1.1 --- a/doc-src/IsarImplementation/IsaMakefile Mon Feb 16 20:25:21 2009 +0100
1.2 +++ b/doc-src/IsarImplementation/IsaMakefile Mon Feb 16 20:47:44 2009 +0100
1.3 @@ -21,9 +21,9 @@
1.4
1.5 Thy: $(LOG)/Pure-Thy.gz
1.6
1.7 -$(LOG)/Pure-Thy.gz: Thy/ROOT.ML Thy/base.thy Thy/integration.thy Thy/isar.thy \
1.8 - Thy/locale.thy Thy/logic.thy Thy/prelim.thy Thy/proof.thy Thy/tactic.thy \
1.9 - Thy/ML.thy ../antiquote_setup.ML
1.10 +$(LOG)/Pure-Thy.gz: Thy/ROOT.ML Thy/Base.thy Thy/Integration.thy \
1.11 + Thy/Isar.thy Thy/Local_Theory.thy Thy/Logic.thy Thy/Prelim.thy \
1.12 + Thy/Proof.thy Thy/Tactic.thy Thy/ML.thy ../antiquote_setup.ML
1.13 @$(USEDIR) Pure Thy
1.14
1.15
2.1 --- a/doc-src/IsarImplementation/Makefile Mon Feb 16 20:25:21 2009 +0100
2.2 +++ b/doc-src/IsarImplementation/Makefile Mon Feb 16 20:47:44 2009 +0100
2.3 @@ -1,6 +1,3 @@
2.4 -#
2.5 -# $Id$
2.6 -#
2.7
2.8 ## targets
2.9
2.10 @@ -15,10 +12,10 @@
2.11
2.12 NAME = implementation
2.13
2.14 -FILES = implementation.tex intro.tex Thy/document/prelim.tex \
2.15 - Thy/document/logic.tex Thy/document/tactic.tex \
2.16 - Thy/document/proof.tex Thy/document/locale.tex \
2.17 - Thy/document/integration.tex style.sty ../iman.sty ../extra.sty \
2.18 +FILES = implementation.tex Thy/document/Prelim.tex \
2.19 + Thy/document/Logic.tex Thy/document/Tactic.tex \
2.20 + Thy/document/Proof.tex Thy/document/Local_Theory.tex \
2.21 + Thy/document/Integration.tex style.sty ../iman.sty ../extra.sty \
2.22 ../isar.sty ../isabelle.sty ../isabellesym.sty ../pdfsetup.sty \
2.23 ../manual.bib ../proof.sty
2.24
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2 +++ b/doc-src/IsarImplementation/Thy/Base.thy Mon Feb 16 20:47:44 2009 +0100
3.3 @@ -0,0 +1,6 @@
3.4 +theory Base
3.5 +imports Pure
3.6 +uses "../../antiquote_setup.ML"
3.7 +begin
3.8 +
3.9 +end
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
4.2 +++ b/doc-src/IsarImplementation/Thy/Integration.thy Mon Feb 16 20:47:44 2009 +0100
4.3 @@ -0,0 +1,425 @@
4.4 +theory Integration
4.5 +imports Base
4.6 +begin
4.7 +
4.8 +chapter {* System integration *}
4.9 +
4.10 +section {* Isar toplevel \label{sec:isar-toplevel} *}
4.11 +
4.12 +text {* The Isar toplevel may be considered the centeral hub of the
4.13 + Isabelle/Isar system, where all key components and sub-systems are
4.14 + integrated into a single read-eval-print loop of Isar commands. We
4.15 + shall even incorporate the existing {\ML} toplevel of the compiler
4.16 + and run-time system (cf.\ \secref{sec:ML-toplevel}).
4.17 +
4.18 + Isabelle/Isar departs from the original ``LCF system architecture''
4.19 + where {\ML} was really The Meta Language for defining theories and
4.20 + conducting proofs. Instead, {\ML} now only serves as the
4.21 + implementation language for the system (and user extensions), while
4.22 + the specific Isar toplevel supports the concepts of theory and proof
4.23 + development natively. This includes the graph structure of theories
4.24 + and the block structure of proofs, support for unlimited undo,
4.25 + facilities for tracing, debugging, timing, profiling etc.
4.26 +
4.27 + \medskip The toplevel maintains an implicit state, which is
4.28 + transformed by a sequence of transitions -- either interactively or
4.29 + in batch-mode. In interactive mode, Isar state transitions are
4.30 + encapsulated as safe transactions, such that both failure and undo
4.31 + are handled conveniently without destroying the underlying draft
4.32 + theory (cf.~\secref{sec:context-theory}). In batch mode,
4.33 + transitions operate in a linear (destructive) fashion, such that
4.34 + error conditions abort the present attempt to construct a theory or
4.35 + proof altogether.
4.36 +
4.37 + The toplevel state is a disjoint sum of empty @{text toplevel}, or
4.38 + @{text theory}, or @{text proof}. On entering the main Isar loop we
4.39 + start with an empty toplevel. A theory is commenced by giving a
4.40 + @{text \<THEORY>} header; within a theory we may issue theory
4.41 + commands such as @{text \<DEFINITION>}, or state a @{text
4.42 + \<THEOREM>} to be proven. Now we are within a proof state, with a
4.43 + rich collection of Isar proof commands for structured proof
4.44 + composition, or unstructured proof scripts. When the proof is
4.45 + concluded we get back to the theory, which is then updated by
4.46 + storing the resulting fact. Further theory declarations or theorem
4.47 + statements with proofs may follow, until we eventually conclude the
4.48 + theory development by issuing @{text \<END>}. The resulting theory
4.49 + is then stored within the theory database and we are back to the
4.50 + empty toplevel.
4.51 +
4.52 + In addition to these proper state transformations, there are also
4.53 + some diagnostic commands for peeking at the toplevel state without
4.54 + modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term},
4.55 + \isakeyword{print-cases}).
4.56 +*}
4.57 +
4.58 +text %mlref {*
4.59 + \begin{mldecls}
4.60 + @{index_ML_type Toplevel.state} \\
4.61 + @{index_ML Toplevel.UNDEF: "exn"} \\
4.62 + @{index_ML Toplevel.is_toplevel: "Toplevel.state -> bool"} \\
4.63 + @{index_ML Toplevel.theory_of: "Toplevel.state -> theory"} \\
4.64 + @{index_ML Toplevel.proof_of: "Toplevel.state -> Proof.state"} \\
4.65 + @{index_ML Toplevel.debug: "bool ref"} \\
4.66 + @{index_ML Toplevel.timing: "bool ref"} \\
4.67 + @{index_ML Toplevel.profiling: "int ref"} \\
4.68 + \end{mldecls}
4.69 +
4.70 + \begin{description}
4.71 +
4.72 + \item @{ML_type Toplevel.state} represents Isar toplevel states,
4.73 + which are normally manipulated through the concept of toplevel
4.74 + transitions only (\secref{sec:toplevel-transition}). Also note that
4.75 + a raw toplevel state is subject to the same linearity restrictions
4.76 + as a theory context (cf.~\secref{sec:context-theory}).
4.77 +
4.78 + \item @{ML Toplevel.UNDEF} is raised for undefined toplevel
4.79 + operations. Many operations work only partially for certain cases,
4.80 + since @{ML_type Toplevel.state} is a sum type.
4.81 +
4.82 + \item @{ML Toplevel.is_toplevel}~@{text "state"} checks for an empty
4.83 + toplevel state.
4.84 +
4.85 + \item @{ML Toplevel.theory_of}~@{text "state"} selects the theory of
4.86 + a theory or proof (!), otherwise raises @{ML Toplevel.UNDEF}.
4.87 +
4.88 + \item @{ML Toplevel.proof_of}~@{text "state"} selects the Isar proof
4.89 + state if available, otherwise raises @{ML Toplevel.UNDEF}.
4.90 +
4.91 + \item @{ML "set Toplevel.debug"} makes the toplevel print further
4.92 + details about internal error conditions, exceptions being raised
4.93 + etc.
4.94 +
4.95 + \item @{ML "set Toplevel.timing"} makes the toplevel print timing
4.96 + information for each Isar command being executed.
4.97 +
4.98 + \item @{ML Toplevel.profiling}~@{verbatim ":="}~@{text "n"} controls
4.99 + low-level profiling of the underlying {\ML} runtime system. For
4.100 + Poly/ML, @{text "n = 1"} means time and @{text "n = 2"} space
4.101 + profiling.
4.102 +
4.103 + \end{description}
4.104 +*}
4.105 +
4.106 +
4.107 +subsection {* Toplevel transitions \label{sec:toplevel-transition} *}
4.108 +
4.109 +text {*
4.110 + An Isar toplevel transition consists of a partial function on the
4.111 + toplevel state, with additional information for diagnostics and
4.112 + error reporting: there are fields for command name, source position,
4.113 + optional source text, as well as flags for interactive-only commands
4.114 + (which issue a warning in batch-mode), printing of result state,
4.115 + etc.
4.116 +
4.117 + The operational part is represented as the sequential union of a
4.118 + list of partial functions, which are tried in turn until the first
4.119 + one succeeds. This acts like an outer case-expression for various
4.120 + alternative state transitions. For example, \isakeyword{qed} acts
4.121 + differently for a local proofs vs.\ the global ending of the main
4.122 + proof.
4.123 +
4.124 + Toplevel transitions are composed via transition transformers.
4.125 + Internally, Isar commands are put together from an empty transition
4.126 + extended by name and source position (and optional source text). It
4.127 + is then left to the individual command parser to turn the given
4.128 + concrete syntax into a suitable transition transformer that adjoin
4.129 + actual operations on a theory or proof state etc.
4.130 +*}
4.131 +
4.132 +text %mlref {*
4.133 + \begin{mldecls}
4.134 + @{index_ML Toplevel.print: "Toplevel.transition -> Toplevel.transition"} \\
4.135 + @{index_ML Toplevel.no_timing: "Toplevel.transition -> Toplevel.transition"} \\
4.136 + @{index_ML Toplevel.keep: "(Toplevel.state -> unit) ->
4.137 + Toplevel.transition -> Toplevel.transition"} \\
4.138 + @{index_ML Toplevel.theory: "(theory -> theory) ->
4.139 + Toplevel.transition -> Toplevel.transition"} \\
4.140 + @{index_ML Toplevel.theory_to_proof: "(theory -> Proof.state) ->
4.141 + Toplevel.transition -> Toplevel.transition"} \\
4.142 + @{index_ML Toplevel.proof: "(Proof.state -> Proof.state) ->
4.143 + Toplevel.transition -> Toplevel.transition"} \\
4.144 + @{index_ML Toplevel.proofs: "(Proof.state -> Proof.state Seq.seq) ->
4.145 + Toplevel.transition -> Toplevel.transition"} \\
4.146 + @{index_ML Toplevel.end_proof: "(bool -> Proof.state -> Proof.context) ->
4.147 + Toplevel.transition -> Toplevel.transition"} \\
4.148 + \end{mldecls}
4.149 +
4.150 + \begin{description}
4.151 +
4.152 + \item @{ML Toplevel.print}~@{text "tr"} sets the print flag, which
4.153 + causes the toplevel loop to echo the result state (in interactive
4.154 + mode).
4.155 +
4.156 + \item @{ML Toplevel.no_timing}~@{text "tr"} indicates that the
4.157 + transition should never show timing information, e.g.\ because it is
4.158 + a diagnostic command.
4.159 +
4.160 + \item @{ML Toplevel.keep}~@{text "tr"} adjoins a diagnostic
4.161 + function.
4.162 +
4.163 + \item @{ML Toplevel.theory}~@{text "tr"} adjoins a theory
4.164 + transformer.
4.165 +
4.166 + \item @{ML Toplevel.theory_to_proof}~@{text "tr"} adjoins a global
4.167 + goal function, which turns a theory into a proof state. The theory
4.168 + may be changed before entering the proof; the generic Isar goal
4.169 + setup includes an argument that specifies how to apply the proven
4.170 + result to the theory, when the proof is finished.
4.171 +
4.172 + \item @{ML Toplevel.proof}~@{text "tr"} adjoins a deterministic
4.173 + proof command, with a singleton result.
4.174 +
4.175 + \item @{ML Toplevel.proofs}~@{text "tr"} adjoins a general proof
4.176 + command, with zero or more result states (represented as a lazy
4.177 + list).
4.178 +
4.179 + \item @{ML Toplevel.end_proof}~@{text "tr"} adjoins a concluding
4.180 + proof command, that returns the resulting theory, after storing the
4.181 + resulting facts in the context etc.
4.182 +
4.183 + \end{description}
4.184 +*}
4.185 +
4.186 +
4.187 +subsection {* Toplevel control *}
4.188 +
4.189 +text {*
4.190 + There are a few special control commands that modify the behavior
4.191 + the toplevel itself, and only make sense in interactive mode. Under
4.192 + normal circumstances, the user encounters these only implicitly as
4.193 + part of the protocol between the Isabelle/Isar system and a
4.194 + user-interface such as ProofGeneral.
4.195 +
4.196 + \begin{description}
4.197 +
4.198 + \item \isacommand{undo} follows the three-level hierarchy of empty
4.199 + toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the
4.200 + previous proof context, undo after a proof reverts to the theory
4.201 + before the initial goal statement, undo of a theory command reverts
4.202 + to the previous theory value, undo of a theory header discontinues
4.203 + the current theory development and removes it from the theory
4.204 + database (\secref{sec:theory-database}).
4.205 +
4.206 + \item \isacommand{kill} aborts the current level of development:
4.207 + kill in a proof context reverts to the theory before the initial
4.208 + goal statement, kill in a theory context aborts the current theory
4.209 + development, removing it from the database.
4.210 +
4.211 + \item \isacommand{exit} drops out of the Isar toplevel into the
4.212 + underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar
4.213 + toplevel state is preserved and may be continued later.
4.214 +
4.215 + \item \isacommand{quit} terminates the Isabelle/Isar process without
4.216 + saving.
4.217 +
4.218 + \end{description}
4.219 +*}
4.220 +
4.221 +
4.222 +section {* ML toplevel \label{sec:ML-toplevel} *}
4.223 +
4.224 +text {*
4.225 + The {\ML} toplevel provides a read-compile-eval-print loop for {\ML}
4.226 + values, types, structures, and functors. {\ML} declarations operate
4.227 + on the global system state, which consists of the compiler
4.228 + environment plus the values of {\ML} reference variables. There is
4.229 + no clean way to undo {\ML} declarations, except for reverting to a
4.230 + previously saved state of the whole Isabelle process. {\ML} input
4.231 + is either read interactively from a TTY, or from a string (usually
4.232 + within a theory text), or from a source file (usually loaded from a
4.233 + theory).
4.234 +
4.235 + Whenever the {\ML} toplevel is active, the current Isabelle theory
4.236 + context is passed as an internal reference variable. Thus {\ML}
4.237 + code may access the theory context during compilation, it may even
4.238 + change the value of a theory being under construction --- while
4.239 + observing the usual linearity restrictions
4.240 + (cf.~\secref{sec:context-theory}).
4.241 +*}
4.242 +
4.243 +text %mlref {*
4.244 + \begin{mldecls}
4.245 + @{index_ML the_context: "unit -> theory"} \\
4.246 + @{index_ML "Context.>> ": "(Context.generic -> Context.generic) -> unit"} \\
4.247 + \end{mldecls}
4.248 +
4.249 + \begin{description}
4.250 +
4.251 + \item @{ML "the_context ()"} refers to the theory context of the
4.252 + {\ML} toplevel --- at compile time! {\ML} code needs to take care
4.253 + to refer to @{ML "the_context ()"} correctly. Recall that
4.254 + evaluation of a function body is delayed until actual runtime.
4.255 + Moreover, persistent {\ML} toplevel bindings to an unfinished theory
4.256 + should be avoided: code should either project out the desired
4.257 + information immediately, or produce an explicit @{ML_type
4.258 + theory_ref} (cf.\ \secref{sec:context-theory}).
4.259 +
4.260 + \item @{ML "Context.>>"}~@{text f} applies context transformation
4.261 + @{text f} to the implicit context of the {\ML} toplevel.
4.262 +
4.263 + \end{description}
4.264 +
4.265 + It is very important to note that the above functions are really
4.266 + restricted to the compile time, even though the {\ML} compiler is
4.267 + invoked at runtime! The majority of {\ML} code uses explicit
4.268 + functional arguments of a theory or proof context instead. Thus it
4.269 + may be invoked for an arbitrary context later on, without having to
4.270 + worry about any operational details.
4.271 +
4.272 + \bigskip
4.273 +
4.274 + \begin{mldecls}
4.275 + @{index_ML Isar.main: "unit -> unit"} \\
4.276 + @{index_ML Isar.loop: "unit -> unit"} \\
4.277 + @{index_ML Isar.state: "unit -> Toplevel.state"} \\
4.278 + @{index_ML Isar.exn: "unit -> (exn * string) option"} \\
4.279 + @{index_ML Isar.context: "unit -> Proof.context"} \\
4.280 + @{index_ML Isar.goal: "unit -> thm"} \\
4.281 + \end{mldecls}
4.282 +
4.283 + \begin{description}
4.284 +
4.285 + \item @{ML "Isar.main ()"} invokes the Isar toplevel from {\ML},
4.286 + initializing an empty toplevel state.
4.287 +
4.288 + \item @{ML "Isar.loop ()"} continues the Isar toplevel with the
4.289 + current state, after having dropped out of the Isar toplevel loop.
4.290 +
4.291 + \item @{ML "Isar.state ()"} and @{ML "Isar.exn ()"} get current
4.292 + toplevel state and error condition, respectively. This only works
4.293 + after having dropped out of the Isar toplevel loop.
4.294 +
4.295 + \item @{ML "Isar.context ()"} produces the proof context from @{ML
4.296 + "Isar.state ()"}, analogous to @{ML Context.proof_of}
4.297 + (\secref{sec:generic-context}).
4.298 +
4.299 + \item @{ML "Isar.goal ()"} picks the tactical goal from @{ML
4.300 + "Isar.state ()"}, represented as a theorem according to
4.301 + \secref{sec:tactical-goals}.
4.302 +
4.303 + \end{description}
4.304 +*}
4.305 +
4.306 +
4.307 +section {* Theory database \label{sec:theory-database} *}
4.308 +
4.309 +text {*
4.310 + The theory database maintains a collection of theories, together
4.311 + with some administrative information about their original sources,
4.312 + which are held in an external store (i.e.\ some directory within the
4.313 + regular file system).
4.314 +
4.315 + The theory database is organized as a directed acyclic graph;
4.316 + entries are referenced by theory name. Although some additional
4.317 + interfaces allow to include a directory specification as well, this
4.318 + is only a hint to the underlying theory loader. The internal theory
4.319 + name space is flat!
4.320 +
4.321 + Theory @{text A} is associated with the main theory file @{text
4.322 + A}\verb,.thy,, which needs to be accessible through the theory
4.323 + loader path. Any number of additional {\ML} source files may be
4.324 + associated with each theory, by declaring these dependencies in the
4.325 + theory header as @{text \<USES>}, and loading them consecutively
4.326 + within the theory context. The system keeps track of incoming {\ML}
4.327 + sources and associates them with the current theory. The file
4.328 + @{text A}\verb,.ML, is loaded after a theory has been concluded, in
4.329 + order to support legacy proof {\ML} proof scripts.
4.330 +
4.331 + The basic internal actions of the theory database are @{text
4.332 + "update"}, @{text "outdate"}, and @{text "remove"}:
4.333 +
4.334 + \begin{itemize}
4.335 +
4.336 + \item @{text "update A"} introduces a link of @{text "A"} with a
4.337 + @{text "theory"} value of the same name; it asserts that the theory
4.338 + sources are now consistent with that value;
4.339 +
4.340 + \item @{text "outdate A"} invalidates the link of a theory database
4.341 + entry to its sources, but retains the present theory value;
4.342 +
4.343 + \item @{text "remove A"} deletes entry @{text "A"} from the theory
4.344 + database.
4.345 +
4.346 + \end{itemize}
4.347 +
4.348 + These actions are propagated to sub- or super-graphs of a theory
4.349 + entry as expected, in order to preserve global consistency of the
4.350 + state of all loaded theories with the sources of the external store.
4.351 + This implies certain causalities between actions: @{text "update"}
4.352 + or @{text "outdate"} of an entry will @{text "outdate"} all
4.353 + descendants; @{text "remove"} will @{text "remove"} all descendants.
4.354 +
4.355 + \medskip There are separate user-level interfaces to operate on the
4.356 + theory database directly or indirectly. The primitive actions then
4.357 + just happen automatically while working with the system. In
4.358 + particular, processing a theory header @{text "\<THEORY> A
4.359 + \<IMPORTS> B\<^sub>1 \<dots> B\<^sub>n \<BEGIN>"} ensures that the
4.360 + sub-graph of the collective imports @{text "B\<^sub>1 \<dots> B\<^sub>n"}
4.361 + is up-to-date, too. Earlier theories are reloaded as required, with
4.362 + @{text update} actions proceeding in topological order according to
4.363 + theory dependencies. There may be also a wave of implied @{text
4.364 + outdate} actions for derived theory nodes until a stable situation
4.365 + is achieved eventually.
4.366 +*}
4.367 +
4.368 +text %mlref {*
4.369 + \begin{mldecls}
4.370 + @{index_ML theory: "string -> theory"} \\
4.371 + @{index_ML use_thy: "string -> unit"} \\
4.372 + @{index_ML use_thys: "string list -> unit"} \\
4.373 + @{index_ML ThyInfo.touch_thy: "string -> unit"} \\
4.374 + @{index_ML ThyInfo.remove_thy: "string -> unit"} \\[1ex]
4.375 + @{index_ML ThyInfo.begin_theory}@{verbatim ": ... -> bool -> theory"} \\
4.376 + @{index_ML ThyInfo.end_theory: "theory -> unit"} \\
4.377 + @{index_ML ThyInfo.register_theory: "theory -> unit"} \\[1ex]
4.378 + @{verbatim "datatype action = Update | Outdate | Remove"} \\
4.379 + @{index_ML ThyInfo.add_hook: "(ThyInfo.action -> string -> unit) -> unit"} \\
4.380 + \end{mldecls}
4.381 +
4.382 + \begin{description}
4.383 +
4.384 + \item @{ML theory}~@{text A} retrieves the theory value presently
4.385 + associated with name @{text A}. Note that the result might be
4.386 + outdated.
4.387 +
4.388 + \item @{ML use_thy}~@{text A} ensures that theory @{text A} is fully
4.389 + up-to-date wrt.\ the external file store, reloading outdated
4.390 + ancestors as required.
4.391 +
4.392 + \item @{ML use_thys} is similar to @{ML use_thy}, but handles
4.393 + several theories simultaneously. Thus it acts like processing the
4.394 + import header of a theory, without performing the merge of the
4.395 + result, though.
4.396 +
4.397 + \item @{ML ThyInfo.touch_thy}~@{text A} performs and @{text outdate} action
4.398 + on theory @{text A} and all descendants.
4.399 +
4.400 + \item @{ML ThyInfo.remove_thy}~@{text A} deletes theory @{text A} and all
4.401 + descendants from the theory database.
4.402 +
4.403 + \item @{ML ThyInfo.begin_theory} is the basic operation behind a
4.404 + @{text \<THEORY>} header declaration. This is {\ML} functions is
4.405 + normally not invoked directly.
4.406 +
4.407 + \item @{ML ThyInfo.end_theory} concludes the loading of a theory
4.408 + proper and stores the result in the theory database.
4.409 +
4.410 + \item @{ML ThyInfo.register_theory}~@{text "text thy"} registers an
4.411 + existing theory value with the theory loader database. There is no
4.412 + management of associated sources.
4.413 +
4.414 + \item @{ML "ThyInfo.add_hook"}~@{text f} registers function @{text
4.415 + f} as a hook for theory database actions. The function will be
4.416 + invoked with the action and theory name being involved; thus derived
4.417 + actions may be performed in associated system components, e.g.\
4.418 + maintaining the state of an editor for the theory sources.
4.419 +
4.420 + The kind and order of actions occurring in practice depends both on
4.421 + user interactions and the internal process of resolving theory
4.422 + imports. Hooks should not rely on a particular policy here! Any
4.423 + exceptions raised by the hook are ignored.
4.424 +
4.425 + \end{description}
4.426 +*}
4.427 +
4.428 +end
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
5.2 +++ b/doc-src/IsarImplementation/Thy/Isar.thy Mon Feb 16 20:47:44 2009 +0100
5.3 @@ -0,0 +1,40 @@
5.4 +theory Isar
5.5 +imports Base
5.6 +begin
5.7 +
5.8 +chapter {* Isar proof texts *}
5.9 +
5.10 +section {* Proof context *}
5.11 +
5.12 +text FIXME
5.13 +
5.14 +
5.15 +section {* Proof state \label{sec:isar-proof-state} *}
5.16 +
5.17 +text {*
5.18 + FIXME
5.19 +
5.20 +\glossary{Proof state}{The whole configuration of a structured proof,
5.21 +consisting of a \seeglossary{proof context} and an optional
5.22 +\seeglossary{structured goal}. Internally, an Isar proof state is
5.23 +organized as a stack to accomodate block structure of proof texts.
5.24 +For historical reasons, a low-level \seeglossary{tactical goal} is
5.25 +occasionally called ``proof state'' as well.}
5.26 +
5.27 +\glossary{Structured goal}{FIXME}
5.28 +
5.29 +\glossary{Goal}{See \seeglossary{tactical goal} or \seeglossary{structured goal}. \norefpage}
5.30 +
5.31 +
5.32 +*}
5.33 +
5.34 +section {* Proof methods *}
5.35 +
5.36 +text FIXME
5.37 +
5.38 +section {* Attributes *}
5.39 +
5.40 +text "FIXME ?!"
5.41 +
5.42 +
5.43 +end
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
6.2 +++ b/doc-src/IsarImplementation/Thy/Local_Theory.thy Mon Feb 16 20:47:44 2009 +0100
6.3 @@ -0,0 +1,25 @@
6.4 +theory Local_Theory
6.5 +imports Base
6.6 +begin
6.7 +
6.8 +chapter {* Structured specifications *}
6.9 +
6.10 +section {* Specification elements *}
6.11 +
6.12 +text FIXME
6.13 +
6.14 +
6.15 +section {* Type-inference *}
6.16 +
6.17 +text FIXME
6.18 +
6.19 +
6.20 +section {* Local theories *}
6.21 +
6.22 +text {*
6.23 + FIXME
6.24 +
6.25 + \glossary{Local theory}{FIXME}
6.26 +*}
6.27 +
6.28 +end
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
7.2 +++ b/doc-src/IsarImplementation/Thy/Logic.thy Mon Feb 16 20:47:44 2009 +0100
7.3 @@ -0,0 +1,852 @@
7.4 +theory Logic
7.5 +imports Base
7.6 +begin
7.7 +
7.8 +chapter {* Primitive logic \label{ch:logic} *}
7.9 +
7.10 +text {*
7.11 + The logical foundations of Isabelle/Isar are that of the Pure logic,
7.12 + which has been introduced as a natural-deduction framework in
7.13 + \cite{paulson700}. This is essentially the same logic as ``@{text
7.14 + "\<lambda>HOL"}'' in the more abstract setting of Pure Type Systems (PTS)
7.15 + \cite{Barendregt-Geuvers:2001}, although there are some key
7.16 + differences in the specific treatment of simple types in
7.17 + Isabelle/Pure.
7.18 +
7.19 + Following type-theoretic parlance, the Pure logic consists of three
7.20 + levels of @{text "\<lambda>"}-calculus with corresponding arrows, @{text
7.21 + "\<Rightarrow>"} for syntactic function space (terms depending on terms), @{text
7.22 + "\<And>"} for universal quantification (proofs depending on terms), and
7.23 + @{text "\<Longrightarrow>"} for implication (proofs depending on proofs).
7.24 +
7.25 + Derivations are relative to a logical theory, which declares type
7.26 + constructors, constants, and axioms. Theory declarations support
7.27 + schematic polymorphism, which is strictly speaking outside the
7.28 + logic.\footnote{This is the deeper logical reason, why the theory
7.29 + context @{text "\<Theta>"} is separate from the proof context @{text "\<Gamma>"}
7.30 + of the core calculus.}
7.31 +*}
7.32 +
7.33 +
7.34 +section {* Types \label{sec:types} *}
7.35 +
7.36 +text {*
7.37 + The language of types is an uninterpreted order-sorted first-order
7.38 + algebra; types are qualified by ordered type classes.
7.39 +
7.40 + \medskip A \emph{type class} is an abstract syntactic entity
7.41 + declared in the theory context. The \emph{subclass relation} @{text
7.42 + "c\<^isub>1 \<subseteq> c\<^isub>2"} is specified by stating an acyclic
7.43 + generating relation; the transitive closure is maintained
7.44 + internally. The resulting relation is an ordering: reflexive,
7.45 + transitive, and antisymmetric.
7.46 +
7.47 + A \emph{sort} is a list of type classes written as @{text "s =
7.48 + {c\<^isub>1, \<dots>, c\<^isub>m}"}, which represents symbolic
7.49 + intersection. Notationally, the curly braces are omitted for
7.50 + singleton intersections, i.e.\ any class @{text "c"} may be read as
7.51 + a sort @{text "{c}"}. The ordering on type classes is extended to
7.52 + sorts according to the meaning of intersections: @{text
7.53 + "{c\<^isub>1, \<dots> c\<^isub>m} \<subseteq> {d\<^isub>1, \<dots>, d\<^isub>n}"} iff
7.54 + @{text "\<forall>j. \<exists>i. c\<^isub>i \<subseteq> d\<^isub>j"}. The empty intersection
7.55 + @{text "{}"} refers to the universal sort, which is the largest
7.56 + element wrt.\ the sort order. The intersections of all (finitely
7.57 + many) classes declared in the current theory are the minimal
7.58 + elements wrt.\ the sort order.
7.59 +
7.60 + \medskip A \emph{fixed type variable} is a pair of a basic name
7.61 + (starting with a @{text "'"} character) and a sort constraint, e.g.\
7.62 + @{text "('a, s)"} which is usually printed as @{text "\<alpha>\<^isub>s"}.
7.63 + A \emph{schematic type variable} is a pair of an indexname and a
7.64 + sort constraint, e.g.\ @{text "(('a, 0), s)"} which is usually
7.65 + printed as @{text "?\<alpha>\<^isub>s"}.
7.66 +
7.67 + Note that \emph{all} syntactic components contribute to the identity
7.68 + of type variables, including the sort constraint. The core logic
7.69 + handles type variables with the same name but different sorts as
7.70 + different, although some outer layers of the system make it hard to
7.71 + produce anything like this.
7.72 +
7.73 + A \emph{type constructor} @{text "\<kappa>"} is a @{text "k"}-ary operator
7.74 + on types declared in the theory. Type constructor application is
7.75 + written postfix as @{text "(\<alpha>\<^isub>1, \<dots>, \<alpha>\<^isub>k)\<kappa>"}. For
7.76 + @{text "k = 0"} the argument tuple is omitted, e.g.\ @{text "prop"}
7.77 + instead of @{text "()prop"}. For @{text "k = 1"} the parentheses
7.78 + are omitted, e.g.\ @{text "\<alpha> list"} instead of @{text "(\<alpha>)list"}.
7.79 + Further notation is provided for specific constructors, notably the
7.80 + right-associative infix @{text "\<alpha> \<Rightarrow> \<beta>"} instead of @{text "(\<alpha>,
7.81 + \<beta>)fun"}.
7.82 +
7.83 + A \emph{type} is defined inductively over type variables and type
7.84 + constructors as follows: @{text "\<tau> = \<alpha>\<^isub>s | ?\<alpha>\<^isub>s |
7.85 + (\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>k)\<kappa>"}.
7.86 +
7.87 + A \emph{type abbreviation} is a syntactic definition @{text
7.88 + "(\<^vec>\<alpha>)\<kappa> = \<tau>"} of an arbitrary type expression @{text "\<tau>"} over
7.89 + variables @{text "\<^vec>\<alpha>"}. Type abbreviations appear as type
7.90 + constructors in the syntax, but are expanded before entering the
7.91 + logical core.
7.92 +
7.93 + A \emph{type arity} declares the image behavior of a type
7.94 + constructor wrt.\ the algebra of sorts: @{text "\<kappa> :: (s\<^isub>1, \<dots>,
7.95 + s\<^isub>k)s"} means that @{text "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>k)\<kappa>"} is
7.96 + of sort @{text "s"} if every argument type @{text "\<tau>\<^isub>i"} is
7.97 + of sort @{text "s\<^isub>i"}. Arity declarations are implicitly
7.98 + completed, i.e.\ @{text "\<kappa> :: (\<^vec>s)c"} entails @{text "\<kappa> ::
7.99 + (\<^vec>s)c'"} for any @{text "c' \<supseteq> c"}.
7.100 +
7.101 + \medskip The sort algebra is always maintained as \emph{coregular},
7.102 + which means that type arities are consistent with the subclass
7.103 + relation: for any type constructor @{text "\<kappa>"}, and classes @{text
7.104 + "c\<^isub>1 \<subseteq> c\<^isub>2"}, and arities @{text "\<kappa> ::
7.105 + (\<^vec>s\<^isub>1)c\<^isub>1"} and @{text "\<kappa> ::
7.106 + (\<^vec>s\<^isub>2)c\<^isub>2"} holds @{text "\<^vec>s\<^isub>1 \<subseteq>
7.107 + \<^vec>s\<^isub>2"} component-wise.
7.108 +
7.109 + The key property of a coregular order-sorted algebra is that sort
7.110 + constraints can be solved in a most general fashion: for each type
7.111 + constructor @{text "\<kappa>"} and sort @{text "s"} there is a most general
7.112 + vector of argument sorts @{text "(s\<^isub>1, \<dots>, s\<^isub>k)"} such
7.113 + that a type scheme @{text "(\<alpha>\<^bsub>s\<^isub>1\<^esub>, \<dots>,
7.114 + \<alpha>\<^bsub>s\<^isub>k\<^esub>)\<kappa>"} is of sort @{text "s"}.
7.115 + Consequently, type unification has most general solutions (modulo
7.116 + equivalence of sorts), so type-inference produces primary types as
7.117 + expected \cite{nipkow-prehofer}.
7.118 +*}
7.119 +
7.120 +text %mlref {*
7.121 + \begin{mldecls}
7.122 + @{index_ML_type class} \\
7.123 + @{index_ML_type sort} \\
7.124 + @{index_ML_type arity} \\
7.125 + @{index_ML_type typ} \\
7.126 + @{index_ML map_atyps: "(typ -> typ) -> typ -> typ"} \\
7.127 + @{index_ML fold_atyps: "(typ -> 'a -> 'a) -> typ -> 'a -> 'a"} \\
7.128 + \end{mldecls}
7.129 + \begin{mldecls}
7.130 + @{index_ML Sign.subsort: "theory -> sort * sort -> bool"} \\
7.131 + @{index_ML Sign.of_sort: "theory -> typ * sort -> bool"} \\
7.132 + @{index_ML Sign.add_types: "(string * int * mixfix) list -> theory -> theory"} \\
7.133 + @{index_ML Sign.add_tyabbrs_i: "
7.134 + (string * string list * typ * mixfix) list -> theory -> theory"} \\
7.135 + @{index_ML Sign.primitive_class: "string * class list -> theory -> theory"} \\
7.136 + @{index_ML Sign.primitive_classrel: "class * class -> theory -> theory"} \\
7.137 + @{index_ML Sign.primitive_arity: "arity -> theory -> theory"} \\
7.138 + \end{mldecls}
7.139 +
7.140 + \begin{description}
7.141 +
7.142 + \item @{ML_type class} represents type classes; this is an alias for
7.143 + @{ML_type string}.
7.144 +
7.145 + \item @{ML_type sort} represents sorts; this is an alias for
7.146 + @{ML_type "class list"}.
7.147 +
7.148 + \item @{ML_type arity} represents type arities; this is an alias for
7.149 + triples of the form @{text "(\<kappa>, \<^vec>s, s)"} for @{text "\<kappa> ::
7.150 + (\<^vec>s)s"} described above.
7.151 +
7.152 + \item @{ML_type typ} represents types; this is a datatype with
7.153 + constructors @{ML TFree}, @{ML TVar}, @{ML Type}.
7.154 +
7.155 + \item @{ML map_atyps}~@{text "f \<tau>"} applies the mapping @{text "f"}
7.156 + to all atomic types (@{ML TFree}, @{ML TVar}) occurring in @{text
7.157 + "\<tau>"}.
7.158 +
7.159 + \item @{ML fold_atyps}~@{text "f \<tau>"} iterates the operation @{text
7.160 + "f"} over all occurrences of atomic types (@{ML TFree}, @{ML TVar})
7.161 + in @{text "\<tau>"}; the type structure is traversed from left to right.
7.162 +
7.163 + \item @{ML Sign.subsort}~@{text "thy (s\<^isub>1, s\<^isub>2)"}
7.164 + tests the subsort relation @{text "s\<^isub>1 \<subseteq> s\<^isub>2"}.
7.165 +
7.166 + \item @{ML Sign.of_sort}~@{text "thy (\<tau>, s)"} tests whether type
7.167 + @{text "\<tau>"} is of sort @{text "s"}.
7.168 +
7.169 + \item @{ML Sign.add_types}~@{text "[(\<kappa>, k, mx), \<dots>]"} declares a new
7.170 + type constructors @{text "\<kappa>"} with @{text "k"} arguments and
7.171 + optional mixfix syntax.
7.172 +
7.173 + \item @{ML Sign.add_tyabbrs_i}~@{text "[(\<kappa>, \<^vec>\<alpha>, \<tau>, mx), \<dots>]"}
7.174 + defines a new type abbreviation @{text "(\<^vec>\<alpha>)\<kappa> = \<tau>"} with
7.175 + optional mixfix syntax.
7.176 +
7.177 + \item @{ML Sign.primitive_class}~@{text "(c, [c\<^isub>1, \<dots>,
7.178 + c\<^isub>n])"} declares a new class @{text "c"}, together with class
7.179 + relations @{text "c \<subseteq> c\<^isub>i"}, for @{text "i = 1, \<dots>, n"}.
7.180 +
7.181 + \item @{ML Sign.primitive_classrel}~@{text "(c\<^isub>1,
7.182 + c\<^isub>2)"} declares the class relation @{text "c\<^isub>1 \<subseteq>
7.183 + c\<^isub>2"}.
7.184 +
7.185 + \item @{ML Sign.primitive_arity}~@{text "(\<kappa>, \<^vec>s, s)"} declares
7.186 + the arity @{text "\<kappa> :: (\<^vec>s)s"}.
7.187 +
7.188 + \end{description}
7.189 +*}
7.190 +
7.191 +
7.192 +
7.193 +section {* Terms \label{sec:terms} *}
7.194 +
7.195 +text {*
7.196 + \glossary{Term}{FIXME}
7.197 +
7.198 + The language of terms is that of simply-typed @{text "\<lambda>"}-calculus
7.199 + with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
7.200 + or \cite{paulson-ml2}), with the types being determined determined
7.201 + by the corresponding binders. In contrast, free variables and
7.202 + constants are have an explicit name and type in each occurrence.
7.203 +
7.204 + \medskip A \emph{bound variable} is a natural number @{text "b"},
7.205 + which accounts for the number of intermediate binders between the
7.206 + variable occurrence in the body and its binding position. For
7.207 + example, the de-Bruijn term @{text
7.208 + "\<lambda>\<^bsub>nat\<^esub>. \<lambda>\<^bsub>nat\<^esub>. 1 + 0"} would
7.209 + correspond to @{text
7.210 + "\<lambda>x\<^bsub>nat\<^esub>. \<lambda>y\<^bsub>nat\<^esub>. x + y"} in a named
7.211 + representation. Note that a bound variable may be represented by
7.212 + different de-Bruijn indices at different occurrences, depending on
7.213 + the nesting of abstractions.
7.214 +
7.215 + A \emph{loose variable} is a bound variable that is outside the
7.216 + scope of local binders. The types (and names) for loose variables
7.217 + can be managed as a separate context, that is maintained as a stack
7.218 + of hypothetical binders. The core logic operates on closed terms,
7.219 + without any loose variables.
7.220 +
7.221 + A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
7.222 + @{text "(x, \<tau>)"} which is usually printed @{text "x\<^isub>\<tau>"}. A
7.223 + \emph{schematic variable} is a pair of an indexname and a type,
7.224 + e.g.\ @{text "((x, 0), \<tau>)"} which is usually printed as @{text
7.225 + "?x\<^isub>\<tau>"}.
7.226 +
7.227 + \medskip A \emph{constant} is a pair of a basic name and a type,
7.228 + e.g.\ @{text "(c, \<tau>)"} which is usually printed as @{text
7.229 + "c\<^isub>\<tau>"}. Constants are declared in the context as polymorphic
7.230 + families @{text "c :: \<sigma>"}, meaning that all substitution instances
7.231 + @{text "c\<^isub>\<tau>"} for @{text "\<tau> = \<sigma>\<vartheta>"} are valid.
7.232 +
7.233 + The vector of \emph{type arguments} of constant @{text "c\<^isub>\<tau>"}
7.234 + wrt.\ the declaration @{text "c :: \<sigma>"} is defined as the codomain of
7.235 + the matcher @{text "\<vartheta> = {?\<alpha>\<^isub>1 \<mapsto> \<tau>\<^isub>1, \<dots>,
7.236 + ?\<alpha>\<^isub>n \<mapsto> \<tau>\<^isub>n}"} presented in canonical order @{text
7.237 + "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n)"}. Within a given theory context,
7.238 + there is a one-to-one correspondence between any constant @{text
7.239 + "c\<^isub>\<tau>"} and the application @{text "c(\<tau>\<^isub>1, \<dots>,
7.240 + \<tau>\<^isub>n)"} of its type arguments. For example, with @{text "plus
7.241 + :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> \<alpha>"}, the instance @{text "plus\<^bsub>nat \<Rightarrow> nat \<Rightarrow>
7.242 + nat\<^esub>"} corresponds to @{text "plus(nat)"}.
7.243 +
7.244 + Constant declarations @{text "c :: \<sigma>"} may contain sort constraints
7.245 + for type variables in @{text "\<sigma>"}. These are observed by
7.246 + type-inference as expected, but \emph{ignored} by the core logic.
7.247 + This means the primitive logic is able to reason with instances of
7.248 + polymorphic constants that the user-level type-checker would reject
7.249 + due to violation of type class restrictions.
7.250 +
7.251 + \medskip An \emph{atomic} term is either a variable or constant. A
7.252 + \emph{term} is defined inductively over atomic terms, with
7.253 + abstraction and application as follows: @{text "t = b | x\<^isub>\<tau> |
7.254 + ?x\<^isub>\<tau> | c\<^isub>\<tau> | \<lambda>\<^isub>\<tau>. t | t\<^isub>1 t\<^isub>2"}.
7.255 + Parsing and printing takes care of converting between an external
7.256 + representation with named bound variables. Subsequently, we shall
7.257 + use the latter notation instead of internal de-Bruijn
7.258 + representation.
7.259 +
7.260 + The inductive relation @{text "t :: \<tau>"} assigns a (unique) type to a
7.261 + term according to the structure of atomic terms, abstractions, and
7.262 + applicatins:
7.263 + \[
7.264 + \infer{@{text "a\<^isub>\<tau> :: \<tau>"}}{}
7.265 + \qquad
7.266 + \infer{@{text "(\<lambda>x\<^sub>\<tau>. t) :: \<tau> \<Rightarrow> \<sigma>"}}{@{text "t :: \<sigma>"}}
7.267 + \qquad
7.268 + \infer{@{text "t u :: \<sigma>"}}{@{text "t :: \<tau> \<Rightarrow> \<sigma>"} & @{text "u :: \<tau>"}}
7.269 + \]
7.270 + A \emph{well-typed term} is a term that can be typed according to these rules.
7.271 +
7.272 + Typing information can be omitted: type-inference is able to
7.273 + reconstruct the most general type of a raw term, while assigning
7.274 + most general types to all of its variables and constants.
7.275 + Type-inference depends on a context of type constraints for fixed
7.276 + variables, and declarations for polymorphic constants.
7.277 +
7.278 + The identity of atomic terms consists both of the name and the type
7.279 + component. This means that different variables @{text
7.280 + "x\<^bsub>\<tau>\<^isub>1\<^esub>"} and @{text
7.281 + "x\<^bsub>\<tau>\<^isub>2\<^esub>"} may become the same after type
7.282 + instantiation. Some outer layers of the system make it hard to
7.283 + produce variables of the same name, but different types. In
7.284 + contrast, mixed instances of polymorphic constants occur frequently.
7.285 +
7.286 + \medskip The \emph{hidden polymorphism} of a term @{text "t :: \<sigma>"}
7.287 + is the set of type variables occurring in @{text "t"}, but not in
7.288 + @{text "\<sigma>"}. This means that the term implicitly depends on type
7.289 + arguments that are not accounted in the result type, i.e.\ there are
7.290 + different type instances @{text "t\<vartheta> :: \<sigma>"} and @{text
7.291 + "t\<vartheta>' :: \<sigma>"} with the same type. This slightly
7.292 + pathological situation notoriously demands additional care.
7.293 +
7.294 + \medskip A \emph{term abbreviation} is a syntactic definition @{text
7.295 + "c\<^isub>\<sigma> \<equiv> t"} of a closed term @{text "t"} of type @{text "\<sigma>"},
7.296 + without any hidden polymorphism. A term abbreviation looks like a
7.297 + constant in the syntax, but is expanded before entering the logical
7.298 + core. Abbreviations are usually reverted when printing terms, using
7.299 + @{text "t \<rightarrow> c\<^isub>\<sigma>"} as rules for higher-order rewriting.
7.300 +
7.301 + \medskip Canonical operations on @{text "\<lambda>"}-terms include @{text
7.302 + "\<alpha>\<beta>\<eta>"}-conversion: @{text "\<alpha>"}-conversion refers to capture-free
7.303 + renaming of bound variables; @{text "\<beta>"}-conversion contracts an
7.304 + abstraction applied to an argument term, substituting the argument
7.305 + in the body: @{text "(\<lambda>x. b)a"} becomes @{text "b[a/x]"}; @{text
7.306 + "\<eta>"}-conversion contracts vacuous application-abstraction: @{text
7.307 + "\<lambda>x. f x"} becomes @{text "f"}, provided that the bound variable
7.308 + does not occur in @{text "f"}.
7.309 +
7.310 + Terms are normally treated modulo @{text "\<alpha>"}-conversion, which is
7.311 + implicit in the de-Bruijn representation. Names for bound variables
7.312 + in abstractions are maintained separately as (meaningless) comments,
7.313 + mostly for parsing and printing. Full @{text "\<alpha>\<beta>\<eta>"}-conversion is
7.314 + commonplace in various standard operations (\secref{sec:obj-rules})
7.315 + that are based on higher-order unification and matching.
7.316 +*}
7.317 +
7.318 +text %mlref {*
7.319 + \begin{mldecls}
7.320 + @{index_ML_type term} \\
7.321 + @{index_ML "op aconv": "term * term -> bool"} \\
7.322 + @{index_ML map_types: "(typ -> typ) -> term -> term"} \\
7.323 + @{index_ML fold_types: "(typ -> 'a -> 'a) -> term -> 'a -> 'a"} \\
7.324 + @{index_ML map_aterms: "(term -> term) -> term -> term"} \\
7.325 + @{index_ML fold_aterms: "(term -> 'a -> 'a) -> term -> 'a -> 'a"} \\
7.326 + \end{mldecls}
7.327 + \begin{mldecls}
7.328 + @{index_ML fastype_of: "term -> typ"} \\
7.329 + @{index_ML lambda: "term -> term -> term"} \\
7.330 + @{index_ML betapply: "term * term -> term"} \\
7.331 + @{index_ML Sign.declare_const: "Properties.T -> (binding * typ) * mixfix ->
7.332 + theory -> term * theory"} \\
7.333 + @{index_ML Sign.add_abbrev: "string -> Properties.T -> binding * term ->
7.334 + theory -> (term * term) * theory"} \\
7.335 + @{index_ML Sign.const_typargs: "theory -> string * typ -> typ list"} \\
7.336 + @{index_ML Sign.const_instance: "theory -> string * typ list -> typ"} \\
7.337 + \end{mldecls}
7.338 +
7.339 + \begin{description}
7.340 +
7.341 + \item @{ML_type term} represents de-Bruijn terms, with comments in
7.342 + abstractions, and explicitly named free variables and constants;
7.343 + this is a datatype with constructors @{ML Bound}, @{ML Free}, @{ML
7.344 + Var}, @{ML Const}, @{ML Abs}, @{ML "op $"}.
7.345 +
7.346 + \item @{text "t"}~@{ML aconv}~@{text "u"} checks @{text
7.347 + "\<alpha>"}-equivalence of two terms. This is the basic equality relation
7.348 + on type @{ML_type term}; raw datatype equality should only be used
7.349 + for operations related to parsing or printing!
7.350 +
7.351 + \item @{ML map_types}~@{text "f t"} applies the mapping @{text
7.352 + "f"} to all types occurring in @{text "t"}.
7.353 +
7.354 + \item @{ML fold_types}~@{text "f t"} iterates the operation @{text
7.355 + "f"} over all occurrences of types in @{text "t"}; the term
7.356 + structure is traversed from left to right.
7.357 +
7.358 + \item @{ML map_aterms}~@{text "f t"} applies the mapping @{text "f"}
7.359 + to all atomic terms (@{ML Bound}, @{ML Free}, @{ML Var}, @{ML
7.360 + Const}) occurring in @{text "t"}.
7.361 +
7.362 + \item @{ML fold_aterms}~@{text "f t"} iterates the operation @{text
7.363 + "f"} over all occurrences of atomic terms (@{ML Bound}, @{ML Free},
7.364 + @{ML Var}, @{ML Const}) in @{text "t"}; the term structure is
7.365 + traversed from left to right.
7.366 +
7.367 + \item @{ML fastype_of}~@{text "t"} determines the type of a
7.368 + well-typed term. This operation is relatively slow, despite the
7.369 + omission of any sanity checks.
7.370 +
7.371 + \item @{ML lambda}~@{text "a b"} produces an abstraction @{text
7.372 + "\<lambda>a. b"}, where occurrences of the atomic term @{text "a"} in the
7.373 + body @{text "b"} are replaced by bound variables.
7.374 +
7.375 + \item @{ML betapply}~@{text "(t, u)"} produces an application @{text
7.376 + "t u"}, with topmost @{text "\<beta>"}-conversion if @{text "t"} is an
7.377 + abstraction.
7.378 +
7.379 + \item @{ML Sign.declare_const}~@{text "properties ((c, \<sigma>), mx)"}
7.380 + declares a new constant @{text "c :: \<sigma>"} with optional mixfix
7.381 + syntax.
7.382 +
7.383 + \item @{ML Sign.add_abbrev}~@{text "print_mode properties (c, t)"}
7.384 + introduces a new term abbreviation @{text "c \<equiv> t"}.
7.385 +
7.386 + \item @{ML Sign.const_typargs}~@{text "thy (c, \<tau>)"} and @{ML
7.387 + Sign.const_instance}~@{text "thy (c, [\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n])"}
7.388 + convert between two representations of polymorphic constants: full
7.389 + type instance vs.\ compact type arguments form.
7.390 +
7.391 + \end{description}
7.392 +*}
7.393 +
7.394 +
7.395 +section {* Theorems \label{sec:thms} *}
7.396 +
7.397 +text {*
7.398 + \glossary{Proposition}{FIXME A \seeglossary{term} of
7.399 + \seeglossary{type} @{text "prop"}. Internally, there is nothing
7.400 + special about propositions apart from their type, but the concrete
7.401 + syntax enforces a clear distinction. Propositions are structured
7.402 + via implication @{text "A \<Longrightarrow> B"} or universal quantification @{text
7.403 + "\<And>x. B x"} --- anything else is considered atomic. The canonical
7.404 + form for propositions is that of a \seeglossary{Hereditary Harrop
7.405 + Formula}. FIXME}
7.406 +
7.407 + \glossary{Theorem}{A proven proposition within a certain theory and
7.408 + proof context, formally @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<phi>"}; both contexts are
7.409 + rarely spelled out explicitly. Theorems are usually normalized
7.410 + according to the \seeglossary{HHF} format. FIXME}
7.411 +
7.412 + \glossary{Fact}{Sometimes used interchangeably for
7.413 + \seeglossary{theorem}. Strictly speaking, a list of theorems,
7.414 + essentially an extra-logical conjunction. Facts emerge either as
7.415 + local assumptions, or as results of local goal statements --- both
7.416 + may be simultaneous, hence the list representation. FIXME}
7.417 +
7.418 + \glossary{Schematic variable}{FIXME}
7.419 +
7.420 + \glossary{Fixed variable}{A variable that is bound within a certain
7.421 + proof context; an arbitrary-but-fixed entity within a portion of
7.422 + proof text. FIXME}
7.423 +
7.424 + \glossary{Free variable}{Synonymous for \seeglossary{fixed
7.425 + variable}. FIXME}
7.426 +
7.427 + \glossary{Bound variable}{FIXME}
7.428 +
7.429 + \glossary{Variable}{See \seeglossary{schematic variable},
7.430 + \seeglossary{fixed variable}, \seeglossary{bound variable}, or
7.431 + \seeglossary{type variable}. The distinguishing feature of
7.432 + different variables is their binding scope. FIXME}
7.433 +
7.434 + A \emph{proposition} is a well-typed term of type @{text "prop"}, a
7.435 + \emph{theorem} is a proven proposition (depending on a context of
7.436 + hypotheses and the background theory). Primitive inferences include
7.437 + plain natural deduction rules for the primary connectives @{text
7.438 + "\<And>"} and @{text "\<Longrightarrow>"} of the framework. There is also a builtin
7.439 + notion of equality/equivalence @{text "\<equiv>"}.
7.440 +*}
7.441 +
7.442 +subsection {* Primitive connectives and rules \label{sec:prim-rules} *}
7.443 +
7.444 +text {*
7.445 + The theory @{text "Pure"} contains constant declarations for the
7.446 + primitive connectives @{text "\<And>"}, @{text "\<Longrightarrow>"}, and @{text "\<equiv>"} of
7.447 + the logical framework, see \figref{fig:pure-connectives}. The
7.448 + derivability judgment @{text "A\<^isub>1, \<dots>, A\<^isub>n \<turnstile> B"} is
7.449 + defined inductively by the primitive inferences given in
7.450 + \figref{fig:prim-rules}, with the global restriction that the
7.451 + hypotheses must \emph{not} contain any schematic variables. The
7.452 + builtin equality is conceptually axiomatized as shown in
7.453 + \figref{fig:pure-equality}, although the implementation works
7.454 + directly with derived inferences.
7.455 +
7.456 + \begin{figure}[htb]
7.457 + \begin{center}
7.458 + \begin{tabular}{ll}
7.459 + @{text "all :: (\<alpha> \<Rightarrow> prop) \<Rightarrow> prop"} & universal quantification (binder @{text "\<And>"}) \\
7.460 + @{text "\<Longrightarrow> :: prop \<Rightarrow> prop \<Rightarrow> prop"} & implication (right associative infix) \\
7.461 + @{text "\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> prop"} & equality relation (infix) \\
7.462 + \end{tabular}
7.463 + \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
7.464 + \end{center}
7.465 + \end{figure}
7.466 +
7.467 + \begin{figure}[htb]
7.468 + \begin{center}
7.469 + \[
7.470 + \infer[@{text "(axiom)"}]{@{text "\<turnstile> A"}}{@{text "A \<in> \<Theta>"}}
7.471 + \qquad
7.472 + \infer[@{text "(assume)"}]{@{text "A \<turnstile> A"}}{}
7.473 + \]
7.474 + \[
7.475 + \infer[@{text "(\<And>_intro)"}]{@{text "\<Gamma> \<turnstile> \<And>x. b[x]"}}{@{text "\<Gamma> \<turnstile> b[x]"} & @{text "x \<notin> \<Gamma>"}}
7.476 + \qquad
7.477 + \infer[@{text "(\<And>_elim)"}]{@{text "\<Gamma> \<turnstile> b[a]"}}{@{text "\<Gamma> \<turnstile> \<And>x. b[x]"}}
7.478 + \]
7.479 + \[
7.480 + \infer[@{text "(\<Longrightarrow>_intro)"}]{@{text "\<Gamma> - A \<turnstile> A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
7.481 + \qquad
7.482 + \infer[@{text "(\<Longrightarrow>_elim)"}]{@{text "\<Gamma>\<^sub>1 \<union> \<Gamma>\<^sub>2 \<turnstile> B"}}{@{text "\<Gamma>\<^sub>1 \<turnstile> A \<Longrightarrow> B"} & @{text "\<Gamma>\<^sub>2 \<turnstile> A"}}
7.483 + \]
7.484 + \caption{Primitive inferences of Pure}\label{fig:prim-rules}
7.485 + \end{center}
7.486 + \end{figure}
7.487 +
7.488 + \begin{figure}[htb]
7.489 + \begin{center}
7.490 + \begin{tabular}{ll}
7.491 + @{text "\<turnstile> (\<lambda>x. b[x]) a \<equiv> b[a]"} & @{text "\<beta>"}-conversion \\
7.492 + @{text "\<turnstile> x \<equiv> x"} & reflexivity \\
7.493 + @{text "\<turnstile> x \<equiv> y \<Longrightarrow> P x \<Longrightarrow> P y"} & substitution \\
7.494 + @{text "\<turnstile> (\<And>x. f x \<equiv> g x) \<Longrightarrow> f \<equiv> g"} & extensionality \\
7.495 + @{text "\<turnstile> (A \<Longrightarrow> B) \<Longrightarrow> (B \<Longrightarrow> A) \<Longrightarrow> A \<equiv> B"} & logical equivalence \\
7.496 + \end{tabular}
7.497 + \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
7.498 + \end{center}
7.499 + \end{figure}
7.500 +
7.501 + The introduction and elimination rules for @{text "\<And>"} and @{text
7.502 + "\<Longrightarrow>"} are analogous to formation of dependently typed @{text
7.503 + "\<lambda>"}-terms representing the underlying proof objects. Proof terms
7.504 + are irrelevant in the Pure logic, though; they cannot occur within
7.505 + propositions. The system provides a runtime option to record
7.506 + explicit proof terms for primitive inferences. Thus all three
7.507 + levels of @{text "\<lambda>"}-calculus become explicit: @{text "\<Rightarrow>"} for
7.508 + terms, and @{text "\<And>/\<Longrightarrow>"} for proofs (cf.\
7.509 + \cite{Berghofer-Nipkow:2000:TPHOL}).
7.510 +
7.511 + Observe that locally fixed parameters (as in @{text "\<And>_intro"}) need
7.512 + not be recorded in the hypotheses, because the simple syntactic
7.513 + types of Pure are always inhabitable. ``Assumptions'' @{text "x ::
7.514 + \<tau>"} for type-membership are only present as long as some @{text
7.515 + "x\<^isub>\<tau>"} occurs in the statement body.\footnote{This is the key
7.516 + difference to ``@{text "\<lambda>HOL"}'' in the PTS framework
7.517 + \cite{Barendregt-Geuvers:2001}, where hypotheses @{text "x : A"} are
7.518 + treated uniformly for propositions and types.}
7.519 +
7.520 + \medskip The axiomatization of a theory is implicitly closed by
7.521 + forming all instances of type and term variables: @{text "\<turnstile>
7.522 + A\<vartheta>"} holds for any substitution instance of an axiom
7.523 + @{text "\<turnstile> A"}. By pushing substitutions through derivations
7.524 + inductively, we also get admissible @{text "generalize"} and @{text
7.525 + "instance"} rules as shown in \figref{fig:subst-rules}.
7.526 +
7.527 + \begin{figure}[htb]
7.528 + \begin{center}
7.529 + \[
7.530 + \infer{@{text "\<Gamma> \<turnstile> B[?\<alpha>]"}}{@{text "\<Gamma> \<turnstile> B[\<alpha>]"} & @{text "\<alpha> \<notin> \<Gamma>"}}
7.531 + \quad
7.532 + \infer[\quad@{text "(generalize)"}]{@{text "\<Gamma> \<turnstile> B[?x]"}}{@{text "\<Gamma> \<turnstile> B[x]"} & @{text "x \<notin> \<Gamma>"}}
7.533 + \]
7.534 + \[
7.535 + \infer{@{text "\<Gamma> \<turnstile> B[\<tau>]"}}{@{text "\<Gamma> \<turnstile> B[?\<alpha>]"}}
7.536 + \quad
7.537 + \infer[\quad@{text "(instantiate)"}]{@{text "\<Gamma> \<turnstile> B[t]"}}{@{text "\<Gamma> \<turnstile> B[?x]"}}
7.538 + \]
7.539 + \caption{Admissible substitution rules}\label{fig:subst-rules}
7.540 + \end{center}
7.541 + \end{figure}
7.542 +
7.543 + Note that @{text "instantiate"} does not require an explicit
7.544 + side-condition, because @{text "\<Gamma>"} may never contain schematic
7.545 + variables.
7.546 +
7.547 + In principle, variables could be substituted in hypotheses as well,
7.548 + but this would disrupt the monotonicity of reasoning: deriving
7.549 + @{text "\<Gamma>\<vartheta> \<turnstile> B\<vartheta>"} from @{text "\<Gamma> \<turnstile> B"} is
7.550 + correct, but @{text "\<Gamma>\<vartheta> \<supseteq> \<Gamma>"} does not necessarily hold:
7.551 + the result belongs to a different proof context.
7.552 +
7.553 + \medskip An \emph{oracle} is a function that produces axioms on the
7.554 + fly. Logically, this is an instance of the @{text "axiom"} rule
7.555 + (\figref{fig:prim-rules}), but there is an operational difference.
7.556 + The system always records oracle invocations within derivations of
7.557 + theorems. Tracing plain axioms (and named theorems) is optional.
7.558 +
7.559 + Axiomatizations should be limited to the bare minimum, typically as
7.560 + part of the initial logical basis of an object-logic formalization.
7.561 + Later on, theories are usually developed in a strictly definitional
7.562 + fashion, by stating only certain equalities over new constants.
7.563 +
7.564 + A \emph{simple definition} consists of a constant declaration @{text
7.565 + "c :: \<sigma>"} together with an axiom @{text "\<turnstile> c \<equiv> t"}, where @{text "t
7.566 + :: \<sigma>"} is a closed term without any hidden polymorphism. The RHS
7.567 + may depend on further defined constants, but not @{text "c"} itself.
7.568 + Definitions of functions may be presented as @{text "c \<^vec>x \<equiv>
7.569 + t"} instead of the puristic @{text "c \<equiv> \<lambda>\<^vec>x. t"}.
7.570 +
7.571 + An \emph{overloaded definition} consists of a collection of axioms
7.572 + for the same constant, with zero or one equations @{text
7.573 + "c((\<^vec>\<alpha>)\<kappa>) \<equiv> t"} for each type constructor @{text "\<kappa>"} (for
7.574 + distinct variables @{text "\<^vec>\<alpha>"}). The RHS may mention
7.575 + previously defined constants as above, or arbitrary constants @{text
7.576 + "d(\<alpha>\<^isub>i)"} for some @{text "\<alpha>\<^isub>i"} projected from @{text
7.577 + "\<^vec>\<alpha>"}. Thus overloaded definitions essentially work by
7.578 + primitive recursion over the syntactic structure of a single type
7.579 + argument.
7.580 +*}
7.581 +
7.582 +text %mlref {*
7.583 + \begin{mldecls}
7.584 + @{index_ML_type ctyp} \\
7.585 + @{index_ML_type cterm} \\
7.586 + @{index_ML Thm.ctyp_of: "theory -> typ -> ctyp"} \\
7.587 + @{index_ML Thm.cterm_of: "theory -> term -> cterm"} \\
7.588 + \end{mldecls}
7.589 + \begin{mldecls}
7.590 + @{index_ML_type thm} \\
7.591 + @{index_ML proofs: "int ref"} \\
7.592 + @{index_ML Thm.assume: "cterm -> thm"} \\
7.593 + @{index_ML Thm.forall_intr: "cterm -> thm -> thm"} \\
7.594 + @{index_ML Thm.forall_elim: "cterm -> thm -> thm"} \\
7.595 + @{index_ML Thm.implies_intr: "cterm -> thm -> thm"} \\
7.596 + @{index_ML Thm.implies_elim: "thm -> thm -> thm"} \\
7.597 + @{index_ML Thm.generalize: "string list * string list -> int -> thm -> thm"} \\
7.598 + @{index_ML Thm.instantiate: "(ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm"} \\
7.599 + @{index_ML Thm.axiom: "theory -> string -> thm"} \\
7.600 + @{index_ML Thm.add_oracle: "bstring * ('a -> cterm) -> theory
7.601 + -> (string * ('a -> thm)) * theory"} \\
7.602 + \end{mldecls}
7.603 + \begin{mldecls}
7.604 + @{index_ML Theory.add_axioms_i: "(binding * term) list -> theory -> theory"} \\
7.605 + @{index_ML Theory.add_deps: "string -> string * typ -> (string * typ) list -> theory -> theory"} \\
7.606 + @{index_ML Theory.add_defs_i: "bool -> bool -> (binding * term) list -> theory -> theory"} \\
7.607 + \end{mldecls}
7.608 +
7.609 + \begin{description}
7.610 +
7.611 + \item @{ML_type ctyp} and @{ML_type cterm} represent certified types
7.612 + and terms, respectively. These are abstract datatypes that
7.613 + guarantee that its values have passed the full well-formedness (and
7.614 + well-typedness) checks, relative to the declarations of type
7.615 + constructors, constants etc. in the theory.
7.616 +
7.617 + \item @{ML ctyp_of}~@{text "thy \<tau>"} and @{ML cterm_of}~@{text "thy
7.618 + t"} explicitly checks types and terms, respectively. This also
7.619 + involves some basic normalizations, such expansion of type and term
7.620 + abbreviations from the theory context.
7.621 +
7.622 + Re-certification is relatively slow and should be avoided in tight
7.623 + reasoning loops. There are separate operations to decompose
7.624 + certified entities (including actual theorems).
7.625 +
7.626 + \item @{ML_type thm} represents proven propositions. This is an
7.627 + abstract datatype that guarantees that its values have been
7.628 + constructed by basic principles of the @{ML_struct Thm} module.
7.629 + Every @{ML thm} value contains a sliding back-reference to the
7.630 + enclosing theory, cf.\ \secref{sec:context-theory}.
7.631 +
7.632 + \item @{ML proofs} determines the detail of proof recording within
7.633 + @{ML_type thm} values: @{ML 0} records only oracles, @{ML 1} records
7.634 + oracles, axioms and named theorems, @{ML 2} records full proof
7.635 + terms.
7.636 +
7.637 + \item @{ML Thm.assume}, @{ML Thm.forall_intr}, @{ML
7.638 + Thm.forall_elim}, @{ML Thm.implies_intr}, and @{ML Thm.implies_elim}
7.639 + correspond to the primitive inferences of \figref{fig:prim-rules}.
7.640 +
7.641 + \item @{ML Thm.generalize}~@{text "(\<^vec>\<alpha>, \<^vec>x)"}
7.642 + corresponds to the @{text "generalize"} rules of
7.643 + \figref{fig:subst-rules}. Here collections of type and term
7.644 + variables are generalized simultaneously, specified by the given
7.645 + basic names.
7.646 +
7.647 + \item @{ML Thm.instantiate}~@{text "(\<^vec>\<alpha>\<^isub>s,
7.648 + \<^vec>x\<^isub>\<tau>)"} corresponds to the @{text "instantiate"} rules
7.649 + of \figref{fig:subst-rules}. Type variables are substituted before
7.650 + term variables. Note that the types in @{text "\<^vec>x\<^isub>\<tau>"}
7.651 + refer to the instantiated versions.
7.652 +
7.653 + \item @{ML Thm.axiom}~@{text "thy name"} retrieves a named
7.654 + axiom, cf.\ @{text "axiom"} in \figref{fig:prim-rules}.
7.655 +
7.656 + \item @{ML Thm.add_oracle}~@{text "(name, oracle)"} produces a named
7.657 + oracle rule, essentially generating arbitrary axioms on the fly,
7.658 + cf.\ @{text "axiom"} in \figref{fig:prim-rules}.
7.659 +
7.660 + \item @{ML Theory.add_axioms_i}~@{text "[(name, A), \<dots>]"} declares
7.661 + arbitrary propositions as axioms.
7.662 +
7.663 + \item @{ML Theory.add_deps}~@{text "name c\<^isub>\<tau>
7.664 + \<^vec>d\<^isub>\<sigma>"} declares dependencies of a named specification
7.665 + for constant @{text "c\<^isub>\<tau>"}, relative to existing
7.666 + specifications for constants @{text "\<^vec>d\<^isub>\<sigma>"}.
7.667 +
7.668 + \item @{ML Theory.add_defs_i}~@{text "unchecked overloaded [(name, c
7.669 + \<^vec>x \<equiv> t), \<dots>]"} states a definitional axiom for an existing
7.670 + constant @{text "c"}. Dependencies are recorded (cf.\ @{ML
7.671 + Theory.add_deps}), unless the @{text "unchecked"} option is set.
7.672 +
7.673 + \end{description}
7.674 +*}
7.675 +
7.676 +
7.677 +subsection {* Auxiliary definitions *}
7.678 +
7.679 +text {*
7.680 + Theory @{text "Pure"} provides a few auxiliary definitions, see
7.681 + \figref{fig:pure-aux}. These special constants are normally not
7.682 + exposed to the user, but appear in internal encodings.
7.683 +
7.684 + \begin{figure}[htb]
7.685 + \begin{center}
7.686 + \begin{tabular}{ll}
7.687 + @{text "conjunction :: prop \<Rightarrow> prop \<Rightarrow> prop"} & (infix @{text "&"}) \\
7.688 + @{text "\<turnstile> A & B \<equiv> (\<And>C. (A \<Longrightarrow> B \<Longrightarrow> C) \<Longrightarrow> C)"} \\[1ex]
7.689 + @{text "prop :: prop \<Rightarrow> prop"} & (prefix @{text "#"}, suppressed) \\
7.690 + @{text "#A \<equiv> A"} \\[1ex]
7.691 + @{text "term :: \<alpha> \<Rightarrow> prop"} & (prefix @{text "TERM"}) \\
7.692 + @{text "term x \<equiv> (\<And>A. A \<Longrightarrow> A)"} \\[1ex]
7.693 + @{text "TYPE :: \<alpha> itself"} & (prefix @{text "TYPE"}) \\
7.694 + @{text "(unspecified)"} \\
7.695 + \end{tabular}
7.696 + \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
7.697 + \end{center}
7.698 + \end{figure}
7.699 +
7.700 + Derived conjunction rules include introduction @{text "A \<Longrightarrow> B \<Longrightarrow> A &
7.701 + B"}, and destructions @{text "A & B \<Longrightarrow> A"} and @{text "A & B \<Longrightarrow> B"}.
7.702 + Conjunction allows to treat simultaneous assumptions and conclusions
7.703 + uniformly. For example, multiple claims are intermediately
7.704 + represented as explicit conjunction, but this is refined into
7.705 + separate sub-goals before the user continues the proof; the final
7.706 + result is projected into a list of theorems (cf.\
7.707 + \secref{sec:tactical-goals}).
7.708 +
7.709 + The @{text "prop"} marker (@{text "#"}) makes arbitrarily complex
7.710 + propositions appear as atomic, without changing the meaning: @{text
7.711 + "\<Gamma> \<turnstile> A"} and @{text "\<Gamma> \<turnstile> #A"} are interchangeable. See
7.712 + \secref{sec:tactical-goals} for specific operations.
7.713 +
7.714 + The @{text "term"} marker turns any well-typed term into a derivable
7.715 + proposition: @{text "\<turnstile> TERM t"} holds unconditionally. Although
7.716 + this is logically vacuous, it allows to treat terms and proofs
7.717 + uniformly, similar to a type-theoretic framework.
7.718 +
7.719 + The @{text "TYPE"} constructor is the canonical representative of
7.720 + the unspecified type @{text "\<alpha> itself"}; it essentially injects the
7.721 + language of types into that of terms. There is specific notation
7.722 + @{text "TYPE(\<tau>)"} for @{text "TYPE\<^bsub>\<tau>
7.723 + itself\<^esub>"}.
7.724 + Although being devoid of any particular meaning, the @{text
7.725 + "TYPE(\<tau>)"} accounts for the type @{text "\<tau>"} within the term
7.726 + language. In particular, @{text "TYPE(\<alpha>)"} may be used as formal
7.727 + argument in primitive definitions, in order to circumvent hidden
7.728 + polymorphism (cf.\ \secref{sec:terms}). For example, @{text "c
7.729 + TYPE(\<alpha>) \<equiv> A[\<alpha>]"} defines @{text "c :: \<alpha> itself \<Rightarrow> prop"} in terms of
7.730 + a proposition @{text "A"} that depends on an additional type
7.731 + argument, which is essentially a predicate on types.
7.732 +*}
7.733 +
7.734 +text %mlref {*
7.735 + \begin{mldecls}
7.736 + @{index_ML Conjunction.intr: "thm -> thm -> thm"} \\
7.737 + @{index_ML Conjunction.elim: "thm -> thm * thm"} \\
7.738 + @{index_ML Drule.mk_term: "cterm -> thm"} \\
7.739 + @{index_ML Drule.dest_term: "thm -> cterm"} \\
7.740 + @{index_ML Logic.mk_type: "typ -> term"} \\
7.741 + @{index_ML Logic.dest_type: "term -> typ"} \\
7.742 + \end{mldecls}
7.743 +
7.744 + \begin{description}
7.745 +
7.746 + \item @{ML Conjunction.intr} derives @{text "A & B"} from @{text
7.747 + "A"} and @{text "B"}.
7.748 +
7.749 + \item @{ML Conjunction.elim} derives @{text "A"} and @{text "B"}
7.750 + from @{text "A & B"}.
7.751 +
7.752 + \item @{ML Drule.mk_term} derives @{text "TERM t"}.
7.753 +
7.754 + \item @{ML Drule.dest_term} recovers term @{text "t"} from @{text
7.755 + "TERM t"}.
7.756 +
7.757 + \item @{ML Logic.mk_type}~@{text "\<tau>"} produces the term @{text
7.758 + "TYPE(\<tau>)"}.
7.759 +
7.760 + \item @{ML Logic.dest_type}~@{text "TYPE(\<tau>)"} recovers the type
7.761 + @{text "\<tau>"}.
7.762 +
7.763 + \end{description}
7.764 +*}
7.765 +
7.766 +
7.767 +section {* Object-level rules \label{sec:obj-rules} *}
7.768 +
7.769 +text %FIXME {*
7.770 +
7.771 +FIXME
7.772 +
7.773 + A \emph{rule} is any Pure theorem in HHF normal form; there is a
7.774 + separate calculus for rule composition, which is modeled after
7.775 + Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows
7.776 + rules to be nested arbitrarily, similar to \cite{extensions91}.
7.777 +
7.778 + Normally, all theorems accessible to the user are proper rules.
7.779 + Low-level inferences are occasional required internally, but the
7.780 + result should be always presented in canonical form. The higher
7.781 + interfaces of Isabelle/Isar will always produce proper rules. It is
7.782 + important to maintain this invariant in add-on applications!
7.783 +
7.784 + There are two main principles of rule composition: @{text
7.785 + "resolution"} (i.e.\ backchaining of rules) and @{text
7.786 + "by-assumption"} (i.e.\ closing a branch); both principles are
7.787 + combined in the variants of @{text "elim-resolution"} and @{text
7.788 + "dest-resolution"}. Raw @{text "composition"} is occasionally
7.789 + useful as well, also it is strictly speaking outside of the proper
7.790 + rule calculus.
7.791 +
7.792 + Rules are treated modulo general higher-order unification, which is
7.793 + unification modulo the equational theory of @{text "\<alpha>\<beta>\<eta>"}-conversion
7.794 + on @{text "\<lambda>"}-terms. Moreover, propositions are understood modulo
7.795 + the (derived) equivalence @{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}.
7.796 +
7.797 + This means that any operations within the rule calculus may be
7.798 + subject to spontaneous @{text "\<alpha>\<beta>\<eta>"}-HHF conversions. It is common
7.799 + practice not to contract or expand unnecessarily. Some mechanisms
7.800 + prefer an one form, others the opposite, so there is a potential
7.801 + danger to produce some oscillation!
7.802 +
7.803 + Only few operations really work \emph{modulo} HHF conversion, but
7.804 + expect a normal form: quantifiers @{text "\<And>"} before implications
7.805 + @{text "\<Longrightarrow>"} at each level of nesting.
7.806 +
7.807 +\glossary{Hereditary Harrop Formula}{The set of propositions in HHF
7.808 +format is defined inductively as @{text "H = (\<And>x\<^sup>*. H\<^sup>* \<Longrightarrow>
7.809 +A)"}, for variables @{text "x"} and atomic propositions @{text "A"}.
7.810 +Any proposition may be put into HHF form by normalizing with the rule
7.811 +@{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}. In Isabelle, the outermost
7.812 +quantifier prefix is represented via \seeglossary{schematic
7.813 +variables}, such that the top-level structure is merely that of a
7.814 +\seeglossary{Horn Clause}}.
7.815 +
7.816 +\glossary{HHF}{See \seeglossary{Hereditary Harrop Formula}.}
7.817 +
7.818 +
7.819 + \[
7.820 + \infer[@{text "(assumption)"}]{@{text "C\<vartheta>"}}
7.821 + {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C"} & @{text "A\<vartheta> = H\<^sub>i\<vartheta>"}~~\text{(for some~@{text i})}}
7.822 + \]
7.823 +
7.824 +
7.825 + \[
7.826 + \infer[@{text "(compose)"}]{@{text "\<^vec>A\<vartheta> \<Longrightarrow> C\<vartheta>"}}
7.827 + {@{text "\<^vec>A \<Longrightarrow> B"} & @{text "B' \<Longrightarrow> C"} & @{text "B\<vartheta> = B'\<vartheta>"}}
7.828 + \]
7.829 +
7.830 +
7.831 + \[
7.832 + \infer[@{text "(\<And>_lift)"}]{@{text "(\<And>\<^vec>x. \<^vec>A (?\<^vec>a \<^vec>x)) \<Longrightarrow> (\<And>\<^vec>x. B (?\<^vec>a \<^vec>x))"}}{@{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"}}
7.833 + \]
7.834 + \[
7.835 + \infer[@{text "(\<Longrightarrow>_lift)"}]{@{text "(\<^vec>H \<Longrightarrow> \<^vec>A) \<Longrightarrow> (\<^vec>H \<Longrightarrow> B)"}}{@{text "\<^vec>A \<Longrightarrow> B"}}
7.836 + \]
7.837 +
7.838 + The @{text resolve} scheme is now acquired from @{text "\<And>_lift"},
7.839 + @{text "\<Longrightarrow>_lift"}, and @{text compose}.
7.840 +
7.841 + \[
7.842 + \infer[@{text "(resolution)"}]
7.843 + {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (?\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}}
7.844 + {\begin{tabular}{l}
7.845 + @{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"} \\
7.846 + @{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\
7.847 + @{text "(\<lambda>\<^vec>x. B (?\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\
7.848 + \end{tabular}}
7.849 + \]
7.850 +
7.851 +
7.852 + FIXME @{text "elim_resolution"}, @{text "dest_resolution"}
7.853 +*}
7.854 +
7.855 +end
8.1 --- a/doc-src/IsarImplementation/Thy/ML.thy Mon Feb 16 20:25:21 2009 +0100
8.2 +++ b/doc-src/IsarImplementation/Thy/ML.thy Mon Feb 16 20:47:44 2009 +0100
8.3 @@ -1,6 +1,6 @@
8.4 -(* $Id$ *)
8.5 -
8.6 -theory "ML" imports base begin
8.7 +theory "ML"
8.8 +imports Base
8.9 +begin
8.10
8.11 chapter {* Advanced ML programming *}
8.12
9.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
9.2 +++ b/doc-src/IsarImplementation/Thy/Prelim.thy Mon Feb 16 20:47:44 2009 +0100
9.3 @@ -0,0 +1,778 @@
9.4 +theory Prelim
9.5 +imports Base
9.6 +begin
9.7 +
9.8 +chapter {* Preliminaries *}
9.9 +
9.10 +section {* Contexts \label{sec:context} *}
9.11 +
9.12 +text {*
9.13 + A logical context represents the background that is required for
9.14 + formulating statements and composing proofs. It acts as a medium to
9.15 + produce formal content, depending on earlier material (declarations,
9.16 + results etc.).
9.17 +
9.18 + For example, derivations within the Isabelle/Pure logic can be
9.19 + described as a judgment @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<phi>"}, which means that a
9.20 + proposition @{text "\<phi>"} is derivable from hypotheses @{text "\<Gamma>"}
9.21 + within the theory @{text "\<Theta>"}. There are logical reasons for
9.22 + keeping @{text "\<Theta>"} and @{text "\<Gamma>"} separate: theories can be
9.23 + liberal about supporting type constructors and schematic
9.24 + polymorphism of constants and axioms, while the inner calculus of
9.25 + @{text "\<Gamma> \<turnstile> \<phi>"} is strictly limited to Simple Type Theory (with
9.26 + fixed type variables in the assumptions).
9.27 +
9.28 + \medskip Contexts and derivations are linked by the following key
9.29 + principles:
9.30 +
9.31 + \begin{itemize}
9.32 +
9.33 + \item Transfer: monotonicity of derivations admits results to be
9.34 + transferred into a \emph{larger} context, i.e.\ @{text "\<Gamma> \<turnstile>\<^sub>\<Theta>
9.35 + \<phi>"} implies @{text "\<Gamma>' \<turnstile>\<^sub>\<Theta>\<^sub>' \<phi>"} for contexts @{text "\<Theta>'
9.36 + \<supseteq> \<Theta>"} and @{text "\<Gamma>' \<supseteq> \<Gamma>"}.
9.37 +
9.38 + \item Export: discharge of hypotheses admits results to be exported
9.39 + into a \emph{smaller} context, i.e.\ @{text "\<Gamma>' \<turnstile>\<^sub>\<Theta> \<phi>"}
9.40 + implies @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<Delta> \<Longrightarrow> \<phi>"} where @{text "\<Gamma>' \<supseteq> \<Gamma>"} and
9.41 + @{text "\<Delta> = \<Gamma>' - \<Gamma>"}. Note that @{text "\<Theta>"} remains unchanged here,
9.42 + only the @{text "\<Gamma>"} part is affected.
9.43 +
9.44 + \end{itemize}
9.45 +
9.46 + \medskip By modeling the main characteristics of the primitive
9.47 + @{text "\<Theta>"} and @{text "\<Gamma>"} above, and abstracting over any
9.48 + particular logical content, we arrive at the fundamental notions of
9.49 + \emph{theory context} and \emph{proof context} in Isabelle/Isar.
9.50 + These implement a certain policy to manage arbitrary \emph{context
9.51 + data}. There is a strongly-typed mechanism to declare new kinds of
9.52 + data at compile time.
9.53 +
9.54 + The internal bootstrap process of Isabelle/Pure eventually reaches a
9.55 + stage where certain data slots provide the logical content of @{text
9.56 + "\<Theta>"} and @{text "\<Gamma>"} sketched above, but this does not stop there!
9.57 + Various additional data slots support all kinds of mechanisms that
9.58 + are not necessarily part of the core logic.
9.59 +
9.60 + For example, there would be data for canonical introduction and
9.61 + elimination rules for arbitrary operators (depending on the
9.62 + object-logic and application), which enables users to perform
9.63 + standard proof steps implicitly (cf.\ the @{text "rule"} method
9.64 + \cite{isabelle-isar-ref}).
9.65 +
9.66 + \medskip Thus Isabelle/Isar is able to bring forth more and more
9.67 + concepts successively. In particular, an object-logic like
9.68 + Isabelle/HOL continues the Isabelle/Pure setup by adding specific
9.69 + components for automated reasoning (classical reasoner, tableau
9.70 + prover, structured induction etc.) and derived specification
9.71 + mechanisms (inductive predicates, recursive functions etc.). All of
9.72 + this is ultimately based on the generic data management by theory
9.73 + and proof contexts introduced here.
9.74 +*}
9.75 +
9.76 +
9.77 +subsection {* Theory context \label{sec:context-theory} *}
9.78 +
9.79 +text {*
9.80 + \glossary{Theory}{FIXME}
9.81 +
9.82 + A \emph{theory} is a data container with explicit named and unique
9.83 + identifier. Theories are related by a (nominal) sub-theory
9.84 + relation, which corresponds to the dependency graph of the original
9.85 + construction; each theory is derived from a certain sub-graph of
9.86 + ancestor theories.
9.87 +
9.88 + The @{text "merge"} operation produces the least upper bound of two
9.89 + theories, which actually degenerates into absorption of one theory
9.90 + into the other (due to the nominal sub-theory relation).
9.91 +
9.92 + The @{text "begin"} operation starts a new theory by importing
9.93 + several parent theories and entering a special @{text "draft"} mode,
9.94 + which is sustained until the final @{text "end"} operation. A draft
9.95 + theory acts like a linear type, where updates invalidate earlier
9.96 + versions. An invalidated draft is called ``stale''.
9.97 +
9.98 + The @{text "checkpoint"} operation produces an intermediate stepping
9.99 + stone that will survive the next update: both the original and the
9.100 + changed theory remain valid and are related by the sub-theory
9.101 + relation. Checkpointing essentially recovers purely functional
9.102 + theory values, at the expense of some extra internal bookkeeping.
9.103 +
9.104 + The @{text "copy"} operation produces an auxiliary version that has
9.105 + the same data content, but is unrelated to the original: updates of
9.106 + the copy do not affect the original, neither does the sub-theory
9.107 + relation hold.
9.108 +
9.109 + \medskip The example in \figref{fig:ex-theory} below shows a theory
9.110 + graph derived from @{text "Pure"}, with theory @{text "Length"}
9.111 + importing @{text "Nat"} and @{text "List"}. The body of @{text
9.112 + "Length"} consists of a sequence of updates, working mostly on
9.113 + drafts. Intermediate checkpoints may occur as well, due to the
9.114 + history mechanism provided by the Isar top-level, cf.\
9.115 + \secref{sec:isar-toplevel}.
