptext}%
5.1545 +\begin{matharray}{rcl}
5.1546 + \isarcmd{pr}^* & : & \isarkeep{\cdot} \\
5.1547 + \isarcmd{thm}^* & : & \isarkeep{theory~|~proof} \\
5.1548 + \isarcmd{term}^* & : & \isarkeep{theory~|~proof} \\
5.1549 + \isarcmd{prop}^* & : & \isarkeep{theory~|~proof} \\
5.1550 + \isarcmd{typ}^* & : & \isarkeep{theory~|~proof} \\
5.1551 + \isarcmd{prf}^* & : & \isarkeep{theory~|~proof} \\
5.1552 + \isarcmd{full_prf}^* & : & \isarkeep{theory~|~proof} \\
5.1553 + \end{matharray}
5.1554 +
5.1555 + These diagnostic commands assist interactive development. Note that
5.1556 + \isa{\isacommand{undo}} does not apply here, the theory or proof
5.1557 + configuration is not changed.
5.1558 +
5.1559 + \begin{rail}
5.1560 + 'pr' modes? nat? (',' nat)?
5.1561 + ;
5.1562 + 'thm' modes? thmrefs
5.1563 + ;
5.1564 + 'term' modes? term
5.1565 + ;
5.1566 + 'prop' modes? prop
5.1567 + ;
5.1568 + 'typ' modes? type
5.1569 + ;
5.1570 + 'prf' modes? thmrefs?
5.1571 + ;
5.1572 + 'full\_prf' modes? thmrefs?
5.1573 + ;
5.1574 +
5.1575 + modes: '(' (name + ) ')'
5.1576 + ;
5.1577 + \end{rail}
5.1578 +
5.1579 + \begin{descr}
5.1580 +
5.1581 + \item [\isa{\isacommand{pr}}~\isa{goals{\isacharcomma}\ prems}] prints the current
5.1582 + proof state (if present), including the proof context, current facts
5.1583 + and goals. The optional limit arguments affect the number of goals
5.1584 + and premises to be displayed, which is initially 10 for both.
5.1585 + Omitting limit values leaves the current setting unchanged.
5.1586 +
5.1587 + \item [\isa{\isacommand{thm}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}] retrieves
5.1588 + theorems from the current theory or proof context. Note that any
5.1589 + attributes included in the theorem specifications are applied to a
5.1590 + temporary context derived from the current theory or proof; the
5.1591 + result is discarded, i.e.\ attributes involved in \isa{a\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ a\isactrlsub n} do not have any permanent effect.
5.1592 +
5.1593 + \item [\isa{\isacommand{term}}~\isa{t} and \isa{\isacommand{prop}}~\isa{{\isasymphi}}]
5.1594 + read, type-check and print terms or propositions according to the
5.1595 + current theory or proof context; the inferred type of \isa{t} is
5.1596 + output as well. Note that these commands are also useful in
5.1597 + inspecting the current environment of term abbreviations.
5.1598 +
5.1599 + \item [\isa{\isacommand{typ}}~\isa{{\isasymtau}}] reads and prints types of the
5.1600 + meta-logic according to the current theory or proof context.
5.1601 +
5.1602 + \item [\isa{\isacommand{prf}}] displays the (compact) proof term of the
5.1603 + current proof state (if present), or of the given theorems. Note
5.1604 + that this requires proof terms to be switched on for the current
5.1605 + object logic (see the ``Proof terms'' section of the Isabelle
5.1606 + reference manual for information on how to do this).
5.1607 +
5.1608 + \item [\isa{\isacommand{full{\isacharunderscore}prf}}] is like \isa{\isacommand{prf}}, but displays
5.1609 + the full proof term, i.e.\ also displays information omitted in the
5.1610 + compact proof term, which is denoted by ``\verb|_|''
5.1611 + placeholders there.
5.1612 +
5.1613 + \end{descr}
5.1614 +
5.1615 + All of the diagnostic commands above admit a list of \isa{modes}
5.1616 + to be specified, which is appended to the current print mode (see
5.1617 + also \cite{isabelle-ref}). Thus the output behavior may be modified
5.1618 + according particular print mode features. For example, \isa{\isacommand{pr}}~\isa{{\isacharparenleft}latex\ xsymbols\ symbols{\isacharparenright}} would print the current
5.1619 + proof state with mathematical symbols and special characters
5.1620 + represented in {\LaTeX} source, according to the Isabelle style
5.1621 + \cite{isabelle-sys}.
5.1622 +
5.1623 + Note that antiquotations (cf.\ \secref{sec:antiq}) provide a more
5.1624 + systematic way to include formal items into the printed text
5.1625 + document.%
5.1626 +\end{isamarkuptext}%
5.1627 +\isamarkuptrue%
5.1628 +%
5.1629 +\isamarkupsubsection{Inspecting the context%
5.1630 +}
5.1631 +\isamarkuptrue%
5.1632 +%
5.1633 +\begin{isamarkuptext}%
5.1634 +\begin{matharray}{rcl}
5.1635 + \indexdef{}{command}{print-commands}\isa{\isacommand{print{\isacharunderscore}commands}}^* & : & \isarkeep{\cdot} \\
5.1636 + \indexdef{}{command}{print-theory}\isa{\isacommand{print{\isacharunderscore}theory}}^* & : & \isarkeep{theory~|~proof} \\
5.1637 + \indexdef{}{command}{print-syntax}\isa{\isacommand{print{\isacharunderscore}syntax}}^* & : & \isarkeep{theory~|~proof} \\
5.1638 + \indexdef{}{command}{print-methods}\isa{\isacommand{print{\isacharunderscore}methods}}^* & : & \isarkeep{theory~|~proof} \\
5.1639 + \indexdef{}{command}{print-attributes}\isa{\isacommand{print{\isacharunderscore}attributes}}^* & : & \isarkeep{theory~|~proof} \\
5.1640 + \indexdef{}{command}{print-theorems}\isa{\isacommand{print{\isacharunderscore}theorems}}^* & : & \isarkeep{theory~|~proof} \\
5.1641 + \indexdef{}{command}{find-theorems}\isa{\isacommand{find{\isacharunderscore}theorems}}^* & : & \isarkeep{theory~|~proof} \\
5.1642 + \indexdef{}{command}{thms-deps}\isa{\isacommand{thms{\isacharunderscore}deps}}^* & : & \isarkeep{theory~|~proof} \\
5.1643 + \indexdef{}{command}{print-facts}\isa{\isacommand{print{\isacharunderscore}facts}}^* & : & \isarkeep{proof} \\
5.1644 + \indexdef{}{command}{print-binds}\isa{\isacommand{print{\isacharunderscore}binds}}^* & : & \isarkeep{proof} \\
5.1645 + \end{matharray}
5.1646 +
5.1647 + \begin{rail}
5.1648 + 'print\_theory' ( '!'?)
5.1649 + ;
5.1650 +
5.1651 + 'find\_theorems' (('(' (nat)? ('with\_dups')? ')')?) (criterion *)
5.1652 + ;
5.1653 + criterion: ('-'?) ('name' ':' nameref | 'intro' | 'elim' | 'dest' |
5.1654 + 'simp' ':' term | term)
5.1655 + ;
5.1656 + 'thm\_deps' thmrefs
5.1657 + ;
5.1658 + \end{rail}
5.1659 +
5.1660 + These commands print certain parts of the theory and proof context.
5.1661 + Note that there are some further ones available, such as for the set
5.1662 + of rules declared for simplifications.
5.1663 +
5.1664 + \begin{descr}
5.1665 +
5.1666 + \item [\isa{\isacommand{print{\isacharunderscore}commands}}] prints Isabelle's outer theory
5.1667 + syntax, including keywords and command.
5.1668 +
5.1669 + \item [\isa{\isacommand{print{\isacharunderscore}theory}}] prints the main logical content of
5.1670 + the theory context; the ``\isa{{\isacharbang}}'' option indicates extra
5.1671 + verbosity.
5.1672 +
5.1673 + \item [\isa{\isacommand{print{\isacharunderscore}syntax}}] prints the inner syntax of types
5.1674 + and terms, depending on the current context. The output can be very
5.1675 + verbose, including grammar tables and syntax translation rules. See
5.1676 + \cite[\S7, \S8]{isabelle-ref} for further information on Isabelle's
5.1677 + inner syntax.
5.1678 +
5.1679 + \item [\isa{\isacommand{print{\isacharunderscore}methods}}] prints all proof methods
5.1680 + available in the current theory context.
5.1681 +
5.1682 + \item [\isa{\isacommand{print{\isacharunderscore}attributes}}] prints all attributes
5.1683 + available in the current theory context.
5.1684 +
5.1685 + \item [\isa{\isacommand{print{\isacharunderscore}theorems}}] prints theorems resulting from
5.1686 + the last command.
5.1687 +
5.1688 + \item [\isa{\isacommand{find{\isacharunderscore}theorems}}~\isa{criteria}] retrieves facts
5.1689 + from the theory or proof context matching all of given search
5.1690 + criteria. The criterion \isa{name{\isacharcolon}\ p} selects all theorems
5.1691 + whose fully qualified name matches pattern \isa{p}, which may
5.1692 + contain ``\isa{{\isacharasterisk}}'' wildcards. The criteria \isa{intro},
5.1693 + \isa{elim}, and \isa{dest} select theorems that match the
5.1694 + current goal as introduction, elimination or destruction rules,
5.1695 + respectively. The criterion \isa{simp{\isacharcolon}\ t} selects all rewrite
5.1696 + rules whose left-hand side matches the given term. The criterion
5.1697 + term \isa{t} selects all theorems that contain the pattern \isa{t} -- as usual, patterns may contain occurrences of the dummy
5.1698 + ``\verb|_|'', schematic variables, and type constraints.
5.1699 +
5.1700 + Criteria can be preceded by ``\isa{{\isacharminus}}'' to select theorems that
5.1701 + do \emph{not} match. Note that giving the empty list of criteria
5.1702 + yields \emph{all} currently known facts. An optional limit for the
5.1703 + number of printed facts may be given; the default is 40. By
5.1704 + default, duplicates are removed from the search result. Use
5.1705 + \isa{\isakeyword{with{\isacharunderscore}dups}} to display duplicates.
5.1706 +
5.1707 + \item [\isa{\isacommand{thm{\isacharunderscore}deps}}~\isa{a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n}]
5.1708 + visualizes dependencies of facts, using Isabelle's graph browser
5.1709 + tool (see also \cite{isabelle-sys}).
5.1710 +
5.1711 + \item [\isa{\isacommand{print{\isacharunderscore}facts}}] prints all local facts of the
5.1712 + current context, both named and unnamed ones.
5.1713 +
5.1714 + \item [\isa{\isacommand{print{\isacharunderscore}binds}}] prints all term abbreviations
5.1715 + present in the context.
5.1716 +
5.1717 + \end{descr}%
5.1718 +\end{isamarkuptext}%
5.1719 +\isamarkuptrue%
5.1720 +%
5.1721 +\isamarkupsubsection{History commands \label{sec:history}%
5.1722 +}
5.1723 +\isamarkuptrue%
5.1724 +%
5.1725 +\begin{isamarkuptext}%
5.1726 +\begin{matharray}{rcl}
5.1727 + \indexdef{}{command}{undo}\isa{\isacommand{undo}}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
5.1728 + \indexdef{}{command}{redo}\isa{\isacommand{redo}}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
5.1729 + \indexdef{}{command}{kill}\isa{\isacommand{kill}}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
5.1730 + \end{matharray}
5.1731 +
5.1732 + The Isabelle/Isar top-level maintains a two-stage history, for
5.1733 + theory and proof state transformation. Basically, any command can
5.1734 + be undone using \isa{\isacommand{undo}}, excluding mere diagnostic
5.1735 + elements. Its effect may be revoked via \isa{\isacommand{redo}}, unless
5.1736 + the corresponding \isa{\isacommand{undo}} step has crossed the beginning
5.1737 + of a proof or theory. The \isa{\isacommand{kill}} command aborts the
5.1738 + current history node altogether, discontinuing a proof or even the
5.1739 + whole theory. This operation is \emph{not} undo-able.
5.1740 +
5.1741 + \begin{warn}
5.1742 + History commands should never be used with user interfaces such as
5.1743 + Proof~General \cite{proofgeneral,Aspinall:TACAS:2000}, which takes
5.1744 + care of stepping forth and back itself. Interfering by manual
5.1745 + \isa{\isacommand{undo}}, \isa{\isacommand{redo}}, or even \isa{\isacommand{kill}}
5.1746 + commands would quickly result in utter confusion.
5.1747 + \end{warn}%
5.1748 +\end{isamarkuptext}%
5.1749 +\isamarkuptrue%
5.1750 +%
5.1751 +\isamarkupsubsection{System operations%
5.1752 +}
5.1753 +\isamarkuptrue%
5.1754 +%
5.1755 +\begin{isamarkuptext}%
5.1756 +\begin{matharray}{rcl}
5.1757 + \indexdef{}{command}{cd}\isa{\isacommand{cd}}^* & : & \isarkeep{\cdot} \\
5.1758 + \indexdef{}{command}{pwd}\isa{\isacommand{pwd}}^* & : & \isarkeep{\cdot} \\
5.1759 + \indexdef{}{command}{use-thy}\isa{\isacommand{use{\isacharunderscore}thy}}^* & : & \isarkeep{\cdot} \\
5.1760 + \indexdef{}{command}{display-drafts}\isa{\isacommand{display{\isacharunderscore}drafts}}^* & : & \isarkeep{\cdot} \\
5.1761 + \indexdef{}{command}{print-drafts}\isa{\isacommand{print{\isacharunderscore}drafts}}^* & : & \isarkeep{\cdot} \\
5.1762 + \end{matharray}
5.1763 +
5.1764 + \begin{rail}
5.1765 + ('cd' | 'use\_thy' | 'update\_thy') name
5.1766 + ;
5.1767 + ('display\_drafts' | 'print\_drafts') (name +)
5.1768 + ;
5.1769 + \end{rail}
5.1770 +
5.1771 + \begin{descr}
5.1772 +
5.1773 + \item [\isa{\isacommand{cd}}~\isa{path}] changes the current directory
5.1774 + of the Isabelle process.
5.1775 +
5.1776 + \item [\isa{\isacommand{pwd}}] prints the current working directory.
5.1777 +
5.1778 + \item [\isa{\isacommand{use{\isacharunderscore}thy}}~\isa{A}] preload theory \isa{A}.
5.1779 + These system commands are scarcely used when working interactively,
5.1780 + since loading of theories is done automatically as required.
5.1781 +
5.1782 + \item [\isa{\isacommand{display{\isacharunderscore}drafts}}~\isa{paths} and \isa{\isacommand{print{\isacharunderscore}drafts}}~\isa{paths}] perform simple output of a given list
5.1783 + of raw source files. Only those symbols that do not require
5.1784 + additional {\LaTeX} packages are displayed properly, everything else
5.1785 + is left verbatim.
5.1786 +
5.1787 + \end{descr}%
5.1788 +\end{isamarkuptext}%
5.1789 +\isamarkuptrue%
5.1790 +%
5.1791 +\isadelimtheory
5.1792 +%
5.1793 +\endisadelimtheory
5.1794 +%
5.1795 +\isatagtheory
5.1796 +\isacommand{end}\isamarkupfalse%
5.1797 +%
5.1798 +\endisatagtheory
5.1799 +{\isafoldtheory}%
5.1800 +%
5.1801 +\isadelimtheory
5.1802 +%
5.1803 +\endisadelimtheory
5.1804 +\isanewline
5.1805 +\end{isabellebody}%
5.1806 +%%% Local Variables:
5.1807 +%%% mode: latex
5.1808 +%%% TeX-master: "root"
5.1809 +%%% End:
6.1 --- a/doc-src/IsarRef/Thy/document/session.tex Fri May 02 16:32:51 2008 +0200
6.2 +++ b/doc-src/IsarRef/Thy/document/session.tex Fri May 02 16:36:05 2008 +0200
6.3 @@ -2,6 +2,8 @@
6.4
6.5 \input{syntax.tex}
6.6
6.7 +\input{pure.tex}
6.8 +
6.9 %%% Local Variables:
6.10 %%% mode: latex
6.11 %%% TeX-master: "root"
7.1 --- a/doc-src/IsarRef/Thy/document/syntax.tex Fri May 02 16:32:51 2008 +0200
7.2 +++ b/doc-src/IsarRef/Thy/document/syntax.tex Fri May 02 16:36:05 2008 +0200
7.3 @@ -4,6 +4,7 @@
7.4 %
7.5 \isadelimtheory
7.6 \isanewline
7.7 +\isanewline
7.8 %
7.9 \endisadelimtheory
7.10 %
8.1 --- a/doc-src/IsarRef/Thy/intro.thy Fri May 02 16:32:51 2008 +0200
8.2 +++ b/doc-src/IsarRef/Thy/intro.thy Fri May 02 16:36:05 2008 +0200
8.3 @@ -1,3 +1,4 @@
8.4 +(* $Id$ *)
8.5
8.6 theory intro
8.7 imports CPure
9.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
9.2 +++ b/doc-src/IsarRef/Thy/pure.thy Fri May 02 16:36:05 2008 +0200
9.3 @@ -0,0 +1,1792 @@
9.4 +(* $Id$ *)
9.5 +
9.6 +theory pure
9.7 +imports CPure
9.8 +begin
9.9 +
9.10 +chapter {* Basic language elements \label{ch:pure-syntax} *}
9.11 +
9.12 +text {*
9.13 + Subsequently, we introduce the main part of Pure theory and proof
9.14 + commands, together with fundamental proof methods and attributes.
9.15 + \Chref{ch:gen-tools} describes further Isar elements provided by
9.16 + generic tools and packages (such as the Simplifier) that are either
9.17 + part of Pure Isabelle or pre-installed in most object logics.
9.18 + \Chref{ch:logics} refers to object-logic specific elements (mainly
9.19 + for HOL and ZF).
9.20 +
9.21 + \medskip Isar commands may be either \emph{proper} document
9.22 + constructors, or \emph{improper commands}. Some proof methods and
9.23 + attributes introduced later are classified as improper as well.
9.24 + Improper Isar language elements, which are subsequently marked by
9.25 + ``@{text "\<^sup>*"}'', are often helpful when developing proof
9.26 + documents, while their use is discouraged for the final
9.27 + human-readable outcome. Typical examples are diagnostic commands
9.28 + that print terms or theorems according to the current context; other
9.29 + commands emulate old-style tactical theorem proving.
9.30 +*}
9.31 +
9.32 +
9.33 +section {* Theory commands *}
9.34 +
9.35 +subsection {* Defining theories \label{sec:begin-thy} *}
9.36 +
9.37 +text {*
9.38 + \begin{matharray}{rcl}
9.39 + @{command_def "header"} & : & \isarkeep{toplevel} \\
9.40 + @{command_def "theory"} & : & \isartrans{toplevel}{theory} \\
9.41 + @{command_def "end"} & : & \isartrans{theory}{toplevel} \\
9.42 + \end{matharray}
9.43 +
9.44 + Isabelle/Isar theories are defined via theory, which contain both
9.45 + specifications and proofs; occasionally definitional mechanisms also
9.46 + require some explicit proof.
9.47 +
9.48 + The first ``real'' command of any theory has to be @{command
9.49 + "theory"}, which starts a new theory based on the merge of existing
9.50 + ones. Just preceding the @{command "theory"} keyword, there may be
9.51 + an optional @{command "header"} declaration, which is relevant to
9.52 + document preparation only; it acts very much like a special
9.53 + pre-theory markup command (cf.\ \secref{sec:markup-thy} and
9.54 + \secref{sec:markup-thy}). The @{command "end"} command concludes a
9.55 + theory development; it has to be the very last command of any theory
9.56 + file loaded in batch-mode.
9.57 +
9.58 + \begin{rail}
9.59 + 'header' text
9.60 + ;
9.61 + 'theory' name 'imports' (name +) uses? 'begin'
9.62 + ;
9.63 +
9.64 + uses: 'uses' ((name | parname) +);
9.65 + \end{rail}
9.66 +
9.67 + \begin{descr}
9.68 +
9.69 + \item [@{command "header"}~@{text "text"}] provides plain text
9.70 + markup just preceding the formal beginning of a theory. In actual
9.71 + document preparation the corresponding {\LaTeX} macro @{verbatim
9.72 + "\\isamarkupheader"} may be redefined to produce chapter or section
9.73 + headings. See also \secref{sec:markup-thy} and
9.74 + \secref{sec:markup-prf} for further markup commands.
9.75 +
9.76 + \item [@{command "theory"}~@{text "A \<IMPORTS> B\<^sub>1 \<dots>
9.77 + B\<^sub>n \<BEGIN>"}] starts a new theory @{text A} based on the
9.78 + merge of existing theories @{text "B\<^sub>1 \<dots> B\<^sub>n"}.
9.79 +
9.80 + Due to inclusion of several ancestors, the overall theory structure
9.81 + emerging in an Isabelle session forms a directed acyclic graph
9.82 + (DAG). Isabelle's theory loader ensures that the sources
9.83 + contributing to the development graph are always up-to-date.
9.84 + Changed files are automatically reloaded when processing theory
9.85 + headers.
9.86 +
9.87 + The optional @{keyword_def "uses"} specification declares additional
9.88 + dependencies on extra files (usually ML sources). Files will be
9.89 + loaded immediately (as ML), unless the name is put in parentheses,
9.90 + which merely documents the dependency to be resolved later in the
9.91 + text (typically via explicit @{command_ref "use"} in the body text,
9.92 + see \secref{sec:ML}).
9.93 +
9.94 + \item [@{command "end"}] concludes the current theory definition or
9.95 + context switch.
9.96 +
9.97 + \end{descr}
9.98 +*}
9.99 +
9.100 +
9.101 +subsection {* Markup commands \label{sec:markup-thy} *}
9.102 +
9.103 +text {*
9.104 + \begin{matharray}{rcl}
9.105 + @{command_def "chapter"} & : & \isarkeep{local{\dsh}theory} \\
9.106 + @{command_def "section"} & : & \isarkeep{local{\dsh}theory} \\
9.107 + @{command_def "subsection"} & : & \isarkeep{local{\dsh}theory} \\
9.108 + @{command_def "subsubsection"} & : & \isarkeep{local{\dsh}theory} \\
9.109 + @{command_def "text"} & : & \isarkeep{local{\dsh}theory} \\
9.110 + @{command_def "text_raw"} & : & \isarkeep{local{\dsh}theory} \\
9.111 + \end{matharray}
9.112 +
9.113 + Apart from formal comments (see \secref{sec:comments}), markup
9.114 + commands provide a structured way to insert text into the document
9.115 + generated from a theory (see \cite{isabelle-sys} for more
9.116 + information on Isabelle's document preparation tools).
9.117 +
9.118 + \begin{rail}
9.119 + ('chapter' | 'section' | 'subsection' | 'subsubsection' | 'text') target? text
9.120 + ;
9.121 + 'text\_raw' text
9.122 + ;
9.123 + \end{rail}
9.124 +
9.125 + \begin{descr}
9.126 +
9.127 + \item [@{command "chapter"}, @{command "section"}, @{command
9.128 + "subsection"}, and @{command "subsubsection"}] mark chapter and
9.129 + section headings.
9.130 +
9.131 + \item [@{command "text"}] specifies paragraphs of plain text.
9.132 +
9.133 + \item [@{command "text_raw"}] inserts {\LaTeX} source into the
9.134 + output, without additional markup. Thus the full range of document
9.135 + manipulations becomes available.
9.136 +
9.137 + \end{descr}
9.138 +
9.139 + The @{text "text"} argument of these markup commands (except for
9.140 + @{command "text_raw"}) may contain references to formal entities
9.141 + (``antiquotations'', see also \secref{sec:antiq}). These are
9.142 + interpreted in the present theory context, or the named @{text
9.143 + "target"}.
9.144 +
9.145 + Any of these markup elements corresponds to a {\LaTeX} command with
9.146 + the name prefixed by @{verbatim "\\isamarkup"}. For the sectioning
9.147 + commands this is a plain macro with a single argument, e.g.\
9.148 + @{verbatim "\\isamarkupchapter{"}@{text "\<dots>"}@{verbatim "}"} for
9.149 + @{command "chapter"}. The @{command "text"} markup results in a
9.150 + {\LaTeX} environment @{verbatim "\\begin{isamarkuptext}"}~@{text
9.151 + "\<dots>"}~@{verbatim "\\end{isamarkuptext}"}, while @{command "text_raw"}
9.152 + causes the text to be inserted directly into the {\LaTeX} source.
9.153 +
9.154 + \medskip Additional markup commands are available for proofs (see
9.155 + \secref{sec:markup-prf}). Also note that the @{command_ref
9.156 + "header"} declaration (see \secref{sec:begin-thy}) admits to insert
9.157 + section markup just preceding the actual theory definition.
9.158 +*}
9.159 +
9.160 +
9.161 +subsection {* Type classes and sorts \label{sec:classes} *}
9.162 +
9.163 +text {*
9.164 + \begin{matharray}{rcll}
9.165 + @{command_def "classes"} & : & \isartrans{theory}{theory} \\
9.166 + @{command_def "classrel"} & : & \isartrans{theory}{theory} & (axiomatic!) \\
9.167 + @{command_def "defaultsort"} & : & \isartrans{theory}{theory} \\
9.168 + @{command_def "class_deps"} & : & \isarkeep{theory~|~proof} \\
9.169 + \end{matharray}
9.170 +
9.171 + \begin{rail}
9.172 + 'classes' (classdecl +)
9.173 + ;
9.174 + 'classrel' (nameref ('<' | subseteq) nameref + 'and')
9.175 + ;
9.176 + 'defaultsort' sort
9.177 + ;
9.178 + \end{rail}
9.179 +
9.180 + \begin{descr}
9.181 +
9.182 + \item [@{command "classes"}~@{text "c \<subseteq> c\<^sub>1, \<dots>, c\<^sub>n"}]
9.183 + declares class @{text c} to be a subclass of existing classes @{text
9.184 + "c\<^sub>1, \<dots>, c\<^sub>n"}. Cyclic class structures are not permitted.
9.185 +
9.186 + \item [@{command "classrel"}~@{text "c\<^sub>1 \<subseteq> c\<^sub>2"}] states
9.187 + subclass relations between existing classes @{text "c\<^sub>1"} and
9.188 + @{text "c\<^sub>2"}. This is done axiomatically! The @{command_ref
9.189 + "instance"} command (see \secref{sec:axclass}) provides a way to
9.190 + introduce proven class relations.
9.191 +
9.192 + \item [@{command "defaultsort"}~@{text s}] makes sort @{text s} the
9.193 + new default sort for any type variables given without sort
9.194 + constraints. Usually, the default sort would be only changed when
9.195 + defining a new object-logic.
9.196 +
9.197 + \item [@{command "class_deps"}] visualizes the subclass relation,
9.198 + using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
9.199 +
9.200 + \end{descr}
9.201 +*}
9.202 +
9.203 +
9.204 +subsection {* Primitive types and type abbreviations \label{sec:types-pure} *}
9.205 +
9.206 +text {*
9.207 + \begin{matharray}{rcll}
9.208 + @{command_def "types"} & : & \isartrans{theory}{theory} \\
9.209 + @{command_def "typedecl"} & : & \isartrans{theory}{theory} \\
9.210 + @{command_def "nonterminals"} & : & \isartrans{theory}{theory} \\
9.211 + @{command_def "arities"} & : & \isartrans{theory}{theory} & (axiomatic!) \\
9.212 + \end{matharray}
9.213 +
9.214 + \begin{rail}
9.215 + 'types' (typespec '=' type infix? +)
9.216 + ;
9.217 + 'typedecl' typespec infix?
9.218 + ;
9.219 + 'nonterminals' (name +)
9.220 + ;
9.221 + 'arities' (nameref '::' arity +)
9.222 + ;
9.223 + \end{rail}
9.224 +
9.225 + \begin{descr}
9.226 +
9.227 + \item [@{command "types"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t = \<tau>"}]
9.228 + introduces \emph{type synonym} @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t"}
9.229 + for existing type @{text "\<tau>"}. Unlike actual type definitions, as
9.230 + are available in Isabelle/HOL for example, type synonyms are just
9.231 + purely syntactic abbreviations without any logical significance.
9.232 + Internally, type synonyms are fully expanded.
9.233 +
9.234 + \item [@{command "typedecl"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t"}]
9.235 + declares a new type constructor @{text t}, intended as an actual
9.236 + logical type (of the object-logic, if available).
9.237 +
9.238 + \item [@{command "nonterminals"}~@{text c}] declares type
9.239 + constructors @{text c} (without arguments) to act as purely
9.240 + syntactic types, i.e.\ nonterminal symbols of Isabelle's inner
9.241 + syntax of terms or types.
9.242 +
9.243 + \item [@{command "arities"}~@{text "t :: (s\<^sub>1, \<dots>, s\<^sub>n)
9.244 + s"}] augments Isabelle's order-sorted signature of types by new type
9.245 + constructor arities. This is done axiomatically! The @{command_ref
9.246 + "instance"} command (see \S\ref{sec:axclass}) provides a way to
9.247 + introduce proven type arities.
9.248 +
9.249 + \end{descr}
9.250 +*}
9.251 +
9.252 +
9.253 +subsection {* Primitive constants and definitions \label{sec:consts} *}
9.254 +
9.255 +text {*
9.256 + Definitions essentially express abbreviations within the logic. The
9.257 + simplest form of a definition is @{text "c :: \<sigma> \<equiv> t"}, where @{text
9.258 + c} is a newly declared constant. Isabelle also allows derived forms
9.259 + where the arguments of @{text c} appear on the left, abbreviating a
9.260 + prefix of @{text \<lambda>}-abstractions, e.g.\ @{text "c \<equiv> \<lambda>x y. t"} may be
9.261 + written more conveniently as @{text "c x y \<equiv> t"}. Moreover,
9.262 + definitions may be weakened by adding arbitrary pre-conditions:
9.263 + @{text "A \<Longrightarrow> c x y \<equiv> t"}.
9.264 +
9.265 + \medskip The built-in well-formedness conditions for definitional
9.266 + specifications are:
9.267 +
9.268 + \begin{itemize}
9.269 +
9.270 + \item Arguments (on the left-hand side) must be distinct variables.
9.271 +
9.272 + \item All variables on the right-hand side must also appear on the
9.273 + left-hand side.
9.274 +
9.275 + \item All type variables on the right-hand side must also appear on
9.276 + the left-hand side; this prohibits @{text "0 :: nat \<equiv> length ([] ::
9.277 + \<alpha> list)"} for example.
9.278 +
9.279 + \item The definition must not be recursive. Most object-logics
9.280 + provide definitional principles that can be used to express
9.281 + recursion safely.
9.282 +
9.283 + \end{itemize}
9.284 +
9.285 + Overloading means that a constant being declared as @{text "c :: \<alpha>
9.286 + decl"} may be defined separately on type instances @{text "c ::
9.287 + (\<beta>\<^sub>1, \<dots>, \<beta>\<^sub>n) t decl"} for each type constructor @{text
9.288 + t}. The right-hand side may mention overloaded constants
9.289 + recursively at type instances corresponding to the immediate
9.290 + argument types @{text "\<beta>\<^sub>1, \<dots>, \<beta>\<^sub>n"}. Incomplete
9.291 + specification patterns impose global constraints on all occurrences,
9.292 + e.g.\ @{text "d :: \<alpha> \<times> \<alpha>"} on the left-hand side means that all
9.293 + corresponding occurrences on some right-hand side need to be an
9.294 + instance of this, general @{text "d :: \<alpha> \<times> \<beta>"} will be disallowed.
9.295 +
9.296 + \begin{matharray}{rcl}
9.297 + @{command_def "consts"} & : & \isartrans{theory}{theory} \\
9.298 + @{command_def "defs"} & : & \isartrans{theory}{theory} \\
9.299 + @{command_def "constdefs"} & : & \isartrans{theory}{theory} \\
9.300 + \end{matharray}
9.301 +
9.302 + \begin{rail}
9.303 + 'consts' ((name '::' type mixfix?) +)
9.304 + ;
9.305 + 'defs' ('(' 'unchecked'? 'overloaded'? ')')? \\ (axmdecl prop +)
9.306 + ;
9.307 + \end{rail}
9.308 +
9.309 + \begin{rail}
9.310 + 'constdefs' structs? (constdecl? constdef +)
9.311 + ;
9.312 +
9.313 + structs: '(' 'structure' (vars + 'and') ')'
9.314 + ;
9.315 + constdecl: ((name '::' type mixfix | name '::' type | name mixfix) 'where'?) | name 'where'
9.316 + ;
9.317 + constdef: thmdecl? prop
9.318 + ;
9.319 + \end{rail}
9.320 +
9.321 + \begin{descr}
9.322 +
9.323 + \item [@{command "consts"}~@{text "c :: \<sigma>"}] declares constant
9.324 + @{text c} to have any instance of type scheme @{text \<sigma>}. The
9.325 + optional mixfix annotations may attach concrete syntax to the
9.326 + constants declared.
9.327 +
9.328 + \item [@{command "defs"}~@{text "name: eqn"}] introduces @{text eqn}
9.329 + as a definitional axiom for some existing constant.
9.330 +
9.331 + The @{text "(unchecked)"} option disables global dependency checks
9.332 + for this definition, which is occasionally useful for exotic
9.333 + overloading. It is at the discretion of the user to avoid malformed
9.334 + theory specifications!
9.335 +
9.336 + The @{text "(overloaded)"} option declares definitions to be
9.337 + potentially overloaded. Unless this option is given, a warning
9.338 + message would be issued for any definitional equation with a more
9.339 + special type than that of the corresponding constant declaration.
9.340 +
9.341 + \item [@{command "constdefs"}] provides a streamlined combination of
9.342 + constants declarations and definitions: type-inference takes care of
9.343 + the most general typing of the given specification (the optional
9.344 + type constraint may refer to type-inference dummies ``@{verbatim
9.345 + _}'' as usual). The resulting type declaration needs to agree with
9.346 + that of the specification; overloading is \emph{not} supported here!
9.347 +
9.348 + The constant name may be omitted altogether, if neither type nor
9.349 + syntax declarations are given. The canonical name of the
9.350 + definitional axiom for constant @{text c} will be @{text c_def},
9.351 + unless specified otherwise. Also note that the given list of
9.352 + specifications is processed in a strictly sequential manner, with
9.353 + type-checking being performed independently.
9.354 +
9.355 + An optional initial context of @{text "(structure)"} declarations
9.356 + admits use of indexed syntax, using the special symbol @{verbatim
9.357 + "\<index>"} (printed as ``@{text "\<index>"}''). The latter concept is
9.358 + particularly useful with locales (see also \S\ref{sec:locale}).
9.359 +
9.360 + \end{descr}
9.361 +*}
9.362 +
9.363 +
9.364 +subsection {* Syntax and translations \label{sec:syn-trans} *}
9.365 +
9.366 +text {*
9.367 + \begin{matharray}{rcl}
9.368 + @{command_def "syntax"} & : & \isartrans{theory}{theory} \\
9.369 + @{command_def "no_syntax"} & : & \isartrans{theory}{theory} \\
9.370 + @{command_def "translations"} & : & \isartrans{theory}{theory} \\
9.371 + @{command_def "no_translations"} & : & \isartrans{theory}{theory} \\
9.372 + \end{matharray}
9.373 +
9.374 + \railalias{rightleftharpoons}{\isasymrightleftharpoons}
9.375 + \railterm{rightleftharpoons}
9.376 +
9.377 + \railalias{rightharpoonup}{\isasymrightharpoonup}
9.378 + \railterm{rightharpoonup}
9.379 +
9.380 + \railalias{leftharpoondown}{\isasymleftharpoondown}
9.381 + \railterm{leftharpoondown}
9.382 +
9.383 + \begin{rail}
9.384 + ('syntax' | 'no\_syntax') mode? (constdecl +)
9.385 + ;
9.386 + ('translations' | 'no\_translations') (transpat ('==' | '=>' | '<=' | rightleftharpoons | rightharpoonup | leftharpoondown) transpat +)
9.387 + ;
9.388 +
9.389 + mode: ('(' ( name | 'output' | name 'output' ) ')')
9.390 + ;
9.391 + transpat: ('(' nameref ')')? string
9.392 + ;
9.393 + \end{rail}
9.394 +
9.395 + \begin{descr}
9.396 +
9.397 + \item [@{command "syntax"}~@{text "(mode) decls"}] is similar to
9.398 + @{command "consts"}~@{text decls}, except that the actual logical
9.399 + signature extension is omitted. Thus the context free grammar of
9.400 + Isabelle's inner syntax may be augmented in arbitrary ways,
9.401 + independently of the logic. The @{text mode} argument refers to the
9.402 + print mode that the grammar rules belong; unless the @{keyword_ref
9.403 + "output"} indicator is given, all productions are added both to the
9.404 + input and output grammar.
9.405 +
9.406 + \item [@{command "no_syntax"}~@{text "(mode) decls"}] removes
9.407 + grammar declarations (and translations) resulting from @{text
9.408 + decls}, which are interpreted in the same manner as for @{command
9.409 + "syntax"} above.
9.410 +
9.411 + \item [@{command "translations"}~@{text rules}] specifies syntactic
9.412 + translation rules (i.e.\ macros): parse~/ print rules (@{text "\<rightleftharpoons>"}),
9.413 + parse rules (@{text "\<rightharpoonup>"}), or print rules (@{text "\<leftharpoondown>"}).
9.414 + Translation patterns may be prefixed by the syntactic category to be
9.415 + used for parsing; the default is @{text logic}.
9.416 +
9.417 + \item [@{command "no_translations"}~@{text rules}] removes syntactic
9.418 + translation rules, which are interpreted in the same manner as for
9.419 + @{command "translations"} above.
9.420 +
9.421 + \end{descr}
9.422 +*}
9.423 +
9.424 +
9.425 +subsection {* Axioms and theorems \label{sec:axms-thms} *}
9.426 +
9.427 +text {*
9.428 + \begin{matharray}{rcll}
9.429 + @{command_def "axioms"} & : & \isartrans{theory}{theory} & (axiomatic!) \\
9.430 + @{command_def "lemmas"} & : & \isarkeep{local{\dsh}theory} \\
9.431 + @{command_def "theorems"} & : & isarkeep{local{\dsh}theory} \\
9.432 + \end{matharray}
9.433 +
9.434 + \begin{rail}
9.435 + 'axioms' (axmdecl prop +)
9.436 + ;
9.437 + ('lemmas' | 'theorems') target? (thmdef? thmrefs + 'and')
9.438 + ;
9.439 + \end{rail}
9.440 +
9.441 + \begin{descr}
9.442 +
9.443 + \item [@{command "axioms"}~@{text "a: \<phi>"}] introduces arbitrary
9.444 + statements as axioms of the meta-logic. In fact, axioms are
9.445 + ``axiomatic theorems'', and may be referred later just as any other
9.446 + theorem.
9.447 +
9.448 + Axioms are usually only introduced when declaring new logical
9.449 + systems. Everyday work is typically done the hard way, with proper
9.450 + definitions and proven theorems.
9.451 +
9.452 + \item [@{command "lemmas"}~@{text "a = b\<^sub>1 \<dots> b\<^sub>n"}]
9.453 + retrieves and stores existing facts in the theory context, or the
9.454 + specified target context (see also \secref{sec:target}). Typical
9.455 + applications would also involve attributes, to declare Simplifier
9.456 + rules, for example.
9.457 +
9.458 + \item [@{command "theorems"}] is essentially the same as @{command
9.459 + "lemmas"}, but marks the result as a different kind of facts.
9.460 +
9.461 + \end{descr}
9.462 +*}
9.463 +
9.464 +
9.465 +subsection {* Name spaces *}
9.466 +
9.467 +text {*
9.468 + \begin{matharray}{rcl}
9.469 + @{command_def "global"} & : & \isartrans{theory}{theory} \\
9.470 + @{command_def "local"} & : & \isartrans{theory}{theory} \\
9.471 + @{command_def "hide"} & : & \isartrans{theory}{theory} \\
9.472 + \end{matharray}
9.473 +
9.474 + \begin{rail}
9.475 + 'hide' ('(open)')? name (nameref + )
9.476 + ;
9.477 + \end{rail}
9.478 +
9.479 + Isabelle organizes any kind of name declarations (of types,
9.480 + constants, theorems etc.) by separate hierarchically structured name
9.481 + spaces. Normally the user does not have to control the behavior of
9.482 + name spaces by hand, yet the following commands provide some way to
9.483 + do so.
9.484 +
9.485 + \begin{descr}
9.486 +
9.487 + \item [@{command "global"} and @{command "local"}] change the
9.488 + current name declaration mode. Initially, theories start in
9.489 + @{command "local"} mode, causing all names to be automatically
9.490 + qualified by the theory name. Changing this to @{command "global"}
9.491 + causes all names to be declared without the theory prefix, until
9.492 + @{command "local"} is declared again.
9.493 +
9.494 + Note that global names are prone to get hidden accidently later,
9.495 + when qualified names of the same base name are introduced.
9.496 +
9.497 + \item [@{command "hide"}~@{text "space names"}] fully removes
9.498 + declarations from a given name space (which may be @{text "class"},
9.499 + @{text "type"}, @{text "const"}, or @{text "fact"}); with the @{text
9.500 + "(open)"} option, only the base name is hidden. Global
9.501 + (unqualified) names may never be hidden.
9.502 +
9.503 + Note that hiding name space accesses has no impact on logical
9.504 + declarations -- they remain valid internally. Entities that are no
9.505 + longer accessible to the user are printed with the special qualifier
9.506 + ``@{text "??"}'' prefixed to the full internal name.
9.507 +
9.508 + \end{descr}
9.509 +*}
9.510 +
9.511 +
9.512 +subsection {* Incorporating ML code \label{sec:ML} *}
9.513 +
9.514 +text {*
9.515 + \begin{matharray}{rcl}
9.516 + @{command_def "use"} & : & \isarkeep{theory~|~local{\dsh}theory} \\
9.517 + @{command_def "ML"} & : & \isarkeep{theory~|~local{\dsh}theory} \\
9.518 + @{command_def "ML_val"} & : & \isartrans{\cdot}{\cdot} \\
9.519 + @{command_def "ML_command"} & : & \isartrans{\cdot}{\cdot} \\
9.520 + @{command_def "setup"} & : & \isartrans{theory}{theory} \\
9.521 + @{command_def "method_setup"} & : & \isartrans{theory}{theory} \\
9.522 + \end{matharray}
9.523 +
9.524 + \begin{rail}
9.525 + 'use' name
9.526 + ;
9.527 + ('ML' | 'ML\_val' | 'ML\_command' | 'setup') text
9.528 + ;
9.529 + 'method\_setup' name '=' text text
9.530 + ;
9.531 + \end{rail}
9.532 +
9.533 + \begin{descr}
9.534 +
9.535 + \item [@{command "use"}~@{text "file"}] reads and executes ML
9.536 + commands from @{text "file"}. The current theory context is passed
9.537 + down to the ML toplevel and may be modified, using @{ML
9.538 + "Context.>>"} or derived ML commands. The file name is checked with
9.539 + the @{keyword_ref "uses"} dependency declaration given in the theory
9.540 + header (see also \secref{sec:begin-thy}).
9.541 +
9.542 + \item [@{command "ML"}~@{text "text"}] is similar to @{command
9.543 + "use"}, but executes ML commands directly from the given @{text
9.544 + "text"}.
9.545 +
9.546 + \item [@{command "ML_val"} and @{command "ML_command"}] are
9.547 + diagnostic versions of @{command "ML"}, which means that the context
9.548 + may not be updated. @{command "ML_val"} echos the bindings produced
9.549 + at the ML toplevel, but @{command "ML_command"} is silent.
9.550 +
9.551 + \item [@{command "setup"}~@{text "text"}] changes the current theory
9.552 + context by applying @{text "text"}, which refers to an ML expression
9.553 + of type @{ML_type "theory -> theory"}. This enables to initialize
9.554 + any object-logic specific tools and packages written in ML, for
9.555 + example.
9.556 +
9.557 + \item [@{command "method_setup"}~@{text "name = text description"}]
9.558 + defines a proof method in the current theory. The given @{text
9.559 + "text"} has to be an ML expression of type @{ML_type "Args.src ->
9.560 + Proof.context -> Proof.method"}. Parsing concrete method syntax
9.561 + from @{ML_type Args.src} input can be quite tedious in general. The
9.562 + following simple examples are for methods without any explicit
9.563 + arguments, or a list of theorems, respectively.
9.564 +
9.565 +%FIXME proper antiquotations
9.566 +{\footnotesize
9.567 +\begin{verbatim}
9.568 + Method.no_args (Method.METHOD (fn facts => foobar_tac))
9.569 + Method.thms_args (fn thms => Method.METHOD (fn facts => foobar_tac))
9.570 + Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => foobar_tac))
9.571 + Method.thms_ctxt_args (fn thms => fn ctxt =>
9.572 + Method.METHOD (fn facts => foobar_tac))
9.573 +\end{verbatim}
9.574 +}
9.575 +
9.576 + Note that mere tactic emulations may ignore the @{text facts}
9.577 + parameter above. Proper proof methods would do something
9.578 + appropriate with the list of current facts, though. Single-rule
9.579 + methods usually do strict forward-chaining (e.g.\ by using @{ML
9.580 + Drule.multi_resolves}), while automatic ones just insert the facts
9.581 + using @{ML Method.insert_tac} before applying the main tactic.
9.582 +
9.583 + \end{descr}
9.584 +*}
9.585 +
9.586 +
9.587 +subsection {* Syntax translation functions *}
9.588 +
9.589 +text {*
9.590 + \begin{matharray}{rcl}
9.591 + @{command_def "parse_ast_translation"} & : & \isartrans{theory}{theory} \\
9.592 + @{command_def "parse_translation"} & : & \isartrans{theory}{theory} \\
9.593 + @{command_def "print_translation"} & : & \isartrans{theory}{theory} \\
9.594 + @{command_def "typed_print_translation"} & : & \isartrans{theory}{theory} \\
9.595 + @{command_def "print_ast_translation"} & : & \isartrans{theory}{theory} \\
9.596 + @{command_def "token_translation"} & : & \isartrans{theory}{theory} \\
9.597 + \end{matharray}
9.598 +
9.599 + \begin{rail}
9.600 + ( 'parse\_ast\_translation' | 'parse\_translation' | 'print\_translation' |
9.601 + 'typed\_print\_translation' | 'print\_ast\_translation' ) ('(advanced)')? text
9.602 + ;
9.603 +
9.604 + 'token\_translation' text
9.605 + ;
9.606 + \end{rail}
9.607 +
9.608 + Syntax translation functions written in ML admit almost arbitrary
9.609 + manipulations of Isabelle's inner syntax. Any of the above commands
9.610 + have a single \railqtok{text} argument that refers to an ML
9.611 + expression of appropriate type, which are as follows by default:
9.612 +
9.613 +%FIXME proper antiquotations
9.614 +\begin{ttbox}
9.615 +val parse_ast_translation : (string * (ast list -> ast)) list
9.616 +val parse_translation : (string * (term list -> term)) list
9.617 +val print_translation : (string * (term list -> term)) list
9.618 +val typed_print_translation :
9.619 + (string * (bool -> typ -> term list -> term)) list
9.620 +val print_ast_translation : (string * (ast list -> ast)) list
9.621 +val token_translation :
9.622 + (string * string * (string -> string * real)) list
9.623 +\end{ttbox}
9.624 +
9.625 + If the @{text "(advanced)"} option is given, the corresponding
9.626 + translation functions may depend on the current theory or proof
9.627 + context. This allows to implement advanced syntax mechanisms, as
9.628 + translations functions may refer to specific theory declarations or
9.629 + auxiliary proof data.
9.630 +
9.631 + See also \cite[\S8]{isabelle-ref} for more information on the
9.632 + general concept of syntax transformations in Isabelle.
9.633 +
9.634 +%FIXME proper antiquotations
9.635 +\begin{ttbox}
9.636 +val parse_ast_translation:
9.637 + (string * (Context.generic -> ast list -> ast)) list
9.638 +val parse_translation:
9.639 + (string * (Context.generic -> term list -> term)) list
9.640 +val print_translation:
9.641 + (string * (Context.generic -> term list -> term)) list
9.642 +val typed_print_translation:
9.643 + (string * (Context.generic -> bool -> typ -> term list -> term)) list
9.644 +val print_ast_translation:
9.645 + (string * (Context.generic -> ast list -> ast)) list
9.646 +\end{ttbox}
9.647 +*}
9.648 +
9.649 +
9.650 +subsection {* Oracles *}
9.651 +
9.652 +text {*
9.653 + \begin{matharray}{rcl}
9.654 + @{command_def "oracle"} & : & \isartrans{theory}{theory} \\
9.655 + \end{matharray}
9.656 +
9.657 + The oracle interface promotes a given ML function @{ML_text
9.658 + "theory -> T -> term"} to @{ML_text "theory -> T -> thm"}, for some type
9.659 + @{ML_text T} given by the user. This acts like an infinitary
9.660 + specification of axioms -- there is no internal check of the
9.661 + correctness of the results! The inference kernel records oracle
9.662 + invocations within the internal derivation object of theorems, and
9.663 + the pretty printer attaches ``@{text "[!]"}'' to indicate results
9.664 + that are not fully checked by Isabelle inferences.
9.665 +
9.666 + \begin{rail}
9.667 + 'oracle' name '(' type ')' '=' text
9.668 + ;
9.669 + \end{rail}
9.670 +
9.671 + \begin{descr}
9.672 +
9.673 + \item [@{command "oracle"}~@{text "name (type) = text"}] turns the
9.674 + given ML expression @{text "text"} of type @{ML_text "{theory
9.675 + ->"}~@{text "type"}~@{ML_text "-> term"} into an ML function
9.676 + @{ML_text name} of type @{ML_text "{theory ->"}~@{text
9.677 + "type"}~@{ML_text "-> thm"}.
9.678 +
9.679 + \end{descr}
9.680 +*}
9.681 +
9.682 +
9.683 +section {* Proof commands *}
9.684 +
9.685 +text {*
9.686 + Proof commands perform transitions of Isar/VM machine
9.687 + configurations, which are block-structured, consisting of a stack of
9.688 + nodes with three main components: logical proof context, current
9.689 + facts, and open goals. Isar/VM transitions are \emph{typed}
9.690 + according to the following three different modes of operation:
9.691 +
9.692 + \begin{descr}
9.693 +
9.694 + \item [@{text "proof(prove)"}] means that a new goal has just been
9.695 + stated that is now to be \emph{proven}; the next command may refine
9.696 + it by some proof method, and enter a sub-proof to establish the
9.697 + actual result.
9.698 +
9.699 + \item [@{text "proof(state)"}] is like a nested theory mode: the
9.700 + context may be augmented by \emph{stating} additional assumptions,
9.701 + intermediate results etc.