9.116 +
9.117 + \begin{figure}[htb]
9.118 + \begin{center}
9.119 + \begin{tabular}{rcccl}
9.120 + & & @{text "Pure"} \\
9.121 + & & @{text "\<down>"} \\
9.122 + & & @{text "FOL"} \\
9.123 + & $\swarrow$ & & $\searrow$ & \\
9.124 + @{text "Nat"} & & & & @{text "List"} \\
9.125 + & $\searrow$ & & $\swarrow$ \\
9.126 + & & @{text "Length"} \\
9.127 + & & \multicolumn{3}{l}{~~@{keyword "imports"}} \\
9.128 + & & \multicolumn{3}{l}{~~@{keyword "begin"}} \\
9.129 + & & $\vdots$~~ \\
9.130 + & & @{text "\<bullet>"}~~ \\
9.131 + & & $\vdots$~~ \\
9.132 + & & @{text "\<bullet>"}~~ \\
9.133 + & & $\vdots$~~ \\
9.134 + & & \multicolumn{3}{l}{~~@{command "end"}} \\
9.135 + \end{tabular}
9.136 + \caption{A theory definition depending on ancestors}\label{fig:ex-theory}
9.137 + \end{center}
9.138 + \end{figure}
9.139 +
9.140 + \medskip There is a separate notion of \emph{theory reference} for
9.141 + maintaining a live link to an evolving theory context: updates on
9.142 + drafts are propagated automatically. Dynamic updating stops after
9.143 + an explicit @{text "end"} only.
9.144 +
9.145 + Derived entities may store a theory reference in order to indicate
9.146 + the context they belong to. This implicitly assumes monotonic
9.147 + reasoning, because the referenced context may become larger without
9.148 + further notice.
9.149 +*}
9.150 +
9.151 +text %mlref {*
9.152 + \begin{mldecls}
9.153 + @{index_ML_type theory} \\
9.154 + @{index_ML Theory.subthy: "theory * theory -> bool"} \\
9.155 + @{index_ML Theory.merge: "theory * theory -> theory"} \\
9.156 + @{index_ML Theory.checkpoint: "theory -> theory"} \\
9.157 + @{index_ML Theory.copy: "theory -> theory"} \\
9.158 + \end{mldecls}
9.159 + \begin{mldecls}
9.160 + @{index_ML_type theory_ref} \\
9.161 + @{index_ML Theory.deref: "theory_ref -> theory"} \\
9.162 + @{index_ML Theory.check_thy: "theory -> theory_ref"} \\
9.163 + \end{mldecls}
9.164 +
9.165 + \begin{description}
9.166 +
9.167 + \item @{ML_type theory} represents theory contexts. This is
9.168 + essentially a linear type! Most operations destroy the original
9.169 + version, which then becomes ``stale''.
9.170 +
9.171 + \item @{ML "Theory.subthy"}~@{text "(thy\<^sub>1, thy\<^sub>2)"}
9.172 + compares theories according to the inherent graph structure of the
9.173 + construction. This sub-theory relation is a nominal approximation
9.174 + of inclusion (@{text "\<subseteq>"}) of the corresponding content.
9.175 +
9.176 + \item @{ML "Theory.merge"}~@{text "(thy\<^sub>1, thy\<^sub>2)"}
9.177 + absorbs one theory into the other. This fails for unrelated
9.178 + theories!
9.179 +
9.180 + \item @{ML "Theory.checkpoint"}~@{text "thy"} produces a safe
9.181 + stepping stone in the linear development of @{text "thy"}. The next
9.182 + update will result in two related, valid theories.
9.183 +
9.184 + \item @{ML "Theory.copy"}~@{text "thy"} produces a variant of @{text
9.185 + "thy"} that holds a copy of the same data. The result is not
9.186 + related to the original; the original is unchanched.
9.187 +
9.188 + \item @{ML_type theory_ref} represents a sliding reference to an
9.189 + always valid theory; updates on the original are propagated
9.190 + automatically.
9.191 +
9.192 + \item @{ML "Theory.deref"}~@{text "thy_ref"} turns a @{ML_type
9.193 + "theory_ref"} into an @{ML_type "theory"} value. As the referenced
9.194 + theory evolves monotonically over time, later invocations of @{ML
9.195 + "Theory.deref"} may refer to a larger context.
9.196 +
9.197 + \item @{ML "Theory.check_thy"}~@{text "thy"} produces a @{ML_type
9.198 + "theory_ref"} from a valid @{ML_type "theory"} value.
9.199 +
9.200 + \end{description}
9.201 +*}
9.202 +
9.203 +
9.204 +subsection {* Proof context \label{sec:context-proof} *}
9.205 +
9.206 +text {*
9.207 + \glossary{Proof context}{The static context of a structured proof,
9.208 + acts like a local ``theory'' of the current portion of Isar proof
9.209 + text, generalizes the idea of local hypotheses @{text "\<Gamma>"} in
9.210 + judgments @{text "\<Gamma> \<turnstile> \<phi>"} of natural deduction calculi. There is a
9.211 + generic notion of introducing and discharging hypotheses.
9.212 + Arbritrary auxiliary context data may be adjoined.}
9.213 +
9.214 + A proof context is a container for pure data with a back-reference
9.215 + to the theory it belongs to. The @{text "init"} operation creates a
9.216 + proof context from a given theory. Modifications to draft theories
9.217 + are propagated to the proof context as usual, but there is also an
9.218 + explicit @{text "transfer"} operation to force resynchronization
9.219 + with more substantial updates to the underlying theory. The actual
9.220 + context data does not require any special bookkeeping, thanks to the
9.221 + lack of destructive features.
9.222 +
9.223 + Entities derived in a proof context need to record inherent logical
9.224 + requirements explicitly, since there is no separate context
9.225 + identification as for theories. For example, hypotheses used in
9.226 + primitive derivations (cf.\ \secref{sec:thms}) are recorded
9.227 + separately within the sequent @{text "\<Gamma> \<turnstile> \<phi>"}, just to make double
9.228 + sure. Results could still leak into an alien proof context do to
9.229 + programming errors, but Isabelle/Isar includes some extra validity
9.230 + checks in critical positions, notably at the end of a sub-proof.
9.231 +
9.232 + Proof contexts may be manipulated arbitrarily, although the common
9.233 + discipline is to follow block structure as a mental model: a given
9.234 + context is extended consecutively, and results are exported back
9.235 + into the original context. Note that the Isar proof states model
9.236 + block-structured reasoning explicitly, using a stack of proof
9.237 + contexts internally, cf.\ \secref{sec:isar-proof-state}.
9.238 +*}
9.239 +
9.240 +text %mlref {*
9.241 + \begin{mldecls}
9.242 + @{index_ML_type Proof.context} \\
9.243 + @{index_ML ProofContext.init: "theory -> Proof.context"} \\
9.244 + @{index_ML ProofContext.theory_of: "Proof.context -> theory"} \\
9.245 + @{index_ML ProofContext.transfer: "theory -> Proof.context -> Proof.context"} \\
9.246 + \end{mldecls}
9.247 +
9.248 + \begin{description}
9.249 +
9.250 + \item @{ML_type Proof.context} represents proof contexts. Elements
9.251 + of this type are essentially pure values, with a sliding reference
9.252 + to the background theory.
9.253 +
9.254 + \item @{ML ProofContext.init}~@{text "thy"} produces a proof context
9.255 + derived from @{text "thy"}, initializing all data.
9.256 +
9.257 + \item @{ML ProofContext.theory_of}~@{text "ctxt"} selects the
9.258 + background theory from @{text "ctxt"}, dereferencing its internal
9.259 + @{ML_type theory_ref}.
9.260 +
9.261 + \item @{ML ProofContext.transfer}~@{text "thy ctxt"} promotes the
9.262 + background theory of @{text "ctxt"} to the super theory @{text
9.263 + "thy"}.
9.264 +
9.265 + \end{description}
9.266 +*}
9.267 +
9.268 +
9.269 +subsection {* Generic contexts \label{sec:generic-context} *}
9.270 +
9.271 +text {*
9.272 + A generic context is the disjoint sum of either a theory or proof
9.273 + context. Occasionally, this enables uniform treatment of generic
9.274 + context data, typically extra-logical information. Operations on
9.275 + generic contexts include the usual injections, partial selections,
9.276 + and combinators for lifting operations on either component of the
9.277 + disjoint sum.
9.278 +
9.279 + Moreover, there are total operations @{text "theory_of"} and @{text
9.280 + "proof_of"} to convert a generic context into either kind: a theory
9.281 + can always be selected from the sum, while a proof context might
9.282 + have to be constructed by an ad-hoc @{text "init"} operation.
9.283 +*}
9.284 +
9.285 +text %mlref {*
9.286 + \begin{mldecls}
9.287 + @{index_ML_type Context.generic} \\
9.288 + @{index_ML Context.theory_of: "Context.generic -> theory"} \\
9.289 + @{index_ML Context.proof_of: "Context.generic -> Proof.context"} \\
9.290 + \end{mldecls}
9.291 +
9.292 + \begin{description}
9.293 +
9.294 + \item @{ML_type Context.generic} is the direct sum of @{ML_type
9.295 + "theory"} and @{ML_type "Proof.context"}, with the datatype
9.296 + constructors @{ML "Context.Theory"} and @{ML "Context.Proof"}.
9.297 +
9.298 + \item @{ML Context.theory_of}~@{text "context"} always produces a
9.299 + theory from the generic @{text "context"}, using @{ML
9.300 + "ProofContext.theory_of"} as required.
9.301 +
9.302 + \item @{ML Context.proof_of}~@{text "context"} always produces a
9.303 + proof context from the generic @{text "context"}, using @{ML
9.304 + "ProofContext.init"} as required (note that this re-initializes the
9.305 + context data with each invocation).
9.306 +
9.307 + \end{description}
9.308 +*}
9.309 +
9.310 +
9.311 +subsection {* Context data \label{sec:context-data} *}
9.312 +
9.313 +text {*
9.314 + The main purpose of theory and proof contexts is to manage arbitrary
9.315 + data. New data types can be declared incrementally at compile time.
9.316 + There are separate declaration mechanisms for any of the three kinds
9.317 + of contexts: theory, proof, generic.
9.318 +
9.319 + \paragraph{Theory data} may refer to destructive entities, which are
9.320 + maintained in direct correspondence to the linear evolution of
9.321 + theory values, including explicit copies.\footnote{Most existing
9.322 + instances of destructive theory data are merely historical relics
9.323 + (e.g.\ the destructive theorem storage, and destructive hints for
9.324 + the Simplifier and Classical rules).} A theory data declaration
9.325 + needs to implement the following SML signature:
9.326 +
9.327 + \medskip
9.328 + \begin{tabular}{ll}
9.329 + @{text "\<type> T"} & representing type \\
9.330 + @{text "\<val> empty: T"} & empty default value \\
9.331 + @{text "\<val> copy: T \<rightarrow> T"} & refresh impure data \\
9.332 + @{text "\<val> extend: T \<rightarrow> T"} & re-initialize on import \\
9.333 + @{text "\<val> merge: T \<times> T \<rightarrow> T"} & join on import \\
9.334 + \end{tabular}
9.335 + \medskip
9.336 +
9.337 + \noindent The @{text "empty"} value acts as initial default for
9.338 + \emph{any} theory that does not declare actual data content; @{text
9.339 + "copy"} maintains persistent integrity for impure data, it is just
9.340 + the identity for pure values; @{text "extend"} is acts like a
9.341 + unitary version of @{text "merge"}, both operations should also
9.342 + include the functionality of @{text "copy"} for impure data.
9.343 +
9.344 + \paragraph{Proof context data} is purely functional. A declaration
9.345 + needs to implement the following SML signature:
9.346 +
9.347 + \medskip
9.348 + \begin{tabular}{ll}
9.349 + @{text "\<type> T"} & representing type \\
9.350 + @{text "\<val> init: theory \<rightarrow> T"} & produce initial value \\
9.351 + \end{tabular}
9.352 + \medskip
9.353 +
9.354 + \noindent The @{text "init"} operation is supposed to produce a pure
9.355 + value from the given background theory.
9.356 +
9.357 + \paragraph{Generic data} provides a hybrid interface for both theory
9.358 + and proof data. The declaration is essentially the same as for
9.359 + (pure) theory data, without @{text "copy"}. The @{text "init"}
9.360 + operation for proof contexts merely selects the current data value
9.361 + from the background theory.
9.362 +
9.363 + \bigskip A data declaration of type @{text "T"} results in the
9.364 + following interface:
9.365 +
9.366 + \medskip
9.367 + \begin{tabular}{ll}
9.368 + @{text "init: theory \<rightarrow> theory"} \\
9.369 + @{text "get: context \<rightarrow> T"} \\
9.370 + @{text "put: T \<rightarrow> context \<rightarrow> context"} \\
9.371 + @{text "map: (T \<rightarrow> T) \<rightarrow> context \<rightarrow> context"} \\
9.372 + \end{tabular}
9.373 + \medskip
9.374 +
9.375 + \noindent Here @{text "init"} is only applicable to impure theory
9.376 + data to install a fresh copy persistently (destructive update on
9.377 + uninitialized has no permanent effect). The other operations provide
9.378 + access for the particular kind of context (theory, proof, or generic
9.379 + context). Note that this is a safe interface: there is no other way
9.380 + to access the corresponding data slot of a context. By keeping
9.381 + these operations private, a component may maintain abstract values
9.382 + authentically, without other components interfering.
9.383 +*}
9.384 +
9.385 +text %mlref {*
9.386 + \begin{mldecls}
9.387 + @{index_ML_functor TheoryDataFun} \\
9.388 + @{index_ML_functor ProofDataFun} \\
9.389 + @{index_ML_functor GenericDataFun} \\
9.390 + \end{mldecls}
9.391 +
9.392 + \begin{description}
9.393 +
9.394 + \item @{ML_functor TheoryDataFun}@{text "(spec)"} declares data for
9.395 + type @{ML_type theory} according to the specification provided as
9.396 + argument structure. The resulting structure provides data init and
9.397 + access operations as described above.
9.398 +
9.399 + \item @{ML_functor ProofDataFun}@{text "(spec)"} is analogous to
9.400 + @{ML_functor TheoryDataFun} for type @{ML_type Proof.context}.
9.401 +
9.402 + \item @{ML_functor GenericDataFun}@{text "(spec)"} is analogous to
9.403 + @{ML_functor TheoryDataFun} for type @{ML_type Context.generic}.
9.404 +
9.405 + \end{description}
9.406 +*}
9.407 +
9.408 +
9.409 +section {* Names \label{sec:names} *}
9.410 +
9.411 +text {*
9.412 + In principle, a name is just a string, but there are various
9.413 + convention for encoding additional structure. For example, ``@{text
9.414 + "Foo.bar.baz"}'' is considered as a qualified name consisting of
9.415 + three basic name components. The individual constituents of a name
9.416 + may have further substructure, e.g.\ the string
9.417 + ``\verb,\,\verb,<alpha>,'' encodes as a single symbol.
9.418 +*}
9.419 +
9.420 +
9.421 +subsection {* Strings of symbols *}
9.422 +
9.423 +text {*
9.424 + \glossary{Symbol}{The smallest unit of text in Isabelle, subsumes
9.425 + plain ASCII characters as well as an infinite collection of named
9.426 + symbols (for greek, math etc.).}
9.427 +
9.428 + A \emph{symbol} constitutes the smallest textual unit in Isabelle
9.429 + --- raw characters are normally not encountered at all. Isabelle
9.430 + strings consist of a sequence of symbols, represented as a packed
9.431 + string or a list of strings. Each symbol is in itself a small
9.432 + string, which has either one of the following forms:
9.433 +
9.434 + \begin{enumerate}
9.435 +
9.436 + \item a single ASCII character ``@{text "c"}'', for example
9.437 + ``\verb,a,'',
9.438 +
9.439 + \item a regular symbol ``\verb,\,\verb,<,@{text "ident"}\verb,>,'',
9.440 + for example ``\verb,\,\verb,<alpha>,'',
9.441 +
9.442 + \item a control symbol ``\verb,\,\verb,<^,@{text "ident"}\verb,>,'',
9.443 + for example ``\verb,\,\verb,<^bold>,'',
9.444 +
9.445 + \item a raw symbol ``\verb,\,\verb,<^raw:,@{text text}\verb,>,''
9.446 + where @{text text} constists of printable characters excluding
9.447 + ``\verb,.,'' and ``\verb,>,'', for example
9.448 + ``\verb,\,\verb,<^raw:$\sum_{i = 1}^n$>,'',
9.449 +
9.450 + \item a numbered raw control symbol ``\verb,\,\verb,<^raw,@{text
9.451 + n}\verb,>, where @{text n} consists of digits, for example
9.452 + ``\verb,\,\verb,<^raw42>,''.
9.453 +
9.454 + \end{enumerate}
9.455 +
9.456 + \noindent The @{text "ident"} syntax for symbol names is @{text
9.457 + "letter (letter | digit)\<^sup>*"}, where @{text "letter =
9.458 + A..Za..z"} and @{text "digit = 0..9"}. There are infinitely many
9.459 + regular symbols and control symbols, but a fixed collection of
9.460 + standard symbols is treated specifically. For example,
9.461 + ``\verb,\,\verb,<alpha>,'' is classified as a letter, which means it
9.462 + may occur within regular Isabelle identifiers.
9.463 +
9.464 + Since the character set underlying Isabelle symbols is 7-bit ASCII
9.465 + and 8-bit characters are passed through transparently, Isabelle may
9.466 + also process Unicode/UCS data in UTF-8 encoding. Unicode provides
9.467 + its own collection of mathematical symbols, but there is no built-in
9.468 + link to the standard collection of Isabelle.
9.469 +
9.470 + \medskip Output of Isabelle symbols depends on the print mode
9.471 + (\secref{FIXME}). For example, the standard {\LaTeX} setup of the
9.472 + Isabelle document preparation system would present
9.473 + ``\verb,\,\verb,<alpha>,'' as @{text "\<alpha>"}, and
9.474 + ``\verb,\,\verb,<^bold>,\verb,\,\verb,<alpha>,'' as @{text
9.475 + "\<^bold>\<alpha>"}.
9.476 +*}
9.477 +
9.478 +text %mlref {*
9.479 + \begin{mldecls}
9.480 + @{index_ML_type "Symbol.symbol"} \\
9.481 + @{index_ML Symbol.explode: "string -> Symbol.symbol list"} \\
9.482 + @{index_ML Symbol.is_letter: "Symbol.symbol -> bool"} \\
9.483 + @{index_ML Symbol.is_digit: "Symbol.symbol -> bool"} \\
9.484 + @{index_ML Symbol.is_quasi: "Symbol.symbol -> bool"} \\
9.485 + @{index_ML Symbol.is_blank: "Symbol.symbol -> bool"} \\
9.486 + \end{mldecls}
9.487 + \begin{mldecls}
9.488 + @{index_ML_type "Symbol.sym"} \\
9.489 + @{index_ML Symbol.decode: "Symbol.symbol -> Symbol.sym"} \\
9.490 + \end{mldecls}
9.491 +
9.492 + \begin{description}
9.493 +
9.494 + \item @{ML_type "Symbol.symbol"} represents individual Isabelle
9.495 + symbols; this is an alias for @{ML_type "string"}.
9.496 +
9.497 + \item @{ML "Symbol.explode"}~@{text "str"} produces a symbol list
9.498 + from the packed form. This function supercedes @{ML
9.499 + "String.explode"} for virtually all purposes of manipulating text in
9.500 + Isabelle!
9.501 +
9.502 + \item @{ML "Symbol.is_letter"}, @{ML "Symbol.is_digit"}, @{ML
9.503 + "Symbol.is_quasi"}, @{ML "Symbol.is_blank"} classify standard
9.504 + symbols according to fixed syntactic conventions of Isabelle, cf.\
9.505 + \cite{isabelle-isar-ref}.
9.506 +
9.507 + \item @{ML_type "Symbol.sym"} is a concrete datatype that represents
9.508 + the different kinds of symbols explicitly, with constructors @{ML
9.509 + "Symbol.Char"}, @{ML "Symbol.Sym"}, @{ML "Symbol.Ctrl"}, @{ML
9.510 + "Symbol.Raw"}.
9.511 +
9.512 + \item @{ML "Symbol.decode"} converts the string representation of a
9.513 + symbol into the datatype version.
9.514 +
9.515 + \end{description}
9.516 +*}
9.517 +
9.518 +
9.519 +subsection {* Basic names \label{sec:basic-names} *}
9.520 +
9.521 +text {*
9.522 + A \emph{basic name} essentially consists of a single Isabelle
9.523 + identifier. There are conventions to mark separate classes of basic
9.524 + names, by attaching a suffix of underscores (@{text "_"}): one
9.525 + underscore means \emph{internal name}, two underscores means
9.526 + \emph{Skolem name}, three underscores means \emph{internal Skolem
9.527 + name}.
9.528 +
9.529 + For example, the basic name @{text "foo"} has the internal version
9.530 + @{text "foo_"}, with Skolem versions @{text "foo__"} and @{text
9.531 + "foo___"}, respectively.
9.532 +
9.533 + These special versions provide copies of the basic name space, apart
9.534 + from anything that normally appears in the user text. For example,
9.535 + system generated variables in Isar proof contexts are usually marked
9.536 + as internal, which prevents mysterious name references like @{text
9.537 + "xaa"} to appear in the text.
9.538 +
9.539 + \medskip Manipulating binding scopes often requires on-the-fly
9.540 + renamings. A \emph{name context} contains a collection of already
9.541 + used names. The @{text "declare"} operation adds names to the
9.542 + context.
9.543 +
9.544 + The @{text "invents"} operation derives a number of fresh names from
9.545 + a given starting point. For example, the first three names derived
9.546 + from @{text "a"} are @{text "a"}, @{text "b"}, @{text "c"}.
9.547 +
9.548 + The @{text "variants"} operation produces fresh names by
9.549 + incrementing tentative names as base-26 numbers (with digits @{text
9.550 + "a..z"}) until all clashes are resolved. For example, name @{text
9.551 + "foo"} results in variants @{text "fooa"}, @{text "foob"}, @{text
9.552 + "fooc"}, \dots, @{text "fooaa"}, @{text "fooab"} etc.; each renaming
9.553 + step picks the next unused variant from this sequence.
9.554 +*}
9.555 +
9.556 +text %mlref {*
9.557 + \begin{mldecls}
9.558 + @{index_ML Name.internal: "string -> string"} \\
9.559 + @{index_ML Name.skolem: "string -> string"} \\
9.560 + \end{mldecls}
9.561 + \begin{mldecls}
9.562 + @{index_ML_type Name.context} \\
9.563 + @{index_ML Name.context: Name.context} \\
9.564 + @{index_ML Name.declare: "string -> Name.context -> Name.context"} \\
9.565 + @{index_ML Name.invents: "Name.context -> string -> int -> string list"} \\
9.566 + @{index_ML Name.variants: "string list -> Name.context -> string list * Name.context"} \\
9.567 + \end{mldecls}
9.568 +
9.569 + \begin{description}
9.570 +
9.571 + \item @{ML Name.internal}~@{text "name"} produces an internal name
9.572 + by adding one underscore.
9.573 +
9.574 + \item @{ML Name.skolem}~@{text "name"} produces a Skolem name by
9.575 + adding two underscores.
9.576 +
9.577 + \item @{ML_type Name.context} represents the context of already used
9.578 + names; the initial value is @{ML "Name.context"}.
9.579 +
9.580 + \item @{ML Name.declare}~@{text "name"} enters a used name into the
9.581 + context.
9.582 +
9.583 + \item @{ML Name.invents}~@{text "context name n"} produces @{text
9.584 + "n"} fresh names derived from @{text "name"}.
9.585 +
9.586 + \item @{ML Name.variants}~@{text "names context"} produces fresh
9.587 + varians of @{text "names"}; the result is entered into the context.
9.588 +
9.589 + \end{description}
9.590 +*}
9.591 +
9.592 +
9.593 +subsection {* Indexed names *}
9.594 +
9.595 +text {*
9.596 + An \emph{indexed name} (or @{text "indexname"}) is a pair of a basic
9.597 + name and a natural number. This representation allows efficient
9.598 + renaming by incrementing the second component only. The canonical
9.599 + way to rename two collections of indexnames apart from each other is
9.600 + this: determine the maximum index @{text "maxidx"} of the first
9.601 + collection, then increment all indexes of the second collection by
9.602 + @{text "maxidx + 1"}; the maximum index of an empty collection is
9.603 + @{text "-1"}.
9.604 +
9.605 + Occasionally, basic names and indexed names are injected into the
9.606 + same pair type: the (improper) indexname @{text "(x, -1)"} is used
9.607 + to encode basic names.
9.608 +
9.609 + \medskip Isabelle syntax observes the following rules for
9.610 + representing an indexname @{text "(x, i)"} as a packed string:
9.611 +
9.612 + \begin{itemize}
9.613 +
9.614 + \item @{text "?x"} if @{text "x"} does not end with a digit and @{text "i = 0"},
9.615 +
9.616 + \item @{text "?xi"} if @{text "x"} does not end with a digit,
9.617 +
9.618 + \item @{text "?x.i"} otherwise.
9.619 +
9.620 + \end{itemize}
9.621 +
9.622 + Indexnames may acquire large index numbers over time. Results are
9.623 + normalized towards @{text "0"} at certain checkpoints, notably at
9.624 + the end of a proof. This works by producing variants of the
9.625 + corresponding basic name components. For example, the collection
9.626 + @{text "?x1, ?x7, ?x42"} becomes @{text "?x, ?xa, ?xb"}.
9.627 +*}
9.628 +
9.629 +text %mlref {*
9.630 + \begin{mldecls}
9.631 + @{index_ML_type indexname} \\
9.632 + \end{mldecls}
9.633 +
9.634 + \begin{description}
9.635 +
9.636 + \item @{ML_type indexname} represents indexed names. This is an
9.637 + abbreviation for @{ML_type "string * int"}. The second component is
9.638 + usually non-negative, except for situations where @{text "(x, -1)"}
9.639 + is used to embed basic names into this type.
9.640 +
9.641 + \end{description}
9.642 +*}
9.643 +
9.644 +
9.645 +subsection {* Qualified names and name spaces *}
9.646 +
9.647 +text {*
9.648 + A \emph{qualified name} consists of a non-empty sequence of basic
9.649 + name components. The packed representation uses a dot as separator,
9.650 + as in ``@{text "A.b.c"}''. The last component is called \emph{base}
9.651 + name, the remaining prefix \emph{qualifier} (which may be empty).
9.652 + The idea of qualified names is to encode nested structures by
9.653 + recording the access paths as qualifiers. For example, an item
9.654 + named ``@{text "A.b.c"}'' may be understood as a local entity @{text
9.655 + "c"}, within a local structure @{text "b"}, within a global
9.656 + structure @{text "A"}. Typically, name space hierarchies consist of
9.657 + 1--2 levels of qualification, but this need not be always so.
9.658 +
9.659 + The empty name is commonly used as an indication of unnamed
9.660 + entities, whenever this makes any sense. The basic operations on
9.661 + qualified names are smart enough to pass through such improper names
9.662 + unchanged.
9.663 +
9.664 + \medskip A @{text "naming"} policy tells how to turn a name
9.665 + specification into a fully qualified internal name (by the @{text
9.666 + "full"} operation), and how fully qualified names may be accessed
9.667 + externally. For example, the default naming policy is to prefix an
9.668 + implicit path: @{text "full x"} produces @{text "path.x"}, and the
9.669 + standard accesses for @{text "path.x"} include both @{text "x"} and
9.670 + @{text "path.x"}. Normally, the naming is implicit in the theory or
9.671 + proof context; there are separate versions of the corresponding.
9.672 +
9.673 + \medskip A @{text "name space"} manages a collection of fully
9.674 + internalized names, together with a mapping between external names
9.675 + and internal names (in both directions). The corresponding @{text
9.676 + "intern"} and @{text "extern"} operations are mostly used for
9.677 + parsing and printing only! The @{text "declare"} operation augments
9.678 + a name space according to the accesses determined by the naming
9.679 + policy.
9.680 +
9.681 + \medskip As a general principle, there is a separate name space for
9.682 + each kind of formal entity, e.g.\ logical constant, type
9.683 + constructor, type class, theorem. It is usually clear from the
9.684 + occurrence in concrete syntax (or from the scope) which kind of
9.685 + entity a name refers to. For example, the very same name @{text
9.686 + "c"} may be used uniformly for a constant, type constructor, and
9.687 + type class.
9.688 +
9.689 + There are common schemes to name theorems systematically, according
9.690 + to the name of the main logical entity involved, e.g.\ @{text
9.691 + "c.intro"} for a canonical theorem related to constant @{text "c"}.
9.692 + This technique of mapping names from one space into another requires
9.693 + some care in order to avoid conflicts. In particular, theorem names
9.694 + derived from a type constructor or type class are better suffixed in
9.695 + addition to the usual qualification, e.g.\ @{text "c_type.intro"}
9.696 + and @{text "c_class.intro"} for theorems related to type @{text "c"}
9.697 + and class @{text "c"}, respectively.
9.698 +*}
9.699 +
9.700 +text %mlref {*
9.701 + \begin{mldecls}
9.702 + @{index_ML NameSpace.base: "string -> string"} \\
9.703 + @{index_ML NameSpace.qualifier: "string -> string"} \\
9.704 + @{index_ML NameSpace.append: "string -> string -> string"} \\
9.705 + @{index_ML NameSpace.implode: "string list -> string"} \\
9.706 + @{index_ML NameSpace.explode: "string -> string list"} \\
9.707 + \end{mldecls}
9.708 + \begin{mldecls}
9.709 + @{index_ML_type NameSpace.naming} \\
9.710 + @{index_ML NameSpace.default_naming: NameSpace.naming} \\
9.711 + @{index_ML NameSpace.add_path: "string -> NameSpace.naming -> NameSpace.naming"} \\
9.712 + @{index_ML NameSpace.full_name: "NameSpace.naming -> binding -> string"} \\
9.713 + \end{mldecls}
9.714 + \begin{mldecls}
9.715 + @{index_ML_type NameSpace.T} \\
9.716 + @{index_ML NameSpace.empty: NameSpace.T} \\
9.717 + @{index_ML NameSpace.merge: "NameSpace.T * NameSpace.T -> NameSpace.T"} \\
9.718 + @{index_ML NameSpace.declare: "NameSpace.naming -> binding -> NameSpace.T -> string * NameSpace.T"} \\
9.719 + @{index_ML NameSpace.intern: "NameSpace.T -> string -> string"} \\
9.720 + @{index_ML NameSpace.extern: "NameSpace.T -> string -> string"} \\
9.721 + \end{mldecls}
9.722 +
9.723 + \begin{description}
9.724 +
9.725 + \item @{ML NameSpace.base}~@{text "name"} returns the base name of a
9.726 + qualified name.
9.727 +
9.728 + \item @{ML NameSpace.qualifier}~@{text "name"} returns the qualifier
9.729 + of a qualified name.
9.730 +
9.731 + \item @{ML NameSpace.append}~@{text "name\<^isub>1 name\<^isub>2"}
9.732 + appends two qualified names.
9.733 +
9.734 + \item @{ML NameSpace.implode}~@{text "name"} and @{ML
9.735 + NameSpace.explode}~@{text "names"} convert between the packed string
9.736 + representation and the explicit list form of qualified names.
9.737 +
9.738 + \item @{ML_type NameSpace.naming} represents the abstract concept of
9.739 + a naming policy.
9.740 +
9.741 + \item @{ML NameSpace.default_naming} is the default naming policy.
9.742 + In a theory context, this is usually augmented by a path prefix
9.743 + consisting of the theory name.
9.744 +
9.745 + \item @{ML NameSpace.add_path}~@{text "path naming"} augments the
9.746 + naming policy by extending its path component.
9.747 +
9.748 + \item @{ML NameSpace.full_name}@{text "naming binding"} turns a name
9.749 + binding (usually a basic name) into the fully qualified
9.750 + internal name, according to the given naming policy.
9.751 +
9.752 + \item @{ML_type NameSpace.T} represents name spaces.
9.753 +
9.754 + \item @{ML NameSpace.empty} and @{ML NameSpace.merge}~@{text
9.755 + "(space\<^isub>1, space\<^isub>2)"} are the canonical operations for
9.756 + maintaining name spaces according to theory data management
9.757 + (\secref{sec:context-data}).
9.758 +
9.759 + \item @{ML NameSpace.declare}~@{text "naming bindings space"} enters a
9.760 + name binding as fully qualified internal name into the name space,
9.761 + with external accesses determined by the naming policy.
9.762 +
9.763 + \item @{ML NameSpace.intern}~@{text "space name"} internalizes a
9.764 + (partially qualified) external name.
9.765 +
9.766 + This operation is mostly for parsing! Note that fully qualified
9.767 + names stemming from declarations are produced via @{ML
9.768 + "NameSpace.full_name"} and @{ML "NameSpace.declare"}
9.769 + (or their derivatives for @{ML_type theory} and
9.770 + @{ML_type Proof.context}).
9.771 +
9.772 + \item @{ML NameSpace.extern}~@{text "space name"} externalizes a
9.773 + (fully qualified) internal name.
9.774 +
9.775 + This operation is mostly for printing! Note unqualified names are
9.776 + produced via @{ML NameSpace.base}.
9.777 +
9.778 + \end{description}
9.779 +*}
9.780 +
9.781 +end
10.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
10.2 +++ b/doc-src/IsarImplementation/Thy/Proof.thy Mon Feb 16 20:47:44 2009 +0100
10.3 @@ -0,0 +1,331 @@
10.4 +theory Proof
10.5 +imports Base
10.6 +begin
10.7 +
10.8 +chapter {* Structured proofs *}
10.9 +
10.10 +section {* Variables \label{sec:variables} *}
10.11 +
10.12 +text {*
10.13 + Any variable that is not explicitly bound by @{text "\<lambda>"}-abstraction
10.14 + is considered as ``free''. Logically, free variables act like
10.15 + outermost universal quantification at the sequent level: @{text
10.16 + "A\<^isub>1(x), \<dots>, A\<^isub>n(x) \<turnstile> B(x)"} means that the result
10.17 + holds \emph{for all} values of @{text "x"}. Free variables for
10.18 + terms (not types) can be fully internalized into the logic: @{text
10.19 + "\<turnstile> B(x)"} and @{text "\<turnstile> \<And>x. B(x)"} are interchangeable, provided
10.20 + that @{text "x"} does not occur elsewhere in the context.
10.21 + Inspecting @{text "\<turnstile> \<And>x. B(x)"} more closely, we see that inside the
10.22 + quantifier, @{text "x"} is essentially ``arbitrary, but fixed'',
10.23 + while from outside it appears as a place-holder for instantiation
10.24 + (thanks to @{text "\<And>"} elimination).
10.25 +
10.26 + The Pure logic represents the idea of variables being either inside
10.27 + or outside the current scope by providing separate syntactic
10.28 + categories for \emph{fixed variables} (e.g.\ @{text "x"}) vs.\
10.29 + \emph{schematic variables} (e.g.\ @{text "?x"}). Incidently, a
10.30 + universal result @{text "\<turnstile> \<And>x. B(x)"} has the HHF normal form @{text
10.31 + "\<turnstile> B(?x)"}, which represents its generality nicely without requiring
10.32 + an explicit quantifier. The same principle works for type
10.33 + variables: @{text "\<turnstile> B(?\<alpha>)"} represents the idea of ``@{text "\<turnstile>
10.34 + \<forall>\<alpha>. B(\<alpha>)"}'' without demanding a truly polymorphic framework.
10.35 +
10.36 + \medskip Additional care is required to treat type variables in a
10.37 + way that facilitates type-inference. In principle, term variables
10.38 + depend on type variables, which means that type variables would have
10.39 + to be declared first. For example, a raw type-theoretic framework
10.40 + would demand the context to be constructed in stages as follows:
10.41 + @{text "\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^isub>\<alpha>)"}.
10.42 +
10.43 + We allow a slightly less formalistic mode of operation: term
10.44 + variables @{text "x"} are fixed without specifying a type yet
10.45 + (essentially \emph{all} potential occurrences of some instance
10.46 + @{text "x\<^isub>\<tau>"} are fixed); the first occurrence of @{text "x"}
10.47 + within a specific term assigns its most general type, which is then
10.48 + maintained consistently in the context. The above example becomes
10.49 + @{text "\<Gamma> = x: term, \<alpha>: type, A(x\<^isub>\<alpha>)"}, where type @{text
10.50 + "\<alpha>"} is fixed \emph{after} term @{text "x"}, and the constraint
10.51 + @{text "x :: \<alpha>"} is an implicit consequence of the occurrence of
10.52 + @{text "x\<^isub>\<alpha>"} in the subsequent proposition.
10.53 +
10.54 + This twist of dependencies is also accommodated by the reverse
10.55 + operation of exporting results from a context: a type variable
10.56 + @{text "\<alpha>"} is considered fixed as long as it occurs in some fixed
10.57 + term variable of the context. For example, exporting @{text "x:
10.58 + term, \<alpha>: type \<turnstile> x\<^isub>\<alpha> = x\<^isub>\<alpha>"} produces in the first step
10.59 + @{text "x: term \<turnstile> x\<^isub>\<alpha> = x\<^isub>\<alpha>"} for fixed @{text "\<alpha>"},
10.60 + and only in the second step @{text "\<turnstile> ?x\<^isub>?\<^isub>\<alpha> =
10.61 + ?x\<^isub>?\<^isub>\<alpha>"} for schematic @{text "?x"} and @{text "?\<alpha>"}.
10.62 +
10.63 + \medskip The Isabelle/Isar proof context manages the gory details of
10.64 + term vs.\ type variables, with high-level principles for moving the
10.65 + frontier between fixed and schematic variables.
10.66 +
10.67 + The @{text "add_fixes"} operation explictly declares fixed
10.68 + variables; the @{text "declare_term"} operation absorbs a term into
10.69 + a context by fixing new type variables and adding syntactic
10.70 + constraints.
10.71 +
10.72 + The @{text "export"} operation is able to perform the main work of
10.73 + generalizing term and type variables as sketched above, assuming
10.74 + that fixing variables and terms have been declared properly.
10.75 +
10.76 + There @{text "import"} operation makes a generalized fact a genuine
10.77 + part of the context, by inventing fixed variables for the schematic
10.78 + ones. The effect can be reversed by using @{text "export"} later,
10.79 + potentially with an extended context; the result is equivalent to
10.80 + the original modulo renaming of schematic variables.
10.81 +
10.82 + The @{text "focus"} operation provides a variant of @{text "import"}
10.83 + for nested propositions (with explicit quantification): @{text
10.84 + "\<And>x\<^isub>1 \<dots> x\<^isub>n. B(x\<^isub>1, \<dots>, x\<^isub>n)"} is
10.85 + decomposed by inventing fixed variables @{text "x\<^isub>1, \<dots>,
10.86 + x\<^isub>n"} for the body.
10.87 +*}
10.88 +
10.89 +text %mlref {*
10.90 + \begin{mldecls}
10.91 + @{index_ML Variable.add_fixes: "
10.92 + string list -> Proof.context -> string list * Proof.context"} \\
10.93 + @{index_ML Variable.variant_fixes: "
10.94 + string list -> Proof.context -> string list * Proof.context"} \\
10.95 + @{index_ML Variable.declare_term: "term -> Proof.context -> Proof.context"} \\
10.96 + @{index_ML Variable.declare_constraints: "term -> Proof.context -> Proof.context"} \\
10.97 + @{index_ML Variable.export: "Proof.context -> Proof.context -> thm list -> thm list"} \\
10.98 + @{index_ML Variable.polymorphic: "Proof.context -> term list -> term list"} \\
10.99 + @{index_ML Variable.import_thms: "bool -> thm list -> Proof.context ->
10.100 + ((ctyp list * cterm list) * thm list) * Proof.context"} \\
10.101 + @{index_ML Variable.focus: "cterm -> Proof.context -> (cterm list * cterm) * Proof.context"} \\
10.102 + \end{mldecls}
10.103 +
10.104 + \begin{description}
10.105 +
10.106 + \item @{ML Variable.add_fixes}~@{text "xs ctxt"} fixes term
10.107 + variables @{text "xs"}, returning the resulting internal names. By
10.108 + default, the internal representation coincides with the external
10.109 + one, which also means that the given variables must not be fixed
10.110 + already. There is a different policy within a local proof body: the
10.111 + given names are just hints for newly invented Skolem variables.
10.112 +
10.113 + \item @{ML Variable.variant_fixes} is similar to @{ML
10.114 + Variable.add_fixes}, but always produces fresh variants of the given
10.115 + names.
10.116 +
10.117 + \item @{ML Variable.declare_term}~@{text "t ctxt"} declares term
10.118 + @{text "t"} to belong to the context. This automatically fixes new
10.119 + type variables, but not term variables. Syntactic constraints for
10.120 + type and term variables are declared uniformly, though.
10.121 +
10.122 + \item @{ML Variable.declare_constraints}~@{text "t ctxt"} declares
10.123 + syntactic constraints from term @{text "t"}, without making it part
10.124 + of the context yet.
10.125 +
10.126 + \item @{ML Variable.export}~@{text "inner outer thms"} generalizes
10.127 + fixed type and term variables in @{text "thms"} according to the
10.128 + difference of the @{text "inner"} and @{text "outer"} context,
10.129 + following the principles sketched above.
10.130 +
10.131 + \item @{ML Variable.polymorphic}~@{text "ctxt ts"} generalizes type
10.132 + variables in @{text "ts"} as far as possible, even those occurring
10.133 + in fixed term variables. The default policy of type-inference is to
10.134 + fix newly introduced type variables, which is essentially reversed
10.135 + with @{ML Variable.polymorphic}: here the given terms are detached
10.136 + from the context as far as possible.
10.137 +
10.138 + \item @{ML Variable.import_thms}~@{text "open thms ctxt"} invents fixed
10.139 + type and term variables for the schematic ones occurring in @{text
10.140 + "thms"}. The @{text "open"} flag indicates whether the fixed names
10.141 + should be accessible to the user, otherwise newly introduced names
10.142 + are marked as ``internal'' (\secref{sec:names}).
10.143 +
10.144 + \item @{ML Variable.focus}~@{text B} decomposes the outermost @{text
10.145 + "\<And>"} prefix of proposition @{text "B"}.
10.146 +
10.147 + \end{description}
10.148 +*}
10.149 +
10.150 +
10.151 +section {* Assumptions \label{sec:assumptions} *}
10.152 +
10.153 +text {*
10.154 + An \emph{assumption} is a proposition that it is postulated in the
10.155 + current context. Local conclusions may use assumptions as
10.156 + additional facts, but this imposes implicit hypotheses that weaken
10.157 + the overall statement.
10.158 +
10.159 + Assumptions are restricted to fixed non-schematic statements, i.e.\
10.160 + all generality needs to be expressed by explicit quantifiers.
10.161 + Nevertheless, the result will be in HHF normal form with outermost
10.162 + quantifiers stripped. For example, by assuming @{text "\<And>x :: \<alpha>. P
10.163 + x"} we get @{text "\<And>x :: \<alpha>. P x \<turnstile> P ?x"} for schematic @{text "?x"}
10.164 + of fixed type @{text "\<alpha>"}. Local derivations accumulate more and
10.165 + more explicit references to hypotheses: @{text "A\<^isub>1, \<dots>,
10.166 + A\<^isub>n \<turnstile> B"} where @{text "A\<^isub>1, \<dots>, A\<^isub>n"} needs to
10.167 + be covered by the assumptions of the current context.
10.168 +
10.169 + \medskip The @{text "add_assms"} operation augments the context by
10.170 + local assumptions, which are parameterized by an arbitrary @{text
10.171 + "export"} rule (see below).
10.172 +
10.173 + The @{text "export"} operation moves facts from a (larger) inner
10.174 + context into a (smaller) outer context, by discharging the
10.175 + difference of the assumptions as specified by the associated export
10.176 + rules. Note that the discharged portion is determined by the
10.177 + difference contexts, not the facts being exported! There is a
10.178 + separate flag to indicate a goal context, where the result is meant
10.179 + to refine an enclosing sub-goal of a structured proof state (cf.\
10.180 + \secref{sec:isar-proof-state}).
10.181 +
10.182 + \medskip The most basic export rule discharges assumptions directly
10.183 + by means of the @{text "\<Longrightarrow>"} introduction rule:
10.184 + \[
10.185 + \infer[(@{text "\<Longrightarrow>_intro"})]{@{text "\<Gamma> \\ A \<turnstile> A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
10.186 + \]
10.187 +
10.188 + The variant for goal refinements marks the newly introduced
10.189 + premises, which causes the canonical Isar goal refinement scheme to
10.190 + enforce unification with local premises within the goal:
10.191 + \[
10.192 + \infer[(@{text "#\<Longrightarrow>_intro"})]{@{text "\<Gamma> \\ A \<turnstile> #A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
10.193 + \]
10.194 +
10.195 + \medskip Alternative versions of assumptions may perform arbitrary
10.196 + transformations on export, as long as the corresponding portion of
10.197 + hypotheses is removed from the given facts. For example, a local
10.198 + definition works by fixing @{text "x"} and assuming @{text "x \<equiv> t"},
10.199 + with the following export rule to reverse the effect:
10.200 + \[
10.201 + \infer[(@{text "\<equiv>-expand"})]{@{text "\<Gamma> \\ x \<equiv> t \<turnstile> B t"}}{@{text "\<Gamma> \<turnstile> B x"}}
10.202 + \]
10.203 + This works, because the assumption @{text "x \<equiv> t"} was introduced in
10.204 + a context with @{text "x"} being fresh, so @{text "x"} does not
10.205 + occur in @{text "\<Gamma>"} here.
10.206 +*}
10.207 +
10.208 +text %mlref {*
10.209 + \begin{mldecls}
10.210 + @{index_ML_type Assumption.export} \\
10.211 + @{index_ML Assumption.assume: "cterm -> thm"} \\
10.212 + @{index_ML Assumption.add_assms:
10.213 + "Assumption.export ->
10.214 + cterm list -> Proof.context -> thm list * Proof.context"} \\
10.215 + @{index_ML Assumption.add_assumes: "
10.216 + cterm list -> Proof.context -> thm list * Proof.context"} \\
10.217 + @{index_ML Assumption.export: "bool -> Proof.context -> Proof.context -> thm -> thm"} \\
10.218 + \end{mldecls}
10.219 +
10.220 + \begin{description}
10.221 +
10.222 + \item @{ML_type Assumption.export} represents arbitrary export
10.223 + rules, which is any function of type @{ML_type "bool -> cterm list -> thm -> thm"},
10.224 + where the @{ML_type "bool"} indicates goal mode, and the @{ML_type
10.225 + "cterm list"} the collection of assumptions to be discharged
10.226 + simultaneously.
10.227 +
10.228 + \item @{ML Assumption.assume}~@{text "A"} turns proposition @{text
10.229 + "A"} into a raw assumption @{text "A \<turnstile> A'"}, where the conclusion
10.230 + @{text "A'"} is in HHF normal form.
10.231 +
10.232 + \item @{ML Assumption.add_assms}~@{text "r As"} augments the context
10.233 + by assumptions @{text "As"} with export rule @{text "r"}. The
10.234 + resulting facts are hypothetical theorems as produced by the raw
10.235 + @{ML Assumption.assume}.
10.236 +
10.237 + \item @{ML Assumption.add_assumes}~@{text "As"} is a special case of
10.238 + @{ML Assumption.add_assms} where the export rule performs @{text
10.239 + "\<Longrightarrow>_intro"} or @{text "#\<Longrightarrow>_intro"}, depending on goal mode.
10.240 +
10.241 + \item @{ML Assumption.export}~@{text "is_goal inner outer thm"}
10.242 + exports result @{text "thm"} from the the @{text "inner"} context
10.243 + back into the @{text "outer"} one; @{text "is_goal = true"} means
10.244 + this is a goal context. The result is in HHF normal form. Note
10.245 + that @{ML "ProofContext.export"} combines @{ML "Variable.export"}
10.246 + and @{ML "Assumption.export"} in the canonical way.
10.247 +
10.248 + \end{description}
10.249 +*}
10.250 +
10.251 +
10.252 +section {* Results \label{sec:results} *}
10.253 +
10.254 +text {*
10.255 + Local results are established by monotonic reasoning from facts
10.256 + within a context. This allows common combinations of theorems,
10.257 + e.g.\ via @{text "\<And>/\<Longrightarrow>"} elimination, resolution rules, or equational
10.258 + reasoning, see \secref{sec:thms}. Unaccounted context manipulations
10.259 + should be avoided, notably raw @{text "\<And>/\<Longrightarrow>"} introduction or ad-hoc
10.260 + references to free variables or assumptions not present in the proof
10.261 + context.
10.262 +
10.263 + \medskip The @{text "SUBPROOF"} combinator allows to structure a
10.264 + tactical proof recursively by decomposing a selected sub-goal:
10.265 + @{text "(\<And>x. A(x) \<Longrightarrow> B(x)) \<Longrightarrow> \<dots>"} is turned into @{text "B(x) \<Longrightarrow> \<dots>"}
10.266 + after fixing @{text "x"} and assuming @{text "A(x)"}. This means
10.267 + the tactic needs to solve the conclusion, but may use the premise as
10.268 + a local fact, for locally fixed variables.
10.269 +
10.270 + The @{text "prove"} operation provides an interface for structured
10.271 + backwards reasoning under program control, with some explicit sanity
10.272 + checks of the result. The goal context can be augmented by
10.273 + additional fixed variables (cf.\ \secref{sec:variables}) and
10.274 + assumptions (cf.\ \secref{sec:assumptions}), which will be available
10.275 + as local facts during the proof and discharged into implications in
10.276 + the result. Type and term variables are generalized as usual,
10.277 + according to the context.
10.278 +
10.279 + The @{text "obtain"} operation produces results by eliminating
10.280 + existing facts by means of a given tactic. This acts like a dual
10.281 + conclusion: the proof demonstrates that the context may be augmented
10.282 + by certain fixed variables and assumptions. See also
10.283 + \cite{isabelle-isar-ref} for the user-level @{text "\<OBTAIN>"} and
10.284 + @{text "\<GUESS>"} elements. Final results, which may not refer to
10.285 + the parameters in the conclusion, need to exported explicitly into
10.286 + the original context.
10.287 +*}
10.288 +
10.289 +text %mlref {*
10.290 + \begin{mldecls}
10.291 + @{index_ML SUBPROOF:
10.292 + "({context: Proof.context, schematics: ctyp list * cterm list,
10.293 + params: cterm list, asms: cterm list, concl: cterm,
10.294 + prems: thm list} -> tactic) -> Proof.context -> int -> tactic"} \\
10.295 + \end{mldecls}
10.296 + \begin{mldecls}
10.297 + @{index_ML Goal.prove: "Proof.context -> string list -> term list -> term ->
10.298 + ({prems: thm list, context: Proof.context} -> tactic) -> thm"} \\
10.299 + @{index_ML Goal.prove_multi: "Proof.context -> string list -> term list -> term list ->
10.300 + ({prems: thm list, context: Proof.context} -> tactic) -> thm list"} \\
10.301 + \end{mldecls}
10.302 + \begin{mldecls}
10.303 + @{index_ML Obtain.result: "(Proof.context -> tactic) ->
10.304 + thm list -> Proof.context -> (cterm list * thm list) * Proof.context"} \\
10.305 + \end{mldecls}
10.306 +
10.307 + \begin{description}
10.308 +
10.309 + \item @{ML SUBPROOF}~@{text "tac"} decomposes the structure of a
10.310 + particular sub-goal, producing an extended context and a reduced
10.311 + goal, which needs to be solved by the given tactic. All schematic
10.312 + parameters of the goal are imported into the context as fixed ones,
10.313 + which may not be instantiated in the sub-proof.
10.314 +
10.315 + \item @{ML Goal.prove}~@{text "ctxt xs As C tac"} states goal @{text
10.316 + "C"} in the context augmented by fixed variables @{text "xs"} and
10.317 + assumptions @{text "As"}, and applies tactic @{text "tac"} to solve
10.318 + it. The latter may depend on the local assumptions being presented
10.319 + as facts. The result is in HHF normal form.
10.320 +
10.321 + \item @{ML Goal.prove_multi} is simular to @{ML Goal.prove}, but
10.322 + states several conclusions simultaneously. The goal is encoded by
10.323 + means of Pure conjunction; @{ML Goal.conjunction_tac} will turn this
10.324 + into a collection of individual subgoals.
10.325 +
10.326 + \item @{ML Obtain.result}~@{text "tac thms ctxt"} eliminates the
10.327 + given facts using a tactic, which results in additional fixed
10.328 + variables and assumptions in the context. Final results need to be
10.329 + exported explicitly.
10.330 +
10.331 + \end{description}
10.332 +*}
10.333 +
10.334 +end
11.1 --- a/doc-src/IsarImplementation/Thy/ROOT.ML Mon Feb 16 20:25:21 2009 +0100
11.2 +++ b/doc-src/IsarImplementation/Thy/ROOT.ML Mon Feb 16 20:47:44 2009 +0100
11.3 @@ -1,11 +1,8 @@
11.4 -
11.5 -(* $Id$ *)
11.6 -
11.7 -use_thy "prelim";
11.8 -use_thy "logic";
11.9 -use_thy "tactic";
11.10 -use_thy "proof";
11.11 -use_thy "isar";
11.12 -use_thy "locale";
11.13 -use_thy "integration";
11.14 +use_thy "Prelim";
11.15 +use_thy "Logic";
11.16 +use_thy "Tactic";
11.17 +use_thy "Proof";
11.18 +use_thy "Isar";
11.19 +use_thy "Local_Theory";
11.20 +use_thy "Integration";
11.21 use_thy "ML";
12.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
12.2 +++ b/doc-src/IsarImplementation/Thy/Tactic.thy Mon Feb 16 20:47:44 2009 +0100
12.3 @@ -0,0 +1,418 @@
12.4 +theory Tactic
12.5 +imports Base
12.6 +begin
12.7 +
12.8 +chapter {* Tactical reasoning *}
12.9 +
12.10 +text {*
12.11 + Tactical reasoning works by refining the initial claim in a
12.12 + backwards fashion, until a solved form is reached. A @{text "goal"}
12.13 + consists of several subgoals that need to be solved in order to
12.14 + achieve the main statement; zero subgoals means that the proof may
12.15 + be finished. A @{text "tactic"} is a refinement operation that maps
12.16 + a goal to a lazy sequence of potential successors. A @{text
12.17 + "tactical"} is a combinator for composing tactics.
12.18 +*}
12.19 +
12.20 +
12.21 +section {* Goals \label{sec:tactical-goals} *}
12.22 +
12.23 +text {*
12.24 + Isabelle/Pure represents a goal\glossary{Tactical goal}{A theorem of
12.25 + \seeglossary{Horn Clause} form stating that a number of subgoals
12.26 + imply the main conclusion, which is marked as a protected
12.27 + proposition.} as a theorem stating that the subgoals imply the main
12.28 + goal: @{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}. The outermost goal
12.29 + structure is that of a Horn Clause\glossary{Horn Clause}{An iterated
12.30 + implication @{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}, without any
12.31 + outermost quantifiers. Strictly speaking, propositions @{text
12.32 + "A\<^sub>i"} need to be atomic in Horn Clauses, but Isabelle admits
12.33 + arbitrary substructure here (nested @{text "\<Longrightarrow>"} and @{text "\<And>"}
12.34 + connectives).}: i.e.\ an iterated implication without any
12.35 + quantifiers\footnote{Recall that outermost @{text "\<And>x. \<phi>[x]"} is
12.36 + always represented via schematic variables in the body: @{text
12.37 + "\<phi>[?x]"}. These variables may get instantiated during the course of
12.38 + reasoning.}. For @{text "n = 0"} a goal is called ``solved''.
12.39 +
12.40 + The structure of each subgoal @{text "A\<^sub>i"} is that of a general
12.41 + Hereditary Harrop Formula @{text "\<And>x\<^sub>1 \<dots> \<And>x\<^sub>k. H\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> H\<^sub>m \<Longrightarrow> B"} in
12.42 + normal form. Here @{text "x\<^sub>1, \<dots>, x\<^sub>k"} are goal parameters, i.e.\
12.43 + arbitrary-but-fixed entities of certain types, and @{text "H\<^sub>1, \<dots>,
12.44 + H\<^sub>m"} are goal hypotheses, i.e.\ facts that may be assumed locally.
12.45 + Together, this forms the goal context of the conclusion @{text B} to
12.46 + be established. The goal hypotheses may be again arbitrary
12.47 + Hereditary Harrop Formulas, although the level of nesting rarely
12.48 + exceeds 1--2 in practice.
12.49 +
12.50 + The main conclusion @{text C} is internally marked as a protected
12.51 + proposition\glossary{Protected proposition}{An arbitrarily
12.52 + structured proposition @{text "C"} which is forced to appear as
12.53 + atomic by wrapping it into a propositional identity operator;
12.54 + notation @{text "#C"}. Protecting a proposition prevents basic
12.55 + inferences from entering into that structure for the time being.},
12.56 + which is represented explicitly by the notation @{text "#C"}. This
12.57 + ensures that the decomposition into subgoals and main conclusion is
12.58 + well-defined for arbitrarily structured claims.
12.59 +
12.60 + \medskip Basic goal management is performed via the following
12.61 + Isabelle/Pure rules:
12.62 +
12.63 + \[
12.64 + \infer[@{text "(init)"}]{@{text "C \<Longrightarrow> #C"}}{} \qquad
12.65 + \infer[@{text "(finish)"}]{@{text "C"}}{@{text "#C"}}
12.66 + \]
12.67 +
12.68 + \medskip The following low-level variants admit general reasoning
12.69 + with protected propositions:
12.70 +
12.71 + \[
12.72 + \infer[@{text "(protect)"}]{@{text "#C"}}{@{text "C"}} \qquad
12.73 + \infer[@{text "(conclude)"}]{@{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}}{@{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> #C"}}
12.74 + \]
12.75 +*}
12.76 +
12.77 +text %mlref {*
12.78 + \begin{mldecls}
12.79 + @{index_ML Goal.init: "cterm -> thm"} \\
12.80 + @{index_ML Goal.finish: "thm -> thm"} \\
12.81 + @{index_ML Goal.protect: "thm -> thm"} \\
12.82 + @{index_ML Goal.conclude: "thm -> thm"} \\
12.83 + \end{mldecls}
12.84 +
12.85 + \begin{description}
12.86 +
12.87 + \item @{ML "Goal.init"}~@{text C} initializes a tactical goal from
12.88 + the well-formed proposition @{text C}.
12.89 +
12.90 + \item @{ML "Goal.finish"}~@{text "thm"} checks whether theorem
12.91 + @{text "thm"} is a solved goal (no subgoals), and concludes the
12.92 + result by removing the goal protection.
12.93 +
12.94 + \item @{ML "Goal.protect"}~@{text "thm"} protects the full statement
12.95 + of theorem @{text "thm"}.
12.96 +
12.97 + \item @{ML "Goal.conclude"}~@{text "thm"} removes the goal
12.98 + protection, even if there are pending subgoals.
12.99 +
12.100 + \end{description}
12.101 +*}
12.102 +
12.103 +
12.104 +section {* Tactics *}
12.105 +
12.106 +text {* A @{text "tactic"} is a function @{text "goal \<rightarrow> goal\<^sup>*\<^sup>*"} that
12.107 + maps a given goal state (represented as a theorem, cf.\
12.108 + \secref{sec:tactical-goals}) to a lazy sequence of potential
12.109 + successor states. The underlying sequence implementation is lazy
12.110 + both in head and tail, and is purely functional in \emph{not}
12.111 + supporting memoing.\footnote{The lack of memoing and the strict
12.112 + nature of SML requires some care when working with low-level
12.113 + sequence operations, to avoid duplicate or premature evaluation of
12.114 + results.}
12.115 +
12.116 + An \emph{empty result sequence} means that the tactic has failed: in
12.117 + a compound tactic expressions other tactics might be tried instead,
12.118 + or the whole refinement step might fail outright, producing a
12.119 + toplevel error message. When implementing tactics from scratch, one
12.120 + should take care to observe the basic protocol of mapping regular
12.121 + error conditions to an empty result; only serious faults should
12.122 + emerge as exceptions.
12.123 +
12.124 + By enumerating \emph{multiple results}, a tactic can easily express
12.125 + the potential outcome of an internal search process. There are also
12.126 + combinators for building proof tools that involve search
12.127 + systematically, see also \secref{sec:tacticals}.
12.128 +
12.129 + \medskip As explained in \secref{sec:tactical-goals}, a goal state
12.130 + essentially consists of a list of subgoals that imply the main goal
12.131 + (conclusion). Tactics may operate on all subgoals or on a
12.132 + particularly specified subgoal, but must not change the main
12.133 + conclusion (apart from instantiating schematic goal variables).
12.134 +
12.135 + Tactics with explicit \emph{subgoal addressing} are of the form
12.136 + @{text "int \<rightarrow> tactic"} and may be applied to a particular subgoal
12.137 + (counting from 1). If the subgoal number is out of range, the
12.138 + tactic should fail with an empty result sequence, but must not raise
12.139 + an exception!
12.140 +
12.141 + Operating on a particular subgoal means to replace it by an interval
12.142 + of zero or more subgoals in the same place; other subgoals must not
12.143 + be affected, apart from instantiating schematic variables ranging
12.144 + over the whole goal state.
12.145 +
12.146 + A common pattern of composing tactics with subgoal addressing is to
12.147 + try the first one, and then the second one only if the subgoal has
12.148 + not been solved yet. Special care is required here to avoid bumping
12.149 + into unrelated subgoals that happen to come after the original
12.150 + subgoal. Assuming that there is only a single initial subgoal is a
12.151 + very common error when implementing tactics!
12.152 +
12.153 + Tactics with internal subgoal addressing should expose the subgoal
12.154 + index as @{text "int"} argument in full generality; a hardwired
12.155 + subgoal 1 inappropriate.
12.156 +
12.157 + \medskip The main well-formedness conditions for proper tactics are
12.158 + summarized as follows.
12.159 +
12.160 + \begin{itemize}
12.161 +
12.162 + \item General tactic failure is indicated by an empty result, only
12.163 + serious faults may produce an exception.
12.164 +
12.165 + \item The main conclusion must not be changed, apart from
12.166 + instantiating schematic variables.
12.167 +
12.168 + \item A tactic operates either uniformly on all subgoals, or
12.169 + specifically on a selected subgoal (without bumping into unrelated
12.170 + subgoals).
12.171 +
12.172 + \item Range errors in subgoal addressing produce an empty result.
12.173 +
12.174 + \end{itemize}
12.175 +
12.176 + Some of these conditions are checked by higher-level goal
12.177 + infrastructure (\secref{sec:results}); others are not checked
12.178 + explicitly, and violating them merely results in ill-behaved tactics
12.179 + experienced by the user (e.g.\ tactics that insist in being
12.180 + applicable only to singleton goals, or disallow composition with
12.181 + basic tacticals).
12.182 +*}
12.183 +
12.184 +text %mlref {*
12.185 + \begin{mldecls}
12.186 + @{index_ML_type tactic: "thm -> thm Seq.seq"} \\
12.187 + @{index_ML no_tac: tactic} \\
12.188 + @{index_ML all_tac: tactic} \\
12.189 + @{index_ML print_tac: "string -> tactic"} \\[1ex]
12.190 + @{index_ML PRIMITIVE: "(thm -> thm) -> tactic"} \\[1ex]
12.191 + @{index_ML SUBGOAL: "(term * int -> tactic) -> int -> tactic"} \\
12.192 + @{index_ML CSUBGOAL: "(cterm * int -> tactic) -> int -> tactic"} \\
12.193 + \end{mldecls}
12.194 +
12.195 + \begin{description}
12.196 +
12.197 + \item @{ML_type tactic} represents tactics. The well-formedness
12.198 + conditions described above need to be observed. See also @{"file"
12.199 + "~~/src/Pure/General/seq.ML"} for the underlying implementation of
12.200 + lazy sequences.
12.201 +
12.202 + \item @{ML_type "int -> tactic"} represents tactics with explicit
12.203 + subgoal addressing, with well-formedness conditions as described
12.204 + above.
12.205 +
12.206 + \item @{ML no_tac} is a tactic that always fails, returning the
12.207 + empty sequence.
12.208 +
12.209 + \item @{ML all_tac} is a tactic that always succeeds, returning a
12.210 + singleton sequence with unchanged goal state.
12.211 +
12.212 + \item @{ML print_tac}~@{text "message"} is like @{ML all_tac}, but
12.213 + prints a message together with the goal state on the tracing
12.214 + channel.
12.215 +
12.216 + \item @{ML PRIMITIVE}~@{text rule} turns a primitive inference rule
12.217 + into a tactic with unique result. Exception @{ML THM} is considered
12.218 + a regular tactic failure and produces an empty result; other
12.219 + exceptions are passed through.
12.220 +
12.221 + \item @{ML SUBGOAL}~@{text "(fn (subgoal, i) => tactic)"} is the
12.222 + most basic form to produce a tactic with subgoal addressing. The
12.223 + given abstraction over the subgoal term and subgoal number allows to
12.224 + peek at the relevant information of the full goal state. The
12.225 + subgoal range is checked as required above.
12.226 +
12.227 + \item @{ML CSUBGOAL} is similar to @{ML SUBGOAL}, but passes the
12.228 + subgoal as @{ML_type cterm} instead of raw @{ML_type term}. This
12.229 + avoids expensive re-certification in situations where the subgoal is
12.230 + used directly for primitive inferences.
12.231 +
12.232 + \end{description}
12.233 +*}
12.234 +
12.235 +
12.236 +subsection {* Resolution and assumption tactics \label{sec:resolve-assume-tac} *}
12.237 +
12.238 +text {* \emph{Resolution} is the most basic mechanism for refining a
12.239 + subgoal using a theorem as object-level rule.
12.240 + \emph{Elim-resolution} is particularly suited for elimination rules:
12.241 + it resolves with a rule, proves its first premise by assumption, and
12.242 + finally deletes that assumption from any new subgoals.
12.243 + \emph{Destruct-resolution} is like elim-resolution, but the given
12.244 + destruction rules are first turned into canonical elimination
12.245 + format. \emph{Forward-resolution} is like destruct-resolution, but
12.246 + without deleting the selected assumption. The @{text "r/e/d/f"}
12.247 + naming convention is maintained for several different kinds of
12.248 + resolution rules and tactics.
12.249 +
12.250 + Assumption tactics close a subgoal by unifying some of its premises
12.251 + against its conclusion.
12.252 +
12.253 + \medskip All the tactics in this section operate on a subgoal
12.254 + designated by a positive integer. Other subgoals might be affected
12.255 + indirectly, due to instantiation of schematic variables.
12.256 +
12.257 + There are various sources of non-determinism, the tactic result
12.258 + sequence enumerates all possibilities of the following choices (if
12.259 + applicable):
12.260 +
12.261 + \begin{enumerate}
12.262 +
12.263 + \item selecting one of the rules given as argument to the tactic;
12.264 +
12.265 + \item selecting a subgoal premise to eliminate, unifying it against
12.266 + the first premise of the rule;
12.267 +
12.268 + \item unifying the conclusion of the subgoal to the conclusion of
12.269 + the rule.
12.270 +
12.271 + \end{enumerate}
12.272 +
12.273 + Recall that higher-order unification may produce multiple results
12.274 + that are enumerated here.
12.275 +*}
12.276 +
12.277 +text %mlref {*
12.278 + \begin{mldecls}
12.279 + @{index_ML resolve_tac: "thm list -> int -> tactic"} \\
12.280 + @{index_ML eresolve_tac: "thm list -> int -> tactic"} \\
12.281 + @{index_ML dresolve_tac: "thm list -> int -> tactic"} \\
12.282 + @{index_ML forward_tac: "thm list -> int -> tactic"} \\[1ex]
12.283 + @{index_ML assume_tac: "int -> tactic"} \\
12.284 + @{index_ML eq_assume_tac: "int -> tactic"} \\[1ex]
12.285 + @{index_ML match_tac: "thm list -> int -> tactic"} \\
12.286 + @{index_ML ematch_tac: "thm list -> int -> tactic"} \\
12.287 + @{index_ML dmatch_tac: "thm list -> int -> tactic"} \\
12.288 + \end{mldecls}
12.289 +
12.290 + \begin{description}
12.291 +
12.292 + \item @{ML resolve_tac}~@{text "thms i"} refines the goal state
12.293 + using the given theorems, which should normally be introduction
12.294 + rules. The tactic resolves a rule's conclusion with subgoal @{text
12.295 + i}, replacing it by the corresponding versions of the rule's
12.296 + premises.
12.297 +
12.298 + \item @{ML eresolve_tac}~@{text "thms i"} performs elim-resolution
12.299 + with the given theorems, which should normally be elimination rules.
12.300 +
12.301 + \item @{ML dresolve_tac}~@{text "thms i"} performs
12.302 + destruct-resolution with the given theorems, which should normally
12.303 + be destruction rules. This replaces an assumption by the result of
12.304 + applying one of the rules.
12.305 +
12.306 + \item @{ML forward_tac} is like @{ML dresolve_tac} except that the
12.307 + selected assumption is not deleted. It applies a rule to an
12.308 + assumption, adding the result as a new assumption.
12.309 +
12.310 + \item @{ML assume_tac}~@{text i} attempts to solve subgoal @{text i}
12.311 + by assumption (modulo higher-order unification).
12.312 +
12.313 + \item @{ML eq_assume_tac} is similar to @{ML assume_tac}, but checks
12.314 + only for immediate @{text "\<alpha>"}-convertibility instead of using
12.315 + unification. It succeeds (with a unique next state) if one of the
12.316 + assumptions is equal to the subgoal's conclusion. Since it does not
12.317 + instantiate variables, it cannot make other subgoals unprovable.
12.318 +
12.319 + \item @{ML match_tac}, @{ML ematch_tac}, and @{ML dmatch_tac} are
12.320 + similar to @{ML resolve_tac}, @{ML eresolve_tac}, and @{ML
12.321 + dresolve_tac}, respectively, but do not instantiate schematic
12.322 + variables in the goal state.
12.323 +
12.324 + Flexible subgoals are not updated at will, but are left alone.
12.325 + Strictly speaking, matching means to treat the unknowns in the goal
12.326 + state as constants; these tactics merely discard unifiers that would
12.327 + update the goal state.
12.328 +
12.329 + \end{description}
12.330 +*}
12.331 +
12.332 +
12.333 +subsection {* Explicit instantiation within a subgoal context *}
12.334 +
12.335 +text {* The main resolution tactics (\secref{sec:resolve-assume-tac})
12.336 + use higher-order unification, which works well in many practical
12.337 + situations despite its daunting theoretical properties.
12.338 + Nonetheless, there are important problem classes where unguided
12.339 + higher-order unification is not so useful. This typically involves
12.340 + rules like universal elimination, existential introduction, or
12.341 + equational substitution. Here the unification problem involves
12.342 + fully flexible @{text "?P ?x"} schemes, which are hard to manage
12.343 + without further hints.
12.344 +
12.345 + By providing a (small) rigid term for @{text "?x"} explicitly, the
12.346 + remaining unification problem is to assign a (large) term to @{text
12.347 + "?P"}, according to the shape of the given subgoal. This is
12.348 + sufficiently well-behaved in most practical situations.
12.349 +
12.350 + \medskip Isabelle provides separate versions of the standard @{text
12.351 + "r/e/d/f"} resolution tactics that allow to provide explicit
12.352 + instantiations of unknowns of the given rule, wrt.\ terms that refer
12.353 + to the implicit context of the selected subgoal.
12.354 +
12.355 + An instantiation consists of a list of pairs of the form @{text
12.356 + "(?x, t)"}, where @{text ?x} is a schematic variable occurring in
12.357 + the given rule, and @{text t} is a term from the current proof
12.358 + context, augmented by the local goal parameters of the selected
12.359 + subgoal; cf.\ the @{text "focus"} operation described in
12.360 + \secref{sec:variables}.
12.361 +
12.362 + Entering the syntactic context of a subgoal is a brittle operation,
12.363 + because its exact form is somewhat accidental, and the choice of
12.364 + bound variable names depends on the presence of other local and
12.365 + global names. Explicit renaming of subgoal parameters prior to
12.366 + explicit instantiation might help to achieve a bit more robustness.
12.367 +
12.368 + Type instantiations may be given as well, via pairs like @{text
12.369 + "(?'a, \<tau>)"}. Type instantiations are distinguished from term
12.370 + instantiations by the syntactic form of the schematic variable.
12.371 + Types are instantiated before terms are. Since term instantiation
12.372 + already performs type-inference as expected, explicit type
12.373 + instantiations are seldom necessary.
12.374 +*}
12.375 +
12.376 +text %mlref {*
12.377 + \begin{mldecls}
12.378 + @{index_ML res_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
12.379 + @{index_ML eres_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
12.380 + @{index_ML dres_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
12.381 + @{index_ML forw_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\[1ex]
12.382 + @{index_ML rename_tac: "string list -> int -> tactic"} \\
12.383 + \end{mldecls}
12.384 +
12.385 + \begin{description}
12.386 +
12.387 + \item @{ML res_inst_tac}~@{text "ctxt insts thm i"} instantiates the
12.388 + rule @{text thm} with the instantiations @{text insts}, as described
12.389 + above, and then performs resolution on subgoal @{text i}.
12.390 +
12.391 + \item @{ML eres_inst_tac} is like @{ML res_inst_tac}, but performs
12.392 + elim-resolution.
12.393 +
12.394 + \item @{ML dres_inst_tac} is like @{ML res_inst_tac}, but performs
12.395 + destruct-resolution.
12.396 +
12.397 + \item @{ML forw_inst_tac} is like @{ML dres_inst_tac} except that
12.398 + the selected assumption is not deleted.
12.399 +
12.400 + \item @{ML rename_tac}~@{text "names i"} renames the innermost
12.401 + parameters of subgoal @{text i} according to the provided @{text
12.402 + names} (which need to be distinct indentifiers).
12.403 +
12.404 + \end{description}
12.405 +*}
12.406 +
12.407 +
12.408 +section {* Tacticals \label{sec:tacticals} *}
12.409 +
12.410 +text {*
12.411 +
12.412 +FIXME
12.413 +
12.414 +\glossary{Tactical}{A functional combinator for building up complex
12.415 +tactics from simpler ones. Typical tactical perform sequential
12.416 +composition, disjunction (choice), iteration, or goal addressing.
12.417 +Various search strategies may be expressed via tacticals.}
12.418 +
12.419 +*}
12.420 +
12.421 +end
13.1 --- a/doc-src/IsarImplementation/Thy/base.thy Mon Feb 16 20:25:21 2009 +0100
13.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
13.3 @@ -1,9 +0,0 @@
13.4 -
13.5 -(* $Id$ *)
13.6 -
13.7 -theory base
13.8 -imports Pure
13.9 -uses "../../antiquote_setup.ML"
13.10 -begin
13.11 -
13.12 -end
14.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
14.2 +++ b/doc-src/IsarImplementation/Thy/document/Base.tex Mon Feb 16 20:47:44 2009 +0100
14.3 @@ -0,0 +1,32 @@
14.4 +%
14.5 +\begin{isabellebody}%
14.6 +\def\isabellecontext{base}%
14.7 +%
14.8 +\isadelimtheory
14.9 +\isanewline
14.10 +\isanewline
14.11 +\isanewline
14.12 +%
14.13 +\endisadelimtheory
14.14 +%
14.15 +\isatagtheory
14.16 +\isacommand{theory}\isamarkupfalse%
14.17 +\ base\isanewline
14.18 +\isakeyword{imports}\ Pure\isanewline
14.19 +\isakeyword{uses}\ {\isachardoublequoteopen}{\isachardot}{\isachardot}{\isacharslash}{\isachardot}{\isachardot}{\isacharslash}antiquote{\isacharunderscore}setup{\isachardot}ML{\isachardoublequoteclose}\isanewline
14.20 +\isakeyword{begin}\isanewline
14.21 +\isanewline
14.22 +\isacommand{end}\isamarkupfalse%
14.23 +%
14.24 +\endisatagtheory
14.25 +{\isafoldtheory}%
14.26 +%
14.27 +\isadelimtheory
14.28 +\isanewline
14.29 +%
14.30 +\endisadelimtheory
14.31 +\end{isabellebody}%
14.32 +%%% Local Variables:
14.33 +%%% mode: latex
14.34 +%%% TeX-master: "root"
14.35 +%%% End:
15.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
15.2 +++ b/doc-src/IsarImplementation/Thy/document/Integration.tex Mon Feb 16 20:47:44 2009 +0100
15.3 @@ -0,0 +1,521 @@
15.4 +%
15.5 +\begin{isabellebody}%
15.6 +\def\isabellecontext{integration}%
15.7 +%
15.8 +\isadelimtheory
15.9 +\isanewline
15.10 +\isanewline
15.11 +\isanewline
15.12 +%
15.13 +\endisadelimtheory
15.14 +%
15.15 +\isatagtheory
15.16 +\isacommand{theory}\isamarkupfalse%
15.17 +\ integration\ \isakeyword{imports}\ base\ \isakeyword{begin}%
15.18 +\endisatagtheory
15.19 +{\isafoldtheory}%
15.20 +%
15.21 +\isadelimtheory
15.22 +%
15.23 +\endisadelimtheory
15.24 +%
15.25 +\isamarkupchapter{System integration%
15.26 +}
15.27 +\isamarkuptrue%
15.28 +%
15.29 +\isamarkupsection{Isar toplevel \label{sec:isar-toplevel}%
15.30 +}
15.31 +\isamarkuptrue%
15.32 +%
15.33 +\begin{isamarkuptext}%
15.34 +The Isar toplevel may be considered the centeral hub of the
15.35 + Isabelle/Isar system, where all key components and sub-systems are
15.36 + integrated into a single read-eval-print loop of Isar commands. We
15.37 + shall even incorporate the existing {\ML} toplevel of the compiler
15.38 + and run-time system (cf.\ \secref{sec:ML-toplevel}).
15.39 +
15.40 + Isabelle/Isar departs from the original ``LCF system architecture''
15.41 + where {\ML} was really The Meta Language for defining theories and
15.42 + conducting proofs. Instead, {\ML} now only serves as the
15.43 + implementation language for the system (and user extensions), while
15.44 + the specific Isar toplevel supports the concepts of theory and proof
15.45 + development natively. This includes the graph structure of theories
15.46 + and the block structure of proofs, support for unlimited undo,
15.47 + facilities for tracing, debugging, timing, profiling etc.
15.48 +
15.49 + \medskip The toplevel maintains an implicit state, which is
15.50 + transformed by a sequence of transitions -- either interactively or
15.51 + in batch-mode. In interactive mode, Isar state transitions are
15.52 + encapsulated as safe transactions, such that both failure and undo
15.53 + are handled conveniently without destroying the underlying draft
15.54 + theory (cf.~\secref{sec:context-theory}). In batch mode,
15.55 + transitions operate in a linear (destructive) fashion, such that
15.56 + error conditions abort the present attempt to construct a theory or
15.57 + proof altogether.
15.58 +
15.59 + The toplevel state is a disjoint sum of empty \isa{toplevel}, or
15.60 + \isa{theory}, or \isa{proof}. On entering the main Isar loop we
15.61 + start with an empty toplevel. A theory is commenced by giving a
15.62 + \isa{{\isasymTHEORY}} header; within a theory we may issue theory
15.63 + commands such as \isa{{\isasymDEFINITION}}, or state a \isa{{\isasymTHEOREM}} to be proven. Now we are within a proof state, with a
15.64 + rich collection of Isar proof commands for structured proof
15.65 + composition, or unstructured proof scripts. When the proof is
15.66 + concluded we get back to the theory, which is then updated by
15.67 + storing the resulting fact. Further theory declarations or theorem
15.68 + statements with proofs may follow, until we eventually conclude the
15.69 + theory development by issuing \isa{{\isasymEND}}. The resulting theory
15.70 + is then stored within the theory database and we are back to the
15.71 + empty toplevel.
15.72 +
15.73 + In addition to these proper state transformations, there are also
15.74 + some diagnostic commands for peeking at the toplevel state without
15.75 + modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term},
15.76 + \isakeyword{print-cases}).%
15.77 +\end{isamarkuptext}%
15.78 +\isamarkuptrue%
15.79 +%
15.80 +\isadelimmlref
15.81 +%
15.82 +\endisadelimmlref
15.83 +%
15.84 +\isatagmlref
15.85 +%
15.86 +\begin{isamarkuptext}%
15.87 +\begin{mldecls}
15.88 + \indexmltype{Toplevel.state}\verb|type Toplevel.state| \\
15.89 + \indexml{Toplevel.UNDEF}\verb|Toplevel.UNDEF: exn| \\
15.90 + \indexml{Toplevel.is\_toplevel}\verb|Toplevel.is_toplevel: Toplevel.state -> bool| \\
15.91 + \indexml{Toplevel.theory\_of}\verb|Toplevel.theory_of: Toplevel.state -> theory| \\
15.92 + \indexml{Toplevel.proof\_of}\verb|Toplevel.proof_of: Toplevel.state -> Proof.state| \\
15.93 + \indexml{Toplevel.debug}\verb|Toplevel.debug: bool ref| \\
15.94 + \indexml{Toplevel.timing}\verb|Toplevel.timing: bool ref| \\
15.95 + \indexml{Toplevel.profiling}\verb|Toplevel.profiling: int ref| \\
15.96 + \end{mldecls}
15.97 +
15.98 + \begin{description}
15.99 +
15.100 + \item \verb|Toplevel.state| represents Isar toplevel states,
15.101 + which are normally manipulated through the concept of toplevel
15.102 + transitions only (\secref{sec:toplevel-transition}). Also note that
15.103 + a raw toplevel state is subject to the same linearity restrictions
15.104 + as a theory context (cf.~\secref{sec:context-theory}).
15.105 +
15.106 + \item \verb|Toplevel.UNDEF| is raised for undefined toplevel
15.107 + operations. Many operations work only partially for certain cases,
15.108 + since \verb|Toplevel.state| is a sum type.
15.109 +
15.110 + \item \verb|Toplevel.is_toplevel|~\isa{state} checks for an empty
15.111 + toplevel state.
15.112 +
15.113 + \item \verb|Toplevel.theory_of|~\isa{state} selects the theory of
15.114 + a theory or proof (!), otherwise raises \verb|Toplevel.UNDEF|.
15.115 +
15.116 + \item \verb|Toplevel.proof_of|~\isa{state} selects the Isar proof
15.117 + state if available, otherwise raises \verb|Toplevel.UNDEF|.
15.118 +
15.119 + \item \verb|set Toplevel.debug| makes the toplevel print further
15.120 + details about internal error conditions, exceptions being raised
15.121 + etc.
15.122 +
15.123 + \item \verb|set Toplevel.timing| makes the toplevel print timing
15.124 + information for each Isar command being executed.
15.125 +
15.126 + \item \verb|Toplevel.profiling|~\verb|:=|~\isa{n} controls
15.127 + low-level profiling of the underlying {\ML} runtime system. For
15.128 + Poly/ML, \isa{n\ {\isacharequal}\ {\isadigit{1}}} means time and \isa{n\ {\isacharequal}\ {\isadigit{2}}} space
15.129 + profiling.
15.130 +
15.131 + \end{description}%
15.132 +\end{isamarkuptext}%
15.133 +\isamarkuptrue%
15.134 +%
15.135 +\endisatagmlref
15.136 +{\isafoldmlref}%
15.137 +%
15.138 +\isadelimmlref
15.139 +%
15.140 +\endisadelimmlref
15.141 +%
15.142 +\isamarkupsubsection{Toplevel transitions \label{sec:toplevel-transition}%
15.143 +}
15.144 +\isamarkuptrue%
15.145 +%
15.146 +\begin{isamarkuptext}%
15.147 +An Isar toplevel transition consists of a partial function on the
15.148 + toplevel state, with additional information for diagnostics and
15.149 + error reporting: there are fields for command name, source position,
15.150 + optional source text, as well as flags for interactive-only commands
15.151 + (which issue a warning in batch-mode), printing of result state,
15.152 + etc.
15.153 +
15.154 + The operational part is represented as the sequential union of a
15.155 + list of partial functions, which are tried in turn until the first
15.156 + one succeeds. This acts like an outer case-expression for various
15.157 + alternative state transitions. For example, \isakeyword{qed} acts
15.158 + differently for a local proofs vs.\ the global ending of the main
15.159 + proof.
15.160 +
15.161 + Toplevel transitions are composed via transition transformers.
15.162 + Internally, Isar commands are put together from an empty transition
15.163 + extended by name and source position (and optional source text). It
15.164 + is then left to the individual command parser to turn the given
15.165 + concrete syntax into a suitable transition transformer that adjoin
15.166 + actual operations on a theory or proof state etc.%
15.167 +\end{isamarkuptext}%
15.168 +\isamarkuptrue%
15.169 +%
15.170 +\isadelimmlref
15.171 +%
15.172 +\endisadelimmlref
15.173 +%
15.174 +\isatagmlref
15.175 +%
15.176 +\begin{isamarkuptext}%
15.177 +\begin{mldecls}
15.178 + \indexml{Toplevel.print}\verb|Toplevel.print: Toplevel.transition -> Toplevel.transition| \\
15.179 + \indexml{Toplevel.no\_timing}\verb|Toplevel.no_timing: Toplevel.transition -> Toplevel.transition| \\
15.180 + \indexml{Toplevel.keep}\verb|Toplevel.keep: (Toplevel.state -> unit) ->|\isasep\isanewline%
15.181 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.182 + \indexml{Toplevel.theory}\verb|Toplevel.theory: (theory -> theory) ->|\isasep\isanewline%
15.183 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.184 + \indexml{Toplevel.theory\_to\_proof}\verb|Toplevel.theory_to_proof: (theory -> Proof.state) ->|\isasep\isanewline%
15.185 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.186 + \indexml{Toplevel.proof}\verb|Toplevel.proof: (Proof.state -> Proof.state) ->|\isasep\isanewline%
15.187 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.188 + \indexml{Toplevel.proofs}\verb|Toplevel.proofs: (Proof.state -> Proof.state Seq.seq) ->|\isasep\isanewline%
15.189 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.190 + \indexml{Toplevel.end\_proof}\verb|Toplevel.end_proof: (bool -> Proof.state -> Proof.context) ->|\isasep\isanewline%
15.191 +\verb| Toplevel.transition -> Toplevel.transition| \\
15.192 + \end{mldecls}
15.193 +
15.194 + \begin{description}
15.195 +
15.196 + \item \verb|Toplevel.print|~\isa{tr} sets the print flag, which
15.197 + causes the toplevel loop to echo the result state (in interactive
15.198 + mode).