9.702 +
9.703 + \item [@{text "proof(chain)"}] is intermediate between @{text
9.704 + "proof(state)"} and @{text "proof(prove)"}: existing facts (i.e.\
9.705 + the contents of the special ``@{fact_ref this}'' register) have been
9.706 + just picked up in order to be used when refining the goal claimed
9.707 + next.
9.708 +
9.709 + \end{descr}
9.710 +
9.711 + The proof mode indicator may be read as a verb telling the writer
9.712 + what kind of operation may be performed next. The corresponding
9.713 + typings of proof commands restricts the shape of well-formed proof
9.714 + texts to particular command sequences. So dynamic arrangements of
9.715 + commands eventually turn out as static texts of a certain structure.
9.716 + \Appref{ap:refcard} gives a simplified grammar of the overall
9.717 + (extensible) language emerging that way.
9.718 +*}
9.719 +
9.720 +
9.721 +subsection {* Markup commands \label{sec:markup-prf} *}
9.722 +
9.723 +text {*
9.724 + \begin{matharray}{rcl}
9.725 + @{command_def "sect"} & : & \isartrans{proof}{proof} \\
9.726 + @{command_def "subsect"} & : & \isartrans{proof}{proof} \\
9.727 + @{command_def "subsubsect"} & : & \isartrans{proof}{proof} \\
9.728 + @{command_def "txt"} & : & \isartrans{proof}{proof} \\
9.729 + @{command_def "txt_raw"} & : & \isartrans{proof}{proof} \\
9.730 + \end{matharray}
9.731 +
9.732 + These markup commands for proof mode closely correspond to the ones
9.733 + of theory mode (see \S\ref{sec:markup-thy}).
9.734 +
9.735 + \begin{rail}
9.736 + ('sect' | 'subsect' | 'subsubsect' | 'txt' | 'txt\_raw') text
9.737 + ;
9.738 + \end{rail}
9.739 +*}
9.740 +
9.741 +
9.742 +subsection {* Context elements \label{sec:proof-context} *}
9.743 +
9.744 +text {*
9.745 + \begin{matharray}{rcl}
9.746 + @{command_def "fix"} & : & \isartrans{proof(state)}{proof(state)} \\
9.747 + @{command_def "assume"} & : & \isartrans{proof(state)}{proof(state)} \\
9.748 + @{command_def "presume"} & : & \isartrans{proof(state)}{proof(state)} \\
9.749 + @{command_def "def"} & : & \isartrans{proof(state)}{proof(state)} \\
9.750 + \end{matharray}
9.751 +
9.752 + The logical proof context consists of fixed variables and
9.753 + assumptions. The former closely correspond to Skolem constants, or
9.754 + meta-level universal quantification as provided by the Isabelle/Pure
9.755 + logical framework. Introducing some \emph{arbitrary, but fixed}
9.756 + variable via ``@{command "fix"}~@{text x} results in a local value
9.757 + that may be used in the subsequent proof as any other variable or
9.758 + constant. Furthermore, any result @{text "\<turnstile> \<phi>[x]"} exported from
9.759 + the context will be universally closed wrt.\ @{text x} at the
9.760 + outermost level: @{text "\<turnstile> \<And>x. \<phi>[x]"} (this is expressed in normal
9.761 + form using Isabelle's meta-variables).
9.762 +
9.763 + Similarly, introducing some assumption @{text \<chi>} has two effects.
9.764 + On the one hand, a local theorem is created that may be used as a
9.765 + fact in subsequent proof steps. On the other hand, any result
9.766 + @{text "\<chi> \<turnstile> \<phi>"} exported from the context becomes conditional wrt.\
9.767 + the assumption: @{text "\<turnstile> \<chi> \<Longrightarrow> \<phi>"}. Thus, solving an enclosing goal
9.768 + using such a result would basically introduce a new subgoal stemming
9.769 + from the assumption. How this situation is handled depends on the
9.770 + version of assumption command used: while @{command "assume"}
9.771 + insists on solving the subgoal by unification with some premise of
9.772 + the goal, @{command "presume"} leaves the subgoal unchanged in order
9.773 + to be proved later by the user.
9.774 +
9.775 + Local definitions, introduced by ``@{command "def"}~@{text "x \<equiv>
9.776 + t"}'', are achieved by combining ``@{command "fix"}~@{text x}'' with
9.777 + another version of assumption that causes any hypothetical equation
9.778 + @{text "x \<equiv> t"} to be eliminated by the reflexivity rule. Thus,
9.779 + exporting some result @{text "x \<equiv> t \<turnstile> \<phi>[x]"} yields @{text "\<turnstile>
9.780 + \<phi>[t]"}.
9.781 +
9.782 + \railalias{equiv}{\isasymequiv}
9.783 + \railterm{equiv}
9.784 +
9.785 + \begin{rail}
9.786 + 'fix' (vars + 'and')
9.787 + ;
9.788 + ('assume' | 'presume') (props + 'and')
9.789 + ;
9.790 + 'def' (def + 'and')
9.791 + ;
9.792 + def: thmdecl? \\ name ('==' | equiv) term termpat?
9.793 + ;
9.794 + \end{rail}
9.795 +
9.796 + \begin{descr}
9.797 +
9.798 + \item [@{command "fix"}~@{text x}] introduces a local variable
9.799 + @{text x} that is \emph{arbitrary, but fixed.}
9.800 +
9.801 + \item [@{command "assume"}~@{text "a: \<phi>"} and @{command
9.802 + "presume"}~@{text "a: \<phi>"}] introduce a local fact @{text "\<phi> \<turnstile> \<phi>"} by
9.803 + assumption. Subsequent results applied to an enclosing goal (e.g.\
9.804 + by @{command_ref "show"}) are handled as follows: @{command
9.805 + "assume"} expects to be able to unify with existing premises in the
9.806 + goal, while @{command "presume"} leaves @{text \<phi>} as new subgoals.
9.807 +
9.808 + Several lists of assumptions may be given (separated by
9.809 + @{keyword_ref "and"}; the resulting list of current facts consists
9.810 + of all of these concatenated.
9.811 +
9.812 + \item [@{command "def"}~@{text "x \<equiv> t"}] introduces a local
9.813 + (non-polymorphic) definition. In results exported from the context,
9.814 + @{text x} is replaced by @{text t}. Basically, ``@{command
9.815 + "def"}~@{text "x \<equiv> t"}'' abbreviates ``@{command "fix"}~@{text
9.816 + x}~@{command "assume"}~@{text "x \<equiv> t"}'', with the resulting
9.817 + hypothetical equation solved by reflexivity.
9.818 +
9.819 + The default name for the definitional equation is @{text x_def}.
9.820 + Several simultaneous definitions may be given at the same time.
9.821 +
9.822 + \end{descr}
9.823 +
9.824 + The special name @{fact_ref prems} refers to all assumptions of the
9.825 + current context as a list of theorems. This feature should be used
9.826 + with great care! It is better avoided in final proof texts.
9.827 +*}
9.828 +
9.829 +
9.830 +subsection {* Facts and forward chaining *}
9.831 +
9.832 +text {*
9.833 + \begin{matharray}{rcl}
9.834 + @{command_def "note"} & : & \isartrans{proof(state)}{proof(state)} \\
9.835 + @{command_def "then"} & : & \isartrans{proof(state)}{proof(chain)} \\
9.836 + @{command_def "from"} & : & \isartrans{proof(state)}{proof(chain)} \\
9.837 + @{command_def "with"} & : & \isartrans{proof(state)}{proof(chain)} \\
9.838 + @{command_def "using"} & : & \isartrans{proof(prove)}{proof(prove)} \\
9.839 + @{command_def "unfolding"} & : & \isartrans{proof(prove)}{proof(prove)} \\
9.840 + \end{matharray}
9.841 +
9.842 + New facts are established either by assumption or proof of local
9.843 + statements. Any fact will usually be involved in further proofs,
9.844 + either as explicit arguments of proof methods, or when forward
9.845 + chaining towards the next goal via @{command "then"} (and variants);
9.846 + @{command "from"} and @{command "with"} are composite forms
9.847 + involving @{command "note"}. The @{command "using"} elements
9.848 + augments the collection of used facts \emph{after} a goal has been
9.849 + stated. Note that the special theorem name @{fact_ref this} refers
9.850 + to the most recently established facts, but only \emph{before}
9.851 + issuing a follow-up claim.
9.852 +
9.853 + \begin{rail}
9.854 + 'note' (thmdef? thmrefs + 'and')
9.855 + ;
9.856 + ('from' | 'with' | 'using' | 'unfolding') (thmrefs + 'and')
9.857 + ;
9.858 + \end{rail}
9.859 +
9.860 + \begin{descr}
9.861 +
9.862 + \item [@{command "note"}~@{text "a = b\<^sub>1 \<dots> b\<^sub>n"}]
9.863 + recalls existing facts @{text "b\<^sub>1, \<dots>, b\<^sub>n"}, binding
9.864 + the result as @{text a}. Note that attributes may be involved as
9.865 + well, both on the left and right hand sides.
9.866 +
9.867 + \item [@{command "then"}] indicates forward chaining by the current
9.868 + facts in order to establish the goal to be claimed next. The
9.869 + initial proof method invoked to refine that will be offered the
9.870 + facts to do ``anything appropriate'' (see also
9.871 + \secref{sec:proof-steps}). For example, method @{method_ref rule}
9.872 + (see \secref{sec:pure-meth-att}) would typically do an elimination
9.873 + rather than an introduction. Automatic methods usually insert the
9.874 + facts into the goal state before operation. This provides a simple
9.875 + scheme to control relevance of facts in automated proof search.
9.876 +
9.877 + \item [@{command "from"}~@{text b}] abbreviates ``@{command
9.878 + "note"}~@{text b}~@{command "then"}''; thus @{command "then"} is
9.879 + equivalent to ``@{command "from"}~@{text this}''.
9.880 +
9.881 + \item [@{command "with"}~@{text "b\<^sub>1 \<dots> b\<^sub>n"}]
9.882 + abbreviates ``@{command "from"}~@{text "b\<^sub>1 \<dots> b\<^sub>n \<AND>
9.883 + this"}''; thus the forward chaining is from earlier facts together
9.884 + with the current ones.
9.885 +
9.886 + \item [@{command "using"}~@{text "b\<^sub>1 \<dots> b\<^sub>n"}] augments
9.887 + the facts being currently indicated for use by a subsequent
9.888 + refinement step (such as @{command_ref "apply"} or @{command_ref
9.889 + "proof"}).
9.890 +
9.891 + \item [@{command "unfolding"}~@{text "b\<^sub>1 \<dots> b\<^sub>n"}] is
9.892 + structurally similar to @{command "using"}, but unfolds definitional
9.893 + equations @{text "b\<^sub>1, \<dots> b\<^sub>n"} throughout the goal state
9.894 + and facts.
9.895 +
9.896 + \end{descr}
9.897 +
9.898 + Forward chaining with an empty list of theorems is the same as not
9.899 + chaining at all. Thus ``@{command "from"}~@{text nothing}'' has no
9.900 + effect apart from entering @{text "prove(chain)"} mode, since
9.901 + @{fact_ref nothing} is bound to the empty list of theorems.
9.902 +
9.903 + Basic proof methods (such as @{method_ref rule}) expect multiple
9.904 + facts to be given in their proper order, corresponding to a prefix
9.905 + of the premises of the rule involved. Note that positions may be
9.906 + easily skipped using something like @{command "from"}~@{text "_
9.907 + \<AND> a \<AND> b"}, for example. This involves the trivial rule
9.908 + @{text "PROP \<psi> \<Longrightarrow> PROP \<psi>"}, which is bound in Isabelle/Pure as
9.909 + ``@{fact_ref "_"}'' (underscore).
9.910 +
9.911 + Automated methods (such as @{method simp} or @{method auto}) just
9.912 + insert any given facts before their usual operation. Depending on
9.913 + the kind of procedure involved, the order of facts is less
9.914 + significant here.
9.915 +*}
9.916 +
9.917 +
9.918 +subsection {* Goal statements \label{sec:goals} *}
9.919 +
9.920 +text {*
9.921 + \begin{matharray}{rcl}
9.922 + \isarcmd{lemma} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
9.923 + \isarcmd{theorem} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
9.924 + \isarcmd{corollary} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
9.925 + \isarcmd{have} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
9.926 + \isarcmd{show} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
9.927 + \isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\
9.928 + \isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\
9.929 + \isarcmd{print_statement}^* & : & \isarkeep{theory~|~proof} \\
9.930 + \end{matharray}
9.931 +
9.932 + From a theory context, proof mode is entered by an initial goal
9.933 + command such as @{command "lemma"}, @{command "theorem"}, or
9.934 + @{command "corollary"}. Within a proof, new claims may be
9.935 + introduced locally as well; four variants are available here to
9.936 + indicate whether forward chaining of facts should be performed
9.937 + initially (via @{command_ref "then"}), and whether the final result
9.938 + is meant to solve some pending goal.
9.939 +
9.940 + Goals may consist of multiple statements, resulting in a list of
9.941 + facts eventually. A pending multi-goal is internally represented as
9.942 + a meta-level conjunction (printed as @{text "&&"}), which is usually
9.943 + split into the corresponding number of sub-goals prior to an initial
9.944 + method application, via @{command_ref "proof"}
9.945 + (\secref{sec:proof-steps}) or @{command_ref "apply"}
9.946 + (\secref{sec:tactic-commands}). The @{method_ref induct} method
9.947 + covered in \secref{sec:cases-induct} acts on multiple claims
9.948 + simultaneously.
9.949 +
9.950 + Claims at the theory level may be either in short or long form. A
9.951 + short goal merely consists of several simultaneous propositions
9.952 + (often just one). A long goal includes an explicit context
9.953 + specification for the subsequent conclusion, involving local
9.954 + parameters and assumptions. Here the role of each part of the
9.955 + statement is explicitly marked by separate keywords (see also
9.956 + \secref{sec:locale}); the local assumptions being introduced here
9.957 + are available as @{fact_ref assms} in the proof. Moreover, there
9.958 + are two kinds of conclusions: @{element_def "shows"} states several
9.959 + simultaneous propositions (essentially a big conjunction), while
9.960 + @{element_def "obtains"} claims several simultaneous simultaneous
9.961 + contexts of (essentially a big disjunction of eliminated parameters
9.962 + and assumptions, cf.\ \secref{sec:obtain}).
9.963 +
9.964 + \begin{rail}
9.965 + ('lemma' | 'theorem' | 'corollary') target? (goal | longgoal)
9.966 + ;
9.967 + ('have' | 'show' | 'hence' | 'thus') goal
9.968 + ;
9.969 + 'print\_statement' modes? thmrefs
9.970 + ;
9.971 +
9.972 + goal: (props + 'and')
9.973 + ;
9.974 + longgoal: thmdecl? (contextelem *) conclusion
9.975 + ;
9.976 + conclusion: 'shows' goal | 'obtains' (parname? case + '|')
9.977 + ;
9.978 + case: (vars + 'and') 'where' (props + 'and')
9.979 + ;
9.980 + \end{rail}
9.981 +
9.982 + \begin{descr}
9.983 +
9.984 + \item [@{command "lemma"}~@{text "a: \<phi>"}] enters proof mode with
9.985 + @{text \<phi>} as main goal, eventually resulting in some fact @{text "\<turnstile>
9.986 + \<phi>"} to be put back into the target context. An additional
9.987 + \railnonterm{context} specification may build up an initial proof
9.988 + context for the subsequent claim; this includes local definitions
9.989 + and syntax as well, see the definition of @{syntax contextelem} in
9.990 + \secref{sec:locale}.
9.991 +
9.992 + \item [@{command "theorem"}~@{text "a: \<phi>"} and @{command
9.993 + "corollary"}~@{text "a: \<phi>"}] are essentially the same as @{command
9.994 + "lemma"}~@{text "a: \<phi>"}, but the facts are internally marked as
9.995 + being of a different kind. This discrimination acts like a formal
9.996 + comment.
9.997 +
9.998 + \item [@{command "have"}~@{text "a: \<phi>"}] claims a local goal,
9.999 + eventually resulting in a fact within the current logical context.
9.1000 + This operation is completely independent of any pending sub-goals of
9.1001 + an enclosing goal statements, so @{command "have"} may be freely
9.1002 + used for experimental exploration of potential results within a
9.1003 + proof body.
9.1004 +
9.1005 + \item [@{command "show"}~@{text "a: \<phi>"}] is like @{command
9.1006 + "have"}~@{text "a: \<phi>"} plus a second stage to refine some pending
9.1007 + sub-goal for each one of the finished result, after having been
9.1008 + exported into the corresponding context (at the head of the
9.1009 + sub-proof of this @{command "show"} command).
9.1010 +
9.1011 + To accommodate interactive debugging, resulting rules are printed
9.1012 + before being applied internally. Even more, interactive execution
9.1013 + of @{command "show"} predicts potential failure and displays the
9.1014 + resulting error as a warning beforehand. Watch out for the
9.1015 + following message:
9.1016 +
9.1017 + %FIXME proper antiquitation
9.1018 + \begin{ttbox}
9.1019 + Problem! Local statement will fail to solve any pending goal
9.1020 + \end{ttbox}
9.1021 +
9.1022 + \item [@{command "hence"}] abbreviates ``@{command "then"}~@{command
9.1023 + "have"}'', i.e.\ claims a local goal to be proven by forward
9.1024 + chaining the current facts. Note that @{command "hence"} is also
9.1025 + equivalent to ``@{command "from"}~@{text this}~@{command "have"}''.
9.1026 +
9.1027 + \item [@{command "thus"}] abbreviates ``@{command "then"}~@{command
9.1028 + "show"}''. Note that @{command "thus"} is also equivalent to
9.1029 + ``@{command "from"}~@{text this}~@{command "show"}''.
9.1030 +
9.1031 + \item [@{command "print_statement"}~@{text a}] prints facts from the
9.1032 + current theory or proof context in long statement form, according to
9.1033 + the syntax for @{command "lemma"} given above.
9.1034 +
9.1035 + \end{descr}
9.1036 +
9.1037 + Any goal statement causes some term abbreviations (such as
9.1038 + @{variable_ref "?thesis"}) to be bound automatically, see also
9.1039 + \secref{sec:term-abbrev}. Furthermore, the local context of a
9.1040 + (non-atomic) goal is provided via the @{case_ref rule_context} case.
9.1041 +
9.1042 + The optional case names of @{element_ref "obtains"} have a twofold
9.1043 + meaning: (1) during the of this claim they refer to the the local
9.1044 + context introductions, (2) the resulting rule is annotated
9.1045 + accordingly to support symbolic case splits when used with the
9.1046 + @{method_ref cases} method (cf. \secref{sec:cases-induct}).
9.1047 +
9.1048 + \medskip
9.1049 +
9.1050 + \begin{warn}
9.1051 + Isabelle/Isar suffers theory-level goal statements to contain
9.1052 + \emph{unbound schematic variables}, although this does not conform
9.1053 + to the aim of human-readable proof documents! The main problem
9.1054 + with schematic goals is that the actual outcome is usually hard to
9.1055 + predict, depending on the behavior of the proof methods applied
9.1056 + during the course of reasoning. Note that most semi-automated
9.1057 + methods heavily depend on several kinds of implicit rule
9.1058 + declarations within the current theory context. As this would
9.1059 + also result in non-compositional checking of sub-proofs,
9.1060 + \emph{local goals} are not allowed to be schematic at all.
9.1061 + Nevertheless, schematic goals do have their use in Prolog-style
9.1062 + interactive synthesis of proven results, usually by stepwise
9.1063 + refinement via emulation of traditional Isabelle tactic scripts
9.1064 + (see also \secref{sec:tactic-commands}). In any case, users
9.1065 + should know what they are doing.
9.1066 + \end{warn}
9.1067 +*}
9.1068 +
9.1069 +
9.1070 +subsection {* Initial and terminal proof steps \label{sec:proof-steps} *}
9.1071 +
9.1072 +text {*
9.1073 + \begin{matharray}{rcl}
9.1074 + @{command_def "proof"} & : & \isartrans{proof(prove)}{proof(state)} \\
9.1075 + @{command_def "qed"} & : & \isartrans{proof(state)}{proof(state) ~|~ theory} \\
9.1076 + @{command_def "by"} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
9.1077 + @{command_def ".."} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
9.1078 + @{command_def "."} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
9.1079 + @{command_def "sorry"} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
9.1080 + \end{matharray}
9.1081 +
9.1082 + Arbitrary goal refinement via tactics is considered harmful.
9.1083 + Structured proof composition in Isar admits proof methods to be
9.1084 + invoked in two places only.
9.1085 +
9.1086 + \begin{enumerate}
9.1087 +
9.1088 + \item An \emph{initial} refinement step @{command_ref
9.1089 + "proof"}~@{text "m\<^sub>1"} reduces a newly stated goal to a number
9.1090 + of sub-goals that are to be solved later. Facts are passed to
9.1091 + @{text "m\<^sub>1"} for forward chaining, if so indicated by @{text
9.1092 + "proof(chain)"} mode.
9.1093 +
9.1094 + \item A \emph{terminal} conclusion step @{command_ref "qed"}~@{text
9.1095 + "m\<^sub>2"} is intended to solve remaining goals. No facts are
9.1096 + passed to @{text "m\<^sub>2"}.
9.1097 +
9.1098 + \end{enumerate}
9.1099 +
9.1100 + The only other (proper) way to affect pending goals in a proof body
9.1101 + is by @{command_ref "show"}, which involves an explicit statement of
9.1102 + what is to be solved eventually. Thus we avoid the fundamental
9.1103 + problem of unstructured tactic scripts that consist of numerous
9.1104 + consecutive goal transformations, with invisible effects.
9.1105 +
9.1106 + \medskip As a general rule of thumb for good proof style, initial
9.1107 + proof methods should either solve the goal completely, or constitute
9.1108 + some well-understood reduction to new sub-goals. Arbitrary
9.1109 + automatic proof tools that are prone leave a large number of badly
9.1110 + structured sub-goals are no help in continuing the proof document in
9.1111 + an intelligible manner.
9.1112 +
9.1113 + Unless given explicitly by the user, the default initial method is
9.1114 + ``@{method_ref rule}'', which applies a single standard elimination
9.1115 + or introduction rule according to the topmost symbol involved.
9.1116 + There is no separate default terminal method. Any remaining goals
9.1117 + are always solved by assumption in the very last step.
9.1118 +
9.1119 + \begin{rail}
9.1120 + 'proof' method?
9.1121 + ;
9.1122 + 'qed' method?
9.1123 + ;
9.1124 + 'by' method method?
9.1125 + ;
9.1126 + ('.' | '..' | 'sorry')
9.1127 + ;
9.1128 + \end{rail}
9.1129 +
9.1130 + \begin{descr}
9.1131 +
9.1132 + \item [@{command "proof"}~@{text "m\<^sub>1"}] refines the goal by
9.1133 + proof method @{text "m\<^sub>1"}; facts for forward chaining are
9.1134 + passed if so indicated by @{text "proof(chain)"} mode.
9.1135 +
9.1136 + \item [@{command "qed"}~@{text "m\<^sub>2"}] refines any remaining
9.1137 + goals by proof method @{text "m\<^sub>2"} and concludes the
9.1138 + sub-proof by assumption. If the goal had been @{text "show"} (or
9.1139 + @{text "thus"}), some pending sub-goal is solved as well by the rule
9.1140 + resulting from the result \emph{exported} into the enclosing goal
9.1141 + context. Thus @{text "qed"} may fail for two reasons: either @{text
9.1142 + "m\<^sub>2"} fails, or the resulting rule does not fit to any
9.1143 + pending goal\footnote{This includes any additional ``strong''
9.1144 + assumptions as introduced by @{text "assume"}.} of the enclosing
9.1145 + context. Debugging such a situation might involve temporarily
9.1146 + changing @{command "show"} into @{command "have"}, or weakening the
9.1147 + local context by replacing occurrences of @{command "assume"} by
9.1148 + @{command "presume"}.
9.1149 +
9.1150 + \item [@{command "by"}~@{text "m\<^sub>1 m\<^sub>2"}] is a
9.1151 + \emph{terminal proof}\index{proof!terminal}; it abbreviates
9.1152 + @{command "proof"}~@{text "m\<^sub>1"}~@{text "qed"}~@{text
9.1153 + "m\<^sub>2"}, but with backtracking across both methods. Debugging
9.1154 + an unsuccessful @{command "by"}~@{text "m\<^sub>1 m\<^sub>2"}
9.1155 + command can be done by expanding its definition; in many cases
9.1156 + @{command "proof"}~@{text "m\<^sub>1"} (or even @{text
9.1157 + "apply"}~@{text "m\<^sub>1"}) is already sufficient to see the
9.1158 + problem.
9.1159 +
9.1160 + \item [``@{command ".."}''] is a \emph{default
9.1161 + proof}\index{proof!default}; it abbreviates @{command "by"}~@{text
9.1162 + "rule"}.
9.1163 +
9.1164 + \item [``@{command "."}''] is a \emph{trivial
9.1165 + proof}\index{proof!trivial}; it abbreviates @{command "by"}~@{text
9.1166 + "this"}.
9.1167 +
9.1168 + \item [@{command "sorry"}] is a \emph{fake proof}\index{proof!fake}
9.1169 + pretending to solve the pending claim without further ado. This
9.1170 + only works in interactive development, or if the @{ML
9.1171 + quick_and_dirty} flag is enabled (in ML). Facts emerging from fake
9.1172 + proofs are not the real thing. Internally, each theorem container
9.1173 + is tainted by an oracle invocation, which is indicated as ``@{text
9.1174 + "[!]"}'' in the printed result.