15.199 +
15.200 + \item \verb|Toplevel.no_timing|~\isa{tr} indicates that the
15.201 + transition should never show timing information, e.g.\ because it is
15.202 + a diagnostic command.
15.203 +
15.204 + \item \verb|Toplevel.keep|~\isa{tr} adjoins a diagnostic
15.205 + function.
15.206 +
15.207 + \item \verb|Toplevel.theory|~\isa{tr} adjoins a theory
15.208 + transformer.
15.209 +
15.210 + \item \verb|Toplevel.theory_to_proof|~\isa{tr} adjoins a global
15.211 + goal function, which turns a theory into a proof state. The theory
15.212 + may be changed before entering the proof; the generic Isar goal
15.213 + setup includes an argument that specifies how to apply the proven
15.214 + result to the theory, when the proof is finished.
15.215 +
15.216 + \item \verb|Toplevel.proof|~\isa{tr} adjoins a deterministic
15.217 + proof command, with a singleton result.
15.218 +
15.219 + \item \verb|Toplevel.proofs|~\isa{tr} adjoins a general proof
15.220 + command, with zero or more result states (represented as a lazy
15.221 + list).
15.222 +
15.223 + \item \verb|Toplevel.end_proof|~\isa{tr} adjoins a concluding
15.224 + proof command, that returns the resulting theory, after storing the
15.225 + resulting facts in the context etc.
15.226 +
15.227 + \end{description}%
15.228 +\end{isamarkuptext}%
15.229 +\isamarkuptrue%
15.230 +%
15.231 +\endisatagmlref
15.232 +{\isafoldmlref}%
15.233 +%
15.234 +\isadelimmlref
15.235 +%
15.236 +\endisadelimmlref
15.237 +%
15.238 +\isamarkupsubsection{Toplevel control%
15.239 +}
15.240 +\isamarkuptrue%
15.241 +%
15.242 +\begin{isamarkuptext}%
15.243 +There are a few special control commands that modify the behavior
15.244 + the toplevel itself, and only make sense in interactive mode. Under
15.245 + normal circumstances, the user encounters these only implicitly as
15.246 + part of the protocol between the Isabelle/Isar system and a
15.247 + user-interface such as ProofGeneral.
15.248 +
15.249 + \begin{description}
15.250 +
15.251 + \item \isacommand{undo} follows the three-level hierarchy of empty
15.252 + toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the
15.253 + previous proof context, undo after a proof reverts to the theory
15.254 + before the initial goal statement, undo of a theory command reverts
15.255 + to the previous theory value, undo of a theory header discontinues
15.256 + the current theory development and removes it from the theory
15.257 + database (\secref{sec:theory-database}).
15.258 +
15.259 + \item \isacommand{kill} aborts the current level of development:
15.260 + kill in a proof context reverts to the theory before the initial
15.261 + goal statement, kill in a theory context aborts the current theory
15.262 + development, removing it from the database.
15.263 +
15.264 + \item \isacommand{exit} drops out of the Isar toplevel into the
15.265 + underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar
15.266 + toplevel state is preserved and may be continued later.
15.267 +
15.268 + \item \isacommand{quit} terminates the Isabelle/Isar process without
15.269 + saving.
15.270 +
15.271 + \end{description}%
15.272 +\end{isamarkuptext}%
15.273 +\isamarkuptrue%
15.274 +%
15.275 +\isamarkupsection{ML toplevel \label{sec:ML-toplevel}%
15.276 +}
15.277 +\isamarkuptrue%
15.278 +%
15.279 +\begin{isamarkuptext}%
15.280 +The {\ML} toplevel provides a read-compile-eval-print loop for {\ML}
15.281 + values, types, structures, and functors. {\ML} declarations operate
15.282 + on the global system state, which consists of the compiler
15.283 + environment plus the values of {\ML} reference variables. There is
15.284 + no clean way to undo {\ML} declarations, except for reverting to a
15.285 + previously saved state of the whole Isabelle process. {\ML} input
15.286 + is either read interactively from a TTY, or from a string (usually
15.287 + within a theory text), or from a source file (usually loaded from a
15.288 + theory).
15.289 +
15.290 + Whenever the {\ML} toplevel is active, the current Isabelle theory
15.291 + context is passed as an internal reference variable. Thus {\ML}
15.292 + code may access the theory context during compilation, it may even
15.293 + change the value of a theory being under construction --- while
15.294 + observing the usual linearity restrictions
15.295 + (cf.~\secref{sec:context-theory}).%
15.296 +\end{isamarkuptext}%
15.297 +\isamarkuptrue%
15.298 +%
15.299 +\isadelimmlref
15.300 +%
15.301 +\endisadelimmlref
15.302 +%
15.303 +\isatagmlref
15.304 +%
15.305 +\begin{isamarkuptext}%
15.306 +\begin{mldecls}
15.307 + \indexml{the\_context}\verb|the_context: unit -> theory| \\
15.308 + \indexml{Context.$>$$>$ }\verb|Context.>> : (Context.generic -> Context.generic) -> unit| \\
15.309 + \end{mldecls}
15.310 +
15.311 + \begin{description}
15.312 +
15.313 + \item \verb|the_context ()| refers to the theory context of the
15.314 + {\ML} toplevel --- at compile time! {\ML} code needs to take care
15.315 + to refer to \verb|the_context ()| correctly. Recall that
15.316 + evaluation of a function body is delayed until actual runtime.
15.317 + Moreover, persistent {\ML} toplevel bindings to an unfinished theory
15.318 + should be avoided: code should either project out the desired
15.319 + information immediately, or produce an explicit \verb|theory_ref| (cf.\ \secref{sec:context-theory}).
15.320 +
15.321 + \item \verb|Context.>>|~\isa{f} applies context transformation
15.322 + \isa{f} to the implicit context of the {\ML} toplevel.
15.323 +
15.324 + \end{description}
15.325 +
15.326 + It is very important to note that the above functions are really
15.327 + restricted to the compile time, even though the {\ML} compiler is
15.328 + invoked at runtime! The majority of {\ML} code uses explicit
15.329 + functional arguments of a theory or proof context instead. Thus it
15.330 + may be invoked for an arbitrary context later on, without having to
15.331 + worry about any operational details.
15.332 +
15.333 + \bigskip
15.334 +
15.335 + \begin{mldecls}
15.336 + \indexml{Isar.main}\verb|Isar.main: unit -> unit| \\
15.337 + \indexml{Isar.loop}\verb|Isar.loop: unit -> unit| \\
15.338 + \indexml{Isar.state}\verb|Isar.state: unit -> Toplevel.state| \\
15.339 + \indexml{Isar.exn}\verb|Isar.exn: unit -> (exn * string) option| \\
15.340 + \indexml{Isar.context}\verb|Isar.context: unit -> Proof.context| \\
15.341 + \indexml{Isar.goal}\verb|Isar.goal: unit -> thm| \\
15.342 + \end{mldecls}
15.343 +
15.344 + \begin{description}
15.345 +
15.346 + \item \verb|Isar.main ()| invokes the Isar toplevel from {\ML},
15.347 + initializing an empty toplevel state.
15.348 +
15.349 + \item \verb|Isar.loop ()| continues the Isar toplevel with the
15.350 + current state, after having dropped out of the Isar toplevel loop.
15.351 +
15.352 + \item \verb|Isar.state ()| and \verb|Isar.exn ()| get current
15.353 + toplevel state and error condition, respectively. This only works
15.354 + after having dropped out of the Isar toplevel loop.
15.355 +
15.356 + \item \verb|Isar.context ()| produces the proof context from \verb|Isar.state ()|, analogous to \verb|Context.proof_of|
15.357 + (\secref{sec:generic-context}).
15.358 +
15.359 + \item \verb|Isar.goal ()| picks the tactical goal from \verb|Isar.state ()|, represented as a theorem according to
15.360 + \secref{sec:tactical-goals}.
15.361 +
15.362 + \end{description}%
15.363 +\end{isamarkuptext}%
15.364 +\isamarkuptrue%
15.365 +%
15.366 +\endisatagmlref
15.367 +{\isafoldmlref}%
15.368 +%
15.369 +\isadelimmlref
15.370 +%
15.371 +\endisadelimmlref
15.372 +%
15.373 +\isamarkupsection{Theory database \label{sec:theory-database}%
15.374 +}
15.375 +\isamarkuptrue%
15.376 +%
15.377 +\begin{isamarkuptext}%
15.378 +The theory database maintains a collection of theories, together
15.379 + with some administrative information about their original sources,
15.380 + which are held in an external store (i.e.\ some directory within the
15.381 + regular file system).
15.382 +
15.383 + The theory database is organized as a directed acyclic graph;
15.384 + entries are referenced by theory name. Although some additional
15.385 + interfaces allow to include a directory specification as well, this
15.386 + is only a hint to the underlying theory loader. The internal theory
15.387 + name space is flat!
15.388 +
15.389 + Theory \isa{A} is associated with the main theory file \isa{A}\verb,.thy,, which needs to be accessible through the theory
15.390 + loader path. Any number of additional {\ML} source files may be
15.391 + associated with each theory, by declaring these dependencies in the
15.392 + theory header as \isa{{\isasymUSES}}, and loading them consecutively
15.393 + within the theory context. The system keeps track of incoming {\ML}
15.394 + sources and associates them with the current theory. The file
15.395 + \isa{A}\verb,.ML, is loaded after a theory has been concluded, in
15.396 + order to support legacy proof {\ML} proof scripts.
15.397 +
15.398 + The basic internal actions of the theory database are \isa{update}, \isa{outdate}, and \isa{remove}:
15.399 +
15.400 + \begin{itemize}
15.401 +
15.402 + \item \isa{update\ A} introduces a link of \isa{A} with a
15.403 + \isa{theory} value of the same name; it asserts that the theory
15.404 + sources are now consistent with that value;
15.405 +
15.406 + \item \isa{outdate\ A} invalidates the link of a theory database
15.407 + entry to its sources, but retains the present theory value;
15.408 +
15.409 + \item \isa{remove\ A} deletes entry \isa{A} from the theory
15.410 + database.
15.411 +
15.412 + \end{itemize}
15.413 +
15.414 + These actions are propagated to sub- or super-graphs of a theory
15.415 + entry as expected, in order to preserve global consistency of the
15.416 + state of all loaded theories with the sources of the external store.
15.417 + This implies certain causalities between actions: \isa{update}
15.418 + or \isa{outdate} of an entry will \isa{outdate} all
15.419 + descendants; \isa{remove} will \isa{remove} all descendants.
15.420 +
15.421 + \medskip There are separate user-level interfaces to operate on the
15.422 + theory database directly or indirectly. The primitive actions then
15.423 + just happen automatically while working with the system. In
15.424 + particular, processing a theory header \isa{{\isasymTHEORY}\ A\ {\isasymIMPORTS}\ B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n\ {\isasymBEGIN}} ensures that the
15.425 + sub-graph of the collective imports \isa{B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n}
15.426 + is up-to-date, too. Earlier theories are reloaded as required, with
15.427 + \isa{update} actions proceeding in topological order according to
15.428 + theory dependencies. There may be also a wave of implied \isa{outdate} actions for derived theory nodes until a stable situation
15.429 + is achieved eventually.%
15.430 +\end{isamarkuptext}%
15.431 +\isamarkuptrue%
15.432 +%
15.433 +\isadelimmlref
15.434 +%
15.435 +\endisadelimmlref
15.436 +%
15.437 +\isatagmlref
15.438 +%
15.439 +\begin{isamarkuptext}%
15.440 +\begin{mldecls}
15.441 + \indexml{theory}\verb|theory: string -> theory| \\
15.442 + \indexml{use\_thy}\verb|use_thy: string -> unit| \\
15.443 + \indexml{use\_thys}\verb|use_thys: string list -> unit| \\
15.444 + \indexml{ThyInfo.touch\_thy}\verb|ThyInfo.touch_thy: string -> unit| \\
15.445 + \indexml{ThyInfo.remove\_thy}\verb|ThyInfo.remove_thy: string -> unit| \\[1ex]
15.446 + \indexml{ThyInfo.begin\_theory}\verb|ThyInfo.begin_theory|\verb|: ... -> bool -> theory| \\
15.447 + \indexml{ThyInfo.end\_theory}\verb|ThyInfo.end_theory: theory -> unit| \\
15.448 + \indexml{ThyInfo.register\_theory}\verb|ThyInfo.register_theory: theory -> unit| \\[1ex]
15.449 + \verb|datatype action = Update |\verb,|,\verb| Outdate |\verb,|,\verb| Remove| \\
15.450 + \indexml{ThyInfo.add\_hook}\verb|ThyInfo.add_hook: (ThyInfo.action -> string -> unit) -> unit| \\
15.451 + \end{mldecls}
15.452 +
15.453 + \begin{description}
15.454 +
15.455 + \item \verb|theory|~\isa{A} retrieves the theory value presently
15.456 + associated with name \isa{A}. Note that the result might be
15.457 + outdated.
15.458 +
15.459 + \item \verb|use_thy|~\isa{A} ensures that theory \isa{A} is fully
15.460 + up-to-date wrt.\ the external file store, reloading outdated
15.461 + ancestors as required.
15.462 +
15.463 + \item \verb|use_thys| is similar to \verb|use_thy|, but handles
15.464 + several theories simultaneously. Thus it acts like processing the
15.465 + import header of a theory, without performing the merge of the
15.466 + result, though.
15.467 +
15.468 + \item \verb|ThyInfo.touch_thy|~\isa{A} performs and \isa{outdate} action
15.469 + on theory \isa{A} and all descendants.
15.470 +
15.471 + \item \verb|ThyInfo.remove_thy|~\isa{A} deletes theory \isa{A} and all
15.472 + descendants from the theory database.
15.473 +
15.474 + \item \verb|ThyInfo.begin_theory| is the basic operation behind a
15.475 + \isa{{\isasymTHEORY}} header declaration. This is {\ML} functions is
15.476 + normally not invoked directly.
15.477 +
15.478 + \item \verb|ThyInfo.end_theory| concludes the loading of a theory
15.479 + proper and stores the result in the theory database.
15.480 +
15.481 + \item \verb|ThyInfo.register_theory|~\isa{text\ thy} registers an
15.482 + existing theory value with the theory loader database. There is no
15.483 + management of associated sources.
15.484 +
15.485 + \item \verb|ThyInfo.add_hook|~\isa{f} registers function \isa{f} as a hook for theory database actions. The function will be
15.486 + invoked with the action and theory name being involved; thus derived
15.487 + actions may be performed in associated system components, e.g.\
15.488 + maintaining the state of an editor for the theory sources.
15.489 +
15.490 + The kind and order of actions occurring in practice depends both on
15.491 + user interactions and the internal process of resolving theory
15.492 + imports. Hooks should not rely on a particular policy here! Any
15.493 + exceptions raised by the hook are ignored.
15.494 +
15.495 + \end{description}%
15.496 +\end{isamarkuptext}%
15.497 +\isamarkuptrue%
15.498 +%
15.499 +\endisatagmlref
15.500 +{\isafoldmlref}%
15.501 +%
15.502 +\isadelimmlref
15.503 +%
15.504 +\endisadelimmlref
15.505 +%
15.506 +\isadelimtheory
15.507 +%
15.508 +\endisadelimtheory
15.509 +%
15.510 +\isatagtheory
15.511 +\isacommand{end}\isamarkupfalse%
15.512 +%
15.513 +\endisatagtheory
15.514 +{\isafoldtheory}%
15.515 +%
15.516 +\isadelimtheory
15.517 +%
15.518 +\endisadelimtheory
15.519 +\isanewline
15.520 +\end{isabellebody}%
15.521 +%%% Local Variables:
15.522 +%%% mode: latex
15.523 +%%% TeX-master: "root"
15.524 +%%% End:
16.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
16.2 +++ b/doc-src/IsarImplementation/Thy/document/Isar.tex Mon Feb 16 20:47:44 2009 +0100
16.3 @@ -0,0 +1,91 @@
16.4 +%
16.5 +\begin{isabellebody}%
16.6 +\def\isabellecontext{isar}%
16.7 +%
16.8 +\isadelimtheory
16.9 +\isanewline
16.10 +\isanewline
16.11 +\isanewline
16.12 +%
16.13 +\endisadelimtheory
16.14 +%
16.15 +\isatagtheory
16.16 +\isacommand{theory}\isamarkupfalse%
16.17 +\ isar\ \isakeyword{imports}\ base\ \isakeyword{begin}%
16.18 +\endisatagtheory
16.19 +{\isafoldtheory}%
16.20 +%
16.21 +\isadelimtheory
16.22 +%
16.23 +\endisadelimtheory
16.24 +%
16.25 +\isamarkupchapter{Isar proof texts%
16.26 +}
16.27 +\isamarkuptrue%
16.28 +%
16.29 +\isamarkupsection{Proof context%
16.30 +}
16.31 +\isamarkuptrue%
16.32 +%
16.33 +\begin{isamarkuptext}%
16.34 +FIXME%
16.35 +\end{isamarkuptext}%
16.36 +\isamarkuptrue%
16.37 +%
16.38 +\isamarkupsection{Proof state \label{sec:isar-proof-state}%
16.39 +}
16.40 +\isamarkuptrue%
16.41 +%
16.42 +\begin{isamarkuptext}%
16.43 +FIXME
16.44 +
16.45 +\glossary{Proof state}{The whole configuration of a structured proof,
16.46 +consisting of a \seeglossary{proof context} and an optional
16.47 +\seeglossary{structured goal}. Internally, an Isar proof state is
16.48 +organized as a stack to accomodate block structure of proof texts.
16.49 +For historical reasons, a low-level \seeglossary{tactical goal} is
16.50 +occasionally called ``proof state'' as well.}
16.51 +
16.52 +\glossary{Structured goal}{FIXME}
16.53 +
16.54 +\glossary{Goal}{See \seeglossary{tactical goal} or \seeglossary{structured goal}. \norefpage}%
16.55 +\end{isamarkuptext}%
16.56 +\isamarkuptrue%
16.57 +%
16.58 +\isamarkupsection{Proof methods%
16.59 +}
16.60 +\isamarkuptrue%
16.61 +%
16.62 +\begin{isamarkuptext}%
16.63 +FIXME%
16.64 +\end{isamarkuptext}%
16.65 +\isamarkuptrue%
16.66 +%
16.67 +\isamarkupsection{Attributes%
16.68 +}
16.69 +\isamarkuptrue%
16.70 +%
16.71 +\begin{isamarkuptext}%
16.72 +FIXME ?!%
16.73 +\end{isamarkuptext}%
16.74 +\isamarkuptrue%
16.75 +%
16.76 +\isadelimtheory
16.77 +%
16.78 +\endisadelimtheory
16.79 +%
16.80 +\isatagtheory
16.81 +\isacommand{end}\isamarkupfalse%
16.82 +%
16.83 +\endisatagtheory
16.84 +{\isafoldtheory}%
16.85 +%
16.86 +\isadelimtheory
16.87 +%
16.88 +\endisadelimtheory
16.89 +\isanewline
16.90 +\end{isabellebody}%
16.91 +%%% Local Variables:
16.92 +%%% mode: latex
16.93 +%%% TeX-master: "root"
16.94 +%%% End:
17.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
17.2 +++ b/doc-src/IsarImplementation/Thy/document/Local_Theory.tex Mon Feb 16 20:47:44 2009 +0100
17.3 @@ -0,0 +1,73 @@
17.4 +%
17.5 +\begin{isabellebody}%
17.6 +\def\isabellecontext{locale}%
17.7 +%
17.8 +\isadelimtheory
17.9 +\isanewline
17.10 +\isanewline
17.11 +\isanewline
17.12 +%
17.13 +\endisadelimtheory
17.14 +%
17.15 +\isatagtheory
17.16 +\isacommand{theory}\isamarkupfalse%
17.17 +\ {\isachardoublequoteopen}locale{\isachardoublequoteclose}\ \isakeyword{imports}\ base\ \isakeyword{begin}%
17.18 +\endisatagtheory
17.19 +{\isafoldtheory}%
17.20 +%
17.21 +\isadelimtheory
17.22 +%
17.23 +\endisadelimtheory
17.24 +%
17.25 +\isamarkupchapter{Structured specifications%
17.26 +}
17.27 +\isamarkuptrue%
17.28 +%
17.29 +\isamarkupsection{Specification elements%
17.30 +}
17.31 +\isamarkuptrue%
17.32 +%
17.33 +\begin{isamarkuptext}%
17.34 +FIXME%
17.35 +\end{isamarkuptext}%
17.36 +\isamarkuptrue%
17.37 +%
17.38 +\isamarkupsection{Type-inference%
17.39 +}
17.40 +\isamarkuptrue%
17.41 +%
17.42 +\begin{isamarkuptext}%
17.43 +FIXME%
17.44 +\end{isamarkuptext}%
17.45 +\isamarkuptrue%
17.46 +%
17.47 +\isamarkupsection{Local theories%
17.48 +}
17.49 +\isamarkuptrue%
17.50 +%
17.51 +\begin{isamarkuptext}%
17.52 +FIXME
17.53 +
17.54 + \glossary{Local theory}{FIXME}%
17.55 +\end{isamarkuptext}%
17.56 +\isamarkuptrue%
17.57 +%
17.58 +\isadelimtheory
17.59 +%
17.60 +\endisadelimtheory
17.61 +%
17.62 +\isatagtheory
17.63 +\isacommand{end}\isamarkupfalse%
17.64 +%
17.65 +\endisatagtheory
17.66 +{\isafoldtheory}%
17.67 +%
17.68 +\isadelimtheory
17.69 +%
17.70 +\endisadelimtheory
17.71 +\isanewline
17.72 +\end{isabellebody}%
17.73 +%%% Local Variables:
17.74 +%%% mode: latex
17.75 +%%% TeX-master: "root"
17.76 +%%% End:
18.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
18.2 +++ b/doc-src/IsarImplementation/Thy/document/Logic.tex Mon Feb 16 20:47:44 2009 +0100
18.3 @@ -0,0 +1,886 @@
18.4 +%
18.5 +\begin{isabellebody}%
18.6 +\def\isabellecontext{logic}%
18.7 +%
18.8 +\isadelimtheory
18.9 +%
18.10 +\endisadelimtheory
18.11 +%
18.12 +\isatagtheory
18.13 +\isacommand{theory}\isamarkupfalse%
18.14 +\ logic\ \isakeyword{imports}\ base\ \isakeyword{begin}%
18.15 +\endisatagtheory
18.16 +{\isafoldtheory}%
18.17 +%
18.18 +\isadelimtheory
18.19 +%
18.20 +\endisadelimtheory
18.21 +%
18.22 +\isamarkupchapter{Primitive logic \label{ch:logic}%
18.23 +}
18.24 +\isamarkuptrue%
18.25 +%
18.26 +\begin{isamarkuptext}%
18.27 +The logical foundations of Isabelle/Isar are that of the Pure logic,
18.28 + which has been introduced as a natural-deduction framework in
18.29 + \cite{paulson700}. This is essentially the same logic as ``\isa{{\isasymlambda}HOL}'' in the more abstract setting of Pure Type Systems (PTS)
18.30 + \cite{Barendregt-Geuvers:2001}, although there are some key
18.31 + differences in the specific treatment of simple types in
18.32 + Isabelle/Pure.
18.33 +
18.34 + Following type-theoretic parlance, the Pure logic consists of three
18.35 + levels of \isa{{\isasymlambda}}-calculus with corresponding arrows, \isa{{\isasymRightarrow}} for syntactic function space (terms depending on terms), \isa{{\isasymAnd}} for universal quantification (proofs depending on terms), and
18.36 + \isa{{\isasymLongrightarrow}} for implication (proofs depending on proofs).
18.37 +
18.38 + Derivations are relative to a logical theory, which declares type
18.39 + constructors, constants, and axioms. Theory declarations support
18.40 + schematic polymorphism, which is strictly speaking outside the
18.41 + logic.\footnote{This is the deeper logical reason, why the theory
18.42 + context \isa{{\isasymTheta}} is separate from the proof context \isa{{\isasymGamma}}
18.43 + of the core calculus.}%
18.44 +\end{isamarkuptext}%
18.45 +\isamarkuptrue%
18.46 +%
18.47 +\isamarkupsection{Types \label{sec:types}%
18.48 +}
18.49 +\isamarkuptrue%
18.50 +%
18.51 +\begin{isamarkuptext}%
18.52 +The language of types is an uninterpreted order-sorted first-order
18.53 + algebra; types are qualified by ordered type classes.
18.54 +
18.55 + \medskip A \emph{type class} is an abstract syntactic entity
18.56 + declared in the theory context. The \emph{subclass relation} \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}} is specified by stating an acyclic
18.57 + generating relation; the transitive closure is maintained
18.58 + internally. The resulting relation is an ordering: reflexive,
18.59 + transitive, and antisymmetric.
18.60 +
18.61 + A \emph{sort} is a list of type classes written as \isa{s\ {\isacharequal}\ {\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub m{\isacharbraceright}}, which represents symbolic
18.62 + intersection. Notationally, the curly braces are omitted for
18.63 + singleton intersections, i.e.\ any class \isa{c} may be read as
18.64 + a sort \isa{{\isacharbraceleft}c{\isacharbraceright}}. The ordering on type classes is extended to
18.65 + sorts according to the meaning of intersections: \isa{{\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}\ c\isactrlisub m{\isacharbraceright}\ {\isasymsubseteq}\ {\isacharbraceleft}d\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlisub n{\isacharbraceright}} iff
18.66 + \isa{{\isasymforall}j{\isachardot}\ {\isasymexists}i{\isachardot}\ c\isactrlisub i\ {\isasymsubseteq}\ d\isactrlisub j}. The empty intersection
18.67 + \isa{{\isacharbraceleft}{\isacharbraceright}} refers to the universal sort, which is the largest
18.68 + element wrt.\ the sort order. The intersections of all (finitely
18.69 + many) classes declared in the current theory are the minimal
18.70 + elements wrt.\ the sort order.
18.71 +
18.72 + \medskip A \emph{fixed type variable} is a pair of a basic name
18.73 + (starting with a \isa{{\isacharprime}} character) and a sort constraint, e.g.\
18.74 + \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ s{\isacharparenright}} which is usually printed as \isa{{\isasymalpha}\isactrlisub s}.
18.75 + A \emph{schematic type variable} is a pair of an indexname and a
18.76 + sort constraint, e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ s{\isacharparenright}} which is usually
18.77 + printed as \isa{{\isacharquery}{\isasymalpha}\isactrlisub s}.
18.78 +
18.79 + Note that \emph{all} syntactic components contribute to the identity
18.80 + of type variables, including the sort constraint. The core logic
18.81 + handles type variables with the same name but different sorts as
18.82 + different, although some outer layers of the system make it hard to
18.83 + produce anything like this.
18.84 +
18.85 + A \emph{type constructor} \isa{{\isasymkappa}} is a \isa{k}-ary operator
18.86 + on types declared in the theory. Type constructor application is
18.87 + written postfix as \isa{{\isacharparenleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub k{\isacharparenright}{\isasymkappa}}. For
18.88 + \isa{k\ {\isacharequal}\ {\isadigit{0}}} the argument tuple is omitted, e.g.\ \isa{prop}
18.89 + instead of \isa{{\isacharparenleft}{\isacharparenright}prop}. For \isa{k\ {\isacharequal}\ {\isadigit{1}}} the parentheses
18.90 + are omitted, e.g.\ \isa{{\isasymalpha}\ list} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharparenright}list}.
18.91 + Further notation is provided for specific constructors, notably the
18.92 + right-associative infix \isa{{\isasymalpha}\ {\isasymRightarrow}\ {\isasymbeta}} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharcomma}\ {\isasymbeta}{\isacharparenright}fun}.
18.93 +
18.94 + A \emph{type} is defined inductively over type variables and type
18.95 + constructors as follows: \isa{{\isasymtau}\ {\isacharequal}\ {\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharquery}{\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharparenleft}{\isasymtau}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlsub k{\isacharparenright}{\isasymkappa}}.
18.96 +
18.97 + A \emph{type abbreviation} is a syntactic definition \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} of an arbitrary type expression \isa{{\isasymtau}} over
18.98 + variables \isa{\isactrlvec {\isasymalpha}}. Type abbreviations appear as type
18.99 + constructors in the syntax, but are expanded before entering the
18.100 + logical core.
18.101 +
18.102 + A \emph{type arity} declares the image behavior of a type
18.103 + constructor wrt.\ the algebra of sorts: \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}s} means that \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub k{\isacharparenright}{\isasymkappa}} is
18.104 + of sort \isa{s} if every argument type \isa{{\isasymtau}\isactrlisub i} is
18.105 + of sort \isa{s\isactrlisub i}. Arity declarations are implicitly
18.106 + completed, i.e.\ \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c} entails \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c{\isacharprime}} for any \isa{c{\isacharprime}\ {\isasymsupseteq}\ c}.
18.107 +
18.108 + \medskip The sort algebra is always maintained as \emph{coregular},
18.109 + which means that type arities are consistent with the subclass
18.110 + relation: for any type constructor \isa{{\isasymkappa}}, and classes \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}, and arities \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{1}}{\isacharparenright}c\isactrlisub {\isadigit{1}}} and \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{2}}{\isacharparenright}c\isactrlisub {\isadigit{2}}} holds \isa{\isactrlvec s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ \isactrlvec s\isactrlisub {\isadigit{2}}} component-wise.
18.111 +
18.112 + The key property of a coregular order-sorted algebra is that sort
18.113 + constraints can be solved in a most general fashion: for each type
18.114 + constructor \isa{{\isasymkappa}} and sort \isa{s} there is a most general
18.115 + vector of argument sorts \isa{{\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}} such
18.116 + that a type scheme \isa{{\isacharparenleft}{\isasymalpha}\isactrlbsub s\isactrlisub {\isadigit{1}}\isactrlesub {\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlbsub s\isactrlisub k\isactrlesub {\isacharparenright}{\isasymkappa}} is of sort \isa{s}.
18.117 + Consequently, type unification has most general solutions (modulo
18.118 + equivalence of sorts), so type-inference produces primary types as
18.119 + expected \cite{nipkow-prehofer}.%
18.120 +\end{isamarkuptext}%
18.121 +\isamarkuptrue%
18.122 +%
18.123 +\isadelimmlref
18.124 +%
18.125 +\endisadelimmlref
18.126 +%
18.127 +\isatagmlref
18.128 +%
18.129 +\begin{isamarkuptext}%
18.130 +\begin{mldecls}
18.131 + \indexmltype{class}\verb|type class| \\
18.132 + \indexmltype{sort}\verb|type sort| \\
18.133 + \indexmltype{arity}\verb|type arity| \\
18.134 + \indexmltype{typ}\verb|type typ| \\
18.135 + \indexml{map\_atyps}\verb|map_atyps: (typ -> typ) -> typ -> typ| \\
18.136 + \indexml{fold\_atyps}\verb|fold_atyps: (typ -> 'a -> 'a) -> typ -> 'a -> 'a| \\
18.137 + \end{mldecls}
18.138 + \begin{mldecls}
18.139 + \indexml{Sign.subsort}\verb|Sign.subsort: theory -> sort * sort -> bool| \\
18.140 + \indexml{Sign.of\_sort}\verb|Sign.of_sort: theory -> typ * sort -> bool| \\
18.141 + \indexml{Sign.add\_types}\verb|Sign.add_types: (string * int * mixfix) list -> theory -> theory| \\
18.142 + \indexml{Sign.add\_tyabbrs\_i}\verb|Sign.add_tyabbrs_i: |\isasep\isanewline%
18.143 +\verb| (string * string list * typ * mixfix) list -> theory -> theory| \\
18.144 + \indexml{Sign.primitive\_class}\verb|Sign.primitive_class: string * class list -> theory -> theory| \\
18.145 + \indexml{Sign.primitive\_classrel}\verb|Sign.primitive_classrel: class * class -> theory -> theory| \\
18.146 + \indexml{Sign.primitive\_arity}\verb|Sign.primitive_arity: arity -> theory -> theory| \\
18.147 + \end{mldecls}
18.148 +
18.149 + \begin{description}
18.150 +
18.151 + \item \verb|class| represents type classes; this is an alias for
18.152 + \verb|string|.
18.153 +
18.154 + \item \verb|sort| represents sorts; this is an alias for
18.155 + \verb|class list|.
18.156 +
18.157 + \item \verb|arity| represents type arities; this is an alias for
18.158 + triples of the form \isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} for \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s} described above.
18.159 +
18.160 + \item \verb|typ| represents types; this is a datatype with
18.161 + constructors \verb|TFree|, \verb|TVar|, \verb|Type|.
18.162 +
18.163 + \item \verb|map_atyps|~\isa{f\ {\isasymtau}} applies the mapping \isa{f}
18.164 + to all atomic types (\verb|TFree|, \verb|TVar|) occurring in \isa{{\isasymtau}}.
18.165 +
18.166 + \item \verb|fold_atyps|~\isa{f\ {\isasymtau}} iterates the operation \isa{f} over all occurrences of atomic types (\verb|TFree|, \verb|TVar|)
18.167 + in \isa{{\isasymtau}}; the type structure is traversed from left to right.
18.168 +
18.169 + \item \verb|Sign.subsort|~\isa{thy\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ s\isactrlisub {\isadigit{2}}{\isacharparenright}}
18.170 + tests the subsort relation \isa{s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ s\isactrlisub {\isadigit{2}}}.
18.171 +
18.172 + \item \verb|Sign.of_sort|~\isa{thy\ {\isacharparenleft}{\isasymtau}{\isacharcomma}\ s{\isacharparenright}} tests whether type
18.173 + \isa{{\isasymtau}} is of sort \isa{s}.
18.174 +
18.175 + \item \verb|Sign.add_types|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ k{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares a new
18.176 + type constructors \isa{{\isasymkappa}} with \isa{k} arguments and
18.177 + optional mixfix syntax.
18.178 +
18.179 + \item \verb|Sign.add_tyabbrs_i|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec {\isasymalpha}{\isacharcomma}\ {\isasymtau}{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}}
18.180 + defines a new type abbreviation \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} with
18.181 + optional mixfix syntax.
18.182 +
18.183 + \item \verb|Sign.primitive_class|~\isa{{\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub n{\isacharbrackright}{\isacharparenright}} declares a new class \isa{c}, together with class
18.184 + relations \isa{c\ {\isasymsubseteq}\ c\isactrlisub i}, for \isa{i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n}.
18.185 +
18.186 + \item \verb|Sign.primitive_classrel|~\isa{{\isacharparenleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ c\isactrlisub {\isadigit{2}}{\isacharparenright}} declares the class relation \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}.
18.187 +
18.188 + \item \verb|Sign.primitive_arity|~\isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} declares
18.189 + the arity \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s}.
18.190 +
18.191 + \end{description}%
18.192 +\end{isamarkuptext}%
18.193 +\isamarkuptrue%
18.194 +%
18.195 +\endisatagmlref
18.196 +{\isafoldmlref}%
18.197 +%
18.198 +\isadelimmlref
18.199 +%
18.200 +\endisadelimmlref
18.201 +%
18.202 +\isamarkupsection{Terms \label{sec:terms}%
18.203 +}
18.204 +\isamarkuptrue%
18.205 +%
18.206 +\begin{isamarkuptext}%
18.207 +\glossary{Term}{FIXME}
18.208 +
18.209 + The language of terms is that of simply-typed \isa{{\isasymlambda}}-calculus
18.210 + with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
18.211 + or \cite{paulson-ml2}), with the types being determined determined
18.212 + by the corresponding binders. In contrast, free variables and
18.213 + constants are have an explicit name and type in each occurrence.
18.214 +
18.215 + \medskip A \emph{bound variable} is a natural number \isa{b},
18.216 + which accounts for the number of intermediate binders between the
18.217 + variable occurrence in the body and its binding position. For
18.218 + example, the de-Bruijn term \isa{{\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isadigit{1}}\ {\isacharplus}\ {\isadigit{0}}} would
18.219 + correspond to \isa{{\isasymlambda}x\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}y\isactrlbsub nat\isactrlesub {\isachardot}\ x\ {\isacharplus}\ y} in a named
18.220 + representation. Note that a bound variable may be represented by
18.221 + different de-Bruijn indices at different occurrences, depending on
18.222 + the nesting of abstractions.
18.223 +
18.224 + A \emph{loose variable} is a bound variable that is outside the
18.225 + scope of local binders. The types (and names) for loose variables
18.226 + can be managed as a separate context, that is maintained as a stack
18.227 + of hypothetical binders. The core logic operates on closed terms,
18.228 + without any loose variables.
18.229 +
18.230 + A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
18.231 + \isa{{\isacharparenleft}x{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed \isa{x\isactrlisub {\isasymtau}}. A
18.232 + \emph{schematic variable} is a pair of an indexname and a type,
18.233 + e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}x{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{{\isacharquery}x\isactrlisub {\isasymtau}}.
18.234 +
18.235 + \medskip A \emph{constant} is a pair of a basic name and a type,
18.236 + e.g.\ \isa{{\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{c\isactrlisub {\isasymtau}}. Constants are declared in the context as polymorphic
18.237 + families \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}, meaning that all substitution instances
18.238 + \isa{c\isactrlisub {\isasymtau}} for \isa{{\isasymtau}\ {\isacharequal}\ {\isasymsigma}{\isasymvartheta}} are valid.
18.239 +
18.240 + The vector of \emph{type arguments} of constant \isa{c\isactrlisub {\isasymtau}}
18.241 + wrt.\ the declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is defined as the codomain of
18.242 + the matcher \isa{{\isasymvartheta}\ {\isacharequal}\ {\isacharbraceleft}{\isacharquery}{\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymmapsto}\ {\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isacharquery}{\isasymalpha}\isactrlisub n\ {\isasymmapsto}\ {\isasymtau}\isactrlisub n{\isacharbraceright}} presented in canonical order \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}}. Within a given theory context,
18.243 + there is a one-to-one correspondence between any constant \isa{c\isactrlisub {\isasymtau}} and the application \isa{c{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}} of its type arguments. For example, with \isa{plus\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}}, the instance \isa{plus\isactrlbsub nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat\isactrlesub } corresponds to \isa{plus{\isacharparenleft}nat{\isacharparenright}}.
18.244 +
18.245 + Constant declarations \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} may contain sort constraints
18.246 + for type variables in \isa{{\isasymsigma}}. These are observed by
18.247 + type-inference as expected, but \emph{ignored} by the core logic.
18.248 + This means the primitive logic is able to reason with instances of
18.249 + polymorphic constants that the user-level type-checker would reject
18.250 + due to violation of type class restrictions.
18.251 +
18.252 + \medskip An \emph{atomic} term is either a variable or constant. A
18.253 + \emph{term} is defined inductively over atomic terms, with
18.254 + abstraction and application as follows: \isa{t\ {\isacharequal}\ b\ {\isacharbar}\ x\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isacharquery}x\isactrlisub {\isasymtau}\ {\isacharbar}\ c\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isasymlambda}\isactrlisub {\isasymtau}{\isachardot}\ t\ {\isacharbar}\ t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}}.
18.255 + Parsing and printing takes care of converting between an external
18.256 + representation with named bound variables. Subsequently, we shall
18.257 + use the latter notation instead of internal de-Bruijn
18.258 + representation.
18.259 +
18.260 + The inductive relation \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} assigns a (unique) type to a
18.261 + term according to the structure of atomic terms, abstractions, and
18.262 + applicatins:
18.263 + \[
18.264 + \infer{\isa{a\isactrlisub {\isasymtau}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}{}
18.265 + \qquad
18.266 + \infer{\isa{{\isacharparenleft}{\isasymlambda}x\isactrlsub {\isasymtau}{\isachardot}\ t{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}
18.267 + \qquad
18.268 + \infer{\isa{t\ u\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}} & \isa{u\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}
18.269 + \]
18.270 + A \emph{well-typed term} is a term that can be typed according to these rules.
18.271 +
18.272 + Typing information can be omitted: type-inference is able to
18.273 + reconstruct the most general type of a raw term, while assigning
18.274 + most general types to all of its variables and constants.
18.275 + Type-inference depends on a context of type constraints for fixed
18.276 + variables, and declarations for polymorphic constants.
18.277 +
18.278 + The identity of atomic terms consists both of the name and the type
18.279 + component. This means that different variables \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{1}}\isactrlesub } and \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{2}}\isactrlesub } may become the same after type
18.280 + instantiation. Some outer layers of the system make it hard to
18.281 + produce variables of the same name, but different types. In
18.282 + contrast, mixed instances of polymorphic constants occur frequently.
18.283 +
18.284 + \medskip The \emph{hidden polymorphism} of a term \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}
18.285 + is the set of type variables occurring in \isa{t}, but not in
18.286 + \isa{{\isasymsigma}}. This means that the term implicitly depends on type
18.287 + arguments that are not accounted in the result type, i.e.\ there are
18.288 + different type instances \isa{t{\isasymvartheta}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} and \isa{t{\isasymvartheta}{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with the same type. This slightly
18.289 + pathological situation notoriously demands additional care.
18.290 +
18.291 + \medskip A \emph{term abbreviation} is a syntactic definition \isa{c\isactrlisub {\isasymsigma}\ {\isasymequiv}\ t} of a closed term \isa{t} of type \isa{{\isasymsigma}},
18.292 + without any hidden polymorphism. A term abbreviation looks like a
18.293 + constant in the syntax, but is expanded before entering the logical
18.294 + core. Abbreviations are usually reverted when printing terms, using
18.295 + \isa{t\ {\isasymrightarrow}\ c\isactrlisub {\isasymsigma}} as rules for higher-order rewriting.
18.296 +
18.297 + \medskip Canonical operations on \isa{{\isasymlambda}}-terms include \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion: \isa{{\isasymalpha}}-conversion refers to capture-free
18.298 + renaming of bound variables; \isa{{\isasymbeta}}-conversion contracts an
18.299 + abstraction applied to an argument term, substituting the argument
18.300 + in the body: \isa{{\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharparenright}a} becomes \isa{b{\isacharbrackleft}a{\isacharslash}x{\isacharbrackright}}; \isa{{\isasymeta}}-conversion contracts vacuous application-abstraction: \isa{{\isasymlambda}x{\isachardot}\ f\ x} becomes \isa{f}, provided that the bound variable
18.301 + does not occur in \isa{f}.
18.302 +
18.303 + Terms are normally treated modulo \isa{{\isasymalpha}}-conversion, which is
18.304 + implicit in the de-Bruijn representation. Names for bound variables
18.305 + in abstractions are maintained separately as (meaningless) comments,
18.306 + mostly for parsing and printing. Full \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion is
18.307 + commonplace in various standard operations (\secref{sec:obj-rules})
18.308 + that are based on higher-order unification and matching.%
18.309 +\end{isamarkuptext}%
18.310 +\isamarkuptrue%
18.311 +%
18.312 +\isadelimmlref
18.313 +%
18.314 +\endisadelimmlref
18.315 +%
18.316 +\isatagmlref
18.317 +%
18.318 +\begin{isamarkuptext}%
18.319 +\begin{mldecls}
18.320 + \indexmltype{term}\verb|type term| \\
18.321 + \indexml{op aconv}\verb|op aconv: term * term -> bool| \\
18.322 + \indexml{map\_types}\verb|map_types: (typ -> typ) -> term -> term| \\
18.323 + \indexml{fold\_types}\verb|fold_types: (typ -> 'a -> 'a) -> term -> 'a -> 'a| \\
18.324 + \indexml{map\_aterms}\verb|map_aterms: (term -> term) -> term -> term| \\
18.325 + \indexml{fold\_aterms}\verb|fold_aterms: (term -> 'a -> 'a) -> term -> 'a -> 'a| \\
18.326 + \end{mldecls}
18.327 + \begin{mldecls}
18.328 + \indexml{fastype\_of}\verb|fastype_of: term -> typ| \\
18.329 + \indexml{lambda}\verb|lambda: term -> term -> term| \\
18.330 + \indexml{betapply}\verb|betapply: term * term -> term| \\
18.331 + \indexml{Sign.declare\_const}\verb|Sign.declare_const: Properties.T -> (binding * typ) * mixfix ->|\isasep\isanewline%
18.332 +\verb| theory -> term * theory| \\
18.333 + \indexml{Sign.add\_abbrev}\verb|Sign.add_abbrev: string -> Properties.T -> binding * term ->|\isasep\isanewline%
18.334 +\verb| theory -> (term * term) * theory| \\
18.335 + \indexml{Sign.const\_typargs}\verb|Sign.const_typargs: theory -> string * typ -> typ list| \\
18.336 + \indexml{Sign.const\_instance}\verb|Sign.const_instance: theory -> string * typ list -> typ| \\
18.337 + \end{mldecls}
18.338 +
18.339 + \begin{description}
18.340 +
18.341 + \item \verb|term| represents de-Bruijn terms, with comments in
18.342 + abstractions, and explicitly named free variables and constants;
18.343 + this is a datatype with constructors \verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|, \verb|Abs|, \verb|op $|.
18.344 +
18.345 + \item \isa{t}~\verb|aconv|~\isa{u} checks \isa{{\isasymalpha}}-equivalence of two terms. This is the basic equality relation
18.346 + on type \verb|term|; raw datatype equality should only be used
18.347 + for operations related to parsing or printing!
18.348 +
18.349 + \item \verb|map_types|~\isa{f\ t} applies the mapping \isa{f} to all types occurring in \isa{t}.
18.350 +
18.351 + \item \verb|fold_types|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of types in \isa{t}; the term
18.352 + structure is traversed from left to right.
18.353 +
18.354 + \item \verb|map_aterms|~\isa{f\ t} applies the mapping \isa{f}
18.355 + to all atomic terms (\verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|) occurring in \isa{t}.
18.356 +
18.357 + \item \verb|fold_aterms|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of atomic terms (\verb|Bound|, \verb|Free|,
18.358 + \verb|Var|, \verb|Const|) in \isa{t}; the term structure is
18.359 + traversed from left to right.
18.360 +
18.361 + \item \verb|fastype_of|~\isa{t} determines the type of a
18.362 + well-typed term. This operation is relatively slow, despite the
18.363 + omission of any sanity checks.
18.364 +
18.365 + \item \verb|lambda|~\isa{a\ b} produces an abstraction \isa{{\isasymlambda}a{\isachardot}\ b}, where occurrences of the atomic term \isa{a} in the
18.366 + body \isa{b} are replaced by bound variables.
18.367 +
18.368 + \item \verb|betapply|~\isa{{\isacharparenleft}t{\isacharcomma}\ u{\isacharparenright}} produces an application \isa{t\ u}, with topmost \isa{{\isasymbeta}}-conversion if \isa{t} is an
18.369 + abstraction.
18.370 +
18.371 + \item \verb|Sign.declare_const|~\isa{properties\ {\isacharparenleft}{\isacharparenleft}c{\isacharcomma}\ {\isasymsigma}{\isacharparenright}{\isacharcomma}\ mx{\isacharparenright}}
18.372 + declares a new constant \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with optional mixfix
18.373 + syntax.
18.374 +
18.375 + \item \verb|Sign.add_abbrev|~\isa{print{\isacharunderscore}mode\ properties\ {\isacharparenleft}c{\isacharcomma}\ t{\isacharparenright}}
18.376 + introduces a new term abbreviation \isa{c\ {\isasymequiv}\ t}.
18.377 +
18.378 + \item \verb|Sign.const_typargs|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} and \verb|Sign.const_instance|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharbrackright}{\isacharparenright}}
18.379 + convert between two representations of polymorphic constants: full
18.380 + type instance vs.\ compact type arguments form.
18.381 +
18.382 + \end{description}%
18.383 +\end{isamarkuptext}%
18.384 +\isamarkuptrue%
18.385 +%
18.386 +\endisatagmlref
18.387 +{\isafoldmlref}%
18.388 +%
18.389 +\isadelimmlref
18.390 +%
18.391 +\endisadelimmlref
18.392 +%
18.393 +\isamarkupsection{Theorems \label{sec:thms}%
18.394 +}
18.395 +\isamarkuptrue%
18.396 +%
18.397 +\begin{isamarkuptext}%
18.398 +\glossary{Proposition}{FIXME A \seeglossary{term} of
18.399 + \seeglossary{type} \isa{prop}. Internally, there is nothing
18.400 + special about propositions apart from their type, but the concrete
18.401 + syntax enforces a clear distinction. Propositions are structured
18.402 + via implication \isa{A\ {\isasymLongrightarrow}\ B} or universal quantification \isa{{\isasymAnd}x{\isachardot}\ B\ x} --- anything else is considered atomic. The canonical
18.403 + form for propositions is that of a \seeglossary{Hereditary Harrop
18.404 + Formula}. FIXME}
18.405 +
18.406 + \glossary{Theorem}{A proven proposition within a certain theory and
18.407 + proof context, formally \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}; both contexts are
18.408 + rarely spelled out explicitly. Theorems are usually normalized
18.409 + according to the \seeglossary{HHF} format. FIXME}
18.410 +
18.411 + \glossary{Fact}{Sometimes used interchangeably for
18.412 + \seeglossary{theorem}. Strictly speaking, a list of theorems,
18.413 + essentially an extra-logical conjunction. Facts emerge either as
18.414 + local assumptions, or as results of local goal statements --- both
18.415 + may be simultaneous, hence the list representation. FIXME}
18.416 +
18.417 + \glossary{Schematic variable}{FIXME}
18.418 +
18.419 + \glossary{Fixed variable}{A variable that is bound within a certain
18.420 + proof context; an arbitrary-but-fixed entity within a portion of
18.421 + proof text. FIXME}
18.422 +
18.423 + \glossary{Free variable}{Synonymous for \seeglossary{fixed
18.424 + variable}. FIXME}
18.425 +
18.426 + \glossary{Bound variable}{FIXME}
18.427 +
18.428 + \glossary{Variable}{See \seeglossary{schematic variable},
18.429 + \seeglossary{fixed variable}, \seeglossary{bound variable}, or
18.430 + \seeglossary{type variable}. The distinguishing feature of
18.431 + different variables is their binding scope. FIXME}
18.432 +
18.433 + A \emph{proposition} is a well-typed term of type \isa{prop}, a
18.434 + \emph{theorem} is a proven proposition (depending on a context of
18.435 + hypotheses and the background theory). Primitive inferences include
18.436 + plain natural deduction rules for the primary connectives \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} of the framework. There is also a builtin
18.437 + notion of equality/equivalence \isa{{\isasymequiv}}.%
18.438 +\end{isamarkuptext}%
18.439 +\isamarkuptrue%
18.440 +%
18.441 +\isamarkupsubsection{Primitive connectives and rules \label{sec:prim-rules}%
18.442 +}
18.443 +\isamarkuptrue%
18.444 +%
18.445 +\begin{isamarkuptext}%
18.446 +The theory \isa{Pure} contains constant declarations for the
18.447 + primitive connectives \isa{{\isasymAnd}}, \isa{{\isasymLongrightarrow}}, and \isa{{\isasymequiv}} of
18.448 + the logical framework, see \figref{fig:pure-connectives}. The
18.449 + derivability judgment \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} is
18.450 + defined inductively by the primitive inferences given in
18.451 + \figref{fig:prim-rules}, with the global restriction that the
18.452 + hypotheses must \emph{not} contain any schematic variables. The
18.453 + builtin equality is conceptually axiomatized as shown in
18.454 + \figref{fig:pure-equality}, although the implementation works
18.455 + directly with derived inferences.
18.456 +
18.457 + \begin{figure}[htb]
18.458 + \begin{center}
18.459 + \begin{tabular}{ll}
18.460 + \isa{all\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymalpha}\ {\isasymRightarrow}\ prop{\isacharparenright}\ {\isasymRightarrow}\ prop} & universal quantification (binder \isa{{\isasymAnd}}) \\
18.461 + \isa{{\isasymLongrightarrow}\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & implication (right associative infix) \\
18.462 + \isa{{\isasymequiv}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & equality relation (infix) \\
18.463 + \end{tabular}
18.464 + \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
18.465 + \end{center}
18.466 + \end{figure}
18.467 +
18.468 + \begin{figure}[htb]
18.469 + \begin{center}
18.470 + \[
18.471 + \infer[\isa{{\isacharparenleft}axiom{\isacharparenright}}]{\isa{{\isasymturnstile}\ A}}{\isa{A\ {\isasymin}\ {\isasymTheta}}}
18.472 + \qquad
18.473 + \infer[\isa{{\isacharparenleft}assume{\isacharparenright}}]{\isa{A\ {\isasymturnstile}\ A}}{}
18.474 + \]
18.475 + \[
18.476 + \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
18.477 + \qquad
18.478 + \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}a{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}
18.479 + \]
18.480 + \[
18.481 + \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isacharminus}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
18.482 + \qquad
18.483 + \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymunion}\ {\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ B}}{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B} & \isa{{\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ A}}
18.484 + \]
18.485 + \caption{Primitive inferences of Pure}\label{fig:prim-rules}
18.486 + \end{center}
18.487 + \end{figure}
18.488 +
18.489 + \begin{figure}[htb]
18.490 + \begin{center}
18.491 + \begin{tabular}{ll}
18.492 + \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}\ a\ {\isasymequiv}\ b{\isacharbrackleft}a{\isacharbrackright}} & \isa{{\isasymbeta}}-conversion \\
18.493 + \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ x} & reflexivity \\
18.494 + \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ y\ {\isasymLongrightarrow}\ P\ x\ {\isasymLongrightarrow}\ P\ y} & substitution \\
18.495 + \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ f\ x\ {\isasymequiv}\ g\ x{\isacharparenright}\ {\isasymLongrightarrow}\ f\ {\isasymequiv}\ g} & extensionality \\
18.496 + \isa{{\isasymturnstile}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}B\ {\isasymLongrightarrow}\ A{\isacharparenright}\ {\isasymLongrightarrow}\ A\ {\isasymequiv}\ B} & logical equivalence \\
18.497 + \end{tabular}
18.498 + \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
18.499 + \end{center}
18.500 + \end{figure}
18.501 +
18.502 + The introduction and elimination rules for \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} are analogous to formation of dependently typed \isa{{\isasymlambda}}-terms representing the underlying proof objects. Proof terms
18.503 + are irrelevant in the Pure logic, though; they cannot occur within
18.504 + propositions. The system provides a runtime option to record
18.505 + explicit proof terms for primitive inferences. Thus all three
18.506 + levels of \isa{{\isasymlambda}}-calculus become explicit: \isa{{\isasymRightarrow}} for
18.507 + terms, and \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} for proofs (cf.\
18.508 + \cite{Berghofer-Nipkow:2000:TPHOL}).
18.509 +
18.510 + Observe that locally fixed parameters (as in \isa{{\isasymAnd}{\isacharunderscore}intro}) need
18.511 + not be recorded in the hypotheses, because the simple syntactic
18.512 + types of Pure are always inhabitable. ``Assumptions'' \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} for type-membership are only present as long as some \isa{x\isactrlisub {\isasymtau}} occurs in the statement body.\footnote{This is the key
18.513 + difference to ``\isa{{\isasymlambda}HOL}'' in the PTS framework
18.514 + \cite{Barendregt-Geuvers:2001}, where hypotheses \isa{x\ {\isacharcolon}\ A} are
18.515 + treated uniformly for propositions and types.}
18.516 +
18.517 + \medskip The axiomatization of a theory is implicitly closed by
18.518 + forming all instances of type and term variables: \isa{{\isasymturnstile}\ A{\isasymvartheta}} holds for any substitution instance of an axiom
18.519 + \isa{{\isasymturnstile}\ A}. By pushing substitutions through derivations
18.520 + inductively, we also get admissible \isa{generalize} and \isa{instance} rules as shown in \figref{fig:subst-rules}.
18.521 +
18.522 + \begin{figure}[htb]
18.523 + \begin{center}
18.524 + \[
18.525 + \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} & \isa{{\isasymalpha}\ {\isasymnotin}\ {\isasymGamma}}}
18.526 + \quad
18.527 + \infer[\quad\isa{{\isacharparenleft}generalize{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
18.528 + \]
18.529 + \[
18.530 + \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymtau}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}
18.531 + \quad
18.532 + \infer[\quad\isa{{\isacharparenleft}instantiate{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}t{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}
18.533 + \]
18.534 + \caption{Admissible substitution rules}\label{fig:subst-rules}
18.535 + \end{center}
18.536 + \end{figure}
18.537 +
18.538 + Note that \isa{instantiate} does not require an explicit
18.539 + side-condition, because \isa{{\isasymGamma}} may never contain schematic
18.540 + variables.
18.541 +
18.542 + In principle, variables could be substituted in hypotheses as well,
18.543 + but this would disrupt the monotonicity of reasoning: deriving
18.544 + \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymturnstile}\ B{\isasymvartheta}} from \isa{{\isasymGamma}\ {\isasymturnstile}\ B} is
18.545 + correct, but \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymsupseteq}\ {\isasymGamma}} does not necessarily hold:
18.546 + the result belongs to a different proof context.
18.547 +
18.548 + \medskip An \emph{oracle} is a function that produces axioms on the
18.549 + fly. Logically, this is an instance of the \isa{axiom} rule
18.550 + (\figref{fig:prim-rules}), but there is an operational difference.
18.551 + The system always records oracle invocations within derivations of
18.552 + theorems. Tracing plain axioms (and named theorems) is optional.
18.553 +
18.554 + Axiomatizations should be limited to the bare minimum, typically as
18.555 + part of the initial logical basis of an object-logic formalization.
18.556 + Later on, theories are usually developed in a strictly definitional
18.557 + fashion, by stating only certain equalities over new constants.
18.558 +
18.559 + A \emph{simple definition} consists of a constant declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} together with an axiom \isa{{\isasymturnstile}\ c\ {\isasymequiv}\ t}, where \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is a closed term without any hidden polymorphism. The RHS
18.560 + may depend on further defined constants, but not \isa{c} itself.
18.561 + Definitions of functions may be presented as \isa{c\ \isactrlvec x\ {\isasymequiv}\ t} instead of the puristic \isa{c\ {\isasymequiv}\ {\isasymlambda}\isactrlvec x{\isachardot}\ t}.
18.562 +
18.563 + An \emph{overloaded definition} consists of a collection of axioms
18.564 + for the same constant, with zero or one equations \isa{c{\isacharparenleft}{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}{\isacharparenright}\ {\isasymequiv}\ t} for each type constructor \isa{{\isasymkappa}} (for
18.565 + distinct variables \isa{\isactrlvec {\isasymalpha}}). The RHS may mention
18.566 + previously defined constants as above, or arbitrary constants \isa{d{\isacharparenleft}{\isasymalpha}\isactrlisub i{\isacharparenright}} for some \isa{{\isasymalpha}\isactrlisub i} projected from \isa{\isactrlvec {\isasymalpha}}. Thus overloaded definitions essentially work by
18.567 + primitive recursion over the syntactic structure of a single type
18.568 + argument.%
18.569 +\end{isamarkuptext}%
18.570 +\isamarkuptrue%
18.571 +%
18.572 +\isadelimmlref
18.573 +%
18.574 +\endisadelimmlref
18.575 +%
18.576 +\isatagmlref
18.577 +%
18.578 +\begin{isamarkuptext}%
18.579 +\begin{mldecls}
18.580 + \indexmltype{ctyp}\verb|type ctyp| \\
18.581 + \indexmltype{cterm}\verb|type cterm| \\
18.582 + \indexml{Thm.ctyp\_of}\verb|Thm.ctyp_of: theory -> typ -> ctyp| \\
18.583 + \indexml{Thm.cterm\_of}\verb|Thm.cterm_of: theory -> term -> cterm| \\
18.584 + \end{mldecls}
18.585 + \begin{mldecls}
18.586 + \indexmltype{thm}\verb|type thm| \\
18.587 + \indexml{proofs}\verb|proofs: int ref| \\
18.588 + \indexml{Thm.assume}\verb|Thm.assume: cterm -> thm| \\
18.589 + \indexml{Thm.forall\_intr}\verb|Thm.forall_intr: cterm -> thm -> thm| \\
18.590 + \indexml{Thm.forall\_elim}\verb|Thm.forall_elim: cterm -> thm -> thm| \\
18.591 + \indexml{Thm.implies\_intr}\verb|Thm.implies_intr: cterm -> thm -> thm| \\
18.592 + \indexml{Thm.implies\_elim}\verb|Thm.implies_elim: thm -> thm -> thm| \\
18.593 + \indexml{Thm.generalize}\verb|Thm.generalize: string list * string list -> int -> thm -> thm| \\
18.594 + \indexml{Thm.instantiate}\verb|Thm.instantiate: (ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm| \\
18.595 + \indexml{Thm.axiom}\verb|Thm.axiom: theory -> string -> thm| \\
18.596 + \indexml{Thm.add\_oracle}\verb|Thm.add_oracle: bstring * ('a -> cterm) -> theory|\isasep\isanewline%
18.597 +\verb| -> (string * ('a -> thm)) * theory| \\
18.598 + \end{mldecls}
18.599 + \begin{mldecls}
18.600 + \indexml{Theory.add\_axioms\_i}\verb|Theory.add_axioms_i: (binding * term) list -> theory -> theory| \\
18.601 + \indexml{Theory.add\_deps}\verb|Theory.add_deps: string -> string * typ -> (string * typ) list -> theory -> theory| \\
18.602 + \indexml{Theory.add\_defs\_i}\verb|Theory.add_defs_i: bool -> bool -> (binding * term) list -> theory -> theory| \\
18.603 + \end{mldecls}
18.604 +
18.605 + \begin{description}
18.606 +
18.607 + \item \verb|ctyp| and \verb|cterm| represent certified types
18.608 + and terms, respectively. These are abstract datatypes that
18.609 + guarantee that its values have passed the full well-formedness (and
18.610 + well-typedness) checks, relative to the declarations of type
18.611 + constructors, constants etc. in the theory.
18.612 +
18.613 + \item \verb|ctyp_of|~\isa{thy\ {\isasymtau}} and \verb|cterm_of|~\isa{thy\ t} explicitly checks types and terms, respectively. This also
18.614 + involves some basic normalizations, such expansion of type and term
18.615 + abbreviations from the theory context.
18.616 +
18.617 + Re-certification is relatively slow and should be avoided in tight
18.618 + reasoning loops. There are separate operations to decompose
18.619 + certified entities (including actual theorems).
18.620 +
18.621 + \item \verb|thm| represents proven propositions. This is an
18.622 + abstract datatype that guarantees that its values have been
18.623 + constructed by basic principles of the \verb|Thm| module.
18.624 + Every \verb|thm| value contains a sliding back-reference to the
18.625 + enclosing theory, cf.\ \secref{sec:context-theory}.
18.626 +
18.627 + \item \verb|proofs| determines the detail of proof recording within
18.628 + \verb|thm| values: \verb|0| records only oracles, \verb|1| records
18.629 + oracles, axioms and named theorems, \verb|2| records full proof
18.630 + terms.
18.631 +
18.632 + \item \verb|Thm.assume|, \verb|Thm.forall_intr|, \verb|Thm.forall_elim|, \verb|Thm.implies_intr|, and \verb|Thm.implies_elim|
18.633 + correspond to the primitive inferences of \figref{fig:prim-rules}.
18.634 +
18.635 + \item \verb|Thm.generalize|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharcomma}\ \isactrlvec x{\isacharparenright}}
18.636 + corresponds to the \isa{generalize} rules of
18.637 + \figref{fig:subst-rules}. Here collections of type and term
18.638 + variables are generalized simultaneously, specified by the given
18.639 + basic names.
18.640 +
18.641 + \item \verb|Thm.instantiate|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}\isactrlisub s{\isacharcomma}\ \isactrlvec x\isactrlisub {\isasymtau}{\isacharparenright}} corresponds to the \isa{instantiate} rules
18.642 + of \figref{fig:subst-rules}. Type variables are substituted before
18.643 + term variables. Note that the types in \isa{\isactrlvec x\isactrlisub {\isasymtau}}
18.644 + refer to the instantiated versions.
18.645 +
18.646 + \item \verb|Thm.axiom|~\isa{thy\ name} retrieves a named
18.647 + axiom, cf.\ \isa{axiom} in \figref{fig:prim-rules}.
18.648 +
18.649 + \item \verb|Thm.add_oracle|~\isa{{\isacharparenleft}name{\isacharcomma}\ oracle{\isacharparenright}} produces a named
18.650 + oracle rule, essentially generating arbitrary axioms on the fly,
18.651 + cf.\ \isa{axiom} in \figref{fig:prim-rules}.
18.652 +
18.653 + \item \verb|Theory.add_axioms_i|~\isa{{\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ A{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares
18.654 + arbitrary propositions as axioms.
18.655 +
18.656 + \item \verb|Theory.add_deps|~\isa{name\ c\isactrlisub {\isasymtau}\ \isactrlvec d\isactrlisub {\isasymsigma}} declares dependencies of a named specification
18.657 + for constant \isa{c\isactrlisub {\isasymtau}}, relative to existing
18.658 + specifications for constants \isa{\isactrlvec d\isactrlisub {\isasymsigma}}.
18.659 +
18.660 + \item \verb|Theory.add_defs_i|~\isa{unchecked\ overloaded\ {\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ c\ \isactrlvec x\ {\isasymequiv}\ t{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} states a definitional axiom for an existing
18.661 + constant \isa{c}. Dependencies are recorded (cf.\ \verb|Theory.add_deps|), unless the \isa{unchecked} option is set.
18.662 +
18.663 + \end{description}%
18.664 +\end{isamarkuptext}%
18.665 +\isamarkuptrue%
18.666 +%
18.667 +\endisatagmlref
18.668 +{\isafoldmlref}%
18.669 +%
18.670 +\isadelimmlref
18.671 +%
18.672 +\endisadelimmlref
18.673 +%
18.674 +\isamarkupsubsection{Auxiliary definitions%
18.675 +}
18.676 +\isamarkuptrue%
18.677 +%
18.678 +\begin{isamarkuptext}%
18.679 +Theory \isa{Pure} provides a few auxiliary definitions, see
18.680 + \figref{fig:pure-aux}. These special constants are normally not
18.681 + exposed to the user, but appear in internal encodings.
18.682 +
18.683 + \begin{figure}[htb]
18.684 + \begin{center}
18.685 + \begin{tabular}{ll}
18.686 + \isa{conjunction\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & (infix \isa{{\isacharampersand}}) \\
18.687 + \isa{{\isasymturnstile}\ A\ {\isacharampersand}\ B\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}C{\isachardot}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ C{\isacharparenright}\ {\isasymLongrightarrow}\ C{\isacharparenright}} \\[1ex]
18.688 + \isa{prop\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop} & (prefix \isa{{\isacharhash}}, suppressed) \\
18.689 + \isa{{\isacharhash}A\ {\isasymequiv}\ A} \\[1ex]
18.690 + \isa{term\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & (prefix \isa{TERM}) \\
18.691 + \isa{term\ x\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}A{\isachardot}\ A\ {\isasymLongrightarrow}\ A{\isacharparenright}} \\[1ex]
18.692 + \isa{TYPE\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself} & (prefix \isa{TYPE}) \\
18.693 + \isa{{\isacharparenleft}unspecified{\isacharparenright}} \\
18.694 + \end{tabular}
18.695 + \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
18.696 + \end{center}
18.697 + \end{figure}
18.698 +
18.699 + Derived conjunction rules include introduction \isa{A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ A\ {\isacharampersand}\ B}, and destructions \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ A} and \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ B}.
18.700 + Conjunction allows to treat simultaneous assumptions and conclusions
18.701 + uniformly. For example, multiple claims are intermediately
18.702 + represented as explicit conjunction, but this is refined into
18.703 + separate sub-goals before the user continues the proof; the final
18.704 + result is projected into a list of theorems (cf.\
18.705 + \secref{sec:tactical-goals}).
18.706 +
18.707 + The \isa{prop} marker (\isa{{\isacharhash}}) makes arbitrarily complex
18.708 + propositions appear as atomic, without changing the meaning: \isa{{\isasymGamma}\ {\isasymturnstile}\ A} and \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isacharhash}A} are interchangeable. See
18.709 + \secref{sec:tactical-goals} for specific operations.
18.710 +
18.711 + The \isa{term} marker turns any well-typed term into a derivable
18.712 + proposition: \isa{{\isasymturnstile}\ TERM\ t} holds unconditionally. Although
18.713 + this is logically vacuous, it allows to treat terms and proofs
18.714 + uniformly, similar to a type-theoretic framework.
18.715 +
18.716 + The \isa{TYPE} constructor is the canonical representative of
18.717 + the unspecified type \isa{{\isasymalpha}\ itself}; it essentially injects the
18.718 + language of types into that of terms. There is specific notation
18.719 + \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} for \isa{TYPE\isactrlbsub {\isasymtau}\ itself\isactrlesub }.
18.720 + Although being devoid of any particular meaning, the \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} accounts for the type \isa{{\isasymtau}} within the term
18.721 + language. In particular, \isa{TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}} may be used as formal
18.722 + argument in primitive definitions, in order to circumvent hidden
18.723 + polymorphism (cf.\ \secref{sec:terms}). For example, \isa{c\ TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}\ {\isasymequiv}\ A{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} defines \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself\ {\isasymRightarrow}\ prop} in terms of
18.724 + a proposition \isa{A} that depends on an additional type
18.725 + argument, which is essentially a predicate on types.%
18.726 +\end{isamarkuptext}%
18.727 +\isamarkuptrue%
18.728 +%
18.729 +\isadelimmlref
18.730 +%
18.731 +\endisadelimmlref
18.732 +%
18.733 +\isatagmlref
18.734 +%
18.735 +\begin{isamarkuptext}%
18.736 +\begin{mldecls}
18.737 + \indexml{Conjunction.intr}\verb|Conjunction.intr: thm -> thm -> thm| \\
18.738 + \indexml{Conjunction.elim}\verb|Conjunction.elim: thm -> thm * thm| \\
18.739 + \indexml{Drule.mk\_term}\verb|Drule.mk_term: cterm -> thm| \\
18.740 + \indexml{Drule.dest\_term}\verb|Drule.dest_term: thm -> cterm| \\
18.741 + \indexml{Logic.mk\_type}\verb|Logic.mk_type: typ -> term| \\
18.742 + \indexml{Logic.dest\_type}\verb|Logic.dest_type: term -> typ| \\
18.743 + \end{mldecls}
18.744 +
18.745 + \begin{description}
18.746 +
18.747 + \item \verb|Conjunction.intr| derives \isa{A\ {\isacharampersand}\ B} from \isa{A} and \isa{B}.
18.748 +
18.749 + \item \verb|Conjunction.elim| derives \isa{A} and \isa{B}
18.750 + from \isa{A\ {\isacharampersand}\ B}.
18.751 +
18.752 + \item \verb|Drule.mk_term| derives \isa{TERM\ t}.
18.753 +
18.754 + \item \verb|Drule.dest_term| recovers term \isa{t} from \isa{TERM\ t}.
18.755 +
18.756 + \item \verb|Logic.mk_type|~\isa{{\isasymtau}} produces the term \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}}.
18.757 +
18.758 + \item \verb|Logic.dest_type|~\isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} recovers the type
18.759 + \isa{{\isasymtau}}.
18.760 +
18.761 + \end{description}%
18.762 +\end{isamarkuptext}%
18.763 +\isamarkuptrue%
18.764 +%
18.765 +\endisatagmlref
18.766 +{\isafoldmlref}%
18.767 +%
18.768 +\isadelimmlref
18.769 +%
18.770 +\endisadelimmlref
18.771 +%
18.772 +\isamarkupsection{Object-level rules \label{sec:obj-rules}%
18.773 +}
18.774 +\isamarkuptrue%
18.775 +%
18.776 +\isadelimFIXME
18.777 +%
18.778 +\endisadelimFIXME
18.779 +%
18.780 +\isatagFIXME
18.781 +%
18.782 +\begin{isamarkuptext}%
18.783 +FIXME
18.784 +
18.785 + A \emph{rule} is any Pure theorem in HHF normal form; there is a
18.786 + separate calculus for rule composition, which is modeled after
18.787 + Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows
18.788 + rules to be nested arbitrarily, similar to \cite{extensions91}.
18.789 +
18.790 + Normally, all theorems accessible to the user are proper rules.
18.791 + Low-level inferences are occasional required internally, but the
18.792 + result should be always presented in canonical form. The higher
18.793 + interfaces of Isabelle/Isar will always produce proper rules. It is
18.794 + important to maintain this invariant in add-on applications!
18.795 +
18.796 + There are two main principles of rule composition: \isa{resolution} (i.e.\ backchaining of rules) and \isa{by{\isacharminus}assumption} (i.e.\ closing a branch); both principles are
18.797 + combined in the variants of \isa{elim{\isacharminus}resolution} and \isa{dest{\isacharminus}resolution}. Raw \isa{composition} is occasionally
18.798 + useful as well, also it is strictly speaking outside of the proper
18.799 + rule calculus.
18.800 +
18.801 + Rules are treated modulo general higher-order unification, which is
18.802 + unification modulo the equational theory of \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion
18.803 + on \isa{{\isasymlambda}}-terms. Moreover, propositions are understood modulo
18.804 + the (derived) equivalence \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}.
18.805 +
18.806 + This means that any operations within the rule calculus may be
18.807 + subject to spontaneous \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-HHF conversions. It is common
18.808 + practice not to contract or expand unnecessarily. Some mechanisms
18.809 + prefer an one form, others the opposite, so there is a potential
18.810 + danger to produce some oscillation!
18.811 +
18.812 + Only few operations really work \emph{modulo} HHF conversion, but
18.813 + expect a normal form: quantifiers \isa{{\isasymAnd}} before implications
18.814 + \isa{{\isasymLongrightarrow}} at each level of nesting.
18.815 +
18.816 +\glossary{Hereditary Harrop Formula}{The set of propositions in HHF
18.817 +format is defined inductively as \isa{H\ {\isacharequal}\ {\isacharparenleft}{\isasymAnd}x\isactrlsup {\isacharasterisk}{\isachardot}\ H\isactrlsup {\isacharasterisk}\ {\isasymLongrightarrow}\ A{\isacharparenright}}, for variables \isa{x} and atomic propositions \isa{A}.
18.818 +Any proposition may be put into HHF form by normalizing with the rule
18.819 +\isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}. In Isabelle, the outermost
18.820 +quantifier prefix is represented via \seeglossary{schematic
18.821 +variables}, such that the top-level structure is merely that of a
18.822 +\seeglossary{Horn Clause}}.
18.823 +
18.824 +\glossary{HHF}{See \seeglossary{Hereditary Harrop Formula}.}
18.825 +
18.826 +
18.827 + \[
18.828 + \infer[\isa{{\isacharparenleft}assumption{\isacharparenright}}]{\isa{C{\isasymvartheta}}}
18.829 + {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ A\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} & \isa{A{\isasymvartheta}\ {\isacharequal}\ H\isactrlsub i{\isasymvartheta}}~~\text{(for some~\isa{i})}}
18.830 + \]
18.831 +
18.832 +
18.833 + \[
18.834 + \infer[\isa{{\isacharparenleft}compose{\isacharparenright}}]{\isa{\isactrlvec A{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
18.835 + {\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B} & \isa{B{\isacharprime}\ {\isasymLongrightarrow}\ C} & \isa{B{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}}}
18.836 + \]
18.837 +
18.838 +
18.839 + \[
18.840 + \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}}}{\isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a}}
18.841 + \]
18.842 + \[
18.843 + \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ \isactrlvec A{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ B{\isacharparenright}}}{\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B}}
18.844 + \]
18.845 +
18.846 + The \isa{resolve} scheme is now acquired from \isa{{\isasymAnd}{\isacharunderscore}lift},
18.847 + \isa{{\isasymLongrightarrow}{\isacharunderscore}lift}, and \isa{compose}.
18.848 +
18.849 + \[
18.850 + \infer[\isa{{\isacharparenleft}resolution{\isacharparenright}}]
18.851 + {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
18.852 + {\begin{tabular}{l}
18.853 + \isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a} \\
18.854 + \isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ B{\isacharprime}\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} \\
18.855 + \isa{{\isacharparenleft}{\isasymlambda}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}} \\
18.856 + \end{tabular}}
18.857 + \]
18.858 +
18.859 +
18.860 + FIXME \isa{elim{\isacharunderscore}resolution}, \isa{dest{\isacharunderscore}resolution}%
18.861 +\end{isamarkuptext}%
18.862 +\isamarkuptrue%
18.863 +%
18.864 +\endisatagFIXME
18.865 +{\isafoldFIXME}%
18.866 +%
18.867 +\isadelimFIXME
18.868 +%
18.869 +\endisadelimFIXME
18.870 +%
18.871 +\isadelimtheory
18.872 +%
18.873 +\endisadelimtheory
18.874 +%
18.875 +\isatagtheory
18.876 +\isacommand{end}\isamarkupfalse%
18.877 +%
18.878 +\endisatagtheory
18.879 +{\isafoldtheory}%
18.880 +%
18.881 +\isadelimtheory
18.882 +%
18.883 +\endisadelimtheory
18.884 +\isanewline
18.885 +\end{isabellebody}%
18.886 +%%% Local Variables:
18.887 +%%% mode: latex
18.888 +%%% TeX-master: "root"
18.889 +%%% End:
19.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
19.2 +++ b/doc-src/IsarImplementation/Thy/document/Prelim.tex Mon Feb 16 20:47:44 2009 +0100
19.3 @@ -0,0 +1,911 @@
19.4 +%
19.5 +\begin{isabellebody}%
19.6 +\def\isabellecontext{prelim}%
19.7 +%
19.8 +\isadelimtheory
19.9 +\isanewline
19.10 +\isanewline
19.11 +\isanewline
19.12 +%
19.13 +\endisadelimtheory
19.14 +%
19.15 +\isatagtheory
19.16 +\isacommand{theory}\isamarkupfalse%
19.17 +\ prelim\ \isakeyword{imports}\ base\ \isakeyword{begin}%
19.18 +\endisatagtheory
19.19 +{\isafoldtheory}%
19.20 +%
19.21 +\isadelimtheory
19.22 +%
19.23 +\endisadelimtheory
19.24 +%
19.25 +\isamarkupchapter{Preliminaries%
19.26 +}
19.27 +\isamarkuptrue%
19.28 +%
19.29 +\isamarkupsection{Contexts \label{sec:context}%
19.30 +}
19.31 +\isamarkuptrue%
19.32 +%
19.33 +\begin{isamarkuptext}%
19.34 +A logical context represents the background that is required for
19.35 + formulating statements and composing proofs. It acts as a medium to
19.36 + produce formal content, depending on earlier material (declarations,
19.37 + results etc.).
19.38 +
19.39 + For example, derivations within the Isabelle/Pure logic can be
19.40 + described as a judgment \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}, which means that a
19.41 + proposition \isa{{\isasymphi}} is derivable from hypotheses \isa{{\isasymGamma}}
19.42 + within the theory \isa{{\isasymTheta}}. There are logical reasons for
19.43 + keeping \isa{{\isasymTheta}} and \isa{{\isasymGamma}} separate: theories can be
19.44 + liberal about supporting type constructors and schematic
19.45 + polymorphism of constants and axioms, while the inner calculus of
19.46 + \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}} is strictly limited to Simple Type Theory (with
19.47 + fixed type variables in the assumptions).
19.48 +
19.49 + \medskip Contexts and derivations are linked by the following key
19.50 + principles:
19.51 +
19.52 + \begin{itemize}
19.53 +
19.54 + \item Transfer: monotonicity of derivations admits results to be
19.55 + transferred into a \emph{larger} context, i.e.\ \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}} implies \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\isactrlsub {\isacharprime}\ {\isasymphi}} for contexts \isa{{\isasymTheta}{\isacharprime}\ {\isasymsupseteq}\ {\isasymTheta}} and \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}}.
19.56 +
19.57 + \item Export: discharge of hypotheses admits results to be exported
19.58 + into a \emph{smaller} context, i.e.\ \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}
19.59 + implies \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymDelta}\ {\isasymLongrightarrow}\ {\isasymphi}} where \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}} and
19.60 + \isa{{\isasymDelta}\ {\isacharequal}\ {\isasymGamma}{\isacharprime}\ {\isacharminus}\ {\isasymGamma}}. Note that \isa{{\isasymTheta}} remains unchanged here,
19.61 + only the \isa{{\isasymGamma}} part is affected.
19.62 +
19.63 + \end{itemize}
19.64 +
19.65 + \medskip By modeling the main characteristics of the primitive
19.66 + \isa{{\isasymTheta}} and \isa{{\isasymGamma}} above, and abstracting over any
19.67 + particular logical content, we arrive at the fundamental notions of
19.68 + \emph{theory context} and \emph{proof context} in Isabelle/Isar.
19.69 + These implement a certain policy to manage arbitrary \emph{context
19.70 + data}. There is a strongly-typed mechanism to declare new kinds of
19.71 + data at compile time.
19.72 +
19.73 + The internal bootstrap process of Isabelle/Pure eventually reaches a
19.74 + stage where certain data slots provide the logical content of \isa{{\isasymTheta}} and \isa{{\isasymGamma}} sketched above, but this does not stop there!
19.75 + Various additional data slots support all kinds of mechanisms that
19.76 + are not necessarily part of the core logic.
19.77 +
19.78 + For example, there would be data for canonical introduction and
19.79 + elimination rules for arbitrary operators (depending on the
19.80 + object-logic and application), which enables users to perform
19.81 + standard proof steps implicitly (cf.\ the \isa{rule} method
19.82 + \cite{isabelle-isar-ref}).
19.83 +
19.84 + \medskip Thus Isabelle/Isar is able to bring forth more and more
19.85 + concepts successively. In particular, an object-logic like
19.86 + Isabelle/HOL continues the Isabelle/Pure setup by adding specific
19.87 + components for automated reasoning (classical reasoner, tableau
19.88 + prover, structured induction etc.) and derived specification
19.89 + mechanisms (inductive predicates, recursive functions etc.). All of
19.90 + this is ultimately based on the generic data management by theory
19.91 + and proof contexts introduced here.%
19.92 +\end{isamarkuptext}%
19.93 +\isamarkuptrue%
19.94 +%
19.95 +\isamarkupsubsection{Theory context \label{sec:context-theory}%
19.96 +}
19.97 +\isamarkuptrue%
19.98 +%
19.99 +\begin{isamarkuptext}%
19.100 +\glossary{Theory}{FIXME}
19.101 +
19.102 + A \emph{theory} is a data container with explicit named and unique
19.103 + identifier. Theories are related by a (nominal) sub-theory
19.104 + relation, which corresponds to the dependency graph of the original
19.105 + construction; each theory is derived from a certain sub-graph of
19.106 + ancestor theories.
19.107 +
19.108 + The \isa{merge} operation produces the least upper bound of two
19.109 + theories, which actually degenerates into absorption of one theory
19.110 + into the other (due to the nominal sub-theory relation).
19.111 +
19.112 + The \isa{begin} operation starts a new theory by importing
19.113 + several parent theories and entering a special \isa{draft} mode,
19.114 + which is sustained until the final \isa{end} operation. A draft
19.115 + theory acts like a linear type, where updates invalidate earlier
19.116 + versions. An invalidated draft is called ``stale''.
19.117 +
19.118 + The \isa{checkpoint} operation produces an intermediate stepping
19.119 + stone that will survive the next update: both the original and the
19.120 + changed theory remain valid and are related by the sub-theory
19.121 + relation. Checkpointing essentially recovers purely functional
19.122 + theory values, at the expense of some extra internal bookkeeping.
19.123 +
19.124 + The \isa{copy} operation produces an auxiliary version that has
19.125 + the same data content, but is unrelated to the original: updates of
19.126 + the copy do not affect the original, neither does the sub-theory
19.127 + relation hold.
19.128 +
19.129 + \medskip The example in \figref{fig:ex-theory} below shows a theory
19.130 + graph derived from \isa{Pure}, with theory \isa{Length}
19.131 + importing \isa{Nat} and \isa{List}. The body of \isa{Length} consists of a sequence of updates, working mostly on
19.132 + drafts. Intermediate checkpoints may occur as well, due to the
19.133 + history mechanism provided by the Isar top-level, cf.\
19.134 + \secref{sec:isar-toplevel}.
19.135 +
19.136 + \begin{figure}[htb]
19.137 + \begin{center}
19.138 + \begin{tabular}{rcccl}
19.139 + & & \isa{Pure} \\
19.140 + & & \isa{{\isasymdown}} \\
19.141 + & & \isa{FOL} \\
19.142 + & $\swarrow$ & & $\searrow$ & \\
19.143 + \isa{Nat} & & & & \isa{List} \\
19.144 + & $\searrow$ & & $\swarrow$ \\
19.145 + & & \isa{Length} \\
19.146 + & & \multicolumn{3}{l}{~~\hyperlink{keyword.imports}{\mbox{\isa{\isakeyword{imports}}}}} \\
19.147 + & & \multicolumn{3}{l}{~~\hyperlink{keyword.begin}{\mbox{\isa{\isakeyword{begin}}}}} \\
19.148 + & & $\vdots$~~ \\
19.149 + & & \isa{{\isasymbullet}}~~ \\
19.150 + & & $\vdots$~~ \\
19.151 + & & \isa{{\isasymbullet}}~~ \\
19.152 + & & $\vdots$~~ \\
19.153 + & & \multicolumn{3}{l}{~~\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}} \\
19.154 + \end{tabular}
19.155 + \caption{A theory definition depending on ancestors}\label{fig:ex-theory}
19.156 + \end{center}
19.157 + \end{figure}
19.158 +
19.159 + \medskip There is a separate notion of \emph{theory reference} for
19.160 + maintaining a live link to an evolving theory context: updates on
19.161 + drafts are propagated automatically. Dynamic updating stops after
19.162 + an explicit \isa{end} only.