9.1175 +
9.1176 + The most important application of @{command "sorry"} is to support
9.1177 + experimentation and top-down proof development.
9.1178 +
9.1179 + \end{descr}
9.1180 +*}
9.1181 +
9.1182 +
9.1183 +subsection {* Fundamental methods and attributes \label{sec:pure-meth-att} *}
9.1184 +
9.1185 +text {*
9.1186 + The following proof methods and attributes refer to basic logical
9.1187 + operations of Isar. Further methods and attributes are provided by
9.1188 + several generic and object-logic specific tools and packages (see
9.1189 + \chref{ch:gen-tools} and \chref{ch:logics}).
9.1190 +
9.1191 + \begin{matharray}{rcl}
9.1192 + @{method_def "-"} & : & \isarmeth \\
9.1193 + @{method_def "fact"} & : & \isarmeth \\
9.1194 + @{method_def "assumption"} & : & \isarmeth \\
9.1195 + @{method_def "this"} & : & \isarmeth \\
9.1196 + @{method_def "rule"} & : & \isarmeth \\
9.1197 + @{method_def "iprover"} & : & \isarmeth \\[0.5ex]
9.1198 + @{attribute_def "intro"} & : & \isaratt \\
9.1199 + @{attribute_def "elim"} & : & \isaratt \\
9.1200 + @{attribute_def "dest"} & : & \isaratt \\
9.1201 + @{attribute_def "rule"} & : & \isaratt \\[0.5ex]
9.1202 + @{attribute_def "OF"} & : & \isaratt \\
9.1203 + @{attribute_def "of"} & : & \isaratt \\
9.1204 + @{attribute_def "where"} & : & \isaratt \\
9.1205 + \end{matharray}
9.1206 +
9.1207 + \begin{rail}
9.1208 + 'fact' thmrefs?
9.1209 + ;
9.1210 + 'rule' thmrefs?
9.1211 + ;
9.1212 + 'iprover' ('!' ?) (rulemod *)
9.1213 + ;
9.1214 + rulemod: ('intro' | 'elim' | 'dest') ((('!' | () | '?') nat?) | 'del') ':' thmrefs
9.1215 + ;
9.1216 + ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
9.1217 + ;
9.1218 + 'rule' 'del'
9.1219 + ;
9.1220 + 'OF' thmrefs
9.1221 + ;
9.1222 + 'of' insts ('concl' ':' insts)?
9.1223 + ;
9.1224 + 'where' ((name | var | typefree | typevar) '=' (type | term) * 'and')
9.1225 + ;
9.1226 + \end{rail}
9.1227 +
9.1228 + \begin{descr}
9.1229 +
9.1230 + \item [``@{method "-"}''] does nothing but insert the forward
9.1231 + chaining facts as premises into the goal. Note that command
9.1232 + @{command_ref "proof"} without any method actually performs a single
9.1233 + reduction step using the @{method_ref rule} method; thus a plain
9.1234 + \emph{do-nothing} proof step would be ``@{command "proof"}~@{text
9.1235 + "-"}'' rather than @{command "proof"} alone.
9.1236 +
9.1237 + \item [@{method "fact"}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] composes
9.1238 + some fact from @{text "a\<^sub>1, \<dots>, a\<^sub>n"} (or implicitly from
9.1239 + the current proof context) modulo unification of schematic type and
9.1240 + term variables. The rule structure is not taken into account, i.e.\
9.1241 + meta-level implication is considered atomic. This is the same
9.1242 + principle underlying literal facts (cf.\ \secref{sec:syn-att}):
9.1243 + ``@{command "have"}~@{text "\<phi>"}~@{command "by"}~@{text fact}'' is
9.1244 + equivalent to ``@{command "note"}~@{verbatim "`"}@{text \<phi>}@{verbatim
9.1245 + "`"}'' provided that @{text "\<turnstile> \<phi>"} is an instance of some known
9.1246 + @{text "\<turnstile> \<phi>"} in the proof context.
9.1247 +
9.1248 + \item [@{method assumption}] solves some goal by a single assumption
9.1249 + step. All given facts are guaranteed to participate in the
9.1250 + refinement; this means there may be only 0 or 1 in the first place.
9.1251 + Recall that @{command "qed"} (\secref{sec:proof-steps}) already
9.1252 + concludes any remaining sub-goals by assumption, so structured
9.1253 + proofs usually need not quote the @{method assumption} method at
9.1254 + all.
9.1255 +
9.1256 + \item [@{method this}] applies all of the current facts directly as
9.1257 + rules. Recall that ``@{command "."}'' (dot) abbreviates ``@{command
9.1258 + "by"}~@{text this}''.
9.1259 +
9.1260 + \item [@{method rule}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] applies some
9.1261 + rule given as argument in backward manner; facts are used to reduce
9.1262 + the rule before applying it to the goal. Thus @{method rule}
9.1263 + without facts is plain introduction, while with facts it becomes
9.1264 + elimination.
9.1265 +
9.1266 + When no arguments are given, the @{method rule} method tries to pick
9.1267 + appropriate rules automatically, as declared in the current context
9.1268 + using the @{attribute intro}, @{attribute elim}, @{attribute dest}
9.1269 + attributes (see below). This is the default behavior of @{command
9.1270 + "proof"} and ``@{command ".."}'' (double-dot) steps (see
9.1271 + \secref{sec:proof-steps}).
9.1272 +
9.1273 + \item [@{method iprover}] performs intuitionistic proof search,
9.1274 + depending on specifically declared rules from the context, or given
9.1275 + as explicit arguments. Chained facts are inserted into the goal
9.1276 + before commencing proof search; ``@{method iprover}@{text "!"}''
9.1277 + means to include the current @{fact prems} as well.
9.1278 +
9.1279 + Rules need to be classified as @{attribute intro}, @{attribute
9.1280 + elim}, or @{attribute dest}; here the ``@{text "!"} indicator refers
9.1281 + to ``safe'' rules, which may be applied aggressively (without
9.1282 + considering back-tracking later). Rules declared with ``@{text
9.1283 + "?"}'' are ignored in proof search (the single-step @{method rule}
9.1284 + method still observes these). An explicit weight annotation may be
9.1285 + given as well; otherwise the number of rule premises will be taken
9.1286 + into account here.
9.1287 +
9.1288 + \item [@{attribute intro}, @{attribute elim}, and @{attribute dest}]
9.1289 + declare introduction, elimination, and destruct rules, to be used
9.1290 + with the @{method rule} and @{method iprover} methods. Note that
9.1291 + the latter will ignore rules declared with ``@{text "?"}'', while
9.1292 + ``@{text "!"}'' are used most aggressively.
9.1293 +
9.1294 + The classical reasoner (see \secref{sec:classical}) introduces its
9.1295 + own variants of these attributes; use qualified names to access the
9.1296 + present versions of Isabelle/Pure, i.e.\ @{attribute "Pure.intro"}.
9.1297 +
9.1298 + \item [@{attribute rule}~@{text del}] undeclares introduction,
9.1299 + elimination, or destruct rules.
9.1300 +
9.1301 + \item [@{attribute OF}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] applies some
9.1302 + theorem to all of the given rules @{text "a\<^sub>1, \<dots>, a\<^sub>n"}
9.1303 + (in parallel). This corresponds to the @{ML "op MRS"} operation in
9.1304 + ML, but note the reversed order. Positions may be effectively
9.1305 + skipped by including ``@{verbatim _}'' (underscore) as argument.
9.1306 +
9.1307 + \item [@{attribute of}~@{text "t\<^sub>1 \<dots> t\<^sub>n"}] performs
9.1308 + positional instantiation of term variables. The terms @{text
9.1309 + "t\<^sub>1, \<dots>, t\<^sub>n"} are substituted for any schematic
9.1310 + variables occurring in a theorem from left to right; ``@{verbatim
9.1311 + _}'' (underscore) indicates to skip a position. Arguments following
9.1312 + a ``@{keyword "concl"}@{text ":"}'' specification refer to positions
9.1313 + of the conclusion of a rule.
9.1314 +
9.1315 + \item [@{attribute "where"}~@{text "x\<^sub>1 = t\<^sub>1 \<AND> \<dots>
9.1316 + \<AND> x\<^sub>n = t\<^sub>n"}] performs named instantiation of
9.1317 + schematic type and term variables occurring in a theorem. Schematic
9.1318 + variables have to be specified on the left-hand side (e.g.\ @{text
9.1319 + "?x1.3"}). The question mark may be omitted if the variable name is
9.1320 + a plain identifier without index. As type instantiations are
9.1321 + inferred from term instantiations, explicit type instantiations are
9.1322 + seldom necessary.
9.1323 +
9.1324 + \end{descr}
9.1325 +*}
9.1326 +
9.1327 +
9.1328 +subsection {* Term abbreviations \label{sec:term-abbrev} *}
9.1329 +
9.1330 +text {*
9.1331 + \begin{matharray}{rcl}
9.1332 + @{command_def "let"} & : & \isartrans{proof(state)}{proof(state)} \\
9.1333 + @{keyword_def "is"} & : & syntax \\
9.1334 + \end{matharray}
9.1335 +
9.1336 + Abbreviations may be either bound by explicit @{command "let"}@{text
9.1337 + "p \<equiv> t"} statements, or by annotating assumptions or goal statements
9.1338 + with a list of patterns ``@{text "\<IS> p\<^sub>1 \<dots> p\<^sub>n"}''.
9.1339 + In both cases, higher-order matching is invoked to bind
9.1340 + extra-logical term variables, which may be either named schematic
9.1341 + variables of the form @{text ?x}, or nameless dummies ``@{variable
9.1342 + _}'' (underscore). Note that in the @{command "let"} form the
9.1343 + patterns occur on the left-hand side, while the @{keyword "is"}
9.1344 + patterns are in postfix position.
9.1345 +
9.1346 + Polymorphism of term bindings is handled in Hindley-Milner style,
9.1347 + similar to ML. Type variables referring to local assumptions or
9.1348 + open goal statements are \emph{fixed}, while those of finished
9.1349 + results or bound by @{command "let"} may occur in \emph{arbitrary}
9.1350 + instances later. Even though actual polymorphism should be rarely
9.1351 + used in practice, this mechanism is essential to achieve proper
9.1352 + incremental type-inference, as the user proceeds to build up the
9.1353 + Isar proof text from left to right.
9.1354 +
9.1355 + \medskip Term abbreviations are quite different from local
9.1356 + definitions as introduced via @{command "def"} (see
9.1357 + \secref{sec:proof-context}). The latter are visible within the
9.1358 + logic as actual equations, while abbreviations disappear during the
9.1359 + input process just after type checking. Also note that @{command
9.1360 + "def"} does not support polymorphism.
9.1361 +
9.1362 + \begin{rail}
9.1363 + 'let' ((term + 'and') '=' term + 'and')
9.1364 + ;
9.1365 + \end{rail}
9.1366 +
9.1367 + The syntax of @{keyword "is"} patterns follows \railnonterm{termpat}
9.1368 + or \railnonterm{proppat} (see \secref{sec:term-decls}).
9.1369 +
9.1370 + \begin{descr}
9.1371 +
9.1372 + \item [@{command "let"}~@{text "p\<^sub>1 = t\<^sub>1 \<AND>
9.1373 + \<dots>p\<^sub>n = t\<^sub>n"}] binds any text variables in patterns
9.1374 + @{text "p\<^sub>1, \<dots>, p\<^sub>n"} by simultaneous higher-order
9.1375 + matching against terms @{text "t\<^sub>1, \<dots>, t\<^sub>n"}.
9.1376 +
9.1377 + \item [@{text "(\<IS> p\<^sub>1 \<dots> p\<^sub>n)"}] resembles @{command
9.1378 + "let"}, but matches @{text "p\<^sub>1, \<dots>, p\<^sub>n"} against the
9.1379 + preceding statement. Also note that @{keyword "is"} is not a
9.1380 + separate command, but part of others (such as @{command "assume"},
9.1381 + @{command "have"} etc.).
9.1382 +
9.1383 + \end{descr}
9.1384 +
9.1385 + Some \emph{implicit} term abbreviations\index{term abbreviations}
9.1386 + for goals and facts are available as well. For any open goal,
9.1387 + @{variable_ref thesis} refers to its object-level statement,
9.1388 + abstracted over any meta-level parameters (if present). Likewise,
9.1389 + @{variable_ref this} is bound for fact statements resulting from
9.1390 + assumptions or finished goals. In case @{variable this} refers to
9.1391 + an object-logic statement that is an application @{text "f t"}, then
9.1392 + @{text t} is bound to the special text variable ``@{variable "\<dots>"}''
9.1393 + (three dots). The canonical application of this convenience are
9.1394 + calculational proofs (see \secref{sec:calculation}).
9.1395 +*}
9.1396 +
9.1397 +
9.1398 +subsection {* Block structure *}
9.1399 +
9.1400 +text {*
9.1401 + \begin{matharray}{rcl}
9.1402 + @{command_def "next"} & : & \isartrans{proof(state)}{proof(state)} \\
9.1403 + @{command_def "{"} & : & \isartrans{proof(state)}{proof(state)} \\
9.1404 + @{command_def "}"} & : & \isartrans{proof(state)}{proof(state)} \\
9.1405 + \end{matharray}
9.1406 +
9.1407 + While Isar is inherently block-structured, opening and closing
9.1408 + blocks is mostly handled rather casually, with little explicit
9.1409 + user-intervention. Any local goal statement automatically opens
9.1410 + \emph{two} internal blocks, which are closed again when concluding
9.1411 + the sub-proof (by @{command "qed"} etc.). Sections of different
9.1412 + context within a sub-proof may be switched via @{command "next"},
9.1413 + which is just a single block-close followed by block-open again.
9.1414 + The effect of @{command "next"} is to reset the local proof context;
9.1415 + there is no goal focus involved here!
9.1416 +
9.1417 + For slightly more advanced applications, there are explicit block
9.1418 + parentheses as well. These typically achieve a stronger forward
9.1419 + style of reasoning.
9.1420 +
9.1421 + \begin{descr}
9.1422 +
9.1423 + \item [@{command "next"}] switches to a fresh block within a
9.1424 + sub-proof, resetting the local context to the initial one.
9.1425 +
9.1426 + \item [@{command "{"} and @{command "}"}] explicitly open and close
9.1427 + blocks. Any current facts pass through ``@{command "{"}''
9.1428 + unchanged, while ``@{command "}"}'' causes any result to be
9.1429 + \emph{exported} into the enclosing context. Thus fixed variables
9.1430 + are generalized, assumptions discharged, and local definitions
9.1431 + unfolded (cf.\ \secref{sec:proof-context}). There is no difference
9.1432 + of @{command "assume"} and @{command "presume"} in this mode of
9.1433 + forward reasoning --- in contrast to plain backward reasoning with
9.1434 + the result exported at @{command "show"} time.
9.1435 +
9.1436 + \end{descr}
9.1437 +*}
9.1438 +
9.1439 +
9.1440 +subsection {* Emulating tactic scripts \label{sec:tactic-commands} *}
9.1441 +
9.1442 +text {*
9.1443 + The Isar provides separate commands to accommodate tactic-style
9.1444 + proof scripts within the same system. While being outside the
9.1445 + orthodox Isar proof language, these might come in handy for
9.1446 + interactive exploration and debugging, or even actual tactical proof
9.1447 + within new-style theories (to benefit from document preparation, for
9.1448 + example). See also \secref{sec:tactics} for actual tactics, that
9.1449 + have been encapsulated as proof methods. Proper proof methods may
9.1450 + be used in scripts, too.
9.1451 +
9.1452 + \begin{matharray}{rcl}
9.1453 + @{command_def "apply"}^* & : & \isartrans{proof(prove)}{proof(prove)} \\
9.1454 + @{command_def "apply_end"}^* & : & \isartrans{proof(state)}{proof(state)} \\
9.1455 + @{command_def "done"}^* & : & \isartrans{proof(prove)}{proof(state)} \\
9.1456 + @{command_def "defer"}^* & : & \isartrans{proof}{proof} \\
9.1457 + @{command_def "prefer"}^* & : & \isartrans{proof}{proof} \\
9.1458 + @{command_def "back"}^* & : & \isartrans{proof}{proof} \\
9.1459 + \end{matharray}
9.1460 +
9.1461 + \begin{rail}
9.1462 + ( 'apply' | 'apply\_end' ) method
9.1463 + ;
9.1464 + 'defer' nat?
9.1465 + ;
9.1466 + 'prefer' nat
9.1467 + ;
9.1468 + \end{rail}
9.1469 +
9.1470 + \begin{descr}
9.1471 +
9.1472 + \item [@{command "apply"}~@{text m}] applies proof method @{text m}
9.1473 + in initial position, but unlike @{command "proof"} it retains
9.1474 + ``@{text "proof(prove)"}'' mode. Thus consecutive method
9.1475 + applications may be given just as in tactic scripts.
9.1476 +
9.1477 + Facts are passed to @{text m} as indicated by the goal's
9.1478 + forward-chain mode, and are \emph{consumed} afterwards. Thus any
9.1479 + further @{command "apply"} command would always work in a purely
9.1480 + backward manner.
9.1481 +
9.1482 + \item [@{command "apply_end"}~@{text "m"}] applies proof method
9.1483 + @{text m} as if in terminal position. Basically, this simulates a
9.1484 + multi-step tactic script for @{command "qed"}, but may be given
9.1485 + anywhere within the proof body.
9.1486 +
9.1487 + No facts are passed to @{method m} here. Furthermore, the static
9.1488 + context is that of the enclosing goal (as for actual @{command
9.1489 + "qed"}). Thus the proof method may not refer to any assumptions
9.1490 + introduced in the current body, for example.
9.1491 +
9.1492 + \item [@{command "done"}] completes a proof script, provided that
9.1493 + the current goal state is solved completely. Note that actual
9.1494 + structured proof commands (e.g.\ ``@{command "."}'' or @{command
9.1495 + "sorry"}) may be used to conclude proof scripts as well.
9.1496 +
9.1497 + \item [@{command "defer"}~@{text n} and @{command "prefer"}~@{text
9.1498 + n}] shuffle the list of pending goals: @{command "defer"} puts off
9.1499 + sub-goal @{text n} to the end of the list (@{text "n = 1"} by
9.1500 + default), while @{command "prefer"} brings sub-goal @{text n} to the
9.1501 + front.
9.1502 +
9.1503 + \item [@{command "back"}] does back-tracking over the result
9.1504 + sequence of the latest proof command. Basically, any proof command
9.1505 + may return multiple results.
9.1506 +
9.1507 + \end{descr}
9.1508 +
9.1509 + Any proper Isar proof method may be used with tactic script commands
9.1510 + such as @{command "apply"}. A few additional emulations of actual
9.1511 + tactics are provided as well; these would be never used in actual
9.1512 + structured proofs, of course.
9.1513 +*}
9.1514 +
9.1515 +
9.1516 +subsection {* Meta-linguistic features *}
9.1517 +
9.1518 +text {*
9.1519 + \begin{matharray}{rcl}
9.1520 + @{command_def "oops"} & : & \isartrans{proof}{theory} \\
9.1521 + \end{matharray}
9.1522 +
9.1523 + The @{command "oops"} command discontinues the current proof
9.1524 + attempt, while considering the partial proof text as properly
9.1525 + processed. This is conceptually quite different from ``faking''
9.1526 + actual proofs via @{command_ref "sorry"} (see
9.1527 + \secref{sec:proof-steps}): @{command "oops"} does not observe the
9.1528 + proof structure at all, but goes back right to the theory level.
9.1529 + Furthermore, @{command "oops"} does not produce any result theorem
9.1530 + --- there is no intended claim to be able to complete the proof
9.1531 + anyhow.
9.1532 +
9.1533 + A typical application of @{command "oops"} is to explain Isar proofs
9.1534 + \emph{within} the system itself, in conjunction with the document
9.1535 + preparation tools of Isabelle described in \cite{isabelle-sys}.
9.1536 + Thus partial or even wrong proof attempts can be discussed in a
9.1537 + logically sound manner. Note that the Isabelle {\LaTeX} macros can
9.1538 + be easily adapted to print something like ``@{text "\<dots>"}'' instead of
9.1539 + the keyword ``@{command "oops"}''.
9.1540 +
9.1541 + \medskip The @{command "oops"} command is undo-able, unlike
9.1542 + @{command_ref "kill"} (see \secref{sec:history}). The effect is to
9.1543 + get back to the theory just before the opening of the proof.
9.1544 +*}
9.1545 +
9.1546 +
9.1547 +section {* Other commands *}
9.1548 +
9.1549 +subsection {* Diagnostics *}
9.1550 +
9.1551 +text {*
9.1552 + \begin{matharray}{rcl}
9.1553 + \isarcmd{pr}^* & : & \isarkeep{\cdot} \\
9.1554 + \isarcmd{thm}^* & : & \isarkeep{theory~|~proof} \\
9.1555 + \isarcmd{term}^* & : & \isarkeep{theory~|~proof} \\
9.1556 + \isarcmd{prop}^* & : & \isarkeep{theory~|~proof} \\
9.1557 + \isarcmd{typ}^* & : & \isarkeep{theory~|~proof} \\
9.1558 + \isarcmd{prf}^* & : & \isarkeep{theory~|~proof} \\
9.1559 + \isarcmd{full_prf}^* & : & \isarkeep{theory~|~proof} \\
9.1560 + \end{matharray}
9.1561 +
9.1562 + These diagnostic commands assist interactive development. Note that
9.1563 + @{command undo} does not apply here, the theory or proof
9.1564 + configuration is not changed.
9.1565 +
9.1566 + \begin{rail}
9.1567 + 'pr' modes? nat? (',' nat)?
9.1568 + ;
9.1569 + 'thm' modes? thmrefs
9.1570 + ;
9.1571 + 'term' modes? term
9.1572 + ;
9.1573 + 'prop' modes? prop
9.1574 + ;
9.1575 + 'typ' modes? type
9.1576 + ;
9.1577 + 'prf' modes? thmrefs?
9.1578 + ;
9.1579 + 'full\_prf' modes? thmrefs?
9.1580 + ;
9.1581 +
9.1582 + modes: '(' (name + ) ')'
9.1583 + ;
9.1584 + \end{rail}
9.1585 +
9.1586 + \begin{descr}
9.1587 +
9.1588 + \item [@{command "pr"}~@{text "goals, prems"}] prints the current
9.1589 + proof state (if present), including the proof context, current facts
9.1590 + and goals. The optional limit arguments affect the number of goals
9.1591 + and premises to be displayed, which is initially 10 for both.
9.1592 + Omitting limit values leaves the current setting unchanged.
9.1593 +
9.1594 + \item [@{command "thm"}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}] retrieves
9.1595 + theorems from the current theory or proof context. Note that any
9.1596 + attributes included in the theorem specifications are applied to a
9.1597 + temporary context derived from the current theory or proof; the
9.1598 + result is discarded, i.e.\ attributes involved in @{text "a\<^sub>1,
9.1599 + \<dots>, a\<^sub>n"} do not have any permanent effect.
9.1600 +
9.1601 + \item [@{command "term"}~@{text t} and @{command "prop"}~@{text \<phi>}]
9.1602 + read, type-check and print terms or propositions according to the
9.1603 + current theory or proof context; the inferred type of @{text t} is
9.1604 + output as well. Note that these commands are also useful in
9.1605 + inspecting the current environment of term abbreviations.
9.1606 +
9.1607 + \item [@{command "typ"}~@{text \<tau>}] reads and prints types of the
9.1608 + meta-logic according to the current theory or proof context.
9.1609 +
9.1610 + \item [@{command "prf"}] displays the (compact) proof term of the
9.1611 + current proof state (if present), or of the given theorems. Note
9.1612 + that this requires proof terms to be switched on for the current
9.1613 + object logic (see the ``Proof terms'' section of the Isabelle
9.1614 + reference manual for information on how to do this).
9.1615 +
9.1616 + \item [@{command "full_prf"}] is like @{command "prf"}, but displays
9.1617 + the full proof term, i.e.\ also displays information omitted in the
9.1618 + compact proof term, which is denoted by ``@{verbatim _}''
9.1619 + placeholders there.
9.1620 +
9.1621 + \end{descr}
9.1622 +
9.1623 + All of the diagnostic commands above admit a list of @{text modes}
9.1624 + to be specified, which is appended to the current print mode (see
9.1625 + also \cite{isabelle-ref}). Thus the output behavior may be modified
9.1626 + according particular print mode features. For example, @{command
9.1627 + "pr"}~@{text "(latex xsymbols symbols)"} would print the current
9.1628 + proof state with mathematical symbols and special characters
9.1629 + represented in {\LaTeX} source, according to the Isabelle style
9.1630 + \cite{isabelle-sys}.
9.1631 +
9.1632 + Note that antiquotations (cf.\ \secref{sec:antiq}) provide a more
9.1633 + systematic way to include formal items into the printed text
9.1634 + document.
9.1635 +*}
9.1636 +
9.1637 +
9.1638 +subsection {* Inspecting the context *}
9.1639 +
9.1640 +text {*
9.1641 + \begin{matharray}{rcl}
9.1642 + @{command_def "print_commands"}^* & : & \isarkeep{\cdot} \\
9.1643 + @{command_def "print_theory"}^* & : & \isarkeep{theory~|~proof} \\
9.1644 + @{command_def "print_syntax"}^* & : & \isarkeep{theory~|~proof} \\
9.1645 + @{command_def "print_methods"}^* & : & \isarkeep{theory~|~proof} \\
9.1646 + @{command_def "print_attributes"}^* & : & \isarkeep{theory~|~proof} \\
9.1647 + @{command_def "print_theorems"}^* & : & \isarkeep{theory~|~proof} \\
9.1648 + @{command_def "find_theorems"}^* & : & \isarkeep{theory~|~proof} \\
9.1649 + @{command_def "thms_deps"}^* & : & \isarkeep{theory~|~proof} \\
9.1650 + @{command_def "print_facts"}^* & : & \isarkeep{proof} \\
9.1651 + @{command_def "print_binds"}^* & : & \isarkeep{proof} \\
9.1652 + \end{matharray}
9.1653 +
9.1654 + \begin{rail}
9.1655 + 'print\_theory' ( '!'?)
9.1656 + ;
9.1657 +
9.1658 + 'find\_theorems' (('(' (nat)? ('with\_dups')? ')')?) (criterion *)
9.1659 + ;
9.1660 + criterion: ('-'?) ('name' ':' nameref | 'intro' | 'elim' | 'dest' |
9.1661 + 'simp' ':' term | term)
9.1662 + ;
9.1663 + 'thm\_deps' thmrefs
9.1664 + ;
9.1665 + \end{rail}
9.1666 +
9.1667 + These commands print certain parts of the theory and proof context.
9.1668 + Note that there are some further ones available, such as for the set
9.1669 + of rules declared for simplifications.
9.1670 +
9.1671 + \begin{descr}
9.1672 +
9.1673 + \item [@{command "print_commands"}] prints Isabelle's outer theory
9.1674 + syntax, including keywords and command.
9.1675 +
9.1676 + \item [@{command "print_theory"}] prints the main logical content of
9.1677 + the theory context; the ``@{text "!"}'' option indicates extra
9.1678 + verbosity.
9.1679 +
9.1680 + \item [@{command "print_syntax"}] prints the inner syntax of types
9.1681 + and terms, depending on the current context. The output can be very
9.1682 + verbose, including grammar tables and syntax translation rules. See
9.1683 + \cite[\S7, \S8]{isabelle-ref} for further information on Isabelle's
9.1684 + inner syntax.
9.1685 +
9.1686 + \item [@{command "print_methods"}] prints all proof methods
9.1687 + available in the current theory context.
9.1688 +
9.1689 + \item [@{command "print_attributes"}] prints all attributes
9.1690 + available in the current theory context.
9.1691 +
9.1692 + \item [@{command "print_theorems"}] prints theorems resulting from
9.1693 + the last command.
9.1694 +
9.1695 + \item [@{command "find_theorems"}~@{text criteria}] retrieves facts
9.1696 + from the theory or proof context matching all of given search
9.1697 + criteria. The criterion @{text "name: p"} selects all theorems
9.1698 + whose fully qualified name matches pattern @{text p}, which may
9.1699 + contain ``@{text "*"}'' wildcards. The criteria @{text intro},
9.1700 + @{text elim}, and @{text dest} select theorems that match the
9.1701 + current goal as introduction, elimination or destruction rules,
9.1702 + respectively. The criterion @{text "simp: t"} selects all rewrite
9.1703 + rules whose left-hand side matches the given term. The criterion
9.1704 + term @{text t} selects all theorems that contain the pattern @{text
9.1705 + t} -- as usual, patterns may contain occurrences of the dummy
9.1706 + ``@{verbatim _}'', schematic variables, and type constraints.
9.1707 +
9.1708 + Criteria can be preceded by ``@{text "-"}'' to select theorems that
9.1709 + do \emph{not} match. Note that giving the empty list of criteria
9.1710 + yields \emph{all} currently known facts. An optional limit for the
9.1711 + number of printed facts may be given; the default is 40. By
9.1712 + default, duplicates are removed from the search result. Use
9.1713 + @{keyword "with_dups"} to display duplicates.
9.1714 +
9.1715 + \item [@{command "thm_deps"}~@{text "a\<^sub>1 \<dots> a\<^sub>n"}]
9.1716 + visualizes dependencies of facts, using Isabelle's graph browser
9.1717 + tool (see also \cite{isabelle-sys}).
9.1718 +
9.1719 + \item [@{command "print_facts"}] prints all local facts of the
9.1720 + current context, both named and unnamed ones.
9.1721 +
9.1722 + \item [@{command "print_binds"}] prints all term abbreviations
9.1723 + present in the context.
9.1724 +
9.1725 + \end{descr}
9.1726 +*}
9.1727 +
9.1728 +
9.1729 +subsection {* History commands \label{sec:history} *}
9.1730 +
9.1731 +text {*
9.1732 + \begin{matharray}{rcl}
9.1733 + @{command_def "undo"}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
9.1734 + @{command_def "redo"}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
9.1735 + @{command_def "kill"}^{{ * }{ * }} & : & \isarkeep{\cdot} \\
9.1736 + \end{matharray}
9.1737 +
9.1738 + The Isabelle/Isar top-level maintains a two-stage history, for
9.1739 + theory and proof state transformation. Basically, any command can
9.1740 + be undone using @{command "undo"}, excluding mere diagnostic
9.1741 + elements. Its effect may be revoked via @{command "redo"}, unless
9.1742 + the corresponding @{command "undo"} step has crossed the beginning
9.1743 + of a proof or theory. The @{command "kill"} command aborts the
9.1744 + current history node altogether, discontinuing a proof or even the
9.1745 + whole theory. This operation is \emph{not} undo-able.
9.1746 +
9.1747 + \begin{warn}
9.1748 + History commands should never be used with user interfaces such as
9.1749 + Proof~General \cite{proofgeneral,Aspinall:TACAS:2000}, which takes
9.1750 + care of stepping forth and back itself. Interfering by manual
9.1751 + @{command "undo"}, @{command "redo"}, or even @{command "kill"}
9.1752 + commands would quickly result in utter confusion.
9.1753 + \end{warn}
9.1754 +*}
9.1755 +
9.1756 +
9.1757 +subsection {* System operations *}
9.1758 +
9.1759 +text {*
9.1760 + \begin{matharray}{rcl}
9.1761 + @{command_def "cd"}^* & : & \isarkeep{\cdot} \\
9.1762 + @{command_def "pwd"}^* & : & \isarkeep{\cdot} \\
9.1763 + @{command_def "use_thy"}^* & : & \isarkeep{\cdot} \\
9.1764 + @{command_def "display_drafts"}^* & : & \isarkeep{\cdot} \\
9.1765 + @{command_def "print_drafts"}^* & : & \isarkeep{\cdot} \\
9.1766 + \end{matharray}
9.1767 +
9.1768 + \begin{rail}
9.1769 + ('cd' | 'use\_thy' | 'update\_thy') name
9.1770 + ;
9.1771 + ('display\_drafts' | 'print\_drafts') (name +)
9.1772 + ;
9.1773 + \end{rail}
9.1774 +
9.1775 + \begin{descr}
9.1776 +
9.1777 + \item [@{command "cd"}~@{text path}] changes the current directory
9.1778 + of the Isabelle process.
9.1779 +
9.1780 + \item [@{command "pwd"}] prints the current working directory.
9.1781 +
9.1782 + \item [@{command "use_thy"}~@{text A}] preload theory @{text A}.
9.1783 + These system commands are scarcely used when working interactively,
9.1784 + since loading of theories is done automatically as required.
9.1785 +
9.1786 + \item [@{command "display_drafts"}~@{text paths} and @{command
9.1787 + "print_drafts"}~@{text paths}] perform simple output of a given list
9.1788 + of raw source files. Only those symbols that do not require
9.1789 + additional {\LaTeX} packages are displayed properly, everything else
9.1790 + is left verbatim.
9.1791 +
9.1792 + \end{descr}
9.1793 +*}
9.1794 +
9.1795 +end
10.1 --- a/doc-src/IsarRef/Thy/syntax.thy Fri May 02 16:32:51 2008 +0200
10.2 +++ b/doc-src/IsarRef/Thy/syntax.thy Fri May 02 16:36:05 2008 +0200
10.3 @@ -1,3 +1,4 @@
10.4 +(* $Id$ *)
10.5
10.6 theory "syntax"
10.7 imports CPure
11.1 --- a/doc-src/IsarRef/isar-ref.tex Fri May 02 16:32:51 2008 +0200
11.2 +++ b/doc-src/IsarRef/isar-ref.tex Fri May 02 16:36:05 2008 +0200
11.3 @@ -71,7 +71,7 @@
11.4 \input{Thy/document/intro.tex}
11.5 \input{basics.tex}
11.6 \input{Thy/document/syntax.tex}
11.7 -\input{pure.tex}
11.8 +\input{Thy/document/pure.tex}
11.9 \input{generic.tex}
11.10 \input{logics.tex}
11.11
12.1 --- a/doc-src/IsarRef/pure.tex Fri May 02 16:32:51 2008 +0200
12.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
12.3 @@ -1,1636 +0,0 @@
12.4 -
12.5 -\chapter{Basic language elements}\label{ch:pure-syntax}
12.6 -
12.7 -Subsequently, we introduce the main part of Pure theory and proof commands,
12.8 -together with fundamental proof methods and attributes.
12.9 -Chapter~\ref{ch:gen-tools} describes further Isar elements provided by generic
12.10 -tools and packages (such as the Simplifier) that are either part of Pure
12.11 -Isabelle or pre-installed in most object logics. Chapter~\ref{ch:logics}
12.12 -refers to object-logic specific elements (mainly for HOL and ZF).
12.13 -
12.14 -\medskip
12.15 -
12.16 -Isar commands may be either \emph{proper} document constructors, or
12.17 -\emph{improper commands}. Some proof methods and attributes introduced later
12.18 -are classified as improper as well. Improper Isar language elements, which
12.19 -are subsequently marked by ``$^*$'', are often helpful when developing proof
12.20 -documents, while their use is discouraged for the final human-readable
12.21 -outcome. Typical examples are diagnostic commands that print terms or
12.22 -theorems according to the current context; other commands emulate old-style
12.23 -tactical theorem proving.
12.24 -
12.25 -
12.26 -\section{Theory commands}
12.27 -
12.28 -\subsection{Defining theories}\label{sec:begin-thy}
12.29 -
12.30 -\indexisarcmd{header}\indexisarcmd{theory}\indexisarcmd{end}
12.31 -\begin{matharray}{rcl}
12.32 - \isarcmd{header} & : & \isarkeep{toplevel} \\
12.33 - \isarcmd{theory} & : & \isartrans{toplevel}{theory} \\
12.34 - \isarcmd{end} & : & \isartrans{theory}{toplevel} \\
12.35 -\end{matharray}
12.36 -
12.37 -Isabelle/Isar ``new-style'' theories are either defined via theory files or
12.38 -interactively. Both theory-level specifications and proofs are handled
12.39 -uniformly --- occasionally definitional mechanisms even require some explicit
12.40 -proof as well. In contrast, ``old-style'' Isabelle theories support batch
12.41 -processing only, with the proof scripts collected in separate ML files.
12.42 -
12.43 -The first ``real'' command of any theory has to be $\THEORY$, which
12.44 -starts a new theory based on the merge of existing ones. Just
12.45 -preceding $\THEORY$, there may be an optional $\isarkeyword{header}$
12.46 -declaration, which is relevant to document preparation only; it acts
12.47 -very much like a special pre-theory markup command (cf.\
12.48 -\S\ref{sec:markup-thy} and \S\ref{sec:markup-thy}). The $\END$
12.49 -command concludes a theory development; it has to be the very last
12.50 -command of any theory file loaded in batch-mode.
12.51 -
12.52 -\begin{rail}
12.53 - 'header' text
12.54 - ;
12.55 - 'theory' name 'imports' (name +) uses? 'begin'
12.56 - ;
12.57 -
12.58 - uses: 'uses' ((name | parname) +);
12.59 -\end{rail}
12.60 -
12.61 -\begin{descr}
12.62 -\item [$\isarkeyword{header}~text$] provides plain text markup just preceding
12.63 - the formal beginning of a theory. In actual document preparation the
12.64 - corresponding {\LaTeX} macro \verb,\isamarkupheader, may be redefined to
12.65 - produce chapter or section headings. See also \S\ref{sec:markup-thy} and
12.66 - \S\ref{sec:markup-prf} for further markup commands.
12.67 -
12.68 -\item [$\THEORY~A~\isarkeyword{imports}~B@1~\ldots~B@n~\isarkeyword{begin}$]
12.69 - starts a new theory $A$ based on the merge of existing theories $B@1, \dots,
12.70 - B@n$.
12.71 -
12.72 - Due to inclusion of several ancestors, the overall theory structure emerging
12.73 - in an Isabelle session forms a directed acyclic graph (DAG). Isabelle's
12.74 - theory loader ensures that the sources contributing to the development graph
12.75 - are always up-to-date. Changed files are automatically reloaded when
12.76 - processing theory headers interactively; batch-mode explicitly distinguishes
12.77 - \verb,update_thy, from \verb,use_thy,, see also \cite{isabelle-ref}.
12.78 -
12.79 - The optional $\isarkeyword{uses}$ specification declares additional
12.80 - dependencies on ML files. Files will be loaded immediately, unless the name
12.81 - is put in parentheses, which merely documents the dependency to be resolved
12.82 - later in the text (typically via explicit $\isarcmd{use}$ in the body text,
12.83 - see \S\ref{sec:ML}). In reminiscence of the old-style theory system of
12.84 - Isabelle, \texttt{$A$.thy} may be also accompanied by an additional file
12.85 - \texttt{$A$.ML} consisting of ML code that is executed in the context of the
12.86 - \emph{finished} theory $A$. That file should not be included in the
12.87 - $\isarkeyword{uses}$ dependency declaration, though.
12.88 -
12.89 -\item [$\END$] concludes the current theory definition or context switch.
12.90 - Note that this command cannot be undone, but the whole theory definition has
12.91 - to be retracted.
12.92 -
12.93 -\end{descr}
12.94 -
12.95 -
12.96 -\subsection{Markup commands}\label{sec:markup-thy}
12.97 -
12.98 -\indexisarcmd{chapter}\indexisarcmd{section}\indexisarcmd{subsection}
12.99 -\indexisarcmd{subsubsection}\indexisarcmd{text}\indexisarcmd{text-raw}
12.100 -\begin{matharray}{rcl}
12.101 - \isarcmd{chapter} & : & \isarkeep{local{\dsh}theory} \\
12.102 - \isarcmd{section} & : & \isarkeep{local{\dsh}theory} \\
12.103 - \isarcmd{subsection} & : & \isarkeep{local{\dsh}theory} \\
12.104 - \isarcmd{subsubsection} & : & \isarkeep{local{\dsh}theory} \\
12.105 - \isarcmd{text} & : & \isarkeep{local{\dsh}theory} \\
12.106 - \isarcmd{text_raw} & : & \isarkeep{local{\dsh}theory} \\
12.107 -\end{matharray}
12.108 -
12.109 -Apart from formal comments (see \S\ref{sec:comments}), markup commands provide
12.110 -a structured way to insert text into the document generated from a theory (see
12.111 -\cite{isabelle-sys} for more information on Isabelle's document preparation
12.112 -tools).
12.113 -
12.114 -\begin{rail}
12.115 - ('chapter' | 'section' | 'subsection' | 'subsubsection' | 'text') target? text
12.116 - ;
12.117 - 'text\_raw' text
12.118 - ;
12.119 -\end{rail}
12.120 -
12.121 -\begin{descr}
12.122 -\item [$\isarkeyword{chapter}$, $\isarkeyword{section}$,
12.123 - $\isarkeyword{subsection}$, and $\isarkeyword{subsubsection}$] mark chapter
12.124 - and section headings.
12.125 -\item [$\TEXT$] specifies paragraphs of plain text.
12.126 -\item [$\isarkeyword{text_raw}$] inserts {\LaTeX} source into the output,
12.127 - without additional markup. Thus the full range of document manipulations
12.128 - becomes available.
12.129 -\end{descr}
12.130 -
12.131 -The $text$ argument of these markup commands (except for
12.132 -$\isarkeyword{text_raw}$) may contain references to formal entities
12.133 -(``antiquotations'', see also \S\ref{sec:antiq}). These are
12.134 -interpreted in the present theory context, or the specified $target$.
12.135 -
12.136 -Any of these markup elements corresponds to a {\LaTeX} command with the name
12.137 -prefixed by \verb,\isamarkup,. For the sectioning commands this is a plain
12.138 -macro with a single argument, e.g.\ \verb,\isamarkupchapter{,\dots\verb,}, for
12.139 -$\isarkeyword{chapter}$. The $\isarkeyword{text}$ markup results in a
12.140 -{\LaTeX} environment \verb,\begin{isamarkuptext}, {\dots}
12.141 - \verb,\end{isamarkuptext},, while $\isarkeyword{text_raw}$ causes the text
12.142 -to be inserted directly into the {\LaTeX} source.
12.143 -
12.144 -\medskip
12.145 -
12.146 -Additional markup commands are available for proofs (see
12.147 -\S\ref{sec:markup-prf}). Also note that the $\isarkeyword{header}$
12.148 -declaration (see \S\ref{sec:begin-thy}) admits to insert section markup just
12.149 -preceding the actual theory definition.
12.150 -
12.151 -
12.152 -\subsection{Type classes and sorts}\label{sec:classes}
12.153 -
12.154 -\indexisarcmd{classes}\indexisarcmd{classrel}\indexisarcmd{defaultsort}
12.155 -\indexisarcmd{class-deps}
12.156 -\begin{matharray}{rcll}
12.157 - \isarcmd{classes} & : & \isartrans{theory}{theory} \\
12.158 - \isarcmd{classrel} & : & \isartrans{theory}{theory} & (axiomatic!) \\
12.159 - \isarcmd{defaultsort} & : & \isartrans{theory}{theory} \\
12.160 - \isarcmd{class_deps} & : & \isarkeep{theory~|~proof} \\
12.161 -\end{matharray}
12.162 -
12.163 -\begin{rail}
12.164 - 'classes' (classdecl +)
12.165 - ;
12.166 - 'classrel' (nameref ('<' | subseteq) nameref + 'and')
12.167 - ;
12.168 - 'defaultsort' sort
12.169 - ;
12.170 -\end{rail}
12.171 -
12.172 -\begin{descr}
12.173 -\item [$\isarkeyword{classes}~c \subseteq \vec c$] declares class $c$ to be a
12.174 - subclass of existing classes $\vec c$. Cyclic class structures are ruled
12.175 - out.
12.176 -\item [$\isarkeyword{classrel}~c@1 \subseteq c@2$] states subclass relations
12.177 - between existing classes $c@1$ and $c@2$. This is done axiomatically! The
12.178 - $\INSTANCE$ command (see \S\ref{sec:axclass}) provides a way to introduce
12.179 - proven class relations.
12.180 -\item [$\isarkeyword{defaultsort}~s$] makes sort $s$ the new default sort for
12.181 - any type variables given without sort constraints. Usually, the default
12.182 - sort would be only changed when defining a new object-logic.
12.183 -\item [$\isarkeyword{class_deps}$] visualizes the subclass relation,
12.184 - using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
12.185 -\end{descr}
12.186 -
12.187 -
12.188 -\subsection{Primitive types and type abbreviations}\label{sec:types-pure}
12.189 -
12.190 -\indexisarcmd{typedecl}\indexisarcmd{types}\indexisarcmd{nonterminals}\indexisarcmd{arities}
12.191 -\begin{matharray}{rcll}
12.192 - \isarcmd{types} & : & \isartrans{theory}{theory} \\
12.193 - \isarcmd{typedecl} & : & \isartrans{theory}{theory} \\
12.194 - \isarcmd{nonterminals} & : & \isartrans{theory}{theory} \\
12.195 - \isarcmd{arities} & : & \isartrans{theory}{theory} & (axiomatic!) \\
12.196 -\end{matharray}
12.197 -
12.198 -\begin{rail}
12.199 - 'types' (typespec '=' type infix? +)
12.200 - ;
12.201 - 'typedecl' typespec infix?
12.202 - ;
12.203 - 'nonterminals' (name +)
12.204 - ;
12.205 - 'arities' (nameref '::' arity +)
12.206 - ;
12.207 -\end{rail}
12.208 -
12.209 -\begin{descr}
12.210 -
12.211 -\item [$\TYPES~(\vec\alpha)t = \tau$] introduces \emph{type synonym}
12.212 - $(\vec\alpha)t$ for existing type $\tau$. Unlike actual type definitions,
12.213 - as are available in Isabelle/HOL for example, type synonyms are just purely
12.214 - syntactic abbreviations without any logical significance. Internally, type
12.215 - synonyms are fully expanded.
12.216 -
12.217 -\item [$\isarkeyword{typedecl}~(\vec\alpha)t$] declares a new type constructor
12.218 - $t$, intended as an actual logical type. Note that the Isabelle/HOL
12.219 - object-logic overrides $\isarkeyword{typedecl}$ by its own version
12.220 - (\S\ref{sec:hol-typedef}).
12.221 -
12.222 -\item [$\isarkeyword{nonterminals}~\vec c$] declares $0$-ary type constructors
12.223 - $\vec c$ to act as purely syntactic types, i.e.\ nonterminal symbols of
12.224 - Isabelle's inner syntax of terms or types.
12.225 -
12.226 -\item [$\isarkeyword{arities}~t::(\vec s)s$] augments Isabelle's order-sorted
12.227 - signature of types by new type constructor arities. This is done
12.228 - axiomatically! The $\INSTANCE$ command (see \S\ref{sec:axclass}) provides a
12.229 - way to introduce proven type arities.
12.230 -
12.231 -\end{descr}
12.232 -
12.233 -
12.234 -\subsection{Primitive constants and definitions}\label{sec:consts}
12.235 -
12.236 -Definitions essentially express abbreviations within the logic. The
12.237 -simplest form of a definition is $f :: \sigma \equiv t$, where $f$ is
12.238 -a newly declared constant. Isabelle also allows derived forms where
12.239 -the arguments of~$f$ appear on the left, abbreviating a string of
12.240 -$\lambda$-abstractions, e.g.\ $f \equiv \lambda x\, y. t$ may be
12.241 -written more conveniently as $f \, x \, y \equiv t$. Moreover,
12.242 -definitions may be weakened by adding arbitrary pre-conditions: $A
12.243 -\Imp f \, x\, y \equiv t$.
12.244 -
12.245 -\medskip The built-in well-formedness conditions for definitional
12.246 -specifications are:
12.247 -\begin{itemize}
12.248 -\item Arguments (on the left-hand side) must be distinct variables.
12.249 -\item All variables on the right-hand side must also appear on the
12.250 - left-hand side.
12.251 -\item All type variables on the right-hand side must also appear on
12.252 - the left-hand side; this prohibits $0::nat \equiv length
12.253 - ([]::\alpha\, list)$ for example.
12.254 -\item The definition must not be recursive. Most object-logics
12.255 - provide definitional principles that can be used to express
12.256 - recursion safely.
12.257 -\end{itemize}
12.258 -
12.259 -Overloading means that a constant being declared as $c :: \alpha\,
12.260 -decl$ may be defined separately on type instances $c ::
12.261 -(\vec\beta)\,t\,decl$ for each type constructor $t$. The RHS may
12.262 -mention overloaded constants recursively at type instances
12.263 -corresponding to the immediate argument types $\vec\beta$. Incomplete
12.264 -specification patterns impose global constraints on all occurrences,
12.265 -e.g. $d :: \alpha \times \alpha$ on the LHS means that all
12.266 -corresponding occurrences on some RHS need to be an instance of this,
12.267 -general $d :: \alpha \times \beta$ will be disallowed.
12.268 -
12.269 -\indexisarcmd{consts}\indexisarcmd{defs}\indexisarcmd{constdefs}\indexoutertoken{constdecl}
12.270 -\begin{matharray}{rcl}
12.271 - \isarcmd{consts} & : & \isartrans{theory}{theory} \\
12.272 - \isarcmd{defs} & : & \isartrans{theory}{theory} \\
12.273 - \isarcmd{constdefs} & : & \isartrans{theory}{theory} \\
12.274 -\end{matharray}
12.275 -
12.276 -\begin{rail}
12.277 - 'consts' ((name '::' type mixfix?) +)
12.278 - ;
12.279 - 'defs' ('(' 'unchecked'? 'overloaded'? ')')? \\ (axmdecl prop +)
12.280 - ;
12.281 -\end{rail}
12.282 -
12.283 -\begin{rail}
12.284 - 'constdefs' structs? (constdecl? constdef +)
12.285 - ;
12.286 -
12.287 - structs: '(' 'structure' (vars + 'and') ')'
12.288 - ;
12.289 - constdecl: ((name '::' type mixfix | name '::' type | name mixfix) 'where'?) | name 'where'
12.290 - ;
12.291 - constdef: thmdecl? prop
12.292 - ;
12.293 -\end{rail}
12.294 -
12.295 -\begin{descr}
12.296 -\item [$\CONSTS~c::\sigma$] declares constant $c$ to have any instance of type
12.297 - scheme $\sigma$. The optional mixfix annotations may attach concrete syntax
12.298 - to the constants declared.
12.299 -
12.300 -\item [$\DEFS~name: eqn$] introduces $eqn$ as a definitional axiom for
12.301 - some existing constant.
12.302 -
12.303 - The $(unchecked)$ option disables global dependency checks for this
12.304 - definition, which is occasionally useful for exotic overloading. It
12.305 - is at the discretion of the user to avoid malformed theory
12.306 - specifications!