19.163 +
19.164 + Derived entities may store a theory reference in order to indicate
19.165 + the context they belong to. This implicitly assumes monotonic
19.166 + reasoning, because the referenced context may become larger without
19.167 + further notice.%
19.168 +\end{isamarkuptext}%
19.169 +\isamarkuptrue%
19.170 +%
19.171 +\isadelimmlref
19.172 +%
19.173 +\endisadelimmlref
19.174 +%
19.175 +\isatagmlref
19.176 +%
19.177 +\begin{isamarkuptext}%
19.178 +\begin{mldecls}
19.179 + \indexmltype{theory}\verb|type theory| \\
19.180 + \indexml{Theory.subthy}\verb|Theory.subthy: theory * theory -> bool| \\
19.181 + \indexml{Theory.merge}\verb|Theory.merge: theory * theory -> theory| \\
19.182 + \indexml{Theory.checkpoint}\verb|Theory.checkpoint: theory -> theory| \\
19.183 + \indexml{Theory.copy}\verb|Theory.copy: theory -> theory| \\
19.184 + \end{mldecls}
19.185 + \begin{mldecls}
19.186 + \indexmltype{theory\_ref}\verb|type theory_ref| \\
19.187 + \indexml{Theory.deref}\verb|Theory.deref: theory_ref -> theory| \\
19.188 + \indexml{Theory.check\_thy}\verb|Theory.check_thy: theory -> theory_ref| \\
19.189 + \end{mldecls}
19.190 +
19.191 + \begin{description}
19.192 +
19.193 + \item \verb|theory| represents theory contexts. This is
19.194 + essentially a linear type! Most operations destroy the original
19.195 + version, which then becomes ``stale''.
19.196 +
19.197 + \item \verb|Theory.subthy|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
19.198 + compares theories according to the inherent graph structure of the
19.199 + construction. This sub-theory relation is a nominal approximation
19.200 + of inclusion (\isa{{\isasymsubseteq}}) of the corresponding content.
19.201 +
19.202 + \item \verb|Theory.merge|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
19.203 + absorbs one theory into the other. This fails for unrelated
19.204 + theories!
19.205 +
19.206 + \item \verb|Theory.checkpoint|~\isa{thy} produces a safe
19.207 + stepping stone in the linear development of \isa{thy}. The next
19.208 + update will result in two related, valid theories.
19.209 +
19.210 + \item \verb|Theory.copy|~\isa{thy} produces a variant of \isa{thy} that holds a copy of the same data. The result is not
19.211 + related to the original; the original is unchanched.
19.212 +
19.213 + \item \verb|theory_ref| represents a sliding reference to an
19.214 + always valid theory; updates on the original are propagated
19.215 + automatically.
19.216 +
19.217 + \item \verb|Theory.deref|~\isa{thy{\isacharunderscore}ref} turns a \verb|theory_ref| into an \verb|theory| value. As the referenced
19.218 + theory evolves monotonically over time, later invocations of \verb|Theory.deref| may refer to a larger context.
19.219 +
19.220 + \item \verb|Theory.check_thy|~\isa{thy} produces a \verb|theory_ref| from a valid \verb|theory| value.
19.221 +
19.222 + \end{description}%
19.223 +\end{isamarkuptext}%
19.224 +\isamarkuptrue%
19.225 +%
19.226 +\endisatagmlref
19.227 +{\isafoldmlref}%
19.228 +%
19.229 +\isadelimmlref
19.230 +%
19.231 +\endisadelimmlref
19.232 +%
19.233 +\isamarkupsubsection{Proof context \label{sec:context-proof}%
19.234 +}
19.235 +\isamarkuptrue%
19.236 +%
19.237 +\begin{isamarkuptext}%
19.238 +\glossary{Proof context}{The static context of a structured proof,
19.239 + acts like a local ``theory'' of the current portion of Isar proof
19.240 + text, generalizes the idea of local hypotheses \isa{{\isasymGamma}} in
19.241 + judgments \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}} of natural deduction calculi. There is a
19.242 + generic notion of introducing and discharging hypotheses.
19.243 + Arbritrary auxiliary context data may be adjoined.}
19.244 +
19.245 + A proof context is a container for pure data with a back-reference
19.246 + to the theory it belongs to. The \isa{init} operation creates a
19.247 + proof context from a given theory. Modifications to draft theories
19.248 + are propagated to the proof context as usual, but there is also an
19.249 + explicit \isa{transfer} operation to force resynchronization
19.250 + with more substantial updates to the underlying theory. The actual
19.251 + context data does not require any special bookkeeping, thanks to the
19.252 + lack of destructive features.
19.253 +
19.254 + Entities derived in a proof context need to record inherent logical
19.255 + requirements explicitly, since there is no separate context
19.256 + identification as for theories. For example, hypotheses used in
19.257 + primitive derivations (cf.\ \secref{sec:thms}) are recorded
19.258 + separately within the sequent \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}}, just to make double
19.259 + sure. Results could still leak into an alien proof context do to
19.260 + programming errors, but Isabelle/Isar includes some extra validity
19.261 + checks in critical positions, notably at the end of a sub-proof.
19.262 +
19.263 + Proof contexts may be manipulated arbitrarily, although the common
19.264 + discipline is to follow block structure as a mental model: a given
19.265 + context is extended consecutively, and results are exported back
19.266 + into the original context. Note that the Isar proof states model
19.267 + block-structured reasoning explicitly, using a stack of proof
19.268 + contexts internally, cf.\ \secref{sec:isar-proof-state}.%
19.269 +\end{isamarkuptext}%
19.270 +\isamarkuptrue%
19.271 +%
19.272 +\isadelimmlref
19.273 +%
19.274 +\endisadelimmlref
19.275 +%
19.276 +\isatagmlref
19.277 +%
19.278 +\begin{isamarkuptext}%
19.279 +\begin{mldecls}
19.280 + \indexmltype{Proof.context}\verb|type Proof.context| \\
19.281 + \indexml{ProofContext.init}\verb|ProofContext.init: theory -> Proof.context| \\
19.282 + \indexml{ProofContext.theory\_of}\verb|ProofContext.theory_of: Proof.context -> theory| \\
19.283 + \indexml{ProofContext.transfer}\verb|ProofContext.transfer: theory -> Proof.context -> Proof.context| \\
19.284 + \end{mldecls}
19.285 +
19.286 + \begin{description}
19.287 +
19.288 + \item \verb|Proof.context| represents proof contexts. Elements
19.289 + of this type are essentially pure values, with a sliding reference
19.290 + to the background theory.
19.291 +
19.292 + \item \verb|ProofContext.init|~\isa{thy} produces a proof context
19.293 + derived from \isa{thy}, initializing all data.
19.294 +
19.295 + \item \verb|ProofContext.theory_of|~\isa{ctxt} selects the
19.296 + background theory from \isa{ctxt}, dereferencing its internal
19.297 + \verb|theory_ref|.
19.298 +
19.299 + \item \verb|ProofContext.transfer|~\isa{thy\ ctxt} promotes the
19.300 + background theory of \isa{ctxt} to the super theory \isa{thy}.
19.301 +
19.302 + \end{description}%
19.303 +\end{isamarkuptext}%
19.304 +\isamarkuptrue%
19.305 +%
19.306 +\endisatagmlref
19.307 +{\isafoldmlref}%
19.308 +%
19.309 +\isadelimmlref
19.310 +%
19.311 +\endisadelimmlref
19.312 +%
19.313 +\isamarkupsubsection{Generic contexts \label{sec:generic-context}%
19.314 +}
19.315 +\isamarkuptrue%
19.316 +%
19.317 +\begin{isamarkuptext}%
19.318 +A generic context is the disjoint sum of either a theory or proof
19.319 + context. Occasionally, this enables uniform treatment of generic
19.320 + context data, typically extra-logical information. Operations on
19.321 + generic contexts include the usual injections, partial selections,
19.322 + and combinators for lifting operations on either component of the
19.323 + disjoint sum.
19.324 +
19.325 + Moreover, there are total operations \isa{theory{\isacharunderscore}of} and \isa{proof{\isacharunderscore}of} to convert a generic context into either kind: a theory
19.326 + can always be selected from the sum, while a proof context might
19.327 + have to be constructed by an ad-hoc \isa{init} operation.%
19.328 +\end{isamarkuptext}%
19.329 +\isamarkuptrue%
19.330 +%
19.331 +\isadelimmlref
19.332 +%
19.333 +\endisadelimmlref
19.334 +%
19.335 +\isatagmlref
19.336 +%
19.337 +\begin{isamarkuptext}%
19.338 +\begin{mldecls}
19.339 + \indexmltype{Context.generic}\verb|type Context.generic| \\
19.340 + \indexml{Context.theory\_of}\verb|Context.theory_of: Context.generic -> theory| \\
19.341 + \indexml{Context.proof\_of}\verb|Context.proof_of: Context.generic -> Proof.context| \\
19.342 + \end{mldecls}
19.343 +
19.344 + \begin{description}
19.345 +
19.346 + \item \verb|Context.generic| is the direct sum of \verb|theory| and \verb|Proof.context|, with the datatype
19.347 + constructors \verb|Context.Theory| and \verb|Context.Proof|.
19.348 +
19.349 + \item \verb|Context.theory_of|~\isa{context} always produces a
19.350 + theory from the generic \isa{context}, using \verb|ProofContext.theory_of| as required.
19.351 +
19.352 + \item \verb|Context.proof_of|~\isa{context} always produces a
19.353 + proof context from the generic \isa{context}, using \verb|ProofContext.init| as required (note that this re-initializes the
19.354 + context data with each invocation).
19.355 +
19.356 + \end{description}%
19.357 +\end{isamarkuptext}%
19.358 +\isamarkuptrue%
19.359 +%
19.360 +\endisatagmlref
19.361 +{\isafoldmlref}%
19.362 +%
19.363 +\isadelimmlref
19.364 +%
19.365 +\endisadelimmlref
19.366 +%
19.367 +\isamarkupsubsection{Context data \label{sec:context-data}%
19.368 +}
19.369 +\isamarkuptrue%
19.370 +%
19.371 +\begin{isamarkuptext}%
19.372 +The main purpose of theory and proof contexts is to manage arbitrary
19.373 + data. New data types can be declared incrementally at compile time.
19.374 + There are separate declaration mechanisms for any of the three kinds
19.375 + of contexts: theory, proof, generic.
19.376 +
19.377 + \paragraph{Theory data} may refer to destructive entities, which are
19.378 + maintained in direct correspondence to the linear evolution of
19.379 + theory values, including explicit copies.\footnote{Most existing
19.380 + instances of destructive theory data are merely historical relics
19.381 + (e.g.\ the destructive theorem storage, and destructive hints for
19.382 + the Simplifier and Classical rules).} A theory data declaration
19.383 + needs to implement the following SML signature:
19.384 +
19.385 + \medskip
19.386 + \begin{tabular}{ll}
19.387 + \isa{{\isasymtype}\ T} & representing type \\
19.388 + \isa{{\isasymval}\ empty{\isacharcolon}\ T} & empty default value \\
19.389 + \isa{{\isasymval}\ copy{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & refresh impure data \\
19.390 + \isa{{\isasymval}\ extend{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & re-initialize on import \\
19.391 + \isa{{\isasymval}\ merge{\isacharcolon}\ T\ {\isasymtimes}\ T\ {\isasymrightarrow}\ T} & join on import \\
19.392 + \end{tabular}
19.393 + \medskip
19.394 +
19.395 + \noindent The \isa{empty} value acts as initial default for
19.396 + \emph{any} theory that does not declare actual data content; \isa{copy} maintains persistent integrity for impure data, it is just
19.397 + the identity for pure values; \isa{extend} is acts like a
19.398 + unitary version of \isa{merge}, both operations should also
19.399 + include the functionality of \isa{copy} for impure data.
19.400 +
19.401 + \paragraph{Proof context data} is purely functional. A declaration
19.402 + needs to implement the following SML signature:
19.403 +
19.404 + \medskip
19.405 + \begin{tabular}{ll}
19.406 + \isa{{\isasymtype}\ T} & representing type \\
19.407 + \isa{{\isasymval}\ init{\isacharcolon}\ theory\ {\isasymrightarrow}\ T} & produce initial value \\
19.408 + \end{tabular}
19.409 + \medskip
19.410 +
19.411 + \noindent The \isa{init} operation is supposed to produce a pure
19.412 + value from the given background theory.
19.413 +
19.414 + \paragraph{Generic data} provides a hybrid interface for both theory
19.415 + and proof data. The declaration is essentially the same as for
19.416 + (pure) theory data, without \isa{copy}. The \isa{init}
19.417 + operation for proof contexts merely selects the current data value
19.418 + from the background theory.
19.419 +
19.420 + \bigskip A data declaration of type \isa{T} results in the
19.421 + following interface:
19.422 +
19.423 + \medskip
19.424 + \begin{tabular}{ll}
19.425 + \isa{init{\isacharcolon}\ theory\ {\isasymrightarrow}\ theory} \\
19.426 + \isa{get{\isacharcolon}\ context\ {\isasymrightarrow}\ T} \\
19.427 + \isa{put{\isacharcolon}\ T\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
19.428 + \isa{map{\isacharcolon}\ {\isacharparenleft}T\ {\isasymrightarrow}\ T{\isacharparenright}\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
19.429 + \end{tabular}
19.430 + \medskip
19.431 +
19.432 + \noindent Here \isa{init} is only applicable to impure theory
19.433 + data to install a fresh copy persistently (destructive update on
19.434 + uninitialized has no permanent effect). The other operations provide
19.435 + access for the particular kind of context (theory, proof, or generic
19.436 + context). Note that this is a safe interface: there is no other way
19.437 + to access the corresponding data slot of a context. By keeping
19.438 + these operations private, a component may maintain abstract values
19.439 + authentically, without other components interfering.%
19.440 +\end{isamarkuptext}%
19.441 +\isamarkuptrue%
19.442 +%
19.443 +\isadelimmlref
19.444 +%
19.445 +\endisadelimmlref
19.446 +%
19.447 +\isatagmlref
19.448 +%
19.449 +\begin{isamarkuptext}%
19.450 +\begin{mldecls}
19.451 + \indexmlfunctor{TheoryDataFun}\verb|functor TheoryDataFun| \\
19.452 + \indexmlfunctor{ProofDataFun}\verb|functor ProofDataFun| \\
19.453 + \indexmlfunctor{GenericDataFun}\verb|functor GenericDataFun| \\
19.454 + \end{mldecls}
19.455 +
19.456 + \begin{description}
19.457 +
19.458 + \item \verb|TheoryDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} declares data for
19.459 + type \verb|theory| according to the specification provided as
19.460 + argument structure. The resulting structure provides data init and
19.461 + access operations as described above.
19.462 +
19.463 + \item \verb|ProofDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
19.464 + \verb|TheoryDataFun| for type \verb|Proof.context|.
19.465 +
19.466 + \item \verb|GenericDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
19.467 + \verb|TheoryDataFun| for type \verb|Context.generic|.
19.468 +
19.469 + \end{description}%
19.470 +\end{isamarkuptext}%
19.471 +\isamarkuptrue%
19.472 +%
19.473 +\endisatagmlref
19.474 +{\isafoldmlref}%
19.475 +%
19.476 +\isadelimmlref
19.477 +%
19.478 +\endisadelimmlref
19.479 +%
19.480 +\isamarkupsection{Names \label{sec:names}%
19.481 +}
19.482 +\isamarkuptrue%
19.483 +%
19.484 +\begin{isamarkuptext}%
19.485 +In principle, a name is just a string, but there are various
19.486 + convention for encoding additional structure. For example, ``\isa{Foo{\isachardot}bar{\isachardot}baz}'' is considered as a qualified name consisting of
19.487 + three basic name components. The individual constituents of a name
19.488 + may have further substructure, e.g.\ the string
19.489 + ``\verb,\,\verb,<alpha>,'' encodes as a single symbol.%
19.490 +\end{isamarkuptext}%
19.491 +\isamarkuptrue%
19.492 +%
19.493 +\isamarkupsubsection{Strings of symbols%
19.494 +}
19.495 +\isamarkuptrue%
19.496 +%
19.497 +\begin{isamarkuptext}%
19.498 +\glossary{Symbol}{The smallest unit of text in Isabelle, subsumes
19.499 + plain ASCII characters as well as an infinite collection of named
19.500 + symbols (for greek, math etc.).}
19.501 +
19.502 + A \emph{symbol} constitutes the smallest textual unit in Isabelle
19.503 + --- raw characters are normally not encountered at all. Isabelle
19.504 + strings consist of a sequence of symbols, represented as a packed
19.505 + string or a list of strings. Each symbol is in itself a small
19.506 + string, which has either one of the following forms:
19.507 +
19.508 + \begin{enumerate}
19.509 +
19.510 + \item a single ASCII character ``\isa{c}'', for example
19.511 + ``\verb,a,'',
19.512 +
19.513 + \item a regular symbol ``\verb,\,\verb,<,\isa{ident}\verb,>,'',
19.514 + for example ``\verb,\,\verb,<alpha>,'',
19.515 +
19.516 + \item a control symbol ``\verb,\,\verb,<^,\isa{ident}\verb,>,'',
19.517 + for example ``\verb,\,\verb,<^bold>,'',
19.518 +
19.519 + \item a raw symbol ``\verb,\,\verb,<^raw:,\isa{text}\verb,>,''
19.520 + where \isa{text} constists of printable characters excluding
19.521 + ``\verb,.,'' and ``\verb,>,'', for example
19.522 + ``\verb,\,\verb,<^raw:$\sum_{i = 1}^n$>,'',
19.523 +
19.524 + \item a numbered raw control symbol ``\verb,\,\verb,<^raw,\isa{n}\verb,>, where \isa{n} consists of digits, for example
19.525 + ``\verb,\,\verb,<^raw42>,''.
19.526 +
19.527 + \end{enumerate}
19.528 +
19.529 + \noindent The \isa{ident} syntax for symbol names is \isa{letter\ {\isacharparenleft}letter\ {\isacharbar}\ digit{\isacharparenright}\isactrlsup {\isacharasterisk}}, where \isa{letter\ {\isacharequal}\ A{\isachardot}{\isachardot}Za{\isachardot}{\isachardot}z} and \isa{digit\ {\isacharequal}\ {\isadigit{0}}{\isachardot}{\isachardot}{\isadigit{9}}}. There are infinitely many
19.530 + regular symbols and control symbols, but a fixed collection of
19.531 + standard symbols is treated specifically. For example,
19.532 + ``\verb,\,\verb,<alpha>,'' is classified as a letter, which means it
19.533 + may occur within regular Isabelle identifiers.
19.534 +
19.535 + Since the character set underlying Isabelle symbols is 7-bit ASCII
19.536 + and 8-bit characters are passed through transparently, Isabelle may
19.537 + also process Unicode/UCS data in UTF-8 encoding. Unicode provides
19.538 + its own collection of mathematical symbols, but there is no built-in
19.539 + link to the standard collection of Isabelle.
19.540 +
19.541 + \medskip Output of Isabelle symbols depends on the print mode
19.542 + (\secref{FIXME}). For example, the standard {\LaTeX} setup of the
19.543 + Isabelle document preparation system would present
19.544 + ``\verb,\,\verb,<alpha>,'' as \isa{{\isasymalpha}}, and
19.545 + ``\verb,\,\verb,<^bold>,\verb,\,\verb,<alpha>,'' as \isa{\isactrlbold {\isasymalpha}}.%
19.546 +\end{isamarkuptext}%
19.547 +\isamarkuptrue%
19.548 +%
19.549 +\isadelimmlref
19.550 +%
19.551 +\endisadelimmlref
19.552 +%
19.553 +\isatagmlref
19.554 +%
19.555 +\begin{isamarkuptext}%
19.556 +\begin{mldecls}
19.557 + \indexmltype{Symbol.symbol}\verb|type Symbol.symbol| \\
19.558 + \indexml{Symbol.explode}\verb|Symbol.explode: string -> Symbol.symbol list| \\
19.559 + \indexml{Symbol.is\_letter}\verb|Symbol.is_letter: Symbol.symbol -> bool| \\
19.560 + \indexml{Symbol.is\_digit}\verb|Symbol.is_digit: Symbol.symbol -> bool| \\
19.561 + \indexml{Symbol.is\_quasi}\verb|Symbol.is_quasi: Symbol.symbol -> bool| \\
19.562 + \indexml{Symbol.is\_blank}\verb|Symbol.is_blank: Symbol.symbol -> bool| \\
19.563 + \end{mldecls}
19.564 + \begin{mldecls}
19.565 + \indexmltype{Symbol.sym}\verb|type Symbol.sym| \\
19.566 + \indexml{Symbol.decode}\verb|Symbol.decode: Symbol.symbol -> Symbol.sym| \\
19.567 + \end{mldecls}
19.568 +
19.569 + \begin{description}
19.570 +
19.571 + \item \verb|Symbol.symbol| represents individual Isabelle
19.572 + symbols; this is an alias for \verb|string|.
19.573 +
19.574 + \item \verb|Symbol.explode|~\isa{str} produces a symbol list
19.575 + from the packed form. This function supercedes \verb|String.explode| for virtually all purposes of manipulating text in
19.576 + Isabelle!
19.577 +
19.578 + \item \verb|Symbol.is_letter|, \verb|Symbol.is_digit|, \verb|Symbol.is_quasi|, \verb|Symbol.is_blank| classify standard
19.579 + symbols according to fixed syntactic conventions of Isabelle, cf.\
19.580 + \cite{isabelle-isar-ref}.
19.581 +
19.582 + \item \verb|Symbol.sym| is a concrete datatype that represents
19.583 + the different kinds of symbols explicitly, with constructors \verb|Symbol.Char|, \verb|Symbol.Sym|, \verb|Symbol.Ctrl|, \verb|Symbol.Raw|.
19.584 +
19.585 + \item \verb|Symbol.decode| converts the string representation of a
19.586 + symbol into the datatype version.
19.587 +
19.588 + \end{description}%
19.589 +\end{isamarkuptext}%
19.590 +\isamarkuptrue%
19.591 +%
19.592 +\endisatagmlref
19.593 +{\isafoldmlref}%
19.594 +%
19.595 +\isadelimmlref
19.596 +%
19.597 +\endisadelimmlref
19.598 +%
19.599 +\isamarkupsubsection{Basic names \label{sec:basic-names}%
19.600 +}
19.601 +\isamarkuptrue%
19.602 +%
19.603 +\begin{isamarkuptext}%
19.604 +A \emph{basic name} essentially consists of a single Isabelle
19.605 + identifier. There are conventions to mark separate classes of basic
19.606 + names, by attaching a suffix of underscores (\isa{{\isacharunderscore}}): one
19.607 + underscore means \emph{internal name}, two underscores means
19.608 + \emph{Skolem name}, three underscores means \emph{internal Skolem
19.609 + name}.
19.610 +
19.611 + For example, the basic name \isa{foo} has the internal version
19.612 + \isa{foo{\isacharunderscore}}, with Skolem versions \isa{foo{\isacharunderscore}{\isacharunderscore}} and \isa{foo{\isacharunderscore}{\isacharunderscore}{\isacharunderscore}}, respectively.
19.613 +
19.614 + These special versions provide copies of the basic name space, apart
19.615 + from anything that normally appears in the user text. For example,
19.616 + system generated variables in Isar proof contexts are usually marked
19.617 + as internal, which prevents mysterious name references like \isa{xaa} to appear in the text.
19.618 +
19.619 + \medskip Manipulating binding scopes often requires on-the-fly
19.620 + renamings. A \emph{name context} contains a collection of already
19.621 + used names. The \isa{declare} operation adds names to the
19.622 + context.
19.623 +
19.624 + The \isa{invents} operation derives a number of fresh names from
19.625 + a given starting point. For example, the first three names derived
19.626 + from \isa{a} are \isa{a}, \isa{b}, \isa{c}.
19.627 +
19.628 + The \isa{variants} operation produces fresh names by
19.629 + incrementing tentative names as base-26 numbers (with digits \isa{a{\isachardot}{\isachardot}z}) until all clashes are resolved. For example, name \isa{foo} results in variants \isa{fooa}, \isa{foob}, \isa{fooc}, \dots, \isa{fooaa}, \isa{fooab} etc.; each renaming
19.630 + step picks the next unused variant from this sequence.%
19.631 +\end{isamarkuptext}%
19.632 +\isamarkuptrue%
19.633 +%
19.634 +\isadelimmlref
19.635 +%
19.636 +\endisadelimmlref
19.637 +%
19.638 +\isatagmlref
19.639 +%
19.640 +\begin{isamarkuptext}%
19.641 +\begin{mldecls}
19.642 + \indexml{Name.internal}\verb|Name.internal: string -> string| \\
19.643 + \indexml{Name.skolem}\verb|Name.skolem: string -> string| \\
19.644 + \end{mldecls}
19.645 + \begin{mldecls}
19.646 + \indexmltype{Name.context}\verb|type Name.context| \\
19.647 + \indexml{Name.context}\verb|Name.context: Name.context| \\
19.648 + \indexml{Name.declare}\verb|Name.declare: string -> Name.context -> Name.context| \\
19.649 + \indexml{Name.invents}\verb|Name.invents: Name.context -> string -> int -> string list| \\
19.650 + \indexml{Name.variants}\verb|Name.variants: string list -> Name.context -> string list * Name.context| \\
19.651 + \end{mldecls}
19.652 +
19.653 + \begin{description}
19.654 +
19.655 + \item \verb|Name.internal|~\isa{name} produces an internal name
19.656 + by adding one underscore.
19.657 +
19.658 + \item \verb|Name.skolem|~\isa{name} produces a Skolem name by
19.659 + adding two underscores.
19.660 +
19.661 + \item \verb|Name.context| represents the context of already used
19.662 + names; the initial value is \verb|Name.context|.
19.663 +
19.664 + \item \verb|Name.declare|~\isa{name} enters a used name into the
19.665 + context.
19.666 +
19.667 + \item \verb|Name.invents|~\isa{context\ name\ n} produces \isa{n} fresh names derived from \isa{name}.
19.668 +
19.669 + \item \verb|Name.variants|~\isa{names\ context} produces fresh
19.670 + varians of \isa{names}; the result is entered into the context.
19.671 +
19.672 + \end{description}%
19.673 +\end{isamarkuptext}%
19.674 +\isamarkuptrue%
19.675 +%
19.676 +\endisatagmlref
19.677 +{\isafoldmlref}%
19.678 +%
19.679 +\isadelimmlref
19.680 +%
19.681 +\endisadelimmlref
19.682 +%
19.683 +\isamarkupsubsection{Indexed names%
19.684 +}
19.685 +\isamarkuptrue%
19.686 +%
19.687 +\begin{isamarkuptext}%
19.688 +An \emph{indexed name} (or \isa{indexname}) is a pair of a basic
19.689 + name and a natural number. This representation allows efficient
19.690 + renaming by incrementing the second component only. The canonical
19.691 + way to rename two collections of indexnames apart from each other is
19.692 + this: determine the maximum index \isa{maxidx} of the first
19.693 + collection, then increment all indexes of the second collection by
19.694 + \isa{maxidx\ {\isacharplus}\ {\isadigit{1}}}; the maximum index of an empty collection is
19.695 + \isa{{\isacharminus}{\isadigit{1}}}.
19.696 +
19.697 + Occasionally, basic names and indexed names are injected into the
19.698 + same pair type: the (improper) indexname \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}} is used
19.699 + to encode basic names.
19.700 +
19.701 + \medskip Isabelle syntax observes the following rules for
19.702 + representing an indexname \isa{{\isacharparenleft}x{\isacharcomma}\ i{\isacharparenright}} as a packed string:
19.703 +
19.704 + \begin{itemize}
19.705 +
19.706 + \item \isa{{\isacharquery}x} if \isa{x} does not end with a digit and \isa{i\ {\isacharequal}\ {\isadigit{0}}},
19.707 +
19.708 + \item \isa{{\isacharquery}xi} if \isa{x} does not end with a digit,
19.709 +
19.710 + \item \isa{{\isacharquery}x{\isachardot}i} otherwise.
19.711 +
19.712 + \end{itemize}
19.713 +
19.714 + Indexnames may acquire large index numbers over time. Results are
19.715 + normalized towards \isa{{\isadigit{0}}} at certain checkpoints, notably at
19.716 + the end of a proof. This works by producing variants of the
19.717 + corresponding basic name components. For example, the collection
19.718 + \isa{{\isacharquery}x{\isadigit{1}}{\isacharcomma}\ {\isacharquery}x{\isadigit{7}}{\isacharcomma}\ {\isacharquery}x{\isadigit{4}}{\isadigit{2}}} becomes \isa{{\isacharquery}x{\isacharcomma}\ {\isacharquery}xa{\isacharcomma}\ {\isacharquery}xb}.%
19.719 +\end{isamarkuptext}%
19.720 +\isamarkuptrue%
19.721 +%
19.722 +\isadelimmlref
19.723 +%
19.724 +\endisadelimmlref
19.725 +%
19.726 +\isatagmlref
19.727 +%
19.728 +\begin{isamarkuptext}%
19.729 +\begin{mldecls}
19.730 + \indexmltype{indexname}\verb|type indexname| \\
19.731 + \end{mldecls}
19.732 +
19.733 + \begin{description}
19.734 +
19.735 + \item \verb|indexname| represents indexed names. This is an
19.736 + abbreviation for \verb|string * int|. The second component is
19.737 + usually non-negative, except for situations where \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}}
19.738 + is used to embed basic names into this type.
19.739 +
19.740 + \end{description}%
19.741 +\end{isamarkuptext}%
19.742 +\isamarkuptrue%
19.743 +%
19.744 +\endisatagmlref
19.745 +{\isafoldmlref}%
19.746 +%
19.747 +\isadelimmlref
19.748 +%
19.749 +\endisadelimmlref
19.750 +%
19.751 +\isamarkupsubsection{Qualified names and name spaces%
19.752 +}
19.753 +\isamarkuptrue%
19.754 +%
19.755 +\begin{isamarkuptext}%
19.756 +A \emph{qualified name} consists of a non-empty sequence of basic
19.757 + name components. The packed representation uses a dot as separator,
19.758 + as in ``\isa{A{\isachardot}b{\isachardot}c}''. The last component is called \emph{base}
19.759 + name, the remaining prefix \emph{qualifier} (which may be empty).
19.760 + The idea of qualified names is to encode nested structures by
19.761 + recording the access paths as qualifiers. For example, an item
19.762 + named ``\isa{A{\isachardot}b{\isachardot}c}'' may be understood as a local entity \isa{c}, within a local structure \isa{b}, within a global
19.763 + structure \isa{A}. Typically, name space hierarchies consist of
19.764 + 1--2 levels of qualification, but this need not be always so.
19.765 +
19.766 + The empty name is commonly used as an indication of unnamed
19.767 + entities, whenever this makes any sense. The basic operations on
19.768 + qualified names are smart enough to pass through such improper names
19.769 + unchanged.
19.770 +
19.771 + \medskip A \isa{naming} policy tells how to turn a name
19.772 + specification into a fully qualified internal name (by the \isa{full} operation), and how fully qualified names may be accessed
19.773 + externally. For example, the default naming policy is to prefix an
19.774 + implicit path: \isa{full\ x} produces \isa{path{\isachardot}x}, and the
19.775 + standard accesses for \isa{path{\isachardot}x} include both \isa{x} and
19.776 + \isa{path{\isachardot}x}. Normally, the naming is implicit in the theory or
19.777 + proof context; there are separate versions of the corresponding.
19.778 +
19.779 + \medskip A \isa{name\ space} manages a collection of fully
19.780 + internalized names, together with a mapping between external names
19.781 + and internal names (in both directions). The corresponding \isa{intern} and \isa{extern} operations are mostly used for
19.782 + parsing and printing only! The \isa{declare} operation augments
19.783 + a name space according to the accesses determined by the naming
19.784 + policy.
19.785 +
19.786 + \medskip As a general principle, there is a separate name space for
19.787 + each kind of formal entity, e.g.\ logical constant, type
19.788 + constructor, type class, theorem. It is usually clear from the
19.789 + occurrence in concrete syntax (or from the scope) which kind of
19.790 + entity a name refers to. For example, the very same name \isa{c} may be used uniformly for a constant, type constructor, and
19.791 + type class.
19.792 +
19.793 + There are common schemes to name theorems systematically, according
19.794 + to the name of the main logical entity involved, e.g.\ \isa{c{\isachardot}intro} for a canonical theorem related to constant \isa{c}.
19.795 + This technique of mapping names from one space into another requires
19.796 + some care in order to avoid conflicts. In particular, theorem names
19.797 + derived from a type constructor or type class are better suffixed in
19.798 + addition to the usual qualification, e.g.\ \isa{c{\isacharunderscore}type{\isachardot}intro}
19.799 + and \isa{c{\isacharunderscore}class{\isachardot}intro} for theorems related to type \isa{c}
19.800 + and class \isa{c}, respectively.%
19.801 +\end{isamarkuptext}%
19.802 +\isamarkuptrue%
19.803 +%
19.804 +\isadelimmlref
19.805 +%
19.806 +\endisadelimmlref
19.807 +%
19.808 +\isatagmlref
19.809 +%
19.810 +\begin{isamarkuptext}%
19.811 +\begin{mldecls}
19.812 + \indexml{NameSpace.base}\verb|NameSpace.base: string -> string| \\
19.813 + \indexml{NameSpace.qualifier}\verb|NameSpace.qualifier: string -> string| \\
19.814 + \indexml{NameSpace.append}\verb|NameSpace.append: string -> string -> string| \\
19.815 + \indexml{NameSpace.implode}\verb|NameSpace.implode: string list -> string| \\
19.816 + \indexml{NameSpace.explode}\verb|NameSpace.explode: string -> string list| \\
19.817 + \end{mldecls}
19.818 + \begin{mldecls}
19.819 + \indexmltype{NameSpace.naming}\verb|type NameSpace.naming| \\
19.820 + \indexml{NameSpace.default\_naming}\verb|NameSpace.default_naming: NameSpace.naming| \\
19.821 + \indexml{NameSpace.add\_path}\verb|NameSpace.add_path: string -> NameSpace.naming -> NameSpace.naming| \\
19.822 + \indexml{NameSpace.full\_name}\verb|NameSpace.full_name: NameSpace.naming -> binding -> string| \\
19.823 + \end{mldecls}
19.824 + \begin{mldecls}
19.825 + \indexmltype{NameSpace.T}\verb|type NameSpace.T| \\
19.826 + \indexml{NameSpace.empty}\verb|NameSpace.empty: NameSpace.T| \\
19.827 + \indexml{NameSpace.merge}\verb|NameSpace.merge: NameSpace.T * NameSpace.T -> NameSpace.T| \\
19.828 + \indexml{NameSpace.declare}\verb|NameSpace.declare: NameSpace.naming -> binding -> NameSpace.T -> string * NameSpace.T| \\
19.829 + \indexml{NameSpace.intern}\verb|NameSpace.intern: NameSpace.T -> string -> string| \\
19.830 + \indexml{NameSpace.extern}\verb|NameSpace.extern: NameSpace.T -> string -> string| \\
19.831 + \end{mldecls}
19.832 +
19.833 + \begin{description}
19.834 +
19.835 + \item \verb|NameSpace.base|~\isa{name} returns the base name of a
19.836 + qualified name.
19.837 +
19.838 + \item \verb|NameSpace.qualifier|~\isa{name} returns the qualifier
19.839 + of a qualified name.
19.840 +
19.841 + \item \verb|NameSpace.append|~\isa{name\isactrlisub {\isadigit{1}}\ name\isactrlisub {\isadigit{2}}}
19.842 + appends two qualified names.
19.843 +
19.844 + \item \verb|NameSpace.implode|~\isa{name} and \verb|NameSpace.explode|~\isa{names} convert between the packed string
19.845 + representation and the explicit list form of qualified names.
19.846 +
19.847 + \item \verb|NameSpace.naming| represents the abstract concept of
19.848 + a naming policy.
19.849 +
19.850 + \item \verb|NameSpace.default_naming| is the default naming policy.
19.851 + In a theory context, this is usually augmented by a path prefix
19.852 + consisting of the theory name.
19.853 +
19.854 + \item \verb|NameSpace.add_path|~\isa{path\ naming} augments the
19.855 + naming policy by extending its path component.
19.856 +
19.857 + \item \verb|NameSpace.full_name|\isa{naming\ binding} turns a name
19.858 + binding (usually a basic name) into the fully qualified
19.859 + internal name, according to the given naming policy.
19.860 +
19.861 + \item \verb|NameSpace.T| represents name spaces.
19.862 +
19.863 + \item \verb|NameSpace.empty| and \verb|NameSpace.merge|~\isa{{\isacharparenleft}space\isactrlisub {\isadigit{1}}{\isacharcomma}\ space\isactrlisub {\isadigit{2}}{\isacharparenright}} are the canonical operations for
19.864 + maintaining name spaces according to theory data management
19.865 + (\secref{sec:context-data}).
19.866 +
19.867 + \item \verb|NameSpace.declare|~\isa{naming\ bindings\ space} enters a
19.868 + name binding as fully qualified internal name into the name space,
19.869 + with external accesses determined by the naming policy.
19.870 +
19.871 + \item \verb|NameSpace.intern|~\isa{space\ name} internalizes a
19.872 + (partially qualified) external name.
19.873 +
19.874 + This operation is mostly for parsing! Note that fully qualified
19.875 + names stemming from declarations are produced via \verb|NameSpace.full_name| and \verb|NameSpace.declare|
19.876 + (or their derivatives for \verb|theory| and
19.877 + \verb|Proof.context|).
19.878 +
19.879 + \item \verb|NameSpace.extern|~\isa{space\ name} externalizes a
19.880 + (fully qualified) internal name.
19.881 +
19.882 + This operation is mostly for printing! Note unqualified names are
19.883 + produced via \verb|NameSpace.base|.
19.884 +
19.885 + \end{description}%
19.886 +\end{isamarkuptext}%
19.887 +\isamarkuptrue%
19.888 +%
19.889 +\endisatagmlref
19.890 +{\isafoldmlref}%
19.891 +%
19.892 +\isadelimmlref
19.893 +%
19.894 +\endisadelimmlref
19.895 +%
19.896 +\isadelimtheory
19.897 +%
19.898 +\endisadelimtheory
19.899 +%
19.900 +\isatagtheory
19.901 +\isacommand{end}\isamarkupfalse%
19.902 +%
19.903 +\endisatagtheory
19.904 +{\isafoldtheory}%
19.905 +%
19.906 +\isadelimtheory
19.907 +%
19.908 +\endisadelimtheory
19.909 +\isanewline
19.910 +\end{isabellebody}%
19.911 +%%% Local Variables:
19.912 +%%% mode: latex
19.913 +%%% TeX-master: "root"
19.914 +%%% End:
20.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
20.2 +++ b/doc-src/IsarImplementation/Thy/document/Proof.tex Mon Feb 16 20:47:44 2009 +0100
20.3 @@ -0,0 +1,396 @@
20.4 +%
20.5 +\begin{isabellebody}%
20.6 +\def\isabellecontext{proof}%
20.7 +%
20.8 +\isadelimtheory
20.9 +\isanewline
20.10 +\isanewline
20.11 +\isanewline
20.12 +%
20.13 +\endisadelimtheory
20.14 +%
20.15 +\isatagtheory
20.16 +\isacommand{theory}\isamarkupfalse%
20.17 +\ {\isachardoublequoteopen}proof{\isachardoublequoteclose}\ \isakeyword{imports}\ base\ \isakeyword{begin}%
20.18 +\endisatagtheory
20.19 +{\isafoldtheory}%
20.20 +%
20.21 +\isadelimtheory
20.22 +%
20.23 +\endisadelimtheory
20.24 +%
20.25 +\isamarkupchapter{Structured proofs%
20.26 +}
20.27 +\isamarkuptrue%
20.28 +%
20.29 +\isamarkupsection{Variables \label{sec:variables}%
20.30 +}
20.31 +\isamarkuptrue%
20.32 +%
20.33 +\begin{isamarkuptext}%
20.34 +Any variable that is not explicitly bound by \isa{{\isasymlambda}}-abstraction
20.35 + is considered as ``free''. Logically, free variables act like
20.36 + outermost universal quantification at the sequent level: \isa{A\isactrlisub {\isadigit{1}}{\isacharparenleft}x{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n{\isacharparenleft}x{\isacharparenright}\ {\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} means that the result
20.37 + holds \emph{for all} values of \isa{x}. Free variables for
20.38 + terms (not types) can be fully internalized into the logic: \isa{{\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} and \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} are interchangeable, provided
20.39 + that \isa{x} does not occur elsewhere in the context.
20.40 + Inspecting \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} more closely, we see that inside the
20.41 + quantifier, \isa{x} is essentially ``arbitrary, but fixed'',
20.42 + while from outside it appears as a place-holder for instantiation
20.43 + (thanks to \isa{{\isasymAnd}} elimination).
20.44 +
20.45 + The Pure logic represents the idea of variables being either inside
20.46 + or outside the current scope by providing separate syntactic
20.47 + categories for \emph{fixed variables} (e.g.\ \isa{x}) vs.\
20.48 + \emph{schematic variables} (e.g.\ \isa{{\isacharquery}x}). Incidently, a
20.49 + universal result \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} has the HHF normal form \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}x{\isacharparenright}}, which represents its generality nicely without requiring
20.50 + an explicit quantifier. The same principle works for type
20.51 + variables: \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}{\isasymalpha}{\isacharparenright}} represents the idea of ``\isa{{\isasymturnstile}\ {\isasymforall}{\isasymalpha}{\isachardot}\ B{\isacharparenleft}{\isasymalpha}{\isacharparenright}}'' without demanding a truly polymorphic framework.
20.52 +
20.53 + \medskip Additional care is required to treat type variables in a
20.54 + way that facilitates type-inference. In principle, term variables
20.55 + depend on type variables, which means that type variables would have
20.56 + to be declared first. For example, a raw type-theoretic framework
20.57 + would demand the context to be constructed in stages as follows:
20.58 + \isa{{\isasymGamma}\ {\isacharequal}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ x{\isacharcolon}\ {\isasymalpha}{\isacharcomma}\ a{\isacharcolon}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}.
20.59 +
20.60 + We allow a slightly less formalistic mode of operation: term
20.61 + variables \isa{x} are fixed without specifying a type yet
20.62 + (essentially \emph{all} potential occurrences of some instance
20.63 + \isa{x\isactrlisub {\isasymtau}} are fixed); the first occurrence of \isa{x}
20.64 + within a specific term assigns its most general type, which is then
20.65 + maintained consistently in the context. The above example becomes
20.66 + \isa{{\isasymGamma}\ {\isacharequal}\ x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}, where type \isa{{\isasymalpha}} is fixed \emph{after} term \isa{x}, and the constraint
20.67 + \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}} is an implicit consequence of the occurrence of
20.68 + \isa{x\isactrlisub {\isasymalpha}} in the subsequent proposition.
20.69 +
20.70 + This twist of dependencies is also accommodated by the reverse
20.71 + operation of exporting results from a context: a type variable
20.72 + \isa{{\isasymalpha}} is considered fixed as long as it occurs in some fixed
20.73 + term variable of the context. For example, exporting \isa{x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} produces in the first step
20.74 + \isa{x{\isacharcolon}\ term\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} for fixed \isa{{\isasymalpha}},
20.75 + and only in the second step \isa{{\isasymturnstile}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}\ {\isacharequal}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}} for schematic \isa{{\isacharquery}x} and \isa{{\isacharquery}{\isasymalpha}}.
20.76 +
20.77 + \medskip The Isabelle/Isar proof context manages the gory details of
20.78 + term vs.\ type variables, with high-level principles for moving the
20.79 + frontier between fixed and schematic variables.
20.80 +
20.81 + The \isa{add{\isacharunderscore}fixes} operation explictly declares fixed
20.82 + variables; the \isa{declare{\isacharunderscore}term} operation absorbs a term into
20.83 + a context by fixing new type variables and adding syntactic
20.84 + constraints.
20.85 +
20.86 + The \isa{export} operation is able to perform the main work of
20.87 + generalizing term and type variables as sketched above, assuming
20.88 + that fixing variables and terms have been declared properly.
20.89 +
20.90 + There \isa{import} operation makes a generalized fact a genuine
20.91 + part of the context, by inventing fixed variables for the schematic
20.92 + ones. The effect can be reversed by using \isa{export} later,
20.93 + potentially with an extended context; the result is equivalent to
20.94 + the original modulo renaming of schematic variables.
20.95 +
20.96 + The \isa{focus} operation provides a variant of \isa{import}
20.97 + for nested propositions (with explicit quantification): \isa{{\isasymAnd}x\isactrlisub {\isadigit{1}}\ {\isasymdots}\ x\isactrlisub n{\isachardot}\ B{\isacharparenleft}x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n{\isacharparenright}} is
20.98 + decomposed by inventing fixed variables \isa{x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n} for the body.%
20.99 +\end{isamarkuptext}%
20.100 +\isamarkuptrue%
20.101 +%
20.102 +\isadelimmlref
20.103 +%
20.104 +\endisadelimmlref
20.105 +%
20.106 +\isatagmlref
20.107 +%
20.108 +\begin{isamarkuptext}%
20.109 +\begin{mldecls}
20.110 + \indexml{Variable.add\_fixes}\verb|Variable.add_fixes: |\isasep\isanewline%
20.111 +\verb| string list -> Proof.context -> string list * Proof.context| \\
20.112 + \indexml{Variable.variant\_fixes}\verb|Variable.variant_fixes: |\isasep\isanewline%
20.113 +\verb| string list -> Proof.context -> string list * Proof.context| \\
20.114 + \indexml{Variable.declare\_term}\verb|Variable.declare_term: term -> Proof.context -> Proof.context| \\
20.115 + \indexml{Variable.declare\_constraints}\verb|Variable.declare_constraints: term -> Proof.context -> Proof.context| \\
20.116 + \indexml{Variable.export}\verb|Variable.export: Proof.context -> Proof.context -> thm list -> thm list| \\
20.117 + \indexml{Variable.polymorphic}\verb|Variable.polymorphic: Proof.context -> term list -> term list| \\
20.118 + \indexml{Variable.import\_thms}\verb|Variable.import_thms: bool -> thm list -> Proof.context ->|\isasep\isanewline%
20.119 +\verb| ((ctyp list * cterm list) * thm list) * Proof.context| \\
20.120 + \indexml{Variable.focus}\verb|Variable.focus: cterm -> Proof.context -> (cterm list * cterm) * Proof.context| \\
20.121 + \end{mldecls}
20.122 +
20.123 + \begin{description}
20.124 +
20.125 + \item \verb|Variable.add_fixes|~\isa{xs\ ctxt} fixes term
20.126 + variables \isa{xs}, returning the resulting internal names. By
20.127 + default, the internal representation coincides with the external
20.128 + one, which also means that the given variables must not be fixed
20.129 + already. There is a different policy within a local proof body: the
20.130 + given names are just hints for newly invented Skolem variables.
20.131 +
20.132 + \item \verb|Variable.variant_fixes| is similar to \verb|Variable.add_fixes|, but always produces fresh variants of the given
20.133 + names.
20.134 +
20.135 + \item \verb|Variable.declare_term|~\isa{t\ ctxt} declares term
20.136 + \isa{t} to belong to the context. This automatically fixes new
20.137 + type variables, but not term variables. Syntactic constraints for
20.138 + type and term variables are declared uniformly, though.
20.139 +
20.140 + \item \verb|Variable.declare_constraints|~\isa{t\ ctxt} declares
20.141 + syntactic constraints from term \isa{t}, without making it part
20.142 + of the context yet.
20.143 +
20.144 + \item \verb|Variable.export|~\isa{inner\ outer\ thms} generalizes
20.145 + fixed type and term variables in \isa{thms} according to the
20.146 + difference of the \isa{inner} and \isa{outer} context,
20.147 + following the principles sketched above.
20.148 +
20.149 + \item \verb|Variable.polymorphic|~\isa{ctxt\ ts} generalizes type
20.150 + variables in \isa{ts} as far as possible, even those occurring
20.151 + in fixed term variables. The default policy of type-inference is to
20.152 + fix newly introduced type variables, which is essentially reversed
20.153 + with \verb|Variable.polymorphic|: here the given terms are detached
20.154 + from the context as far as possible.
20.155 +
20.156 + \item \verb|Variable.import_thms|~\isa{open\ thms\ ctxt} invents fixed
20.157 + type and term variables for the schematic ones occurring in \isa{thms}. The \isa{open} flag indicates whether the fixed names
20.158 + should be accessible to the user, otherwise newly introduced names
20.159 + are marked as ``internal'' (\secref{sec:names}).
20.160 +
20.161 + \item \verb|Variable.focus|~\isa{B} decomposes the outermost \isa{{\isasymAnd}} prefix of proposition \isa{B}.
20.162 +
20.163 + \end{description}%
20.164 +\end{isamarkuptext}%
20.165 +\isamarkuptrue%
20.166 +%
20.167 +\endisatagmlref
20.168 +{\isafoldmlref}%
20.169 +%
20.170 +\isadelimmlref
20.171 +%
20.172 +\endisadelimmlref
20.173 +%
20.174 +\isamarkupsection{Assumptions \label{sec:assumptions}%
20.175 +}
20.176 +\isamarkuptrue%
20.177 +%
20.178 +\begin{isamarkuptext}%
20.179 +An \emph{assumption} is a proposition that it is postulated in the
20.180 + current context. Local conclusions may use assumptions as
20.181 + additional facts, but this imposes implicit hypotheses that weaken
20.182 + the overall statement.
20.183 +
20.184 + Assumptions are restricted to fixed non-schematic statements, i.e.\
20.185 + all generality needs to be expressed by explicit quantifiers.
20.186 + Nevertheless, the result will be in HHF normal form with outermost
20.187 + quantifiers stripped. For example, by assuming \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x} we get \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x\ {\isasymturnstile}\ P\ {\isacharquery}x} for schematic \isa{{\isacharquery}x}
20.188 + of fixed type \isa{{\isasymalpha}}. Local derivations accumulate more and
20.189 + more explicit references to hypotheses: \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} where \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n} needs to
20.190 + be covered by the assumptions of the current context.
20.191 +
20.192 + \medskip The \isa{add{\isacharunderscore}assms} operation augments the context by
20.193 + local assumptions, which are parameterized by an arbitrary \isa{export} rule (see below).
20.194 +
20.195 + The \isa{export} operation moves facts from a (larger) inner
20.196 + context into a (smaller) outer context, by discharging the
20.197 + difference of the assumptions as specified by the associated export
20.198 + rules. Note that the discharged portion is determined by the
20.199 + difference contexts, not the facts being exported! There is a
20.200 + separate flag to indicate a goal context, where the result is meant
20.201 + to refine an enclosing sub-goal of a structured proof state (cf.\
20.202 + \secref{sec:isar-proof-state}).
20.203 +
20.204 + \medskip The most basic export rule discharges assumptions directly
20.205 + by means of the \isa{{\isasymLongrightarrow}} introduction rule:
20.206 + \[
20.207 + \infer[(\isa{{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
20.208 + \]
20.209 +
20.210 + The variant for goal refinements marks the newly introduced
20.211 + premises, which causes the canonical Isar goal refinement scheme to
20.212 + enforce unification with local premises within the goal:
20.213 + \[
20.214 + \infer[(\isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ {\isacharhash}A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
20.215 + \]
20.216 +
20.217 + \medskip Alternative versions of assumptions may perform arbitrary
20.218 + transformations on export, as long as the corresponding portion of
20.219 + hypotheses is removed from the given facts. For example, a local
20.220 + definition works by fixing \isa{x} and assuming \isa{x\ {\isasymequiv}\ t},
20.221 + with the following export rule to reverse the effect:
20.222 + \[
20.223 + \infer[(\isa{{\isasymequiv}{\isacharminus}expand})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ x\ {\isasymequiv}\ t\ {\isasymturnstile}\ B\ t}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B\ x}}
20.224 + \]
20.225 + This works, because the assumption \isa{x\ {\isasymequiv}\ t} was introduced in
20.226 + a context with \isa{x} being fresh, so \isa{x} does not
20.227 + occur in \isa{{\isasymGamma}} here.%
20.228 +\end{isamarkuptext}%
20.229 +\isamarkuptrue%
20.230 +%
20.231 +\isadelimmlref
20.232 +%
20.233 +\endisadelimmlref
20.234 +%
20.235 +\isatagmlref
20.236 +%
20.237 +\begin{isamarkuptext}%
20.238 +\begin{mldecls}
20.239 + \indexmltype{Assumption.export}\verb|type Assumption.export| \\
20.240 + \indexml{Assumption.assume}\verb|Assumption.assume: cterm -> thm| \\
20.241 + \indexml{Assumption.add\_assms}\verb|Assumption.add_assms: Assumption.export ->|\isasep\isanewline%
20.242 +\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
20.243 + \indexml{Assumption.add\_assumes}\verb|Assumption.add_assumes: |\isasep\isanewline%
20.244 +\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
20.245 + \indexml{Assumption.export}\verb|Assumption.export: bool -> Proof.context -> Proof.context -> thm -> thm| \\
20.246 + \end{mldecls}
20.247 +
20.248 + \begin{description}
20.249 +
20.250 + \item \verb|Assumption.export| represents arbitrary export
20.251 + rules, which is any function of type \verb|bool -> cterm list -> thm -> thm|,
20.252 + where the \verb|bool| indicates goal mode, and the \verb|cterm list| the collection of assumptions to be discharged
20.253 + simultaneously.
20.254 +
20.255 + \item \verb|Assumption.assume|~\isa{A} turns proposition \isa{A} into a raw assumption \isa{A\ {\isasymturnstile}\ A{\isacharprime}}, where the conclusion
20.256 + \isa{A{\isacharprime}} is in HHF normal form.
20.257 +
20.258 + \item \verb|Assumption.add_assms|~\isa{r\ As} augments the context
20.259 + by assumptions \isa{As} with export rule \isa{r}. The
20.260 + resulting facts are hypothetical theorems as produced by the raw
20.261 + \verb|Assumption.assume|.
20.262 +
20.263 + \item \verb|Assumption.add_assumes|~\isa{As} is a special case of
20.264 + \verb|Assumption.add_assms| where the export rule performs \isa{{\isasymLongrightarrow}{\isacharunderscore}intro} or \isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro}, depending on goal mode.
20.265 +
20.266 + \item \verb|Assumption.export|~\isa{is{\isacharunderscore}goal\ inner\ outer\ thm}
20.267 + exports result \isa{thm} from the the \isa{inner} context
20.268 + back into the \isa{outer} one; \isa{is{\isacharunderscore}goal\ {\isacharequal}\ true} means
20.269 + this is a goal context. The result is in HHF normal form. Note
20.270 + that \verb|ProofContext.export| combines \verb|Variable.export|
20.271 + and \verb|Assumption.export| in the canonical way.
20.272 +
20.273 + \end{description}%
20.274 +\end{isamarkuptext}%
20.275 +\isamarkuptrue%
20.276 +%
20.277 +\endisatagmlref
20.278 +{\isafoldmlref}%
20.279 +%
20.280 +\isadelimmlref
20.281 +%
20.282 +\endisadelimmlref
20.283 +%
20.284 +\isamarkupsection{Results \label{sec:results}%
20.285 +}
20.286 +\isamarkuptrue%
20.287 +%
20.288 +\begin{isamarkuptext}%
20.289 +Local results are established by monotonic reasoning from facts
20.290 + within a context. This allows common combinations of theorems,
20.291 + e.g.\ via \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} elimination, resolution rules, or equational
20.292 + reasoning, see \secref{sec:thms}. Unaccounted context manipulations
20.293 + should be avoided, notably raw \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} introduction or ad-hoc
20.294 + references to free variables or assumptions not present in the proof
20.295 + context.
20.296 +
20.297 + \medskip The \isa{SUBPROOF} combinator allows to structure a
20.298 + tactical proof recursively by decomposing a selected sub-goal:
20.299 + \isa{{\isacharparenleft}{\isasymAnd}x{\isachardot}\ A{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ B{\isacharparenleft}x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}} is turned into \isa{B{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}}
20.300 + after fixing \isa{x} and assuming \isa{A{\isacharparenleft}x{\isacharparenright}}. This means
20.301 + the tactic needs to solve the conclusion, but may use the premise as
20.302 + a local fact, for locally fixed variables.
20.303 +
20.304 + The \isa{prove} operation provides an interface for structured
20.305 + backwards reasoning under program control, with some explicit sanity
20.306 + checks of the result. The goal context can be augmented by
20.307 + additional fixed variables (cf.\ \secref{sec:variables}) and
20.308 + assumptions (cf.\ \secref{sec:assumptions}), which will be available
20.309 + as local facts during the proof and discharged into implications in
20.310 + the result. Type and term variables are generalized as usual,
20.311 + according to the context.
20.312 +
20.313 + The \isa{obtain} operation produces results by eliminating
20.314 + existing facts by means of a given tactic. This acts like a dual
20.315 + conclusion: the proof demonstrates that the context may be augmented
20.316 + by certain fixed variables and assumptions. See also
20.317 + \cite{isabelle-isar-ref} for the user-level \isa{{\isasymOBTAIN}} and
20.318 + \isa{{\isasymGUESS}} elements. Final results, which may not refer to
20.319 + the parameters in the conclusion, need to exported explicitly into
20.320 + the original context.%
20.321 +\end{isamarkuptext}%
20.322 +\isamarkuptrue%
20.323 +%
20.324 +\isadelimmlref
20.325 +%
20.326 +\endisadelimmlref
20.327 +%
20.328 +\isatagmlref
20.329 +%
20.330 +\begin{isamarkuptext}%
20.331 +\begin{mldecls}
20.332 + \indexml{SUBPROOF}\verb|SUBPROOF: ({context: Proof.context, schematics: ctyp list * cterm list,|\isasep\isanewline%
20.333 +\verb| params: cterm list, asms: cterm list, concl: cterm,|\isasep\isanewline%
20.334 +\verb| prems: thm list} -> tactic) -> Proof.context -> int -> tactic| \\
20.335 + \end{mldecls}
20.336 + \begin{mldecls}
20.337 + \indexml{Goal.prove}\verb|Goal.prove: Proof.context -> string list -> term list -> term ->|\isasep\isanewline%
20.338 +\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm| \\
20.339 + \indexml{Goal.prove\_multi}\verb|Goal.prove_multi: Proof.context -> string list -> term list -> term list ->|\isasep\isanewline%
20.340 +\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm list| \\
20.341 + \end{mldecls}
20.342 + \begin{mldecls}
20.343 + \indexml{Obtain.result}\verb|Obtain.result: (Proof.context -> tactic) ->|\isasep\isanewline%
20.344 +\verb| thm list -> Proof.context -> (cterm list * thm list) * Proof.context| \\
20.345 + \end{mldecls}
20.346 +
20.347 + \begin{description}
20.348 +
20.349 + \item \verb|SUBPROOF|~\isa{tac} decomposes the structure of a
20.350 + particular sub-goal, producing an extended context and a reduced
20.351 + goal, which needs to be solved by the given tactic. All schematic
20.352 + parameters of the goal are imported into the context as fixed ones,
20.353 + which may not be instantiated in the sub-proof.
20.354 +
20.355 + \item \verb|Goal.prove|~\isa{ctxt\ xs\ As\ C\ tac} states goal \isa{C} in the context augmented by fixed variables \isa{xs} and
20.356 + assumptions \isa{As}, and applies tactic \isa{tac} to solve
20.357 + it. The latter may depend on the local assumptions being presented
20.358 + as facts. The result is in HHF normal form.
20.359 +
20.360 + \item \verb|Goal.prove_multi| is simular to \verb|Goal.prove|, but
20.361 + states several conclusions simultaneously. The goal is encoded by
20.362 + means of Pure conjunction; \verb|Goal.conjunction_tac| will turn this
20.363 + into a collection of individual subgoals.
20.364 +
20.365 + \item \verb|Obtain.result|~\isa{tac\ thms\ ctxt} eliminates the
20.366 + given facts using a tactic, which results in additional fixed
20.367 + variables and assumptions in the context. Final results need to be
20.368 + exported explicitly.
20.369 +
20.370 + \end{description}%
20.371 +\end{isamarkuptext}%
20.372 +\isamarkuptrue%
20.373 +%
20.374 +\endisatagmlref
20.375 +{\isafoldmlref}%
20.376 +%
20.377 +\isadelimmlref
20.378 +%
20.379 +\endisadelimmlref
20.380 +%
20.381 +\isadelimtheory
20.382 +%
20.383 +\endisadelimtheory
20.384 +%
20.385 +\isatagtheory
20.386 +\isacommand{end}\isamarkupfalse%
20.387 +%
20.388 +\endisatagtheory
20.389 +{\isafoldtheory}%
20.390 +%
20.391 +\isadelimtheory
20.392 +%
20.393 +\endisadelimtheory
20.394 +\isanewline
20.395 +\end{isabellebody}%
20.396 +%%% Local Variables:
20.397 +%%% mode: latex
20.398 +%%% TeX-master: "root"
20.399 +%%% End:
21.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
21.2 +++ b/doc-src/IsarImplementation/Thy/document/Tactic.tex Mon Feb 16 20:47:44 2009 +0100
21.3 @@ -0,0 +1,512 @@
21.4 +%
21.5 +\begin{isabellebody}%
21.6 +\def\isabellecontext{tactic}%
21.7 +%
21.8 +\isadelimtheory
21.9 +\isanewline
21.10 +\isanewline
21.11 +\isanewline
21.12 +%
21.13 +\endisadelimtheory
21.14 +%
21.15 +\isatagtheory
21.16 +\isacommand{theory}\isamarkupfalse%
21.17 +\ tactic\ \isakeyword{imports}\ base\ \isakeyword{begin}%
21.18 +\endisatagtheory
21.19 +{\isafoldtheory}%
21.20 +%
21.21 +\isadelimtheory
21.22 +%
21.23 +\endisadelimtheory
21.24 +%
21.25 +\isamarkupchapter{Tactical reasoning%
21.26 +}
21.27 +\isamarkuptrue%
21.28 +%
21.29 +\begin{isamarkuptext}%
21.30 +Tactical reasoning works by refining the initial claim in a
21.31 + backwards fashion, until a solved form is reached. A \isa{goal}
21.32 + consists of several subgoals that need to be solved in order to
21.33 + achieve the main statement; zero subgoals means that the proof may
21.34 + be finished. A \isa{tactic} is a refinement operation that maps
21.35 + a goal to a lazy sequence of potential successors. A \isa{tactical} is a combinator for composing tactics.%
21.36 +\end{isamarkuptext}%
21.37 +\isamarkuptrue%
21.38 +%
21.39 +\isamarkupsection{Goals \label{sec:tactical-goals}%
21.40 +}
21.41 +\isamarkuptrue%
21.42 +%
21.43 +\begin{isamarkuptext}%
21.44 +Isabelle/Pure represents a goal\glossary{Tactical goal}{A theorem of
21.45 + \seeglossary{Horn Clause} form stating that a number of subgoals
21.46 + imply the main conclusion, which is marked as a protected
21.47 + proposition.} as a theorem stating that the subgoals imply the main
21.48 + goal: \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}. The outermost goal
21.49 + structure is that of a Horn Clause\glossary{Horn Clause}{An iterated
21.50 + implication \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}, without any
21.51 + outermost quantifiers. Strictly speaking, propositions \isa{A\isactrlsub i} need to be atomic in Horn Clauses, but Isabelle admits
21.52 + arbitrary substructure here (nested \isa{{\isasymLongrightarrow}} and \isa{{\isasymAnd}}
21.53 + connectives).}: i.e.\ an iterated implication without any
21.54 + quantifiers\footnote{Recall that outermost \isa{{\isasymAnd}x{\isachardot}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} is
21.55 + always represented via schematic variables in the body: \isa{{\isasymphi}{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}. These variables may get instantiated during the course of
21.56 + reasoning.}. For \isa{n\ {\isacharequal}\ {\isadigit{0}}} a goal is called ``solved''.
21.57 +
21.58 + The structure of each subgoal \isa{A\isactrlsub i} is that of a general
21.59 + Hereditary Harrop Formula \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymAnd}x\isactrlsub k{\isachardot}\ H\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ H\isactrlsub m\ {\isasymLongrightarrow}\ B} in
21.60 + normal form. Here \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub k} are goal parameters, i.e.\
21.61 + arbitrary-but-fixed entities of certain types, and \isa{H\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ H\isactrlsub m} are goal hypotheses, i.e.\ facts that may be assumed locally.
21.62 + Together, this forms the goal context of the conclusion \isa{B} to
21.63 + be established. The goal hypotheses may be again arbitrary
21.64 + Hereditary Harrop Formulas, although the level of nesting rarely
21.65 + exceeds 1--2 in practice.
21.66 +
21.67 + The main conclusion \isa{C} is internally marked as a protected
21.68 + proposition\glossary{Protected proposition}{An arbitrarily
21.69 + structured proposition \isa{C} which is forced to appear as
21.70 + atomic by wrapping it into a propositional identity operator;
21.71 + notation \isa{{\isacharhash}C}. Protecting a proposition prevents basic
21.72 + inferences from entering into that structure for the time being.},
21.73 + which is represented explicitly by the notation \isa{{\isacharhash}C}. This
21.74 + ensures that the decomposition into subgoals and main conclusion is
21.75 + well-defined for arbitrarily structured claims.
21.76 +
21.77 + \medskip Basic goal management is performed via the following
21.78 + Isabelle/Pure rules:
21.79 +
21.80 + \[
21.81 + \infer[\isa{{\isacharparenleft}init{\isacharparenright}}]{\isa{C\ {\isasymLongrightarrow}\ {\isacharhash}C}}{} \qquad
21.82 + \infer[\isa{{\isacharparenleft}finish{\isacharparenright}}]{\isa{C}}{\isa{{\isacharhash}C}}
21.83 + \]
21.84 +
21.85 + \medskip The following low-level variants admit general reasoning
21.86 + with protected propositions:
21.87 +
21.88 + \[
21.89 + \infer[\isa{{\isacharparenleft}protect{\isacharparenright}}]{\isa{{\isacharhash}C}}{\isa{C}} \qquad
21.90 + \infer[\isa{{\isacharparenleft}conclude{\isacharparenright}}]{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}}{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ {\isacharhash}C}}
21.91 + \]%
21.92 +\end{isamarkuptext}%
21.93 +\isamarkuptrue%
21.94 +%
21.95 +\isadelimmlref
21.96 +%
21.97 +\endisadelimmlref
21.98 +%
21.99 +\isatagmlref
21.100 +%
21.101 +\begin{isamarkuptext}%
21.102 +\begin{mldecls}
21.103 + \indexml{Goal.init}\verb|Goal.init: cterm -> thm| \\
21.104 + \indexml{Goal.finish}\verb|Goal.finish: thm -> thm| \\
21.105 + \indexml{Goal.protect}\verb|Goal.protect: thm -> thm| \\
21.106 + \indexml{Goal.conclude}\verb|Goal.conclude: thm -> thm| \\
21.107 + \end{mldecls}
21.108 +
21.109 + \begin{description}
21.110 +
21.111 + \item \verb|Goal.init|~\isa{C} initializes a tactical goal from
21.112 + the well-formed proposition \isa{C}.
21.113 +
21.114 + \item \verb|Goal.finish|~\isa{thm} checks whether theorem
21.115 + \isa{thm} is a solved goal (no subgoals), and concludes the
21.116 + result by removing the goal protection.
21.117 +
21.118 + \item \verb|Goal.protect|~\isa{thm} protects the full statement
21.119 + of theorem \isa{thm}.
21.120 +
21.121 + \item \verb|Goal.conclude|~\isa{thm} removes the goal
21.122 + protection, even if there are pending subgoals.
21.123 +
21.124 + \end{description}%
21.125 +\end{isamarkuptext}%
21.126 +\isamarkuptrue%
21.127 +%
21.128 +\endisatagmlref
21.129 +{\isafoldmlref}%
21.130 +%
21.131 +\isadelimmlref
21.132 +%
21.133 +\endisadelimmlref
21.134 +%
21.135 +\isamarkupsection{Tactics%
21.136 +}
21.137 +\isamarkuptrue%
21.138 +%
21.139 +\begin{isamarkuptext}%
21.140 +A \isa{tactic} is a function \isa{goal\ {\isasymrightarrow}\ goal\isactrlsup {\isacharasterisk}\isactrlsup {\isacharasterisk}} that
21.141 + maps a given goal state (represented as a theorem, cf.\
21.142 + \secref{sec:tactical-goals}) to a lazy sequence of potential
21.143 + successor states. The underlying sequence implementation is lazy
21.144 + both in head and tail, and is purely functional in \emph{not}
21.145 + supporting memoing.\footnote{The lack of memoing and the strict
21.146 + nature of SML requires some care when working with low-level
21.147 + sequence operations, to avoid duplicate or premature evaluation of
21.148 + results.}
21.149 +
21.150 + An \emph{empty result sequence} means that the tactic has failed: in
21.151 + a compound tactic expressions other tactics might be tried instead,
21.152 + or the whole refinement step might fail outright, producing a
21.153 + toplevel error message. When implementing tactics from scratch, one
21.154 + should take care to observe the basic protocol of mapping regular
21.155 + error conditions to an empty result; only serious faults should
21.156 + emerge as exceptions.
21.157 +
21.158 + By enumerating \emph{multiple results}, a tactic can easily express
21.159 + the potential outcome of an internal search process. There are also
21.160 + combinators for building proof tools that involve search
21.161 + systematically, see also \secref{sec:tacticals}.
21.162 +
21.163 + \medskip As explained in \secref{sec:tactical-goals}, a goal state
21.164 + essentially consists of a list of subgoals that imply the main goal
21.165 + (conclusion). Tactics may operate on all subgoals or on a
21.166 + particularly specified subgoal, but must not change the main
21.167 + conclusion (apart from instantiating schematic goal variables).
21.168 +
21.169 + Tactics with explicit \emph{subgoal addressing} are of the form
21.170 + \isa{int\ {\isasymrightarrow}\ tactic} and may be applied to a particular subgoal
21.171 + (counting from 1). If the subgoal number is out of range, the
21.172 + tactic should fail with an empty result sequence, but must not raise
21.173 + an exception!
21.174 +
21.175 + Operating on a particular subgoal means to replace it by an interval
21.176 + of zero or more subgoals in the same place; other subgoals must not
21.177 + be affected, apart from instantiating schematic variables ranging
21.178 + over the whole goal state.
21.179 +
21.180 + A common pattern of composing tactics with subgoal addressing is to
21.181 + try the first one, and then the second one only if the subgoal has
21.182 + not been solved yet. Special care is required here to avoid bumping
21.183 + into unrelated subgoals that happen to come after the original
21.184 + subgoal. Assuming that there is only a single initial subgoal is a
21.185 + very common error when implementing tactics!
21.186 +
21.187 + Tactics with internal subgoal addressing should expose the subgoal
21.188 + index as \isa{int} argument in full generality; a hardwired
21.189 + subgoal 1 inappropriate.
21.190 +
21.191 + \medskip The main well-formedness conditions for proper tactics are
21.192 + summarized as follows.
21.193 +
21.194 + \begin{itemize}
21.195 +
21.196 + \item General tactic failure is indicated by an empty result, only
21.197 + serious faults may produce an exception.
21.198 +
21.199 + \item The main conclusion must not be changed, apart from
21.200 + instantiating schematic variables.
21.201 +
21.202 + \item A tactic operates either uniformly on all subgoals, or
21.203 + specifically on a selected subgoal (without bumping into unrelated
21.204 + subgoals).
21.205 +
21.206 + \item Range errors in subgoal addressing produce an empty result.
21.207 +
21.208 + \end{itemize}
21.209 +
21.210 + Some of these conditions are checked by higher-level goal
21.211 + infrastructure (\secref{sec:results}); others are not checked
21.212 + explicitly, and violating them merely results in ill-behaved tactics
21.213 + experienced by the user (e.g.\ tactics that insist in being
21.214 + applicable only to singleton goals, or disallow composition with
21.215 + basic tacticals).%
21.216 +\end{isamarkuptext}%
21.217 +\isamarkuptrue%
21.218 +%
21.219 +\isadelimmlref
21.220 +%
21.221 +\endisadelimmlref
21.222 +%
21.223 +\isatagmlref
21.224 +%
21.225 +\begin{isamarkuptext}%
21.226 +\begin{mldecls}
21.227 + \indexmltype{tactic}\verb|type tactic = thm -> thm Seq.seq| \\
21.228 + \indexml{no\_tac}\verb|no_tac: tactic| \\
21.229 + \indexml{all\_tac}\verb|all_tac: tactic| \\
21.230 + \indexml{print\_tac}\verb|print_tac: string -> tactic| \\[1ex]
21.231 + \indexml{PRIMITIVE}\verb|PRIMITIVE: (thm -> thm) -> tactic| \\[1ex]
21.232 + \indexml{SUBGOAL}\verb|SUBGOAL: (term * int -> tactic) -> int -> tactic| \\
21.233 + \indexml{CSUBGOAL}\verb|CSUBGOAL: (cterm * int -> tactic) -> int -> tactic| \\
21.234 + \end{mldecls}
21.235 +
21.236 + \begin{description}
21.237 +
21.238 + \item \verb|tactic| represents tactics. The well-formedness
21.239 + conditions described above need to be observed. See also \hyperlink{file.~~/src/Pure/General/seq.ML}{\mbox{\isa{\isatt{{\isachartilde}{\isachartilde}{\isacharslash}src{\isacharslash}Pure{\isacharslash}General{\isacharslash}seq{\isachardot}ML}}}} for the underlying implementation of
21.240 + lazy sequences.
21.241 +
21.242 + \item \verb|int -> tactic| represents tactics with explicit
21.243 + subgoal addressing, with well-formedness conditions as described
21.244 + above.
21.245 +
21.246 + \item \verb|no_tac| is a tactic that always fails, returning the
21.247 + empty sequence.
21.248 +
21.249 + \item \verb|all_tac| is a tactic that always succeeds, returning a
21.250 + singleton sequence with unchanged goal state.
21.251 +
21.252 + \item \verb|print_tac|~\isa{message} is like \verb|all_tac|, but
21.253 + prints a message together with the goal state on the tracing
21.254 + channel.
21.255 +
21.256 + \item \verb|PRIMITIVE|~\isa{rule} turns a primitive inference rule
21.257 + into a tactic with unique result. Exception \verb|THM| is considered
21.258 + a regular tactic failure and produces an empty result; other
21.259 + exceptions are passed through.
21.260 +
21.261 + \item \verb|SUBGOAL|~\isa{{\isacharparenleft}fn\ {\isacharparenleft}subgoal{\isacharcomma}\ i{\isacharparenright}\ {\isacharequal}{\isachargreater}\ tactic{\isacharparenright}} is the
21.262 + most basic form to produce a tactic with subgoal addressing. The
21.263 + given abstraction over the subgoal term and subgoal number allows to
21.264 + peek at the relevant information of the full goal state. The
21.265 + subgoal range is checked as required above.
21.266 +
21.267 + \item \verb|CSUBGOAL| is similar to \verb|SUBGOAL|, but passes the
21.268 + subgoal as \verb|cterm| instead of raw \verb|term|. This
21.269 + avoids expensive re-certification in situations where the subgoal is
21.270 + used directly for primitive inferences.
21.271 +
21.272 + \end{description}%
21.273 +\end{isamarkuptext}%
21.274 +\isamarkuptrue%
21.275 +%
21.276 +\endisatagmlref
21.277 +{\isafoldmlref}%
21.278 +%
21.279 +\isadelimmlref
21.280 +%
21.281 +\endisadelimmlref
21.282 +%
21.283 +\isamarkupsubsection{Resolution and assumption tactics \label{sec:resolve-assume-tac}%
21.284 +}
21.285 +\isamarkuptrue%
21.286 +%
21.287 +\begin{isamarkuptext}%
21.288 +\emph{Resolution} is the most basic mechanism for refining a
21.289 + subgoal using a theorem as object-level rule.
21.290 + \emph{Elim-resolution} is particularly suited for elimination rules:
21.291 + it resolves with a rule, proves its first premise by assumption, and
21.292 + finally deletes that assumption from any new subgoals.
21.293 + \emph{Destruct-resolution} is like elim-resolution, but the given
21.294 + destruction rules are first turned into canonical elimination
21.295 + format. \emph{Forward-resolution} is like destruct-resolution, but
21.296 + without deleting the selected assumption. The \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f}
21.297 + naming convention is maintained for several different kinds of
21.298 + resolution rules and tactics.
21.299 +
21.300 + Assumption tactics close a subgoal by unifying some of its premises
21.301 + against its conclusion.
21.302 +
21.303 + \medskip All the tactics in this section operate on a subgoal
21.304 + designated by a positive integer. Other subgoals might be affected
21.305 + indirectly, due to instantiation of schematic variables.
21.306 +
21.307 + There are various sources of non-determinism, the tactic result
21.308 + sequence enumerates all possibilities of the following choices (if
21.309 + applicable):
21.310 +
21.311 + \begin{enumerate}
21.312 +
21.313 + \item selecting one of the rules given as argument to the tactic;
21.314 +
21.315 + \item selecting a subgoal premise to eliminate, unifying it against
21.316 + the first premise of the rule;
21.317 +
21.318 + \item unifying the conclusion of the subgoal to the conclusion of
21.319 + the rule.
21.320 +
21.321 + \end{enumerate}
21.322 +
21.323 + Recall that higher-order unification may produce multiple results
21.324 + that are enumerated here.%
21.325 +\end{isamarkuptext}%
21.326 +\isamarkuptrue%
21.327 +%
21.328 +\isadelimmlref
21.329 +%
21.330 +\endisadelimmlref
21.331 +%
21.332 +\isatagmlref
21.333 +%
21.334 +\begin{isamarkuptext}%
21.335 +\begin{mldecls}
21.336 + \indexml{resolve\_tac}\verb|resolve_tac: thm list -> int -> tactic| \\
21.337 + \indexml{eresolve\_tac}\verb|eresolve_tac: thm list -> int -> tactic| \\
21.338 + \indexml{dresolve\_tac}\verb|dresolve_tac: thm list -> int -> tactic| \\
21.339 + \indexml{forward\_tac}\verb|forward_tac: thm list -> int -> tactic| \\[1ex]
21.340 + \indexml{assume\_tac}\verb|assume_tac: int -> tactic| \\
21.341 + \indexml{eq\_assume\_tac}\verb|eq_assume_tac: int -> tactic| \\[1ex]
21.342 + \indexml{match\_tac}\verb|match_tac: thm list -> int -> tactic| \\
21.343 + \indexml{ematch\_tac}\verb|ematch_tac: thm list -> int -> tactic| \\
21.344 + \indexml{dmatch\_tac}\verb|dmatch_tac: thm list -> int -> tactic| \\
21.345 + \end{mldecls}
21.346 +
21.347 + \begin{description}
21.348 +
21.349 + \item \verb|resolve_tac|~\isa{thms\ i} refines the goal state
21.350 + using the given theorems, which should normally be introduction
21.351 + rules. The tactic resolves a rule's conclusion with subgoal \isa{i}, replacing it by the corresponding versions of the rule's
21.352 + premises.
21.353 +
21.354 + \item \verb|eresolve_tac|~\isa{thms\ i} performs elim-resolution
21.355 + with the given theorems, which should normally be elimination rules.
21.356 +
21.357 + \item \verb|dresolve_tac|~\isa{thms\ i} performs
21.358 + destruct-resolution with the given theorems, which should normally
21.359 + be destruction rules. This replaces an assumption by the result of
21.360 + applying one of the rules.
21.361 +
21.362 + \item \verb|forward_tac| is like \verb|dresolve_tac| except that the
21.363 + selected assumption is not deleted. It applies a rule to an
21.364 + assumption, adding the result as a new assumption.
21.365 +
21.366 + \item \verb|assume_tac|~\isa{i} attempts to solve subgoal \isa{i}
21.367 + by assumption (modulo higher-order unification).
21.368 +
21.369 + \item \verb|eq_assume_tac| is similar to \verb|assume_tac|, but checks
21.370 + only for immediate \isa{{\isasymalpha}}-convertibility instead of using
21.371 + unification. It succeeds (with a unique next state) if one of the
21.372 + assumptions is equal to the subgoal's conclusion. Since it does not
21.373 + instantiate variables, it cannot make other subgoals unprovable.
21.374 +
21.375 + \item \verb|match_tac|, \verb|ematch_tac|, and \verb|dmatch_tac| are
21.376 + similar to \verb|resolve_tac|, \verb|eresolve_tac|, and \verb|dresolve_tac|, respectively, but do not instantiate schematic
21.377 + variables in the goal state.
21.378 +
21.379 + Flexible subgoals are not updated at will, but are left alone.
21.380 + Strictly speaking, matching means to treat the unknowns in the goal
21.381 + state as constants; these tactics merely discard unifiers that would
21.382 + update the goal state.
21.383 +
21.384 + \end{description}%
21.385 +\end{isamarkuptext}%
21.386 +\isamarkuptrue%
21.387 +%
21.388 +\endisatagmlref
21.389 +{\isafoldmlref}%
21.390 +%
21.391 +\isadelimmlref
21.392 +%
21.393 +\endisadelimmlref
21.394 +%
21.395 +\isamarkupsubsection{Explicit instantiation within a subgoal context%
21.396 +}
21.397 +\isamarkuptrue%
21.398 +%
21.399 +\begin{isamarkuptext}%
21.400 +The main resolution tactics (\secref{sec:resolve-assume-tac})
21.401 + use higher-order unification, which works well in many practical
21.402 + situations despite its daunting theoretical properties.
21.403 + Nonetheless, there are important problem classes where unguided
21.404 + higher-order unification is not so useful. This typically involves
21.405 + rules like universal elimination, existential introduction, or
21.406 + equational substitution. Here the unification problem involves
21.407 + fully flexible \isa{{\isacharquery}P\ {\isacharquery}x} schemes, which are hard to manage
21.408 + without further hints.
21.409 +
21.410 + By providing a (small) rigid term for \isa{{\isacharquery}x} explicitly, the
21.411 + remaining unification problem is to assign a (large) term to \isa{{\isacharquery}P}, according to the shape of the given subgoal. This is
21.412 + sufficiently well-behaved in most practical situations.
21.413 +
21.414 + \medskip Isabelle provides separate versions of the standard \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f} resolution tactics that allow to provide explicit
21.415 + instantiations of unknowns of the given rule, wrt.\ terms that refer
21.416 + to the implicit context of the selected subgoal.
21.417 +
21.418 + An instantiation consists of a list of pairs of the form \isa{{\isacharparenleft}{\isacharquery}x{\isacharcomma}\ t{\isacharparenright}}, where \isa{{\isacharquery}x} is a schematic variable occurring in
21.419 + the given rule, and \isa{t} is a term from the current proof
21.420 + context, augmented by the local goal parameters of the selected
21.421 + subgoal; cf.\ the \isa{focus} operation described in
21.422 + \secref{sec:variables}.
21.423 +
21.424 + Entering the syntactic context of a subgoal is a brittle operation,
21.425 + because its exact form is somewhat accidental, and the choice of
21.426 + bound variable names depends on the presence of other local and
21.427 + global names. Explicit renaming of subgoal parameters prior to
21.428 + explicit instantiation might help to achieve a bit more robustness.
21.429 +
21.430 + Type instantiations may be given as well, via pairs like \isa{{\isacharparenleft}{\isacharquery}{\isacharprime}a{\isacharcomma}\ {\isasymtau}{\isacharparenright}}. Type instantiations are distinguished from term
21.431 + instantiations by the syntactic form of the schematic variable.
21.432 + Types are instantiated before terms are. Since term instantiation
21.433 + already performs type-inference as expected, explicit type
21.434 + instantiations are seldom necessary.%
21.435 +\end{isamarkuptext}%
21.436 +\isamarkuptrue%
21.437 +%
21.438 +\isadelimmlref
21.439 +%
21.440 +\endisadelimmlref
21.441 +%
21.442 +\isatagmlref
21.443 +%
21.444 +\begin{isamarkuptext}%
21.445 +\begin{mldecls}
21.446 + \indexml{res\_inst\_tac}\verb|res_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
21.447 + \indexml{eres\_inst\_tac}\verb|eres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
21.448 + \indexml{dres\_inst\_tac}\verb|dres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
21.449 + \indexml{forw\_inst\_tac}\verb|forw_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\[1ex]
21.450 + \indexml{rename\_tac}\verb|rename_tac: string list -> int -> tactic| \\
21.451 + \end{mldecls}
21.452 +
21.453 + \begin{description}
21.454 +
21.455 + \item \verb|res_inst_tac|~\isa{ctxt\ insts\ thm\ i} instantiates the
21.456 + rule \isa{thm} with the instantiations \isa{insts}, as described
21.457 + above, and then performs resolution on subgoal \isa{i}.
21.458 +
21.459 + \item \verb|eres_inst_tac| is like \verb|res_inst_tac|, but performs
21.460 + elim-resolution.
21.461 +
21.462 + \item \verb|dres_inst_tac| is like \verb|res_inst_tac|, but performs
21.463 + destruct-resolution.
21.464 +
21.465 + \item \verb|forw_inst_tac| is like \verb|dres_inst_tac| except that
21.466 + the selected assumption is not deleted.
21.467 +
21.468 + \item \verb|rename_tac|~\isa{names\ i} renames the innermost
21.469 + parameters of subgoal \isa{i} according to the provided \isa{names} (which need to be distinct indentifiers).
21.470 +
21.471 + \end{description}%
21.472 +\end{isamarkuptext}%
21.473 +\isamarkuptrue%
21.474 +%
21.475 +\endisatagmlref
21.476 +{\isafoldmlref}%
21.477 +%
21.478 +\isadelimmlref
21.479 +%
21.480 +\endisadelimmlref
21.481 +%
21.482 +\isamarkupsection{Tacticals \label{sec:tacticals}%
21.483 +}
21.484 +\isamarkuptrue%
21.485 +%
21.486 +\begin{isamarkuptext}%
21.487 +FIXME
21.488 +
21.489 +\glossary{Tactical}{A functional combinator for building up complex
21.490 +tactics from simpler ones. Typical tactical perform sequential
21.491 +composition, disjunction (choice), iteration, or goal addressing.