12.307 -
12.308 - The $(overloaded)$ option declares definitions to be potentially
12.309 - overloaded. Unless this option is given, a warning message would be
12.310 - issued for any definitional equation with a more special type than
12.311 - that of the corresponding constant declaration.
12.312 -
12.313 -\item [$\CONSTDEFS$] provides a streamlined combination of constants
12.314 - declarations and definitions: type-inference takes care of the most general
12.315 - typing of the given specification (the optional type constraint may refer to
12.316 - type-inference dummies ``$_$'' as usual). The resulting type declaration
12.317 - needs to agree with that of the specification; overloading is \emph{not}
12.318 - supported here!
12.319 -
12.320 - The constant name may be omitted altogether, if neither type nor syntax
12.321 - declarations are given. The canonical name of the definitional axiom for
12.322 - constant $c$ will be $c_def$, unless specified otherwise. Also note that
12.323 - the given list of specifications is processed in a strictly sequential
12.324 - manner, with type-checking being performed independently.
12.325 -
12.326 - An optional initial context of $(structure)$ declarations admits use of
12.327 - indexed syntax, using the special symbol \verb,\<index>, (printed as
12.328 - ``\i''). The latter concept is particularly useful with locales (see also
12.329 - \S\ref{sec:locale}).
12.330 -\end{descr}
12.331 -
12.332 -
12.333 -\subsection{Syntax and translations}\label{sec:syn-trans}
12.334 -
12.335 -\indexisarcmd{syntax}\indexisarcmd{no-syntax}
12.336 -\indexisarcmd{translations}\indexisarcmd{no-translations}
12.337 -\begin{matharray}{rcl}
12.338 - \isarcmd{syntax} & : & \isartrans{theory}{theory} \\
12.339 - \isarcmd{no_syntax} & : & \isartrans{theory}{theory} \\
12.340 - \isarcmd{translations} & : & \isartrans{theory}{theory} \\
12.341 - \isarcmd{no_translations} & : & \isartrans{theory}{theory} \\
12.342 -\end{matharray}
12.343 -
12.344 -\railalias{rightleftharpoons}{\isasymrightleftharpoons}
12.345 -\railterm{rightleftharpoons}
12.346 -
12.347 -\railalias{rightharpoonup}{\isasymrightharpoonup}
12.348 -\railterm{rightharpoonup}
12.349 -
12.350 -\railalias{leftharpoondown}{\isasymleftharpoondown}
12.351 -\railterm{leftharpoondown}
12.352 -
12.353 -\begin{rail}
12.354 - ('syntax' | 'no\_syntax') mode? (constdecl +)
12.355 - ;
12.356 - ('translations' | 'no\_translations') (transpat ('==' | '=>' | '<=' | rightleftharpoons | rightharpoonup | leftharpoondown) transpat +)
12.357 - ;
12.358 -
12.359 - mode: ('(' ( name | 'output' | name 'output' ) ')')
12.360 - ;
12.361 - transpat: ('(' nameref ')')? string
12.362 - ;
12.363 -\end{rail}
12.364 -
12.365 -\begin{descr}
12.366 -
12.367 -\item [$\isarkeyword{syntax}~(mode)~decls$] is similar to $\CONSTS~decls$,
12.368 - except that the actual logical signature extension is omitted. Thus the
12.369 - context free grammar of Isabelle's inner syntax may be augmented in
12.370 - arbitrary ways, independently of the logic. The $mode$ argument refers to
12.371 - the print mode that the grammar rules belong; unless the
12.372 - $\isarkeyword{output}$ indicator is given, all productions are added both to
12.373 - the input and output grammar.
12.374 -
12.375 -\item [$\isarkeyword{no_syntax}~(mode)~decls$] removes grammar declarations
12.376 - (and translations) resulting from $decls$, which are interpreted in the same
12.377 - manner as for $\isarkeyword{syntax}$ above.
12.378 -
12.379 -\item [$\isarkeyword{translations}~rules$] specifies syntactic translation
12.380 - rules (i.e.\ macros): parse~/ print rules (\isasymrightleftharpoons), parse
12.381 - rules (\isasymrightharpoonup), or print rules (\isasymleftharpoondown).
12.382 - Translation patterns may be prefixed by the syntactic category to be used
12.383 - for parsing; the default is $logic$.
12.384 -
12.385 -\item [$\isarkeyword{no_translations}~rules$] removes syntactic
12.386 - translation rules, which are interpreted in the same manner as for
12.387 - $\isarkeyword{translations}$ above.
12.388 -
12.389 -\end{descr}
12.390 -
12.391 -
12.392 -\subsection{Axioms and theorems}\label{sec:axms-thms}
12.393 -
12.394 -\indexisarcmd{axioms}\indexisarcmd{lemmas}\indexisarcmd{theorems}
12.395 -\begin{matharray}{rcll}
12.396 - \isarcmd{axioms} & : & \isartrans{theory}{theory} & (axiomatic!) \\
12.397 - \isarcmd{lemmas} & : & \isarkeep{local{\dsh}theory} \\
12.398 - \isarcmd{theorems} & : & isarkeep{local{\dsh}theory} \\
12.399 -\end{matharray}
12.400 -
12.401 -\begin{rail}
12.402 - 'axioms' (axmdecl prop +)
12.403 - ;
12.404 - ('lemmas' | 'theorems') target? (thmdef? thmrefs + 'and')
12.405 - ;
12.406 -\end{rail}
12.407 -
12.408 -\begin{descr}
12.409 -
12.410 -\item [$\isarkeyword{axioms}~a: \phi$] introduces arbitrary statements as
12.411 - axioms of the meta-logic. In fact, axioms are ``axiomatic theorems'', and
12.412 - may be referred later just as any other theorem.
12.413 -
12.414 - Axioms are usually only introduced when declaring new logical systems.
12.415 - Everyday work is typically done the hard way, with proper definitions and
12.416 - proven theorems.
12.417 -
12.418 -\item [$\isarkeyword{lemmas}~a = \vec b$] retrieves and stores
12.419 - existing facts in the theory context, or the specified target
12.420 - context (see also \S\ref{sec:target}). Typical applications would
12.421 - also involve attributes, to declare Simplifier rules, for example.
12.422 -
12.423 -\item [$\isarkeyword{theorems}$] is essentially the same as
12.424 - $\isarkeyword{lemmas}$, but marks the result as a different kind of facts.
12.425 -
12.426 -\end{descr}
12.427 -
12.428 -
12.429 -\subsection{Name spaces}
12.430 -
12.431 -\indexisarcmd{global}\indexisarcmd{local}\indexisarcmd{hide}
12.432 -\begin{matharray}{rcl}
12.433 - \isarcmd{global} & : & \isartrans{theory}{theory} \\
12.434 - \isarcmd{local} & : & \isartrans{theory}{theory} \\
12.435 - \isarcmd{hide} & : & \isartrans{theory}{theory} \\
12.436 -\end{matharray}
12.437 -
12.438 -\begin{rail}
12.439 - 'hide' ('(open)')? name (nameref + )
12.440 - ;
12.441 -\end{rail}
12.442 -
12.443 -Isabelle organizes any kind of name declarations (of types, constants,
12.444 -theorems etc.) by separate hierarchically structured name spaces. Normally
12.445 -the user does not have to control the behavior of name spaces by hand, yet the
12.446 -following commands provide some way to do so.
12.447 -
12.448 -\begin{descr}
12.449 -\item [$\isarkeyword{global}$ and $\isarkeyword{local}$] change the current
12.450 - name declaration mode. Initially, theories start in $\isarkeyword{local}$
12.451 - mode, causing all names to be automatically qualified by the theory name.
12.452 - Changing this to $\isarkeyword{global}$ causes all names to be declared
12.453 - without the theory prefix, until $\isarkeyword{local}$ is declared again.
12.454 -
12.455 - Note that global names are prone to get hidden accidently later, when
12.456 - qualified names of the same base name are introduced.
12.457 -
12.458 -\item [$\isarkeyword{hide}~space~names$] fully removes declarations
12.459 - from a given name space (which may be $class$, $type$, $const$, or
12.460 - $fact$); with the $(open)$ option, only the base name is hidden.
12.461 - Global (unqualified) names may never be hidden.
12.462 -
12.463 - Note that hiding name space accesses has no impact on logical declarations
12.464 - -- they remain valid internally. Entities that are no longer accessible to
12.465 - the user are printed with the special qualifier ``$\mathord?\mathord?$''
12.466 - prefixed to the full internal name.
12.467 -\end{descr}
12.468 -
12.469 -
12.470 -\subsection{Incorporating ML code}\label{sec:ML}
12.471 -
12.472 -\indexisarcmd{use}\indexisarcmd{ML}\indexisarcmd{ML-val}\indexisarcmd{ML-command}
12.473 -\indexisarcmd{setup}\indexisarcmd{method-setup}
12.474 -\begin{matharray}{rcl}
12.475 - \isarcmd{use} & : & \isarkeep{theory~|~local{\dsh}theory} \\
12.476 - \isarcmd{ML} & : & \isarkeep{theory~|~local{\dsh}theory} \\
12.477 - \isarcmd{ML_val} & : & \isartrans{\cdot}{\cdot} \\
12.478 - \isarcmd{ML_command} & : & \isartrans{\cdot}{\cdot} \\
12.479 - \isarcmd{setup} & : & \isartrans{theory}{theory} \\
12.480 - \isarcmd{method_setup} & : & \isartrans{theory}{theory} \\
12.481 -\end{matharray}
12.482 -
12.483 -\begin{rail}
12.484 - 'use' name
12.485 - ;
12.486 - ('ML' | 'ML\_val' | 'ML\_command' | 'setup') text
12.487 - ;
12.488 - 'method\_setup' name '=' text text
12.489 - ;
12.490 -\end{rail}
12.491 -
12.492 -\begin{descr}
12.493 -\item [$\isarkeyword{use}~file$] reads and executes ML commands from
12.494 - $file$. The current theory context is passed down to the ML
12.495 - toplevel and may be modified, using \verb,Context.>>, or any other
12.496 - ML commands derived from it. The file name is checked with the
12.497 - $\isarkeyword{uses}$ dependency declaration given in the theory
12.498 - header (see also \S\ref{sec:begin-thy}).
12.499 -
12.500 -\item [$\isarkeyword{ML}~text$] is similar to $\isarkeyword{use}$, but
12.501 - executes ML commands from the given $text$.
12.502 -
12.503 -\item [$\isarkeyword{ML_val}$ and $\isarkeyword{ML_command}$] are
12.504 - diagnostic versions of $\isarkeyword{ML}$, which means that the
12.505 - context may not be updated. $\isarkeyword{ML_val}$ echos the
12.506 - bindings produced at the ML toplevel, but $\isarkeyword{ML_command}$
12.507 - is silent.
12.508 -
12.509 -\item [$\isarkeyword{setup}~text$] changes the current theory context
12.510 - by applying $text$, which refers to an ML expression of type
12.511 - \texttt{theory~->~theory)}. The $\isarkeyword{setup}$ command is
12.512 - the canonical way to initialize any object-logic specific tools and
12.513 - packages written in ML.
12.514 -
12.515 -\item [$\isarkeyword{method_setup}~name = text~description$] defines a proof
12.516 - method in the current theory. The given $text$ has to be an ML expression
12.517 - of type \texttt{Args.src -> Proof.context -> Proof.method}. Parsing
12.518 - concrete method syntax from \texttt{Args.src} input can be quite tedious in
12.519 - general. The following simple examples are for methods without any explicit
12.520 - arguments, or a list of theorems, respectively.
12.521 -
12.522 -{\footnotesize
12.523 -\begin{verbatim}
12.524 - Method.no_args (Method.METHOD (fn facts => foobar_tac))
12.525 - Method.thms_args (fn thms => Method.METHOD (fn facts => foobar_tac))
12.526 - Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => foobar_tac))
12.527 - Method.thms_ctxt_args (fn thms => fn ctxt =>
12.528 - Method.METHOD (fn facts => foobar_tac))
12.529 -\end{verbatim}
12.530 -}
12.531 -
12.532 -Note that mere tactic emulations may ignore the \texttt{facts} parameter
12.533 -above. Proper proof methods would do something appropriate with the list of
12.534 -current facts, though. Single-rule methods usually do strict forward-chaining
12.535 -(e.g.\ by using \texttt{Method.multi_resolves}), while automatic ones just
12.536 -insert the facts using \texttt{Method.insert_tac} before applying the main
12.537 -tactic.
12.538 -\end{descr}
12.539 -
12.540 -
12.541 -\subsection{Syntax translation functions}
12.542 -
12.543 -\indexisarcmd{parse-ast-translation}\indexisarcmd{parse-translation}
12.544 -\indexisarcmd{print-translation}\indexisarcmd{typed-print-translation}
12.545 -\indexisarcmd{print-ast-translation}\indexisarcmd{token-translation}
12.546 -\begin{matharray}{rcl}
12.547 - \isarcmd{parse_ast_translation} & : & \isartrans{theory}{theory} \\
12.548 - \isarcmd{parse_translation} & : & \isartrans{theory}{theory} \\
12.549 - \isarcmd{print_translation} & : & \isartrans{theory}{theory} \\
12.550 - \isarcmd{typed_print_translation} & : & \isartrans{theory}{theory} \\
12.551 - \isarcmd{print_ast_translation} & : & \isartrans{theory}{theory} \\
12.552 - \isarcmd{token_translation} & : & \isartrans{theory}{theory} \\
12.553 -\end{matharray}
12.554 -
12.555 -\railalias{parseasttranslation}{parse\_ast\_translation}
12.556 -\railterm{parseasttranslation}
12.557 -
12.558 -\railalias{parsetranslation}{parse\_translation}
12.559 -\railterm{parsetranslation}
12.560 -
12.561 -\railalias{printtranslation}{print\_translation}
12.562 -\railterm{printtranslation}
12.563 -
12.564 -\railalias{typedprinttranslation}{typed\_print\_translation}
12.565 -\railterm{typedprinttranslation}
12.566 -
12.567 -\railalias{printasttranslation}{print\_ast\_translation}
12.568 -\railterm{printasttranslation}
12.569 -
12.570 -\railalias{tokentranslation}{token\_translation}
12.571 -\railterm{tokentranslation}
12.572 -
12.573 -\begin{rail}
12.574 - ( parseasttranslation | parsetranslation | printtranslation | typedprinttranslation |
12.575 - printasttranslation ) ('(advanced)')? text;
12.576 -
12.577 - tokentranslation text
12.578 -\end{rail}
12.579 -
12.580 -Syntax translation functions written in ML admit almost arbitrary
12.581 -manipulations of Isabelle's inner syntax. Any of the above commands have a
12.582 -single \railqtok{text} argument that refers to an ML expression of appropriate
12.583 -type, which are as follows by default:
12.584 -
12.585 -\begin{ttbox}
12.586 -val parse_ast_translation : (string * (ast list -> ast)) list
12.587 -val parse_translation : (string * (term list -> term)) list
12.588 -val print_translation : (string * (term list -> term)) list
12.589 -val typed_print_translation :
12.590 - (string * (bool -> typ -> term list -> term)) list
12.591 -val print_ast_translation : (string * (ast list -> ast)) list
12.592 -val token_translation :
12.593 - (string * string * (string -> string * real)) list
12.594 -\end{ttbox}
12.595 -
12.596 -In case that the $(advanced)$ option is given, the corresponding
12.597 -translation functions may depend on the current theory or proof
12.598 -context. This allows to implement advanced syntax mechanisms, as
12.599 -translations functions may refer to specific theory declarations or
12.600 -auxiliary proof data.
12.601 -
12.602 -See also \cite[\S8]{isabelle-ref} for more information on the general concept
12.603 -of syntax transformations in Isabelle.
12.604 -
12.605 -\begin{ttbox}
12.606 -val parse_ast_translation:
12.607 - (string * (Context.generic -> ast list -> ast)) list
12.608 -val parse_translation:
12.609 - (string * (Context.generic -> term list -> term)) list
12.610 -val print_translation:
12.611 - (string * (Context.generic -> term list -> term)) list
12.612 -val typed_print_translation:
12.613 - (string * (Context.generic -> bool -> typ -> term list -> term)) list
12.614 -val print_ast_translation:
12.615 - (string * (Context.generic -> ast list -> ast)) list
12.616 -\end{ttbox}
12.617 -
12.618 -
12.619 -\subsection{Oracles}
12.620 -
12.621 -\indexisarcmd{oracle}
12.622 -\begin{matharray}{rcl}
12.623 - \isarcmd{oracle} & : & \isartrans{theory}{theory} \\
12.624 -\end{matharray}
12.625 -
12.626 -The oracle interface promotes a given ML function \texttt{theory -> T -> term}
12.627 -to \texttt{theory -> T -> thm}, for some type \texttt{T} given by the user.
12.628 -This acts like an infinitary specification of axioms -- there is no internal
12.629 -check of the correctness of the results! The inference kernel records oracle
12.630 -invocations within the internal derivation object of theorems, and the pretty
12.631 -printer attaches ``\texttt{[!]}'' to indicate results that are not fully
12.632 -checked by Isabelle inferences.
12.633 -
12.634 -\begin{rail}
12.635 - 'oracle' name '(' type ')' '=' text
12.636 - ;
12.637 -\end{rail}
12.638 -
12.639 -\begin{descr}
12.640 -\item [$\isarkeyword{oracle}~name~(type)=~text$] turns the given ML expression
12.641 - $text$ of type \texttt{theory~->~$type$~->~term} into an ML function $name$
12.642 - of type \texttt{theory~->~$type$~->~thm}.
12.643 -\end{descr}
12.644 -
12.645 -
12.646 -\section{Proof commands}
12.647 -
12.648 -Proof commands perform transitions of Isar/VM machine configurations, which
12.649 -are block-structured, consisting of a stack of nodes with three main
12.650 -components: logical proof context, current facts, and open goals. Isar/VM
12.651 -transitions are \emph{typed} according to the following three different modes
12.652 -of operation:
12.653 -\begin{descr}
12.654 -\item [$proof(prove)$] means that a new goal has just been stated that is now
12.655 - to be \emph{proven}; the next command may refine it by some proof method,
12.656 - and enter a sub-proof to establish the actual result.
12.657 -\item [$proof(state)$] is like a nested theory mode: the context may be
12.658 - augmented by \emph{stating} additional assumptions, intermediate results
12.659 - etc.
12.660 -\item [$proof(chain)$] is intermediate between $proof(state)$ and
12.661 - $proof(prove)$: existing facts (i.e.\ the contents of the special ``$this$''
12.662 - register) have been just picked up in order to be used when refining the
12.663 - goal claimed next.
12.664 -\end{descr}
12.665 -
12.666 -The proof mode indicator may be read as a verb telling the writer what kind of
12.667 -operation may be performed next. The corresponding typings of proof commands
12.668 -restricts the shape of well-formed proof texts to particular command
12.669 -sequences. So dynamic arrangements of commands eventually turn out as static
12.670 -texts of a certain structure. Appendix~\ref{ap:refcard} gives a simplified
12.671 -grammar of the overall (extensible) language emerging that way.
12.672 -
12.673 -
12.674 -\subsection{Markup commands}\label{sec:markup-prf}
12.675 -
12.676 -\indexisarcmd{sect}\indexisarcmd{subsect}\indexisarcmd{subsubsect}
12.677 -\indexisarcmd{txt}\indexisarcmd{txt-raw}
12.678 -\begin{matharray}{rcl}
12.679 - \isarcmd{sect} & : & \isartrans{proof}{proof} \\
12.680 - \isarcmd{subsect} & : & \isartrans{proof}{proof} \\
12.681 - \isarcmd{subsubsect} & : & \isartrans{proof}{proof} \\
12.682 - \isarcmd{txt} & : & \isartrans{proof}{proof} \\
12.683 - \isarcmd{txt_raw} & : & \isartrans{proof}{proof} \\
12.684 -\end{matharray}
12.685 -
12.686 -These markup commands for proof mode closely correspond to the ones of theory
12.687 -mode (see \S\ref{sec:markup-thy}).
12.688 -
12.689 -\railalias{txtraw}{txt\_raw}
12.690 -\railterm{txtraw}
12.691 -
12.692 -\begin{rail}
12.693 - ('sect' | 'subsect' | 'subsubsect' | 'txt' | txtraw) text
12.694 - ;
12.695 -\end{rail}
12.696 -
12.697 -
12.698 -\subsection{Context elements}\label{sec:proof-context}
12.699 -
12.700 -\indexisarcmd{fix}\indexisarcmd{assume}\indexisarcmd{presume}\indexisarcmd{def}
12.701 -\begin{matharray}{rcl}
12.702 - \isarcmd{fix} & : & \isartrans{proof(state)}{proof(state)} \\
12.703 - \isarcmd{assume} & : & \isartrans{proof(state)}{proof(state)} \\
12.704 - \isarcmd{presume} & : & \isartrans{proof(state)}{proof(state)} \\
12.705 - \isarcmd{def} & : & \isartrans{proof(state)}{proof(state)} \\
12.706 -\end{matharray}
12.707 -
12.708 -The logical proof context consists of fixed variables and assumptions. The
12.709 -former closely correspond to Skolem constants, or meta-level universal
12.710 -quantification as provided by the Isabelle/Pure logical framework.
12.711 -Introducing some \emph{arbitrary, but fixed} variable via ``$\FIX x$'' results
12.712 -in a local value that may be used in the subsequent proof as any other
12.713 -variable or constant. Furthermore, any result $\edrv \phi[x]$ exported from
12.714 -the context will be universally closed wrt.\ $x$ at the outermost level:
12.715 -$\edrv \All x \phi$ (this is expressed using Isabelle's meta-variables).
12.716 -
12.717 -Similarly, introducing some assumption $\chi$ has two effects. On the one
12.718 -hand, a local theorem is created that may be used as a fact in subsequent
12.719 -proof steps. On the other hand, any result $\chi \drv \phi$ exported from the
12.720 -context becomes conditional wrt.\ the assumption: $\edrv \chi \Imp \phi$.
12.721 -Thus, solving an enclosing goal using such a result would basically introduce
12.722 -a new subgoal stemming from the assumption. How this situation is handled
12.723 -depends on the actual version of assumption command used: while $\ASSUMENAME$
12.724 -insists on solving the subgoal by unification with some premise of the goal,
12.725 -$\PRESUMENAME$ leaves the subgoal unchanged in order to be proved later by the
12.726 -user.
12.727 -
12.728 -Local definitions, introduced by ``$\DEF{}{x \equiv t}$'', are achieved by
12.729 -combining ``$\FIX x$'' with another version of assumption that causes any
12.730 -hypothetical equation $x \equiv t$ to be eliminated by the reflexivity rule.
12.731 -Thus, exporting some result $x \equiv t \drv \phi[x]$ yields $\edrv \phi[t]$.
12.732 -
12.733 -\railalias{equiv}{\isasymequiv}
12.734 -\railterm{equiv}
12.735 -
12.736 -\begin{rail}
12.737 - 'fix' (vars + 'and')
12.738 - ;
12.739 - ('assume' | 'presume') (props + 'and')
12.740 - ;
12.741 - 'def' (def + 'and')
12.742 - ;
12.743 - def: thmdecl? \\ name ('==' | equiv) term termpat?
12.744 - ;
12.745 -\end{rail}
12.746 -
12.747 -\begin{descr}
12.748 -
12.749 -\item [$\FIX{\vec x}$] introduces local \emph{arbitrary, but fixed} variables
12.750 - $\vec x$.
12.751 -
12.752 -\item [$\ASSUME{a}{\vec\phi}$ and $\PRESUME{a}{\vec\phi}$] introduce local
12.753 - theorems $\vec\phi$ by assumption. Subsequent results applied to an
12.754 - enclosing goal (e.g.\ by $\SHOWNAME$) are handled as follows: $\ASSUMENAME$
12.755 - expects to be able to unify with existing premises in the goal, while
12.756 - $\PRESUMENAME$ leaves $\vec\phi$ as new subgoals.
12.757 -
12.758 - Several lists of assumptions may be given (separated by
12.759 - $\isarkeyword{and}$); the resulting list of current facts consists of all of
12.760 - these concatenated.
12.761 -
12.762 -\item [$\DEF{a}{x \equiv t}$] introduces a local (non-polymorphic) definition.
12.763 - In results exported from the context, $x$ is replaced by $t$. Basically,
12.764 - ``$\DEF{}{x \equiv t}$'' abbreviates ``$\FIX{x}~\ASSUME{}{x \equiv t}$'',
12.765 - with the resulting hypothetical equation solved by reflexivity.
12.766 -
12.767 - The default name for the definitional equation is $x_def$. Several
12.768 - simultaneous definitions may be given at the same time.
12.769 -
12.770 -\end{descr}
12.771 -
12.772 -The special name $prems$\indexisarthm{prems} refers to all assumptions of the
12.773 -current context as a list of theorems.
12.774 -
12.775 -
12.776 -\subsection{Facts and forward chaining}
12.777 -
12.778 -\indexisarcmd{note}\indexisarcmd{then}\indexisarcmd{from}\indexisarcmd{with}
12.779 -\indexisarcmd{using}\indexisarcmd{unfolding}
12.780 -\begin{matharray}{rcl}
12.781 - \isarcmd{note} & : & \isartrans{proof(state)}{proof(state)} \\
12.782 - \isarcmd{then} & : & \isartrans{proof(state)}{proof(chain)} \\
12.783 - \isarcmd{from} & : & \isartrans{proof(state)}{proof(chain)} \\
12.784 - \isarcmd{with} & : & \isartrans{proof(state)}{proof(chain)} \\
12.785 - \isarcmd{using} & : & \isartrans{proof(prove)}{proof(prove)} \\
12.786 - \isarcmd{unfolding} & : & \isartrans{proof(prove)}{proof(prove)} \\
12.787 -\end{matharray}
12.788 -
12.789 -New facts are established either by assumption or proof of local statements.
12.790 -Any fact will usually be involved in further proofs, either as explicit
12.791 -arguments of proof methods, or when forward chaining towards the next goal via
12.792 -$\THEN$ (and variants); $\FROMNAME$ and $\WITHNAME$ are composite forms
12.793 -involving $\NOTENAME$. The $\USINGNAME$ elements augments the collection of
12.794 -used facts \emph{after} a goal has been stated. Note that the special theorem
12.795 -name $this$\indexisarthm{this} refers to the most recently established facts,
12.796 -but only \emph{before} issuing a follow-up claim.
12.797 -
12.798 -\begin{rail}
12.799 - 'note' (thmdef? thmrefs + 'and')
12.800 - ;
12.801 - ('from' | 'with' | 'using' | 'unfolding') (thmrefs + 'and')
12.802 - ;
12.803 -\end{rail}
12.804 -
12.805 -\begin{descr}
12.806 -
12.807 -\item [$\NOTE{a}{\vec b}$] recalls existing facts $\vec b$, binding the result
12.808 - as $a$. Note that attributes may be involved as well, both on the left and
12.809 - right hand sides.
12.810 -
12.811 -\item [$\THEN$] indicates forward chaining by the current facts in order to
12.812 - establish the goal to be claimed next. The initial proof method invoked to
12.813 - refine that will be offered the facts to do ``anything appropriate'' (see
12.814 - also \S\ref{sec:proof-steps}). For example, method $rule$ (see
12.815 - \S\ref{sec:pure-meth-att}) would typically do an elimination rather than an
12.816 - introduction. Automatic methods usually insert the facts into the goal
12.817 - state before operation. This provides a simple scheme to control relevance
12.818 - of facts in automated proof search.
12.819 -
12.820 -\item [$\FROM{\vec b}$] abbreviates ``$\NOTE{}{\vec b}~\THEN$''; thus $\THEN$
12.821 - is equivalent to ``$\FROM{this}$''.
12.822 -
12.823 -\item [$\WITH{\vec b}$] abbreviates ``$\FROM{\vec b~\AND~this}$''; thus the
12.824 - forward chaining is from earlier facts together with the current ones.
12.825 -
12.826 -\item [$\USING{\vec b}$] augments the facts being currently indicated
12.827 - for use by a subsequent refinement step (such as $\APPLYNAME$ or
12.828 - $\PROOFNAME$).
12.829 -
12.830 -\item [$\UNFOLDING{\vec b}$] is structurally similar to $\USINGNAME$,
12.831 - but unfolds definitional equations $\vec b$ throughout the goal
12.832 - state and facts.
12.833 -
12.834 -\end{descr}
12.835 -
12.836 -Forward chaining with an empty list of theorems is the same as not chaining at
12.837 -all. Thus ``$\FROM{nothing}$'' has no effect apart from entering
12.838 -$prove(chain)$ mode, since $nothing$\indexisarthm{nothing} is bound to the
12.839 -empty list of theorems.
12.840 -
12.841 -Basic proof methods (such as $rule$) expect multiple facts to be given in
12.842 -their proper order, corresponding to a prefix of the premises of the rule
12.843 -involved. Note that positions may be easily skipped using something like
12.844 -$\FROM{\Text{\texttt{_}}~a~b}$, for example. This involves the trivial rule
12.845 -$\PROP\psi \Imp \PROP\psi$, which happens to be bound in Isabelle/Pure as
12.846 -``\texttt{_}'' (underscore).\indexisarthm{_@\texttt{_}}
12.847 -
12.848 -Automated methods (such as $simp$ or $auto$) just insert any given facts
12.849 -before their usual operation. Depending on the kind of procedure involved,
12.850 -the order of facts is less significant here.
12.851 -
12.852 -
12.853 -\subsection{Goal statements}\label{sec:goals}
12.854 -
12.855 -\indexisarcmd{lemma}\indexisarcmd{theorem}\indexisarcmd{corollary}
12.856 -\indexisarcmd{have}\indexisarcmd{show}\indexisarcmd{hence}\indexisarcmd{thus}
12.857 -\indexisarcmd{print-statement}
12.858 -\begin{matharray}{rcl}
12.859 - \isarcmd{lemma} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
12.860 - \isarcmd{theorem} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
12.861 - \isarcmd{corollary} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\
12.862 - \isarcmd{have} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
12.863 - \isarcmd{show} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
12.864 - \isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\
12.865 - \isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\
12.866 - \isarcmd{print_statement}^* & : & \isarkeep{theory~|~proof} \\
12.867 -\end{matharray}
12.868 -
12.869 -From a theory context, proof mode is entered by an initial goal command such
12.870 -as $\LEMMANAME$, $\THEOREMNAME$, or $\COROLLARYNAME$. Within a proof, new
12.871 -claims may be introduced locally as well; four variants are available here to
12.872 -indicate whether forward chaining of facts should be performed initially (via
12.873 -$\THEN$), and whether the final result is meant to solve some pending goal.
12.874 -
12.875 -Goals may consist of multiple statements, resulting in a list of facts
12.876 -eventually. A pending multi-goal is internally represented as a meta-level
12.877 -conjunction (printed as \verb,&&,), which is usually split into the
12.878 -corresponding number of sub-goals prior to an initial method application, via
12.879 -$\PROOFNAME$ (\S\ref{sec:proof-steps}) or $\APPLYNAME$
12.880 -(\S\ref{sec:tactic-commands}). The $induct$ method covered in
12.881 -\S\ref{sec:cases-induct} acts on multiple claims simultaneously.
12.882 -
12.883 -Claims at the theory level may be either in short or long form. A
12.884 -short goal merely consists of several simultaneous propositions (often
12.885 -just one). A long goal includes an explicit context specification for
12.886 -the subsequent conclusion, involving local parameters and assumptions.
12.887 -Here the role of each part of the statement is explicitly marked by
12.888 -separate keywords (see also \S\ref{sec:locale}); the local assumptions
12.889 -being introduced here are available as $assms$\indexisarthm{assms} in
12.890 -the proof. \indexisarelem{shows}\indexisarelem{obtains}Moreover,
12.891 -there are two kinds of conclusions: $\isarkeyword{shows}$ states
12.892 -several simultaneous propositions (essentially a big conjunction),
12.893 -while $\isarkeyword{obtains}$ claims several simultaneous simultaneous
12.894 -contexts of (essentially a big disjunction of eliminated parameters
12.895 -and assumptions, cf.\ \S\ref{sec:obtain}).
12.896 -
12.897 -\begin{rail}
12.898 - ('lemma' | 'theorem' | 'corollary') target? (goal | longgoal)
12.899 - ;
12.900 - ('have' | 'show' | 'hence' | 'thus') goal
12.901 - ;
12.902 - 'print\_statement' modes? thmrefs
12.903 - ;
12.904 -
12.905 - goal: (props + 'and')
12.906 - ;
12.907 - longgoal: thmdecl? (contextelem *) conclusion
12.908 - ;
12.909 - conclusion: 'shows' goal | 'obtains' (parname? case + '|')
12.910 - ;
12.911 - case: (vars + 'and') 'where' (props + 'and')
12.912 - ;
12.913 -\end{rail}
12.914 -
12.915 -\begin{descr}
12.916 -
12.917 -\item [$\LEMMA{a}{\vec\phi}$] enters proof mode with $\vec\phi$ as main goal,
12.918 - eventually resulting in some fact $\turn \vec\phi$ to be put back into the
12.919 - theory context, or into the specified locale (cf.\ \S\ref{sec:locale}). An
12.920 - additional \railnonterm{context} specification may build up an initial proof
12.921 - context for the subsequent claim; this includes local definitions and syntax
12.922 - as well, see the definition of $contextelem$ in \S\ref{sec:locale}.
12.923 -
12.924 -\item [$\THEOREM{a}{\vec\phi}$ and $\COROLLARY{a}{\vec\phi}$] are essentially
12.925 - the same as $\LEMMA{a}{\vec\phi}$, but the facts are internally marked as
12.926 - being of a different kind. This discrimination acts like a formal comment.
12.927 -
12.928 -\item [$\HAVE{a}{\vec\phi}$] claims a local goal, eventually resulting in a
12.929 - fact within the current logical context. This operation is completely
12.930 - independent of any pending sub-goals of an enclosing goal statements, so
12.931 - $\HAVENAME$ may be freely used for experimental exploration of potential
12.932 - results within a proof body.
12.933 -
12.934 -\item [$\SHOW{a}{\vec\phi}$] is like $\HAVE{a}{\vec\phi}$ plus a second stage
12.935 - to refine some pending sub-goal for each one of the finished result, after
12.936 - having been exported into the corresponding context (at the head of the
12.937 - sub-proof of this $\SHOWNAME$ command).
12.938 -
12.939 - To accommodate interactive debugging, resulting rules are printed before
12.940 - being applied internally. Even more, interactive execution of $\SHOWNAME$
12.941 - predicts potential failure and displays the resulting error as a warning
12.942 - beforehand. Watch out for the following message:
12.943 -
12.944 - \begin{ttbox}
12.945 - Problem! Local statement will fail to solve any pending goal
12.946 - \end{ttbox}
12.947 -
12.948 -\item [$\HENCENAME$] abbreviates ``$\THEN~\HAVENAME$'', i.e.\ claims a local
12.949 - goal to be proven by forward chaining the current facts. Note that
12.950 - $\HENCENAME$ is also equivalent to ``$\FROM{this}~\HAVENAME$''.
12.951 -
12.952 -\item [$\THUSNAME$] abbreviates ``$\THEN~\SHOWNAME$''. Note that $\THUSNAME$
12.953 - is also equivalent to ``$\FROM{this}~\SHOWNAME$''.
12.954 -
12.955 -\item [$\isarkeyword{print_statement}~\vec a$] prints theorems from
12.956 - the current theory or proof context in long statement form,
12.957 - according to the syntax for $\isarkeyword{lemma}$ given above.
12.958 -
12.959 -\end{descr}
12.960 -
12.961 -Any goal statement causes some term abbreviations (such as $\Var{thesis}$) to
12.962 -be bound automatically, see also \S\ref{sec:term-abbrev}. Furthermore, the
12.963 -local context of a (non-atomic) goal is provided via the
12.964 -$rule_context$\indexisarcase{rule-context} case.
12.965 -
12.966 -The optional case names of $\isarkeyword{obtains}$ have a twofold
12.967 -meaning: (1) during the of this claim they refer to the the local
12.968 -context introductions, (2) the resulting rule is annotated accordingly
12.969 -to support symbolic case splits when used with the $cases$ method (cf.
12.970 -\S\ref{sec:cases-induct}).
12.971 -
12.972 -\medskip
12.973 -
12.974 -\begin{warn}
12.975 - Isabelle/Isar suffers theory-level goal statements to contain \emph{unbound
12.976 - schematic variables}, although this does not conform to the aim of
12.977 - human-readable proof documents! The main problem with schematic goals is
12.978 - that the actual outcome is usually hard to predict, depending on the
12.979 - behavior of the proof methods applied during the course of reasoning. Note
12.980 - that most semi-automated methods heavily depend on several kinds of implicit
12.981 - rule declarations within the current theory context. As this would also
12.982 - result in non-compositional checking of sub-proofs, \emph{local goals} are
12.983 - not allowed to be schematic at all. Nevertheless, schematic goals do have
12.984 - their use in Prolog-style interactive synthesis of proven results, usually
12.985 - by stepwise refinement via emulation of traditional Isabelle tactic scripts
12.986 - (see also \S\ref{sec:tactic-commands}). In any case, users should know what
12.987 - they are doing.
12.988 -\end{warn}
12.989 -
12.990 -
12.991 -\subsection{Initial and terminal proof steps}\label{sec:proof-steps}
12.992 -
12.993 -\indexisarcmd{proof}\indexisarcmd{qed}\indexisarcmd{by}
12.994 -\indexisarcmd{.}\indexisarcmd{..}\indexisarcmd{sorry}
12.995 -\begin{matharray}{rcl}
12.996 - \isarcmd{proof} & : & \isartrans{proof(prove)}{proof(state)} \\
12.997 - \isarcmd{qed} & : & \isartrans{proof(state)}{proof(state) ~|~ theory} \\
12.998 - \isarcmd{by} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
12.999 - \isarcmd{.\,.} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
12.1000 - \isarcmd{.} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
12.1001 - \isarcmd{sorry} & : & \isartrans{proof(prove)}{proof(state) ~|~ theory} \\
12.1002 -\end{matharray}
12.1003 -
12.1004 -Arbitrary goal refinement via tactics is considered harmful. Properly, the
12.1005 -Isar framework admits proof methods to be invoked in two places only.
12.1006 -\begin{enumerate}
12.1007 -\item An \emph{initial} refinement step $\PROOF{m@1}$ reduces a newly stated
12.1008 - goal to a number of sub-goals that are to be solved later. Facts are passed
12.1009 - to $m@1$ for forward chaining, if so indicated by $proof(chain)$ mode.
12.1010 -
12.1011 -\item A \emph{terminal} conclusion step $\QED{m@2}$ is intended to solve
12.1012 - remaining goals. No facts are passed to $m@2$.
12.1013 -\end{enumerate}
12.1014 -
12.1015 -The only other (proper) way to affect pending goals in a proof body is by
12.1016 -$\SHOWNAME$, which involves an explicit statement of what is to be solved
12.1017 -eventually. Thus we avoid the fundamental problem of unstructured tactic
12.1018 -scripts that consist of numerous consecutive goal transformations, with
12.1019 -invisible effects.
12.1020 -
12.1021 -\medskip
12.1022 -
12.1023 -As a general rule of thumb for good proof style, initial proof methods should
12.1024 -either solve the goal completely, or constitute some well-understood reduction
12.1025 -to new sub-goals. Arbitrary automatic proof tools that are prone leave a
12.1026 -large number of badly structured sub-goals are no help in continuing the proof
12.1027 -document in an intelligible manner.
12.1028 -
12.1029 -Unless given explicitly by the user, the default initial method is ``$rule$'',
12.1030 -which applies a single standard elimination or introduction rule according to
12.1031 -the topmost symbol involved. There is no separate default terminal method.
12.1032 -Any remaining goals are always solved by assumption in the very last step.
12.1033 -
12.1034 -\begin{rail}
12.1035 - 'proof' method?
12.1036 - ;
12.1037 - 'qed' method?
12.1038 - ;
12.1039 - 'by' method method?
12.1040 - ;
12.1041 - ('.' | '..' | 'sorry')
12.1042 - ;
12.1043 -\end{rail}
12.1044 -
12.1045 -\begin{descr}
12.1046 -
12.1047 -\item [$\PROOF{m@1}$] refines the goal by proof method $m@1$; facts for
12.1048 - forward chaining are passed if so indicated by $proof(chain)$ mode.
12.1049 -
12.1050 -\item [$\QED{m@2}$] refines any remaining goals by proof method $m@2$ and
12.1051 - concludes the sub-proof by assumption. If the goal had been $\SHOWNAME$ (or
12.1052 - $\THUSNAME$), some pending sub-goal is solved as well by the rule resulting
12.1053 - from the result \emph{exported} into the enclosing goal context. Thus
12.1054 - $\QEDNAME$ may fail for two reasons: either $m@2$ fails, or the resulting
12.1055 - rule does not fit to any pending goal\footnote{This includes any additional
12.1056 - ``strong'' assumptions as introduced by $\ASSUMENAME$.} of the enclosing
12.1057 - context. Debugging such a situation might involve temporarily changing
12.1058 - $\SHOWNAME$ into $\HAVENAME$, or weakening the local context by replacing
12.1059 - occurrences of $\ASSUMENAME$ by $\PRESUMENAME$.
12.1060 -
12.1061 -\item [$\BYY{m@1}{m@2}$] is a \emph{terminal proof}\index{proof!terminal}; it
12.1062 - abbreviates $\PROOF{m@1}~\QED{m@2}$, but with backtracking across both
12.1063 - methods. Debugging an unsuccessful $\BYY{m@1}{m@2}$ commands might be done
12.1064 - by expanding its definition; in many cases $\PROOF{m@1}$ (or even
12.1065 - $\APPLY{m@1}$) is already sufficient to see the problem.
12.1066 -
12.1067 -\item [``$\DDOT$''] is a \emph{default proof}\index{proof!default}; it
12.1068 - abbreviates $\BY{rule}$.
12.1069 -
12.1070 -\item [``$\DOT$''] is a \emph{trivial proof}\index{proof!trivial}; it
12.1071 - abbreviates $\BY{this}$.
12.1072 -
12.1073 -\item [$\SORRY$] is a \emph{fake proof}\index{proof!fake} pretending to solve
12.1074 - the pending claim without further ado. This only works in interactive
12.1075 - development, or if the \texttt{quick_and_dirty} flag is enabled. Facts
12.1076 - emerging from fake proofs are not the real thing. Internally, each theorem
12.1077 - container is tainted by an oracle invocation, which is indicated as
12.1078 - ``$[!]$'' in the printed result.
12.1079 -
12.1080 - The most important application of $\SORRY$ is to support experimentation and
12.1081 - top-down proof development.
12.1082 -\end{descr}
12.1083 -
12.1084 -
12.1085 -\subsection{Fundamental methods and attributes}\label{sec:pure-meth-att}
12.1086 -
12.1087 -The following proof methods and attributes refer to basic logical operations
12.1088 -of Isar. Further methods and attributes are provided by several generic and
12.1089 -object-logic specific tools and packages (see chapters \ref{ch:gen-tools} and
12.1090 -\ref{ch:logics}).
12.1091 -
12.1092 -\indexisarmeth{$-$}\indexisarmeth{fact}\indexisarmeth{assumption}
12.1093 -\indexisarmeth{this}\indexisarmeth{rule}\indexisarmeth{iprover}
12.1094 -\indexisarattof{Pure}{intro}\indexisarattof{Pure}{elim}
12.1095 -\indexisarattof{Pure}{dest}\indexisarattof{Pure}{rule}
12.1096 -\indexisaratt{OF}\indexisaratt{of}\indexisaratt{where}
12.1097 -\begin{matharray}{rcl}
12.1098 - - & : & \isarmeth \\
12.1099 - fact & : & \isarmeth \\
12.1100 - assumption & : & \isarmeth \\
12.1101 - this & : & \isarmeth \\
12.1102 - rule & : & \isarmeth \\
12.1103 - iprover & : & \isarmeth \\[0.5ex]
12.1104 - intro & : & \isaratt \\
12.1105 - elim & : & \isaratt \\
12.1106 - dest & : & \isaratt \\
12.1107 - rule & : & \isaratt \\[0.5ex]
12.1108 - OF & : & \isaratt \\
12.1109 - of & : & \isaratt \\
12.1110 - where & : & \isaratt \\
12.1111 -\end{matharray}
12.1112 -
12.1113 -\begin{rail}
12.1114 - 'fact' thmrefs?
12.1115 - ;
12.1116 - 'rule' thmrefs?
12.1117 - ;
12.1118 - 'iprover' ('!' ?) (rulemod *)
12.1119 - ;
12.1120 - rulemod: ('intro' | 'elim' | 'dest') ((('!' | () | '?') nat?) | 'del') ':' thmrefs
12.1121 - ;
12.1122 - ('intro' | 'elim' | 'dest') ('!' | () | '?') nat?
12.1123 - ;
12.1124 - 'rule' 'del'
12.1125 - ;
12.1126 - 'OF' thmrefs
12.1127 - ;
12.1128 - 'of' insts ('concl' ':' insts)?
12.1129 - ;
12.1130 - 'where' ((name | var | typefree | typevar) '=' (type | term) * 'and')
12.1131 - ;
12.1132 -\end{rail}
12.1133 -
12.1134 -\begin{descr}
12.1135 -
12.1136 -\item [``$-$''] does nothing but insert the forward chaining facts as premises
12.1137 - into the goal. Note that command $\PROOFNAME$ without any method actually
12.1138 - performs a single reduction step using the $rule$ method; thus a plain
12.1139 - \emph{do-nothing} proof step would be ``$\PROOF{-}$'' rather than
12.1140 - $\PROOFNAME$ alone.
12.1141 -
12.1142 -\item [$fact~\vec a$] composes any previous fact from $\vec a$ (or implicitly
12.1143 - from the current proof context) modulo matching of schematic type and term
12.1144 - variables. The rule structure is not taken into account, i.e.\ meta-level
12.1145 - implication is considered atomic. This is the same principle underlying
12.1146 - literal facts (cf.\ \S\ref{sec:syn-att}): ``$\HAVE{}{\phi}~\BY{fact}$'' is
12.1147 - equivalent to ``$\NOTE{}{\backquote\phi\backquote}$'' provided that $\edrv
12.1148 - \phi$ is an instance of some known $\edrv \phi$ in the proof context.
12.1149 -
12.1150 -\item [$assumption$] solves some goal by a single assumption step. All given
12.1151 - facts are guaranteed to participate in the refinement; this means there may
12.1152 - be only $0$ or $1$ in the first place. Recall that $\QEDNAME$ (see
12.1153 - \S\ref{sec:proof-steps}) already concludes any remaining sub-goals by
12.1154 - assumption, so structured proofs usually need not quote the $assumption$
12.1155 - method at all.
12.1156 -
12.1157 -\item [$this$] applies all of the current facts directly as rules. Recall
12.1158 - that ``$\DOT$'' (dot) abbreviates ``$\BY{this}$''.
12.1159 -
12.1160 -\item [$rule~\vec a$] applies some rule given as argument in backward manner;
12.1161 - facts are used to reduce the rule before applying it to the goal. Thus
12.1162 - $rule$ without facts is plain introduction, while with facts it becomes
12.1163 - elimination.
12.1164 -
12.1165 - When no arguments are given, the $rule$ method tries to pick appropriate
12.1166 - rules automatically, as declared in the current context using the $intro$,
12.1167 - $elim$, $dest$ attributes (see below). This is the default behavior of
12.1168 - $\PROOFNAME$ and ``$\DDOT$'' (double-dot) steps (see
12.1169 - \S\ref{sec:proof-steps}).
12.1170 -
12.1171 -\item [$iprover$] performs intuitionistic proof search, depending on
12.1172 - specifically declared rules from the context, or given as explicit
12.1173 - arguments. Chained facts are inserted into the goal before commencing proof
12.1174 - search; ``$iprover!$'' means to include the current $prems$ as well.
12.1175 -
12.1176 - Rules need to be classified as $intro$, $elim$, or $dest$; here the ``$!$''
12.1177 - indicator refers to ``safe'' rules, which may be applied aggressively
12.1178 - (without considering back-tracking later). Rules declared with ``$?$'' are
12.1179 - ignored in proof search (the single-step $rule$ method still observes
12.1180 - these). An explicit weight annotation may be given as well; otherwise the
12.1181 - number of rule premises will be taken into account here.
12.1182 -
12.1183 -\item [$intro$, $elim$, and $dest$] declare introduction, elimination, and
12.1184 - destruct rules, to be used with the $rule$ and $iprover$ methods. Note that
12.1185 - the latter will ignore rules declared with ``$?$'', while ``$!$'' are used
12.1186 - most aggressively.
12.1187 -
12.1188 - The classical reasoner (see \S\ref{sec:classical}) introduces its own
12.1189 - variants of these attributes; use qualified names to access the present
12.1190 - versions of Isabelle/Pure, i.e.\ $Pure{\dtt}intro$ or $CPure{\dtt}intro$.
12.1191 -
12.1192 -\item [$rule~del$] undeclares introduction, elimination, or destruct rules.
12.1193 -
12.1194 -\item [$OF~\vec a$] applies some theorem to given rules $\vec a$ (in
12.1195 - parallel). This corresponds to the \texttt{MRS} operator in ML
12.1196 - \cite[\S5]{isabelle-ref}, but note the reversed order. Positions may be
12.1197 - effectively skipped by including ``$\_$'' (underscore) as argument.
12.1198 -
12.1199 -\item [$of~\vec t$] performs positional instantiation of term variables. The
12.1200 - terms $\vec t$ are substituted for any schematic variables occurring in a
12.1201 - theorem from left to right; ``\texttt{_}'' (underscore) indicates to skip a
12.1202 - position. Arguments following a ``$concl\colon$'' specification refer to
12.1203 - positions of the conclusion of a rule.
12.1204 -
12.1205 -\item [$where~\vec x = \vec t$] performs named instantiation of schematic type
12.1206 - and term variables occurring in a theorem. Schematic variables have to be
12.1207 - specified on the left-hand side (e.g.\ $?x1\!.\!3$). The question mark may
12.1208 - be omitted if the variable name is a plain identifier without index. As
12.1209 - type instantiations are inferred from term instantiations, explicit type
12.1210 - instantiations are seldom necessary.