21.492 +Various search strategies may be expressed via tacticals.}%
21.493 +\end{isamarkuptext}%
21.494 +\isamarkuptrue%
21.495 +%
21.496 +\isadelimtheory
21.497 +%
21.498 +\endisadelimtheory
21.499 +%
21.500 +\isatagtheory
21.501 +\isacommand{end}\isamarkupfalse%
21.502 +%
21.503 +\endisatagtheory
21.504 +{\isafoldtheory}%
21.505 +%
21.506 +\isadelimtheory
21.507 +%
21.508 +\endisadelimtheory
21.509 +\isanewline
21.510 +\isanewline
21.511 +\end{isabellebody}%
21.512 +%%% Local Variables:
21.513 +%%% mode: latex
21.514 +%%% TeX-master: "root"
21.515 +%%% End:
22.1 --- a/doc-src/IsarImplementation/Thy/document/base.tex Mon Feb 16 20:25:21 2009 +0100
22.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
22.3 @@ -1,32 +0,0 @@
22.4 -%
22.5 -\begin{isabellebody}%
22.6 -\def\isabellecontext{base}%
22.7 -%
22.8 -\isadelimtheory
22.9 -\isanewline
22.10 -\isanewline
22.11 -\isanewline
22.12 -%
22.13 -\endisadelimtheory
22.14 -%
22.15 -\isatagtheory
22.16 -\isacommand{theory}\isamarkupfalse%
22.17 -\ base\isanewline
22.18 -\isakeyword{imports}\ Pure\isanewline
22.19 -\isakeyword{uses}\ {\isachardoublequoteopen}{\isachardot}{\isachardot}{\isacharslash}{\isachardot}{\isachardot}{\isacharslash}antiquote{\isacharunderscore}setup{\isachardot}ML{\isachardoublequoteclose}\isanewline
22.20 -\isakeyword{begin}\isanewline
22.21 -\isanewline
22.22 -\isacommand{end}\isamarkupfalse%
22.23 -%
22.24 -\endisatagtheory
22.25 -{\isafoldtheory}%
22.26 -%
22.27 -\isadelimtheory
22.28 -\isanewline
22.29 -%
22.30 -\endisadelimtheory
22.31 -\end{isabellebody}%
22.32 -%%% Local Variables:
22.33 -%%% mode: latex
22.34 -%%% TeX-master: "root"
22.35 -%%% End:
23.1 --- a/doc-src/IsarImplementation/Thy/document/integration.tex Mon Feb 16 20:25:21 2009 +0100
23.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
23.3 @@ -1,521 +0,0 @@
23.4 -%
23.5 -\begin{isabellebody}%
23.6 -\def\isabellecontext{integration}%
23.7 -%
23.8 -\isadelimtheory
23.9 -\isanewline
23.10 -\isanewline
23.11 -\isanewline
23.12 -%
23.13 -\endisadelimtheory
23.14 -%
23.15 -\isatagtheory
23.16 -\isacommand{theory}\isamarkupfalse%
23.17 -\ integration\ \isakeyword{imports}\ base\ \isakeyword{begin}%
23.18 -\endisatagtheory
23.19 -{\isafoldtheory}%
23.20 -%
23.21 -\isadelimtheory
23.22 -%
23.23 -\endisadelimtheory
23.24 -%
23.25 -\isamarkupchapter{System integration%
23.26 -}
23.27 -\isamarkuptrue%
23.28 -%
23.29 -\isamarkupsection{Isar toplevel \label{sec:isar-toplevel}%
23.30 -}
23.31 -\isamarkuptrue%
23.32 -%
23.33 -\begin{isamarkuptext}%
23.34 -The Isar toplevel may be considered the centeral hub of the
23.35 - Isabelle/Isar system, where all key components and sub-systems are
23.36 - integrated into a single read-eval-print loop of Isar commands. We
23.37 - shall even incorporate the existing {\ML} toplevel of the compiler
23.38 - and run-time system (cf.\ \secref{sec:ML-toplevel}).
23.39 -
23.40 - Isabelle/Isar departs from the original ``LCF system architecture''
23.41 - where {\ML} was really The Meta Language for defining theories and
23.42 - conducting proofs. Instead, {\ML} now only serves as the
23.43 - implementation language for the system (and user extensions), while
23.44 - the specific Isar toplevel supports the concepts of theory and proof
23.45 - development natively. This includes the graph structure of theories
23.46 - and the block structure of proofs, support for unlimited undo,
23.47 - facilities for tracing, debugging, timing, profiling etc.
23.48 -
23.49 - \medskip The toplevel maintains an implicit state, which is
23.50 - transformed by a sequence of transitions -- either interactively or
23.51 - in batch-mode. In interactive mode, Isar state transitions are
23.52 - encapsulated as safe transactions, such that both failure and undo
23.53 - are handled conveniently without destroying the underlying draft
23.54 - theory (cf.~\secref{sec:context-theory}). In batch mode,
23.55 - transitions operate in a linear (destructive) fashion, such that
23.56 - error conditions abort the present attempt to construct a theory or
23.57 - proof altogether.
23.58 -
23.59 - The toplevel state is a disjoint sum of empty \isa{toplevel}, or
23.60 - \isa{theory}, or \isa{proof}. On entering the main Isar loop we
23.61 - start with an empty toplevel. A theory is commenced by giving a
23.62 - \isa{{\isasymTHEORY}} header; within a theory we may issue theory
23.63 - commands such as \isa{{\isasymDEFINITION}}, or state a \isa{{\isasymTHEOREM}} to be proven. Now we are within a proof state, with a
23.64 - rich collection of Isar proof commands for structured proof
23.65 - composition, or unstructured proof scripts. When the proof is
23.66 - concluded we get back to the theory, which is then updated by
23.67 - storing the resulting fact. Further theory declarations or theorem
23.68 - statements with proofs may follow, until we eventually conclude the
23.69 - theory development by issuing \isa{{\isasymEND}}. The resulting theory
23.70 - is then stored within the theory database and we are back to the
23.71 - empty toplevel.
23.72 -
23.73 - In addition to these proper state transformations, there are also
23.74 - some diagnostic commands for peeking at the toplevel state without
23.75 - modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term},
23.76 - \isakeyword{print-cases}).%
23.77 -\end{isamarkuptext}%
23.78 -\isamarkuptrue%
23.79 -%
23.80 -\isadelimmlref
23.81 -%
23.82 -\endisadelimmlref
23.83 -%
23.84 -\isatagmlref
23.85 -%
23.86 -\begin{isamarkuptext}%
23.87 -\begin{mldecls}
23.88 - \indexmltype{Toplevel.state}\verb|type Toplevel.state| \\
23.89 - \indexml{Toplevel.UNDEF}\verb|Toplevel.UNDEF: exn| \\
23.90 - \indexml{Toplevel.is\_toplevel}\verb|Toplevel.is_toplevel: Toplevel.state -> bool| \\
23.91 - \indexml{Toplevel.theory\_of}\verb|Toplevel.theory_of: Toplevel.state -> theory| \\
23.92 - \indexml{Toplevel.proof\_of}\verb|Toplevel.proof_of: Toplevel.state -> Proof.state| \\
23.93 - \indexml{Toplevel.debug}\verb|Toplevel.debug: bool ref| \\
23.94 - \indexml{Toplevel.timing}\verb|Toplevel.timing: bool ref| \\
23.95 - \indexml{Toplevel.profiling}\verb|Toplevel.profiling: int ref| \\
23.96 - \end{mldecls}
23.97 -
23.98 - \begin{description}
23.99 -
23.100 - \item \verb|Toplevel.state| represents Isar toplevel states,
23.101 - which are normally manipulated through the concept of toplevel
23.102 - transitions only (\secref{sec:toplevel-transition}). Also note that
23.103 - a raw toplevel state is subject to the same linearity restrictions
23.104 - as a theory context (cf.~\secref{sec:context-theory}).
23.105 -
23.106 - \item \verb|Toplevel.UNDEF| is raised for undefined toplevel
23.107 - operations. Many operations work only partially for certain cases,
23.108 - since \verb|Toplevel.state| is a sum type.
23.109 -
23.110 - \item \verb|Toplevel.is_toplevel|~\isa{state} checks for an empty
23.111 - toplevel state.
23.112 -
23.113 - \item \verb|Toplevel.theory_of|~\isa{state} selects the theory of
23.114 - a theory or proof (!), otherwise raises \verb|Toplevel.UNDEF|.
23.115 -
23.116 - \item \verb|Toplevel.proof_of|~\isa{state} selects the Isar proof
23.117 - state if available, otherwise raises \verb|Toplevel.UNDEF|.
23.118 -
23.119 - \item \verb|set Toplevel.debug| makes the toplevel print further
23.120 - details about internal error conditions, exceptions being raised
23.121 - etc.
23.122 -
23.123 - \item \verb|set Toplevel.timing| makes the toplevel print timing
23.124 - information for each Isar command being executed.
23.125 -
23.126 - \item \verb|Toplevel.profiling|~\verb|:=|~\isa{n} controls
23.127 - low-level profiling of the underlying {\ML} runtime system. For
23.128 - Poly/ML, \isa{n\ {\isacharequal}\ {\isadigit{1}}} means time and \isa{n\ {\isacharequal}\ {\isadigit{2}}} space
23.129 - profiling.
23.130 -
23.131 - \end{description}%
23.132 -\end{isamarkuptext}%
23.133 -\isamarkuptrue%
23.134 -%
23.135 -\endisatagmlref
23.136 -{\isafoldmlref}%
23.137 -%
23.138 -\isadelimmlref
23.139 -%
23.140 -\endisadelimmlref
23.141 -%
23.142 -\isamarkupsubsection{Toplevel transitions \label{sec:toplevel-transition}%
23.143 -}
23.144 -\isamarkuptrue%
23.145 -%
23.146 -\begin{isamarkuptext}%
23.147 -An Isar toplevel transition consists of a partial function on the
23.148 - toplevel state, with additional information for diagnostics and
23.149 - error reporting: there are fields for command name, source position,
23.150 - optional source text, as well as flags for interactive-only commands
23.151 - (which issue a warning in batch-mode), printing of result state,
23.152 - etc.
23.153 -
23.154 - The operational part is represented as the sequential union of a
23.155 - list of partial functions, which are tried in turn until the first
23.156 - one succeeds. This acts like an outer case-expression for various
23.157 - alternative state transitions. For example, \isakeyword{qed} acts
23.158 - differently for a local proofs vs.\ the global ending of the main
23.159 - proof.
23.160 -
23.161 - Toplevel transitions are composed via transition transformers.
23.162 - Internally, Isar commands are put together from an empty transition
23.163 - extended by name and source position (and optional source text). It
23.164 - is then left to the individual command parser to turn the given
23.165 - concrete syntax into a suitable transition transformer that adjoin
23.166 - actual operations on a theory or proof state etc.%
23.167 -\end{isamarkuptext}%
23.168 -\isamarkuptrue%
23.169 -%
23.170 -\isadelimmlref
23.171 -%
23.172 -\endisadelimmlref
23.173 -%
23.174 -\isatagmlref
23.175 -%
23.176 -\begin{isamarkuptext}%
23.177 -\begin{mldecls}
23.178 - \indexml{Toplevel.print}\verb|Toplevel.print: Toplevel.transition -> Toplevel.transition| \\
23.179 - \indexml{Toplevel.no\_timing}\verb|Toplevel.no_timing: Toplevel.transition -> Toplevel.transition| \\
23.180 - \indexml{Toplevel.keep}\verb|Toplevel.keep: (Toplevel.state -> unit) ->|\isasep\isanewline%
23.181 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.182 - \indexml{Toplevel.theory}\verb|Toplevel.theory: (theory -> theory) ->|\isasep\isanewline%
23.183 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.184 - \indexml{Toplevel.theory\_to\_proof}\verb|Toplevel.theory_to_proof: (theory -> Proof.state) ->|\isasep\isanewline%
23.185 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.186 - \indexml{Toplevel.proof}\verb|Toplevel.proof: (Proof.state -> Proof.state) ->|\isasep\isanewline%
23.187 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.188 - \indexml{Toplevel.proofs}\verb|Toplevel.proofs: (Proof.state -> Proof.state Seq.seq) ->|\isasep\isanewline%
23.189 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.190 - \indexml{Toplevel.end\_proof}\verb|Toplevel.end_proof: (bool -> Proof.state -> Proof.context) ->|\isasep\isanewline%
23.191 -\verb| Toplevel.transition -> Toplevel.transition| \\
23.192 - \end{mldecls}
23.193 -
23.194 - \begin{description}
23.195 -
23.196 - \item \verb|Toplevel.print|~\isa{tr} sets the print flag, which
23.197 - causes the toplevel loop to echo the result state (in interactive
23.198 - mode).
23.199 -
23.200 - \item \verb|Toplevel.no_timing|~\isa{tr} indicates that the
23.201 - transition should never show timing information, e.g.\ because it is
23.202 - a diagnostic command.
23.203 -
23.204 - \item \verb|Toplevel.keep|~\isa{tr} adjoins a diagnostic
23.205 - function.
23.206 -
23.207 - \item \verb|Toplevel.theory|~\isa{tr} adjoins a theory
23.208 - transformer.
23.209 -
23.210 - \item \verb|Toplevel.theory_to_proof|~\isa{tr} adjoins a global
23.211 - goal function, which turns a theory into a proof state. The theory
23.212 - may be changed before entering the proof; the generic Isar goal
23.213 - setup includes an argument that specifies how to apply the proven
23.214 - result to the theory, when the proof is finished.
23.215 -
23.216 - \item \verb|Toplevel.proof|~\isa{tr} adjoins a deterministic
23.217 - proof command, with a singleton result.
23.218 -
23.219 - \item \verb|Toplevel.proofs|~\isa{tr} adjoins a general proof
23.220 - command, with zero or more result states (represented as a lazy
23.221 - list).
23.222 -
23.223 - \item \verb|Toplevel.end_proof|~\isa{tr} adjoins a concluding
23.224 - proof command, that returns the resulting theory, after storing the
23.225 - resulting facts in the context etc.
23.226 -
23.227 - \end{description}%
23.228 -\end{isamarkuptext}%
23.229 -\isamarkuptrue%
23.230 -%
23.231 -\endisatagmlref
23.232 -{\isafoldmlref}%
23.233 -%
23.234 -\isadelimmlref
23.235 -%
23.236 -\endisadelimmlref
23.237 -%
23.238 -\isamarkupsubsection{Toplevel control%
23.239 -}
23.240 -\isamarkuptrue%
23.241 -%
23.242 -\begin{isamarkuptext}%
23.243 -There are a few special control commands that modify the behavior
23.244 - the toplevel itself, and only make sense in interactive mode. Under
23.245 - normal circumstances, the user encounters these only implicitly as
23.246 - part of the protocol between the Isabelle/Isar system and a
23.247 - user-interface such as ProofGeneral.
23.248 -
23.249 - \begin{description}
23.250 -
23.251 - \item \isacommand{undo} follows the three-level hierarchy of empty
23.252 - toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the
23.253 - previous proof context, undo after a proof reverts to the theory
23.254 - before the initial goal statement, undo of a theory command reverts
23.255 - to the previous theory value, undo of a theory header discontinues
23.256 - the current theory development and removes it from the theory
23.257 - database (\secref{sec:theory-database}).
23.258 -
23.259 - \item \isacommand{kill} aborts the current level of development:
23.260 - kill in a proof context reverts to the theory before the initial
23.261 - goal statement, kill in a theory context aborts the current theory
23.262 - development, removing it from the database.
23.263 -
23.264 - \item \isacommand{exit} drops out of the Isar toplevel into the
23.265 - underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar
23.266 - toplevel state is preserved and may be continued later.
23.267 -
23.268 - \item \isacommand{quit} terminates the Isabelle/Isar process without
23.269 - saving.
23.270 -
23.271 - \end{description}%
23.272 -\end{isamarkuptext}%
23.273 -\isamarkuptrue%
23.274 -%
23.275 -\isamarkupsection{ML toplevel \label{sec:ML-toplevel}%
23.276 -}
23.277 -\isamarkuptrue%
23.278 -%
23.279 -\begin{isamarkuptext}%
23.280 -The {\ML} toplevel provides a read-compile-eval-print loop for {\ML}
23.281 - values, types, structures, and functors. {\ML} declarations operate
23.282 - on the global system state, which consists of the compiler
23.283 - environment plus the values of {\ML} reference variables. There is
23.284 - no clean way to undo {\ML} declarations, except for reverting to a
23.285 - previously saved state of the whole Isabelle process. {\ML} input
23.286 - is either read interactively from a TTY, or from a string (usually
23.287 - within a theory text), or from a source file (usually loaded from a
23.288 - theory).
23.289 -
23.290 - Whenever the {\ML} toplevel is active, the current Isabelle theory
23.291 - context is passed as an internal reference variable. Thus {\ML}
23.292 - code may access the theory context during compilation, it may even
23.293 - change the value of a theory being under construction --- while
23.294 - observing the usual linearity restrictions
23.295 - (cf.~\secref{sec:context-theory}).%
23.296 -\end{isamarkuptext}%
23.297 -\isamarkuptrue%
23.298 -%
23.299 -\isadelimmlref
23.300 -%
23.301 -\endisadelimmlref
23.302 -%
23.303 -\isatagmlref
23.304 -%
23.305 -\begin{isamarkuptext}%
23.306 -\begin{mldecls}
23.307 - \indexml{the\_context}\verb|the_context: unit -> theory| \\
23.308 - \indexml{Context.$>$$>$ }\verb|Context.>> : (Context.generic -> Context.generic) -> unit| \\
23.309 - \end{mldecls}
23.310 -
23.311 - \begin{description}
23.312 -
23.313 - \item \verb|the_context ()| refers to the theory context of the
23.314 - {\ML} toplevel --- at compile time! {\ML} code needs to take care
23.315 - to refer to \verb|the_context ()| correctly. Recall that
23.316 - evaluation of a function body is delayed until actual runtime.
23.317 - Moreover, persistent {\ML} toplevel bindings to an unfinished theory
23.318 - should be avoided: code should either project out the desired
23.319 - information immediately, or produce an explicit \verb|theory_ref| (cf.\ \secref{sec:context-theory}).
23.320 -
23.321 - \item \verb|Context.>>|~\isa{f} applies context transformation
23.322 - \isa{f} to the implicit context of the {\ML} toplevel.
23.323 -
23.324 - \end{description}
23.325 -
23.326 - It is very important to note that the above functions are really
23.327 - restricted to the compile time, even though the {\ML} compiler is
23.328 - invoked at runtime! The majority of {\ML} code uses explicit
23.329 - functional arguments of a theory or proof context instead. Thus it
23.330 - may be invoked for an arbitrary context later on, without having to
23.331 - worry about any operational details.
23.332 -
23.333 - \bigskip
23.334 -
23.335 - \begin{mldecls}
23.336 - \indexml{Isar.main}\verb|Isar.main: unit -> unit| \\
23.337 - \indexml{Isar.loop}\verb|Isar.loop: unit -> unit| \\
23.338 - \indexml{Isar.state}\verb|Isar.state: unit -> Toplevel.state| \\
23.339 - \indexml{Isar.exn}\verb|Isar.exn: unit -> (exn * string) option| \\
23.340 - \indexml{Isar.context}\verb|Isar.context: unit -> Proof.context| \\
23.341 - \indexml{Isar.goal}\verb|Isar.goal: unit -> thm| \\
23.342 - \end{mldecls}
23.343 -
23.344 - \begin{description}
23.345 -
23.346 - \item \verb|Isar.main ()| invokes the Isar toplevel from {\ML},
23.347 - initializing an empty toplevel state.
23.348 -
23.349 - \item \verb|Isar.loop ()| continues the Isar toplevel with the
23.350 - current state, after having dropped out of the Isar toplevel loop.
23.351 -
23.352 - \item \verb|Isar.state ()| and \verb|Isar.exn ()| get current
23.353 - toplevel state and error condition, respectively. This only works
23.354 - after having dropped out of the Isar toplevel loop.
23.355 -
23.356 - \item \verb|Isar.context ()| produces the proof context from \verb|Isar.state ()|, analogous to \verb|Context.proof_of|
23.357 - (\secref{sec:generic-context}).
23.358 -
23.359 - \item \verb|Isar.goal ()| picks the tactical goal from \verb|Isar.state ()|, represented as a theorem according to
23.360 - \secref{sec:tactical-goals}.
23.361 -
23.362 - \end{description}%
23.363 -\end{isamarkuptext}%
23.364 -\isamarkuptrue%
23.365 -%
23.366 -\endisatagmlref
23.367 -{\isafoldmlref}%
23.368 -%
23.369 -\isadelimmlref
23.370 -%
23.371 -\endisadelimmlref
23.372 -%
23.373 -\isamarkupsection{Theory database \label{sec:theory-database}%
23.374 -}
23.375 -\isamarkuptrue%
23.376 -%
23.377 -\begin{isamarkuptext}%
23.378 -The theory database maintains a collection of theories, together
23.379 - with some administrative information about their original sources,
23.380 - which are held in an external store (i.e.\ some directory within the
23.381 - regular file system).
23.382 -
23.383 - The theory database is organized as a directed acyclic graph;
23.384 - entries are referenced by theory name. Although some additional
23.385 - interfaces allow to include a directory specification as well, this
23.386 - is only a hint to the underlying theory loader. The internal theory
23.387 - name space is flat!
23.388 -
23.389 - Theory \isa{A} is associated with the main theory file \isa{A}\verb,.thy,, which needs to be accessible through the theory
23.390 - loader path. Any number of additional {\ML} source files may be
23.391 - associated with each theory, by declaring these dependencies in the
23.392 - theory header as \isa{{\isasymUSES}}, and loading them consecutively
23.393 - within the theory context. The system keeps track of incoming {\ML}
23.394 - sources and associates them with the current theory. The file
23.395 - \isa{A}\verb,.ML, is loaded after a theory has been concluded, in
23.396 - order to support legacy proof {\ML} proof scripts.
23.397 -
23.398 - The basic internal actions of the theory database are \isa{update}, \isa{outdate}, and \isa{remove}:
23.399 -
23.400 - \begin{itemize}
23.401 -
23.402 - \item \isa{update\ A} introduces a link of \isa{A} with a
23.403 - \isa{theory} value of the same name; it asserts that the theory
23.404 - sources are now consistent with that value;
23.405 -
23.406 - \item \isa{outdate\ A} invalidates the link of a theory database
23.407 - entry to its sources, but retains the present theory value;
23.408 -
23.409 - \item \isa{remove\ A} deletes entry \isa{A} from the theory
23.410 - database.
23.411 -
23.412 - \end{itemize}
23.413 -
23.414 - These actions are propagated to sub- or super-graphs of a theory
23.415 - entry as expected, in order to preserve global consistency of the
23.416 - state of all loaded theories with the sources of the external store.
23.417 - This implies certain causalities between actions: \isa{update}
23.418 - or \isa{outdate} of an entry will \isa{outdate} all
23.419 - descendants; \isa{remove} will \isa{remove} all descendants.
23.420 -
23.421 - \medskip There are separate user-level interfaces to operate on the
23.422 - theory database directly or indirectly. The primitive actions then
23.423 - just happen automatically while working with the system. In
23.424 - particular, processing a theory header \isa{{\isasymTHEORY}\ A\ {\isasymIMPORTS}\ B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n\ {\isasymBEGIN}} ensures that the
23.425 - sub-graph of the collective imports \isa{B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n}
23.426 - is up-to-date, too. Earlier theories are reloaded as required, with
23.427 - \isa{update} actions proceeding in topological order according to
23.428 - theory dependencies. There may be also a wave of implied \isa{outdate} actions for derived theory nodes until a stable situation
23.429 - is achieved eventually.%
23.430 -\end{isamarkuptext}%
23.431 -\isamarkuptrue%
23.432 -%
23.433 -\isadelimmlref
23.434 -%
23.435 -\endisadelimmlref
23.436 -%
23.437 -\isatagmlref
23.438 -%
23.439 -\begin{isamarkuptext}%
23.440 -\begin{mldecls}
23.441 - \indexml{theory}\verb|theory: string -> theory| \\
23.442 - \indexml{use\_thy}\verb|use_thy: string -> unit| \\
23.443 - \indexml{use\_thys}\verb|use_thys: string list -> unit| \\
23.444 - \indexml{ThyInfo.touch\_thy}\verb|ThyInfo.touch_thy: string -> unit| \\
23.445 - \indexml{ThyInfo.remove\_thy}\verb|ThyInfo.remove_thy: string -> unit| \\[1ex]
23.446 - \indexml{ThyInfo.begin\_theory}\verb|ThyInfo.begin_theory|\verb|: ... -> bool -> theory| \\
23.447 - \indexml{ThyInfo.end\_theory}\verb|ThyInfo.end_theory: theory -> unit| \\
23.448 - \indexml{ThyInfo.register\_theory}\verb|ThyInfo.register_theory: theory -> unit| \\[1ex]
23.449 - \verb|datatype action = Update |\verb,|,\verb| Outdate |\verb,|,\verb| Remove| \\
23.450 - \indexml{ThyInfo.add\_hook}\verb|ThyInfo.add_hook: (ThyInfo.action -> string -> unit) -> unit| \\
23.451 - \end{mldecls}
23.452 -
23.453 - \begin{description}
23.454 -
23.455 - \item \verb|theory|~\isa{A} retrieves the theory value presently
23.456 - associated with name \isa{A}. Note that the result might be
23.457 - outdated.
23.458 -
23.459 - \item \verb|use_thy|~\isa{A} ensures that theory \isa{A} is fully
23.460 - up-to-date wrt.\ the external file store, reloading outdated
23.461 - ancestors as required.
23.462 -
23.463 - \item \verb|use_thys| is similar to \verb|use_thy|, but handles
23.464 - several theories simultaneously. Thus it acts like processing the
23.465 - import header of a theory, without performing the merge of the
23.466 - result, though.
23.467 -
23.468 - \item \verb|ThyInfo.touch_thy|~\isa{A} performs and \isa{outdate} action
23.469 - on theory \isa{A} and all descendants.
23.470 -
23.471 - \item \verb|ThyInfo.remove_thy|~\isa{A} deletes theory \isa{A} and all
23.472 - descendants from the theory database.
23.473 -
23.474 - \item \verb|ThyInfo.begin_theory| is the basic operation behind a
23.475 - \isa{{\isasymTHEORY}} header declaration. This is {\ML} functions is
23.476 - normally not invoked directly.
23.477 -
23.478 - \item \verb|ThyInfo.end_theory| concludes the loading of a theory
23.479 - proper and stores the result in the theory database.
23.480 -
23.481 - \item \verb|ThyInfo.register_theory|~\isa{text\ thy} registers an
23.482 - existing theory value with the theory loader database. There is no
23.483 - management of associated sources.
23.484 -
23.485 - \item \verb|ThyInfo.add_hook|~\isa{f} registers function \isa{f} as a hook for theory database actions. The function will be
23.486 - invoked with the action and theory name being involved; thus derived
23.487 - actions may be performed in associated system components, e.g.\
23.488 - maintaining the state of an editor for the theory sources.
23.489 -
23.490 - The kind and order of actions occurring in practice depends both on
23.491 - user interactions and the internal process of resolving theory
23.492 - imports. Hooks should not rely on a particular policy here! Any
23.493 - exceptions raised by the hook are ignored.
23.494 -
23.495 - \end{description}%
23.496 -\end{isamarkuptext}%
23.497 -\isamarkuptrue%
23.498 -%
23.499 -\endisatagmlref
23.500 -{\isafoldmlref}%
23.501 -%
23.502 -\isadelimmlref
23.503 -%
23.504 -\endisadelimmlref
23.505 -%
23.506 -\isadelimtheory
23.507 -%
23.508 -\endisadelimtheory
23.509 -%
23.510 -\isatagtheory
23.511 -\isacommand{end}\isamarkupfalse%
23.512 -%
23.513 -\endisatagtheory
23.514 -{\isafoldtheory}%
23.515 -%
23.516 -\isadelimtheory
23.517 -%
23.518 -\endisadelimtheory
23.519 -\isanewline
23.520 -\end{isabellebody}%
23.521 -%%% Local Variables:
23.522 -%%% mode: latex
23.523 -%%% TeX-master: "root"
23.524 -%%% End:
24.1 --- a/doc-src/IsarImplementation/Thy/document/isar.tex Mon Feb 16 20:25:21 2009 +0100
24.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
24.3 @@ -1,91 +0,0 @@
24.4 -%
24.5 -\begin{isabellebody}%
24.6 -\def\isabellecontext{isar}%
24.7 -%
24.8 -\isadelimtheory
24.9 -\isanewline
24.10 -\isanewline
24.11 -\isanewline
24.12 -%
24.13 -\endisadelimtheory
24.14 -%
24.15 -\isatagtheory
24.16 -\isacommand{theory}\isamarkupfalse%
24.17 -\ isar\ \isakeyword{imports}\ base\ \isakeyword{begin}%
24.18 -\endisatagtheory
24.19 -{\isafoldtheory}%
24.20 -%
24.21 -\isadelimtheory
24.22 -%
24.23 -\endisadelimtheory
24.24 -%
24.25 -\isamarkupchapter{Isar proof texts%
24.26 -}
24.27 -\isamarkuptrue%
24.28 -%
24.29 -\isamarkupsection{Proof context%
24.30 -}
24.31 -\isamarkuptrue%
24.32 -%
24.33 -\begin{isamarkuptext}%
24.34 -FIXME%
24.35 -\end{isamarkuptext}%
24.36 -\isamarkuptrue%
24.37 -%
24.38 -\isamarkupsection{Proof state \label{sec:isar-proof-state}%
24.39 -}
24.40 -\isamarkuptrue%
24.41 -%
24.42 -\begin{isamarkuptext}%
24.43 -FIXME
24.44 -
24.45 -\glossary{Proof state}{The whole configuration of a structured proof,
24.46 -consisting of a \seeglossary{proof context} and an optional
24.47 -\seeglossary{structured goal}. Internally, an Isar proof state is
24.48 -organized as a stack to accomodate block structure of proof texts.
24.49 -For historical reasons, a low-level \seeglossary{tactical goal} is
24.50 -occasionally called ``proof state'' as well.}
24.51 -
24.52 -\glossary{Structured goal}{FIXME}
24.53 -
24.54 -\glossary{Goal}{See \seeglossary{tactical goal} or \seeglossary{structured goal}. \norefpage}%
24.55 -\end{isamarkuptext}%
24.56 -\isamarkuptrue%
24.57 -%
24.58 -\isamarkupsection{Proof methods%
24.59 -}
24.60 -\isamarkuptrue%
24.61 -%
24.62 -\begin{isamarkuptext}%
24.63 -FIXME%
24.64 -\end{isamarkuptext}%
24.65 -\isamarkuptrue%
24.66 -%
24.67 -\isamarkupsection{Attributes%
24.68 -}
24.69 -\isamarkuptrue%
24.70 -%
24.71 -\begin{isamarkuptext}%
24.72 -FIXME ?!%
24.73 -\end{isamarkuptext}%
24.74 -\isamarkuptrue%
24.75 -%
24.76 -\isadelimtheory
24.77 -%
24.78 -\endisadelimtheory
24.79 -%
24.80 -\isatagtheory
24.81 -\isacommand{end}\isamarkupfalse%
24.82 -%
24.83 -\endisatagtheory
24.84 -{\isafoldtheory}%
24.85 -%
24.86 -\isadelimtheory
24.87 -%
24.88 -\endisadelimtheory
24.89 -\isanewline
24.90 -\end{isabellebody}%
24.91 -%%% Local Variables:
24.92 -%%% mode: latex
24.93 -%%% TeX-master: "root"
24.94 -%%% End:
25.1 --- a/doc-src/IsarImplementation/Thy/document/locale.tex Mon Feb 16 20:25:21 2009 +0100
25.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
25.3 @@ -1,73 +0,0 @@
25.4 -%
25.5 -\begin{isabellebody}%
25.6 -\def\isabellecontext{locale}%
25.7 -%
25.8 -\isadelimtheory
25.9 -\isanewline
25.10 -\isanewline
25.11 -\isanewline
25.12 -%
25.13 -\endisadelimtheory
25.14 -%
25.15 -\isatagtheory
25.16 -\isacommand{theory}\isamarkupfalse%
25.17 -\ {\isachardoublequoteopen}locale{\isachardoublequoteclose}\ \isakeyword{imports}\ base\ \isakeyword{begin}%
25.18 -\endisatagtheory
25.19 -{\isafoldtheory}%
25.20 -%
25.21 -\isadelimtheory
25.22 -%
25.23 -\endisadelimtheory
25.24 -%
25.25 -\isamarkupchapter{Structured specifications%
25.26 -}
25.27 -\isamarkuptrue%
25.28 -%
25.29 -\isamarkupsection{Specification elements%
25.30 -}
25.31 -\isamarkuptrue%
25.32 -%
25.33 -\begin{isamarkuptext}%
25.34 -FIXME%
25.35 -\end{isamarkuptext}%
25.36 -\isamarkuptrue%
25.37 -%
25.38 -\isamarkupsection{Type-inference%
25.39 -}
25.40 -\isamarkuptrue%
25.41 -%
25.42 -\begin{isamarkuptext}%
25.43 -FIXME%
25.44 -\end{isamarkuptext}%
25.45 -\isamarkuptrue%
25.46 -%
25.47 -\isamarkupsection{Local theories%
25.48 -}
25.49 -\isamarkuptrue%
25.50 -%
25.51 -\begin{isamarkuptext}%
25.52 -FIXME
25.53 -
25.54 - \glossary{Local theory}{FIXME}%
25.55 -\end{isamarkuptext}%
25.56 -\isamarkuptrue%
25.57 -%
25.58 -\isadelimtheory
25.59 -%
25.60 -\endisadelimtheory
25.61 -%
25.62 -\isatagtheory
25.63 -\isacommand{end}\isamarkupfalse%
25.64 -%
25.65 -\endisatagtheory
25.66 -{\isafoldtheory}%
25.67 -%
25.68 -\isadelimtheory
25.69 -%
25.70 -\endisadelimtheory
25.71 -\isanewline
25.72 -\end{isabellebody}%
25.73 -%%% Local Variables:
25.74 -%%% mode: latex
25.75 -%%% TeX-master: "root"
25.76 -%%% End:
26.1 --- a/doc-src/IsarImplementation/Thy/document/logic.tex Mon Feb 16 20:25:21 2009 +0100
26.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
26.3 @@ -1,886 +0,0 @@
26.4 -%
26.5 -\begin{isabellebody}%
26.6 -\def\isabellecontext{logic}%
26.7 -%
26.8 -\isadelimtheory
26.9 -%
26.10 -\endisadelimtheory
26.11 -%
26.12 -\isatagtheory
26.13 -\isacommand{theory}\isamarkupfalse%
26.14 -\ logic\ \isakeyword{imports}\ base\ \isakeyword{begin}%
26.15 -\endisatagtheory
26.16 -{\isafoldtheory}%
26.17 -%
26.18 -\isadelimtheory
26.19 -%
26.20 -\endisadelimtheory
26.21 -%
26.22 -\isamarkupchapter{Primitive logic \label{ch:logic}%
26.23 -}
26.24 -\isamarkuptrue%
26.25 -%
26.26 -\begin{isamarkuptext}%
26.27 -The logical foundations of Isabelle/Isar are that of the Pure logic,
26.28 - which has been introduced as a natural-deduction framework in
26.29 - \cite{paulson700}. This is essentially the same logic as ``\isa{{\isasymlambda}HOL}'' in the more abstract setting of Pure Type Systems (PTS)
26.30 - \cite{Barendregt-Geuvers:2001}, although there are some key
26.31 - differences in the specific treatment of simple types in
26.32 - Isabelle/Pure.
26.33 -
26.34 - Following type-theoretic parlance, the Pure logic consists of three
26.35 - levels of \isa{{\isasymlambda}}-calculus with corresponding arrows, \isa{{\isasymRightarrow}} for syntactic function space (terms depending on terms), \isa{{\isasymAnd}} for universal quantification (proofs depending on terms), and
26.36 - \isa{{\isasymLongrightarrow}} for implication (proofs depending on proofs).
26.37 -
26.38 - Derivations are relative to a logical theory, which declares type
26.39 - constructors, constants, and axioms. Theory declarations support
26.40 - schematic polymorphism, which is strictly speaking outside the
26.41 - logic.\footnote{This is the deeper logical reason, why the theory
26.42 - context \isa{{\isasymTheta}} is separate from the proof context \isa{{\isasymGamma}}
26.43 - of the core calculus.}%
26.44 -\end{isamarkuptext}%
26.45 -\isamarkuptrue%
26.46 -%
26.47 -\isamarkupsection{Types \label{sec:types}%
26.48 -}
26.49 -\isamarkuptrue%
26.50 -%
26.51 -\begin{isamarkuptext}%
26.52 -The language of types is an uninterpreted order-sorted first-order
26.53 - algebra; types are qualified by ordered type classes.
26.54 -
26.55 - \medskip A \emph{type class} is an abstract syntactic entity
26.56 - declared in the theory context. The \emph{subclass relation} \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}} is specified by stating an acyclic
26.57 - generating relation; the transitive closure is maintained
26.58 - internally. The resulting relation is an ordering: reflexive,
26.59 - transitive, and antisymmetric.
26.60 -
26.61 - A \emph{sort} is a list of type classes written as \isa{s\ {\isacharequal}\ {\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub m{\isacharbraceright}}, which represents symbolic
26.62 - intersection. Notationally, the curly braces are omitted for
26.63 - singleton intersections, i.e.\ any class \isa{c} may be read as
26.64 - a sort \isa{{\isacharbraceleft}c{\isacharbraceright}}. The ordering on type classes is extended to
26.65 - sorts according to the meaning of intersections: \isa{{\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}\ c\isactrlisub m{\isacharbraceright}\ {\isasymsubseteq}\ {\isacharbraceleft}d\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlisub n{\isacharbraceright}} iff
26.66 - \isa{{\isasymforall}j{\isachardot}\ {\isasymexists}i{\isachardot}\ c\isactrlisub i\ {\isasymsubseteq}\ d\isactrlisub j}. The empty intersection
26.67 - \isa{{\isacharbraceleft}{\isacharbraceright}} refers to the universal sort, which is the largest
26.68 - element wrt.\ the sort order. The intersections of all (finitely
26.69 - many) classes declared in the current theory are the minimal
26.70 - elements wrt.\ the sort order.
26.71 -
26.72 - \medskip A \emph{fixed type variable} is a pair of a basic name
26.73 - (starting with a \isa{{\isacharprime}} character) and a sort constraint, e.g.\
26.74 - \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ s{\isacharparenright}} which is usually printed as \isa{{\isasymalpha}\isactrlisub s}.
26.75 - A \emph{schematic type variable} is a pair of an indexname and a
26.76 - sort constraint, e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ s{\isacharparenright}} which is usually
26.77 - printed as \isa{{\isacharquery}{\isasymalpha}\isactrlisub s}.
26.78 -
26.79 - Note that \emph{all} syntactic components contribute to the identity
26.80 - of type variables, including the sort constraint. The core logic
26.81 - handles type variables with the same name but different sorts as
26.82 - different, although some outer layers of the system make it hard to
26.83 - produce anything like this.
26.84 -
26.85 - A \emph{type constructor} \isa{{\isasymkappa}} is a \isa{k}-ary operator
26.86 - on types declared in the theory. Type constructor application is
26.87 - written postfix as \isa{{\isacharparenleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub k{\isacharparenright}{\isasymkappa}}. For
26.88 - \isa{k\ {\isacharequal}\ {\isadigit{0}}} the argument tuple is omitted, e.g.\ \isa{prop}
26.89 - instead of \isa{{\isacharparenleft}{\isacharparenright}prop}. For \isa{k\ {\isacharequal}\ {\isadigit{1}}} the parentheses
26.90 - are omitted, e.g.\ \isa{{\isasymalpha}\ list} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharparenright}list}.
26.91 - Further notation is provided for specific constructors, notably the
26.92 - right-associative infix \isa{{\isasymalpha}\ {\isasymRightarrow}\ {\isasymbeta}} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharcomma}\ {\isasymbeta}{\isacharparenright}fun}.
26.93 -
26.94 - A \emph{type} is defined inductively over type variables and type
26.95 - constructors as follows: \isa{{\isasymtau}\ {\isacharequal}\ {\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharquery}{\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharparenleft}{\isasymtau}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlsub k{\isacharparenright}{\isasymkappa}}.
26.96 -
26.97 - A \emph{type abbreviation} is a syntactic definition \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} of an arbitrary type expression \isa{{\isasymtau}} over
26.98 - variables \isa{\isactrlvec {\isasymalpha}}. Type abbreviations appear as type
26.99 - constructors in the syntax, but are expanded before entering the
26.100 - logical core.
26.101 -
26.102 - A \emph{type arity} declares the image behavior of a type
26.103 - constructor wrt.\ the algebra of sorts: \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}s} means that \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub k{\isacharparenright}{\isasymkappa}} is
26.104 - of sort \isa{s} if every argument type \isa{{\isasymtau}\isactrlisub i} is
26.105 - of sort \isa{s\isactrlisub i}. Arity declarations are implicitly
26.106 - completed, i.e.\ \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c} entails \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c{\isacharprime}} for any \isa{c{\isacharprime}\ {\isasymsupseteq}\ c}.
26.107 -
26.108 - \medskip The sort algebra is always maintained as \emph{coregular},
26.109 - which means that type arities are consistent with the subclass
26.110 - relation: for any type constructor \isa{{\isasymkappa}}, and classes \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}, and arities \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{1}}{\isacharparenright}c\isactrlisub {\isadigit{1}}} and \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{2}}{\isacharparenright}c\isactrlisub {\isadigit{2}}} holds \isa{\isactrlvec s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ \isactrlvec s\isactrlisub {\isadigit{2}}} component-wise.
26.111 -
26.112 - The key property of a coregular order-sorted algebra is that sort
26.113 - constraints can be solved in a most general fashion: for each type
26.114 - constructor \isa{{\isasymkappa}} and sort \isa{s} there is a most general
26.115 - vector of argument sorts \isa{{\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}} such
26.116 - that a type scheme \isa{{\isacharparenleft}{\isasymalpha}\isactrlbsub s\isactrlisub {\isadigit{1}}\isactrlesub {\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlbsub s\isactrlisub k\isactrlesub {\isacharparenright}{\isasymkappa}} is of sort \isa{s}.
26.117 - Consequently, type unification has most general solutions (modulo
26.118 - equivalence of sorts), so type-inference produces primary types as
26.119 - expected \cite{nipkow-prehofer}.%
26.120 -\end{isamarkuptext}%
26.121 -\isamarkuptrue%
26.122 -%
26.123 -\isadelimmlref
26.124 -%
26.125 -\endisadelimmlref
26.126 -%
26.127 -\isatagmlref
26.128 -%
26.129 -\begin{isamarkuptext}%
26.130 -\begin{mldecls}
26.131 - \indexmltype{class}\verb|type class| \\
26.132 - \indexmltype{sort}\verb|type sort| \\
26.133 - \indexmltype{arity}\verb|type arity| \\
26.134 - \indexmltype{typ}\verb|type typ| \\
26.135 - \indexml{map\_atyps}\verb|map_atyps: (typ -> typ) -> typ -> typ| \\
26.136 - \indexml{fold\_atyps}\verb|fold_atyps: (typ -> 'a -> 'a) -> typ -> 'a -> 'a| \\
26.137 - \end{mldecls}
26.138 - \begin{mldecls}
26.139 - \indexml{Sign.subsort}\verb|Sign.subsort: theory -> sort * sort -> bool| \\
26.140 - \indexml{Sign.of\_sort}\verb|Sign.of_sort: theory -> typ * sort -> bool| \\
26.141 - \indexml{Sign.add\_types}\verb|Sign.add_types: (string * int * mixfix) list -> theory -> theory| \\
26.142 - \indexml{Sign.add\_tyabbrs\_i}\verb|Sign.add_tyabbrs_i: |\isasep\isanewline%
26.143 -\verb| (string * string list * typ * mixfix) list -> theory -> theory| \\
26.144 - \indexml{Sign.primitive\_class}\verb|Sign.primitive_class: string * class list -> theory -> theory| \\
26.145 - \indexml{Sign.primitive\_classrel}\verb|Sign.primitive_classrel: class * class -> theory -> theory| \\
26.146 - \indexml{Sign.primitive\_arity}\verb|Sign.primitive_arity: arity -> theory -> theory| \\
26.147 - \end{mldecls}
26.148 -
26.149 - \begin{description}
26.150 -
26.151 - \item \verb|class| represents type classes; this is an alias for
26.152 - \verb|string|.
26.153 -
26.154 - \item \verb|sort| represents sorts; this is an alias for
26.155 - \verb|class list|.
26.156 -
26.157 - \item \verb|arity| represents type arities; this is an alias for
26.158 - triples of the form \isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} for \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s} described above.
26.159 -
26.160 - \item \verb|typ| represents types; this is a datatype with
26.161 - constructors \verb|TFree|, \verb|TVar|, \verb|Type|.
26.162 -
26.163 - \item \verb|map_atyps|~\isa{f\ {\isasymtau}} applies the mapping \isa{f}
26.164 - to all atomic types (\verb|TFree|, \verb|TVar|) occurring in \isa{{\isasymtau}}.
26.165 -
26.166 - \item \verb|fold_atyps|~\isa{f\ {\isasymtau}} iterates the operation \isa{f} over all occurrences of atomic types (\verb|TFree|, \verb|TVar|)
26.167 - in \isa{{\isasymtau}}; the type structure is traversed from left to right.
26.168 -
26.169 - \item \verb|Sign.subsort|~\isa{thy\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ s\isactrlisub {\isadigit{2}}{\isacharparenright}}
26.170 - tests the subsort relation \isa{s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ s\isactrlisub {\isadigit{2}}}.
26.171 -
26.172 - \item \verb|Sign.of_sort|~\isa{thy\ {\isacharparenleft}{\isasymtau}{\isacharcomma}\ s{\isacharparenright}} tests whether type
26.173 - \isa{{\isasymtau}} is of sort \isa{s}.
26.174 -
26.175 - \item \verb|Sign.add_types|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ k{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares a new
26.176 - type constructors \isa{{\isasymkappa}} with \isa{k} arguments and
26.177 - optional mixfix syntax.
26.178 -
26.179 - \item \verb|Sign.add_tyabbrs_i|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec {\isasymalpha}{\isacharcomma}\ {\isasymtau}{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}}
26.180 - defines a new type abbreviation \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} with
26.181 - optional mixfix syntax.
26.182 -
26.183 - \item \verb|Sign.primitive_class|~\isa{{\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub n{\isacharbrackright}{\isacharparenright}} declares a new class \isa{c}, together with class
26.184 - relations \isa{c\ {\isasymsubseteq}\ c\isactrlisub i}, for \isa{i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n}.
26.185 -
26.186 - \item \verb|Sign.primitive_classrel|~\isa{{\isacharparenleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ c\isactrlisub {\isadigit{2}}{\isacharparenright}} declares the class relation \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}.
26.187 -
26.188 - \item \verb|Sign.primitive_arity|~\isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} declares
26.189 - the arity \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s}.
26.190 -
26.191 - \end{description}%
26.192 -\end{isamarkuptext}%
26.193 -\isamarkuptrue%
26.194 -%
26.195 -\endisatagmlref
26.196 -{\isafoldmlref}%
26.197 -%
26.198 -\isadelimmlref
26.199 -%
26.200 -\endisadelimmlref
26.201 -%
26.202 -\isamarkupsection{Terms \label{sec:terms}%
26.203 -}
26.204 -\isamarkuptrue%
26.205 -%
26.206 -\begin{isamarkuptext}%
26.207 -\glossary{Term}{FIXME}
26.208 -
26.209 - The language of terms is that of simply-typed \isa{{\isasymlambda}}-calculus
26.210 - with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
26.211 - or \cite{paulson-ml2}), with the types being determined determined
26.212 - by the corresponding binders. In contrast, free variables and
26.213 - constants are have an explicit name and type in each occurrence.
26.214 -
26.215 - \medskip A \emph{bound variable} is a natural number \isa{b},
26.216 - which accounts for the number of intermediate binders between the
26.217 - variable occurrence in the body and its binding position. For
26.218 - example, the de-Bruijn term \isa{{\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isadigit{1}}\ {\isacharplus}\ {\isadigit{0}}} would
26.219 - correspond to \isa{{\isasymlambda}x\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}y\isactrlbsub nat\isactrlesub {\isachardot}\ x\ {\isacharplus}\ y} in a named
26.220 - representation. Note that a bound variable may be represented by
26.221 - different de-Bruijn indices at different occurrences, depending on
26.222 - the nesting of abstractions.
26.223 -
26.224 - A \emph{loose variable} is a bound variable that is outside the
26.225 - scope of local binders. The types (and names) for loose variables
26.226 - can be managed as a separate context, that is maintained as a stack
26.227 - of hypothetical binders. The core logic operates on closed terms,
26.228 - without any loose variables.
26.229 -
26.230 - A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
26.231 - \isa{{\isacharparenleft}x{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed \isa{x\isactrlisub {\isasymtau}}. A
26.232 - \emph{schematic variable} is a pair of an indexname and a type,
26.233 - e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}x{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{{\isacharquery}x\isactrlisub {\isasymtau}}.
26.234 -
26.235 - \medskip A \emph{constant} is a pair of a basic name and a type,
26.236 - e.g.\ \isa{{\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{c\isactrlisub {\isasymtau}}. Constants are declared in the context as polymorphic
26.237 - families \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}, meaning that all substitution instances
26.238 - \isa{c\isactrlisub {\isasymtau}} for \isa{{\isasymtau}\ {\isacharequal}\ {\isasymsigma}{\isasymvartheta}} are valid.
26.239 -
26.240 - The vector of \emph{type arguments} of constant \isa{c\isactrlisub {\isasymtau}}
26.241 - wrt.\ the declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is defined as the codomain of
26.242 - the matcher \isa{{\isasymvartheta}\ {\isacharequal}\ {\isacharbraceleft}{\isacharquery}{\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymmapsto}\ {\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isacharquery}{\isasymalpha}\isactrlisub n\ {\isasymmapsto}\ {\isasymtau}\isactrlisub n{\isacharbraceright}} presented in canonical order \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}}. Within a given theory context,
26.243 - there is a one-to-one correspondence between any constant \isa{c\isactrlisub {\isasymtau}} and the application \isa{c{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}} of its type arguments. For example, with \isa{plus\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}}, the instance \isa{plus\isactrlbsub nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat\isactrlesub } corresponds to \isa{plus{\isacharparenleft}nat{\isacharparenright}}.
26.244 -
26.245 - Constant declarations \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} may contain sort constraints
26.246 - for type variables in \isa{{\isasymsigma}}. These are observed by
26.247 - type-inference as expected, but \emph{ignored} by the core logic.
26.248 - This means the primitive logic is able to reason with instances of
26.249 - polymorphic constants that the user-level type-checker would reject
26.250 - due to violation of type class restrictions.
26.251 -
26.252 - \medskip An \emph{atomic} term is either a variable or constant. A
26.253 - \emph{term} is defined inductively over atomic terms, with
26.254 - abstraction and application as follows: \isa{t\ {\isacharequal}\ b\ {\isacharbar}\ x\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isacharquery}x\isactrlisub {\isasymtau}\ {\isacharbar}\ c\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isasymlambda}\isactrlisub {\isasymtau}{\isachardot}\ t\ {\isacharbar}\ t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}}.
26.255 - Parsing and printing takes care of converting between an external
26.256 - representation with named bound variables. Subsequently, we shall
26.257 - use the latter notation instead of internal de-Bruijn
26.258 - representation.
26.259 -
26.260 - The inductive relation \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} assigns a (unique) type to a
26.261 - term according to the structure of atomic terms, abstractions, and
26.262 - applicatins:
26.263 - \[
26.264 - \infer{\isa{a\isactrlisub {\isasymtau}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}{}
26.265 - \qquad
26.266 - \infer{\isa{{\isacharparenleft}{\isasymlambda}x\isactrlsub {\isasymtau}{\isachardot}\ t{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}
26.267 - \qquad
26.268 - \infer{\isa{t\ u\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}} & \isa{u\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}
26.269 - \]
26.270 - A \emph{well-typed term} is a term that can be typed according to these rules.
26.271 -
26.272 - Typing information can be omitted: type-inference is able to
26.273 - reconstruct the most general type of a raw term, while assigning
26.274 - most general types to all of its variables and constants.
26.275 - Type-inference depends on a context of type constraints for fixed
26.276 - variables, and declarations for polymorphic constants.
26.277 -
26.278 - The identity of atomic terms consists both of the name and the type
26.279 - component. This means that different variables \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{1}}\isactrlesub } and \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{2}}\isactrlesub } may become the same after type
26.280 - instantiation. Some outer layers of the system make it hard to
26.281 - produce variables of the same name, but different types. In
26.282 - contrast, mixed instances of polymorphic constants occur frequently.
26.283 -
26.284 - \medskip The \emph{hidden polymorphism} of a term \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}
26.285 - is the set of type variables occurring in \isa{t}, but not in
26.286 - \isa{{\isasymsigma}}. This means that the term implicitly depends on type
26.287 - arguments that are not accounted in the result type, i.e.\ there are
26.288 - different type instances \isa{t{\isasymvartheta}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} and \isa{t{\isasymvartheta}{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with the same type. This slightly
26.289 - pathological situation notoriously demands additional care.
26.290 -
26.291 - \medskip A \emph{term abbreviation} is a syntactic definition \isa{c\isactrlisub {\isasymsigma}\ {\isasymequiv}\ t} of a closed term \isa{t} of type \isa{{\isasymsigma}},
26.292 - without any hidden polymorphism. A term abbreviation looks like a
26.293 - constant in the syntax, but is expanded before entering the logical
26.294 - core. Abbreviations are usually reverted when printing terms, using
26.295 - \isa{t\ {\isasymrightarrow}\ c\isactrlisub {\isasymsigma}} as rules for higher-order rewriting.
26.296 -
26.297 - \medskip Canonical operations on \isa{{\isasymlambda}}-terms include \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion: \isa{{\isasymalpha}}-conversion refers to capture-free
26.298 - renaming of bound variables; \isa{{\isasymbeta}}-conversion contracts an
26.299 - abstraction applied to an argument term, substituting the argument
26.300 - in the body: \isa{{\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharparenright}a} becomes \isa{b{\isacharbrackleft}a{\isacharslash}x{\isacharbrackright}}; \isa{{\isasymeta}}-conversion contracts vacuous application-abstraction: \isa{{\isasymlambda}x{\isachardot}\ f\ x} becomes \isa{f}, provided that the bound variable
26.301 - does not occur in \isa{f}.
26.302 -
26.303 - Terms are normally treated modulo \isa{{\isasymalpha}}-conversion, which is
26.304 - implicit in the de-Bruijn representation. Names for bound variables
26.305 - in abstractions are maintained separately as (meaningless) comments,
26.306 - mostly for parsing and printing. Full \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion is
26.307 - commonplace in various standard operations (\secref{sec:obj-rules})
26.308 - that are based on higher-order unification and matching.%
26.309 -\end{isamarkuptext}%
26.310 -\isamarkuptrue%
26.311 -%
26.312 -\isadelimmlref
26.313 -%
26.314 -\endisadelimmlref
26.315 -%
26.316 -\isatagmlref
26.317 -%
26.318 -\begin{isamarkuptext}%
26.319 -\begin{mldecls}
26.320 - \indexmltype{term}\verb|type term| \\
26.321 - \indexml{op aconv}\verb|op aconv: term * term -> bool| \\
26.322 - \indexml{map\_types}\verb|map_types: (typ -> typ) -> term -> term| \\
26.323 - \indexml{fold\_types}\verb|fold_types: (typ -> 'a -> 'a) -> term -> 'a -> 'a| \\
26.324 - \indexml{map\_aterms}\verb|map_aterms: (term -> term) -> term -> term| \\
26.325 - \indexml{fold\_aterms}\verb|fold_aterms: (term -> 'a -> 'a) -> term -> 'a -> 'a| \\
26.326 - \end{mldecls}
26.327 - \begin{mldecls}
26.328 - \indexml{fastype\_of}\verb|fastype_of: term -> typ| \\
26.329 - \indexml{lambda}\verb|lambda: term -> term -> term| \\
26.330 - \indexml{betapply}\verb|betapply: term * term -> term| \\
26.331 - \indexml{Sign.declare\_const}\verb|Sign.declare_const: Properties.T -> (binding * typ) * mixfix ->|\isasep\isanewline%
26.332 -\verb| theory -> term * theory| \\
26.333 - \indexml{Sign.add\_abbrev}\verb|Sign.add_abbrev: string -> Properties.T -> binding * term ->|\isasep\isanewline%
26.334 -\verb| theory -> (term * term) * theory| \\
26.335 - \indexml{Sign.const\_typargs}\verb|Sign.const_typargs: theory -> string * typ -> typ list| \\
26.336 - \indexml{Sign.const\_instance}\verb|Sign.const_instance: theory -> string * typ list -> typ| \\
26.337 - \end{mldecls}
26.338 -
26.339 - \begin{description}
26.340 -
26.341 - \item \verb|term| represents de-Bruijn terms, with comments in
26.342 - abstractions, and explicitly named free variables and constants;
26.343 - this is a datatype with constructors \verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|, \verb|Abs|, \verb|op $|.
26.344 -
26.345 - \item \isa{t}~\verb|aconv|~\isa{u} checks \isa{{\isasymalpha}}-equivalence of two terms. This is the basic equality relation
26.346 - on type \verb|term|; raw datatype equality should only be used
26.347 - for operations related to parsing or printing!
26.348 -
26.349 - \item \verb|map_types|~\isa{f\ t} applies the mapping \isa{f} to all types occurring in \isa{t}.
26.350 -
26.351 - \item \verb|fold_types|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of types in \isa{t}; the term
26.352 - structure is traversed from left to right.
26.353 -
26.354 - \item \verb|map_aterms|~\isa{f\ t} applies the mapping \isa{f}
26.355 - to all atomic terms (\verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|) occurring in \isa{t}.
26.356 -
26.357 - \item \verb|fold_aterms|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of atomic terms (\verb|Bound|, \verb|Free|,
26.358 - \verb|Var|, \verb|Const|) in \isa{t}; the term structure is
26.359 - traversed from left to right.
26.360 -
26.361 - \item \verb|fastype_of|~\isa{t} determines the type of a
26.362 - well-typed term. This operation is relatively slow, despite the
26.363 - omission of any sanity checks.
26.364 -
26.365 - \item \verb|lambda|~\isa{a\ b} produces an abstraction \isa{{\isasymlambda}a{\isachardot}\ b}, where occurrences of the atomic term \isa{a} in the
26.366 - body \isa{b} are replaced by bound variables.
26.367 -
26.368 - \item \verb|betapply|~\isa{{\isacharparenleft}t{\isacharcomma}\ u{\isacharparenright}} produces an application \isa{t\ u}, with topmost \isa{{\isasymbeta}}-conversion if \isa{t} is an
26.369 - abstraction.
26.370 -
26.371 - \item \verb|Sign.declare_const|~\isa{properties\ {\isacharparenleft}{\isacharparenleft}c{\isacharcomma}\ {\isasymsigma}{\isacharparenright}{\isacharcomma}\ mx{\isacharparenright}}
26.372 - declares a new constant \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with optional mixfix
26.373 - syntax.
26.374 -
26.375 - \item \verb|Sign.add_abbrev|~\isa{print{\isacharunderscore}mode\ properties\ {\isacharparenleft}c{\isacharcomma}\ t{\isacharparenright}}
26.376 - introduces a new term abbreviation \isa{c\ {\isasymequiv}\ t}.
26.377 -
26.378 - \item \verb|Sign.const_typargs|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} and \verb|Sign.const_instance|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharbrackright}{\isacharparenright}}
26.379 - convert between two representations of polymorphic constants: full
26.380 - type instance vs.\ compact type arguments form.
26.381 -
26.382 - \end{description}%
26.383 -\end{isamarkuptext}%
26.384 -\isamarkuptrue%
26.385 -%
26.386 -\endisatagmlref
26.387 -{\isafoldmlref}%
26.388 -%
26.389 -\isadelimmlref
26.390 -%
26.391 -\endisadelimmlref
26.392 -%
26.393 -\isamarkupsection{Theorems \label{sec:thms}%
26.394 -}
26.395 -\isamarkuptrue%
26.396 -%
26.397 -\begin{isamarkuptext}%
26.398 -\glossary{Proposition}{FIXME A \seeglossary{term} of
26.399 - \seeglossary{type} \isa{prop}. Internally, there is nothing
26.400 - special about propositions apart from their type, but the concrete
26.401 - syntax enforces a clear distinction. Propositions are structured
26.402 - via implication \isa{A\ {\isasymLongrightarrow}\ B} or universal quantification \isa{{\isasymAnd}x{\isachardot}\ B\ x} --- anything else is considered atomic. The canonical
26.403 - form for propositions is that of a \seeglossary{Hereditary Harrop
26.404 - Formula}. FIXME}
26.405 -
26.406 - \glossary{Theorem}{A proven proposition within a certain theory and
26.407 - proof context, formally \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}; both contexts are
26.408 - rarely spelled out explicitly. Theorems are usually normalized
26.409 - according to the \seeglossary{HHF} format. FIXME}
26.410 -
26.411 - \glossary{Fact}{Sometimes used interchangeably for
26.412 - \seeglossary{theorem}. Strictly speaking, a list of theorems,
26.413 - essentially an extra-logical conjunction. Facts emerge either as
26.414 - local assumptions, or as results of local goal statements --- both
26.415 - may be simultaneous, hence the list representation. FIXME}
26.416 -
26.417 - \glossary{Schematic variable}{FIXME}
26.418 -
26.419 - \glossary{Fixed variable}{A variable that is bound within a certain
26.420 - proof context; an arbitrary-but-fixed entity within a portion of
26.421 - proof text. FIXME}
26.422 -
26.423 - \glossary{Free variable}{Synonymous for \seeglossary{fixed
26.424 - variable}. FIXME}
26.425 -
26.426 - \glossary{Bound variable}{FIXME}
26.427 -
26.428 - \glossary{Variable}{See \seeglossary{schematic variable},
26.429 - \seeglossary{fixed variable}, \seeglossary{bound variable}, or
26.430 - \seeglossary{type variable}. The distinguishing feature of
26.431 - different variables is their binding scope. FIXME}
26.432 -
26.433 - A \emph{proposition} is a well-typed term of type \isa{prop}, a
26.434 - \emph{theorem} is a proven proposition (depending on a context of
26.435 - hypotheses and the background theory). Primitive inferences include
26.436 - plain natural deduction rules for the primary connectives \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} of the framework. There is also a builtin
26.437 - notion of equality/equivalence \isa{{\isasymequiv}}.%
26.438 -\end{isamarkuptext}%
26.439 -\isamarkuptrue%
26.440 -%
26.441 -\isamarkupsubsection{Primitive connectives and rules \label{sec:prim-rules}%
26.442 -}
26.443 -\isamarkuptrue%
26.444 -%
26.445 -\begin{isamarkuptext}%
26.446 -The theory \isa{Pure} contains constant declarations for the
26.447 - primitive connectives \isa{{\isasymAnd}}, \isa{{\isasymLongrightarrow}}, and \isa{{\isasymequiv}} of
26.448 - the logical framework, see \figref{fig:pure-connectives}. The
26.449 - derivability judgment \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} is
26.450 - defined inductively by the primitive inferences given in
26.451 - \figref{fig:prim-rules}, with the global restriction that the
26.452 - hypotheses must \emph{not} contain any schematic variables. The
26.453 - builtin equality is conceptually axiomatized as shown in
26.454 - \figref{fig:pure-equality}, although the implementation works
26.455 - directly with derived inferences.
26.456 -
26.457 - \begin{figure}[htb]
26.458 - \begin{center}
26.459 - \begin{tabular}{ll}
26.460 - \isa{all\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymalpha}\ {\isasymRightarrow}\ prop{\isacharparenright}\ {\isasymRightarrow}\ prop} & universal quantification (binder \isa{{\isasymAnd}}) \\
26.461 - \isa{{\isasymLongrightarrow}\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & implication (right associative infix) \\
26.462 - \isa{{\isasymequiv}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & equality relation (infix) \\
26.463 - \end{tabular}
26.464 - \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
26.465 - \end{center}
26.466 - \end{figure}
26.467 -
26.468 - \begin{figure}[htb]
26.469 - \begin{center}
26.470 - \[
26.471 - \infer[\isa{{\isacharparenleft}axiom{\isacharparenright}}]{\isa{{\isasymturnstile}\ A}}{\isa{A\ {\isasymin}\ {\isasymTheta}}}
26.472 - \qquad
26.473 - \infer[\isa{{\isacharparenleft}assume{\isacharparenright}}]{\isa{A\ {\isasymturnstile}\ A}}{}
26.474 - \]
26.475 - \[
26.476 - \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
26.477 - \qquad
26.478 - \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}a{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}
26.479 - \]
26.480 - \[
26.481 - \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isacharminus}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
26.482 - \qquad
26.483 - \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymunion}\ {\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ B}}{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B} & \isa{{\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ A}}
26.484 - \]
26.485 - \caption{Primitive inferences of Pure}\label{fig:prim-rules}
26.486 - \end{center}
26.487 - \end{figure}
26.488 -
26.489 - \begin{figure}[htb]
26.490 - \begin{center}
26.491 - \begin{tabular}{ll}
26.492 - \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}\ a\ {\isasymequiv}\ b{\isacharbrackleft}a{\isacharbrackright}} & \isa{{\isasymbeta}}-conversion \\
26.493 - \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ x} & reflexivity \\
26.494 - \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ y\ {\isasymLongrightarrow}\ P\ x\ {\isasymLongrightarrow}\ P\ y} & substitution \\
26.495 - \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ f\ x\ {\isasymequiv}\ g\ x{\isacharparenright}\ {\isasymLongrightarrow}\ f\ {\isasymequiv}\ g} & extensionality \\
26.496 - \isa{{\isasymturnstile}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}B\ {\isasymLongrightarrow}\ A{\isacharparenright}\ {\isasymLongrightarrow}\ A\ {\isasymequiv}\ B} & logical equivalence \\
26.497 - \end{tabular}
26.498 - \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
26.499 - \end{center}
26.500 - \end{figure}
26.501 -
26.502 - The introduction and elimination rules for \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} are analogous to formation of dependently typed \isa{{\isasymlambda}}-terms representing the underlying proof objects. Proof terms
26.503 - are irrelevant in the Pure logic, though; they cannot occur within
26.504 - propositions. The system provides a runtime option to record
26.505 - explicit proof terms for primitive inferences. Thus all three
26.506 - levels of \isa{{\isasymlambda}}-calculus become explicit: \isa{{\isasymRightarrow}} for
26.507 - terms, and \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} for proofs (cf.\
26.508 - \cite{Berghofer-Nipkow:2000:TPHOL}).
26.509 -
26.510 - Observe that locally fixed parameters (as in \isa{{\isasymAnd}{\isacharunderscore}intro}) need
26.511 - not be recorded in the hypotheses, because the simple syntactic
26.512 - types of Pure are always inhabitable. ``Assumptions'' \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} for type-membership are only present as long as some \isa{x\isactrlisub {\isasymtau}} occurs in the statement body.\footnote{This is the key
26.513 - difference to ``\isa{{\isasymlambda}HOL}'' in the PTS framework
26.514 - \cite{Barendregt-Geuvers:2001}, where hypotheses \isa{x\ {\isacharcolon}\ A} are
26.515 - treated uniformly for propositions and types.}
26.516 -
26.517 - \medskip The axiomatization of a theory is implicitly closed by
26.518 - forming all instances of type and term variables: \isa{{\isasymturnstile}\ A{\isasymvartheta}} holds for any substitution instance of an axiom
26.519 - \isa{{\isasymturnstile}\ A}. By pushing substitutions through derivations
26.520 - inductively, we also get admissible \isa{generalize} and \isa{instance} rules as shown in \figref{fig:subst-rules}.
26.521 -
26.522 - \begin{figure}[htb]
26.523 - \begin{center}
26.524 - \[
26.525 - \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} & \isa{{\isasymalpha}\ {\isasymnotin}\ {\isasymGamma}}}
26.526 - \quad
26.527 - \infer[\quad\isa{{\isacharparenleft}generalize{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
26.528 - \]
26.529 - \[
26.530 - \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymtau}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}
26.531 - \quad
26.532 - \infer[\quad\isa{{\isacharparenleft}instantiate{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}t{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}
26.533 - \]
26.534 - \caption{Admissible substitution rules}\label{fig:subst-rules}
26.535 - \end{center}
26.536 - \end{figure}
26.537 -
26.538 - Note that \isa{instantiate} does not require an explicit
26.539 - side-condition, because \isa{{\isasymGamma}} may never contain schematic
26.540 - variables.
26.541 -
26.542 - In principle, variables could be substituted in hypotheses as well,
26.543 - but this would disrupt the monotonicity of reasoning: deriving
26.544 - \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymturnstile}\ B{\isasymvartheta}} from \isa{{\isasymGamma}\ {\isasymturnstile}\ B} is
26.545 - correct, but \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymsupseteq}\ {\isasymGamma}} does not necessarily hold:
26.546 - the result belongs to a different proof context.
26.547 -
26.548 - \medskip An \emph{oracle} is a function that produces axioms on the
26.549 - fly. Logically, this is an instance of the \isa{axiom} rule
26.550 - (\figref{fig:prim-rules}), but there is an operational difference.
26.551 - The system always records oracle invocations within derivations of
26.552 - theorems. Tracing plain axioms (and named theorems) is optional.
26.553 -
26.554 - Axiomatizations should be limited to the bare minimum, typically as
26.555 - part of the initial logical basis of an object-logic formalization.
26.556 - Later on, theories are usually developed in a strictly definitional
26.557 - fashion, by stating only certain equalities over new constants.
26.558 -
26.559 - A \emph{simple definition} consists of a constant declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} together with an axiom \isa{{\isasymturnstile}\ c\ {\isasymequiv}\ t}, where \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is a closed term without any hidden polymorphism. The RHS
26.560 - may depend on further defined constants, but not \isa{c} itself.
26.561 - Definitions of functions may be presented as \isa{c\ \isactrlvec x\ {\isasymequiv}\ t} instead of the puristic \isa{c\ {\isasymequiv}\ {\isasymlambda}\isactrlvec x{\isachardot}\ t}.
26.562 -
26.563 - An \emph{overloaded definition} consists of a collection of axioms
26.564 - for the same constant, with zero or one equations \isa{c{\isacharparenleft}{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}{\isacharparenright}\ {\isasymequiv}\ t} for each type constructor \isa{{\isasymkappa}} (for
26.565 - distinct variables \isa{\isactrlvec {\isasymalpha}}). The RHS may mention
26.566 - previously defined constants as above, or arbitrary constants \isa{d{\isacharparenleft}{\isasymalpha}\isactrlisub i{\isacharparenright}} for some \isa{{\isasymalpha}\isactrlisub i} projected from \isa{\isactrlvec {\isasymalpha}}. Thus overloaded definitions essentially work by
26.567 - primitive recursion over the syntactic structure of a single type
26.568 - argument.%
26.569 -\end{isamarkuptext}%
26.570 -\isamarkuptrue%
26.571 -%
26.572 -\isadelimmlref
26.573 -%
26.574 -\endisadelimmlref
26.575 -%
26.576 -\isatagmlref
26.577 -%
26.578 -\begin{isamarkuptext}%
26.579 -\begin{mldecls}
26.580 - \indexmltype{ctyp}\verb|type ctyp| \\
26.581 - \indexmltype{cterm}\verb|type cterm| \\
26.582 - \indexml{Thm.ctyp\_of}\verb|Thm.ctyp_of: theory -> typ -> ctyp| \\
26.583 - \indexml{Thm.cterm\_of}\verb|Thm.cterm_of: theory -> term -> cterm| \\
26.584 - \end{mldecls}
26.585 - \begin{mldecls}
26.586 - \indexmltype{thm}\verb|type thm| \\
26.587 - \indexml{proofs}\verb|proofs: int ref| \\
26.588 - \indexml{Thm.assume}\verb|Thm.assume: cterm -> thm| \\
26.589 - \indexml{Thm.forall\_intr}\verb|Thm.forall_intr: cterm -> thm -> thm| \\
26.590 - \indexml{Thm.forall\_elim}\verb|Thm.forall_elim: cterm -> thm -> thm| \\
26.591 - \indexml{Thm.implies\_intr}\verb|Thm.implies_intr: cterm -> thm -> thm| \\
26.592 - \indexml{Thm.implies\_elim}\verb|Thm.implies_elim: thm -> thm -> thm| \\
26.593 - \indexml{Thm.generalize}\verb|Thm.generalize: string list * string list -> int -> thm -> thm| \\
26.594 - \indexml{Thm.instantiate}\verb|Thm.instantiate: (ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm| \\
26.595 - \indexml{Thm.axiom}\verb|Thm.axiom: theory -> string -> thm| \\
26.596 - \indexml{Thm.add\_oracle}\verb|Thm.add_oracle: bstring * ('a -> cterm) -> theory|\isasep\isanewline%
26.597 -\verb| -> (string * ('a -> thm)) * theory| \\
26.598 - \end{mldecls}
26.599 - \begin{mldecls}
26.600 - \indexml{Theory.add\_axioms\_i}\verb|Theory.add_axioms_i: (binding * term) list -> theory -> theory| \\
26.601 - \indexml{Theory.add\_deps}\verb|Theory.add_deps: string -> string * typ -> (string * typ) list -> theory -> theory| \\
26.602 - \indexml{Theory.add\_defs\_i}\verb|Theory.add_defs_i: bool -> bool -> (binding * term) list -> theory -> theory| \\
26.603 - \end{mldecls}
26.604 -
26.605 - \begin{description}
26.606 -
26.607 - \item \verb|ctyp| and \verb|cterm| represent certified types
26.608 - and terms, respectively. These are abstract datatypes that
26.609 - guarantee that its values have passed the full well-formedness (and
26.610 - well-typedness) checks, relative to the declarations of type
26.611 - constructors, constants etc. in the theory.
26.612 -
26.613 - \item \verb|ctyp_of|~\isa{thy\ {\isasymtau}} and \verb|cterm_of|~\isa{thy\ t} explicitly checks types and terms, respectively. This also
26.614 - involves some basic normalizations, such expansion of type and term
26.615 - abbreviations from the theory context.
26.616 -
26.617 - Re-certification is relatively slow and should be avoided in tight
26.618 - reasoning loops. There are separate operations to decompose
26.619 - certified entities (including actual theorems).
26.620 -
26.621 - \item \verb|thm| represents proven propositions. This is an
26.622 - abstract datatype that guarantees that its values have been
26.623 - constructed by basic principles of the \verb|Thm| module.
26.624 - Every \verb|thm| value contains a sliding back-reference to the
26.625 - enclosing theory, cf.\ \secref{sec:context-theory}.
26.626 -
26.627 - \item \verb|proofs| determines the detail of proof recording within
26.628 - \verb|thm| values: \verb|0| records only oracles, \verb|1| records
26.629 - oracles, axioms and named theorems, \verb|2| records full proof
26.630 - terms.
26.631 -
26.632 - \item \verb|Thm.assume|, \verb|Thm.forall_intr|, \verb|Thm.forall_elim|, \verb|Thm.implies_intr|, and \verb|Thm.implies_elim|
26.633 - correspond to the primitive inferences of \figref{fig:prim-rules}.
26.634 -
26.635 - \item \verb|Thm.generalize|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharcomma}\ \isactrlvec x{\isacharparenright}}
26.636 - corresponds to the \isa{generalize} rules of
26.637 - \figref{fig:subst-rules}. Here collections of type and term
26.638 - variables are generalized simultaneously, specified by the given
26.639 - basic names.
26.640 -
26.641 - \item \verb|Thm.instantiate|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}\isactrlisub s{\isacharcomma}\ \isactrlvec x\isactrlisub {\isasymtau}{\isacharparenright}} corresponds to the \isa{instantiate} rules
26.642 - of \figref{fig:subst-rules}. Type variables are substituted before
26.643 - term variables. Note that the types in \isa{\isactrlvec x\isactrlisub {\isasymtau}}
26.644 - refer to the instantiated versions.
26.645 -
26.646 - \item \verb|Thm.axiom|~\isa{thy\ name} retrieves a named
26.647 - axiom, cf.\ \isa{axiom} in \figref{fig:prim-rules}.
26.648 -
26.649 - \item \verb|Thm.add_oracle|~\isa{{\isacharparenleft}name{\isacharcomma}\ oracle{\isacharparenright}} produces a named
26.650 - oracle rule, essentially generating arbitrary axioms on the fly,
26.651 - cf.\ \isa{axiom} in \figref{fig:prim-rules}.
26.652 -
26.653 - \item \verb|Theory.add_axioms_i|~\isa{{\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ A{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares
26.654 - arbitrary propositions as axioms.
26.655 -
26.656 - \item \verb|Theory.add_deps|~\isa{name\ c\isactrlisub {\isasymtau}\ \isactrlvec d\isactrlisub {\isasymsigma}} declares dependencies of a named specification
26.657 - for constant \isa{c\isactrlisub {\isasymtau}}, relative to existing
26.658 - specifications for constants \isa{\isactrlvec d\isactrlisub {\isasymsigma}}.
26.659 -
26.660 - \item \verb|Theory.add_defs_i|~\isa{unchecked\ overloaded\ {\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ c\ \isactrlvec x\ {\isasymequiv}\ t{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} states a definitional axiom for an existing
26.661 - constant \isa{c}. Dependencies are recorded (cf.\ \verb|Theory.add_deps|), unless the \isa{unchecked} option is set.
26.662 -
26.663 - \end{description}%
26.664 -\end{isamarkuptext}%
26.665 -\isamarkuptrue%
26.666 -%
26.667 -\endisatagmlref
26.668 -{\isafoldmlref}%
26.669 -%
26.670 -\isadelimmlref
26.671 -%
26.672 -\endisadelimmlref
26.673 -%
26.674 -\isamarkupsubsection{Auxiliary definitions%
26.675 -}
26.676 -\isamarkuptrue%
26.677 -%
26.678 -\begin{isamarkuptext}%
26.679 -Theory \isa{Pure} provides a few auxiliary definitions, see
26.680 - \figref{fig:pure-aux}. These special constants are normally not
26.681 - exposed to the user, but appear in internal encodings.
26.682 -
26.683 - \begin{figure}[htb]
26.684 - \begin{center}
26.685 - \begin{tabular}{ll}
26.686 - \isa{conjunction\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & (infix \isa{{\isacharampersand}}) \\
26.687 - \isa{{\isasymturnstile}\ A\ {\isacharampersand}\ B\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}C{\isachardot}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ C{\isacharparenright}\ {\isasymLongrightarrow}\ C{\isacharparenright}} \\[1ex]
26.688 - \isa{prop\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop} & (prefix \isa{{\isacharhash}}, suppressed) \\
26.689 - \isa{{\isacharhash}A\ {\isasymequiv}\ A} \\[1ex]
26.690 - \isa{term\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & (prefix \isa{TERM}) \\
26.691 - \isa{term\ x\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}A{\isachardot}\ A\ {\isasymLongrightarrow}\ A{\isacharparenright}} \\[1ex]
26.692 - \isa{TYPE\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself} & (prefix \isa{TYPE}) \\
26.693 - \isa{{\isacharparenleft}unspecified{\isacharparenright}} \\
26.694 - \end{tabular}
26.695 - \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
26.696 - \end{center}
26.697 - \end{figure}
26.698 -
26.699 - Derived conjunction rules include introduction \isa{A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ A\ {\isacharampersand}\ B}, and destructions \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ A} and \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ B}.
26.700 - Conjunction allows to treat simultaneous assumptions and conclusions
26.701 - uniformly. For example, multiple claims are intermediately
26.702 - represented as explicit conjunction, but this is refined into
26.703 - separate sub-goals before the user continues the proof; the final
26.704 - result is projected into a list of theorems (cf.\
26.705 - \secref{sec:tactical-goals}).
26.706 -
26.707 - The \isa{prop} marker (\isa{{\isacharhash}}) makes arbitrarily complex
26.708 - propositions appear as atomic, without changing the meaning: \isa{{\isasymGamma}\ {\isasymturnstile}\ A} and \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isacharhash}A} are interchangeable. See
26.709 - \secref{sec:tactical-goals} for specific operations.
26.710 -
26.711 - The \isa{term} marker turns any well-typed term into a derivable
26.712 - proposition: \isa{{\isasymturnstile}\ TERM\ t} holds unconditionally. Although
26.713 - this is logically vacuous, it allows to treat terms and proofs
26.714 - uniformly, similar to a type-theoretic framework.
26.715 -
26.716 - The \isa{TYPE} constructor is the canonical representative of
26.717 - the unspecified type \isa{{\isasymalpha}\ itself}; it essentially injects the
26.718 - language of types into that of terms. There is specific notation
26.719 - \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} for \isa{TYPE\isactrlbsub {\isasymtau}\ itself\isactrlesub }.
26.720 - Although being devoid of any particular meaning, the \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} accounts for the type \isa{{\isasymtau}} within the term
26.721 - language. In particular, \isa{TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}} may be used as formal
26.722 - argument in primitive definitions, in order to circumvent hidden
26.723 - polymorphism (cf.\ \secref{sec:terms}). For example, \isa{c\ TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}\ {\isasymequiv}\ A{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} defines \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself\ {\isasymRightarrow}\ prop} in terms of
26.724 - a proposition \isa{A} that depends on an additional type
26.725 - argument, which is essentially a predicate on types.%
26.726 -\end{isamarkuptext}%
26.727 -\isamarkuptrue%
26.728 -%
26.729 -\isadelimmlref
26.730 -%
26.731 -\endisadelimmlref
26.732 -%
26.733 -\isatagmlref
26.734 -%
26.735 -\begin{isamarkuptext}%
26.736 -\begin{mldecls}
26.737 - \indexml{Conjunction.intr}\verb|Conjunction.intr: thm -> thm -> thm| \\
26.738 - \indexml{Conjunction.elim}\verb|Conjunction.elim: thm -> thm * thm| \\
26.739 - \indexml{Drule.mk\_term}\verb|Drule.mk_term: cterm -> thm| \\
26.740 - \indexml{Drule.dest\_term}\verb|Drule.dest_term: thm -> cterm| \\
26.741 - \indexml{Logic.mk\_type}\verb|Logic.mk_type: typ -> term| \\
26.742 - \indexml{Logic.dest\_type}\verb|Logic.dest_type: term -> typ| \\
26.743 - \end{mldecls}
26.744 -
26.745 - \begin{description}
26.746 -
26.747 - \item \verb|Conjunction.intr| derives \isa{A\ {\isacharampersand}\ B} from \isa{A} and \isa{B}.
26.748 -
26.749 - \item \verb|Conjunction.elim| derives \isa{A} and \isa{B}
26.750 - from \isa{A\ {\isacharampersand}\ B}.
26.751 -
26.752 - \item \verb|Drule.mk_term| derives \isa{TERM\ t}.
26.753 -
26.754 - \item \verb|Drule.dest_term| recovers term \isa{t} from \isa{TERM\ t}.
26.755 -
26.756 - \item \verb|Logic.mk_type|~\isa{{\isasymtau}} produces the term \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}}.
26.757 -
26.758 - \item \verb|Logic.dest_type|~\isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} recovers the type
26.759 - \isa{{\isasymtau}}.
26.760 -
26.761 - \end{description}%
26.762 -\end{isamarkuptext}%
26.763 -\isamarkuptrue%
26.764 -%
26.765 -\endisatagmlref
26.766 -{\isafoldmlref}%
26.767 -%
26.768 -\isadelimmlref
26.769 -%
26.770 -\endisadelimmlref
26.771 -%
26.772 -\isamarkupsection{Object-level rules \label{sec:obj-rules}%
26.773 -}
26.774 -\isamarkuptrue%
26.775 -%
26.776 -\isadelimFIXME
26.777 -%
26.778 -\endisadelimFIXME
26.779 -%
26.780 -\isatagFIXME
26.781 -%
26.782 -\begin{isamarkuptext}%
26.783 -FIXME
26.784 -
26.785 - A \emph{rule} is any Pure theorem in HHF normal form; there is a
26.786 - separate calculus for rule composition, which is modeled after
26.787 - Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows
26.788 - rules to be nested arbitrarily, similar to \cite{extensions91}.
26.789 -
26.790 - Normally, all theorems accessible to the user are proper rules.
26.791 - Low-level inferences are occasional required internally, but the
26.792 - result should be always presented in canonical form. The higher
26.793 - interfaces of Isabelle/Isar will always produce proper rules. It is
26.794 - important to maintain this invariant in add-on applications!
26.795 -
26.796 - There are two main principles of rule composition: \isa{resolution} (i.e.\ backchaining of rules) and \isa{by{\isacharminus}assumption} (i.e.\ closing a branch); both principles are
26.797 - combined in the variants of \isa{elim{\isacharminus}resolution} and \isa{dest{\isacharminus}resolution}. Raw \isa{composition} is occasionally
26.798 - useful as well, also it is strictly speaking outside of the proper
26.799 - rule calculus.
26.800 -
26.801 - Rules are treated modulo general higher-order unification, which is
26.802 - unification modulo the equational theory of \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion
26.803 - on \isa{{\isasymlambda}}-terms. Moreover, propositions are understood modulo
26.804 - the (derived) equivalence \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}.
26.805 -
26.806 - This means that any operations within the rule calculus may be
26.807 - subject to spontaneous \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-HHF conversions. It is common
26.808 - practice not to contract or expand unnecessarily. Some mechanisms
26.809 - prefer an one form, others the opposite, so there is a potential
26.810 - danger to produce some oscillation!
26.811 -
26.812 - Only few operations really work \emph{modulo} HHF conversion, but
26.813 - expect a normal form: quantifiers \isa{{\isasymAnd}} before implications
26.814 - \isa{{\isasymLongrightarrow}} at each level of nesting.
26.815 -
26.816 -\glossary{Hereditary Harrop Formula}{The set of propositions in HHF
26.817 -format is defined inductively as \isa{H\ {\isacharequal}\ {\isacharparenleft}{\isasymAnd}x\isactrlsup {\isacharasterisk}{\isachardot}\ H\isactrlsup {\isacharasterisk}\ {\isasymLongrightarrow}\ A{\isacharparenright}}, for variables \isa{x} and atomic propositions \isa{A}.
26.818 -Any proposition may be put into HHF form by normalizing with the rule
26.819 -\isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}. In Isabelle, the outermost
26.820 -quantifier prefix is represented via \seeglossary{schematic
26.821 -variables}, such that the top-level structure is merely that of a
26.822 -\seeglossary{Horn Clause}}.
26.823 -
26.824 -\glossary{HHF}{See \seeglossary{Hereditary Harrop Formula}.}
26.825 -
26.826 -
26.827 - \[
26.828 - \infer[\isa{{\isacharparenleft}assumption{\isacharparenright}}]{\isa{C{\isasymvartheta}}}
26.829 - {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ A\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} & \isa{A{\isasymvartheta}\ {\isacharequal}\ H\isactrlsub i{\isasymvartheta}}~~\text{(for some~\isa{i})}}
26.830 - \]
26.831 -
26.832 -
26.833 - \[
26.834 - \infer[\isa{{\isacharparenleft}compose{\isacharparenright}}]{\isa{\isactrlvec A{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
26.835 - {\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B} & \isa{B{\isacharprime}\ {\isasymLongrightarrow}\ C} & \isa{B{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}}}
26.836 - \]
26.837 -
26.838 -
26.839 - \[
26.840 - \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}}}{\isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a}}
26.841 - \]
26.842 - \[
26.843 - \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ \isactrlvec A{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ B{\isacharparenright}}}{\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B}}
26.844 - \]
26.845 -
26.846 - The \isa{resolve} scheme is now acquired from \isa{{\isasymAnd}{\isacharunderscore}lift},
26.847 - \isa{{\isasymLongrightarrow}{\isacharunderscore}lift}, and \isa{compose}.
26.848 -
26.849 - \[
26.850 - \infer[\isa{{\isacharparenleft}resolution{\isacharparenright}}]
26.851 - {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
26.852 - {\begin{tabular}{l}
26.853 - \isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a} \\
26.854 - \isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ B{\isacharprime}\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} \\
26.855 - \isa{{\isacharparenleft}{\isasymlambda}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}} \\
26.856 - \end{tabular}}
26.857 - \]
26.858 -
26.859 -
26.860 - FIXME \isa{elim{\isacharunderscore}resolution}, \isa{dest{\isacharunderscore}resolution}%
26.861 -\end{isamarkuptext}%
26.862 -\isamarkuptrue%
26.863 -%
26.864 -\endisatagFIXME
26.865 -{\isafoldFIXME}%
26.866 -%
26.867 -\isadelimFIXME
26.868 -%
26.869 -\endisadelimFIXME
26.870 -%
26.871 -\isadelimtheory
26.872 -%
26.873 -\endisadelimtheory
26.874 -%
26.875 -\isatagtheory
26.876 -\isacommand{end}\isamarkupfalse%
26.877 -%
26.878 -\endisatagtheory
26.879 -{\isafoldtheory}%
26.880 -%
26.881 -\isadelimtheory
26.882 -%
26.883 -\endisadelimtheory
26.884 -\isanewline
26.885 -\end{isabellebody}%
26.886 -%%% Local Variables:
26.887 -%%% mode: latex
26.888 -%%% TeX-master: "root"
26.889 -%%% End:
27.1 --- a/doc-src/IsarImplementation/Thy/document/prelim.tex Mon Feb 16 20:25:21 2009 +0100
27.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
27.3 @@ -1,911 +0,0 @@
27.4 -%
27.5 -\begin{isabellebody}%
27.6 -\def\isabellecontext{prelim}%
27.7 -%
27.8 -\isadelimtheory
27.9 -\isanewline
27.10 -\isanewline
27.11 -\isanewline
27.12 -%
27.13 -\endisadelimtheory
27.14 -%
27.15 -\isatagtheory
27.16 -\isacommand{theory}\isamarkupfalse%
27.17 -\ prelim\ \isakeyword{imports}\ base\ \isakeyword{begin}%
27.18 -\endisatagtheory
27.19 -{\isafoldtheory}%
27.20 -%
27.21 -\isadelimtheory
27.22 -%
27.23 -\endisadelimtheory
27.24 -%
27.25 -\isamarkupchapter{Preliminaries%
27.26 -}
27.27 -\isamarkuptrue%
27.28 -%
27.29 -\isamarkupsection{Contexts \label{sec:context}%
27.30 -}
27.31 -\isamarkuptrue%
27.32 -%
27.33 -\begin{isamarkuptext}%
27.34 -A logical context represents the background that is required for
27.35 - formulating statements and composing proofs. It acts as a medium to
27.36 - produce formal content, depending on earlier material (declarations,
27.37 - results etc.).
27.38 -
27.39 - For example, derivations within the Isabelle/Pure logic can be
27.40 - described as a judgment \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}, which means that a
27.41 - proposition \isa{{\isasymphi}} is derivable from hypotheses \isa{{\isasymGamma}}
27.42 - within the theory \isa{{\isasymTheta}}. There are logical reasons for
27.43 - keeping \isa{{\isasymTheta}} and \isa{{\isasymGamma}} separate: theories can be
27.44 - liberal about supporting type constructors and schematic
27.45 - polymorphism of constants and axioms, while the inner calculus of
27.46 - \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}} is strictly limited to Simple Type Theory (with
27.47 - fixed type variables in the assumptions).
27.48 -
27.49 - \medskip Contexts and derivations are linked by the following key
27.50 - principles:
27.51 -
27.52 - \begin{itemize}
27.53 -
27.54 - \item Transfer: monotonicity of derivations admits results to be
27.55 - transferred into a \emph{larger} context, i.e.\ \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}} implies \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\isactrlsub {\isacharprime}\ {\isasymphi}} for contexts \isa{{\isasymTheta}{\isacharprime}\ {\isasymsupseteq}\ {\isasymTheta}} and \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}}.
27.56 -
27.57 - \item Export: discharge of hypotheses admits results to be exported
27.58 - into a \emph{smaller} context, i.e.\ \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}
27.59 - implies \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymDelta}\ {\isasymLongrightarrow}\ {\isasymphi}} where \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}} and
27.60 - \isa{{\isasymDelta}\ {\isacharequal}\ {\isasymGamma}{\isacharprime}\ {\isacharminus}\ {\isasymGamma}}. Note that \isa{{\isasymTheta}} remains unchanged here,
27.61 - only the \isa{{\isasymGamma}} part is affected.
27.62 -
27.63 - \end{itemize}
27.64 -
27.65 - \medskip By modeling the main characteristics of the primitive
27.66 - \isa{{\isasymTheta}} and \isa{{\isasymGamma}} above, and abstracting over any
27.67 - particular logical content, we arrive at the fundamental notions of
27.68 - \emph{theory context} and \emph{proof context} in Isabelle/Isar.
27.69 - These implement a certain policy to manage arbitrary \emph{context
27.70 - data}. There is a strongly-typed mechanism to declare new kinds of
27.71 - data at compile time.
27.72 -
27.73 - The internal bootstrap process of Isabelle/Pure eventually reaches a
27.74 - stage where certain data slots provide the logical content of \isa{{\isasymTheta}} and \isa{{\isasymGamma}} sketched above, but this does not stop there!
27.75 - Various additional data slots support all kinds of mechanisms that
27.76 - are not necessarily part of the core logic.
27.77 -
27.78 - For example, there would be data for canonical introduction and
27.79 - elimination rules for arbitrary operators (depending on the
27.80 - object-logic and application), which enables users to perform
27.81 - standard proof steps implicitly (cf.\ the \isa{rule} method
27.82 - \cite{isabelle-isar-ref}).
27.83 -
27.84 - \medskip Thus Isabelle/Isar is able to bring forth more and more
27.85 - concepts successively. In particular, an object-logic like
27.86 - Isabelle/HOL continues the Isabelle/Pure setup by adding specific
27.87 - components for automated reasoning (classical reasoner, tableau
27.88 - prover, structured induction etc.) and derived specification
27.89 - mechanisms (inductive predicates, recursive functions etc.). All of
27.90 - this is ultimately based on the generic data management by theory
27.91 - and proof contexts introduced here.%
27.92 -\end{isamarkuptext}%
27.93 -\isamarkuptrue%
27.94 -%
27.95 -\isamarkupsubsection{Theory context \label{sec:context-theory}%
27.96 -}
27.97 -\isamarkuptrue%
27.98 -%
27.99 -\begin{isamarkuptext}%
27.100 -\glossary{Theory}{FIXME}
27.101 -
27.102 - A \emph{theory} is a data container with explicit named and unique
27.103 - identifier. Theories are related by a (nominal) sub-theory
27.104 - relation, which corresponds to the dependency graph of the original
27.105 - construction; each theory is derived from a certain sub-graph of
27.106 - ancestor theories.
27.107 -
27.108 - The \isa{merge} operation produces the least upper bound of two
27.109 - theories, which actually degenerates into absorption of one theory
27.110 - into the other (due to the nominal sub-theory relation).
27.111 -
27.112 - The \isa{begin} operation starts a new theory by importing
27.113 - several parent theories and entering a special \isa{draft} mode,
27.114 - which is sustained until the final \isa{end} operation. A draft
27.115 - theory acts like a linear type, where updates invalidate earlier
27.116 - versions. An invalidated draft is called ``stale''.
27.117 -
27.118 - The \isa{checkpoint} operation produces an intermediate stepping
27.119 - stone that will survive the next update: both the original and the
27.120 - changed theory remain valid and are related by the sub-theory
27.121 - relation. Checkpointing essentially recovers purely functional
27.122 - theory values, at the expense of some extra internal bookkeeping.
27.123 -
27.124 - The \isa{copy} operation produces an auxiliary version that has
27.125 - the same data content, but is unrelated to the original: updates of
27.126 - the copy do not affect the original, neither does the sub-theory
27.127 - relation hold.
27.128 -
27.129 - \medskip The example in \figref{fig:ex-theory} below shows a theory
27.130 - graph derived from \isa{Pure}, with theory \isa{Length}
27.131 - importing \isa{Nat} and \isa{List}. The body of \isa{Length} consists of a sequence of updates, working mostly on
27.132 - drafts. Intermediate checkpoints may occur as well, due to the
27.133 - history mechanism provided by the Isar top-level, cf.\
27.134 - \secref{sec:isar-toplevel}.
27.135 -
27.136 - \begin{figure}[htb]
27.137 - \begin{center}
27.138 - \begin{tabular}{rcccl}
27.139 - & & \isa{Pure} \\
27.140 - & & \isa{{\isasymdown}} \\
27.141 - & & \isa{FOL} \\
27.142 - & $\swarrow$ & & $\searrow$ & \\
27.143 - \isa{Nat} & & & & \isa{List} \\
27.144 - & $\searrow$ & & $\swarrow$ \\
27.145 - & & \isa{Length} \\
27.146 - & & \multicolumn{3}{l}{~~\hyperlink{keyword.imports}{\mbox{\isa{\isakeyword{imports}}}}} \\
27.147 - & & \multicolumn{3}{l}{~~\hyperlink{keyword.begin}{\mbox{\isa{\isakeyword{begin}}}}} \\
27.148 - & & $\vdots$~~ \\
27.149 - & & \isa{{\isasymbullet}}~~ \\
27.150 - & & $\vdots$~~ \\
27.151 - & & \isa{{\isasymbullet}}~~ \\
27.152 - & & $\vdots$~~ \\
27.153 - & & \multicolumn{3}{l}{~~\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}} \\
27.154 - \end{tabular}
27.155 - \caption{A theory definition depending on ancestors}\label{fig:ex-theory}
27.156 - \end{center}
27.157 - \end{figure}
27.158 -
27.159 - \medskip There is a separate notion of \emph{theory reference} for
27.160 - maintaining a live link to an evolving theory context: updates on
27.161 - drafts are propagated automatically. Dynamic updating stops after
27.162 - an explicit \isa{end} only.
27.163 -
27.164 - Derived entities may store a theory reference in order to indicate
27.165 - the context they belong to. This implicitly assumes monotonic
27.166 - reasoning, because the referenced context may become larger without
27.167 - further notice.%
27.168 -\end{isamarkuptext}%
27.169 -\isamarkuptrue%
27.170 -%
27.171 -\isadelimmlref
27.172 -%
27.173 -\endisadelimmlref
27.174 -%
27.175 -\isatagmlref
27.176 -%
27.177 -\begin{isamarkuptext}%
27.178 -\begin{mldecls}
27.179 - \indexmltype{theory}\verb|type theory| \\
27.180 - \indexml{Theory.subthy}\verb|Theory.subthy: theory * theory -> bool| \\
27.181 - \indexml{Theory.merge}\verb|Theory.merge: theory * theory -> theory| \\
27.182 - \indexml{Theory.checkpoint}\verb|Theory.checkpoint: theory -> theory| \\
27.183 - \indexml{Theory.copy}\verb|Theory.copy: theory -> theory| \\
27.184 - \end{mldecls}
27.185 - \begin{mldecls}
27.186 - \indexmltype{theory\_ref}\verb|type theory_ref| \\
27.187 - \indexml{Theory.deref}\verb|Theory.deref: theory_ref -> theory| \\
27.188 - \indexml{Theory.check\_thy}\verb|Theory.check_thy: theory -> theory_ref| \\
27.189 - \end{mldecls}
27.190 -
27.191 - \begin{description}
27.192 -
27.193 - \item \verb|theory| represents theory contexts. This is
27.194 - essentially a linear type! Most operations destroy the original
27.195 - version, which then becomes ``stale''.
27.196 -
27.197 - \item \verb|Theory.subthy|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
27.198 - compares theories according to the inherent graph structure of the
27.199 - construction. This sub-theory relation is a nominal approximation
27.200 - of inclusion (\isa{{\isasymsubseteq}}) of the corresponding content.
27.201 -
27.202 - \item \verb|Theory.merge|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
27.203 - absorbs one theory into the other. This fails for unrelated
27.204 - theories!
27.205 -
27.206 - \item \verb|Theory.checkpoint|~\isa{thy} produces a safe
27.207 - stepping stone in the linear development of \isa{thy}. The next
27.208 - update will result in two related, valid theories.
27.209 -
27.210 - \item \verb|Theory.copy|~\isa{thy} produces a variant of \isa{thy} that holds a copy of the same data. The result is not
27.211 - related to the original; the original is unchanched.
27.212 -
27.213 - \item \verb|theory_ref| represents a sliding reference to an
27.214 - always valid theory; updates on the original are propagated
27.215 - automatically.
27.216 -
27.217 - \item \verb|Theory.deref|~\isa{thy{\isacharunderscore}ref} turns a \verb|theory_ref| into an \verb|theory| value. As the referenced
27.218 - theory evolves monotonically over time, later invocations of \verb|Theory.deref| may refer to a larger context.
27.219 -
27.220 - \item \verb|Theory.check_thy|~\isa{thy} produces a \verb|theory_ref| from a valid \verb|theory| value.
27.221 -
27.222 - \end{description}%
27.223 -\end{isamarkuptext}%
27.224 -\isamarkuptrue%
27.225 -%
27.226 -\endisatagmlref
27.227 -{\isafoldmlref}%
27.228 -%
27.229 -\isadelimmlref
27.230 -%
27.231 -\endisadelimmlref
27.232 -%
27.233 -\isamarkupsubsection{Proof context \label{sec:context-proof}%
27.234 -}
27.235 -\isamarkuptrue%
27.236 -%
27.237 -\begin{isamarkuptext}%
27.238 -\glossary{Proof context}{The static context of a structured proof,
27.239 - acts like a local ``theory'' of the current portion of Isar proof
27.240 - text, generalizes the idea of local hypotheses \isa{{\isasymGamma}} in
27.241 - judgments \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}} of natural deduction calculi. There is a
27.242 - generic notion of introducing and discharging hypotheses.
27.243 - Arbritrary auxiliary context data may be adjoined.}
27.244 -
27.245 - A proof context is a container for pure data with a back-reference
27.246 - to the theory it belongs to. The \isa{init} operation creates a
27.247 - proof context from a given theory. Modifications to draft theories
27.248 - are propagated to the proof context as usual, but there is also an
27.249 - explicit \isa{transfer} operation to force resynchronization
27.250 - with more substantial updates to the underlying theory. The actual
27.251 - context data does not require any special bookkeeping, thanks to the
27.252 - lack of destructive features.
27.253 -
27.254 - Entities derived in a proof context need to record inherent logical
27.255 - requirements explicitly, since there is no separate context
27.256 - identification as for theories. For example, hypotheses used in
27.257 - primitive derivations (cf.\ \secref{sec:thms}) are recorded
27.258 - separately within the sequent \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}}, just to make double
27.259 - sure. Results could still leak into an alien proof context do to
27.260 - programming errors, but Isabelle/Isar includes some extra validity
27.261 - checks in critical positions, notably at the end of a sub-proof.
27.262 -
27.263 - Proof contexts may be manipulated arbitrarily, although the common
27.264 - discipline is to follow block structure as a mental model: a given
27.265 - context is extended consecutively, and results are exported back
27.266 - into the original context. Note that the Isar proof states model
27.267 - block-structured reasoning explicitly, using a stack of proof
27.268 - contexts internally, cf.\ \secref{sec:isar-proof-state}.%
27.269 -\end{isamarkuptext}%
27.270 -\isamarkuptrue%
27.271 -%
27.272 -\isadelimmlref
27.273 -%
27.274 -\endisadelimmlref
27.275 -%
27.276 -\isatagmlref
27.277 -%
27.278 -\begin{isamarkuptext}%
27.279 -\begin{mldecls}
27.280 - \indexmltype{Proof.context}\verb|type Proof.context| \\
27.281 - \indexml{ProofContext.init}\verb|ProofContext.init: theory -> Proof.context| \\
27.282 - \indexml{ProofContext.theory\_of}\verb|ProofContext.theory_of: Proof.context -> theory| \\
27.283 - \indexml{ProofContext.transfer}\verb|ProofContext.transfer: theory -> Proof.context -> Proof.context| \\
27.284 - \end{mldecls}
27.285 -
27.286 - \begin{description}
27.287 -
27.288 - \item \verb|Proof.context| represents proof contexts. Elements
27.289 - of this type are essentially pure values, with a sliding reference
27.290 - to the background theory.
27.291 -
27.292 - \item \verb|ProofContext.init|~\isa{thy} produces a proof context
27.293 - derived from \isa{thy}, initializing all data.
27.294 -
27.295 - \item \verb|ProofContext.theory_of|~\isa{ctxt} selects the
27.296 - background theory from \isa{ctxt}, dereferencing its internal
27.297 - \verb|theory_ref|.
27.298 -
27.299 - \item \verb|ProofContext.transfer|~\isa{thy\ ctxt} promotes the
27.300 - background theory of \isa{ctxt} to the super theory \isa{thy}.
27.301 -
27.302 - \end{description}%
27.303 -\end{isamarkuptext}%
27.304 -\isamarkuptrue%
27.305 -%
27.306 -\endisatagmlref
27.307 -{\isafoldmlref}%
27.308 -%
27.309 -\isadelimmlref
27.310 -%
27.311 -\endisadelimmlref
27.312 -%
27.313 -\isamarkupsubsection{Generic contexts \label{sec:generic-context}%
27.314 -}
27.315 -\isamarkuptrue%
27.316 -%
27.317 -\begin{isamarkuptext}%
27.318 -A generic context is the disjoint sum of either a theory or proof
27.319 - context. Occasionally, this enables uniform treatment of generic
27.320 - context data, typically extra-logical information. Operations on
27.321 - generic contexts include the usual injections, partial selections,
27.322 - and combinators for lifting operations on either component of the
27.323 - disjoint sum.
27.324 -
27.325 - Moreover, there are total operations \isa{theory{\isacharunderscore}of} and \isa{proof{\isacharunderscore}of} to convert a generic context into either kind: a theory
27.326 - can always be selected from the sum, while a proof context might
27.327 - have to be constructed by an ad-hoc \isa{init} operation.%
27.328 -\end{isamarkuptext}%
27.329 -\isamarkuptrue%
27.330 -%
27.331 -\isadelimmlref
27.332 -%
27.333 -\endisadelimmlref
27.334 -%
27.335 -\isatagmlref
27.336 -%
27.337 -\begin{isamarkuptext}%
27.338 -\begin{mldecls}
27.339 - \indexmltype{Context.generic}\verb|type Context.generic| \\
27.340 - \indexml{Context.theory\_of}\verb|Context.theory_of: Context.generic -> theory| \\
27.341 - \indexml{Context.proof\_of}\verb|Context.proof_of: Context.generic -> Proof.context| \\
27.342 - \end{mldecls}
27.343 -
27.344 - \begin{description}
27.345 -
27.346 - \item \verb|Context.generic| is the direct sum of \verb|theory| and \verb|Proof.context|, with the datatype
27.347 - constructors \verb|Context.Theory| and \verb|Context.Proof|.
27.348 -
27.349 - \item \verb|Context.theory_of|~\isa{context} always produces a
27.350 - theory from the generic \isa{context}, using \verb|ProofContext.theory_of| as required.
27.351 -
27.352 - \item \verb|Context.proof_of|~\isa{context} always produces a
27.353 - proof context from the generic \isa{context}, using \verb|ProofContext.init| as required (note that this re-initializes the
27.354 - context data with each invocation).
27.355 -
27.356 - \end{description}%
27.357 -\end{isamarkuptext}%
27.358 -\isamarkuptrue%
27.359 -%
27.360 -\endisatagmlref
27.361 -{\isafoldmlref}%
27.362 -%
27.363 -\isadelimmlref
27.364 -%
27.365 -\endisadelimmlref
27.366 -%
27.367 -\isamarkupsubsection{Context data \label{sec:context-data}%
27.368 -}
27.369 -\isamarkuptrue%
27.370 -%
27.371 -\begin{isamarkuptext}%
27.372 -The main purpose of theory and proof contexts is to manage arbitrary
27.373 - data. New data types can be declared incrementally at compile time.
27.374 - There are separate declaration mechanisms for any of the three kinds
27.375 - of contexts: theory, proof, generic.
27.376 -
27.377 - \paragraph{Theory data} may refer to destructive entities, which are
27.378 - maintained in direct correspondence to the linear evolution of
27.379 - theory values, including explicit copies.\footnote{Most existing
27.380 - instances of destructive theory data are merely historical relics
27.381 - (e.g.\ the destructive theorem storage, and destructive hints for
27.382 - the Simplifier and Classical rules).} A theory data declaration
27.383 - needs to implement the following SML signature:
27.384 -
27.385 - \medskip
27.386 - \begin{tabular}{ll}
27.387 - \isa{{\isasymtype}\ T} & representing type \\
27.388 - \isa{{\isasymval}\ empty{\isacharcolon}\ T} & empty default value \\
27.389 - \isa{{\isasymval}\ copy{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & refresh impure data \\
27.390 - \isa{{\isasymval}\ extend{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & re-initialize on import \\
27.391 - \isa{{\isasymval}\ merge{\isacharcolon}\ T\ {\isasymtimes}\ T\ {\isasymrightarrow}\ T} & join on import \\
27.392 - \end{tabular}
27.393 - \medskip
27.394 -
27.395 - \noindent The \isa{empty} value acts as initial default for
27.396 - \emph{any} theory that does not declare actual data content; \isa{copy} maintains persistent integrity for impure data, it is just
27.397 - the identity for pure values; \isa{extend} is acts like a
27.398 - unitary version of \isa{merge}, both operations should also
27.399 - include the functionality of \isa{copy} for impure data.
27.400 -
27.401 - \paragraph{Proof context data} is purely functional. A declaration
27.402 - needs to implement the following SML signature:
27.403 -
27.404 - \medskip
27.405 - \begin{tabular}{ll}
27.406 - \isa{{\isasymtype}\ T} & representing type \\
27.407 - \isa{{\isasymval}\ init{\isacharcolon}\ theory\ {\isasymrightarrow}\ T} & produce initial value \\
27.408 - \end{tabular}
27.409 - \medskip
27.410 -
27.411 - \noindent The \isa{init} operation is supposed to produce a pure
27.412 - value from the given background theory.
27.413 -
27.414 - \paragraph{Generic data} provides a hybrid interface for both theory
27.415 - and proof data. The declaration is essentially the same as for
27.416 - (pure) theory data, without \isa{copy}. The \isa{init}
27.417 - operation for proof contexts merely selects the current data value
27.418 - from the background theory.
27.419 -
27.420 - \bigskip A data declaration of type \isa{T} results in the
27.421 - following interface:
27.422 -
27.423 - \medskip
27.424 - \begin{tabular}{ll}
27.425 - \isa{init{\isacharcolon}\ theory\ {\isasymrightarrow}\ theory} \\
27.426 - \isa{get{\isacharcolon}\ context\ {\isasymrightarrow}\ T} \\
27.427 - \isa{put{\isacharcolon}\ T\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
27.428 - \isa{map{\isacharcolon}\ {\isacharparenleft}T\ {\isasymrightarrow}\ T{\isacharparenright}\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
27.429 - \end{tabular}
27.430 - \medskip
27.431 -
27.432 - \noindent Here \isa{init} is only applicable to impure theory
27.433 - data to install a fresh copy persistently (destructive update on
27.434 - uninitialized has no permanent effect). The other operations provide
27.435 - access for the particular kind of context (theory, proof, or generic
27.436 - context). Note that this is a safe interface: there is no other way
27.437 - to access the corresponding data slot of a context. By keeping
27.438 - these operations private, a component may maintain abstract values
27.439 - authentically, without other components interfering.%
27.440 -\end{isamarkuptext}%
27.441 -\isamarkuptrue%
27.442 -%
27.443 -\isadelimmlref
27.444 -%
27.445 -\endisadelimmlref
27.446 -%
27.447 -\isatagmlref
27.448 -%
27.449 -\begin{isamarkuptext}%
27.450 -\begin{mldecls}
27.451 - \indexmlfunctor{TheoryDataFun}\verb|functor TheoryDataFun| \\
27.452 - \indexmlfunctor{ProofDataFun}\verb|functor ProofDataFun| \\
27.453 - \indexmlfunctor{GenericDataFun}\verb|functor GenericDataFun| \\
27.454 - \end{mldecls}
27.455 -
27.456 - \begin{description}
27.457 -
27.458 - \item \verb|TheoryDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} declares data for
27.459 - type \verb|theory| according to the specification provided as
27.460 - argument structure. The resulting structure provides data init and
27.461 - access operations as described above.
27.462 -
27.463 - \item \verb|ProofDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
27.464 - \verb|TheoryDataFun| for type \verb|Proof.context|.
27.465 -
27.466 - \item \verb|GenericDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
27.467 - \verb|TheoryDataFun| for type \verb|Context.generic|.
27.468 -
27.469 - \end{description}%
27.470 -\end{isamarkuptext}%
27.471 -\isamarkuptrue%
27.472 -%
27.473 -\endisatagmlref
27.474 -{\isafoldmlref}%
27.475 -%
27.476 -\isadelimmlref
27.477 -%
27.478 -\endisadelimmlref
27.479 -%
27.480 -\isamarkupsection{Names \label{sec:names}%
27.481 -}
27.482 -\isamarkuptrue%
27.483 -%
27.484 -\begin{isamarkuptext}%
27.485 -In principle, a name is just a string, but there are various
27.486 - convention for encoding additional structure. For example, ``\isa{Foo{\isachardot}bar{\isachardot}baz}'' is considered as a qualified name consisting of
27.487 - three basic name components. The individual constituents of a name
27.488 - may have further substructure, e.g.\ the string
27.489 - ``\verb,\,\verb,<alpha>,'' encodes as a single symbol.%
27.490 -\end{isamarkuptext}%
27.491 -\isamarkuptrue%
27.492 -%
27.493 -\isamarkupsubsection{Strings of symbols%
27.494 -}
27.495 -\isamarkuptrue%
27.496 -%
27.497 -\begin{isamarkuptext}%
27.498 -\glossary{Symbol}{The smallest unit of text in Isabelle, subsumes
27.499 - plain ASCII characters as well as an infinite collection of named
27.500 - symbols (for greek, math etc.).}
27.501 -
27.502 - A \emph{symbol} constitutes the smallest textual unit in Isabelle
27.503 - --- raw characters are normally not encountered at all. Isabelle
27.504 - strings consist of a sequence of symbols, represented as a packed
27.505 - string or a list of strings. Each symbol is in itself a small
27.506 - string, which has either one of the following forms:
27.507 -
27.508 - \begin{enumerate}
27.509 -
27.510 - \item a single ASCII character ``\isa{c}'', for example
27.511 - ``\verb,a,'',
27.512 -
27.513 - \item a regular symbol ``\verb,\,\verb,<,\isa{ident}\verb,>,'',
27.514 - for example ``\verb,\,\verb,<alpha>,'',
27.515 -
27.516 - \item a control symbol ``\verb,\,\verb,<^,\isa{ident}\verb,>,'',
27.517 - for example ``\verb,\,\verb,<^bold>,'',
27.518 -
27.519 - \item a raw symbol ``\verb,\,\verb,<^raw:,\isa{text}\verb,>,''
27.520 - where \isa{text} constists of printable characters excluding
27.521 - ``\verb,.,'' and ``\verb,>,'', for example
27.522 - ``\verb,\,\verb,<^raw:$\sum_{i = 1}^n$>,'',
27.523 -
27.524 - \item a numbered raw control symbol ``\verb,\,\verb,<^raw,\isa{n}\verb,>, where \isa{n} consists of digits, for example
27.525 - ``\verb,\,\verb,<^raw42>,''.
27.526 -
27.527 - \end{enumerate}
27.528 -
27.529 - \noindent The \isa{ident} syntax for symbol names is \isa{letter\ {\isacharparenleft}letter\ {\isacharbar}\ digit{\isacharparenright}\isactrlsup {\isacharasterisk}}, where \isa{letter\ {\isacharequal}\ A{\isachardot}{\isachardot}Za{\isachardot}{\isachardot}z} and \isa{digit\ {\isacharequal}\ {\isadigit{0}}{\isachardot}{\isachardot}{\isadigit{9}}}. There are infinitely many
27.530 - regular symbols and control symbols, but a fixed collection of
27.531 - standard symbols is treated specifically. For example,
27.532 - ``\verb,\,\verb,<alpha>,'' is classified as a letter, which means it
27.533 - may occur within regular Isabelle identifiers.
27.534 -
27.535 - Since the character set underlying Isabelle symbols is 7-bit ASCII
27.536 - and 8-bit characters are passed through transparently, Isabelle may
27.537 - also process Unicode/UCS data in UTF-8 encoding. Unicode provides
27.538 - its own collection of mathematical symbols, but there is no built-in
27.539 - link to the standard collection of Isabelle.
27.540 -
27.541 - \medskip Output of Isabelle symbols depends on the print mode
27.542 - (\secref{FIXME}). For example, the standard {\LaTeX} setup of the
27.543 - Isabelle document preparation system would present
27.544 - ``\verb,\,\verb,<alpha>,'' as \isa{{\isasymalpha}}, and
27.545 - ``\verb,\,\verb,<^bold>,\verb,\,\verb,<alpha>,'' as \isa{\isactrlbold {\isasymalpha}}.%
27.546 -\end{isamarkuptext}%
27.547 -\isamarkuptrue%
27.548 -%
27.549 -\isadelimmlref
27.550 -%
27.551 -\endisadelimmlref
27.552 -%
27.553 -\isatagmlref
27.554 -%
27.555 -\begin{isamarkuptext}%
27.556 -\begin{mldecls}
27.557 - \indexmltype{Symbol.symbol}\verb|type Symbol.symbol| \\
27.558 - \indexml{Symbol.explode}\verb|Symbol.explode: string -> Symbol.symbol list| \\
27.559 - \indexml{Symbol.is\_letter}\verb|Symbol.is_letter: Symbol.symbol -> bool| \\
27.560 - \indexml{Symbol.is\_digit}\verb|Symbol.is_digit: Symbol.symbol -> bool| \\
27.561 - \indexml{Symbol.is\_quasi}\verb|Symbol.is_quasi: Symbol.symbol -> bool| \\
27.562 - \indexml{Symbol.is\_blank}\verb|Symbol.is_blank: Symbol.symbol -> bool| \\
27.563 - \end{mldecls}
27.564 - \begin{mldecls}
27.565 - \indexmltype{Symbol.sym}\verb|type Symbol.sym| \\
27.566 - \indexml{Symbol.decode}\verb|Symbol.decode: Symbol.symbol -> Symbol.sym| \\
27.567 - \end{mldecls}
27.568 -
27.569 - \begin{description}
27.570 -
27.571 - \item \verb|Symbol.symbol| represents individual Isabelle
27.572 - symbols; this is an alias for \verb|string|.
27.573 -
27.574 - \item \verb|Symbol.explode|~\isa{str} produces a symbol list
27.575 - from the packed form. This function supercedes \verb|String.explode| for virtually all purposes of manipulating text in
27.576 - Isabelle!
27.577 -
27.578 - \item \verb|Symbol.is_letter|, \verb|Symbol.is_digit|, \verb|Symbol.is_quasi|, \verb|Symbol.is_blank| classify standard
27.579 - symbols according to fixed syntactic conventions of Isabelle, cf.\
27.580 - \cite{isabelle-isar-ref}.
27.581 -
27.582 - \item \verb|Symbol.sym| is a concrete datatype that represents
27.583 - the different kinds of symbols explicitly, with constructors \verb|Symbol.Char|, \verb|Symbol.Sym|, \verb|Symbol.Ctrl|, \verb|Symbol.Raw|.
27.584 -
27.585 - \item \verb|Symbol.decode| converts the string representation of a
27.586 - symbol into the datatype version.
27.587 -
27.588 - \end{description}%
27.589 -\end{isamarkuptext}%
27.590 -\isamarkuptrue%
27.591 -%
27.592 -\endisatagmlref
27.593 -{\isafoldmlref}%
27.594 -%
27.595 -\isadelimmlref
27.596 -%
27.597 -\endisadelimmlref
27.598 -%
27.599 -\isamarkupsubsection{Basic names \label{sec:basic-names}%
27.600 -}
27.601 -\isamarkuptrue%
27.602 -%
27.603 -\begin{isamarkuptext}%
27.604 -A \emph{basic name} essentially consists of a single Isabelle
27.605 - identifier. There are conventions to mark separate classes of basic
27.606 - names, by attaching a suffix of underscores (\isa{{\isacharunderscore}}): one
27.607 - underscore means \emph{internal name}, two underscores means
27.608 - \emph{Skolem name}, three underscores means \emph{internal Skolem
27.609 - name}.
27.610 -
27.611 - For example, the basic name \isa{foo} has the internal version
27.612 - \isa{foo{\isacharunderscore}}, with Skolem versions \isa{foo{\isacharunderscore}{\isacharunderscore}} and \isa{foo{\isacharunderscore}{\isacharunderscore}{\isacharunderscore}}, respectively.
27.613 -
27.614 - These special versions provide copies of the basic name space, apart
27.615 - from anything that normally appears in the user text. For example,
27.616 - system generated variables in Isar proof contexts are usually marked
27.617 - as internal, which prevents mysterious name references like \isa{xaa} to appear in the text.
27.618 -
27.619 - \medskip Manipulating binding scopes often requires on-the-fly
27.620 - renamings. A \emph{name context} contains a collection of already
27.621 - used names. The \isa{declare} operation adds names to the
27.622 - context.
27.623 -
27.624 - The \isa{invents} operation derives a number of fresh names from
27.625 - a given starting point. For example, the first three names derived
27.626 - from \isa{a} are \isa{a}, \isa{b}, \isa{c}.
27.627 -
27.628 - The \isa{variants} operation produces fresh names by
27.629 - incrementing tentative names as base-26 numbers (with digits \isa{a{\isachardot}{\isachardot}z}) until all clashes are resolved. For example, name \isa{foo} results in variants \isa{fooa}, \isa{foob}, \isa{fooc}, \dots, \isa{fooaa}, \isa{fooab} etc.; each renaming
27.630 - step picks the next unused variant from this sequence.%
27.631 -\end{isamarkuptext}%
27.632 -\isamarkuptrue%
27.633 -%
27.634 -\isadelimmlref
27.635 -%
27.636 -\endisadelimmlref
27.637 -%
27.638 -\isatagmlref
27.639 -%
27.640 -\begin{isamarkuptext}%
27.641 -\begin{mldecls}
27.642 - \indexml{Name.internal}\verb|Name.internal: string -> string| \\
27.643 - \indexml{Name.skolem}\verb|Name.skolem: string -> string| \\
27.644 - \end{mldecls}
27.645 - \begin{mldecls}
27.646 - \indexmltype{Name.context}\verb|type Name.context| \\
27.647 - \indexml{Name.context}\verb|Name.context: Name.context| \\
27.648 - \indexml{Name.declare}\verb|Name.declare: string -> Name.context -> Name.context| \\
27.649 - \indexml{Name.invents}\verb|Name.invents: Name.context -> string -> int -> string list| \\
27.650 - \indexml{Name.variants}\verb|Name.variants: string list -> Name.context -> string list * Name.context| \\
27.651 - \end{mldecls}
27.652 -
27.653 - \begin{description}
27.654 -
27.655 - \item \verb|Name.internal|~\isa{name} produces an internal name
27.656 - by adding one underscore.
27.657 -
27.658 - \item \verb|Name.skolem|~\isa{name} produces a Skolem name by
27.659 - adding two underscores.
27.660 -
27.661 - \item \verb|Name.context| represents the context of already used
27.662 - names; the initial value is \verb|Name.context|.
27.663 -
27.664 - \item \verb|Name.declare|~\isa{name} enters a used name into the
27.665 - context.
27.666 -
27.667 - \item \verb|Name.invents|~\isa{context\ name\ n} produces \isa{n} fresh names derived from \isa{name}.
27.668 -
27.669 - \item \verb|Name.variants|~\isa{names\ context} produces fresh
27.670 - varians of \isa{names}; the result is entered into the context.
27.671 -
27.672 - \end{description}%
27.673 -\end{isamarkuptext}%
27.674 -\isamarkuptrue%
27.675 -%
27.676 -\endisatagmlref
27.677 -{\isafoldmlref}%
27.678 -%
27.679 -\isadelimmlref
27.680 -%
27.681 -\endisadelimmlref
27.682 -%
27.683 -\isamarkupsubsection{Indexed names%
27.684 -}
27.685 -\isamarkuptrue%
27.686 -%
27.687 -\begin{isamarkuptext}%
27.688 -An \emph{indexed name} (or \isa{indexname}) is a pair of a basic
27.689 - name and a natural number. This representation allows efficient
27.690 - renaming by incrementing the second component only. The canonical
27.691 - way to rename two collections of indexnames apart from each other is
27.692 - this: determine the maximum index \isa{maxidx} of the first
27.693 - collection, then increment all indexes of the second collection by
27.694 - \isa{maxidx\ {\isacharplus}\ {\isadigit{1}}}; the maximum index of an empty collection is
27.695 - \isa{{\isacharminus}{\isadigit{1}}}.
27.696 -
27.697 - Occasionally, basic names and indexed names are injected into the
27.698 - same pair type: the (improper) indexname \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}} is used
27.699 - to encode basic names.
27.700 -
27.701 - \medskip Isabelle syntax observes the following rules for
27.702 - representing an indexname \isa{{\isacharparenleft}x{\isacharcomma}\ i{\isacharparenright}} as a packed string:
27.703 -
27.704 - \begin{itemize}
27.705 -
27.706 - \item \isa{{\isacharquery}x} if \isa{x} does not end with a digit and \isa{i\ {\isacharequal}\ {\isadigit{0}}},
27.707 -
27.708 - \item \isa{{\isacharquery}xi} if \isa{x} does not end with a digit,
27.709 -
27.710 - \item \isa{{\isacharquery}x{\isachardot}i} otherwise.
27.711 -
27.712 - \end{itemize}
27.713 -
27.714 - Indexnames may acquire large index numbers over time. Results are
27.715 - normalized towards \isa{{\isadigit{0}}} at certain checkpoints, notably at
27.716 - the end of a proof. This works by producing variants of the
27.717 - corresponding basic name components. For example, the collection
27.718 - \isa{{\isacharquery}x{\isadigit{1}}{\isacharcomma}\ {\isacharquery}x{\isadigit{7}}{\isacharcomma}\ {\isacharquery}x{\isadigit{4}}{\isadigit{2}}} becomes \isa{{\isacharquery}x{\isacharcomma}\ {\isacharquery}xa{\isacharcomma}\ {\isacharquery}xb}.%
27.719 -\end{isamarkuptext}%
27.720 -\isamarkuptrue%
27.721 -%
27.722 -\isadelimmlref
27.723 -%
27.724 -\endisadelimmlref
27.725 -%
27.726 -\isatagmlref
27.727 -%
27.728 -\begin{isamarkuptext}%
27.729 -\begin{mldecls}
27.730 - \indexmltype{indexname}\verb|type indexname| \\
27.731 - \end{mldecls}
27.732 -
27.733 - \begin{description}
27.734 -
27.735 - \item \verb|indexname| represents indexed names. This is an
27.736 - abbreviation for \verb|string * int|. The second component is
27.737 - usually non-negative, except for situations where \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}}
27.738 - is used to embed basic names into this type.
27.739 -
27.740 - \end{description}%
27.741 -\end{isamarkuptext}%
27.742 -\isamarkuptrue%
27.743 -%
27.744 -\endisatagmlref
27.745 -{\isafoldmlref}%
27.746 -%
27.747 -\isadelimmlref
27.748 -%
27.749 -\endisadelimmlref
27.750 -%
27.751 -\isamarkupsubsection{Qualified names and name spaces%
27.752 -}
27.753 -\isamarkuptrue%
27.754 -%
27.755 -\begin{isamarkuptext}%
27.756 -A \emph{qualified name} consists of a non-empty sequence of basic
27.757 - name components. The packed representation uses a dot as separator,
27.758 - as in ``\isa{A{\isachardot}b{\isachardot}c}''. The last component is called \emph{base}
27.759 - name, the remaining prefix \emph{qualifier} (which may be empty).
27.760 - The idea of qualified names is to encode nested structures by
27.761 - recording the access paths as qualifiers. For example, an item
27.762 - named ``\isa{A{\isachardot}b{\isachardot}c}'' may be understood as a local entity \isa{c}, within a local structure \isa{b}, within a global
27.763 - structure \isa{A}. Typically, name space hierarchies consist of
27.764 - 1--2 levels of qualification, but this need not be always so.
27.765 -
27.766 - The empty name is commonly used as an indication of unnamed
27.767 - entities, whenever this makes any sense. The basic operations on
27.768 - qualified names are smart enough to pass through such improper names
27.769 - unchanged.
27.770 -
27.771 - \medskip A \isa{naming} policy tells how to turn a name
27.772 - specification into a fully qualified internal name (by the \isa{full} operation), and how fully qualified names may be accessed
27.773 - externally. For example, the default naming policy is to prefix an
27.774 - implicit path: \isa{full\ x} produces \isa{path{\isachardot}x}, and the
27.775 - standard accesses for \isa{path{\isachardot}x} include both \isa{x} and
27.776 - \isa{path{\isachardot}x}. Normally, the naming is implicit in the theory or
27.777 - proof context; there are separate versions of the corresponding.
27.778 -
27.779 - \medskip A \isa{name\ space} manages a collection of fully
27.780 - internalized names, together with a mapping between external names
27.781 - and internal names (in both directions). The corresponding \isa{intern} and \isa{extern} operations are mostly used for
27.782 - parsing and printing only! The \isa{declare} operation augments
27.783 - a name space according to the accesses determined by the naming
27.784 - policy.
27.785 -
27.786 - \medskip As a general principle, there is a separate name space for
27.787 - each kind of formal entity, e.g.\ logical constant, type
27.788 - constructor, type class, theorem. It is usually clear from the
27.789 - occurrence in concrete syntax (or from the scope) which kind of
27.790 - entity a name refers to. For example, the very same name \isa{c} may be used uniformly for a constant, type constructor, and
27.791 - type class.
27.792 -
27.793 - There are common schemes to name theorems systematically, according
27.794 - to the name of the main logical entity involved, e.g.\ \isa{c{\isachardot}intro} for a canonical theorem related to constant \isa{c}.
27.795 - This technique of mapping names from one space into another requires
27.796 - some care in order to avoid conflicts. In particular, theorem names
27.797 - derived from a type constructor or type class are better suffixed in
27.798 - addition to the usual qualification, e.g.\ \isa{c{\isacharunderscore}type{\isachardot}intro}
27.799 - and \isa{c{\isacharunderscore}class{\isachardot}intro} for theorems related to type \isa{c}
27.800 - and class \isa{c}, respectively.%
27.801 -\end{isamarkuptext}%
27.802 -\isamarkuptrue%
27.803 -%
27.804 -\isadelimmlref
27.805 -%
27.806 -\endisadelimmlref
27.807 -%
27.808 -\isatagmlref
27.809 -%
27.810 -\begin{isamarkuptext}%
27.811 -\begin{mldecls}
27.812 - \indexml{NameSpace.base}\verb|NameSpace.base: string -> string| \\
27.813 - \indexml{NameSpace.qualifier}\verb|NameSpace.qualifier: string -> string| \\
27.814 - \indexml{NameSpace.append}\verb|NameSpace.append: string -> string -> string| \\
27.815 - \indexml{NameSpace.implode}\verb|NameSpace.implode: string list -> string| \\
27.816 - \indexml{NameSpace.explode}\verb|NameSpace.explode: string -> string list| \\
27.817 - \end{mldecls}
27.818 - \begin{mldecls}
27.819 - \indexmltype{NameSpace.naming}\verb|type NameSpace.naming| \\
27.820 - \indexml{NameSpace.default\_naming}\verb|NameSpace.default_naming: NameSpace.naming| \\
27.821 - \indexml{NameSpace.add\_path}\verb|NameSpace.add_path: string -> NameSpace.naming -> NameSpace.naming| \\
27.822 - \indexml{NameSpace.full\_name}\verb|NameSpace.full_name: NameSpace.naming -> binding -> string| \\
27.823 - \end{mldecls}
27.824 - \begin{mldecls}
27.825 - \indexmltype{NameSpace.T}\verb|type NameSpace.T| \\
27.826 - \indexml{NameSpace.empty}\verb|NameSpace.empty: NameSpace.T| \\
27.827 - \indexml{NameSpace.merge}\verb|NameSpace.merge: NameSpace.T * NameSpace.T -> NameSpace.T| \\
27.828 - \indexml{NameSpace.declare}\verb|NameSpace.declare: NameSpace.naming -> binding -> NameSpace.T -> string * NameSpace.T| \\
27.829 - \indexml{NameSpace.intern}\verb|NameSpace.intern: NameSpace.T -> string -> string| \\
27.830 - \indexml{NameSpace.extern}\verb|NameSpace.extern: NameSpace.T -> string -> string| \\
27.831 - \end{mldecls}
27.832 -
27.833 - \begin{description}
27.834 -
27.835 - \item \verb|NameSpace.base|~\isa{name} returns the base name of a
27.836 - qualified name.
27.837 -
27.838 - \item \verb|NameSpace.qualifier|~\isa{name} returns the qualifier
27.839 - of a qualified name.
27.840 -
27.841 - \item \verb|NameSpace.append|~\isa{name\isactrlisub {\isadigit{1}}\ name\isactrlisub {\isadigit{2}}}
27.842 - appends two qualified names.
27.843 -
27.844 - \item \verb|NameSpace.implode|~\isa{name} and \verb|NameSpace.explode|~\isa{names} convert between the packed string
27.845 - representation and the explicit list form of qualified names.
27.846 -
27.847 - \item \verb|NameSpace.naming| represents the abstract concept of
27.848 - a naming policy.
27.849 -
27.850 - \item \verb|NameSpace.default_naming| is the default naming policy.
27.851 - In a theory context, this is usually augmented by a path prefix
27.852 - consisting of the theory name.
27.853 -
27.854 - \item \verb|NameSpace.add_path|~\isa{path\ naming} augments the
27.855 - naming policy by extending its path component.
27.856 -
27.857 - \item \verb|NameSpace.full_name|\isa{naming\ binding} turns a name
27.858 - binding (usually a basic name) into the fully qualified
27.859 - internal name, according to the given naming policy.
27.860 -
27.861 - \item \verb|NameSpace.T| represents name spaces.
27.862 -
27.863 - \item \verb|NameSpace.empty| and \verb|NameSpace.merge|~\isa{{\isacharparenleft}space\isactrlisub {\isadigit{1}}{\isacharcomma}\ space\isactrlisub {\isadigit{2}}{\isacharparenright}} are the canonical operations for
27.864 - maintaining name spaces according to theory data management
27.865 - (\secref{sec:context-data}).
27.866 -
27.867 - \item \verb|NameSpace.declare|~\isa{naming\ bindings\ space} enters a
27.868 - name binding as fully qualified internal name into the name space,
27.869 - with external accesses determined by the naming policy.
27.870 -
27.871 - \item \verb|NameSpace.intern|~\isa{space\ name} internalizes a
27.872 - (partially qualified) external name.
27.873 -
27.874 - This operation is mostly for parsing! Note that fully qualified
27.875 - names stemming from declarations are produced via \verb|NameSpace.full_name| and \verb|NameSpace.declare|
27.876 - (or their derivatives for \verb|theory| and
27.877 - \verb|Proof.context|).
27.878 -
27.879 - \item \verb|NameSpace.extern|~\isa{space\ name} externalizes a
27.880 - (fully qualified) internal name.
27.881 -
27.882 - This operation is mostly for printing! Note unqualified names are
27.883 - produced via \verb|NameSpace.base|.
27.884 -
27.885 - \end{description}%
27.886 -\end{isamarkuptext}%
27.887 -\isamarkuptrue%
27.888 -%
27.889 -\endisatagmlref
27.890 -{\isafoldmlref}%
27.891 -%
27.892 -\isadelimmlref
27.893 -%
27.894 -\endisadelimmlref
27.895 -%
27.896 -\isadelimtheory
27.897 -%
27.898 -\endisadelimtheory
27.899 -%
27.900 -\isatagtheory
27.901 -\isacommand{end}\isamarkupfalse%
27.902 -%
27.903 -\endisatagtheory
27.904 -{\isafoldtheory}%
27.905 -%
27.906 -\isadelimtheory
27.907 -%
27.908 -\endisadelimtheory
27.909 -\isanewline
27.910 -\end{isabellebody}%
27.911 -%%% Local Variables:
27.912 -%%% mode: latex
27.913 -%%% TeX-master: "root"
27.914 -%%% End:
28.1 --- a/doc-src/IsarImplementation/Thy/document/proof.tex Mon Feb 16 20:25:21 2009 +0100
28.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
28.3 @@ -1,396 +0,0 @@
28.4 -%
28.5 -\begin{isabellebody}%
28.6 -\def\isabellecontext{proof}%
28.7 -%
28.8 -\isadelimtheory
28.9 -\isanewline
28.10 -\isanewline
28.11 -\isanewline
28.12 -%
28.13 -\endisadelimtheory
28.14 -%
28.15 -\isatagtheory
28.16 -\isacommand{theory}\isamarkupfalse%
28.17 -\ {\isachardoublequoteopen}proof{\isachardoublequoteclose}\ \isakeyword{imports}\ base\ \isakeyword{begin}%
28.18 -\endisatagtheory
28.19 -{\isafoldtheory}%
28.20 -%
28.21 -\isadelimtheory
28.22 -%
28.23 -\endisadelimtheory
28.24 -%
28.25 -\isamarkupchapter{Structured proofs%
28.26 -}
28.27 -\isamarkuptrue%
28.28 -%
28.29 -\isamarkupsection{Variables \label{sec:variables}%
28.30 -}
28.31 -\isamarkuptrue%
28.32 -%
28.33 -\begin{isamarkuptext}%
28.34 -Any variable that is not explicitly bound by \isa{{\isasymlambda}}-abstraction
28.35 - is considered as ``free''. Logically, free variables act like
28.36 - outermost universal quantification at the sequent level: \isa{A\isactrlisub {\isadigit{1}}{\isacharparenleft}x{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n{\isacharparenleft}x{\isacharparenright}\ {\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} means that the result
28.37 - holds \emph{for all} values of \isa{x}. Free variables for
28.38 - terms (not types) can be fully internalized into the logic: \isa{{\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} and \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} are interchangeable, provided
28.39 - that \isa{x} does not occur elsewhere in the context.
28.40 - Inspecting \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} more closely, we see that inside the
28.41 - quantifier, \isa{x} is essentially ``arbitrary, but fixed'',
28.42 - while from outside it appears as a place-holder for instantiation
28.43 - (thanks to \isa{{\isasymAnd}} elimination).
28.44 -
28.45 - The Pure logic represents the idea of variables being either inside
28.46 - or outside the current scope by providing separate syntactic
28.47 - categories for \emph{fixed variables} (e.g.\ \isa{x}) vs.\
28.48 - \emph{schematic variables} (e.g.\ \isa{{\isacharquery}x}). Incidently, a
28.49 - universal result \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} has the HHF normal form \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}x{\isacharparenright}}, which represents its generality nicely without requiring
28.50 - an explicit quantifier. The same principle works for type
28.51 - variables: \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}{\isasymalpha}{\isacharparenright}} represents the idea of ``\isa{{\isasymturnstile}\ {\isasymforall}{\isasymalpha}{\isachardot}\ B{\isacharparenleft}{\isasymalpha}{\isacharparenright}}'' without demanding a truly polymorphic framework.
28.52 -
28.53 - \medskip Additional care is required to treat type variables in a
28.54 - way that facilitates type-inference. In principle, term variables
28.55 - depend on type variables, which means that type variables would have
28.56 - to be declared first. For example, a raw type-theoretic framework
28.57 - would demand the context to be constructed in stages as follows:
28.58 - \isa{{\isasymGamma}\ {\isacharequal}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ x{\isacharcolon}\ {\isasymalpha}{\isacharcomma}\ a{\isacharcolon}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}.
28.59 -
28.60 - We allow a slightly less formalistic mode of operation: term
28.61 - variables \isa{x} are fixed without specifying a type yet
28.62 - (essentially \emph{all} potential occurrences of some instance
28.63 - \isa{x\isactrlisub {\isasymtau}} are fixed); the first occurrence of \isa{x}
28.64 - within a specific term assigns its most general type, which is then
28.65 - maintained consistently in the context. The above example becomes
28.66 - \isa{{\isasymGamma}\ {\isacharequal}\ x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}, where type \isa{{\isasymalpha}} is fixed \emph{after} term \isa{x}, and the constraint
28.67 - \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}} is an implicit consequence of the occurrence of
28.68 - \isa{x\isactrlisub {\isasymalpha}} in the subsequent proposition.
28.69 -
28.70 - This twist of dependencies is also accommodated by the reverse
28.71 - operation of exporting results from a context: a type variable
28.72 - \isa{{\isasymalpha}} is considered fixed as long as it occurs in some fixed
28.73 - term variable of the context. For example, exporting \isa{x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} produces in the first step
28.74 - \isa{x{\isacharcolon}\ term\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} for fixed \isa{{\isasymalpha}},
28.75 - and only in the second step \isa{{\isasymturnstile}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}\ {\isacharequal}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}} for schematic \isa{{\isacharquery}x} and \isa{{\isacharquery}{\isasymalpha}}.
28.76 -
28.77 - \medskip The Isabelle/Isar proof context manages the gory details of
28.78 - term vs.\ type variables, with high-level principles for moving the
28.79 - frontier between fixed and schematic variables.
28.80 -
28.81 - The \isa{add{\isacharunderscore}fixes} operation explictly declares fixed
28.82 - variables; the \isa{declare{\isacharunderscore}term} operation absorbs a term into
28.83 - a context by fixing new type variables and adding syntactic
28.84 - constraints.
28.85 -
28.86 - The \isa{export} operation is able to perform the main work of
28.87 - generalizing term and type variables as sketched above, assuming
28.88 - that fixing variables and terms have been declared properly.
28.89 -
28.90 - There \isa{import} operation makes a generalized fact a genuine
28.91 - part of the context, by inventing fixed variables for the schematic
28.92 - ones. The effect can be reversed by using \isa{export} later,
28.93 - potentially with an extended context; the result is equivalent to
28.94 - the original modulo renaming of schematic variables.
28.95 -
28.96 - The \isa{focus} operation provides a variant of \isa{import}
28.97 - for nested propositions (with explicit quantification): \isa{{\isasymAnd}x\isactrlisub {\isadigit{1}}\ {\isasymdots}\ x\isactrlisub n{\isachardot}\ B{\isacharparenleft}x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n{\isacharparenright}} is
28.98 - decomposed by inventing fixed variables \isa{x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n} for the body.%
28.99 -\end{isamarkuptext}%
28.100 -\isamarkuptrue%
28.101 -%
28.102 -\isadelimmlref
28.103 -%
28.104 -\endisadelimmlref
28.105 -%
28.106 -\isatagmlref
28.107 -%
28.108 -\begin{isamarkuptext}%
28.109 -\begin{mldecls}
28.110 - \indexml{Variable.add\_fixes}\verb|Variable.add_fixes: |\isasep\isanewline%
28.111 -\verb| string list -> Proof.context -> string list * Proof.context| \\
28.112 - \indexml{Variable.variant\_fixes}\verb|Variable.variant_fixes: |\isasep\isanewline%
28.113 -\verb| string list -> Proof.context -> string list * Proof.context| \\
28.114 - \indexml{Variable.declare\_term}\verb|Variable.declare_term: term -> Proof.context -> Proof.context| \\
28.115 - \indexml{Variable.declare\_constraints}\verb|Variable.declare_constraints: term -> Proof.context -> Proof.context| \\
28.116 - \indexml{Variable.export}\verb|Variable.export: Proof.context -> Proof.context -> thm list -> thm list| \\
28.117 - \indexml{Variable.polymorphic}\verb|Variable.polymorphic: Proof.context -> term list -> term list| \\
28.118 - \indexml{Variable.import\_thms}\verb|Variable.import_thms: bool -> thm list -> Proof.context ->|\isasep\isanewline%
28.119 -\verb| ((ctyp list * cterm list) * thm list) * Proof.context| \\
28.120 - \indexml{Variable.focus}\verb|Variable.focus: cterm -> Proof.context -> (cterm list * cterm) * Proof.context| \\
28.121 - \end{mldecls}
28.122 -
28.123 - \begin{description}
28.124 -
28.125 - \item \verb|Variable.add_fixes|~\isa{xs\ ctxt} fixes term
28.126 - variables \isa{xs}, returning the resulting internal names. By
28.127 - default, the internal representation coincides with the external
28.128 - one, which also means that the given variables must not be fixed
28.129 - already. There is a different policy within a local proof body: the
28.130 - given names are just hints for newly invented Skolem variables.
28.131 -
28.132 - \item \verb|Variable.variant_fixes| is similar to \verb|Variable.add_fixes|, but always produces fresh variants of the given
28.133 - names.
28.134 -
28.135 - \item \verb|Variable.declare_term|~\isa{t\ ctxt} declares term
28.136 - \isa{t} to belong to the context. This automatically fixes new
28.137 - type variables, but not term variables. Syntactic constraints for
28.138 - type and term variables are declared uniformly, though.
28.139 -
28.140 - \item \verb|Variable.declare_constraints|~\isa{t\ ctxt} declares
28.141 - syntactic constraints from term \isa{t}, without making it part
28.142 - of the context yet.
28.143 -
28.144 - \item \verb|Variable.export|~\isa{inner\ outer\ thms} generalizes
28.145 - fixed type and term variables in \isa{thms} according to the
28.146 - difference of the \isa{inner} and \isa{outer} context,
28.147 - following the principles sketched above.
28.148 -
28.149 - \item \verb|Variable.polymorphic|~\isa{ctxt\ ts} generalizes type
28.150 - variables in \isa{ts} as far as possible, even those occurring
28.151 - in fixed term variables. The default policy of type-inference is to
28.152 - fix newly introduced type variables, which is essentially reversed
28.153 - with \verb|Variable.polymorphic|: here the given terms are detached
28.154 - from the context as far as possible.
28.155 -
28.156 - \item \verb|Variable.import_thms|~\isa{open\ thms\ ctxt} invents fixed
28.157 - type and term variables for the schematic ones occurring in \isa{thms}. The \isa{open} flag indicates whether the fixed names
28.158 - should be accessible to the user, otherwise newly introduced names
28.159 - are marked as ``internal'' (\secref{sec:names}).
28.160 -
28.161 - \item \verb|Variable.focus|~\isa{B} decomposes the outermost \isa{{\isasymAnd}} prefix of proposition \isa{B}.
28.162 -
28.163 - \end{description}%
28.164 -\end{isamarkuptext}%
28.165 -\isamarkuptrue%
28.166 -%
28.167 -\endisatagmlref
28.168 -{\isafoldmlref}%
28.169 -%
28.170 -\isadelimmlref
28.171 -%
28.172 -\endisadelimmlref
28.173 -%
28.174 -\isamarkupsection{Assumptions \label{sec:assumptions}%
28.175 -}
28.176 -\isamarkuptrue%
28.177 -%
28.178 -\begin{isamarkuptext}%
28.179 -An \emph{assumption} is a proposition that it is postulated in the
28.180 - current context. Local conclusions may use assumptions as
28.181 - additional facts, but this imposes implicit hypotheses that weaken
28.182 - the overall statement.
28.183 -
28.184 - Assumptions are restricted to fixed non-schematic statements, i.e.\
28.185 - all generality needs to be expressed by explicit quantifiers.
28.186 - Nevertheless, the result will be in HHF normal form with outermost
28.187 - quantifiers stripped. For example, by assuming \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x} we get \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x\ {\isasymturnstile}\ P\ {\isacharquery}x} for schematic \isa{{\isacharquery}x}
28.188 - of fixed type \isa{{\isasymalpha}}. Local derivations accumulate more and
28.189 - more explicit references to hypotheses: \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} where \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n} needs to
28.190 - be covered by the assumptions of the current context.
28.191 -
28.192 - \medskip The \isa{add{\isacharunderscore}assms} operation augments the context by
28.193 - local assumptions, which are parameterized by an arbitrary \isa{export} rule (see below).
28.194 -
28.195 - The \isa{export} operation moves facts from a (larger) inner
28.196 - context into a (smaller) outer context, by discharging the
28.197 - difference of the assumptions as specified by the associated export
28.198 - rules. Note that the discharged portion is determined by the
28.199 - difference contexts, not the facts being exported! There is a
28.200 - separate flag to indicate a goal context, where the result is meant
28.201 - to refine an enclosing sub-goal of a structured proof state (cf.\
28.202 - \secref{sec:isar-proof-state}).
28.203 -
28.204 - \medskip The most basic export rule discharges assumptions directly
28.205 - by means of the \isa{{\isasymLongrightarrow}} introduction rule:
28.206 - \[
28.207 - \infer[(\isa{{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
28.208 - \]
28.209 -
28.210 - The variant for goal refinements marks the newly introduced
28.211 - premises, which causes the canonical Isar goal refinement scheme to
28.212 - enforce unification with local premises within the goal:
28.213 - \[
28.214 - \infer[(\isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ {\isacharhash}A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
28.215 - \]
28.216 -
28.217 - \medskip Alternative versions of assumptions may perform arbitrary
28.218 - transformations on export, as long as the corresponding portion of
28.219 - hypotheses is removed from the given facts. For example, a local
28.220 - definition works by fixing \isa{x} and assuming \isa{x\ {\isasymequiv}\ t},
28.221 - with the following export rule to reverse the effect:
28.222 - \[
28.223 - \infer[(\isa{{\isasymequiv}{\isacharminus}expand})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ x\ {\isasymequiv}\ t\ {\isasymturnstile}\ B\ t}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B\ x}}
28.224 - \]
28.225 - This works, because the assumption \isa{x\ {\isasymequiv}\ t} was introduced in
28.226 - a context with \isa{x} being fresh, so \isa{x} does not
28.227 - occur in \isa{{\isasymGamma}} here.%
28.228 -\end{isamarkuptext}%
28.229 -\isamarkuptrue%
28.230 -%
28.231 -\isadelimmlref
28.232 -%
28.233 -\endisadelimmlref
28.234 -%
28.235 -\isatagmlref
28.236 -%
28.237 -\begin{isamarkuptext}%
28.238 -\begin{mldecls}
28.239 - \indexmltype{Assumption.export}\verb|type Assumption.export| \\
28.240 - \indexml{Assumption.assume}\verb|Assumption.assume: cterm -> thm| \\
28.241 - \indexml{Assumption.add\_assms}\verb|Assumption.add_assms: Assumption.export ->|\isasep\isanewline%
28.242 -\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
28.243 - \indexml{Assumption.add\_assumes}\verb|Assumption.add_assumes: |\isasep\isanewline%
28.244 -\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
28.245 - \indexml{Assumption.export}\verb|Assumption.export: bool -> Proof.context -> Proof.context -> thm -> thm| \\
28.246 - \end{mldecls}
28.247 -
28.248 - \begin{description}
28.249 -
28.250 - \item \verb|Assumption.export| represents arbitrary export
28.251 - rules, which is any function of type \verb|bool -> cterm list -> thm -> thm|,
28.252 - where the \verb|bool| indicates goal mode, and the \verb|cterm list| the collection of assumptions to be discharged
28.253 - simultaneously.
28.254 -
28.255 - \item \verb|Assumption.assume|~\isa{A} turns proposition \isa{A} into a raw assumption \isa{A\ {\isasymturnstile}\ A{\isacharprime}}, where the conclusion
28.256 - \isa{A{\isacharprime}} is in HHF normal form.
28.257 -
28.258 - \item \verb|Assumption.add_assms|~\isa{r\ As} augments the context
28.259 - by assumptions \isa{As} with export rule \isa{r}. The
28.260 - resulting facts are hypothetical theorems as produced by the raw
28.261 - \verb|Assumption.assume|.
28.262 -
28.263 - \item \verb|Assumption.add_assumes|~\isa{As} is a special case of
28.264 - \verb|Assumption.add_assms| where the export rule performs \isa{{\isasymLongrightarrow}{\isacharunderscore}intro} or \isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro}, depending on goal mode.
28.265 -
28.266 - \item \verb|Assumption.export|~\isa{is{\isacharunderscore}goal\ inner\ outer\ thm}
28.267 - exports result \isa{thm} from the the \isa{inner} context
28.268 - back into the \isa{outer} one; \isa{is{\isacharunderscore}goal\ {\isacharequal}\ true} means
28.269 - this is a goal context. The result is in HHF normal form. Note
28.270 - that \verb|ProofContext.export| combines \verb|Variable.export|
28.271 - and \verb|Assumption.export| in the canonical way.
28.272 -
28.273 - \end{description}%
28.274 -\end{isamarkuptext}%
28.275 -\isamarkuptrue%
28.276 -%
28.277 -\endisatagmlref
28.278 -{\isafoldmlref}%
28.279 -%
28.280 -\isadelimmlref
28.281 -%
28.282 -\endisadelimmlref
28.283 -%
28.284 -\isamarkupsection{Results \label{sec:results}%
28.285 -}
28.286 -\isamarkuptrue%
28.287 -%
28.288 -\begin{isamarkuptext}%
28.289 -Local results are established by monotonic reasoning from facts
28.290 - within a context. This allows common combinations of theorems,
28.291 - e.g.\ via \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} elimination, resolution rules, or equational
28.292 - reasoning, see \secref{sec:thms}. Unaccounted context manipulations
28.293 - should be avoided, notably raw \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} introduction or ad-hoc
28.294 - references to free variables or assumptions not present in the proof
28.295 - context.
28.296 -
28.297 - \medskip The \isa{SUBPROOF} combinator allows to structure a
28.298 - tactical proof recursively by decomposing a selected sub-goal:
28.299 - \isa{{\isacharparenleft}{\isasymAnd}x{\isachardot}\ A{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ B{\isacharparenleft}x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}} is turned into \isa{B{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}}
28.300 - after fixing \isa{x} and assuming \isa{A{\isacharparenleft}x{\isacharparenright}}. This means
28.301 - the tactic needs to solve the conclusion, but may use the premise as
28.302 - a local fact, for locally fixed variables.
28.303 -
28.304 - The \isa{prove} operation provides an interface for structured
28.305 - backwards reasoning under program control, with some explicit sanity
28.306 - checks of the result. The goal context can be augmented by
28.307 - additional fixed variables (cf.\ \secref{sec:variables}) and
28.308 - assumptions (cf.\ \secref{sec:assumptions}), which will be available
28.309 - as local facts during the proof and discharged into implications in
28.310 - the result. Type and term variables are generalized as usual,
28.311 - according to the context.
28.312 -
28.313 - The \isa{obtain} operation produces results by eliminating
28.314 - existing facts by means of a given tactic. This acts like a dual
28.315 - conclusion: the proof demonstrates that the context may be augmented
28.316 - by certain fixed variables and assumptions. See also
28.317 - \cite{isabelle-isar-ref} for the user-level \isa{{\isasymOBTAIN}} and
28.318 - \isa{{\isasymGUESS}} elements. Final results, which may not refer to
28.319 - the parameters in the conclusion, need to exported explicitly into
28.320 - the original context.%
28.321 -\end{isamarkuptext}%
28.322 -\isamarkuptrue%
28.323 -%
28.324 -\isadelimmlref
28.325 -%
28.326 -\endisadelimmlref
28.327 -%
28.328 -\isatagmlref
28.329 -%
28.330 -\begin{isamarkuptext}%
28.331 -\begin{mldecls}
28.332 - \indexml{SUBPROOF}\verb|SUBPROOF: ({context: Proof.context, schematics: ctyp list * cterm list,|\isasep\isanewline%
28.333 -\verb| params: cterm list, asms: cterm list, concl: cterm,|\isasep\isanewline%
28.334 -\verb| prems: thm list} -> tactic) -> Proof.context -> int -> tactic| \\
28.335 - \end{mldecls}
28.336 - \begin{mldecls}
28.337 - \indexml{Goal.prove}\verb|Goal.prove: Proof.context -> string list -> term list -> term ->|\isasep\isanewline%
28.338 -\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm| \\
28.339 - \indexml{Goal.prove\_multi}\verb|Goal.prove_multi: Proof.context -> string list -> term list -> term list ->|\isasep\isanewline%
28.340 -\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm list| \\
28.341 - \end{mldecls}
28.342 - \begin{mldecls}
28.343 - \indexml{Obtain.result}\verb|Obtain.result: (Proof.context -> tactic) ->|\isasep\isanewline%
28.344 -\verb| thm list -> Proof.context -> (cterm list * thm list) * Proof.context| \\
28.345 - \end{mldecls}
28.346 -
28.347 - \begin{description}
28.348 -
28.349 - \item \verb|SUBPROOF|~\isa{tac} decomposes the structure of a
28.350 - particular sub-goal, producing an extended context and a reduced
28.351 - goal, which needs to be solved by the given tactic. All schematic
28.352 - parameters of the goal are imported into the context as fixed ones,
28.353 - which may not be instantiated in the sub-proof.
28.354 -
28.355 - \item \verb|Goal.prove|~\isa{ctxt\ xs\ As\ C\ tac} states goal \isa{C} in the context augmented by fixed variables \isa{xs} and
28.356 - assumptions \isa{As}, and applies tactic \isa{tac} to solve
28.357 - it. The latter may depend on the local assumptions being presented
28.358 - as facts. The result is in HHF normal form.
28.359 -
28.360 - \item \verb|Goal.prove_multi| is simular to \verb|Goal.prove|, but
28.361 - states several conclusions simultaneously. The goal is encoded by
28.362 - means of Pure conjunction; \verb|Goal.conjunction_tac| will turn this
28.363 - into a collection of individual subgoals.
28.364 -
28.365 - \item \verb|Obtain.result|~\isa{tac\ thms\ ctxt} eliminates the
28.366 - given facts using a tactic, which results in additional fixed
28.367 - variables and assumptions in the context. Final results need to be
28.368 - exported explicitly.
28.369 -
28.370 - \end{description}%
28.371 -\end{isamarkuptext}%
28.372 -\isamarkuptrue%
28.373 -%
28.374 -\endisatagmlref
28.375 -{\isafoldmlref}%
28.376 -%
28.377 -\isadelimmlref
28.378 -%
28.379 -\endisadelimmlref
28.380 -%
28.381 -\isadelimtheory
28.382 -%
28.383 -\endisadelimtheory
28.384 -%
28.385 -\isatagtheory
28.386 -\isacommand{end}\isamarkupfalse%
28.387 -%
28.388 -\endisatagtheory
28.389 -{\isafoldtheory}%
28.390 -%
28.391 -\isadelimtheory
28.392 -%
28.393 -\endisadelimtheory
28.394 -\isanewline
28.395 -\end{isabellebody}%
28.396 -%%% Local Variables:
28.397 -%%% mode: latex
28.398 -%%% TeX-master: "root"
28.399 -%%% End:
29.1 --- a/doc-src/IsarImplementation/Thy/document/tactic.tex Mon Feb 16 20:25:21 2009 +0100
29.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
29.3 @@ -1,512 +0,0 @@
29.4 -%
29.5 -\begin{isabellebody}%
29.6 -\def\isabellecontext{tactic}%
29.7 -%
29.8 -\isadelimtheory
29.9 -\isanewline
29.10 -\isanewline
29.11 -\isanewline
29.12 -%
29.13 -\endisadelimtheory
29.14 -%
29.15 -\isatagtheory
29.16 -\isacommand{theory}\isamarkupfalse%
29.17 -\ tactic\ \isakeyword{imports}\ base\ \isakeyword{begin}%
29.18 -\endisatagtheory
29.19 -{\isafoldtheory}%
29.20 -%
29.21 -\isadelimtheory
29.22 -%
29.23 -\endisadelimtheory
29.24 -%
29.25 -\isamarkupchapter{Tactical reasoning%
29.26 -}
29.27 -\isamarkuptrue%
29.28 -%
29.29 -\begin{isamarkuptext}%
29.30 -Tactical reasoning works by refining the initial claim in a
29.31 - backwards fashion, until a solved form is reached. A \isa{goal}
29.32 - consists of several subgoals that need to be solved in order to
29.33 - achieve the main statement; zero subgoals means that the proof may
29.34 - be finished. A \isa{tactic} is a refinement operation that maps
29.35 - a goal to a lazy sequence of potential successors. A \isa{tactical} is a combinator for composing tactics.%
29.36 -\end{isamarkuptext}%
29.37 -\isamarkuptrue%
29.38 -%
29.39 -\isamarkupsection{Goals \label{sec:tactical-goals}%
29.40 -}
29.41 -\isamarkuptrue%
29.42 -%
29.43 -\begin{isamarkuptext}%
29.44 -Isabelle/Pure represents a goal\glossary{Tactical goal}{A theorem of
29.45 - \seeglossary{Horn Clause} form stating that a number of subgoals
29.46 - imply the main conclusion, which is marked as a protected
29.47 - proposition.} as a theorem stating that the subgoals imply the main
29.48 - goal: \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}. The outermost goal
29.49 - structure is that of a Horn Clause\glossary{Horn Clause}{An iterated
29.50 - implication \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}, without any
29.51 - outermost quantifiers. Strictly speaking, propositions \isa{A\isactrlsub i} need to be atomic in Horn Clauses, but Isabelle admits
29.52 - arbitrary substructure here (nested \isa{{\isasymLongrightarrow}} and \isa{{\isasymAnd}}
29.53 - connectives).}: i.e.\ an iterated implication without any
29.54 - quantifiers\footnote{Recall that outermost \isa{{\isasymAnd}x{\isachardot}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} is
29.55 - always represented via schematic variables in the body: \isa{{\isasymphi}{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}. These variables may get instantiated during the course of
29.56 - reasoning.}. For \isa{n\ {\isacharequal}\ {\isadigit{0}}} a goal is called ``solved''.
29.57 -
29.58 - The structure of each subgoal \isa{A\isactrlsub i} is that of a general
29.59 - Hereditary Harrop Formula \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymAnd}x\isactrlsub k{\isachardot}\ H\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ H\isactrlsub m\ {\isasymLongrightarrow}\ B} in
29.60 - normal form. Here \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub k} are goal parameters, i.e.\
29.61 - arbitrary-but-fixed entities of certain types, and \isa{H\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ H\isactrlsub m} are goal hypotheses, i.e.\ facts that may be assumed locally.
29.62 - Together, this forms the goal context of the conclusion \isa{B} to
29.63 - be established. The goal hypotheses may be again arbitrary
29.64 - Hereditary Harrop Formulas, although the level of nesting rarely
29.65 - exceeds 1--2 in practice.
29.66 -
29.67 - The main conclusion \isa{C} is internally marked as a protected
29.68 - proposition\glossary{Protected proposition}{An arbitrarily
29.69 - structured proposition \isa{C} which is forced to appear as
29.70 - atomic by wrapping it into a propositional identity operator;
29.71 - notation \isa{{\isacharhash}C}. Protecting a proposition prevents basic
29.72 - inferences from entering into that structure for the time being.},
29.73 - which is represented explicitly by the notation \isa{{\isacharhash}C}. This
29.74 - ensures that the decomposition into subgoals and main conclusion is
29.75 - well-defined for arbitrarily structured claims.
29.76 -
29.77 - \medskip Basic goal management is performed via the following
29.78 - Isabelle/Pure rules:
29.79 -
29.80 - \[
29.81 - \infer[\isa{{\isacharparenleft}init{\isacharparenright}}]{\isa{C\ {\isasymLongrightarrow}\ {\isacharhash}C}}{} \qquad
29.82 - \infer[\isa{{\isacharparenleft}finish{\isacharparenright}}]{\isa{C}}{\isa{{\isacharhash}C}}
29.83 - \]
29.84 -
29.85 - \medskip The following low-level variants admit general reasoning
29.86 - with protected propositions:
29.87 -
29.88 - \[
29.89 - \infer[\isa{{\isacharparenleft}protect{\isacharparenright}}]{\isa{{\isacharhash}C}}{\isa{C}} \qquad
29.90 - \infer[\isa{{\isacharparenleft}conclude{\isacharparenright}}]{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}}{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ {\isacharhash}C}}
29.91 - \]%
29.92 -\end{isamarkuptext}%
29.93 -\isamarkuptrue%
29.94 -%
29.95 -\isadelimmlref
29.96 -%
29.97 -\endisadelimmlref
29.98 -%
29.99 -\isatagmlref
29.100 -%
29.101 -\begin{isamarkuptext}%
29.102 -\begin{mldecls}
29.103 - \indexml{Goal.init}\verb|Goal.init: cterm -> thm| \\
29.104 - \indexml{Goal.finish}\verb|Goal.finish: thm -> thm| \\
29.105 - \indexml{Goal.protect}\verb|Goal.protect: thm -> thm| \\
29.106 - \indexml{Goal.conclude}\verb|Goal.conclude: thm -> thm| \\
29.107 - \end{mldecls}
29.108 -
29.109 - \begin{description}
29.110 -
29.111 - \item \verb|Goal.init|~\isa{C} initializes a tactical goal from
29.112 - the well-formed proposition \isa{C}.
29.113 -
29.114 - \item \verb|Goal.finish|~\isa{thm} checks whether theorem
29.115 - \isa{thm} is a solved goal (no subgoals), and concludes the
29.116 - result by removing the goal protection.
29.117 -
29.118 - \item \verb|Goal.protect|~\isa{thm} protects the full statement
29.119 - of theorem \isa{thm}.
29.120 -
29.121 - \item \verb|Goal.conclude|~\isa{thm} removes the goal
29.122 - protection, even if there are pending subgoals.
29.123 -
29.124 - \end{description}%
29.125 -\end{isamarkuptext}%
29.126 -\isamarkuptrue%
29.127 -%
29.128 -\endisatagmlref
29.129 -{\isafoldmlref}%
29.130 -%
29.131 -\isadelimmlref
29.132 -%
29.133 -\endisadelimmlref
29.134 -%
29.135 -\isamarkupsection{Tactics%
29.136 -}
29.137 -\isamarkuptrue%
29.138 -%
29.139 -\begin{isamarkuptext}%
29.140 -A \isa{tactic} is a function \isa{goal\ {\isasymrightarrow}\ goal\isactrlsup {\isacharasterisk}\isactrlsup {\isacharasterisk}} that
29.141 - maps a given goal state (represented as a theorem, cf.\
29.142 - \secref{sec:tactical-goals}) to a lazy sequence of potential
29.143 - successor states. The underlying sequence implementation is lazy
29.144 - both in head and tail, and is purely functional in \emph{not}
29.145 - supporting memoing.\footnote{The lack of memoing and the strict
29.146 - nature of SML requires some care when working with low-level
29.147 - sequence operations, to avoid duplicate or premature evaluation of
29.148 - results.}
29.149 -
29.150 - An \emph{empty result sequence} means that the tactic has failed: in
29.151 - a compound tactic expressions other tactics might be tried instead,
29.152 - or the whole refinement step might fail outright, producing a
29.153 - toplevel error message. When implementing tactics from scratch, one
29.154 - should take care to observe the basic protocol of mapping regular
29.155 - error conditions to an empty result; only serious faults should
29.156 - emerge as exceptions.
29.157 -
29.158 - By enumerating \emph{multiple results}, a tactic can easily express
29.159 - the potential outcome of an internal search process. There are also
29.160 - combinators for building proof tools that involve search
29.161 - systematically, see also \secref{sec:tacticals}.
29.162 -
29.163 - \medskip As explained in \secref{sec:tactical-goals}, a goal state
29.164 - essentially consists of a list of subgoals that imply the main goal
29.165 - (conclusion). Tactics may operate on all subgoals or on a
29.166 - particularly specified subgoal, but must not change the main
29.167 - conclusion (apart from instantiating schematic goal variables).
29.168 -
29.169 - Tactics with explicit \emph{subgoal addressing} are of the form
29.170 - \isa{int\ {\isasymrightarrow}\ tactic} and may be applied to a particular subgoal
29.171 - (counting from 1). If the subgoal number is out of range, the
29.172 - tactic should fail with an empty result sequence, but must not raise
29.173 - an exception!
29.174 -
29.175 - Operating on a particular subgoal means to replace it by an interval
29.176 - of zero or more subgoals in the same place; other subgoals must not
29.177 - be affected, apart from instantiating schematic variables ranging
29.178 - over the whole goal state.
29.179 -
29.180 - A common pattern of composing tactics with subgoal addressing is to
29.181 - try the first one, and then the second one only if the subgoal has
29.182 - not been solved yet. Special care is required here to avoid bumping
29.183 - into unrelated subgoals that happen to come after the original
29.184 - subgoal. Assuming that there is only a single initial subgoal is a
29.185 - very common error when implementing tactics!
29.186 -
29.187 - Tactics with internal subgoal addressing should expose the subgoal
29.188 - index as \isa{int} argument in full generality; a hardwired
29.189 - subgoal 1 inappropriate.
29.190 -
29.191 - \medskip The main well-formedness conditions for proper tactics are
29.192 - summarized as follows.
29.193 -
29.194 - \begin{itemize}
29.195 -
29.196 - \item General tactic failure is indicated by an empty result, only
29.197 - serious faults may produce an exception.
29.198 -
29.199 - \item The main conclusion must not be changed, apart from
29.200 - instantiating schematic variables.
29.201 -
29.202 - \item A tactic operates either uniformly on all subgoals, or
29.203 - specifically on a selected subgoal (without bumping into unrelated
29.204 - subgoals).
29.205 -
29.206 - \item Range errors in subgoal addressing produce an empty result.
29.207 -
29.208 - \end{itemize}
29.209 -
29.210 - Some of these conditions are checked by higher-level goal
29.211 - infrastructure (\secref{sec:results}); others are not checked
29.212 - explicitly, and violating them merely results in ill-behaved tactics
29.213 - experienced by the user (e.g.\ tactics that insist in being
29.214 - applicable only to singleton goals, or disallow composition with
29.215 - basic tacticals).%
29.216 -\end{isamarkuptext}%
29.217 -\isamarkuptrue%
29.218 -%
29.219 -\isadelimmlref
29.220 -%
29.221 -\endisadelimmlref
29.222 -%
29.223 -\isatagmlref
29.224 -%
29.225 -\begin{isamarkuptext}%
29.226 -\begin{mldecls}
29.227 - \indexmltype{tactic}\verb|type tactic = thm -> thm Seq.seq| \\
29.228 - \indexml{no\_tac}\verb|no_tac: tactic| \\
29.229 - \indexml{all\_tac}\verb|all_tac: tactic| \\
29.230 - \indexml{print\_tac}\verb|print_tac: string -> tactic| \\[1ex]
29.231 - \indexml{PRIMITIVE}\verb|PRIMITIVE: (thm -> thm) -> tactic| \\[1ex]
29.232 - \indexml{SUBGOAL}\verb|SUBGOAL: (term * int -> tactic) -> int -> tactic| \\
29.233 - \indexml{CSUBGOAL}\verb|CSUBGOAL: (cterm * int -> tactic) -> int -> tactic| \\
29.234 - \end{mldecls}
29.235 -
29.236 - \begin{description}
29.237 -
29.238 - \item \verb|tactic| represents tactics. The well-formedness
29.239 - conditions described above need to be observed. See also \hyperlink{file.~~/src/Pure/General/seq.ML}{\mbox{\isa{\isatt{{\isachartilde}{\isachartilde}{\isacharslash}src{\isacharslash}Pure{\isacharslash}General{\isacharslash}seq{\isachardot}ML}}}} for the underlying implementation of
29.240 - lazy sequences.
29.241 -
29.242 - \item \verb|int -> tactic| represents tactics with explicit
29.243 - subgoal addressing, with well-formedness conditions as described
29.244 - above.
29.245 -
29.246 - \item \verb|no_tac| is a tactic that always fails, returning the
29.247 - empty sequence.