12.1211 -
12.1212 -\end{descr}
12.1213 -
12.1214 -
12.1215 -\subsection{Term abbreviations}\label{sec:term-abbrev}
12.1216 -
12.1217 -\indexisarcmd{let}
12.1218 -\begin{matharray}{rcl}
12.1219 - \isarcmd{let} & : & \isartrans{proof(state)}{proof(state)} \\
12.1220 - \isarkeyword{is} & : & syntax \\
12.1221 -\end{matharray}
12.1222 -
12.1223 -Abbreviations may be either bound by explicit $\LET{p \equiv t}$ statements,
12.1224 -or by annotating assumptions or goal statements with a list of patterns
12.1225 -``$\ISS{p@1\;\dots}{p@n}$''. In both cases, higher-order matching is invoked
12.1226 -to bind extra-logical term variables, which may be either named schematic
12.1227 -variables of the form $\Var{x}$, or nameless dummies ``\texttt{_}''
12.1228 -(underscore).\indexisarvar{_@\texttt{_}} Note that in the $\LETNAME$ form the
12.1229 -patterns occur on the left-hand side, while the $\ISNAME$ patterns are in
12.1230 -postfix position.
12.1231 -
12.1232 -Polymorphism of term bindings is handled in Hindley-Milner style, similar to
12.1233 -ML. Type variables referring to local assumptions or open goal statements are
12.1234 -\emph{fixed}, while those of finished results or bound by $\LETNAME$ may occur
12.1235 -in \emph{arbitrary} instances later. Even though actual polymorphism should
12.1236 -be rarely used in practice, this mechanism is essential to achieve proper
12.1237 -incremental type-inference, as the user proceeds to build up the Isar proof
12.1238 -text from left to right.
12.1239 -
12.1240 -\medskip
12.1241 -
12.1242 -Term abbreviations are quite different from local definitions as introduced
12.1243 -via $\DEFNAME$ (see \S\ref{sec:proof-context}). The latter are visible within
12.1244 -the logic as actual equations, while abbreviations disappear during the input
12.1245 -process just after type checking. Also note that $\DEFNAME$ does not support
12.1246 -polymorphism.
12.1247 -
12.1248 -\begin{rail}
12.1249 - 'let' ((term + 'and') '=' term + 'and')
12.1250 - ;
12.1251 -\end{rail}
12.1252 -
12.1253 -The syntax of $\ISNAME$ patterns follows \railnonterm{termpat} or
12.1254 -\railnonterm{proppat} (see \S\ref{sec:term-decls}).
12.1255 -
12.1256 -\begin{descr}
12.1257 -\item [$\LET{\vec p = \vec t}$] binds any text variables in patters $\vec p$
12.1258 - by simultaneous higher-order matching against terms $\vec t$.
12.1259 -\item [$\IS{\vec p}$] resembles $\LETNAME$, but matches $\vec p$ against the
12.1260 - preceding statement. Also note that $\ISNAME$ is not a separate command,
12.1261 - but part of others (such as $\ASSUMENAME$, $\HAVENAME$ etc.).
12.1262 -\end{descr}
12.1263 -
12.1264 -Some \emph{automatic} term abbreviations\index{term abbreviations} for goals
12.1265 -and facts are available as well. For any open goal,
12.1266 -$\Var{thesis}$\indexisarvar{thesis} refers to its object-level statement,
12.1267 -abstracted over any meta-level parameters (if present). Likewise,
12.1268 -$\Var{this}$\indexisarvar{this} is bound for fact statements resulting from
12.1269 -assumptions or finished goals. In case $\Var{this}$ refers to an object-logic
12.1270 -statement that is an application $f(t)$, then $t$ is bound to the special text
12.1271 -variable ``$\dots$''\indexisarvar{\dots} (three dots). The canonical
12.1272 -application of the latter are calculational proofs (see
12.1273 -\S\ref{sec:calculation}).
12.1274 -
12.1275 -
12.1276 -\subsection{Block structure}
12.1277 -
12.1278 -\indexisarcmd{next}\indexisarcmd{\{}\indexisarcmd{\}}
12.1279 -\begin{matharray}{rcl}
12.1280 - \NEXT & : & \isartrans{proof(state)}{proof(state)} \\
12.1281 - \BG & : & \isartrans{proof(state)}{proof(state)} \\
12.1282 - \EN & : & \isartrans{proof(state)}{proof(state)} \\
12.1283 -\end{matharray}
12.1284 -
12.1285 -While Isar is inherently block-structured, opening and closing blocks is
12.1286 -mostly handled rather casually, with little explicit user-intervention. Any
12.1287 -local goal statement automatically opens \emph{two} blocks, which are closed
12.1288 -again when concluding the sub-proof (by $\QEDNAME$ etc.). Sections of
12.1289 -different context within a sub-proof may be switched via $\NEXT$, which is
12.1290 -just a single block-close followed by block-open again. The effect of $\NEXT$
12.1291 -is to reset the local proof context; there is no goal focus involved here!
12.1292 -
12.1293 -For slightly more advanced applications, there are explicit block parentheses
12.1294 -as well. These typically achieve a stronger forward style of reasoning.
12.1295 -
12.1296 -\begin{descr}
12.1297 -\item [$\NEXT$] switches to a fresh block within a sub-proof, resetting the
12.1298 - local context to the initial one.
12.1299 -\item [$\BG$ and $\EN$] explicitly open and close blocks. Any current facts
12.1300 - pass through ``$\BG$'' unchanged, while ``$\EN$'' causes any result to be
12.1301 - \emph{exported} into the enclosing context. Thus fixed variables are
12.1302 - generalized, assumptions discharged, and local definitions unfolded (cf.\
12.1303 - \S\ref{sec:proof-context}). There is no difference of $\ASSUMENAME$ and
12.1304 - $\PRESUMENAME$ in this mode of forward reasoning --- in contrast to plain
12.1305 - backward reasoning with the result exported at $\SHOWNAME$ time.
12.1306 -\end{descr}
12.1307 -
12.1308 -
12.1309 -\subsection{Emulating tactic scripts}\label{sec:tactic-commands}
12.1310 -
12.1311 -The Isar provides separate commands to accommodate tactic-style proof scripts
12.1312 -within the same system. While being outside the orthodox Isar proof language,
12.1313 -these might come in handy for interactive exploration and debugging, or even
12.1314 -actual tactical proof within new-style theories (to benefit from document
12.1315 -preparation, for example). See also \S\ref{sec:tactics} for actual tactics,
12.1316 -that have been encapsulated as proof methods. Proper proof methods may be
12.1317 -used in scripts, too.
12.1318 -
12.1319 -\indexisarcmd{apply}\indexisarcmd{apply-end}\indexisarcmd{done}
12.1320 -\indexisarcmd{defer}\indexisarcmd{prefer}\indexisarcmd{back}
12.1321 -\begin{matharray}{rcl}
12.1322 - \isarcmd{apply}^* & : & \isartrans{proof(prove)}{proof(prove)} \\
12.1323 - \isarcmd{apply_end}^* & : & \isartrans{proof(state)}{proof(state)} \\
12.1324 - \isarcmd{done}^* & : & \isartrans{proof(prove)}{proof(state)} \\
12.1325 - \isarcmd{defer}^* & : & \isartrans{proof}{proof} \\
12.1326 - \isarcmd{prefer}^* & : & \isartrans{proof}{proof} \\
12.1327 - \isarcmd{back}^* & : & \isartrans{proof}{proof} \\
12.1328 -\end{matharray}
12.1329 -
12.1330 -\begin{rail}
12.1331 - ( 'apply' | 'apply\_end' ) method
12.1332 - ;
12.1333 - 'defer' nat?
12.1334 - ;
12.1335 - 'prefer' nat
12.1336 - ;
12.1337 -\end{rail}
12.1338 -
12.1339 -\begin{descr}
12.1340 -
12.1341 -\item [$\APPLY{m}$] applies proof method $m$ in initial position, but unlike
12.1342 - $\PROOFNAME$ it retains ``$proof(prove)$'' mode. Thus consecutive method
12.1343 - applications may be given just as in tactic scripts.
12.1344 -
12.1345 - Facts are passed to $m$ as indicated by the goal's forward-chain mode, and
12.1346 - are \emph{consumed} afterwards. Thus any further $\APPLYNAME$ command would
12.1347 - always work in a purely backward manner.
12.1348 -
12.1349 -\item [$\isarkeyword{apply_end}~(m)$] applies proof method $m$ as if in
12.1350 - terminal position. Basically, this simulates a multi-step tactic script for
12.1351 - $\QEDNAME$, but may be given anywhere within the proof body.
12.1352 -
12.1353 - No facts are passed to $m$. Furthermore, the static context is that of the
12.1354 - enclosing goal (as for actual $\QEDNAME$). Thus the proof method may not
12.1355 - refer to any assumptions introduced in the current body, for example.
12.1356 -
12.1357 -\item [$\isarkeyword{done}$] completes a proof script, provided that the
12.1358 - current goal state is solved completely. Note that actual structured proof
12.1359 - commands (e.g.\ ``$\DOT$'' or $\SORRY$) may be used to conclude proof
12.1360 - scripts as well.
12.1361 -
12.1362 -\item [$\isarkeyword{defer}~n$ and $\isarkeyword{prefer}~n$] shuffle the list
12.1363 - of pending goals: $defer$ puts off goal $n$ to the end of the list ($n = 1$
12.1364 - by default), while $prefer$ brings goal $n$ to the top.
12.1365 -
12.1366 -\item [$\isarkeyword{back}$] does back-tracking over the result sequence of
12.1367 - the latest proof command. Basically, any proof command may return multiple
12.1368 - results.
12.1369 -
12.1370 -\end{descr}
12.1371 -
12.1372 -Any proper Isar proof method may be used with tactic script commands such as
12.1373 -$\APPLYNAME$. A few additional emulations of actual tactics are provided as
12.1374 -well; these would be never used in actual structured proofs, of course.
12.1375 -
12.1376 -
12.1377 -\subsection{Meta-linguistic features}
12.1378 -
12.1379 -\indexisarcmd{oops}
12.1380 -\begin{matharray}{rcl}
12.1381 - \isarcmd{oops} & : & \isartrans{proof}{theory} \\
12.1382 -\end{matharray}
12.1383 -
12.1384 -The $\OOPS$ command discontinues the current proof attempt, while considering
12.1385 -the partial proof text as properly processed. This is conceptually quite
12.1386 -different from ``faking'' actual proofs via $\SORRY$ (see
12.1387 -\S\ref{sec:proof-steps}): $\OOPS$ does not observe the proof structure at all,
12.1388 -but goes back right to the theory level. Furthermore, $\OOPS$ does not
12.1389 -produce any result theorem --- there is no intended claim to be able to
12.1390 -complete the proof anyhow.
12.1391 -
12.1392 -A typical application of $\OOPS$ is to explain Isar proofs \emph{within} the
12.1393 -system itself, in conjunction with the document preparation tools of Isabelle
12.1394 -described in \cite{isabelle-sys}. Thus partial or even wrong proof attempts
12.1395 -can be discussed in a logically sound manner. Note that the Isabelle {\LaTeX}
12.1396 -macros can be easily adapted to print something like ``$\dots$'' instead of an
12.1397 -``$\OOPS$'' keyword.
12.1398 -
12.1399 -\medskip The $\OOPS$ command is undo-able, unlike $\isarkeyword{kill}$ (see
12.1400 -\S\ref{sec:history}). The effect is to get back to the theory just before the
12.1401 -opening of the proof.
12.1402 -
12.1403 -
12.1404 -\section{Other commands}
12.1405 -
12.1406 -\subsection{Diagnostics}
12.1407 -
12.1408 -\indexisarcmd{pr}\indexisarcmd{thm}\indexisarcmd{term}
12.1409 -\indexisarcmd{prop}\indexisarcmd{typ}
12.1410 -\begin{matharray}{rcl}
12.1411 - \isarcmd{pr}^* & : & \isarkeep{\cdot} \\
12.1412 - \isarcmd{thm}^* & : & \isarkeep{theory~|~proof} \\
12.1413 - \isarcmd{term}^* & : & \isarkeep{theory~|~proof} \\
12.1414 - \isarcmd{prop}^* & : & \isarkeep{theory~|~proof} \\
12.1415 - \isarcmd{typ}^* & : & \isarkeep{theory~|~proof} \\
12.1416 - \isarcmd{prf}^* & : & \isarkeep{theory~|~proof} \\
12.1417 - \isarcmd{full_prf}^* & : & \isarkeep{theory~|~proof} \\
12.1418 -\end{matharray}
12.1419 -
12.1420 -These diagnostic commands assist interactive development. Note that $undo$
12.1421 -does not apply here, the theory or proof configuration is not changed.
12.1422 -
12.1423 -\begin{rail}
12.1424 - 'pr' modes? nat? (',' nat)?
12.1425 - ;
12.1426 - 'thm' modes? thmrefs
12.1427 - ;
12.1428 - 'term' modes? term
12.1429 - ;
12.1430 - 'prop' modes? prop
12.1431 - ;
12.1432 - 'typ' modes? type
12.1433 - ;
12.1434 - 'prf' modes? thmrefs?
12.1435 - ;
12.1436 - 'full\_prf' modes? thmrefs?
12.1437 - ;
12.1438 -
12.1439 - modes: '(' (name + ) ')'
12.1440 - ;
12.1441 -\end{rail}
12.1442 -
12.1443 -\begin{descr}
12.1444 -\item [$\isarkeyword{pr}~goals, prems$] prints the current proof state (if
12.1445 - present), including the proof context, current facts and goals. The
12.1446 - optional limit arguments affect the number of goals and premises to be
12.1447 - displayed, which is initially 10 for both. Omitting limit values leaves the
12.1448 - current setting unchanged.
12.1449 -\item [$\isarkeyword{thm}~\vec a$] retrieves theorems from the current theory
12.1450 - or proof context. Note that any attributes included in the theorem
12.1451 - specifications are applied to a temporary context derived from the current
12.1452 - theory or proof; the result is discarded, i.e.\ attributes involved in $\vec
12.1453 - a$ do not have any permanent effect.
12.1454 -\item [$\isarkeyword{term}~t$ and $\isarkeyword{prop}~\phi$] read, type-check
12.1455 - and print terms or propositions according to the current theory or proof
12.1456 - context; the inferred type of $t$ is output as well. Note that these
12.1457 - commands are also useful in inspecting the current environment of term
12.1458 - abbreviations.
12.1459 -\item [$\isarkeyword{typ}~\tau$] reads and prints types of the meta-logic
12.1460 - according to the current theory or proof context.
12.1461 -\item [$\isarkeyword{prf}$] displays the (compact) proof term of the current
12.1462 - proof state (if present), or of the given theorems. Note that this
12.1463 - requires proof terms to be switched on for the current object logic
12.1464 - (see the ``Proof terms'' section of the Isabelle reference manual
12.1465 - for information on how to do this).
12.1466 -\item [$\isarkeyword{full_prf}$] is like $\isarkeyword{prf}$, but displays
12.1467 - the full proof term, i.e.\ also displays information omitted in
12.1468 - the compact proof term, which is denoted by ``$_$'' placeholders there.
12.1469 -\end{descr}
12.1470 -
12.1471 -All of the diagnostic commands above admit a list of $modes$ to be specified,
12.1472 -which is appended to the current print mode (see also \cite{isabelle-ref}).
12.1473 -Thus the output behavior may be modified according particular print mode
12.1474 -features. For example, $\isarkeyword{pr}~(latex~xsymbols~symbols)$ would
12.1475 -print the current proof state with mathematical symbols and special characters
12.1476 -represented in {\LaTeX} source, according to the Isabelle style
12.1477 -\cite{isabelle-sys}.
12.1478 -
12.1479 -Note that antiquotations (cf.\ \S\ref{sec:antiq}) provide a more systematic
12.1480 -way to include formal items into the printed text document.
12.1481 -
12.1482 -
12.1483 -\subsection{Inspecting the context}
12.1484 -
12.1485 -\indexisarcmd{print-facts}\indexisarcmd{print-binds}
12.1486 -\indexisarcmd{print-commands}\indexisarcmd{print-syntax}
12.1487 -\indexisarcmd{print-methods}\indexisarcmd{print-attributes}
12.1488 -\indexisarcmd{find-theorems}\indexisarcmd{thm-deps}
12.1489 -\indexisarcmd{print-theorems}\indexisarcmd{print-theory}
12.1490 -\begin{matharray}{rcl}
12.1491 - \isarcmd{print_commands}^* & : & \isarkeep{\cdot} \\
12.1492 - \isarcmd{print_theory}^* & : & \isarkeep{theory~|~proof} \\
12.1493 - \isarcmd{print_syntax}^* & : & \isarkeep{theory~|~proof} \\
12.1494 - \isarcmd{print_methods}^* & : & \isarkeep{theory~|~proof} \\
12.1495 - \isarcmd{print_attributes}^* & : & \isarkeep{theory~|~proof} \\
12.1496 - \isarcmd{print_theorems}^* & : & \isarkeep{theory~|~proof} \\
12.1497 - \isarcmd{find_theorems}^* & : & \isarkeep{theory~|~proof} \\
12.1498 - \isarcmd{thms_deps}^* & : & \isarkeep{theory~|~proof} \\
12.1499 - \isarcmd{print_facts}^* & : & \isarkeep{proof} \\
12.1500 - \isarcmd{print_binds}^* & : & \isarkeep{proof} \\
12.1501 -\end{matharray}
12.1502 -
12.1503 -\begin{rail}
12.1504 - 'print\_theory' ( '!'?)
12.1505 - ;
12.1506 -
12.1507 - 'find\_theorems' (('(' (nat)? ('with\_dups')? ')')?) (criterion *)
12.1508 - ;
12.1509 - criterion: ('-'?) ('name' ':' nameref | 'intro' | 'elim' | 'dest' |
12.1510 - 'simp' ':' term | term)
12.1511 - ;
12.1512 - 'thm\_deps' thmrefs
12.1513 - ;
12.1514 -\end{rail}
12.1515 -
12.1516 -These commands print certain parts of the theory and proof context. Note that
12.1517 -there are some further ones available, such as for the set of rules declared
12.1518 -for simplifications.
12.1519 -
12.1520 -\begin{descr}
12.1521 -
12.1522 -\item [$\isarkeyword{print_commands}$] prints Isabelle's outer theory syntax,
12.1523 - including keywords and command.
12.1524 -
12.1525 -\item [$\isarkeyword{print_theory}$] prints the main logical content
12.1526 - of the theory context; the ``$!$'' option indicates extra verbosity.
12.1527 -
12.1528 -\item [$\isarkeyword{print_syntax}$] prints the inner syntax of types and
12.1529 - terms, depending on the current context. The output can be very verbose,
12.1530 - including grammar tables and syntax translation rules. See \cite[\S7,
12.1531 - \S8]{isabelle-ref} for further information on Isabelle's inner syntax.
12.1532 -
12.1533 -\item [$\isarkeyword{print_methods}$] prints all proof methods available in
12.1534 - the current theory context.
12.1535 -
12.1536 -\item [$\isarkeyword{print_attributes}$] prints all attributes available in
12.1537 - the current theory context.
12.1538 -
12.1539 -\item [$\isarkeyword{print_theorems}$] prints theorems available in the
12.1540 - current theory context.
12.1541 -
12.1542 - In interactive mode this actually refers to the theorems left by the last
12.1543 - transaction; this allows to inspect the result of advanced definitional
12.1544 - packages, such as $\isarkeyword{datatype}$.
12.1545 -
12.1546 -\item [$\isarkeyword{find_theorems}~\vec c$] retrieves facts from the theory
12.1547 - or proof context matching all of the search criteria $\vec c$. The
12.1548 - criterion $name: p$ selects all theorems whose fully qualified name matches
12.1549 - pattern $p$, which may contain ``$*$'' wildcards. The criteria $intro$,
12.1550 - $elim$, and $dest$ select theorems that match the current goal as
12.1551 - introduction, elimination or destruction rules, respectively. The criterion
12.1552 - $simp: t$ selects all rewrite rules whose left-hand side matches the given
12.1553 - term. The criterion term $t$ selects all theorems that contain the pattern
12.1554 - $t$ -- as usual, patterns may contain occurrences of the dummy ``$\_$'',
12.1555 - schematic variables, and type constraints.
12.1556 -
12.1557 - Criteria can be preceded by ``$-$'' to select theorems that do \emph{not}
12.1558 - match. Note that giving the empty list of criteria yields \emph{all}
12.1559 - currently known facts. An optional limit for the number of printed facts
12.1560 - may be given; the default is 40. Per default, duplicates are removed from
12.1561 - the search result. Use $\isarkeyword{with_dups}$ to display duplicates.
12.1562 -
12.1563 -\item [$\isarkeyword{thm_deps}~\vec a$] visualizes dependencies of facts,
12.1564 - using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
12.1565 -
12.1566 -\item [$\isarkeyword{print_facts}$] prints all local facts of the
12.1567 - current context, both named and unnamed ones.
12.1568 -
12.1569 -\item [$\isarkeyword{print_binds}$] prints all term abbreviations present in
12.1570 - the context.
12.1571 -
12.1572 -\end{descr}
12.1573 -
12.1574 -
12.1575 -\subsection{History commands}\label{sec:history}
12.1576 -
12.1577 -\indexisarcmd{undo}\indexisarcmd{redo}\indexisarcmd{kill}
12.1578 -\begin{matharray}{rcl}
12.1579 - \isarcmd{undo}^{{*}{*}} & : & \isarkeep{\cdot} \\
12.1580 - \isarcmd{redo}^{{*}{*}} & : & \isarkeep{\cdot} \\
12.1581 - \isarcmd{kill}^{{*}{*}} & : & \isarkeep{\cdot} \\
12.1582 -\end{matharray}
12.1583 -
12.1584 -The Isabelle/Isar top-level maintains a two-stage history, for theory and
12.1585 -proof state transformation. Basically, any command can be undone using
12.1586 -$\isarkeyword{undo}$, excluding mere diagnostic elements. Its effect may be
12.1587 -revoked via $\isarkeyword{redo}$, unless the corresponding
12.1588 -$\isarkeyword{undo}$ step has crossed the beginning of a proof or theory. The
12.1589 -$\isarkeyword{kill}$ command aborts the current history node altogether,
12.1590 -discontinuing a proof or even the whole theory. This operation is \emph{not}
12.1591 -undo-able.
12.1592 -
12.1593 -\begin{warn}
12.1594 - History commands should never be used with user interfaces such as
12.1595 - Proof~General \cite{proofgeneral,Aspinall:TACAS:2000}, which takes care of
12.1596 - stepping forth and back itself. Interfering by manual $\isarkeyword{undo}$,
12.1597 - $\isarkeyword{redo}$, or even $\isarkeyword{kill}$ commands would quickly
12.1598 - result in utter confusion.
12.1599 -\end{warn}
12.1600 -
12.1601 -
12.1602 -\subsection{System operations}
12.1603 -
12.1604 -\indexisarcmd{cd}\indexisarcmd{pwd}\indexisarcmd{use-thy}\indexisarcmd{update-thy}
12.1605 -\indexisarcmd{display-drafts}\indexisarcmd{print-drafts}
12.1606 -\begin{matharray}{rcl}
12.1607 - \isarcmd{cd}^* & : & \isarkeep{\cdot} \\
12.1608 - \isarcmd{pwd}^* & : & \isarkeep{\cdot} \\
12.1609 - \isarcmd{use_thy}^* & : & \isarkeep{\cdot} \\
12.1610 - \isarcmd{update_thy}^* & : & \isarkeep{\cdot} \\
12.1611 - \isarcmd{display_drafts}^* & : & \isarkeep{\cdot} \\
12.1612 - \isarcmd{print_drafts}^* & : & \isarkeep{\cdot} \\
12.1613 -\end{matharray}
12.1614 -
12.1615 -\begin{rail}
12.1616 - ('cd' | 'use\_thy' | 'update\_thy') name
12.1617 - ;
12.1618 - ('display\_drafts' | 'print\_drafts') (name +)
12.1619 - ;
12.1620 -\end{rail}
12.1621 -
12.1622 -\begin{descr}
12.1623 -\item [$\isarkeyword{cd}~path$] changes the current directory of the Isabelle
12.1624 - process.
12.1625 -\item [$\isarkeyword{pwd}~$] prints the current working directory.
12.1626 -\item [$\isarkeyword{use_thy}$ and $\isarkeyword{update_thy}$] preload
12.1627 - some theory given as $name$ argument. These system commands are
12.1628 - scarcely used when working interactively, since loading of theories
12.1629 - is done transparently.
12.1630 -\item [$\isarkeyword{display_drafts}~paths$ and
12.1631 - $\isarkeyword{print_drafts}~paths$] perform simple output of a given list of
12.1632 - raw source files. Only those symbols that do not require additional
12.1633 - {\LaTeX} packages are displayed properly, everything else is left verbatim.
12.1634 -\end{descr}
12.1635 -
12.1636 -%%% Local Variables:
12.1637 -%%% mode: latex
12.1638 -%%% TeX-master: "isar-ref"
12.1639 -%%% End:
13.1 --- a/doc-src/IsarRef/style.sty Fri May 02 16:32:51 2008 +0200
13.2 +++ b/doc-src/IsarRef/style.sty Fri May 02 16:36:05 2008 +0200
13.3 @@ -36,9 +36,7 @@
13.4 \newcommand{\isasymGUESS}{\isakeyword{guess}}
13.5 \newcommand{\isasymOBTAIN}{\isakeyword{obtain}}
13.6 \newcommand{\isasymTHEORY}{\isakeyword{theory}}
13.7 -\newcommand{\isasymIMPORTS}{\isakeyword{imports}}
13.8 \newcommand{\isasymUSES}{\isakeyword{uses}}
13.9 -\newcommand{\isasymBEGIN}{\isakeyword{begin}}
13.10 \newcommand{\isasymEND}{\isakeyword{end}}
13.11 \newcommand{\isasymCONSTS}{\isakeyword{consts}}
13.12 \newcommand{\isasymDEFS}{\isakeyword{defs}}