29.248 -
29.249 - \item \verb|all_tac| is a tactic that always succeeds, returning a
29.250 - singleton sequence with unchanged goal state.
29.251 -
29.252 - \item \verb|print_tac|~\isa{message} is like \verb|all_tac|, but
29.253 - prints a message together with the goal state on the tracing
29.254 - channel.
29.255 -
29.256 - \item \verb|PRIMITIVE|~\isa{rule} turns a primitive inference rule
29.257 - into a tactic with unique result. Exception \verb|THM| is considered
29.258 - a regular tactic failure and produces an empty result; other
29.259 - exceptions are passed through.
29.260 -
29.261 - \item \verb|SUBGOAL|~\isa{{\isacharparenleft}fn\ {\isacharparenleft}subgoal{\isacharcomma}\ i{\isacharparenright}\ {\isacharequal}{\isachargreater}\ tactic{\isacharparenright}} is the
29.262 - most basic form to produce a tactic with subgoal addressing. The
29.263 - given abstraction over the subgoal term and subgoal number allows to
29.264 - peek at the relevant information of the full goal state. The
29.265 - subgoal range is checked as required above.
29.266 -
29.267 - \item \verb|CSUBGOAL| is similar to \verb|SUBGOAL|, but passes the
29.268 - subgoal as \verb|cterm| instead of raw \verb|term|. This
29.269 - avoids expensive re-certification in situations where the subgoal is
29.270 - used directly for primitive inferences.
29.271 -
29.272 - \end{description}%
29.273 -\end{isamarkuptext}%
29.274 -\isamarkuptrue%
29.275 -%
29.276 -\endisatagmlref
29.277 -{\isafoldmlref}%
29.278 -%
29.279 -\isadelimmlref
29.280 -%
29.281 -\endisadelimmlref
29.282 -%
29.283 -\isamarkupsubsection{Resolution and assumption tactics \label{sec:resolve-assume-tac}%
29.284 -}
29.285 -\isamarkuptrue%
29.286 -%
29.287 -\begin{isamarkuptext}%
29.288 -\emph{Resolution} is the most basic mechanism for refining a
29.289 - subgoal using a theorem as object-level rule.
29.290 - \emph{Elim-resolution} is particularly suited for elimination rules:
29.291 - it resolves with a rule, proves its first premise by assumption, and
29.292 - finally deletes that assumption from any new subgoals.
29.293 - \emph{Destruct-resolution} is like elim-resolution, but the given
29.294 - destruction rules are first turned into canonical elimination
29.295 - format. \emph{Forward-resolution} is like destruct-resolution, but
29.296 - without deleting the selected assumption. The \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f}
29.297 - naming convention is maintained for several different kinds of
29.298 - resolution rules and tactics.
29.299 -
29.300 - Assumption tactics close a subgoal by unifying some of its premises
29.301 - against its conclusion.
29.302 -
29.303 - \medskip All the tactics in this section operate on a subgoal
29.304 - designated by a positive integer. Other subgoals might be affected
29.305 - indirectly, due to instantiation of schematic variables.
29.306 -
29.307 - There are various sources of non-determinism, the tactic result
29.308 - sequence enumerates all possibilities of the following choices (if
29.309 - applicable):
29.310 -
29.311 - \begin{enumerate}
29.312 -
29.313 - \item selecting one of the rules given as argument to the tactic;
29.314 -
29.315 - \item selecting a subgoal premise to eliminate, unifying it against
29.316 - the first premise of the rule;
29.317 -
29.318 - \item unifying the conclusion of the subgoal to the conclusion of
29.319 - the rule.
29.320 -
29.321 - \end{enumerate}
29.322 -
29.323 - Recall that higher-order unification may produce multiple results
29.324 - that are enumerated here.%
29.325 -\end{isamarkuptext}%
29.326 -\isamarkuptrue%
29.327 -%
29.328 -\isadelimmlref
29.329 -%
29.330 -\endisadelimmlref
29.331 -%
29.332 -\isatagmlref
29.333 -%
29.334 -\begin{isamarkuptext}%
29.335 -\begin{mldecls}
29.336 - \indexml{resolve\_tac}\verb|resolve_tac: thm list -> int -> tactic| \\
29.337 - \indexml{eresolve\_tac}\verb|eresolve_tac: thm list -> int -> tactic| \\
29.338 - \indexml{dresolve\_tac}\verb|dresolve_tac: thm list -> int -> tactic| \\
29.339 - \indexml{forward\_tac}\verb|forward_tac: thm list -> int -> tactic| \\[1ex]
29.340 - \indexml{assume\_tac}\verb|assume_tac: int -> tactic| \\
29.341 - \indexml{eq\_assume\_tac}\verb|eq_assume_tac: int -> tactic| \\[1ex]
29.342 - \indexml{match\_tac}\verb|match_tac: thm list -> int -> tactic| \\
29.343 - \indexml{ematch\_tac}\verb|ematch_tac: thm list -> int -> tactic| \\
29.344 - \indexml{dmatch\_tac}\verb|dmatch_tac: thm list -> int -> tactic| \\
29.345 - \end{mldecls}
29.346 -
29.347 - \begin{description}
29.348 -
29.349 - \item \verb|resolve_tac|~\isa{thms\ i} refines the goal state
29.350 - using the given theorems, which should normally be introduction
29.351 - rules. The tactic resolves a rule's conclusion with subgoal \isa{i}, replacing it by the corresponding versions of the rule's
29.352 - premises.
29.353 -
29.354 - \item \verb|eresolve_tac|~\isa{thms\ i} performs elim-resolution
29.355 - with the given theorems, which should normally be elimination rules.
29.356 -
29.357 - \item \verb|dresolve_tac|~\isa{thms\ i} performs
29.358 - destruct-resolution with the given theorems, which should normally
29.359 - be destruction rules. This replaces an assumption by the result of
29.360 - applying one of the rules.
29.361 -
29.362 - \item \verb|forward_tac| is like \verb|dresolve_tac| except that the
29.363 - selected assumption is not deleted. It applies a rule to an
29.364 - assumption, adding the result as a new assumption.
29.365 -
29.366 - \item \verb|assume_tac|~\isa{i} attempts to solve subgoal \isa{i}
29.367 - by assumption (modulo higher-order unification).
29.368 -
29.369 - \item \verb|eq_assume_tac| is similar to \verb|assume_tac|, but checks
29.370 - only for immediate \isa{{\isasymalpha}}-convertibility instead of using
29.371 - unification. It succeeds (with a unique next state) if one of the
29.372 - assumptions is equal to the subgoal's conclusion. Since it does not
29.373 - instantiate variables, it cannot make other subgoals unprovable.
29.374 -
29.375 - \item \verb|match_tac|, \verb|ematch_tac|, and \verb|dmatch_tac| are
29.376 - similar to \verb|resolve_tac|, \verb|eresolve_tac|, and \verb|dresolve_tac|, respectively, but do not instantiate schematic
29.377 - variables in the goal state.
29.378 -
29.379 - Flexible subgoals are not updated at will, but are left alone.
29.380 - Strictly speaking, matching means to treat the unknowns in the goal
29.381 - state as constants; these tactics merely discard unifiers that would
29.382 - update the goal state.
29.383 -
29.384 - \end{description}%
29.385 -\end{isamarkuptext}%
29.386 -\isamarkuptrue%
29.387 -%
29.388 -\endisatagmlref
29.389 -{\isafoldmlref}%
29.390 -%
29.391 -\isadelimmlref
29.392 -%
29.393 -\endisadelimmlref
29.394 -%
29.395 -\isamarkupsubsection{Explicit instantiation within a subgoal context%
29.396 -}
29.397 -\isamarkuptrue%
29.398 -%
29.399 -\begin{isamarkuptext}%
29.400 -The main resolution tactics (\secref{sec:resolve-assume-tac})
29.401 - use higher-order unification, which works well in many practical
29.402 - situations despite its daunting theoretical properties.
29.403 - Nonetheless, there are important problem classes where unguided
29.404 - higher-order unification is not so useful. This typically involves
29.405 - rules like universal elimination, existential introduction, or
29.406 - equational substitution. Here the unification problem involves
29.407 - fully flexible \isa{{\isacharquery}P\ {\isacharquery}x} schemes, which are hard to manage
29.408 - without further hints.
29.409 -
29.410 - By providing a (small) rigid term for \isa{{\isacharquery}x} explicitly, the
29.411 - remaining unification problem is to assign a (large) term to \isa{{\isacharquery}P}, according to the shape of the given subgoal. This is
29.412 - sufficiently well-behaved in most practical situations.
29.413 -
29.414 - \medskip Isabelle provides separate versions of the standard \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f} resolution tactics that allow to provide explicit
29.415 - instantiations of unknowns of the given rule, wrt.\ terms that refer
29.416 - to the implicit context of the selected subgoal.
29.417 -
29.418 - An instantiation consists of a list of pairs of the form \isa{{\isacharparenleft}{\isacharquery}x{\isacharcomma}\ t{\isacharparenright}}, where \isa{{\isacharquery}x} is a schematic variable occurring in
29.419 - the given rule, and \isa{t} is a term from the current proof
29.420 - context, augmented by the local goal parameters of the selected
29.421 - subgoal; cf.\ the \isa{focus} operation described in
29.422 - \secref{sec:variables}.
29.423 -
29.424 - Entering the syntactic context of a subgoal is a brittle operation,
29.425 - because its exact form is somewhat accidental, and the choice of
29.426 - bound variable names depends on the presence of other local and
29.427 - global names. Explicit renaming of subgoal parameters prior to
29.428 - explicit instantiation might help to achieve a bit more robustness.
29.429 -
29.430 - Type instantiations may be given as well, via pairs like \isa{{\isacharparenleft}{\isacharquery}{\isacharprime}a{\isacharcomma}\ {\isasymtau}{\isacharparenright}}. Type instantiations are distinguished from term
29.431 - instantiations by the syntactic form of the schematic variable.
29.432 - Types are instantiated before terms are. Since term instantiation
29.433 - already performs type-inference as expected, explicit type
29.434 - instantiations are seldom necessary.%
29.435 -\end{isamarkuptext}%
29.436 -\isamarkuptrue%
29.437 -%
29.438 -\isadelimmlref
29.439 -%
29.440 -\endisadelimmlref
29.441 -%
29.442 -\isatagmlref
29.443 -%
29.444 -\begin{isamarkuptext}%
29.445 -\begin{mldecls}
29.446 - \indexml{res\_inst\_tac}\verb|res_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
29.447 - \indexml{eres\_inst\_tac}\verb|eres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
29.448 - \indexml{dres\_inst\_tac}\verb|dres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
29.449 - \indexml{forw\_inst\_tac}\verb|forw_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\[1ex]
29.450 - \indexml{rename\_tac}\verb|rename_tac: string list -> int -> tactic| \\
29.451 - \end{mldecls}
29.452 -
29.453 - \begin{description}
29.454 -
29.455 - \item \verb|res_inst_tac|~\isa{ctxt\ insts\ thm\ i} instantiates the
29.456 - rule \isa{thm} with the instantiations \isa{insts}, as described
29.457 - above, and then performs resolution on subgoal \isa{i}.
29.458 -
29.459 - \item \verb|eres_inst_tac| is like \verb|res_inst_tac|, but performs
29.460 - elim-resolution.
29.461 -
29.462 - \item \verb|dres_inst_tac| is like \verb|res_inst_tac|, but performs
29.463 - destruct-resolution.
29.464 -
29.465 - \item \verb|forw_inst_tac| is like \verb|dres_inst_tac| except that
29.466 - the selected assumption is not deleted.
29.467 -
29.468 - \item \verb|rename_tac|~\isa{names\ i} renames the innermost
29.469 - parameters of subgoal \isa{i} according to the provided \isa{names} (which need to be distinct indentifiers).
29.470 -
29.471 - \end{description}%
29.472 -\end{isamarkuptext}%
29.473 -\isamarkuptrue%
29.474 -%
29.475 -\endisatagmlref
29.476 -{\isafoldmlref}%
29.477 -%
29.478 -\isadelimmlref
29.479 -%
29.480 -\endisadelimmlref
29.481 -%
29.482 -\isamarkupsection{Tacticals \label{sec:tacticals}%
29.483 -}
29.484 -\isamarkuptrue%
29.485 -%
29.486 -\begin{isamarkuptext}%
29.487 -FIXME
29.488 -
29.489 -\glossary{Tactical}{A functional combinator for building up complex
29.490 -tactics from simpler ones. Typical tactical perform sequential
29.491 -composition, disjunction (choice), iteration, or goal addressing.
29.492 -Various search strategies may be expressed via tacticals.}%
29.493 -\end{isamarkuptext}%
29.494 -\isamarkuptrue%
29.495 -%
29.496 -\isadelimtheory
29.497 -%
29.498 -\endisadelimtheory
29.499 -%
29.500 -\isatagtheory
29.501 -\isacommand{end}\isamarkupfalse%
29.502 -%
29.503 -\endisatagtheory
29.504 -{\isafoldtheory}%
29.505 -%
29.506 -\isadelimtheory
29.507 -%
29.508 -\endisadelimtheory
29.509 -\isanewline
29.510 -\isanewline
29.511 -\end{isabellebody}%
29.512 -%%% Local Variables:
29.513 -%%% mode: latex
29.514 -%%% TeX-master: "root"
29.515 -%%% End:
30.1 --- a/doc-src/IsarImplementation/Thy/integration.thy Mon Feb 16 20:25:21 2009 +0100
30.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
30.3 @@ -1,426 +0,0 @@
30.4 -
30.5 -(* $Id$ *)
30.6 -
30.7 -theory integration imports base begin
30.8 -
30.9 -chapter {* System integration *}
30.10 -
30.11 -section {* Isar toplevel \label{sec:isar-toplevel} *}
30.12 -
30.13 -text {* The Isar toplevel may be considered the centeral hub of the
30.14 - Isabelle/Isar system, where all key components and sub-systems are
30.15 - integrated into a single read-eval-print loop of Isar commands. We
30.16 - shall even incorporate the existing {\ML} toplevel of the compiler
30.17 - and run-time system (cf.\ \secref{sec:ML-toplevel}).
30.18 -
30.19 - Isabelle/Isar departs from the original ``LCF system architecture''
30.20 - where {\ML} was really The Meta Language for defining theories and
30.21 - conducting proofs. Instead, {\ML} now only serves as the
30.22 - implementation language for the system (and user extensions), while
30.23 - the specific Isar toplevel supports the concepts of theory and proof
30.24 - development natively. This includes the graph structure of theories
30.25 - and the block structure of proofs, support for unlimited undo,
30.26 - facilities for tracing, debugging, timing, profiling etc.
30.27 -
30.28 - \medskip The toplevel maintains an implicit state, which is
30.29 - transformed by a sequence of transitions -- either interactively or
30.30 - in batch-mode. In interactive mode, Isar state transitions are
30.31 - encapsulated as safe transactions, such that both failure and undo
30.32 - are handled conveniently without destroying the underlying draft
30.33 - theory (cf.~\secref{sec:context-theory}). In batch mode,
30.34 - transitions operate in a linear (destructive) fashion, such that
30.35 - error conditions abort the present attempt to construct a theory or
30.36 - proof altogether.
30.37 -
30.38 - The toplevel state is a disjoint sum of empty @{text toplevel}, or
30.39 - @{text theory}, or @{text proof}. On entering the main Isar loop we
30.40 - start with an empty toplevel. A theory is commenced by giving a
30.41 - @{text \<THEORY>} header; within a theory we may issue theory
30.42 - commands such as @{text \<DEFINITION>}, or state a @{text
30.43 - \<THEOREM>} to be proven. Now we are within a proof state, with a
30.44 - rich collection of Isar proof commands for structured proof
30.45 - composition, or unstructured proof scripts. When the proof is
30.46 - concluded we get back to the theory, which is then updated by
30.47 - storing the resulting fact. Further theory declarations or theorem
30.48 - statements with proofs may follow, until we eventually conclude the
30.49 - theory development by issuing @{text \<END>}. The resulting theory
30.50 - is then stored within the theory database and we are back to the
30.51 - empty toplevel.
30.52 -
30.53 - In addition to these proper state transformations, there are also
30.54 - some diagnostic commands for peeking at the toplevel state without
30.55 - modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term},
30.56 - \isakeyword{print-cases}).
30.57 -*}
30.58 -
30.59 -text %mlref {*
30.60 - \begin{mldecls}
30.61 - @{index_ML_type Toplevel.state} \\
30.62 - @{index_ML Toplevel.UNDEF: "exn"} \\
30.63 - @{index_ML Toplevel.is_toplevel: "Toplevel.state -> bool"} \\
30.64 - @{index_ML Toplevel.theory_of: "Toplevel.state -> theory"} \\
30.65 - @{index_ML Toplevel.proof_of: "Toplevel.state -> Proof.state"} \\
30.66 - @{index_ML Toplevel.debug: "bool ref"} \\
30.67 - @{index_ML Toplevel.timing: "bool ref"} \\
30.68 - @{index_ML Toplevel.profiling: "int ref"} \\
30.69 - \end{mldecls}
30.70 -
30.71 - \begin{description}
30.72 -
30.73 - \item @{ML_type Toplevel.state} represents Isar toplevel states,
30.74 - which are normally manipulated through the concept of toplevel
30.75 - transitions only (\secref{sec:toplevel-transition}). Also note that
30.76 - a raw toplevel state is subject to the same linearity restrictions
30.77 - as a theory context (cf.~\secref{sec:context-theory}).
30.78 -
30.79 - \item @{ML Toplevel.UNDEF} is raised for undefined toplevel
30.80 - operations. Many operations work only partially for certain cases,
30.81 - since @{ML_type Toplevel.state} is a sum type.
30.82 -
30.83 - \item @{ML Toplevel.is_toplevel}~@{text "state"} checks for an empty
30.84 - toplevel state.
30.85 -
30.86 - \item @{ML Toplevel.theory_of}~@{text "state"} selects the theory of
30.87 - a theory or proof (!), otherwise raises @{ML Toplevel.UNDEF}.
30.88 -
30.89 - \item @{ML Toplevel.proof_of}~@{text "state"} selects the Isar proof
30.90 - state if available, otherwise raises @{ML Toplevel.UNDEF}.
30.91 -
30.92 - \item @{ML "set Toplevel.debug"} makes the toplevel print further
30.93 - details about internal error conditions, exceptions being raised
30.94 - etc.
30.95 -
30.96 - \item @{ML "set Toplevel.timing"} makes the toplevel print timing
30.97 - information for each Isar command being executed.
30.98 -
30.99 - \item @{ML Toplevel.profiling}~@{verbatim ":="}~@{text "n"} controls
30.100 - low-level profiling of the underlying {\ML} runtime system. For
30.101 - Poly/ML, @{text "n = 1"} means time and @{text "n = 2"} space
30.102 - profiling.
30.103 -
30.104 - \end{description}
30.105 -*}
30.106 -
30.107 -
30.108 -subsection {* Toplevel transitions \label{sec:toplevel-transition} *}
30.109 -
30.110 -text {*
30.111 - An Isar toplevel transition consists of a partial function on the
30.112 - toplevel state, with additional information for diagnostics and
30.113 - error reporting: there are fields for command name, source position,
30.114 - optional source text, as well as flags for interactive-only commands
30.115 - (which issue a warning in batch-mode), printing of result state,
30.116 - etc.
30.117 -
30.118 - The operational part is represented as the sequential union of a
30.119 - list of partial functions, which are tried in turn until the first
30.120 - one succeeds. This acts like an outer case-expression for various
30.121 - alternative state transitions. For example, \isakeyword{qed} acts
30.122 - differently for a local proofs vs.\ the global ending of the main
30.123 - proof.
30.124 -
30.125 - Toplevel transitions are composed via transition transformers.
30.126 - Internally, Isar commands are put together from an empty transition
30.127 - extended by name and source position (and optional source text). It
30.128 - is then left to the individual command parser to turn the given
30.129 - concrete syntax into a suitable transition transformer that adjoin
30.130 - actual operations on a theory or proof state etc.
30.131 -*}
30.132 -
30.133 -text %mlref {*
30.134 - \begin{mldecls}
30.135 - @{index_ML Toplevel.print: "Toplevel.transition -> Toplevel.transition"} \\
30.136 - @{index_ML Toplevel.no_timing: "Toplevel.transition -> Toplevel.transition"} \\
30.137 - @{index_ML Toplevel.keep: "(Toplevel.state -> unit) ->
30.138 - Toplevel.transition -> Toplevel.transition"} \\
30.139 - @{index_ML Toplevel.theory: "(theory -> theory) ->
30.140 - Toplevel.transition -> Toplevel.transition"} \\
30.141 - @{index_ML Toplevel.theory_to_proof: "(theory -> Proof.state) ->
30.142 - Toplevel.transition -> Toplevel.transition"} \\
30.143 - @{index_ML Toplevel.proof: "(Proof.state -> Proof.state) ->
30.144 - Toplevel.transition -> Toplevel.transition"} \\
30.145 - @{index_ML Toplevel.proofs: "(Proof.state -> Proof.state Seq.seq) ->
30.146 - Toplevel.transition -> Toplevel.transition"} \\
30.147 - @{index_ML Toplevel.end_proof: "(bool -> Proof.state -> Proof.context) ->
30.148 - Toplevel.transition -> Toplevel.transition"} \\
30.149 - \end{mldecls}
30.150 -
30.151 - \begin{description}
30.152 -
30.153 - \item @{ML Toplevel.print}~@{text "tr"} sets the print flag, which
30.154 - causes the toplevel loop to echo the result state (in interactive
30.155 - mode).
30.156 -
30.157 - \item @{ML Toplevel.no_timing}~@{text "tr"} indicates that the
30.158 - transition should never show timing information, e.g.\ because it is
30.159 - a diagnostic command.
30.160 -
30.161 - \item @{ML Toplevel.keep}~@{text "tr"} adjoins a diagnostic
30.162 - function.
30.163 -
30.164 - \item @{ML Toplevel.theory}~@{text "tr"} adjoins a theory
30.165 - transformer.
30.166 -
30.167 - \item @{ML Toplevel.theory_to_proof}~@{text "tr"} adjoins a global
30.168 - goal function, which turns a theory into a proof state. The theory
30.169 - may be changed before entering the proof; the generic Isar goal
30.170 - setup includes an argument that specifies how to apply the proven
30.171 - result to the theory, when the proof is finished.
30.172 -
30.173 - \item @{ML Toplevel.proof}~@{text "tr"} adjoins a deterministic
30.174 - proof command, with a singleton result.
30.175 -
30.176 - \item @{ML Toplevel.proofs}~@{text "tr"} adjoins a general proof
30.177 - command, with zero or more result states (represented as a lazy
30.178 - list).
30.179 -
30.180 - \item @{ML Toplevel.end_proof}~@{text "tr"} adjoins a concluding
30.181 - proof command, that returns the resulting theory, after storing the
30.182 - resulting facts in the context etc.
30.183 -
30.184 - \end{description}
30.185 -*}
30.186 -
30.187 -
30.188 -subsection {* Toplevel control *}
30.189 -
30.190 -text {*
30.191 - There are a few special control commands that modify the behavior
30.192 - the toplevel itself, and only make sense in interactive mode. Under
30.193 - normal circumstances, the user encounters these only implicitly as
30.194 - part of the protocol between the Isabelle/Isar system and a
30.195 - user-interface such as ProofGeneral.
30.196 -
30.197 - \begin{description}
30.198 -
30.199 - \item \isacommand{undo} follows the three-level hierarchy of empty
30.200 - toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the
30.201 - previous proof context, undo after a proof reverts to the theory
30.202 - before the initial goal statement, undo of a theory command reverts
30.203 - to the previous theory value, undo of a theory header discontinues
30.204 - the current theory development and removes it from the theory
30.205 - database (\secref{sec:theory-database}).
30.206 -
30.207 - \item \isacommand{kill} aborts the current level of development:
30.208 - kill in a proof context reverts to the theory before the initial
30.209 - goal statement, kill in a theory context aborts the current theory
30.210 - development, removing it from the database.
30.211 -
30.212 - \item \isacommand{exit} drops out of the Isar toplevel into the
30.213 - underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar
30.214 - toplevel state is preserved and may be continued later.
30.215 -
30.216 - \item \isacommand{quit} terminates the Isabelle/Isar process without
30.217 - saving.
30.218 -
30.219 - \end{description}
30.220 -*}
30.221 -
30.222 -
30.223 -section {* ML toplevel \label{sec:ML-toplevel} *}
30.224 -
30.225 -text {*
30.226 - The {\ML} toplevel provides a read-compile-eval-print loop for {\ML}
30.227 - values, types, structures, and functors. {\ML} declarations operate
30.228 - on the global system state, which consists of the compiler
30.229 - environment plus the values of {\ML} reference variables. There is
30.230 - no clean way to undo {\ML} declarations, except for reverting to a
30.231 - previously saved state of the whole Isabelle process. {\ML} input
30.232 - is either read interactively from a TTY, or from a string (usually
30.233 - within a theory text), or from a source file (usually loaded from a
30.234 - theory).
30.235 -
30.236 - Whenever the {\ML} toplevel is active, the current Isabelle theory
30.237 - context is passed as an internal reference variable. Thus {\ML}
30.238 - code may access the theory context during compilation, it may even
30.239 - change the value of a theory being under construction --- while
30.240 - observing the usual linearity restrictions
30.241 - (cf.~\secref{sec:context-theory}).
30.242 -*}
30.243 -
30.244 -text %mlref {*
30.245 - \begin{mldecls}
30.246 - @{index_ML the_context: "unit -> theory"} \\
30.247 - @{index_ML "Context.>> ": "(Context.generic -> Context.generic) -> unit"} \\
30.248 - \end{mldecls}
30.249 -
30.250 - \begin{description}
30.251 -
30.252 - \item @{ML "the_context ()"} refers to the theory context of the
30.253 - {\ML} toplevel --- at compile time! {\ML} code needs to take care
30.254 - to refer to @{ML "the_context ()"} correctly. Recall that
30.255 - evaluation of a function body is delayed until actual runtime.
30.256 - Moreover, persistent {\ML} toplevel bindings to an unfinished theory
30.257 - should be avoided: code should either project out the desired
30.258 - information immediately, or produce an explicit @{ML_type
30.259 - theory_ref} (cf.\ \secref{sec:context-theory}).
30.260 -
30.261 - \item @{ML "Context.>>"}~@{text f} applies context transformation
30.262 - @{text f} to the implicit context of the {\ML} toplevel.
30.263 -
30.264 - \end{description}
30.265 -
30.266 - It is very important to note that the above functions are really
30.267 - restricted to the compile time, even though the {\ML} compiler is
30.268 - invoked at runtime! The majority of {\ML} code uses explicit
30.269 - functional arguments of a theory or proof context instead. Thus it
30.270 - may be invoked for an arbitrary context later on, without having to
30.271 - worry about any operational details.
30.272 -
30.273 - \bigskip
30.274 -
30.275 - \begin{mldecls}
30.276 - @{index_ML Isar.main: "unit -> unit"} \\
30.277 - @{index_ML Isar.loop: "unit -> unit"} \\
30.278 - @{index_ML Isar.state: "unit -> Toplevel.state"} \\
30.279 - @{index_ML Isar.exn: "unit -> (exn * string) option"} \\
30.280 - @{index_ML Isar.context: "unit -> Proof.context"} \\
30.281 - @{index_ML Isar.goal: "unit -> thm"} \\
30.282 - \end{mldecls}
30.283 -
30.284 - \begin{description}
30.285 -
30.286 - \item @{ML "Isar.main ()"} invokes the Isar toplevel from {\ML},
30.287 - initializing an empty toplevel state.
30.288 -
30.289 - \item @{ML "Isar.loop ()"} continues the Isar toplevel with the
30.290 - current state, after having dropped out of the Isar toplevel loop.
30.291 -
30.292 - \item @{ML "Isar.state ()"} and @{ML "Isar.exn ()"} get current
30.293 - toplevel state and error condition, respectively. This only works
30.294 - after having dropped out of the Isar toplevel loop.
30.295 -
30.296 - \item @{ML "Isar.context ()"} produces the proof context from @{ML
30.297 - "Isar.state ()"}, analogous to @{ML Context.proof_of}
30.298 - (\secref{sec:generic-context}).
30.299 -
30.300 - \item @{ML "Isar.goal ()"} picks the tactical goal from @{ML
30.301 - "Isar.state ()"}, represented as a theorem according to
30.302 - \secref{sec:tactical-goals}.
30.303 -
30.304 - \end{description}
30.305 -*}
30.306 -
30.307 -
30.308 -section {* Theory database \label{sec:theory-database} *}
30.309 -
30.310 -text {*
30.311 - The theory database maintains a collection of theories, together
30.312 - with some administrative information about their original sources,
30.313 - which are held in an external store (i.e.\ some directory within the
30.314 - regular file system).
30.315 -
30.316 - The theory database is organized as a directed acyclic graph;
30.317 - entries are referenced by theory name. Although some additional
30.318 - interfaces allow to include a directory specification as well, this
30.319 - is only a hint to the underlying theory loader. The internal theory
30.320 - name space is flat!
30.321 -
30.322 - Theory @{text A} is associated with the main theory file @{text
30.323 - A}\verb,.thy,, which needs to be accessible through the theory
30.324 - loader path. Any number of additional {\ML} source files may be
30.325 - associated with each theory, by declaring these dependencies in the
30.326 - theory header as @{text \<USES>}, and loading them consecutively
30.327 - within the theory context. The system keeps track of incoming {\ML}
30.328 - sources and associates them with the current theory. The file
30.329 - @{text A}\verb,.ML, is loaded after a theory has been concluded, in
30.330 - order to support legacy proof {\ML} proof scripts.
30.331 -
30.332 - The basic internal actions of the theory database are @{text
30.333 - "update"}, @{text "outdate"}, and @{text "remove"}:
30.334 -
30.335 - \begin{itemize}
30.336 -
30.337 - \item @{text "update A"} introduces a link of @{text "A"} with a
30.338 - @{text "theory"} value of the same name; it asserts that the theory
30.339 - sources are now consistent with that value;
30.340 -
30.341 - \item @{text "outdate A"} invalidates the link of a theory database
30.342 - entry to its sources, but retains the present theory value;
30.343 -
30.344 - \item @{text "remove A"} deletes entry @{text "A"} from the theory
30.345 - database.
30.346 -
30.347 - \end{itemize}
30.348 -
30.349 - These actions are propagated to sub- or super-graphs of a theory
30.350 - entry as expected, in order to preserve global consistency of the
30.351 - state of all loaded theories with the sources of the external store.
30.352 - This implies certain causalities between actions: @{text "update"}
30.353 - or @{text "outdate"} of an entry will @{text "outdate"} all
30.354 - descendants; @{text "remove"} will @{text "remove"} all descendants.
30.355 -
30.356 - \medskip There are separate user-level interfaces to operate on the
30.357 - theory database directly or indirectly. The primitive actions then
30.358 - just happen automatically while working with the system. In
30.359 - particular, processing a theory header @{text "\<THEORY> A
30.360 - \<IMPORTS> B\<^sub>1 \<dots> B\<^sub>n \<BEGIN>"} ensures that the
30.361 - sub-graph of the collective imports @{text "B\<^sub>1 \<dots> B\<^sub>n"}
30.362 - is up-to-date, too. Earlier theories are reloaded as required, with
30.363 - @{text update} actions proceeding in topological order according to
30.364 - theory dependencies. There may be also a wave of implied @{text
30.365 - outdate} actions for derived theory nodes until a stable situation
30.366 - is achieved eventually.
30.367 -*}
30.368 -
30.369 -text %mlref {*
30.370 - \begin{mldecls}
30.371 - @{index_ML theory: "string -> theory"} \\
30.372 - @{index_ML use_thy: "string -> unit"} \\
30.373 - @{index_ML use_thys: "string list -> unit"} \\
30.374 - @{index_ML ThyInfo.touch_thy: "string -> unit"} \\
30.375 - @{index_ML ThyInfo.remove_thy: "string -> unit"} \\[1ex]
30.376 - @{index_ML ThyInfo.begin_theory}@{verbatim ": ... -> bool -> theory"} \\
30.377 - @{index_ML ThyInfo.end_theory: "theory -> unit"} \\
30.378 - @{index_ML ThyInfo.register_theory: "theory -> unit"} \\[1ex]
30.379 - @{verbatim "datatype action = Update | Outdate | Remove"} \\
30.380 - @{index_ML ThyInfo.add_hook: "(ThyInfo.action -> string -> unit) -> unit"} \\
30.381 - \end{mldecls}
30.382 -
30.383 - \begin{description}
30.384 -
30.385 - \item @{ML theory}~@{text A} retrieves the theory value presently
30.386 - associated with name @{text A}. Note that the result might be
30.387 - outdated.
30.388 -
30.389 - \item @{ML use_thy}~@{text A} ensures that theory @{text A} is fully
30.390 - up-to-date wrt.\ the external file store, reloading outdated
30.391 - ancestors as required.
30.392 -
30.393 - \item @{ML use_thys} is similar to @{ML use_thy}, but handles
30.394 - several theories simultaneously. Thus it acts like processing the
30.395 - import header of a theory, without performing the merge of the
30.396 - result, though.
30.397 -
30.398 - \item @{ML ThyInfo.touch_thy}~@{text A} performs and @{text outdate} action
30.399 - on theory @{text A} and all descendants.
30.400 -
30.401 - \item @{ML ThyInfo.remove_thy}~@{text A} deletes theory @{text A} and all
30.402 - descendants from the theory database.
30.403 -
30.404 - \item @{ML ThyInfo.begin_theory} is the basic operation behind a
30.405 - @{text \<THEORY>} header declaration. This is {\ML} functions is
30.406 - normally not invoked directly.
30.407 -
30.408 - \item @{ML ThyInfo.end_theory} concludes the loading of a theory
30.409 - proper and stores the result in the theory database.
30.410 -
30.411 - \item @{ML ThyInfo.register_theory}~@{text "text thy"} registers an
30.412 - existing theory value with the theory loader database. There is no
30.413 - management of associated sources.
30.414 -
30.415 - \item @{ML "ThyInfo.add_hook"}~@{text f} registers function @{text
30.416 - f} as a hook for theory database actions. The function will be
30.417 - invoked with the action and theory name being involved; thus derived
30.418 - actions may be performed in associated system components, e.g.\
30.419 - maintaining the state of an editor for the theory sources.
30.420 -
30.421 - The kind and order of actions occurring in practice depends both on
30.422 - user interactions and the internal process of resolving theory
30.423 - imports. Hooks should not rely on a particular policy here! Any
30.424 - exceptions raised by the hook are ignored.
30.425 -
30.426 - \end{description}
30.427 -*}
30.428 -
30.429 -end
31.1 --- a/doc-src/IsarImplementation/Thy/isar.thy Mon Feb 16 20:25:21 2009 +0100
31.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
31.3 @@ -1,41 +0,0 @@
31.4 -
31.5 -(* $Id$ *)
31.6 -
31.7 -theory isar imports base begin
31.8 -
31.9 -chapter {* Isar proof texts *}
31.10 -
31.11 -section {* Proof context *}
31.12 -
31.13 -text FIXME
31.14 -
31.15 -
31.16 -section {* Proof state \label{sec:isar-proof-state} *}
31.17 -
31.18 -text {*
31.19 - FIXME
31.20 -
31.21 -\glossary{Proof state}{The whole configuration of a structured proof,
31.22 -consisting of a \seeglossary{proof context} and an optional
31.23 -\seeglossary{structured goal}. Internally, an Isar proof state is
31.24 -organized as a stack to accomodate block structure of proof texts.
31.25 -For historical reasons, a low-level \seeglossary{tactical goal} is
31.26 -occasionally called ``proof state'' as well.}
31.27 -
31.28 -\glossary{Structured goal}{FIXME}
31.29 -
31.30 -\glossary{Goal}{See \seeglossary{tactical goal} or \seeglossary{structured goal}. \norefpage}
31.31 -
31.32 -
31.33 -*}
31.34 -
31.35 -section {* Proof methods *}
31.36 -
31.37 -text FIXME
31.38 -
31.39 -section {* Attributes *}
31.40 -
31.41 -text "FIXME ?!"
31.42 -
31.43 -
31.44 -end
32.1 --- a/doc-src/IsarImplementation/Thy/locale.thy Mon Feb 16 20:25:21 2009 +0100
32.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
32.3 @@ -1,26 +0,0 @@
32.4 -
32.5 -(* $Id$ *)
32.6 -
32.7 -theory "locale" imports base begin
32.8 -
32.9 -chapter {* Structured specifications *}
32.10 -
32.11 -section {* Specification elements *}
32.12 -
32.13 -text FIXME
32.14 -
32.15 -
32.16 -section {* Type-inference *}
32.17 -
32.18 -text FIXME
32.19 -
32.20 -
32.21 -section {* Local theories *}
32.22 -
32.23 -text {*
32.24 - FIXME
32.25 -
32.26 - \glossary{Local theory}{FIXME}
32.27 -*}
32.28 -
32.29 -end
33.1 --- a/doc-src/IsarImplementation/Thy/logic.thy Mon Feb 16 20:25:21 2009 +0100
33.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
33.3 @@ -1,851 +0,0 @@
33.4 -theory logic imports base begin
33.5 -
33.6 -chapter {* Primitive logic \label{ch:logic} *}
33.7 -
33.8 -text {*
33.9 - The logical foundations of Isabelle/Isar are that of the Pure logic,
33.10 - which has been introduced as a natural-deduction framework in
33.11 - \cite{paulson700}. This is essentially the same logic as ``@{text
33.12 - "\<lambda>HOL"}'' in the more abstract setting of Pure Type Systems (PTS)
33.13 - \cite{Barendregt-Geuvers:2001}, although there are some key
33.14 - differences in the specific treatment of simple types in
33.15 - Isabelle/Pure.
33.16 -
33.17 - Following type-theoretic parlance, the Pure logic consists of three
33.18 - levels of @{text "\<lambda>"}-calculus with corresponding arrows, @{text
33.19 - "\<Rightarrow>"} for syntactic function space (terms depending on terms), @{text
33.20 - "\<And>"} for universal quantification (proofs depending on terms), and
33.21 - @{text "\<Longrightarrow>"} for implication (proofs depending on proofs).
33.22 -
33.23 - Derivations are relative to a logical theory, which declares type
33.24 - constructors, constants, and axioms. Theory declarations support
33.25 - schematic polymorphism, which is strictly speaking outside the
33.26 - logic.\footnote{This is the deeper logical reason, why the theory
33.27 - context @{text "\<Theta>"} is separate from the proof context @{text "\<Gamma>"}
33.28 - of the core calculus.}
33.29 -*}
33.30 -
33.31 -
33.32 -section {* Types \label{sec:types} *}
33.33 -
33.34 -text {*
33.35 - The language of types is an uninterpreted order-sorted first-order
33.36 - algebra; types are qualified by ordered type classes.
33.37 -
33.38 - \medskip A \emph{type class} is an abstract syntactic entity
33.39 - declared in the theory context. The \emph{subclass relation} @{text
33.40 - "c\<^isub>1 \<subseteq> c\<^isub>2"} is specified by stating an acyclic
33.41 - generating relation; the transitive closure is maintained
33.42 - internally. The resulting relation is an ordering: reflexive,
33.43 - transitive, and antisymmetric.
33.44 -
33.45 - A \emph{sort} is a list of type classes written as @{text "s =
33.46 - {c\<^isub>1, \<dots>, c\<^isub>m}"}, which represents symbolic
33.47 - intersection. Notationally, the curly braces are omitted for
33.48 - singleton intersections, i.e.\ any class @{text "c"} may be read as
33.49 - a sort @{text "{c}"}. The ordering on type classes is extended to
33.50 - sorts according to the meaning of intersections: @{text
33.51 - "{c\<^isub>1, \<dots> c\<^isub>m} \<subseteq> {d\<^isub>1, \<dots>, d\<^isub>n}"} iff
33.52 - @{text "\<forall>j. \<exists>i. c\<^isub>i \<subseteq> d\<^isub>j"}. The empty intersection
33.53 - @{text "{}"} refers to the universal sort, which is the largest
33.54 - element wrt.\ the sort order. The intersections of all (finitely
33.55 - many) classes declared in the current theory are the minimal
33.56 - elements wrt.\ the sort order.
33.57 -
33.58 - \medskip A \emph{fixed type variable} is a pair of a basic name
33.59 - (starting with a @{text "'"} character) and a sort constraint, e.g.\
33.60 - @{text "('a, s)"} which is usually printed as @{text "\<alpha>\<^isub>s"}.
33.61 - A \emph{schematic type variable} is a pair of an indexname and a
33.62 - sort constraint, e.g.\ @{text "(('a, 0), s)"} which is usually
33.63 - printed as @{text "?\<alpha>\<^isub>s"}.
33.64 -
33.65 - Note that \emph{all} syntactic components contribute to the identity
33.66 - of type variables, including the sort constraint. The core logic
33.67 - handles type variables with the same name but different sorts as
33.68 - different, although some outer layers of the system make it hard to
33.69 - produce anything like this.
33.70 -
33.71 - A \emph{type constructor} @{text "\<kappa>"} is a @{text "k"}-ary operator
33.72 - on types declared in the theory. Type constructor application is
33.73 - written postfix as @{text "(\<alpha>\<^isub>1, \<dots>, \<alpha>\<^isub>k)\<kappa>"}. For
33.74 - @{text "k = 0"} the argument tuple is omitted, e.g.\ @{text "prop"}
33.75 - instead of @{text "()prop"}. For @{text "k = 1"} the parentheses
33.76 - are omitted, e.g.\ @{text "\<alpha> list"} instead of @{text "(\<alpha>)list"}.
33.77 - Further notation is provided for specific constructors, notably the
33.78 - right-associative infix @{text "\<alpha> \<Rightarrow> \<beta>"} instead of @{text "(\<alpha>,
33.79 - \<beta>)fun"}.
33.80 -
33.81 - A \emph{type} is defined inductively over type variables and type
33.82 - constructors as follows: @{text "\<tau> = \<alpha>\<^isub>s | ?\<alpha>\<^isub>s |
33.83 - (\<tau>\<^sub>1, \<dots>, \<tau>\<^sub>k)\<kappa>"}.
33.84 -
33.85 - A \emph{type abbreviation} is a syntactic definition @{text
33.86 - "(\<^vec>\<alpha>)\<kappa> = \<tau>"} of an arbitrary type expression @{text "\<tau>"} over
33.87 - variables @{text "\<^vec>\<alpha>"}. Type abbreviations appear as type
33.88 - constructors in the syntax, but are expanded before entering the
33.89 - logical core.
33.90 -
33.91 - A \emph{type arity} declares the image behavior of a type
33.92 - constructor wrt.\ the algebra of sorts: @{text "\<kappa> :: (s\<^isub>1, \<dots>,
33.93 - s\<^isub>k)s"} means that @{text "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>k)\<kappa>"} is
33.94 - of sort @{text "s"} if every argument type @{text "\<tau>\<^isub>i"} is
33.95 - of sort @{text "s\<^isub>i"}. Arity declarations are implicitly
33.96 - completed, i.e.\ @{text "\<kappa> :: (\<^vec>s)c"} entails @{text "\<kappa> ::
33.97 - (\<^vec>s)c'"} for any @{text "c' \<supseteq> c"}.
33.98 -
33.99 - \medskip The sort algebra is always maintained as \emph{coregular},
33.100 - which means that type arities are consistent with the subclass
33.101 - relation: for any type constructor @{text "\<kappa>"}, and classes @{text
33.102 - "c\<^isub>1 \<subseteq> c\<^isub>2"}, and arities @{text "\<kappa> ::
33.103 - (\<^vec>s\<^isub>1)c\<^isub>1"} and @{text "\<kappa> ::
33.104 - (\<^vec>s\<^isub>2)c\<^isub>2"} holds @{text "\<^vec>s\<^isub>1 \<subseteq>
33.105 - \<^vec>s\<^isub>2"} component-wise.
33.106 -
33.107 - The key property of a coregular order-sorted algebra is that sort
33.108 - constraints can be solved in a most general fashion: for each type
33.109 - constructor @{text "\<kappa>"} and sort @{text "s"} there is a most general
33.110 - vector of argument sorts @{text "(s\<^isub>1, \<dots>, s\<^isub>k)"} such
33.111 - that a type scheme @{text "(\<alpha>\<^bsub>s\<^isub>1\<^esub>, \<dots>,
33.112 - \<alpha>\<^bsub>s\<^isub>k\<^esub>)\<kappa>"} is of sort @{text "s"}.
33.113 - Consequently, type unification has most general solutions (modulo
33.114 - equivalence of sorts), so type-inference produces primary types as
33.115 - expected \cite{nipkow-prehofer}.
33.116 -*}
33.117 -
33.118 -text %mlref {*
33.119 - \begin{mldecls}
33.120 - @{index_ML_type class} \\
33.121 - @{index_ML_type sort} \\
33.122 - @{index_ML_type arity} \\
33.123 - @{index_ML_type typ} \\
33.124 - @{index_ML map_atyps: "(typ -> typ) -> typ -> typ"} \\
33.125 - @{index_ML fold_atyps: "(typ -> 'a -> 'a) -> typ -> 'a -> 'a"} \\
33.126 - \end{mldecls}
33.127 - \begin{mldecls}
33.128 - @{index_ML Sign.subsort: "theory -> sort * sort -> bool"} \\
33.129 - @{index_ML Sign.of_sort: "theory -> typ * sort -> bool"} \\
33.130 - @{index_ML Sign.add_types: "(string * int * mixfix) list -> theory -> theory"} \\
33.131 - @{index_ML Sign.add_tyabbrs_i: "
33.132 - (string * string list * typ * mixfix) list -> theory -> theory"} \\
33.133 - @{index_ML Sign.primitive_class: "string * class list -> theory -> theory"} \\
33.134 - @{index_ML Sign.primitive_classrel: "class * class -> theory -> theory"} \\
33.135 - @{index_ML Sign.primitive_arity: "arity -> theory -> theory"} \\
33.136 - \end{mldecls}
33.137 -
33.138 - \begin{description}
33.139 -
33.140 - \item @{ML_type class} represents type classes; this is an alias for
33.141 - @{ML_type string}.
33.142 -
33.143 - \item @{ML_type sort} represents sorts; this is an alias for
33.144 - @{ML_type "class list"}.
33.145 -
33.146 - \item @{ML_type arity} represents type arities; this is an alias for
33.147 - triples of the form @{text "(\<kappa>, \<^vec>s, s)"} for @{text "\<kappa> ::
33.148 - (\<^vec>s)s"} described above.
33.149 -
33.150 - \item @{ML_type typ} represents types; this is a datatype with
33.151 - constructors @{ML TFree}, @{ML TVar}, @{ML Type}.
33.152 -
33.153 - \item @{ML map_atyps}~@{text "f \<tau>"} applies the mapping @{text "f"}
33.154 - to all atomic types (@{ML TFree}, @{ML TVar}) occurring in @{text
33.155 - "\<tau>"}.
33.156 -
33.157 - \item @{ML fold_atyps}~@{text "f \<tau>"} iterates the operation @{text
33.158 - "f"} over all occurrences of atomic types (@{ML TFree}, @{ML TVar})
33.159 - in @{text "\<tau>"}; the type structure is traversed from left to right.
33.160 -
33.161 - \item @{ML Sign.subsort}~@{text "thy (s\<^isub>1, s\<^isub>2)"}
33.162 - tests the subsort relation @{text "s\<^isub>1 \<subseteq> s\<^isub>2"}.
33.163 -
33.164 - \item @{ML Sign.of_sort}~@{text "thy (\<tau>, s)"} tests whether type
33.165 - @{text "\<tau>"} is of sort @{text "s"}.
33.166 -
33.167 - \item @{ML Sign.add_types}~@{text "[(\<kappa>, k, mx), \<dots>]"} declares a new
33.168 - type constructors @{text "\<kappa>"} with @{text "k"} arguments and
33.169 - optional mixfix syntax.
33.170 -
33.171 - \item @{ML Sign.add_tyabbrs_i}~@{text "[(\<kappa>, \<^vec>\<alpha>, \<tau>, mx), \<dots>]"}
33.172 - defines a new type abbreviation @{text "(\<^vec>\<alpha>)\<kappa> = \<tau>"} with
33.173 - optional mixfix syntax.
33.174 -
33.175 - \item @{ML Sign.primitive_class}~@{text "(c, [c\<^isub>1, \<dots>,
33.176 - c\<^isub>n])"} declares a new class @{text "c"}, together with class
33.177 - relations @{text "c \<subseteq> c\<^isub>i"}, for @{text "i = 1, \<dots>, n"}.
33.178 -
33.179 - \item @{ML Sign.primitive_classrel}~@{text "(c\<^isub>1,
33.180 - c\<^isub>2)"} declares the class relation @{text "c\<^isub>1 \<subseteq>
33.181 - c\<^isub>2"}.
33.182 -
33.183 - \item @{ML Sign.primitive_arity}~@{text "(\<kappa>, \<^vec>s, s)"} declares
33.184 - the arity @{text "\<kappa> :: (\<^vec>s)s"}.
33.185 -
33.186 - \end{description}
33.187 -*}
33.188 -
33.189 -
33.190 -
33.191 -section {* Terms \label{sec:terms} *}
33.192 -
33.193 -text {*
33.194 - \glossary{Term}{FIXME}
33.195 -
33.196 - The language of terms is that of simply-typed @{text "\<lambda>"}-calculus
33.197 - with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
33.198 - or \cite{paulson-ml2}), with the types being determined determined
33.199 - by the corresponding binders. In contrast, free variables and
33.200 - constants are have an explicit name and type in each occurrence.
33.201 -
33.202 - \medskip A \emph{bound variable} is a natural number @{text "b"},
33.203 - which accounts for the number of intermediate binders between the
33.204 - variable occurrence in the body and its binding position. For
33.205 - example, the de-Bruijn term @{text
33.206 - "\<lambda>\<^bsub>nat\<^esub>. \<lambda>\<^bsub>nat\<^esub>. 1 + 0"} would
33.207 - correspond to @{text
33.208 - "\<lambda>x\<^bsub>nat\<^esub>. \<lambda>y\<^bsub>nat\<^esub>. x + y"} in a named
33.209 - representation. Note that a bound variable may be represented by
33.210 - different de-Bruijn indices at different occurrences, depending on
33.211 - the nesting of abstractions.
33.212 -
33.213 - A \emph{loose variable} is a bound variable that is outside the
33.214 - scope of local binders. The types (and names) for loose variables
33.215 - can be managed as a separate context, that is maintained as a stack
33.216 - of hypothetical binders. The core logic operates on closed terms,
33.217 - without any loose variables.
33.218 -
33.219 - A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
33.220 - @{text "(x, \<tau>)"} which is usually printed @{text "x\<^isub>\<tau>"}. A
33.221 - \emph{schematic variable} is a pair of an indexname and a type,
33.222 - e.g.\ @{text "((x, 0), \<tau>)"} which is usually printed as @{text
33.223 - "?x\<^isub>\<tau>"}.
33.224 -
33.225 - \medskip A \emph{constant} is a pair of a basic name and a type,
33.226 - e.g.\ @{text "(c, \<tau>)"} which is usually printed as @{text
33.227 - "c\<^isub>\<tau>"}. Constants are declared in the context as polymorphic
33.228 - families @{text "c :: \<sigma>"}, meaning that all substitution instances
33.229 - @{text "c\<^isub>\<tau>"} for @{text "\<tau> = \<sigma>\<vartheta>"} are valid.
33.230 -
33.231 - The vector of \emph{type arguments} of constant @{text "c\<^isub>\<tau>"}
33.232 - wrt.\ the declaration @{text "c :: \<sigma>"} is defined as the codomain of
33.233 - the matcher @{text "\<vartheta> = {?\<alpha>\<^isub>1 \<mapsto> \<tau>\<^isub>1, \<dots>,
33.234 - ?\<alpha>\<^isub>n \<mapsto> \<tau>\<^isub>n}"} presented in canonical order @{text
33.235 - "(\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n)"}. Within a given theory context,
33.236 - there is a one-to-one correspondence between any constant @{text
33.237 - "c\<^isub>\<tau>"} and the application @{text "c(\<tau>\<^isub>1, \<dots>,
33.238 - \<tau>\<^isub>n)"} of its type arguments. For example, with @{text "plus
33.239 - :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> \<alpha>"}, the instance @{text "plus\<^bsub>nat \<Rightarrow> nat \<Rightarrow>
33.240 - nat\<^esub>"} corresponds to @{text "plus(nat)"}.
33.241 -
33.242 - Constant declarations @{text "c :: \<sigma>"} may contain sort constraints
33.243 - for type variables in @{text "\<sigma>"}. These are observed by
33.244 - type-inference as expected, but \emph{ignored} by the core logic.
33.245 - This means the primitive logic is able to reason with instances of
33.246 - polymorphic constants that the user-level type-checker would reject
33.247 - due to violation of type class restrictions.
33.248 -
33.249 - \medskip An \emph{atomic} term is either a variable or constant. A
33.250 - \emph{term} is defined inductively over atomic terms, with
33.251 - abstraction and application as follows: @{text "t = b | x\<^isub>\<tau> |
33.252 - ?x\<^isub>\<tau> | c\<^isub>\<tau> | \<lambda>\<^isub>\<tau>. t | t\<^isub>1 t\<^isub>2"}.
33.253 - Parsing and printing takes care of converting between an external
33.254 - representation with named bound variables. Subsequently, we shall
33.255 - use the latter notation instead of internal de-Bruijn
33.256 - representation.
33.257 -
33.258 - The inductive relation @{text "t :: \<tau>"} assigns a (unique) type to a
33.259 - term according to the structure of atomic terms, abstractions, and
33.260 - applicatins:
33.261 - \[
33.262 - \infer{@{text "a\<^isub>\<tau> :: \<tau>"}}{}
33.263 - \qquad
33.264 - \infer{@{text "(\<lambda>x\<^sub>\<tau>. t) :: \<tau> \<Rightarrow> \<sigma>"}}{@{text "t :: \<sigma>"}}
33.265 - \qquad
33.266 - \infer{@{text "t u :: \<sigma>"}}{@{text "t :: \<tau> \<Rightarrow> \<sigma>"} & @{text "u :: \<tau>"}}
33.267 - \]
33.268 - A \emph{well-typed term} is a term that can be typed according to these rules.
33.269 -
33.270 - Typing information can be omitted: type-inference is able to
33.271 - reconstruct the most general type of a raw term, while assigning
33.272 - most general types to all of its variables and constants.
33.273 - Type-inference depends on a context of type constraints for fixed
33.274 - variables, and declarations for polymorphic constants.
33.275 -
33.276 - The identity of atomic terms consists both of the name and the type
33.277 - component. This means that different variables @{text
33.278 - "x\<^bsub>\<tau>\<^isub>1\<^esub>"} and @{text
33.279 - "x\<^bsub>\<tau>\<^isub>2\<^esub>"} may become the same after type
33.280 - instantiation. Some outer layers of the system make it hard to
33.281 - produce variables of the same name, but different types. In
33.282 - contrast, mixed instances of polymorphic constants occur frequently.
33.283 -
33.284 - \medskip The \emph{hidden polymorphism} of a term @{text "t :: \<sigma>"}
33.285 - is the set of type variables occurring in @{text "t"}, but not in
33.286 - @{text "\<sigma>"}. This means that the term implicitly depends on type
33.287 - arguments that are not accounted in the result type, i.e.\ there are
33.288 - different type instances @{text "t\<vartheta> :: \<sigma>"} and @{text
33.289 - "t\<vartheta>' :: \<sigma>"} with the same type. This slightly
33.290 - pathological situation notoriously demands additional care.
33.291 -
33.292 - \medskip A \emph{term abbreviation} is a syntactic definition @{text
33.293 - "c\<^isub>\<sigma> \<equiv> t"} of a closed term @{text "t"} of type @{text "\<sigma>"},
33.294 - without any hidden polymorphism. A term abbreviation looks like a
33.295 - constant in the syntax, but is expanded before entering the logical
33.296 - core. Abbreviations are usually reverted when printing terms, using
33.297 - @{text "t \<rightarrow> c\<^isub>\<sigma>"} as rules for higher-order rewriting.
33.298 -
33.299 - \medskip Canonical operations on @{text "\<lambda>"}-terms include @{text
33.300 - "\<alpha>\<beta>\<eta>"}-conversion: @{text "\<alpha>"}-conversion refers to capture-free
33.301 - renaming of bound variables; @{text "\<beta>"}-conversion contracts an
33.302 - abstraction applied to an argument term, substituting the argument
33.303 - in the body: @{text "(\<lambda>x. b)a"} becomes @{text "b[a/x]"}; @{text
33.304 - "\<eta>"}-conversion contracts vacuous application-abstraction: @{text
33.305 - "\<lambda>x. f x"} becomes @{text "f"}, provided that the bound variable
33.306 - does not occur in @{text "f"}.
33.307 -
33.308 - Terms are normally treated modulo @{text "\<alpha>"}-conversion, which is
33.309 - implicit in the de-Bruijn representation. Names for bound variables
33.310 - in abstractions are maintained separately as (meaningless) comments,
33.311 - mostly for parsing and printing. Full @{text "\<alpha>\<beta>\<eta>"}-conversion is
33.312 - commonplace in various standard operations (\secref{sec:obj-rules})
33.313 - that are based on higher-order unification and matching.
33.314 -*}
33.315 -
33.316 -text %mlref {*
33.317 - \begin{mldecls}
33.318 - @{index_ML_type term} \\
33.319 - @{index_ML "op aconv": "term * term -> bool"} \\
33.320 - @{index_ML map_types: "(typ -> typ) -> term -> term"} \\
33.321 - @{index_ML fold_types: "(typ -> 'a -> 'a) -> term -> 'a -> 'a"} \\
33.322 - @{index_ML map_aterms: "(term -> term) -> term -> term"} \\
33.323 - @{index_ML fold_aterms: "(term -> 'a -> 'a) -> term -> 'a -> 'a"} \\
33.324 - \end{mldecls}
33.325 - \begin{mldecls}
33.326 - @{index_ML fastype_of: "term -> typ"} \\
33.327 - @{index_ML lambda: "term -> term -> term"} \\
33.328 - @{index_ML betapply: "term * term -> term"} \\
33.329 - @{index_ML Sign.declare_const: "Properties.T -> (binding * typ) * mixfix ->
33.330 - theory -> term * theory"} \\
33.331 - @{index_ML Sign.add_abbrev: "string -> Properties.T -> binding * term ->
33.332 - theory -> (term * term) * theory"} \\
33.333 - @{index_ML Sign.const_typargs: "theory -> string * typ -> typ list"} \\
33.334 - @{index_ML Sign.const_instance: "theory -> string * typ list -> typ"} \\
33.335 - \end{mldecls}
33.336 -
33.337 - \begin{description}
33.338 -
33.339 - \item @{ML_type term} represents de-Bruijn terms, with comments in
33.340 - abstractions, and explicitly named free variables and constants;
33.341 - this is a datatype with constructors @{ML Bound}, @{ML Free}, @{ML
33.342 - Var}, @{ML Const}, @{ML Abs}, @{ML "op $"}.
33.343 -
33.344 - \item @{text "t"}~@{ML aconv}~@{text "u"} checks @{text
33.345 - "\<alpha>"}-equivalence of two terms. This is the basic equality relation
33.346 - on type @{ML_type term}; raw datatype equality should only be used
33.347 - for operations related to parsing or printing!
33.348 -
33.349 - \item @{ML map_types}~@{text "f t"} applies the mapping @{text
33.350 - "f"} to all types occurring in @{text "t"}.
33.351 -
33.352 - \item @{ML fold_types}~@{text "f t"} iterates the operation @{text
33.353 - "f"} over all occurrences of types in @{text "t"}; the term
33.354 - structure is traversed from left to right.
33.355 -
33.356 - \item @{ML map_aterms}~@{text "f t"} applies the mapping @{text "f"}
33.357 - to all atomic terms (@{ML Bound}, @{ML Free}, @{ML Var}, @{ML
33.358 - Const}) occurring in @{text "t"}.
33.359 -
33.360 - \item @{ML fold_aterms}~@{text "f t"} iterates the operation @{text
33.361 - "f"} over all occurrences of atomic terms (@{ML Bound}, @{ML Free},
33.362 - @{ML Var}, @{ML Const}) in @{text "t"}; the term structure is
33.363 - traversed from left to right.
33.364 -
33.365 - \item @{ML fastype_of}~@{text "t"} determines the type of a
33.366 - well-typed term. This operation is relatively slow, despite the
33.367 - omission of any sanity checks.
33.368 -
33.369 - \item @{ML lambda}~@{text "a b"} produces an abstraction @{text
33.370 - "\<lambda>a. b"}, where occurrences of the atomic term @{text "a"} in the
33.371 - body @{text "b"} are replaced by bound variables.
33.372 -
33.373 - \item @{ML betapply}~@{text "(t, u)"} produces an application @{text
33.374 - "t u"}, with topmost @{text "\<beta>"}-conversion if @{text "t"} is an
33.375 - abstraction.
33.376 -
33.377 - \item @{ML Sign.declare_const}~@{text "properties ((c, \<sigma>), mx)"}
33.378 - declares a new constant @{text "c :: \<sigma>"} with optional mixfix
33.379 - syntax.
33.380 -
33.381 - \item @{ML Sign.add_abbrev}~@{text "print_mode properties (c, t)"}
33.382 - introduces a new term abbreviation @{text "c \<equiv> t"}.
33.383 -
33.384 - \item @{ML Sign.const_typargs}~@{text "thy (c, \<tau>)"} and @{ML
33.385 - Sign.const_instance}~@{text "thy (c, [\<tau>\<^isub>1, \<dots>, \<tau>\<^isub>n])"}
33.386 - convert between two representations of polymorphic constants: full
33.387 - type instance vs.\ compact type arguments form.
33.388 -
33.389 - \end{description}
33.390 -*}
33.391 -
33.392 -
33.393 -section {* Theorems \label{sec:thms} *}
33.394 -
33.395 -text {*
33.396 - \glossary{Proposition}{FIXME A \seeglossary{term} of
33.397 - \seeglossary{type} @{text "prop"}. Internally, there is nothing
33.398 - special about propositions apart from their type, but the concrete
33.399 - syntax enforces a clear distinction. Propositions are structured
33.400 - via implication @{text "A \<Longrightarrow> B"} or universal quantification @{text
33.401 - "\<And>x. B x"} --- anything else is considered atomic. The canonical
33.402 - form for propositions is that of a \seeglossary{Hereditary Harrop
33.403 - Formula}. FIXME}
33.404 -
33.405 - \glossary{Theorem}{A proven proposition within a certain theory and
33.406 - proof context, formally @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<phi>"}; both contexts are
33.407 - rarely spelled out explicitly. Theorems are usually normalized
33.408 - according to the \seeglossary{HHF} format. FIXME}
33.409 -
33.410 - \glossary{Fact}{Sometimes used interchangeably for
33.411 - \seeglossary{theorem}. Strictly speaking, a list of theorems,
33.412 - essentially an extra-logical conjunction. Facts emerge either as
33.413 - local assumptions, or as results of local goal statements --- both
33.414 - may be simultaneous, hence the list representation. FIXME}
33.415 -
33.416 - \glossary{Schematic variable}{FIXME}
33.417 -
33.418 - \glossary{Fixed variable}{A variable that is bound within a certain
33.419 - proof context; an arbitrary-but-fixed entity within a portion of
33.420 - proof text. FIXME}
33.421 -
33.422 - \glossary{Free variable}{Synonymous for \seeglossary{fixed
33.423 - variable}. FIXME}
33.424 -
33.425 - \glossary{Bound variable}{FIXME}
33.426 -
33.427 - \glossary{Variable}{See \seeglossary{schematic variable},
33.428 - \seeglossary{fixed variable}, \seeglossary{bound variable}, or
33.429 - \seeglossary{type variable}. The distinguishing feature of
33.430 - different variables is their binding scope. FIXME}
33.431 -
33.432 - A \emph{proposition} is a well-typed term of type @{text "prop"}, a
33.433 - \emph{theorem} is a proven proposition (depending on a context of
33.434 - hypotheses and the background theory). Primitive inferences include
33.435 - plain natural deduction rules for the primary connectives @{text
33.436 - "\<And>"} and @{text "\<Longrightarrow>"} of the framework. There is also a builtin
33.437 - notion of equality/equivalence @{text "\<equiv>"}.
33.438 -*}
33.439 -
33.440 -subsection {* Primitive connectives and rules \label{sec:prim-rules} *}
33.441 -
33.442 -text {*
33.443 - The theory @{text "Pure"} contains constant declarations for the
33.444 - primitive connectives @{text "\<And>"}, @{text "\<Longrightarrow>"}, and @{text "\<equiv>"} of
33.445 - the logical framework, see \figref{fig:pure-connectives}. The
33.446 - derivability judgment @{text "A\<^isub>1, \<dots>, A\<^isub>n \<turnstile> B"} is
33.447 - defined inductively by the primitive inferences given in
33.448 - \figref{fig:prim-rules}, with the global restriction that the
33.449 - hypotheses must \emph{not} contain any schematic variables. The
33.450 - builtin equality is conceptually axiomatized as shown in
33.451 - \figref{fig:pure-equality}, although the implementation works
33.452 - directly with derived inferences.
33.453 -
33.454 - \begin{figure}[htb]
33.455 - \begin{center}
33.456 - \begin{tabular}{ll}
33.457 - @{text "all :: (\<alpha> \<Rightarrow> prop) \<Rightarrow> prop"} & universal quantification (binder @{text "\<And>"}) \\
33.458 - @{text "\<Longrightarrow> :: prop \<Rightarrow> prop \<Rightarrow> prop"} & implication (right associative infix) \\
33.459 - @{text "\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> prop"} & equality relation (infix) \\
33.460 - \end{tabular}
33.461 - \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
33.462 - \end{center}
33.463 - \end{figure}
33.464 -
33.465 - \begin{figure}[htb]
33.466 - \begin{center}
33.467 - \[
33.468 - \infer[@{text "(axiom)"}]{@{text "\<turnstile> A"}}{@{text "A \<in> \<Theta>"}}
33.469 - \qquad
33.470 - \infer[@{text "(assume)"}]{@{text "A \<turnstile> A"}}{}
33.471 - \]
33.472 - \[
33.473 - \infer[@{text "(\<And>_intro)"}]{@{text "\<Gamma> \<turnstile> \<And>x. b[x]"}}{@{text "\<Gamma> \<turnstile> b[x]"} & @{text "x \<notin> \<Gamma>"}}
33.474 - \qquad
33.475 - \infer[@{text "(\<And>_elim)"}]{@{text "\<Gamma> \<turnstile> b[a]"}}{@{text "\<Gamma> \<turnstile> \<And>x. b[x]"}}
33.476 - \]
33.477 - \[
33.478 - \infer[@{text "(\<Longrightarrow>_intro)"}]{@{text "\<Gamma> - A \<turnstile> A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
33.479 - \qquad
33.480 - \infer[@{text "(\<Longrightarrow>_elim)"}]{@{text "\<Gamma>\<^sub>1 \<union> \<Gamma>\<^sub>2 \<turnstile> B"}}{@{text "\<Gamma>\<^sub>1 \<turnstile> A \<Longrightarrow> B"} & @{text "\<Gamma>\<^sub>2 \<turnstile> A"}}
33.481 - \]
33.482 - \caption{Primitive inferences of Pure}\label{fig:prim-rules}
33.483 - \end{center}
33.484 - \end{figure}
33.485 -
33.486 - \begin{figure}[htb]
33.487 - \begin{center}
33.488 - \begin{tabular}{ll}
33.489 - @{text "\<turnstile> (\<lambda>x. b[x]) a \<equiv> b[a]"} & @{text "\<beta>"}-conversion \\
33.490 - @{text "\<turnstile> x \<equiv> x"} & reflexivity \\
33.491 - @{text "\<turnstile> x \<equiv> y \<Longrightarrow> P x \<Longrightarrow> P y"} & substitution \\
33.492 - @{text "\<turnstile> (\<And>x. f x \<equiv> g x) \<Longrightarrow> f \<equiv> g"} & extensionality \\
33.493 - @{text "\<turnstile> (A \<Longrightarrow> B) \<Longrightarrow> (B \<Longrightarrow> A) \<Longrightarrow> A \<equiv> B"} & logical equivalence \\
33.494 - \end{tabular}
33.495 - \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
33.496 - \end{center}
33.497 - \end{figure}
33.498 -
33.499 - The introduction and elimination rules for @{text "\<And>"} and @{text
33.500 - "\<Longrightarrow>"} are analogous to formation of dependently typed @{text
33.501 - "\<lambda>"}-terms representing the underlying proof objects. Proof terms
33.502 - are irrelevant in the Pure logic, though; they cannot occur within
33.503 - propositions. The system provides a runtime option to record
33.504 - explicit proof terms for primitive inferences. Thus all three
33.505 - levels of @{text "\<lambda>"}-calculus become explicit: @{text "\<Rightarrow>"} for
33.506 - terms, and @{text "\<And>/\<Longrightarrow>"} for proofs (cf.\
33.507 - \cite{Berghofer-Nipkow:2000:TPHOL}).
33.508 -
33.509 - Observe that locally fixed parameters (as in @{text "\<And>_intro"}) need
33.510 - not be recorded in the hypotheses, because the simple syntactic
33.511 - types of Pure are always inhabitable. ``Assumptions'' @{text "x ::
33.512 - \<tau>"} for type-membership are only present as long as some @{text
33.513 - "x\<^isub>\<tau>"} occurs in the statement body.\footnote{This is the key
33.514 - difference to ``@{text "\<lambda>HOL"}'' in the PTS framework
33.515 - \cite{Barendregt-Geuvers:2001}, where hypotheses @{text "x : A"} are
33.516 - treated uniformly for propositions and types.}
33.517 -
33.518 - \medskip The axiomatization of a theory is implicitly closed by
33.519 - forming all instances of type and term variables: @{text "\<turnstile>
33.520 - A\<vartheta>"} holds for any substitution instance of an axiom
33.521 - @{text "\<turnstile> A"}. By pushing substitutions through derivations
33.522 - inductively, we also get admissible @{text "generalize"} and @{text
33.523 - "instance"} rules as shown in \figref{fig:subst-rules}.
33.524 -
33.525 - \begin{figure}[htb]
33.526 - \begin{center}
33.527 - \[
33.528 - \infer{@{text "\<Gamma> \<turnstile> B[?\<alpha>]"}}{@{text "\<Gamma> \<turnstile> B[\<alpha>]"} & @{text "\<alpha> \<notin> \<Gamma>"}}
33.529 - \quad
33.530 - \infer[\quad@{text "(generalize)"}]{@{text "\<Gamma> \<turnstile> B[?x]"}}{@{text "\<Gamma> \<turnstile> B[x]"} & @{text "x \<notin> \<Gamma>"}}
33.531 - \]
33.532 - \[
33.533 - \infer{@{text "\<Gamma> \<turnstile> B[\<tau>]"}}{@{text "\<Gamma> \<turnstile> B[?\<alpha>]"}}
33.534 - \quad
33.535 - \infer[\quad@{text "(instantiate)"}]{@{text "\<Gamma> \<turnstile> B[t]"}}{@{text "\<Gamma> \<turnstile> B[?x]"}}
33.536 - \]
33.537 - \caption{Admissible substitution rules}\label{fig:subst-rules}
33.538 - \end{center}
33.539 - \end{figure}
33.540 -
33.541 - Note that @{text "instantiate"} does not require an explicit
33.542 - side-condition, because @{text "\<Gamma>"} may never contain schematic
33.543 - variables.
33.544 -
33.545 - In principle, variables could be substituted in hypotheses as well,
33.546 - but this would disrupt the monotonicity of reasoning: deriving
33.547 - @{text "\<Gamma>\<vartheta> \<turnstile> B\<vartheta>"} from @{text "\<Gamma> \<turnstile> B"} is
33.548 - correct, but @{text "\<Gamma>\<vartheta> \<supseteq> \<Gamma>"} does not necessarily hold:
33.549 - the result belongs to a different proof context.
33.550 -
33.551 - \medskip An \emph{oracle} is a function that produces axioms on the
33.552 - fly. Logically, this is an instance of the @{text "axiom"} rule
33.553 - (\figref{fig:prim-rules}), but there is an operational difference.
33.554 - The system always records oracle invocations within derivations of
33.555 - theorems. Tracing plain axioms (and named theorems) is optional.
33.556 -
33.557 - Axiomatizations should be limited to the bare minimum, typically as
33.558 - part of the initial logical basis of an object-logic formalization.
33.559 - Later on, theories are usually developed in a strictly definitional
33.560 - fashion, by stating only certain equalities over new constants.
33.561 -
33.562 - A \emph{simple definition} consists of a constant declaration @{text
33.563 - "c :: \<sigma>"} together with an axiom @{text "\<turnstile> c \<equiv> t"}, where @{text "t
33.564 - :: \<sigma>"} is a closed term without any hidden polymorphism. The RHS
33.565 - may depend on further defined constants, but not @{text "c"} itself.
33.566 - Definitions of functions may be presented as @{text "c \<^vec>x \<equiv>
33.567 - t"} instead of the puristic @{text "c \<equiv> \<lambda>\<^vec>x. t"}.
33.568 -
33.569 - An \emph{overloaded definition} consists of a collection of axioms
33.570 - for the same constant, with zero or one equations @{text
33.571 - "c((\<^vec>\<alpha>)\<kappa>) \<equiv> t"} for each type constructor @{text "\<kappa>"} (for
33.572 - distinct variables @{text "\<^vec>\<alpha>"}). The RHS may mention
33.573 - previously defined constants as above, or arbitrary constants @{text
33.574 - "d(\<alpha>\<^isub>i)"} for some @{text "\<alpha>\<^isub>i"} projected from @{text
33.575 - "\<^vec>\<alpha>"}. Thus overloaded definitions essentially work by
33.576 - primitive recursion over the syntactic structure of a single type
33.577 - argument.
33.578 -*}
33.579 -
33.580 -text %mlref {*
33.581 - \begin{mldecls}
33.582 - @{index_ML_type ctyp} \\
33.583 - @{index_ML_type cterm} \\
33.584 - @{index_ML Thm.ctyp_of: "theory -> typ -> ctyp"} \\
33.585 - @{index_ML Thm.cterm_of: "theory -> term -> cterm"} \\
33.586 - \end{mldecls}
33.587 - \begin{mldecls}
33.588 - @{index_ML_type thm} \\
33.589 - @{index_ML proofs: "int ref"} \\
33.590 - @{index_ML Thm.assume: "cterm -> thm"} \\
33.591 - @{index_ML Thm.forall_intr: "cterm -> thm -> thm"} \\
33.592 - @{index_ML Thm.forall_elim: "cterm -> thm -> thm"} \\
33.593 - @{index_ML Thm.implies_intr: "cterm -> thm -> thm"} \\
33.594 - @{index_ML Thm.implies_elim: "thm -> thm -> thm"} \\
33.595 - @{index_ML Thm.generalize: "string list * string list -> int -> thm -> thm"} \\
33.596 - @{index_ML Thm.instantiate: "(ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm"} \\
33.597 - @{index_ML Thm.axiom: "theory -> string -> thm"} \\
33.598 - @{index_ML Thm.add_oracle: "bstring * ('a -> cterm) -> theory
33.599 - -> (string * ('a -> thm)) * theory"} \\
33.600 - \end{mldecls}
33.601 - \begin{mldecls}
33.602 - @{index_ML Theory.add_axioms_i: "(binding * term) list -> theory -> theory"} \\
33.603 - @{index_ML Theory.add_deps: "string -> string * typ -> (string * typ) list -> theory -> theory"} \\
33.604 - @{index_ML Theory.add_defs_i: "bool -> bool -> (binding * term) list -> theory -> theory"} \\
33.605 - \end{mldecls}
33.606 -
33.607 - \begin{description}
33.608 -
33.609 - \item @{ML_type ctyp} and @{ML_type cterm} represent certified types
33.610 - and terms, respectively. These are abstract datatypes that
33.611 - guarantee that its values have passed the full well-formedness (and
33.612 - well-typedness) checks, relative to the declarations of type
33.613 - constructors, constants etc. in the theory.
33.614 -
33.615 - \item @{ML ctyp_of}~@{text "thy \<tau>"} and @{ML cterm_of}~@{text "thy
33.616 - t"} explicitly checks types and terms, respectively. This also
33.617 - involves some basic normalizations, such expansion of type and term
33.618 - abbreviations from the theory context.
33.619 -
33.620 - Re-certification is relatively slow and should be avoided in tight
33.621 - reasoning loops. There are separate operations to decompose
33.622 - certified entities (including actual theorems).
33.623 -
33.624 - \item @{ML_type thm} represents proven propositions. This is an
33.625 - abstract datatype that guarantees that its values have been
33.626 - constructed by basic principles of the @{ML_struct Thm} module.
33.627 - Every @{ML thm} value contains a sliding back-reference to the
33.628 - enclosing theory, cf.\ \secref{sec:context-theory}.
33.629 -
33.630 - \item @{ML proofs} determines the detail of proof recording within
33.631 - @{ML_type thm} values: @{ML 0} records only oracles, @{ML 1} records
33.632 - oracles, axioms and named theorems, @{ML 2} records full proof
33.633 - terms.
33.634 -
33.635 - \item @{ML Thm.assume}, @{ML Thm.forall_intr}, @{ML
33.636 - Thm.forall_elim}, @{ML Thm.implies_intr}, and @{ML Thm.implies_elim}
33.637 - correspond to the primitive inferences of \figref{fig:prim-rules}.
33.638 -
33.639 - \item @{ML Thm.generalize}~@{text "(\<^vec>\<alpha>, \<^vec>x)"}
33.640 - corresponds to the @{text "generalize"} rules of
33.641 - \figref{fig:subst-rules}. Here collections of type and term
33.642 - variables are generalized simultaneously, specified by the given
33.643 - basic names.
33.644 -
33.645 - \item @{ML Thm.instantiate}~@{text "(\<^vec>\<alpha>\<^isub>s,
33.646 - \<^vec>x\<^isub>\<tau>)"} corresponds to the @{text "instantiate"} rules
33.647 - of \figref{fig:subst-rules}. Type variables are substituted before
33.648 - term variables. Note that the types in @{text "\<^vec>x\<^isub>\<tau>"}
33.649 - refer to the instantiated versions.
33.650 -
33.651 - \item @{ML Thm.axiom}~@{text "thy name"} retrieves a named
33.652 - axiom, cf.\ @{text "axiom"} in \figref{fig:prim-rules}.
33.653 -
33.654 - \item @{ML Thm.add_oracle}~@{text "(name, oracle)"} produces a named
33.655 - oracle rule, essentially generating arbitrary axioms on the fly,
33.656 - cf.\ @{text "axiom"} in \figref{fig:prim-rules}.
33.657 -
33.658 - \item @{ML Theory.add_axioms_i}~@{text "[(name, A), \<dots>]"} declares
33.659 - arbitrary propositions as axioms.
33.660 -
33.661 - \item @{ML Theory.add_deps}~@{text "name c\<^isub>\<tau>
33.662 - \<^vec>d\<^isub>\<sigma>"} declares dependencies of a named specification
33.663 - for constant @{text "c\<^isub>\<tau>"}, relative to existing
33.664 - specifications for constants @{text "\<^vec>d\<^isub>\<sigma>"}.
33.665 -
33.666 - \item @{ML Theory.add_defs_i}~@{text "unchecked overloaded [(name, c
33.667 - \<^vec>x \<equiv> t), \<dots>]"} states a definitional axiom for an existing
33.668 - constant @{text "c"}. Dependencies are recorded (cf.\ @{ML
33.669 - Theory.add_deps}), unless the @{text "unchecked"} option is set.
33.670 -
33.671 - \end{description}
33.672 -*}
33.673 -
33.674 -
33.675 -subsection {* Auxiliary definitions *}
33.676 -
33.677 -text {*
33.678 - Theory @{text "Pure"} provides a few auxiliary definitions, see
33.679 - \figref{fig:pure-aux}. These special constants are normally not
33.680 - exposed to the user, but appear in internal encodings.
33.681 -
33.682 - \begin{figure}[htb]
33.683 - \begin{center}
33.684 - \begin{tabular}{ll}
33.685 - @{text "conjunction :: prop \<Rightarrow> prop \<Rightarrow> prop"} & (infix @{text "&"}) \\
33.686 - @{text "\<turnstile> A & B \<equiv> (\<And>C. (A \<Longrightarrow> B \<Longrightarrow> C) \<Longrightarrow> C)"} \\[1ex]
33.687 - @{text "prop :: prop \<Rightarrow> prop"} & (prefix @{text "#"}, suppressed) \\
33.688 - @{text "#A \<equiv> A"} \\[1ex]
33.689 - @{text "term :: \<alpha> \<Rightarrow> prop"} & (prefix @{text "TERM"}) \\
33.690 - @{text "term x \<equiv> (\<And>A. A \<Longrightarrow> A)"} \\[1ex]
33.691 - @{text "TYPE :: \<alpha> itself"} & (prefix @{text "TYPE"}) \\
33.692 - @{text "(unspecified)"} \\
33.693 - \end{tabular}
33.694 - \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
33.695 - \end{center}
33.696 - \end{figure}
33.697 -
33.698 - Derived conjunction rules include introduction @{text "A \<Longrightarrow> B \<Longrightarrow> A &
33.699 - B"}, and destructions @{text "A & B \<Longrightarrow> A"} and @{text "A & B \<Longrightarrow> B"}.
33.700 - Conjunction allows to treat simultaneous assumptions and conclusions
33.701 - uniformly. For example, multiple claims are intermediately
33.702 - represented as explicit conjunction, but this is refined into
33.703 - separate sub-goals before the user continues the proof; the final
33.704 - result is projected into a list of theorems (cf.\
33.705 - \secref{sec:tactical-goals}).
33.706 -
33.707 - The @{text "prop"} marker (@{text "#"}) makes arbitrarily complex
33.708 - propositions appear as atomic, without changing the meaning: @{text
33.709 - "\<Gamma> \<turnstile> A"} and @{text "\<Gamma> \<turnstile> #A"} are interchangeable. See
33.710 - \secref{sec:tactical-goals} for specific operations.
33.711 -
33.712 - The @{text "term"} marker turns any well-typed term into a derivable
33.713 - proposition: @{text "\<turnstile> TERM t"} holds unconditionally. Although
33.714 - this is logically vacuous, it allows to treat terms and proofs
33.715 - uniformly, similar to a type-theoretic framework.
33.716 -
33.717 - The @{text "TYPE"} constructor is the canonical representative of
33.718 - the unspecified type @{text "\<alpha> itself"}; it essentially injects the
33.719 - language of types into that of terms. There is specific notation
33.720 - @{text "TYPE(\<tau>)"} for @{text "TYPE\<^bsub>\<tau>
33.721 - itself\<^esub>"}.
33.722 - Although being devoid of any particular meaning, the @{text
33.723 - "TYPE(\<tau>)"} accounts for the type @{text "\<tau>"} within the term
33.724 - language. In particular, @{text "TYPE(\<alpha>)"} may be used as formal
33.725 - argument in primitive definitions, in order to circumvent hidden
33.726 - polymorphism (cf.\ \secref{sec:terms}). For example, @{text "c
33.727 - TYPE(\<alpha>) \<equiv> A[\<alpha>]"} defines @{text "c :: \<alpha> itself \<Rightarrow> prop"} in terms of
33.728 - a proposition @{text "A"} that depends on an additional type
33.729 - argument, which is essentially a predicate on types.
33.730 -*}
33.731 -
33.732 -text %mlref {*
33.733 - \begin{mldecls}
33.734 - @{index_ML Conjunction.intr: "thm -> thm -> thm"} \\
33.735 - @{index_ML Conjunction.elim: "thm -> thm * thm"} \\
33.736 - @{index_ML Drule.mk_term: "cterm -> thm"} \\
33.737 - @{index_ML Drule.dest_term: "thm -> cterm"} \\
33.738 - @{index_ML Logic.mk_type: "typ -> term"} \\
33.739 - @{index_ML Logic.dest_type: "term -> typ"} \\
33.740 - \end{mldecls}
33.741 -
33.742 - \begin{description}
33.743 -
33.744 - \item @{ML Conjunction.intr} derives @{text "A & B"} from @{text
33.745 - "A"} and @{text "B"}.
33.746 -
33.747 - \item @{ML Conjunction.elim} derives @{text "A"} and @{text "B"}
33.748 - from @{text "A & B"}.
33.749 -
33.750 - \item @{ML Drule.mk_term} derives @{text "TERM t"}.
33.751 -
33.752 - \item @{ML Drule.dest_term} recovers term @{text "t"} from @{text
33.753 - "TERM t"}.
33.754 -
33.755 - \item @{ML Logic.mk_type}~@{text "\<tau>"} produces the term @{text
33.756 - "TYPE(\<tau>)"}.
33.757 -
33.758 - \item @{ML Logic.dest_type}~@{text "TYPE(\<tau>)"} recovers the type
33.759 - @{text "\<tau>"}.
33.760 -
33.761 - \end{description}
33.762 -*}
33.763 -
33.764 -
33.765 -section {* Object-level rules \label{sec:obj-rules} *}
33.766 -
33.767 -text %FIXME {*
33.768 -
33.769 -FIXME
33.770 -
33.771 - A \emph{rule} is any Pure theorem in HHF normal form; there is a
33.772 - separate calculus for rule composition, which is modeled after
33.773 - Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows
33.774 - rules to be nested arbitrarily, similar to \cite{extensions91}.
33.775 -
33.776 - Normally, all theorems accessible to the user are proper rules.
33.777 - Low-level inferences are occasional required internally, but the
33.778 - result should be always presented in canonical form. The higher
33.779 - interfaces of Isabelle/Isar will always produce proper rules. It is
33.780 - important to maintain this invariant in add-on applications!
33.781 -
33.782 - There are two main principles of rule composition: @{text
33.783 - "resolution"} (i.e.\ backchaining of rules) and @{text
33.784 - "by-assumption"} (i.e.\ closing a branch); both principles are
33.785 - combined in the variants of @{text "elim-resolution"} and @{text
33.786 - "dest-resolution"}. Raw @{text "composition"} is occasionally
33.787 - useful as well, also it is strictly speaking outside of the proper
33.788 - rule calculus.
33.789 -
33.790 - Rules are treated modulo general higher-order unification, which is
33.791 - unification modulo the equational theory of @{text "\<alpha>\<beta>\<eta>"}-conversion
33.792 - on @{text "\<lambda>"}-terms. Moreover, propositions are understood modulo
33.793 - the (derived) equivalence @{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}.
33.794 -
33.795 - This means that any operations within the rule calculus may be
33.796 - subject to spontaneous @{text "\<alpha>\<beta>\<eta>"}-HHF conversions. It is common
33.797 - practice not to contract or expand unnecessarily. Some mechanisms
33.798 - prefer an one form, others the opposite, so there is a potential
33.799 - danger to produce some oscillation!
33.800 -
33.801 - Only few operations really work \emph{modulo} HHF conversion, but
33.802 - expect a normal form: quantifiers @{text "\<And>"} before implications
33.803 - @{text "\<Longrightarrow>"} at each level of nesting.
33.804 -
33.805 -\glossary{Hereditary Harrop Formula}{The set of propositions in HHF
33.806 -format is defined inductively as @{text "H = (\<And>x\<^sup>*. H\<^sup>* \<Longrightarrow>
33.807 -A)"}, for variables @{text "x"} and atomic propositions @{text "A"}.
33.808 -Any proposition may be put into HHF form by normalizing with the rule
33.809 -@{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}. In Isabelle, the outermost
33.810 -quantifier prefix is represented via \seeglossary{schematic
33.811 -variables}, such that the top-level structure is merely that of a
33.812 -\seeglossary{Horn Clause}}.
33.813 -
33.814 -\glossary{HHF}{See \seeglossary{Hereditary Harrop Formula}.}
33.815 -
33.816 -
33.817 - \[
33.818 - \infer[@{text "(assumption)"}]{@{text "C\<vartheta>"}}
33.819 - {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C"} & @{text "A\<vartheta> = H\<^sub>i\<vartheta>"}~~\text{(for some~@{text i})}}
33.820 - \]
33.821 -
33.822 -
33.823 - \[
33.824 - \infer[@{text "(compose)"}]{@{text "\<^vec>A\<vartheta> \<Longrightarrow> C\<vartheta>"}}
33.825 - {@{text "\<^vec>A \<Longrightarrow> B"} & @{text "B' \<Longrightarrow> C"} & @{text "B\<vartheta> = B'\<vartheta>"}}
33.826 - \]
33.827 -
33.828 -
33.829 - \[
33.830 - \infer[@{text "(\<And>_lift)"}]{@{text "(\<And>\<^vec>x. \<^vec>A (?\<^vec>a \<^vec>x)) \<Longrightarrow> (\<And>\<^vec>x. B (?\<^vec>a \<^vec>x))"}}{@{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"}}
33.831 - \]
33.832 - \[
33.833 - \infer[@{text "(\<Longrightarrow>_lift)"}]{@{text "(\<^vec>H \<Longrightarrow> \<^vec>A) \<Longrightarrow> (\<^vec>H \<Longrightarrow> B)"}}{@{text "\<^vec>A \<Longrightarrow> B"}}
33.834 - \]
33.835 -
33.836 - The @{text resolve} scheme is now acquired from @{text "\<And>_lift"},
33.837 - @{text "\<Longrightarrow>_lift"}, and @{text compose}.
33.838 -
33.839 - \[
33.840 - \infer[@{text "(resolution)"}]
33.841 - {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (?\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}}
33.842 - {\begin{tabular}{l}
33.843 - @{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"} \\
33.844 - @{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\
33.845 - @{text "(\<lambda>\<^vec>x. B (?\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\
33.846 - \end{tabular}}
33.847 - \]
33.848 -
33.849 -
33.850 - FIXME @{text "elim_resolution"}, @{text "dest_resolution"}
33.851 -*}
33.852 -
33.853 -
33.854 -end
34.1 --- a/doc-src/IsarImplementation/Thy/prelim.thy Mon Feb 16 20:25:21 2009 +0100
34.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
34.3 @@ -1,779 +0,0 @@
34.4 -
34.5 -(* $Id$ *)
34.6 -
34.7 -theory prelim imports base begin
34.8 -
34.9 -chapter {* Preliminaries *}
34.10 -
34.11 -section {* Contexts \label{sec:context} *}
34.12 -
34.13 -text {*
34.14 - A logical context represents the background that is required for
34.15 - formulating statements and composing proofs. It acts as a medium to
34.16 - produce formal content, depending on earlier material (declarations,
34.17 - results etc.).
34.18 -
34.19 - For example, derivations within the Isabelle/Pure logic can be
34.20 - described as a judgment @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<phi>"}, which means that a
34.21 - proposition @{text "\<phi>"} is derivable from hypotheses @{text "\<Gamma>"}
34.22 - within the theory @{text "\<Theta>"}. There are logical reasons for
34.23 - keeping @{text "\<Theta>"} and @{text "\<Gamma>"} separate: theories can be
34.24 - liberal about supporting type constructors and schematic
34.25 - polymorphism of constants and axioms, while the inner calculus of
34.26 - @{text "\<Gamma> \<turnstile> \<phi>"} is strictly limited to Simple Type Theory (with
34.27 - fixed type variables in the assumptions).
34.28 -
34.29 - \medskip Contexts and derivations are linked by the following key
34.30 - principles:
34.31 -
34.32 - \begin{itemize}
34.33 -
34.34 - \item Transfer: monotonicity of derivations admits results to be
34.35 - transferred into a \emph{larger} context, i.e.\ @{text "\<Gamma> \<turnstile>\<^sub>\<Theta>
34.36 - \<phi>"} implies @{text "\<Gamma>' \<turnstile>\<^sub>\<Theta>\<^sub>' \<phi>"} for contexts @{text "\<Theta>'
34.37 - \<supseteq> \<Theta>"} and @{text "\<Gamma>' \<supseteq> \<Gamma>"}.
34.38 -
34.39 - \item Export: discharge of hypotheses admits results to be exported
34.40 - into a \emph{smaller} context, i.e.\ @{text "\<Gamma>' \<turnstile>\<^sub>\<Theta> \<phi>"}
34.41 - implies @{text "\<Gamma> \<turnstile>\<^sub>\<Theta> \<Delta> \<Longrightarrow> \<phi>"} where @{text "\<Gamma>' \<supseteq> \<Gamma>"} and
34.42 - @{text "\<Delta> = \<Gamma>' - \<Gamma>"}. Note that @{text "\<Theta>"} remains unchanged here,
34.43 - only the @{text "\<Gamma>"} part is affected.
34.44 -
34.45 - \end{itemize}
34.46 -
34.47 - \medskip By modeling the main characteristics of the primitive
34.48 - @{text "\<Theta>"} and @{text "\<Gamma>"} above, and abstracting over any
34.49 - particular logical content, we arrive at the fundamental notions of
34.50 - \emph{theory context} and \emph{proof context} in Isabelle/Isar.
34.51 - These implement a certain policy to manage arbitrary \emph{context
34.52 - data}. There is a strongly-typed mechanism to declare new kinds of
34.53 - data at compile time.
34.54 -
34.55 - The internal bootstrap process of Isabelle/Pure eventually reaches a
34.56 - stage where certain data slots provide the logical content of @{text
34.57 - "\<Theta>"} and @{text "\<Gamma>"} sketched above, but this does not stop there!
34.58 - Various additional data slots support all kinds of mechanisms that
34.59 - are not necessarily part of the core logic.
34.60 -
34.61 - For example, there would be data for canonical introduction and
34.62 - elimination rules for arbitrary operators (depending on the
34.63 - object-logic and application), which enables users to perform
34.64 - standard proof steps implicitly (cf.\ the @{text "rule"} method
34.65 - \cite{isabelle-isar-ref}).
34.66 -
34.67 - \medskip Thus Isabelle/Isar is able to bring forth more and more
34.68 - concepts successively. In particular, an object-logic like
34.69 - Isabelle/HOL continues the Isabelle/Pure setup by adding specific
34.70 - components for automated reasoning (classical reasoner, tableau
34.71 - prover, structured induction etc.) and derived specification
34.72 - mechanisms (inductive predicates, recursive functions etc.). All of
34.73 - this is ultimately based on the generic data management by theory
34.74 - and proof contexts introduced here.
34.75 -*}
34.76 -
34.77 -
34.78 -subsection {* Theory context \label{sec:context-theory} *}
34.79 -
34.80 -text {*
34.81 - \glossary{Theory}{FIXME}
34.82 -
34.83 - A \emph{theory} is a data container with explicit named and unique
34.84 - identifier. Theories are related by a (nominal) sub-theory
34.85 - relation, which corresponds to the dependency graph of the original
34.86 - construction; each theory is derived from a certain sub-graph of
34.87 - ancestor theories.
34.88 -
34.89 - The @{text "merge"} operation produces the least upper bound of two
34.90 - theories, which actually degenerates into absorption of one theory
34.91 - into the other (due to the nominal sub-theory relation).
34.92 -
34.93 - The @{text "begin"} operation starts a new theory by importing
34.94 - several parent theories and entering a special @{text "draft"} mode,
34.95 - which is sustained until the final @{text "end"} operation. A draft
34.96 - theory acts like a linear type, where updates invalidate earlier
34.97 - versions. An invalidated draft is called ``stale''.
34.98 -
34.99 - The @{text "checkpoint"} operation produces an intermediate stepping
34.100 - stone that will survive the next update: both the original and the
34.101 - changed theory remain valid and are related by the sub-theory
34.102 - relation. Checkpointing essentially recovers purely functional
34.103 - theory values, at the expense of some extra internal bookkeeping.
34.104 -
34.105 - The @{text "copy"} operation produces an auxiliary version that has
34.106 - the same data content, but is unrelated to the original: updates of
34.107 - the copy do not affect the original, neither does the sub-theory
34.108 - relation hold.
34.109 -
34.110 - \medskip The example in \figref{fig:ex-theory} below shows a theory
34.111 - graph derived from @{text "Pure"}, with theory @{text "Length"}
34.112 - importing @{text "Nat"} and @{text "List"}. The body of @{text
34.113 - "Length"} consists of a sequence of updates, working mostly on
34.114 - drafts. Intermediate checkpoints may occur as well, due to the
34.115 - history mechanism provided by the Isar top-level, cf.\
34.116 - \secref{sec:isar-toplevel}.
34.117 -
34.118 - \begin{figure}[htb]
34.119 - \begin{center}
34.120 - \begin{tabular}{rcccl}
34.121 - & & @{text "Pure"} \\
34.122 - & & @{text "\<down>"} \\
34.123 - & & @{text "FOL"} \\
34.124 - & $\swarrow$ & & $\searrow$ & \\
34.125 - @{text "Nat"} & & & & @{text "List"} \\
34.126 - & $\searrow$ & & $\swarrow$ \\
34.127 - & & @{text "Length"} \\
34.128 - & & \multicolumn{3}{l}{~~@{keyword "imports"}} \\
34.129 - & & \multicolumn{3}{l}{~~@{keyword "begin"}} \\
34.130 - & & $\vdots$~~ \\
34.131 - & & @{text "\<bullet>"}~~ \\
34.132 - & & $\vdots$~~ \\
34.133 - & & @{text "\<bullet>"}~~ \\
34.134 - & & $\vdots$~~ \\
34.135 - & & \multicolumn{3}{l}{~~@{command "end"}} \\
34.136 - \end{tabular}
34.137 - \caption{A theory definition depending on ancestors}\label{fig:ex-theory}
34.138 - \end{center}
34.139 - \end{figure}
34.140 -
34.141 - \medskip There is a separate notion of \emph{theory reference} for
34.142 - maintaining a live link to an evolving theory context: updates on
34.143 - drafts are propagated automatically. Dynamic updating stops after
34.144 - an explicit @{text "end"} only.
34.145 -
34.146 - Derived entities may store a theory reference in order to indicate
34.147 - the context they belong to. This implicitly assumes monotonic
34.148 - reasoning, because the referenced context may become larger without
34.149 - further notice.
34.150 -*}
34.151 -
34.152 -text %mlref {*
34.153 - \begin{mldecls}
34.154 - @{index_ML_type theory} \\
34.155 - @{index_ML Theory.subthy: "theory * theory -> bool"} \\
34.156 - @{index_ML Theory.merge: "theory * theory -> theory"} \\
34.157 - @{index_ML Theory.checkpoint: "theory -> theory"} \\
34.158 - @{index_ML Theory.copy: "theory -> theory"} \\
34.159 - \end{mldecls}
34.160 - \begin{mldecls}
34.161 - @{index_ML_type theory_ref} \\
34.162 - @{index_ML Theory.deref: "theory_ref -> theory"} \\
34.163 - @{index_ML Theory.check_thy: "theory -> theory_ref"} \\
34.164 - \end{mldecls}
34.165 -
34.166 - \begin{description}
34.167 -
34.168 - \item @{ML_type theory} represents theory contexts. This is
34.169 - essentially a linear type! Most operations destroy the original
34.170 - version, which then becomes ``stale''.
34.171 -
34.172 - \item @{ML "Theory.subthy"}~@{text "(thy\<^sub>1, thy\<^sub>2)"}
34.173 - compares theories according to the inherent graph structure of the
34.174 - construction. This sub-theory relation is a nominal approximation
34.175 - of inclusion (@{text "\<subseteq>"}) of the corresponding content.
34.176 -
34.177 - \item @{ML "Theory.merge"}~@{text "(thy\<^sub>1, thy\<^sub>2)"}
34.178 - absorbs one theory into the other. This fails for unrelated
34.179 - theories!
34.180 -
34.181 - \item @{ML "Theory.checkpoint"}~@{text "thy"} produces a safe
34.182 - stepping stone in the linear development of @{text "thy"}. The next
34.183 - update will result in two related, valid theories.
34.184 -
34.185 - \item @{ML "Theory.copy"}~@{text "thy"} produces a variant of @{text
34.186 - "thy"} that holds a copy of the same data. The result is not
34.187 - related to the original; the original is unchanched.
34.188 -
34.189 - \item @{ML_type theory_ref} represents a sliding reference to an
34.190 - always valid theory; updates on the original are propagated
34.191 - automatically.
34.192 -
34.193 - \item @{ML "Theory.deref"}~@{text "thy_ref"} turns a @{ML_type
34.194 - "theory_ref"} into an @{ML_type "theory"} value. As the referenced
34.195 - theory evolves monotonically over time, later invocations of @{ML
34.196 - "Theory.deref"} may refer to a larger context.
34.197 -
34.198 - \item @{ML "Theory.check_thy"}~@{text "thy"} produces a @{ML_type
34.199 - "theory_ref"} from a valid @{ML_type "theory"} value.
34.200 -
34.201 - \end{description}
34.202 -*}
34.203 -
34.204 -
34.205 -subsection {* Proof context \label{sec:context-proof} *}
34.206 -
34.207 -text {*
34.208 - \glossary{Proof context}{The static context of a structured proof,
34.209 - acts like a local ``theory'' of the current portion of Isar proof
34.210 - text, generalizes the idea of local hypotheses @{text "\<Gamma>"} in
34.211 - judgments @{text "\<Gamma> \<turnstile> \<phi>"} of natural deduction calculi. There is a
34.212 - generic notion of introducing and discharging hypotheses.
34.213 - Arbritrary auxiliary context data may be adjoined.}
34.214 -
34.215 - A proof context is a container for pure data with a back-reference
34.216 - to the theory it belongs to. The @{text "init"} operation creates a
34.217 - proof context from a given theory. Modifications to draft theories
34.218 - are propagated to the proof context as usual, but there is also an
34.219 - explicit @{text "transfer"} operation to force resynchronization
34.220 - with more substantial updates to the underlying theory. The actual
34.221 - context data does not require any special bookkeeping, thanks to the
34.222 - lack of destructive features.
34.223 -
34.224 - Entities derived in a proof context need to record inherent logical
34.225 - requirements explicitly, since there is no separate context
34.226 - identification as for theories. For example, hypotheses used in
34.227 - primitive derivations (cf.\ \secref{sec:thms}) are recorded
34.228 - separately within the sequent @{text "\<Gamma> \<turnstile> \<phi>"}, just to make double
34.229 - sure. Results could still leak into an alien proof context do to
34.230 - programming errors, but Isabelle/Isar includes some extra validity
34.231 - checks in critical positions, notably at the end of a sub-proof.
34.232 -
34.233 - Proof contexts may be manipulated arbitrarily, although the common
34.234 - discipline is to follow block structure as a mental model: a given
34.235 - context is extended consecutively, and results are exported back
34.236 - into the original context. Note that the Isar proof states model
34.237 - block-structured reasoning explicitly, using a stack of proof
34.238 - contexts internally, cf.\ \secref{sec:isar-proof-state}.
34.239 -*}
34.240 -
34.241 -text %mlref {*
34.242 - \begin{mldecls}
34.243 - @{index_ML_type Proof.context} \\
34.244 - @{index_ML ProofContext.init: "theory -> Proof.context"} \\
34.245 - @{index_ML ProofContext.theory_of: "Proof.context -> theory"} \\
34.246 - @{index_ML ProofContext.transfer: "theory -> Proof.context -> Proof.context"} \\
34.247 - \end{mldecls}
34.248 -
34.249 - \begin{description}
34.250 -
34.251 - \item @{ML_type Proof.context} represents proof contexts. Elements
34.252 - of this type are essentially pure values, with a sliding reference
34.253 - to the background theory.
34.254 -
34.255 - \item @{ML ProofContext.init}~@{text "thy"} produces a proof context
34.256 - derived from @{text "thy"}, initializing all data.
34.257 -
34.258 - \item @{ML ProofContext.theory_of}~@{text "ctxt"} selects the
34.259 - background theory from @{text "ctxt"}, dereferencing its internal
34.260 - @{ML_type theory_ref}.
34.261 -
34.262 - \item @{ML ProofContext.transfer}~@{text "thy ctxt"} promotes the
34.263 - background theory of @{text "ctxt"} to the super theory @{text
34.264 - "thy"}.
34.265 -
34.266 - \end{description}
34.267 -*}
34.268 -
34.269 -
34.270 -subsection {* Generic contexts \label{sec:generic-context} *}
34.271 -
34.272 -text {*
34.273 - A generic context is the disjoint sum of either a theory or proof
34.274 - context. Occasionally, this enables uniform treatment of generic
34.275 - context data, typically extra-logical information. Operations on
34.276 - generic contexts include the usual injections, partial selections,
34.277 - and combinators for lifting operations on either component of the
34.278 - disjoint sum.
34.279 -
34.280 - Moreover, there are total operations @{text "theory_of"} and @{text
34.281 - "proof_of"} to convert a generic context into either kind: a theory
34.282 - can always be selected from the sum, while a proof context might
34.283 - have to be constructed by an ad-hoc @{text "init"} operation.
34.284 -*}
34.285 -
34.286 -text %mlref {*
34.287 - \begin{mldecls}
34.288 - @{index_ML_type Context.generic} \\
34.289 - @{index_ML Context.theory_of: "Context.generic -> theory"} \\
34.290 - @{index_ML Context.proof_of: "Context.generic -> Proof.context"} \\
34.291 - \end{mldecls}
34.292 -
34.293 - \begin{description}
34.294 -
34.295 - \item @{ML_type Context.generic} is the direct sum of @{ML_type
34.296 - "theory"} and @{ML_type "Proof.context"}, with the datatype
34.297 - constructors @{ML "Context.Theory"} and @{ML "Context.Proof"}.
34.298 -
34.299 - \item @{ML Context.theory_of}~@{text "context"} always produces a
34.300 - theory from the generic @{text "context"}, using @{ML
34.301 - "ProofContext.theory_of"} as required.
34.302 -
34.303 - \item @{ML Context.proof_of}~@{text "context"} always produces a
34.304 - proof context from the generic @{text "context"}, using @{ML
34.305 - "ProofContext.init"} as required (note that this re-initializes the
34.306 - context data with each invocation).
34.307 -
34.308 - \end{description}
34.309 -*}
34.310 -
34.311 -
34.312 -subsection {* Context data \label{sec:context-data} *}
34.313 -
34.314 -text {*
34.315 - The main purpose of theory and proof contexts is to manage arbitrary
34.316 - data. New data types can be declared incrementally at compile time.
34.317 - There are separate declaration mechanisms for any of the three kinds
34.318 - of contexts: theory, proof, generic.
34.319 -
34.320 - \paragraph{Theory data} may refer to destructive entities, which are
34.321 - maintained in direct correspondence to the linear evolution of
34.322 - theory values, including explicit copies.\footnote{Most existing
34.323 - instances of destructive theory data are merely historical relics
34.324 - (e.g.\ the destructive theorem storage, and destructive hints for
34.325 - the Simplifier and Classical rules).} A theory data declaration
34.326 - needs to implement the following SML signature:
34.327 -
34.328 - \medskip
34.329 - \begin{tabular}{ll}
34.330 - @{text "\<type> T"} & representing type \\
34.331 - @{text "\<val> empty: T"} & empty default value \\
34.332 - @{text "\<val> copy: T \<rightarrow> T"} & refresh impure data \\
34.333 - @{text "\<val> extend: T \<rightarrow> T"} & re-initialize on import \\
34.334 - @{text "\<val> merge: T \<times> T \<rightarrow> T"} & join on import \\
34.335 - \end{tabular}
34.336 - \medskip
34.337 -
34.338 - \noindent The @{text "empty"} value acts as initial default for
34.339 - \emph{any} theory that does not declare actual data content; @{text
34.340 - "copy"} maintains persistent integrity for impure data, it is just
34.341 - the identity for pure values; @{text "extend"} is acts like a
34.342 - unitary version of @{text "merge"}, both operations should also
34.343 - include the functionality of @{text "copy"} for impure data.
34.344 -
34.345 - \paragraph{Proof context data} is purely functional. A declaration
34.346 - needs to implement the following SML signature:
34.347 -
34.348 - \medskip
34.349 - \begin{tabular}{ll}
34.350 - @{text "\<type> T"} & representing type \\
34.351 - @{text "\<val> init: theory \<rightarrow> T"} & produce initial value \\
34.352 - \end{tabular}
34.353 - \medskip
34.354 -
34.355 - \noindent The @{text "init"} operation is supposed to produce a pure
34.356 - value from the given background theory.
34.357 -
34.358 - \paragraph{Generic data} provides a hybrid interface for both theory
34.359 - and proof data. The declaration is essentially the same as for
34.360 - (pure) theory data, without @{text "copy"}. The @{text "init"}
34.361 - operation for proof contexts merely selects the current data value
34.362 - from the background theory.
34.363 -
34.364 - \bigskip A data declaration of type @{text "T"} results in the
34.365 - following interface:
34.366 -
34.367 - \medskip
34.368 - \begin{tabular}{ll}
34.369 - @{text "init: theory \<rightarrow> theory"} \\
34.370 - @{text "get: context \<rightarrow> T"} \\
34.371 - @{text "put: T \<rightarrow> context \<rightarrow> context"} \\
34.372 - @{text "map: (T \<rightarrow> T) \<rightarrow> context \<rightarrow> context"} \\
34.373 - \end{tabular}
34.374 - \medskip
34.375 -
34.376 - \noindent Here @{text "init"} is only applicable to impure theory
34.377 - data to install a fresh copy persistently (destructive update on
34.378 - uninitialized has no permanent effect). The other operations provide
34.379 - access for the particular kind of context (theory, proof, or generic
34.380 - context). Note that this is a safe interface: there is no other way
34.381 - to access the corresponding data slot of a context. By keeping
34.382 - these operations private, a component may maintain abstract values
34.383 - authentically, without other components interfering.
34.384 -*}
34.385 -
34.386 -text %mlref {*
34.387 - \begin{mldecls}
34.388 - @{index_ML_functor TheoryDataFun} \\
34.389 - @{index_ML_functor ProofDataFun} \\
34.390 - @{index_ML_functor GenericDataFun} \\
34.391 - \end{mldecls}
34.392 -
34.393 - \begin{description}
34.394 -
34.395 - \item @{ML_functor TheoryDataFun}@{text "(spec)"} declares data for
34.396 - type @{ML_type theory} according to the specification provided as
34.397 - argument structure. The resulting structure provides data init and
34.398 - access operations as described above.
34.399 -
34.400 - \item @{ML_functor ProofDataFun}@{text "(spec)"} is analogous to
34.401 - @{ML_functor TheoryDataFun} for type @{ML_type Proof.context}.
34.402 -
34.403 - \item @{ML_functor GenericDataFun}@{text "(spec)"} is analogous to
34.404 - @{ML_functor TheoryDataFun} for type @{ML_type Context.generic}.
34.405 -
34.406 - \end{description}
34.407 -*}
34.408 -
34.409 -
34.410 -section {* Names \label{sec:names} *}
34.411 -
34.412 -text {*
34.413 - In principle, a name is just a string, but there are various
34.414 - convention for encoding additional structure. For example, ``@{text
34.415 - "Foo.bar.baz"}'' is considered as a qualified name consisting of
34.416 - three basic name components. The individual constituents of a name
34.417 - may have further substructure, e.g.\ the string
34.418 - ``\verb,\,\verb,<alpha>,'' encodes as a single symbol.
34.419 -*}
34.420 -
34.421 -
34.422 -subsection {* Strings of symbols *}
34.423 -
34.424 -text {*
34.425 - \glossary{Symbol}{The smallest unit of text in Isabelle, subsumes
34.426 - plain ASCII characters as well as an infinite collection of named
34.427 - symbols (for greek, math etc.).}
34.428 -
34.429 - A \emph{symbol} constitutes the smallest textual unit in Isabelle
34.430 - --- raw characters are normally not encountered at all. Isabelle
34.431 - strings consist of a sequence of symbols, represented as a packed
34.432 - string or a list of strings. Each symbol is in itself a small
34.433 - string, which has either one of the following forms:
34.434 -
34.435 - \begin{enumerate}
34.436 -
34.437 - \item a single ASCII character ``@{text "c"}'', for example
34.438 - ``\verb,a,'',
34.439 -
34.440 - \item a regular symbol ``\verb,\,\verb,<,@{text "ident"}\verb,>,'',
34.441 - for example ``\verb,\,\verb,<alpha>,'',
34.442 -
34.443 - \item a control symbol ``\verb,\,\verb,<^,@{text "ident"}\verb,>,'',
34.444 - for example ``\verb,\,\verb,<^bold>,'',
34.445 -
34.446 - \item a raw symbol ``\verb,\,\verb,<^raw:,@{text text}\verb,>,''
34.447 - where @{text text} constists of printable characters excluding
34.448 - ``\verb,.,'' and ``\verb,>,'', for example
34.449 - ``\verb,\,\verb,<^raw:$\sum_{i = 1}^n$>,'',
34.450 -
34.451 - \item a numbered raw control symbol ``\verb,\,\verb,<^raw,@{text
34.452 - n}\verb,>, where @{text n} consists of digits, for example
34.453 - ``\verb,\,\verb,<^raw42>,''.
34.454 -
34.455 - \end{enumerate}
34.456 -
34.457 - \noindent The @{text "ident"} syntax for symbol names is @{text
34.458 - "letter (letter | digit)\<^sup>*"}, where @{text "letter =
34.459 - A..Za..z"} and @{text "digit = 0..9"}. There are infinitely many
34.460 - regular symbols and control symbols, but a fixed collection of
34.461 - standard symbols is treated specifically. For example,
34.462 - ``\verb,\,\verb,<alpha>,'' is classified as a letter, which means it
34.463 - may occur within regular Isabelle identifiers.
34.464 -
34.465 - Since the character set underlying Isabelle symbols is 7-bit ASCII
34.466 - and 8-bit characters are passed through transparently, Isabelle may
34.467 - also process Unicode/UCS data in UTF-8 encoding. Unicode provides
34.468 - its own collection of mathematical symbols, but there is no built-in
34.469 - link to the standard collection of Isabelle.
34.470 -
34.471 - \medskip Output of Isabelle symbols depends on the print mode
34.472 - (\secref{FIXME}). For example, the standard {\LaTeX} setup of the
34.473 - Isabelle document preparation system would present
34.474 - ``\verb,\,\verb,<alpha>,'' as @{text "\<alpha>"}, and
34.475 - ``\verb,\,\verb,<^bold>,\verb,\,\verb,<alpha>,'' as @{text
34.476 - "\<^bold>\<alpha>"}.
34.477 -*}
34.478 -
34.479 -text %mlref {*
34.480 - \begin{mldecls}
34.481 - @{index_ML_type "Symbol.symbol"} \\
34.482 - @{index_ML Symbol.explode: "string -> Symbol.symbol list"} \\
34.483 - @{index_ML Symbol.is_letter: "Symbol.symbol -> bool"} \\
34.484 - @{index_ML Symbol.is_digit: "Symbol.symbol -> bool"} \\
34.485 - @{index_ML Symbol.is_quasi: "Symbol.symbol -> bool"} \\
34.486 - @{index_ML Symbol.is_blank: "Symbol.symbol -> bool"} \\
34.487 - \end{mldecls}
34.488 - \begin{mldecls}
34.489 - @{index_ML_type "Symbol.sym"} \\
34.490 - @{index_ML Symbol.decode: "Symbol.symbol -> Symbol.sym"} \\
34.491 - \end{mldecls}
34.492 -
34.493 - \begin{description}
34.494 -
34.495 - \item @{ML_type "Symbol.symbol"} represents individual Isabelle
34.496 - symbols; this is an alias for @{ML_type "string"}.
34.497 -
34.498 - \item @{ML "Symbol.explode"}~@{text "str"} produces a symbol list
34.499 - from the packed form. This function supercedes @{ML
34.500 - "String.explode"} for virtually all purposes of manipulating text in
34.501 - Isabelle!
34.502 -
34.503 - \item @{ML "Symbol.is_letter"}, @{ML "Symbol.is_digit"}, @{ML
34.504 - "Symbol.is_quasi"}, @{ML "Symbol.is_blank"} classify standard
34.505 - symbols according to fixed syntactic conventions of Isabelle, cf.\
34.506 - \cite{isabelle-isar-ref}.
34.507 -
34.508 - \item @{ML_type "Symbol.sym"} is a concrete datatype that represents
34.509 - the different kinds of symbols explicitly, with constructors @{ML
34.510 - "Symbol.Char"}, @{ML "Symbol.Sym"}, @{ML "Symbol.Ctrl"}, @{ML
34.511 - "Symbol.Raw"}.
34.512 -
34.513 - \item @{ML "Symbol.decode"} converts the string representation of a
34.514 - symbol into the datatype version.
34.515 -
34.516 - \end{description}
34.517 -*}
34.518 -
34.519 -
34.520 -subsection {* Basic names \label{sec:basic-names} *}
34.521 -
34.522 -text {*
34.523 - A \emph{basic name} essentially consists of a single Isabelle
34.524 - identifier. There are conventions to mark separate classes of basic
34.525 - names, by attaching a suffix of underscores (@{text "_"}): one
34.526 - underscore means \emph{internal name}, two underscores means
34.527 - \emph{Skolem name}, three underscores means \emph{internal Skolem
34.528 - name}.
34.529 -
34.530 - For example, the basic name @{text "foo"} has the internal version
34.531 - @{text "foo_"}, with Skolem versions @{text "foo__"} and @{text
34.532 - "foo___"}, respectively.
34.533 -
34.534 - These special versions provide copies of the basic name space, apart
34.535 - from anything that normally appears in the user text. For example,
34.536 - system generated variables in Isar proof contexts are usually marked
34.537 - as internal, which prevents mysterious name references like @{text
34.538 - "xaa"} to appear in the text.
34.539 -
34.540 - \medskip Manipulating binding scopes often requires on-the-fly
34.541 - renamings. A \emph{name context} contains a collection of already
34.542 - used names. The @{text "declare"} operation adds names to the
34.543 - context.
34.544 -
34.545 - The @{text "invents"} operation derives a number of fresh names from
34.546 - a given starting point. For example, the first three names derived
34.547 - from @{text "a"} are @{text "a"}, @{text "b"}, @{text "c"}.
34.548 -
34.549 - The @{text "variants"} operation produces fresh names by
34.550 - incrementing tentative names as base-26 numbers (with digits @{text
34.551 - "a..z"}) until all clashes are resolved. For example, name @{text
34.552 - "foo"} results in variants @{text "fooa"}, @{text "foob"}, @{text
34.553 - "fooc"}, \dots, @{text "fooaa"}, @{text "fooab"} etc.; each renaming
34.554 - step picks the next unused variant from this sequence.
34.555 -*}
34.556 -
34.557 -text %mlref {*
34.558 - \begin{mldecls}
34.559 - @{index_ML Name.internal: "string -> string"} \\
34.560 - @{index_ML Name.skolem: "string -> string"} \\
34.561 - \end{mldecls}
34.562 - \begin{mldecls}
34.563 - @{index_ML_type Name.context} \\
34.564 - @{index_ML Name.context: Name.context} \\
34.565 - @{index_ML Name.declare: "string -> Name.context -> Name.context"} \\
34.566 - @{index_ML Name.invents: "Name.context -> string -> int -> string list"} \\
34.567 - @{index_ML Name.variants: "string list -> Name.context -> string list * Name.context"} \\
34.568 - \end{mldecls}
34.569 -
34.570 - \begin{description}
34.571 -
34.572 - \item @{ML Name.internal}~@{text "name"} produces an internal name
34.573 - by adding one underscore.
34.574 -
34.575 - \item @{ML Name.skolem}~@{text "name"} produces a Skolem name by
34.576 - adding two underscores.
34.577 -
34.578 - \item @{ML_type Name.context} represents the context of already used
34.579 - names; the initial value is @{ML "Name.context"}.
34.580 -
34.581 - \item @{ML Name.declare}~@{text "name"} enters a used name into the
34.582 - context.
34.583 -
34.584 - \item @{ML Name.invents}~@{text "context name n"} produces @{text
34.585 - "n"} fresh names derived from @{text "name"}.
34.586 -
34.587 - \item @{ML Name.variants}~@{text "names context"} produces fresh
34.588 - varians of @{text "names"}; the result is entered into the context.
34.589 -
34.590 - \end{description}
34.591 -*}
34.592 -
34.593 -
34.594 -subsection {* Indexed names *}
34.595 -
34.596 -text {*
34.597 - An \emph{indexed name} (or @{text "indexname"}) is a pair of a basic
34.598 - name and a natural number. This representation allows efficient
34.599 - renaming by incrementing the second component only. The canonical
34.600 - way to rename two collections of indexnames apart from each other is
34.601 - this: determine the maximum index @{text "maxidx"} of the first
34.602 - collection, then increment all indexes of the second collection by
34.603 - @{text "maxidx + 1"}; the maximum index of an empty collection is
34.604 - @{text "-1"}.
34.605 -
34.606 - Occasionally, basic names and indexed names are injected into the
34.607 - same pair type: the (improper) indexname @{text "(x, -1)"} is used
34.608 - to encode basic names.
34.609 -
34.610 - \medskip Isabelle syntax observes the following rules for
34.611 - representing an indexname @{text "(x, i)"} as a packed string:
34.612 -
34.613 - \begin{itemize}
34.614 -
34.615 - \item @{text "?x"} if @{text "x"} does not end with a digit and @{text "i = 0"},
34.616 -
34.617 - \item @{text "?xi"} if @{text "x"} does not end with a digit,
34.618 -
34.619 - \item @{text "?x.i"} otherwise.
34.620 -
34.621 - \end{itemize}
34.622 -
34.623 - Indexnames may acquire large index numbers over time. Results are
34.624 - normalized towards @{text "0"} at certain checkpoints, notably at
34.625 - the end of a proof. This works by producing variants of the
34.626 - corresponding basic name components. For example, the collection
34.627 - @{text "?x1, ?x7, ?x42"} becomes @{text "?x, ?xa, ?xb"}.
34.628 -*}
34.629 -
34.630 -text %mlref {*
34.631 - \begin{mldecls}
34.632 - @{index_ML_type indexname} \\
34.633 - \end{mldecls}
34.634 -
34.635 - \begin{description}
34.636 -
34.637 - \item @{ML_type indexname} represents indexed names. This is an
34.638 - abbreviation for @{ML_type "string * int"}. The second component is
34.639 - usually non-negative, except for situations where @{text "(x, -1)"}
34.640 - is used to embed basic names into this type.
34.641 -
34.642 - \end{description}
34.643 -*}
34.644 -
34.645 -
34.646 -subsection {* Qualified names and name spaces *}
34.647 -
34.648 -text {*
34.649 - A \emph{qualified name} consists of a non-empty sequence of basic
34.650 - name components. The packed representation uses a dot as separator,
34.651 - as in ``@{text "A.b.c"}''. The last component is called \emph{base}
34.652 - name, the remaining prefix \emph{qualifier} (which may be empty).
34.653 - The idea of qualified names is to encode nested structures by
34.654 - recording the access paths as qualifiers. For example, an item
34.655 - named ``@{text "A.b.c"}'' may be understood as a local entity @{text
34.656 - "c"}, within a local structure @{text "b"}, within a global
34.657 - structure @{text "A"}. Typically, name space hierarchies consist of
34.658 - 1--2 levels of qualification, but this need not be always so.
34.659 -
34.660 - The empty name is commonly used as an indication of unnamed
34.661 - entities, whenever this makes any sense. The basic operations on
34.662 - qualified names are smart enough to pass through such improper names
34.663 - unchanged.
34.664 -
34.665 - \medskip A @{text "naming"} policy tells how to turn a name
34.666 - specification into a fully qualified internal name (by the @{text
34.667 - "full"} operation), and how fully qualified names may be accessed
34.668 - externally. For example, the default naming policy is to prefix an
34.669 - implicit path: @{text "full x"} produces @{text "path.x"}, and the
34.670 - standard accesses for @{text "path.x"} include both @{text "x"} and
34.671 - @{text "path.x"}. Normally, the naming is implicit in the theory or
34.672 - proof context; there are separate versions of the corresponding.
34.673 -
34.674 - \medskip A @{text "name space"} manages a collection of fully
34.675 - internalized names, together with a mapping between external names
34.676 - and internal names (in both directions). The corresponding @{text
34.677 - "intern"} and @{text "extern"} operations are mostly used for
34.678 - parsing and printing only! The @{text "declare"} operation augments
34.679 - a name space according to the accesses determined by the naming
34.680 - policy.
34.681 -
34.682 - \medskip As a general principle, there is a separate name space for
34.683 - each kind of formal entity, e.g.\ logical constant, type
34.684 - constructor, type class, theorem. It is usually clear from the
34.685 - occurrence in concrete syntax (or from the scope) which kind of
34.686 - entity a name refers to. For example, the very same name @{text
34.687 - "c"} may be used uniformly for a constant, type constructor, and
34.688 - type class.
34.689 -
34.690 - There are common schemes to name theorems systematically, according
34.691 - to the name of the main logical entity involved, e.g.\ @{text
34.692 - "c.intro"} for a canonical theorem related to constant @{text "c"}.
34.693 - This technique of mapping names from one space into another requires
34.694 - some care in order to avoid conflicts. In particular, theorem names
34.695 - derived from a type constructor or type class are better suffixed in
34.696 - addition to the usual qualification, e.g.\ @{text "c_type.intro"}
34.697 - and @{text "c_class.intro"} for theorems related to type @{text "c"}
34.698 - and class @{text "c"}, respectively.
34.699 -*}
34.700 -
34.701 -text %mlref {*
34.702 - \begin{mldecls}
34.703 - @{index_ML NameSpace.base: "string -> string"} \\
34.704 - @{index_ML NameSpace.qualifier: "string -> string"} \\
34.705 - @{index_ML NameSpace.append: "string -> string -> string"} \\
34.706 - @{index_ML NameSpace.implode: "string list -> string"} \\
34.707 - @{index_ML NameSpace.explode: "string -> string list"} \\
34.708 - \end{mldecls}
34.709 - \begin{mldecls}
34.710 - @{index_ML_type NameSpace.naming} \\
34.711 - @{index_ML NameSpace.default_naming: NameSpace.naming} \\
34.712 - @{index_ML NameSpace.add_path: "string -> NameSpace.naming -> NameSpace.naming"} \\
34.713 - @{index_ML NameSpace.full_name: "NameSpace.naming -> binding -> string"} \\
34.714 - \end{mldecls}
34.715 - \begin{mldecls}
34.716 - @{index_ML_type NameSpace.T} \\
34.717 - @{index_ML NameSpace.empty: NameSpace.T} \\
34.718 - @{index_ML NameSpace.merge: "NameSpace.T * NameSpace.T -> NameSpace.T"} \\
34.719 - @{index_ML NameSpace.declare: "NameSpace.naming -> binding -> NameSpace.T -> string * NameSpace.T"} \\
34.720 - @{index_ML NameSpace.intern: "NameSpace.T -> string -> string"} \\
34.721 - @{index_ML NameSpace.extern: "NameSpace.T -> string -> string"} \\
34.722 - \end{mldecls}
34.723 -
34.724 - \begin{description}
34.725 -
34.726 - \item @{ML NameSpace.base}~@{text "name"} returns the base name of a
34.727 - qualified name.
34.728 -
34.729 - \item @{ML NameSpace.qualifier}~@{text "name"} returns the qualifier
34.730 - of a qualified name.
34.731 -
34.732 - \item @{ML NameSpace.append}~@{text "name\<^isub>1 name\<^isub>2"}
34.733 - appends two qualified names.
34.734 -
34.735 - \item @{ML NameSpace.implode}~@{text "name"} and @{ML
34.736 - NameSpace.explode}~@{text "names"} convert between the packed string
34.737 - representation and the explicit list form of qualified names.
34.738 -
34.739 - \item @{ML_type NameSpace.naming} represents the abstract concept of
34.740 - a naming policy.
34.741 -
34.742 - \item @{ML NameSpace.default_naming} is the default naming policy.
34.743 - In a theory context, this is usually augmented by a path prefix
34.744 - consisting of the theory name.
34.745 -
34.746 - \item @{ML NameSpace.add_path}~@{text "path naming"} augments the
34.747 - naming policy by extending its path component.
34.748 -
34.749 - \item @{ML NameSpace.full_name}@{text "naming binding"} turns a name
34.750 - binding (usually a basic name) into the fully qualified
34.751 - internal name, according to the given naming policy.
34.752 -
34.753 - \item @{ML_type NameSpace.T} represents name spaces.
34.754 -
34.755 - \item @{ML NameSpace.empty} and @{ML NameSpace.merge}~@{text
34.756 - "(space\<^isub>1, space\<^isub>2)"} are the canonical operations for
34.757 - maintaining name spaces according to theory data management
34.758 - (\secref{sec:context-data}).
34.759 -
34.760 - \item @{ML NameSpace.declare}~@{text "naming bindings space"} enters a
34.761 - name binding as fully qualified internal name into the name space,
34.762 - with external accesses determined by the naming policy.
34.763 -
34.764 - \item @{ML NameSpace.intern}~@{text "space name"} internalizes a
34.765 - (partially qualified) external name.
34.766 -
34.767 - This operation is mostly for parsing! Note that fully qualified
34.768 - names stemming from declarations are produced via @{ML
34.769 - "NameSpace.full_name"} and @{ML "NameSpace.declare"}
34.770 - (or their derivatives for @{ML_type theory} and
34.771 - @{ML_type Proof.context}).
34.772 -
34.773 - \item @{ML NameSpace.extern}~@{text "space name"} externalizes a
34.774 - (fully qualified) internal name.
34.775 -
34.776 - This operation is mostly for printing! Note unqualified names are
34.777 - produced via @{ML NameSpace.base}.
34.778 -
34.779 - \end{description}
34.780 -*}
34.781 -
34.782 -end
35.1 --- a/doc-src/IsarImplementation/Thy/proof.thy Mon Feb 16 20:25:21 2009 +0100
35.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
35.3 @@ -1,332 +0,0 @@
35.4 -
35.5 -(* $Id$ *)
35.6 -
35.7 -theory "proof" imports base begin
35.8 -
35.9 -chapter {* Structured proofs *}
35.10 -
35.11 -section {* Variables \label{sec:variables} *}
35.12 -
35.13 -text {*
35.14 - Any variable that is not explicitly bound by @{text "\<lambda>"}-abstraction
35.15 - is considered as ``free''. Logically, free variables act like
35.16 - outermost universal quantification at the sequent level: @{text
35.17 - "A\<^isub>1(x), \<dots>, A\<^isub>n(x) \<turnstile> B(x)"} means that the result
35.18 - holds \emph{for all} values of @{text "x"}. Free variables for
35.19 - terms (not types) can be fully internalized into the logic: @{text
35.20 - "\<turnstile> B(x)"} and @{text "\<turnstile> \<And>x. B(x)"} are interchangeable, provided
35.21 - that @{text "x"} does not occur elsewhere in the context.
35.22 - Inspecting @{text "\<turnstile> \<And>x. B(x)"} more closely, we see that inside the
35.23 - quantifier, @{text "x"} is essentially ``arbitrary, but fixed'',
35.24 - while from outside it appears as a place-holder for instantiation
35.25 - (thanks to @{text "\<And>"} elimination).
35.26 -
35.27 - The Pure logic represents the idea of variables being either inside
35.28 - or outside the current scope by providing separate syntactic
35.29 - categories for \emph{fixed variables} (e.g.\ @{text "x"}) vs.\
35.30 - \emph{schematic variables} (e.g.\ @{text "?x"}). Incidently, a
35.31 - universal result @{text "\<turnstile> \<And>x. B(x)"} has the HHF normal form @{text
35.32 - "\<turnstile> B(?x)"}, which represents its generality nicely without requiring
35.33 - an explicit quantifier. The same principle works for type
35.34 - variables: @{text "\<turnstile> B(?\<alpha>)"} represents the idea of ``@{text "\<turnstile>
35.35 - \<forall>\<alpha>. B(\<alpha>)"}'' without demanding a truly polymorphic framework.
35.36 -
35.37 - \medskip Additional care is required to treat type variables in a
35.38 - way that facilitates type-inference. In principle, term variables
35.39 - depend on type variables, which means that type variables would have
35.40 - to be declared first. For example, a raw type-theoretic framework
35.41 - would demand the context to be constructed in stages as follows:
35.42 - @{text "\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^isub>\<alpha>)"}.
35.43 -
35.44 - We allow a slightly less formalistic mode of operation: term
35.45 - variables @{text "x"} are fixed without specifying a type yet
35.46 - (essentially \emph{all} potential occurrences of some instance
35.47 - @{text "x\<^isub>\<tau>"} are fixed); the first occurrence of @{text "x"}
35.48 - within a specific term assigns its most general type, which is then
35.49 - maintained consistently in the context. The above example becomes
35.50 - @{text "\<Gamma> = x: term, \<alpha>: type, A(x\<^isub>\<alpha>)"}, where type @{text
35.51 - "\<alpha>"} is fixed \emph{after} term @{text "x"}, and the constraint
35.52 - @{text "x :: \<alpha>"} is an implicit consequence of the occurrence of
35.53 - @{text "x\<^isub>\<alpha>"} in the subsequent proposition.
35.54 -
35.55 - This twist of dependencies is also accommodated by the reverse
35.56 - operation of exporting results from a context: a type variable
35.57 - @{text "\<alpha>"} is considered fixed as long as it occurs in some fixed
35.58 - term variable of the context. For example, exporting @{text "x:
35.59 - term, \<alpha>: type \<turnstile> x\<^isub>\<alpha> = x\<^isub>\<alpha>"} produces in the first step
35.60 - @{text "x: term \<turnstile> x\<^isub>\<alpha> = x\<^isub>\<alpha>"} for fixed @{text "\<alpha>"},
35.61 - and only in the second step @{text "\<turnstile> ?x\<^isub>?\<^isub>\<alpha> =
35.62 - ?x\<^isub>?\<^isub>\<alpha>"} for schematic @{text "?x"} and @{text "?\<alpha>"}.
35.63 -
35.64 - \medskip The Isabelle/Isar proof context manages the gory details of
35.65 - term vs.\ type variables, with high-level principles for moving the
35.66 - frontier between fixed and schematic variables.
35.67 -
35.68 - The @{text "add_fixes"} operation explictly declares fixed
35.69 - variables; the @{text "declare_term"} operation absorbs a term into
35.70 - a context by fixing new type variables and adding syntactic
35.71 - constraints.
35.72 -
35.73 - The @{text "export"} operation is able to perform the main work of
35.74 - generalizing term and type variables as sketched above, assuming
35.75 - that fixing variables and terms have been declared properly.
35.76 -
35.77 - There @{text "import"} operation makes a generalized fact a genuine
35.78 - part of the context, by inventing fixed variables for the schematic
35.79 - ones. The effect can be reversed by using @{text "export"} later,
35.80 - potentially with an extended context; the result is equivalent to
35.81 - the original modulo renaming of schematic variables.
35.82 -
35.83 - The @{text "focus"} operation provides a variant of @{text "import"}
35.84 - for nested propositions (with explicit quantification): @{text
35.85 - "\<And>x\<^isub>1 \<dots> x\<^isub>n. B(x\<^isub>1, \<dots>, x\<^isub>n)"} is
35.86 - decomposed by inventing fixed variables @{text "x\<^isub>1, \<dots>,
35.87 - x\<^isub>n"} for the body.
35.88 -*}
35.89 -
35.90 -text %mlref {*
35.91 - \begin{mldecls}
35.92 - @{index_ML Variable.add_fixes: "
35.93 - string list -> Proof.context -> string list * Proof.context"} \\
35.94 - @{index_ML Variable.variant_fixes: "
35.95 - string list -> Proof.context -> string list * Proof.context"} \\
35.96 - @{index_ML Variable.declare_term: "term -> Proof.context -> Proof.context"} \\
35.97 - @{index_ML Variable.declare_constraints: "term -> Proof.context -> Proof.context"} \\
35.98 - @{index_ML Variable.export: "Proof.context -> Proof.context -> thm list -> thm list"} \\
35.99 - @{index_ML Variable.polymorphic: "Proof.context -> term list -> term list"} \\
35.100 - @{index_ML Variable.import_thms: "bool -> thm list -> Proof.context ->
35.101 - ((ctyp list * cterm list) * thm list) * Proof.context"} \\
35.102 - @{index_ML Variable.focus: "cterm -> Proof.context -> (cterm list * cterm) * Proof.context"} \\
35.103 - \end{mldecls}
35.104 -
35.105 - \begin{description}
35.106 -
35.107 - \item @{ML Variable.add_fixes}~@{text "xs ctxt"} fixes term
35.108 - variables @{text "xs"}, returning the resulting internal names. By
35.109 - default, the internal representation coincides with the external
35.110 - one, which also means that the given variables must not be fixed
35.111 - already. There is a different policy within a local proof body: the
35.112 - given names are just hints for newly invented Skolem variables.
35.113 -
35.114 - \item @{ML Variable.variant_fixes} is similar to @{ML
35.115 - Variable.add_fixes}, but always produces fresh variants of the given
35.116 - names.
35.117 -
35.118 - \item @{ML Variable.declare_term}~@{text "t ctxt"} declares term
35.119 - @{text "t"} to belong to the context. This automatically fixes new
35.120 - type variables, but not term variables. Syntactic constraints for
35.121 - type and term variables are declared uniformly, though.
35.122 -
35.123 - \item @{ML Variable.declare_constraints}~@{text "t ctxt"} declares
35.124 - syntactic constraints from term @{text "t"}, without making it part
35.125 - of the context yet.
35.126 -
35.127 - \item @{ML Variable.export}~@{text "inner outer thms"} generalizes
35.128 - fixed type and term variables in @{text "thms"} according to the
35.129 - difference of the @{text "inner"} and @{text "outer"} context,
35.130 - following the principles sketched above.
35.131 -
35.132 - \item @{ML Variable.polymorphic}~@{text "ctxt ts"} generalizes type
35.133 - variables in @{text "ts"} as far as possible, even those occurring
35.134 - in fixed term variables. The default policy of type-inference is to
35.135 - fix newly introduced type variables, which is essentially reversed
35.136 - with @{ML Variable.polymorphic}: here the given terms are detached
35.137 - from the context as far as possible.
35.138 -
35.139 - \item @{ML Variable.import_thms}~@{text "open thms ctxt"} invents fixed
35.140 - type and term variables for the schematic ones occurring in @{text
35.141 - "thms"}. The @{text "open"} flag indicates whether the fixed names
35.142 - should be accessible to the user, otherwise newly introduced names
35.143 - are marked as ``internal'' (\secref{sec:names}).
35.144 -
35.145 - \item @{ML Variable.focus}~@{text B} decomposes the outermost @{text
35.146 - "\<And>"} prefix of proposition @{text "B"}.
35.147 -
35.148 - \end{description}
35.149 -*}
35.150 -
35.151 -
35.152 -section {* Assumptions \label{sec:assumptions} *}
35.153 -
35.154 -text {*
35.155 - An \emph{assumption} is a proposition that it is postulated in the
35.156 - current context. Local conclusions may use assumptions as
35.157 - additional facts, but this imposes implicit hypotheses that weaken
35.158 - the overall statement.
35.159 -
35.160 - Assumptions are restricted to fixed non-schematic statements, i.e.\
35.161 - all generality needs to be expressed by explicit quantifiers.
35.162 - Nevertheless, the result will be in HHF normal form with outermost
35.163 - quantifiers stripped. For example, by assuming @{text "\<And>x :: \<alpha>. P
35.164 - x"} we get @{text "\<And>x :: \<alpha>. P x \<turnstile> P ?x"} for schematic @{text "?x"}
35.165 - of fixed type @{text "\<alpha>"}. Local derivations accumulate more and
35.166 - more explicit references to hypotheses: @{text "A\<^isub>1, \<dots>,
35.167 - A\<^isub>n \<turnstile> B"} where @{text "A\<^isub>1, \<dots>, A\<^isub>n"} needs to
35.168 - be covered by the assumptions of the current context.
35.169 -
35.170 - \medskip The @{text "add_assms"} operation augments the context by
35.171 - local assumptions, which are parameterized by an arbitrary @{text
35.172 - "export"} rule (see below).
35.173 -
35.174 - The @{text "export"} operation moves facts from a (larger) inner
35.175 - context into a (smaller) outer context, by discharging the
35.176 - difference of the assumptions as specified by the associated export
35.177 - rules. Note that the discharged portion is determined by the
35.178 - difference contexts, not the facts being exported! There is a
35.179 - separate flag to indicate a goal context, where the result is meant
35.180 - to refine an enclosing sub-goal of a structured proof state (cf.\
35.181 - \secref{sec:isar-proof-state}).
35.182 -
35.183 - \medskip The most basic export rule discharges assumptions directly
35.184 - by means of the @{text "\<Longrightarrow>"} introduction rule:
35.185 - \[
35.186 - \infer[(@{text "\<Longrightarrow>_intro"})]{@{text "\<Gamma> \\ A \<turnstile> A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
35.187 - \]
35.188 -
35.189 - The variant for goal refinements marks the newly introduced
35.190 - premises, which causes the canonical Isar goal refinement scheme to
35.191 - enforce unification with local premises within the goal:
35.192 - \[
35.193 - \infer[(@{text "#\<Longrightarrow>_intro"})]{@{text "\<Gamma> \\ A \<turnstile> #A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
35.194 - \]
35.195 -
35.196 - \medskip Alternative versions of assumptions may perform arbitrary
35.197 - transformations on export, as long as the corresponding portion of
35.198 - hypotheses is removed from the given facts. For example, a local
35.199 - definition works by fixing @{text "x"} and assuming @{text "x \<equiv> t"},
35.200 - with the following export rule to reverse the effect:
35.201 - \[
35.202 - \infer[(@{text "\<equiv>-expand"})]{@{text "\<Gamma> \\ x \<equiv> t \<turnstile> B t"}}{@{text "\<Gamma> \<turnstile> B x"}}
35.203 - \]
35.204 - This works, because the assumption @{text "x \<equiv> t"} was introduced in
35.205 - a context with @{text "x"} being fresh, so @{text "x"} does not
35.206 - occur in @{text "\<Gamma>"} here.
35.207 -*}
35.208 -
35.209 -text %mlref {*
35.210 - \begin{mldecls}
35.211 - @{index_ML_type Assumption.export} \\
35.212 - @{index_ML Assumption.assume: "cterm -> thm"} \\
35.213 - @{index_ML Assumption.add_assms:
35.214 - "Assumption.export ->
35.215 - cterm list -> Proof.context -> thm list * Proof.context"} \\
35.216 - @{index_ML Assumption.add_assumes: "
35.217 - cterm list -> Proof.context -> thm list * Proof.context"} \\
35.218 - @{index_ML Assumption.export: "bool -> Proof.context -> Proof.context -> thm -> thm"} \\
35.219 - \end{mldecls}
35.220 -
35.221 - \begin{description}
35.222 -
35.223 - \item @{ML_type Assumption.export} represents arbitrary export
35.224 - rules, which is any function of type @{ML_type "bool -> cterm list -> thm -> thm"},
35.225 - where the @{ML_type "bool"} indicates goal mode, and the @{ML_type
35.226 - "cterm list"} the collection of assumptions to be discharged
35.227 - simultaneously.
35.228 -
35.229 - \item @{ML Assumption.assume}~@{text "A"} turns proposition @{text
35.230 - "A"} into a raw assumption @{text "A \<turnstile> A'"}, where the conclusion
35.231 - @{text "A'"} is in HHF normal form.
35.232 -
35.233 - \item @{ML Assumption.add_assms}~@{text "r As"} augments the context
35.234 - by assumptions @{text "As"} with export rule @{text "r"}. The
35.235 - resulting facts are hypothetical theorems as produced by the raw
35.236 - @{ML Assumption.assume}.
35.237 -
35.238 - \item @{ML Assumption.add_assumes}~@{text "As"} is a special case of
35.239 - @{ML Assumption.add_assms} where the export rule performs @{text
35.240 - "\<Longrightarrow>_intro"} or @{text "#\<Longrightarrow>_intro"}, depending on goal mode.
35.241 -
35.242 - \item @{ML Assumption.export}~@{text "is_goal inner outer thm"}
35.243 - exports result @{text "thm"} from the the @{text "inner"} context
35.244 - back into the @{text "outer"} one; @{text "is_goal = true"} means
35.245 - this is a goal context. The result is in HHF normal form. Note
35.246 - that @{ML "ProofContext.export"} combines @{ML "Variable.export"}
35.247 - and @{ML "Assumption.export"} in the canonical way.
35.248 -
35.249 - \end{description}
35.250 -*}
35.251 -
35.252 -
35.253 -section {* Results \label{sec:results} *}
35.254 -
35.255 -text {*
35.256 - Local results are established by monotonic reasoning from facts
35.257 - within a context. This allows common combinations of theorems,
35.258 - e.g.\ via @{text "\<And>/\<Longrightarrow>"} elimination, resolution rules, or equational
35.259 - reasoning, see \secref{sec:thms}. Unaccounted context manipulations
35.260 - should be avoided, notably raw @{text "\<And>/\<Longrightarrow>"} introduction or ad-hoc
35.261 - references to free variables or assumptions not present in the proof
35.262 - context.
35.263 -
35.264 - \medskip The @{text "SUBPROOF"} combinator allows to structure a
35.265 - tactical proof recursively by decomposing a selected sub-goal:
35.266 - @{text "(\<And>x. A(x) \<Longrightarrow> B(x)) \<Longrightarrow> \<dots>"} is turned into @{text "B(x) \<Longrightarrow> \<dots>"}
35.267 - after fixing @{text "x"} and assuming @{text "A(x)"}. This means
35.268 - the tactic needs to solve the conclusion, but may use the premise as
35.269 - a local fact, for locally fixed variables.
35.270 -
35.271 - The @{text "prove"} operation provides an interface for structured
35.272 - backwards reasoning under program control, with some explicit sanity
35.273 - checks of the result. The goal context can be augmented by
35.274 - additional fixed variables (cf.\ \secref{sec:variables}) and
35.275 - assumptions (cf.\ \secref{sec:assumptions}), which will be available
35.276 - as local facts during the proof and discharged into implications in
35.277 - the result. Type and term variables are generalized as usual,
35.278 - according to the context.
35.279 -
35.280 - The @{text "obtain"} operation produces results by eliminating
35.281 - existing facts by means of a given tactic. This acts like a dual
35.282 - conclusion: the proof demonstrates that the context may be augmented
35.283 - by certain fixed variables and assumptions. See also
35.284 - \cite{isabelle-isar-ref} for the user-level @{text "\<OBTAIN>"} and
35.285 - @{text "\<GUESS>"} elements. Final results, which may not refer to
35.286 - the parameters in the conclusion, need to exported explicitly into
35.287 - the original context.
35.288 -*}
35.289 -
35.290 -text %mlref {*
35.291 - \begin{mldecls}
35.292 - @{index_ML SUBPROOF:
35.293 - "({context: Proof.context, schematics: ctyp list * cterm list,
35.294 - params: cterm list, asms: cterm list, concl: cterm,
35.295 - prems: thm list} -> tactic) -> Proof.context -> int -> tactic"} \\
35.296 - \end{mldecls}
35.297 - \begin{mldecls}
35.298 - @{index_ML Goal.prove: "Proof.context -> string list -> term list -> term ->
35.299 - ({prems: thm list, context: Proof.context} -> tactic) -> thm"} \\
35.300 - @{index_ML Goal.prove_multi: "Proof.context -> string list -> term list -> term list ->
35.301 - ({prems: thm list, context: Proof.context} -> tactic) -> thm list"} \\
35.302 - \end{mldecls}
35.303 - \begin{mldecls}
35.304 - @{index_ML Obtain.result: "(Proof.context -> tactic) ->
35.305 - thm list -> Proof.context -> (cterm list * thm list) * Proof.context"} \\
35.306 - \end{mldecls}
35.307 -
35.308 - \begin{description}
35.309 -
35.310 - \item @{ML SUBPROOF}~@{text "tac"} decomposes the structure of a
35.311 - particular sub-goal, producing an extended context and a reduced
35.312 - goal, which needs to be solved by the given tactic. All schematic
35.313 - parameters of the goal are imported into the context as fixed ones,
35.314 - which may not be instantiated in the sub-proof.
35.315 -
35.316 - \item @{ML Goal.prove}~@{text "ctxt xs As C tac"} states goal @{text
35.317 - "C"} in the context augmented by fixed variables @{text "xs"} and
35.318 - assumptions @{text "As"}, and applies tactic @{text "tac"} to solve
35.319 - it. The latter may depend on the local assumptions being presented
35.320 - as facts. The result is in HHF normal form.
35.321 -
35.322 - \item @{ML Goal.prove_multi} is simular to @{ML Goal.prove}, but
35.323 - states several conclusions simultaneously. The goal is encoded by
35.324 - means of Pure conjunction; @{ML Goal.conjunction_tac} will turn this
35.325 - into a collection of individual subgoals.
35.326 -
35.327 - \item @{ML Obtain.result}~@{text "tac thms ctxt"} eliminates the
35.328 - given facts using a tactic, which results in additional fixed
35.329 - variables and assumptions in the context. Final results need to be
35.330 - exported explicitly.
35.331 -
35.332 - \end{description}
35.333 -*}
35.334 -
35.335 -end
36.1 --- a/doc-src/IsarImplementation/Thy/tactic.thy Mon Feb 16 20:25:21 2009 +0100
36.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
36.3 @@ -1,420 +0,0 @@
36.4 -
36.5 -(* $Id$ *)
36.6 -
36.7 -theory tactic imports base begin
36.8 -
36.9 -chapter {* Tactical reasoning *}
36.10 -
36.11 -text {*
36.12 - Tactical reasoning works by refining the initial claim in a
36.13 - backwards fashion, until a solved form is reached. A @{text "goal"}
36.14 - consists of several subgoals that need to be solved in order to
36.15 - achieve the main statement; zero subgoals means that the proof may
36.16 - be finished. A @{text "tactic"} is a refinement operation that maps
36.17 - a goal to a lazy sequence of potential successors. A @{text
36.18 - "tactical"} is a combinator for composing tactics.
36.19 -*}
36.20 -
36.21 -
36.22 -section {* Goals \label{sec:tactical-goals} *}
36.23 -
36.24 -text {*
36.25 - Isabelle/Pure represents a goal\glossary{Tactical goal}{A theorem of
36.26 - \seeglossary{Horn Clause} form stating that a number of subgoals
36.27 - imply the main conclusion, which is marked as a protected
36.28 - proposition.} as a theorem stating that the subgoals imply the main
36.29 - goal: @{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}. The outermost goal
36.30 - structure is that of a Horn Clause\glossary{Horn Clause}{An iterated
36.31 - implication @{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}, without any
36.32 - outermost quantifiers. Strictly speaking, propositions @{text
36.33 - "A\<^sub>i"} need to be atomic in Horn Clauses, but Isabelle admits
36.34 - arbitrary substructure here (nested @{text "\<Longrightarrow>"} and @{text "\<And>"}
36.35 - connectives).}: i.e.\ an iterated implication without any
36.36 - quantifiers\footnote{Recall that outermost @{text "\<And>x. \<phi>[x]"} is
36.37 - always represented via schematic variables in the body: @{text
36.38 - "\<phi>[?x]"}. These variables may get instantiated during the course of
36.39 - reasoning.}. For @{text "n = 0"} a goal is called ``solved''.
36.40 -
36.41 - The structure of each subgoal @{text "A\<^sub>i"} is that of a general
36.42 - Hereditary Harrop Formula @{text "\<And>x\<^sub>1 \<dots> \<And>x\<^sub>k. H\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> H\<^sub>m \<Longrightarrow> B"} in
36.43 - normal form. Here @{text "x\<^sub>1, \<dots>, x\<^sub>k"} are goal parameters, i.e.\
36.44 - arbitrary-but-fixed entities of certain types, and @{text "H\<^sub>1, \<dots>,
36.45 - H\<^sub>m"} are goal hypotheses, i.e.\ facts that may be assumed locally.
36.46 - Together, this forms the goal context of the conclusion @{text B} to
36.47 - be established. The goal hypotheses may be again arbitrary
36.48 - Hereditary Harrop Formulas, although the level of nesting rarely
36.49 - exceeds 1--2 in practice.
36.50 -
36.51 - The main conclusion @{text C} is internally marked as a protected
36.52 - proposition\glossary{Protected proposition}{An arbitrarily
36.53 - structured proposition @{text "C"} which is forced to appear as
36.54 - atomic by wrapping it into a propositional identity operator;
36.55 - notation @{text "#C"}. Protecting a proposition prevents basic
36.56 - inferences from entering into that structure for the time being.},
36.57 - which is represented explicitly by the notation @{text "#C"}. This
36.58 - ensures that the decomposition into subgoals and main conclusion is
36.59 - well-defined for arbitrarily structured claims.
36.60 -
36.61 - \medskip Basic goal management is performed via the following
36.62 - Isabelle/Pure rules:
36.63 -
36.64 - \[
36.65 - \infer[@{text "(init)"}]{@{text "C \<Longrightarrow> #C"}}{} \qquad
36.66 - \infer[@{text "(finish)"}]{@{text "C"}}{@{text "#C"}}
36.67 - \]
36.68 -
36.69 - \medskip The following low-level variants admit general reasoning
36.70 - with protected propositions:
36.71 -
36.72 - \[
36.73 - \infer[@{text "(protect)"}]{@{text "#C"}}{@{text "C"}} \qquad
36.74 - \infer[@{text "(conclude)"}]{@{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> C"}}{@{text "A\<^sub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^sub>n \<Longrightarrow> #C"}}
36.75 - \]
36.76 -*}
36.77 -
36.78 -text %mlref {*
36.79 - \begin{mldecls}
36.80 - @{index_ML Goal.init: "cterm -> thm"} \\
36.81 - @{index_ML Goal.finish: "thm -> thm"} \\
36.82 - @{index_ML Goal.protect: "thm -> thm"} \\
36.83 - @{index_ML Goal.conclude: "thm -> thm"} \\
36.84 - \end{mldecls}
36.85 -
36.86 - \begin{description}
36.87 -
36.88 - \item @{ML "Goal.init"}~@{text C} initializes a tactical goal from
36.89 - the well-formed proposition @{text C}.
36.90 -
36.91 - \item @{ML "Goal.finish"}~@{text "thm"} checks whether theorem
36.92 - @{text "thm"} is a solved goal (no subgoals), and concludes the
36.93 - result by removing the goal protection.
36.94 -
36.95 - \item @{ML "Goal.protect"}~@{text "thm"} protects the full statement
36.96 - of theorem @{text "thm"}.
36.97 -
36.98 - \item @{ML "Goal.conclude"}~@{text "thm"} removes the goal
36.99 - protection, even if there are pending subgoals.
36.100 -
36.101 - \end{description}
36.102 -*}
36.103 -
36.104 -
36.105 -section {* Tactics *}
36.106 -
36.107 -text {* A @{text "tactic"} is a function @{text "goal \<rightarrow> goal\<^sup>*\<^sup>*"} that
36.108 - maps a given goal state (represented as a theorem, cf.\
36.109 - \secref{sec:tactical-goals}) to a lazy sequence of potential
36.110 - successor states. The underlying sequence implementation is lazy
36.111 - both in head and tail, and is purely functional in \emph{not}
36.112 - supporting memoing.\footnote{The lack of memoing and the strict
36.113 - nature of SML requires some care when working with low-level
36.114 - sequence operations, to avoid duplicate or premature evaluation of
36.115 - results.}
36.116 -
36.117 - An \emph{empty result sequence} means that the tactic has failed: in
36.118 - a compound tactic expressions other tactics might be tried instead,
36.119 - or the whole refinement step might fail outright, producing a
36.120 - toplevel error message. When implementing tactics from scratch, one
36.121 - should take care to observe the basic protocol of mapping regular
36.122 - error conditions to an empty result; only serious faults should
36.123 - emerge as exceptions.
36.124 -
36.125 - By enumerating \emph{multiple results}, a tactic can easily express
36.126 - the potential outcome of an internal search process. There are also
36.127 - combinators for building proof tools that involve search
36.128 - systematically, see also \secref{sec:tacticals}.
36.129 -
36.130 - \medskip As explained in \secref{sec:tactical-goals}, a goal state
36.131 - essentially consists of a list of subgoals that imply the main goal
36.132 - (conclusion). Tactics may operate on all subgoals or on a
36.133 - particularly specified subgoal, but must not change the main
36.134 - conclusion (apart from instantiating schematic goal variables).
36.135 -
36.136 - Tactics with explicit \emph{subgoal addressing} are of the form
36.137 - @{text "int \<rightarrow> tactic"} and may be applied to a particular subgoal
36.138 - (counting from 1). If the subgoal number is out of range, the
36.139 - tactic should fail with an empty result sequence, but must not raise
36.140 - an exception!
36.141 -
36.142 - Operating on a particular subgoal means to replace it by an interval
36.143 - of zero or more subgoals in the same place; other subgoals must not
36.144 - be affected, apart from instantiating schematic variables ranging
36.145 - over the whole goal state.
36.146 -
36.147 - A common pattern of composing tactics with subgoal addressing is to
36.148 - try the first one, and then the second one only if the subgoal has
36.149 - not been solved yet. Special care is required here to avoid bumping
36.150 - into unrelated subgoals that happen to come after the original
36.151 - subgoal. Assuming that there is only a single initial subgoal is a
36.152 - very common error when implementing tactics!
36.153 -
36.154 - Tactics with internal subgoal addressing should expose the subgoal
36.155 - index as @{text "int"} argument in full generality; a hardwired
36.156 - subgoal 1 inappropriate.
36.157 -
36.158 - \medskip The main well-formedness conditions for proper tactics are
36.159 - summarized as follows.
36.160 -
36.161 - \begin{itemize}
36.162 -
36.163 - \item General tactic failure is indicated by an empty result, only
36.164 - serious faults may produce an exception.
36.165 -
36.166 - \item The main conclusion must not be changed, apart from
36.167 - instantiating schematic variables.
36.168 -
36.169 - \item A tactic operates either uniformly on all subgoals, or
36.170 - specifically on a selected subgoal (without bumping into unrelated
36.171 - subgoals).
36.172 -
36.173 - \item Range errors in subgoal addressing produce an empty result.
36.174 -
36.175 - \end{itemize}
36.176 -
36.177 - Some of these conditions are checked by higher-level goal
36.178 - infrastructure (\secref{sec:results}); others are not checked
36.179 - explicitly, and violating them merely results in ill-behaved tactics
36.180 - experienced by the user (e.g.\ tactics that insist in being
36.181 - applicable only to singleton goals, or disallow composition with
36.182 - basic tacticals).
36.183 -*}
36.184 -
36.185 -text %mlref {*
36.186 - \begin{mldecls}
36.187 - @{index_ML_type tactic: "thm -> thm Seq.seq"} \\
36.188 - @{index_ML no_tac: tactic} \\
36.189 - @{index_ML all_tac: tactic} \\
36.190 - @{index_ML print_tac: "string -> tactic"} \\[1ex]
36.191 - @{index_ML PRIMITIVE: "(thm -> thm) -> tactic"} \\[1ex]
36.192 - @{index_ML SUBGOAL: "(term * int -> tactic) -> int -> tactic"} \\
36.193 - @{index_ML CSUBGOAL: "(cterm * int -> tactic) -> int -> tactic"} \\
36.194 - \end{mldecls}
36.195 -
36.196 - \begin{description}
36.197 -
36.198 - \item @{ML_type tactic} represents tactics. The well-formedness
36.199 - conditions described above need to be observed. See also @{"file"
36.200 - "~~/src/Pure/General/seq.ML"} for the underlying implementation of
36.201 - lazy sequences.
36.202 -
36.203 - \item @{ML_type "int -> tactic"} represents tactics with explicit
36.204 - subgoal addressing, with well-formedness conditions as described
36.205 - above.
36.206 -
36.207 - \item @{ML no_tac} is a tactic that always fails, returning the
36.208 - empty sequence.
36.209 -
36.210 - \item @{ML all_tac} is a tactic that always succeeds, returning a
36.211 - singleton sequence with unchanged goal state.
36.212 -
36.213 - \item @{ML print_tac}~@{text "message"} is like @{ML all_tac}, but
36.214 - prints a message together with the goal state on the tracing
36.215 - channel.
36.216 -
36.217 - \item @{ML PRIMITIVE}~@{text rule} turns a primitive inference rule
36.218 - into a tactic with unique result. Exception @{ML THM} is considered
36.219 - a regular tactic failure and produces an empty result; other
36.220 - exceptions are passed through.
36.221 -
36.222 - \item @{ML SUBGOAL}~@{text "(fn (subgoal, i) => tactic)"} is the
36.223 - most basic form to produce a tactic with subgoal addressing. The
36.224 - given abstraction over the subgoal term and subgoal number allows to
36.225 - peek at the relevant information of the full goal state. The
36.226 - subgoal range is checked as required above.
36.227 -
36.228 - \item @{ML CSUBGOAL} is similar to @{ML SUBGOAL}, but passes the
36.229 - subgoal as @{ML_type cterm} instead of raw @{ML_type term}. This
36.230 - avoids expensive re-certification in situations where the subgoal is
36.231 - used directly for primitive inferences.
36.232 -
36.233 - \end{description}
36.234 -*}
36.235 -
36.236 -
36.237 -subsection {* Resolution and assumption tactics \label{sec:resolve-assume-tac} *}
36.238 -
36.239 -text {* \emph{Resolution} is the most basic mechanism for refining a
36.240 - subgoal using a theorem as object-level rule.
36.241 - \emph{Elim-resolution} is particularly suited for elimination rules:
36.242 - it resolves with a rule, proves its first premise by assumption, and
36.243 - finally deletes that assumption from any new subgoals.
36.244 - \emph{Destruct-resolution} is like elim-resolution, but the given
36.245 - destruction rules are first turned into canonical elimination
36.246 - format. \emph{Forward-resolution} is like destruct-resolution, but
36.247 - without deleting the selected assumption. The @{text "r/e/d/f"}
36.248 - naming convention is maintained for several different kinds of
36.249 - resolution rules and tactics.
36.250 -
36.251 - Assumption tactics close a subgoal by unifying some of its premises
36.252 - against its conclusion.
36.253 -
36.254 - \medskip All the tactics in this section operate on a subgoal
36.255 - designated by a positive integer. Other subgoals might be affected
36.256 - indirectly, due to instantiation of schematic variables.
36.257 -
36.258 - There are various sources of non-determinism, the tactic result
36.259 - sequence enumerates all possibilities of the following choices (if
36.260 - applicable):
36.261 -
36.262 - \begin{enumerate}
36.263 -
36.264 - \item selecting one of the rules given as argument to the tactic;
36.265 -
36.266 - \item selecting a subgoal premise to eliminate, unifying it against
36.267 - the first premise of the rule;
36.268 -
36.269 - \item unifying the conclusion of the subgoal to the conclusion of
36.270 - the rule.
36.271 -
36.272 - \end{enumerate}
36.273 -
36.274 - Recall that higher-order unification may produce multiple results
36.275 - that are enumerated here.
36.276 -*}
36.277 -
36.278 -text %mlref {*
36.279 - \begin{mldecls}
36.280 - @{index_ML resolve_tac: "thm list -> int -> tactic"} \\
36.281 - @{index_ML eresolve_tac: "thm list -> int -> tactic"} \\
36.282 - @{index_ML dresolve_tac: "thm list -> int -> tactic"} \\
36.283 - @{index_ML forward_tac: "thm list -> int -> tactic"} \\[1ex]
36.284 - @{index_ML assume_tac: "int -> tactic"} \\
36.285 - @{index_ML eq_assume_tac: "int -> tactic"} \\[1ex]
36.286 - @{index_ML match_tac: "thm list -> int -> tactic"} \\
36.287 - @{index_ML ematch_tac: "thm list -> int -> tactic"} \\
36.288 - @{index_ML dmatch_tac: "thm list -> int -> tactic"} \\
36.289 - \end{mldecls}
36.290 -
36.291 - \begin{description}
36.292 -
36.293 - \item @{ML resolve_tac}~@{text "thms i"} refines the goal state
36.294 - using the given theorems, which should normally be introduction
36.295 - rules. The tactic resolves a rule's conclusion with subgoal @{text
36.296 - i}, replacing it by the corresponding versions of the rule's
36.297 - premises.
36.298 -
36.299 - \item @{ML eresolve_tac}~@{text "thms i"} performs elim-resolution
36.300 - with the given theorems, which should normally be elimination rules.
36.301 -
36.302 - \item @{ML dresolve_tac}~@{text "thms i"} performs
36.303 - destruct-resolution with the given theorems, which should normally
36.304 - be destruction rules. This replaces an assumption by the result of
36.305 - applying one of the rules.
36.306 -
36.307 - \item @{ML forward_tac} is like @{ML dresolve_tac} except that the
36.308 - selected assumption is not deleted. It applies a rule to an
36.309 - assumption, adding the result as a new assumption.
36.310 -
36.311 - \item @{ML assume_tac}~@{text i} attempts to solve subgoal @{text i}
36.312 - by assumption (modulo higher-order unification).
36.313 -
36.314 - \item @{ML eq_assume_tac} is similar to @{ML assume_tac}, but checks
36.315 - only for immediate @{text "\<alpha>"}-convertibility instead of using
36.316 - unification. It succeeds (with a unique next state) if one of the
36.317 - assumptions is equal to the subgoal's conclusion. Since it does not
36.318 - instantiate variables, it cannot make other subgoals unprovable.
36.319 -
36.320 - \item @{ML match_tac}, @{ML ematch_tac}, and @{ML dmatch_tac} are
36.321 - similar to @{ML resolve_tac}, @{ML eresolve_tac}, and @{ML
36.322 - dresolve_tac}, respectively, but do not instantiate schematic
36.323 - variables in the goal state.
36.324 -
36.325 - Flexible subgoals are not updated at will, but are left alone.
36.326 - Strictly speaking, matching means to treat the unknowns in the goal
36.327 - state as constants; these tactics merely discard unifiers that would
36.328 - update the goal state.
36.329 -
36.330 - \end{description}
36.331 -*}
36.332 -
36.333 -
36.334 -subsection {* Explicit instantiation within a subgoal context *}
36.335 -
36.336 -text {* The main resolution tactics (\secref{sec:resolve-assume-tac})
36.337 - use higher-order unification, which works well in many practical
36.338 - situations despite its daunting theoretical properties.
36.339 - Nonetheless, there are important problem classes where unguided
36.340 - higher-order unification is not so useful. This typically involves
36.341 - rules like universal elimination, existential introduction, or
36.342 - equational substitution. Here the unification problem involves
36.343 - fully flexible @{text "?P ?x"} schemes, which are hard to manage
36.344 - without further hints.
36.345 -
36.346 - By providing a (small) rigid term for @{text "?x"} explicitly, the
36.347 - remaining unification problem is to assign a (large) term to @{text
36.348 - "?P"}, according to the shape of the given subgoal. This is
36.349 - sufficiently well-behaved in most practical situations.
36.350 -
36.351 - \medskip Isabelle provides separate versions of the standard @{text
36.352 - "r/e/d/f"} resolution tactics that allow to provide explicit
36.353 - instantiations of unknowns of the given rule, wrt.\ terms that refer
36.354 - to the implicit context of the selected subgoal.
36.355 -
36.356 - An instantiation consists of a list of pairs of the form @{text
36.357 - "(?x, t)"}, where @{text ?x} is a schematic variable occurring in
36.358 - the given rule, and @{text t} is a term from the current proof
36.359 - context, augmented by the local goal parameters of the selected
36.360 - subgoal; cf.\ the @{text "focus"} operation described in
36.361 - \secref{sec:variables}.
36.362 -
36.363 - Entering the syntactic context of a subgoal is a brittle operation,
36.364 - because its exact form is somewhat accidental, and the choice of
36.365 - bound variable names depends on the presence of other local and
36.366 - global names. Explicit renaming of subgoal parameters prior to
36.367 - explicit instantiation might help to achieve a bit more robustness.
36.368 -
36.369 - Type instantiations may be given as well, via pairs like @{text
36.370 - "(?'a, \<tau>)"}. Type instantiations are distinguished from term
36.371 - instantiations by the syntactic form of the schematic variable.
36.372 - Types are instantiated before terms are. Since term instantiation
36.373 - already performs type-inference as expected, explicit type
36.374 - instantiations are seldom necessary.
36.375 -*}
36.376 -
36.377 -text %mlref {*
36.378 - \begin{mldecls}
36.379 - @{index_ML res_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
36.380 - @{index_ML eres_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
36.381 - @{index_ML dres_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\
36.382 - @{index_ML forw_inst_tac: "Proof.context -> (indexname * string) list -> thm -> int -> tactic"} \\[1ex]
36.383 - @{index_ML rename_tac: "string list -> int -> tactic"} \\
36.384 - \end{mldecls}
36.385 -
36.386 - \begin{description}
36.387 -
36.388 - \item @{ML res_inst_tac}~@{text "ctxt insts thm i"} instantiates the
36.389 - rule @{text thm} with the instantiations @{text insts}, as described
36.390 - above, and then performs resolution on subgoal @{text i}.
36.391 -
36.392 - \item @{ML eres_inst_tac} is like @{ML res_inst_tac}, but performs
36.393 - elim-resolution.
36.394 -
36.395 - \item @{ML dres_inst_tac} is like @{ML res_inst_tac}, but performs
36.396 - destruct-resolution.
36.397 -
36.398 - \item @{ML forw_inst_tac} is like @{ML dres_inst_tac} except that
36.399 - the selected assumption is not deleted.
36.400 -
36.401 - \item @{ML rename_tac}~@{text "names i"} renames the innermost
36.402 - parameters of subgoal @{text i} according to the provided @{text
36.403 - names} (which need to be distinct indentifiers).
36.404 -
36.405 - \end{description}
36.406 -*}
36.407 -
36.408 -
36.409 -section {* Tacticals \label{sec:tacticals} *}
36.410 -
36.411 -text {*
36.412 -
36.413 -FIXME
36.414 -
36.415 -\glossary{Tactical}{A functional combinator for building up complex
36.416 -tactics from simpler ones. Typical tactical perform sequential
36.417 -composition, disjunction (choice), iteration, or goal addressing.
36.418 -Various search strategies may be expressed via tacticals.}
36.419 -
36.420 -*}
36.421 -
36.422 -end
36.423 -
37.1 --- a/doc-src/IsarImplementation/implementation.tex Mon Feb 16 20:25:21 2009 +0100
37.2 +++ b/doc-src/IsarImplementation/implementation.tex Mon Feb 16 20:47:44 2009 +0100
37.3 @@ -1,6 +1,3 @@
37.4 -
37.5 -%% $Id$
37.6 -
37.7 \documentclass[12pt,a4paper,fleqn]{report}
37.8 \usepackage{latexsym,graphicx}
37.9 \usepackage[refpage]{nomencl}
37.10 @@ -71,14 +68,13 @@
37.11 \listoffigures
37.12 \clearfirst
37.13
37.14 -%\input{intro.tex}
37.15 -\input{Thy/document/prelim.tex}
37.16 -\input{Thy/document/logic.tex}
37.17 -\input{Thy/document/tactic.tex}
37.18 -\input{Thy/document/proof.tex}
37.19 -\input{Thy/document/isar.tex}
37.20 -\input{Thy/document/locale.tex}
37.21 -\input{Thy/document/integration.tex}
37.22 +\input{Thy/document/Prelim.tex}
37.23 +\input{Thy/document/Logic.tex}
37.24 +\input{Thy/document/Tactic.tex}
37.25 +\input{Thy/document/Proof.tex}
37.26 +\input{Thy/document/Isar.tex}
37.27 +\input{Thy/document/Local_Theory.tex}
37.28 +\input{Thy/document/Integration.tex}
37.29
37.30 \appendix
37.31 \input{Thy/document/ML.tex}
38.1 --- a/doc-src/IsarImplementation/intro.tex Mon Feb 16 20:25:21 2009 +0100
38.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
38.3 @@ -1,13 +0,0 @@
38.4 -
38.5 -%% $Id$
38.6 -
38.7 -\chapter{Introduction}
38.8 -
38.9 -FIXME
38.10 -
38.11 -\nocite{Wenzel-PhD}
38.12 -
38.13 -%%% Local Variables:
38.14 -%%% mode: latex
38.15 -%%% TeX-master: "implementation"
38.16 -%%% End: